Cyclades® ACS Advanced Console Server
Contents
1. From the shell prompt on your terminal enter the following command CLI 2 From the cli prompt enter the following cli gt config network hostsettings ipmode dualstack This will enable both IPv4 and IPv6 network addressing Or cli config network hostsettings ipmode ipv6 This will enable IPv6 network addressing only To set IPv6 specific configurations From the cli prompt enter the following cli config network hostsetings ipv6 Follow the parameters in Table 2 2 for the rest of the configuration Table 2 2 IPv6 Specific Configurations IPv6 Specific Level 1 IPv6 Specific Level 2 Description dhcp6 Selects the options for the information that will be retrieved from the DHCPV6 server none No further data will be retrieved from the server dns The DNS server IP address will be retrieved from the server domain The domain path will be retrieved from the server dns domain The DNS server IP address and the domain path will be retrieved from the server Chapter 2 Network Configuration 13 Table 2 2 IPv6 Specific Configurations Continued IPv6 Specific Level 1 IPv6 Specific Level 2 Description ipv6method Selects the way IPV6 addresses will be configured or obtained stateless only IPv6 local address will be dynamically obtained from an IPv6 Router in the local network this method is to be used only if the two others are not available local I2. Using opiepasswd from the console The following information displays when you execute the opiepasswd command from the console with a c option The system prompts you to enter a new secret pass phrase and proceeds to 64 Cyclades ACS Advanced Console Server Command Reference Guide generate default OPIE sequence number 499 and a key from the first two letters of the hostname kv a pseudo random number 6178 and a password comprised of six words In the following example 499 KV6178 is the OPIE key and the password is COMB YANK BARD SLOT AS USER opiepasswd c peter Adding peter Only use this method from the console NEVER from remote If you are using telnet xterm or a dial in type C now or exit with no password Then run opiepasswd without the c parameter Using MD5 to compute responses Enter new secret pass phrase peters passphrase Again new secret pass phrase peters passphrase ID peter OTP key is 499 KV6178 COMB YANK BARD SLOT AS USER Using opiepasswd from remote When you execute the opiepasswd command securely from a remote system you need an OTP generator calculator to obtain the OTP password This initial sequence and its password is used to generate the hash number stored in the OTP database Contact your system administrator to obtain an OTP calculator f opiepasswd john Adding john You need the response from an OTP generator New secret pass phrase otp md5 499 KV3881
3. cli config administration bootconfig parameter value Table B 2 CLI Boot Configuration Parameters Parameter Value Description boottype bootp both tftp To set the network boot type bootunit network To set from where the unit boots consolespeed 115200 19200 38400 4800 57600 9600 To configure the console speed ethernetip ethernetip ethernetmode Assign a temporary IP address to the Ethernet interface ethernetmode 100F 100H 10F 10H auto To set an Ethernet mode filename filename Add a filename of the image on the tftp server flashtest full skip Enable or disable the Flash test maxevents numbers Set maximum number of Ethernet events handled at once ramtest full guick skip Select a type of ram test tftpserver n n n n Set the IP address of the tftpserver wat off on Enable or disable watch dog timer 2 Activate and save your configuration CLI administration parameters The administration section of the CLI interface is divided into three parts e Session management e Backup configuration e Firmware upgrade 156 Cyclades ACS Advanced Console Server Command Reference Guide Session Management cli administration sessions parameter value Table B 3 CLI Session Management Parameters Parameter Value Description Kill Serial Port To cancel a connection to the serial port n Number 1 1024 Llst Li
4. os build number 3735 os build number os product Windows Server 2003 Enterprise Editions os product os service pack Nonec os service pack machine info INSTANCE lt BP gt XML monitoring parameters in pslave conf Some parameters need to be configured in the etc portslave pslave conf to monitor XML data For instance for ttyS1 configure the following parameter sl xml_monitor 1 When the xml monitor is set cy_buffering searches for xml packets from the serial port When a complete xml packet is received cy_buffering sends it to syslog ng In syslog ng conf the following filters are available to filter the xml messages Appendices 137 filter f windows bluescreen facility local conf DB facility and level info nd match XML MONITOR and match BLUESCREEN and filter f windows boot facility local conf DB facility and level info and match XML MONITOR and not match BLUESCREEN and match machine info Once the desired message is filtered define which actions we would like to take Syslog ng creates macros that may give easy access for the administrators to access the xml information If the administrator uses these macros syslog ng replaces the macros by the data received in the xml packet Table A 5 shows the macros that are available when filter f windows bluescre
5. 160 Cyclades ACS Advanced Console Server Command Reference Guide Appendix D The vi Editor To edit a file using the vi editor vi file name The vi editor is a three state line editor with command line and editing modes If in doubt as to which mode you are in press the Esc key which brings you to the command mode Table D 1 vi Modes Mode Purpose How to execute Command mode To navigate within an open file Press the Esc key Editing mode To edit text See Table D 2 and Table D 3 for a list of editing commands Line mode To open save and do other file From the command mode type colon manipulations Use the following keys to navigate to a part of the file you need to edit Table D 2 vi Navigation Commands TV P UUUQgEEUESV Command Description h Moves the cursor to the left left arrow j Moves the cursor to the next line down arrow k Moves the cursor to the previous line up arrow Moves the cursor to the right right arrow Use the following commands to modify the text Commands i and o enforce an edit mode Press Esc to return to the command mode Table D 3 vi File Modification Commands Command Description i Inserts text before the cursor position everything to the right o
6. Appendices 135 Table A 3 Elements in the lt channel switch gt Tag Continued FEE EER N OLI m n C ULL UC NONE CI RENE EE EE N NE Ur EE EE EE Element Description lt name gt Is the system name of the active channel For the GUI mode Setup tool they are the filenames where the data is written Debug Log setuplog txt Error Log setuperr log Action Log setupact log For Windows Server they are SAC SAC CMD Cmdnnnn where nnnn indicates the corresponding channel number type Is the type of data being emitted on the active channel Currently there are two types of data supported Rawforthe 3 GUI Mode Setup channels VT UTF8 for the SAC and CMD channels A sample encoding of the SAC channel tag follows lt channel switch gt lt name gt SAC lt name gt lt description gt Special Administration Console lt description gt type VT UTF8 type guid laee4cc0 cff3 11d6 9a3d 806e6f6e6963 guid application type 63d02270 8aa4 11d5 bccf 806d6172696f application type lt channel switch gt A sample encoding of the CMD channel tag follows lt channel switch gt lt name gt Cmd0001 lt name gt lt description gt Command Prompt lt description gt type VT UTF8 type guid 970438d1 125bb 11d7 8a92 505054503030 guid lt application type gt 63d02271 8aa4 11d5 bccf 00b0d014a2d0 lt application type gt lt channel switch gt A sample encoding of the GUI mo
7. Table 2 22 ICMP Extensions ICMP extension Description icmp type typename This allows specification of the ICMP type which may be a numeric ICMP type or one of the ICMP type names shown by the command iptables p icmp h Multiport extension This module matches a set of source or destination ports Up to 15 ports may be specified It may only be used in conjunction with m tcp or m udp Table 2 23 Multiport Extensions Multiport extension Description source port port port Match if the source port is one of the given ports destination port port port Match if the destination port is one of the given ports Chapter 2 Network Configuration 41 Table 2 23 Multiport Extensions Continued DEERE EE EE EE EE GEESTE III III II EE EE BE Ba Multiport extension Description port port port Match if the both the source and destination port are equal to each other and to one of the given ports Target extensions Iptables may use extended target modules The following are included in the standard distribution LOG extensions Turn on kernel logging of matching packets When this option is set for a rule the Linux kernel prints some information on all matching packets like most IP header fields via the kernel log Table 2 24 LOG Extensions LOG extension Description log level level Level of logging numeric or see syslog conf 5 log prefix prefix Prefix log messages w
8. The Cyclades ACS console server provides features for out of band management through the configuration of terminal ports A TS profile allows a terminal user to access a server on the network The terminal may be either a dumb terminal or a terminal emulation program running on a workstation Figure 4 3 displays an example of a TS profile Descriptions follow in Table 4 12 Chapter 4 Accessing Connected Devices 81 i31 Figure 4 3 Example of TS Configuration Profile Table 4 12 Example of TS Configuration Profile Descriptions Item Description Item Description 1 Terminals on Serial Port dumb terminal or 5 Ethernet Hub or Switch workstation running terminal application 2 Cyclades ACS Console Server 6 Ethernet Router 3 Power Cable 7 Remote Servers 4 Ethernet CAT 5 Cable To test a TS configuration Create a new user in the local database f adduser username passwd username Create a new test user and password on the server 3 From the console ping the server to make sure it is reachable 82 Cyclades ACS Advanced Console Server Command Reference Guide Confirm that terminal communication parameters are set to the same as the Cyclades ACS console server The Cyclades ACS console server default communication parameters are at 9600 bps 8N1 Log in to the server with the newly created username and password From a terminal connected to the Cyclades ACS console server log in to the server usi
9. k pid Kill the given process lt pid gt Lower the priority of a process to the lowest possible lock Lock access to Command Prompt channels You must provide valid logon credentials to unlock a channel m lt pid gt lt MB allow gt Limit the memory usage of a process to lt MB allow gt p Causes t list command output to pause after displaying one full screen of information r pid Raise the priority of a process by one S Display the current time and date 24 hour clock used mm dd yyyy hh mm Set the current time and date 24 hour clock used t Tlist crashdump Crash the system Crash dump must be enabled restart Restart the system immediately shutdown Shut down the system immediately Intelligent Plattorm Management Interface IPMI IPMI is a service level protocol and implementation that provides intelligent management to servers IPMI allows server control and monitoring by means of an always on chip located on the server s motherboard called the Baseboard Management Controller BMC that may respond to IPMI commands out of band The Cyclades ACS advanced console server has an implementation of IPMI over LAN which allows the console server to control power on servers and also to obtain sensor readings such as CPU temperature or fan speed The IPMI support in the Cyclades ACS console server extends its functionality so the console server may be used to control power to
10. 12h west GMT The following are examples of configuring timezones cli config administration timezone custom acronym PDT cli config runconfig cli config savetoflash cli config administration timezone standard 08h west GMT cli config runconfig cli config savetoflash cli config administration timezone custom dst on dstacronym PDT dststartday Mar 2nd Sun dstendday Nov lst Sun cli config runconfig cli config savetoflash Network Time Protocol NTP The ntpclient is a Network Time Protocol client for UNIX and Linux based systems In order for the Cyclades ACS console server to work as an NTP client the IP address of the NTP server must be configured To configure an NTP server Execute the following command to configure the NTP server IP address cli config administration ntp NTP server IP address 2 Activate and save your configuration 102 Cyclades ACS Advanced Console Server Command Reference Guide NOTE To deactivate the NTP service you need to configure date by issuing the following command cli config administration date time date lt mm dd yyyy gt Session Sniffing When multiple sessions are allowed for one serial port the behavior of the Cyclades ACS console server is as follows e The first user to connect to the port opens a common session e From the second connection onwards only admin users are allowed to connect to that port The Cyclades ACS console server o
11. ACS advanced console server command line interface CLI may be used for administration and maintenance of the Cyclades ACS console server CLI is comprised of a set of keywords nested in a hierarchy format CLI allows the Cyclades ACS console server administrator to perform the same configuration tasks available through the Web Manager Interface WMI In addition it allows executing the frequently performed configuration tasks saved in text files in batch mode or through shell scripts Understanding the CLI Utility The CLI utility is built on a set of commands that are nested in a hierarchical format Some commands require parameters that are user defined For example network configuration tasks include network hostsetting and hostname commands nested in the following format cli config network hostsettings hostname parameter Commands used to configure or change a set of parameters cli config security adduser username john password john12 admin yes shell bin sh Commands may also specify a function or an action to be performed For example cli config runconfig cli config savetoflash Accessing the CLI The CLI may be accessed in any of the following three methods e By local logins through the console port Local Cyclades ACS console server root users may access the command line by logging in through the console port using a terminal or a server running a terminal emulation program e By remote logins using SSH
12. Ctrl k Clear the text from the cursor to the end of the line 6 Cyclades ACS Advanced Console Server Command Reference Guide Table 1 5 Text Modification Keys Continued HEESE KERN ROCHE NEUES ss Keyboard Keys Description Ctrl u Clear backward from the cursor to the beginning of the current line Ctrl w Delete the word behind point Esc d Clear from the cursor to the end of the current word or if between words to the end of the next word Esc Tab Displays the current parameter of the command entered You may edit the value For example To display the current value for domain and edit it cli gt config network hostsettings hostsettings gt domain press lt Esc gt lt Tab gt hostsettings gt domain avocent com CLI Global commands The CLI global commands may be entered at any level of the CLI hierarchy Table 1 6 CLI Global Commands Command Description quit Ends the CLI session return Goes up one level in the CLI hierarchy info Displays the help information available for the current level in the hierarchy When combined with a command name supported at the current level the applicable information or parameter is displayed show Displays the configuration parameter s When combined with a command name supported at the current level the applicable information or parameter is displayed CLI command arguments Command arguments are used when CLI is invoked in the command line
13. alias for specific allocation pool_alias pool 1 alias for the pool Serial port pool pool 2 s3 s3 s3 s3 s3 s4 s4 s4 s4 s4 s4 s4 s4 tty ttys3 protocol socket ssh S3 pool socket port 4000 TCP port for the pool S34 pool ipno 10 2 0 1 IP address for the pool S3s pool alias pool 2 alias for the pool tty ttys4 protocol socket ssh Socket port 7004 TCP port for specific allocation pool socket port 4000 TCP port for the pool ipno 10 0 0 4 IP address for specific allocation pool ipno 10 2 0 1 IP address for the pool alias serial 4 alias for specific allocation pool alias pool 2 alias for the pool Socket port 7003 TCP port for specific allocation ipno 10 0 0 3 IP address for specific allocation alias serial 3 alias for specific allocation Appendices 147 Billing The Cyclades ACS console server family of products may be used as an intermediate buffer to collect serial data like billing tickets from a PBX making them available for a posterior file transfer Different ports may have simultaneous billing sessions NOTE Billing is supported only on ACS Advanced Console Servers running firmware version 3 2 x or earlier General feature description The Cyclades ACS console server reads the serial port and saves the information to Ramdisk files which is limited to the maximum number of records per file After the files are closed they
14. mobile phone number m lt messag max size 160 characters NV u username to login on sms server p port sms default 6701 server IP address or name The following example sends a page to phone number 123 Pager server at 10 0 0 1 with the message carrying the current date the hostname of the Cyclades ACS console server and the message received from the source destination d pager pipe dev cyc alarm template sendsms d 123 m V FULLDATE HOST MSGV 10 0 0 1 um Sending an snmptrap destination ident pipe dev cyc alarm template snmptrap lt pars gt where lt ident gt uniquely identify the destination The parameters are e pars v 1 e snmptrapd IP address gt e c public community e VV enterprise oid VY agent hostname e trap number 2 Link Down 3 Link Up 4 Authentication Failure 94 Cyclades ACS Advanced Console Server Command Reference Guide e 0 specific trap e VY host uptime e 1 3 6 1 2 1 22 1 2 1 interfaces iftable ifentry ifdescr 1 e s the type of the next field it is a string e V message max size 250 characters V The following example sends a Link Down trap to a server at 10 0 0 1 with message carrying the current date the hostname Cyclades ACS console server and the message received from the source destination d trap pipe dev cyc alarm template snmptrap v 1 c public 10 0 0 1 public 2 0
15. nsswitch conf To use NIS to authenticate users change the lines in etc nsswitch conf that reference passwd shadow and group The etc nsswitch conf file has the following format database service lt actions gt lt service gt Table 3 5 nsswitch conf Parameters Parameter Description database available aliases ethers group hosts netgroup network passwd protocols publickey rpc services and shadow service available nis use NIS version 2 dns use Domain Name Service and files use the local files actions Has this format lt status gt lt action gt status SUCCESS NOTFOUND UNAVAIL or TRYAGAIN action return or continue SUCCESS No error occurred and the desired entry is returned The default action for this status is return NOTFOUND The lookup process works fine but the needed value was not found The default action for this status is continue UNAVAIL The service is permanently unavailable TRYAGAIN The service is temporarily unavailable The following examples illustrate the use of NIS to authenticate users Authenticate the user in the local database if the user is not found then use NIS passwd files nis shadow files nis group files nis Authenticate the user using NIS if the user is not found then use the local database passwd nis files shadow nis files group nis files Authenticate the user using
16. server u domain user p password baud baud_rate port communications_port id line_number Table A 1 EMS Configuration Parameters and Switches Parameter and Switches Description EDIT Allows changes to port and baud rate settings by changing the redirect COMx setting in the bootloader section The value of COMx is set to the value of the port OFF Disables output to a remote server Removes the redirect switch from the specified line number and the redirect comX setting from the boot loader section ON Enables remote output for the specified line number Adds a redirect switch to the specified line number and a redirect comX setting to the boot loader section The value of comX is set by the port ems Enables the user to add or change the settings for redirection of the EMS console to a remote server By enabling EMS you add a redirect Port line to the boot loader section of the BOOT INI file and a redirect switch to the specified operating system entry line The EMS feature is enabled only on servers 132 Cyclades ACS Advanced Console Server Command Reference Guide Table A 1 EMS Configuration Parameters and Switches Continued BEE EER ON NE ER N N NN N EE OE N N EN ONE NEE NONE LL uu EE EN UE eu NE Ee MEL LLL eg Parameter and Switches Description baud rate Specifies the baud rate to be used for redirection Do not use if remotely administered output is being disabled Vali
17. 29 Redirect Target ue REPERI 43 Table 2 30 Routing Table Parameters eese Ge GR GR Re Se ee ee ee Ge dd Table 2 31 Static Routes Parameters and Values se se Se Se Se ee ee ee Ge Ge ee ee 45 Table 3 1 Cyclades ACS Console Server Serial Port and General Authentication Methods 48 Table 3 2 Authentication Servers Parameters eese eese eee 49 Table 3 3 User Access Parameters eee eti tee eer e ae iret 50 Table 3 4 NIS Client Requirements eese eee nennen nennen nennen ee en eene by Table 3 5 nsswitch conf Parameters e et see i ad e tere ERGE ESE GE DE ae dd 53 Table 3 6 LDAP Authentication Parameters eese eene teen nennen nenne 27 Table 3 7 Parameters for Specifying User Authorization on a TACACS Server s 59 Table 3 8 TACACS Configuration Parameters eese eene nennen ene 60 Table 3 9 Radius Configuration Parameters eee esee ener 61 Table 3 10 OTP Database Location Options eese een eene rennen 63 Table 3 11 Required Information for the OpenSSL Package serene 66 Table 3 12 X 509 Certificate Parameters eee essent ener nennen 68 Table 4 1 Connection Profiles and Protocols esee ene ene 71 Table 4 2 Serial Port General Configuration Parameters eene 72 Table 4 3 Other Serial Port Configuration Parameters eese 73 Table
18. Configure the event notif conf file to monitor DCD status The following example displays generating syslog messages if the DCD signal changes its state 9 2 10 22 4 Savethe configuration saveconf Notifications and Alarms Chapter 5 Administration 97 System notifications allow an administrator to manage servers by filtering the messages generated from a server s console port It helps with sending email or pager notifications based on the server s message content Configuring alarm notification cli config administration notifications parameter value Table 5 8 System Notifications Parameters scc g maa EE N UM cancel Parameter Level1 Parameter Level2 Value Description addemail trigger string Sends a message to the configured email address if the defined string appears add Email from to subject body smtpserver smtpport cancel addpager trigger string Sends a message to the configured pager if the defined string appears add Pager number string smsport number smsserver string smsusername string text string 98 Cyclades ACS Advanced Console Server Command Reference Guide Table 5 8 System Notifications Parameters Continued Parameter Level1 Parameter Level2 Value Description addsnmptrap trigger string Sends a SNMP trap to th
19. Cyclades IPDU appliance Configure and synchronize the new password in the IPDU appliance with the password stored in the Cyclades ACS console server cli gt config applications pmdconfig general cyclades password lt new password gt Activate your configuration changes cli gt config runconfig Execute the following command to check if all Cyclades IPDU appliances are detected pmCommand listipdus 128 Cyclades ACS Advanced Console Server Command Reference Guide IPDU Firmware Upgrade You may upgrade the firmware of a single or multiple daisy chained IPDU power management appliances connected to a serial port of the Cyclades ACS console server NOTE The firmware upgrade is available for Avocent PM PDUS and for Cyclades PM IPDUs To upgrade IPDU firmware From http www avocent com Click Resources Updates and Documentation 2 From the Updates section click Cyclades PM Intelligent Power Distribution Unit for Cyclades PM IPDU or click PM2000 PM3000 Rack PDUs for Avocent PM PDU The web page will show a firmware list 3 Click the firmware link It is recommended that you download the new firmware to a tmp directory since files in this directory are deleted during the boot process NOTE It is recommended that you run md5sum on the file after you download it and compare the md5sum output with the contents of the firmware md5 file on the avocent web site to ensure that the firmware file you downloaded was not corrupted C
20. Cycle Chapter 6 Power Management 127 To manage other outlets Perform the following procedures if you need to access other outlets 1 2 Type 8 to select Status to view the outlets you are authorized to manage Type 10 to select Other and select the outlet you want to manage You should have authorization to the manage the outlets entered IPDU password Although you may not be required to change an IPDU password you can perform the following procedure to change a password if needed To change an IPDU password 1 10 11 Change the connection protocol of the serial port where the IPDU appliance is connected cli gt config physicalports lt port number gt general protocol consoletelnet Activate your configuration changes cli gt config runconfig Exit the CLI utility and from the command prompt telnet to the Cyclades ACS console server serial port where the IPDU appliance is connected telnet localhost lt TCP Port gt Log in to the IPDU appliance with the current username and password The default value for the Avocent PM PDU and Cyclades IPDU is admin pm8 At the pm prompt change the IPDU appliance password and save the new password pm gt passwd lt new password gt pm gt save Press Cirl to quit the Telnet session Invoke the CLI utility and change the connection protocol to power management cli gt config physicalports lt port number gt general protocol pm Repeat steps 1 7 for each
21. Description default none Used when there is no matching routing table gateway IPv4 nnn nnn nnn nnn or Gateway IP address IPv6 slPv6 address up to eight sets of four hexadecimal characters separated by colons XXXX XXXxX 2000 XXXX host IPv4 nnn nnn nnn nnn or Route to a single host IPv6 slPv6 address up to eight sets of four hexadecimal characters separated by colons XXXX XXXX 2000 XXXX interface string Specify the network card that the packets come through metric number The number of routers that packets must pass through to reach the intended network netip IPv4 nnn nnn nnn nnn Route to a network IPv6 IPv6 address prefix length netmask nnn nnn nnn nnn Subnet mask IPv4 parameter only Use the following command to delete a route cli config network stroutes delete routenum route number To configure static routes example 1 Add the default gateway 192 168 0 1 cli config network stroutes add default gateway 192 168 0 1 2 Activate and save your configuration 46 Cyclades ACS Advanced Console Server Command Reference Guide 47 BEE Security This chapter describes the procedures for configuring authentication service s that the Cyclades ACS console server and its connected devices use Authentication is the process by which the system or more specifically an authentication service such as Kerberos LDAP or TACACS verifie
22. ICMPv6 type such a packet does not match any rules which specify them When the argument precedes the f flag the rule only matches head fragments or unfragmented packets C set counters PKTS BYTES This enables the administrater to initialize the packet and byte counters of a rule during INSERT APPEND REPLACE operations v verbose Verbose output This option makes the list command show the interface address the rule options if any and the TOS masks The packet and byte counters are also listed with the suffix K M or G for 1000 1 000 000 and 1 000 000 000 multipliers respectively see the x flag to change this For appending insertion deletion and replacement this causes detailed information on the rule or rules to be printed n numeric Numeric output IP addresses and port numbers are printed in numeric format By default the program tries to display them as host names network names or service when applicable Chapter 2 Network Configuration 39 Table 2 19 iptables Rules Specifications Continued LIINC MEME NE EEE N N N EN N NEE ER a a Parameter Description X exact Expand numbers Display the exact value of the packet and byte counters instead of only the rounded number in K s multiples of 1000 M s multiples of 1000K or G s multiples of 1000M This option is specific to the L command line numbers When listing rules add line numbers to the beginning of each rule corre
23. IDE Media Cards eie EERS re terere IH ER Y cantina ERES A SS 22 Supported file SSyStems ER deb p ee pt t d re E Ry E PERDE UE Debs 22 iv Cyclades ACS Advanced Console Server Command Reference Guide Dial out application using CDMA or GSM GPRS esses eee eere ene 24 VPN Bernie C EE EE EE EE OE 29 Ti EE dea ipae t et USt EE de ede EE OR 30 Bondi uiae anoo nen ie qmi de ap 32 PD CM P ES 33 TEP EE EE AE EK N EE RU 34 Firewall Configuration IP Filtering eese ener enne nhe nennen nennen 34 Str ct re of the iptables 4 ee EE ee t EE N N 34 EER KEER EE EE e ai OE OR EE 39 Multiport extension eiit oe aede deer ie edet OER EE EE ies 40 Target extensions s aste eg eR RR ERE Ue RUN bei Ue ER 4I St tic HER de Re EROR reae RE 44 Chapter 3 Security issii eeina KA KA EE Ke AE RA AE ese KG stent ate sana RAE ata ER Be Ke asta ta de 47 Security Profiles cireni o EE OER ER RE OE EE EE 47 Authentication eo ee N EE Debe Ree ge er RE oa 47 User access toserial DOSEER Se ER te edo bete ette tette iis 50 NIS Clienti i EE OE AE VRBE o Re 51 NIS Client Configuration pe rin eere ear ei e ir des 52 Rd AA tete o quee P HU Hr EE EE OE N 53 Kerberos Authentication EO EE OE EE EO eb OR OE ORN 54 Kerberos server authentication with tickets support eene 54 Configuring the Cyclades ACS console server to use Kerberos tickets authent
24. MY_WIN_SERVER lt guid gt GUID that uniquely identifies this server If 4c4c4544 8e00 4410 8045 no such value is available all 0 s GUID 80c04f4c4c20 string is used lt processor architecture gt Processor architecture It may be either x86 x86 or IA64 lt os version gt Windows version 5 2 lt os build number gt Numeric string that identifies a successive 3763 Windows Build lt os product gt Which Windows Server product It may be Windows Server 2003 Datacenter Edition Windows Server 2003 Embedded Windows Server 2003 Enterprise Edition or Windows Server 2003 Windows Server 2003 lt os service pack gt Alphanumeric string that identifies the most up to date service pack installed If none installed the string is None None lt tty gt Cyclades ACS console server serial port tty or alias name S2 server_connected_to_serial2 An example on how to use the macros In the following example the Cyclades ACS console server sends an email to the administrator whenever a crash happens The email should have the information about the reason of the crash Appendices 139 machine name and windows version information The following entry should be created in syslog ng conf destination win2003mail pipe dev cyc alarm template sendmail t administrator cyclades com f acs s RUE Server name crashed m Break Point S lt INSTANCE CLASSNAME S PROPERTY NAMI lt VALUE gt
25. NIS if the user is not found or the NIS server is down use the local database 54 Cyclades ACS Advanced Console Server Command Reference Guide passwd nis UNAVAIL continue TRYAGAIN continue files shadow nis UNAVAIL continue TRYAGAIN continue files group nis UNAVAIL continue TRYAGAIN continue files Kerberos Authentication Kerberos is a network authentication protocol designed for use on unsecured networks based on the key distribution model It allows individuals communicating over a network to prove their identity to each other while preventing eavesdropping or replay attacks It provides detection of modification and prevention of unauthorized reading Kerberos server authentication with tickets support The Cyclades ACS console server has support to interact on a kerberized network On a kerberized network the Kerberos database contains principals and keys for users keys are derived from passwords The Kerberos database also contains keys for all of the network services When a user on a kerberized network logs in to the workstation the principal is sent to the Key Distribution Center KDC as a request for a Ticket Granting Ticket TGT This request may be sent by the login program so that it is transparent to the user or may be sent by the kinit program after the user logs in The KDC checks for the principal in its database If the principal is found the KDC creates a TGT encrypts it using the user s key and s
26. Range 7033 7048 3 Cyclades ACS Console Server Master 7 Management Workstation Ethernet LAN IP 20 20 20 3 IP Address 20 20 20 10 4 Servers on Serial Ports 8 Remote Management Workstation TCP Port Address Range 7001 7016 To configure clustering Chapter 5 Administration 115 1 Execute the following commands to configure slave Cyclades ACS console servers Refer to Table 5 17 for configuration parameters cli config virtualports addslave slave ip address cli Slave slave ip address gt parameter value 2 Activate and save your configuration Table 5 17 Clustering Configuration Parameters Parameter Value Description numports list Set the total number of ports of the slave unit firstlocalportnum lt number 17 1024 gt This parameter act as the numbering continuation in the slave If the master unit has 16 ports the first port of the slave unit is the first local port number which in this case is port 17 localip n n n n To set the IP address of the slave firstlocaltcpport lt number gt This parameter act as the numbering continuation in the slave If the master unit has 16 ports the TCP ports numbers are 7001 7016 In this case the first TCP port number for the slave unit is 7017 firstremotetcpport number The first TCP port number in the master unit In this case is 7001 protocol ssh telnet Protocol used to access the ports Use the f
27. Server lt name gt OS lt os product gt Build os build number Version lt os version gt Service Pack lt os service pack gt Processor S lt processor architecture gt Server GUID lt guid gt ACS port lt tty gt NV h mail cyclades com E ll V The following entry activates the win2003mail action when the f windows bluescreen filter is successful source src unix stream dev log log source src filter f windows bluescreen destination win2003mail Server commands The following are the commands that may be sent to the server Table A 7 Server Commands Command Set Description ch Channel management commands ch ci lt gt Close a channel by its number cmd Create a Command Prompt channel ch si lt gt Switch to another channel from Channel 0 d Dump the current kernel log f Toggles the information output by the t list command which shows processes only or shows processes and threads i List all IP network numbers and their IP addresses i lt gt ip subnet Set network interface number IP address subnet and gateway gateway Cyclades ACS Advanced Console Server Command Reference Guide Table A 7 Server Commands Continued HEESE MEE EN N EEN y e N i N N ri OM EE LLL LLLULLC CLIZII Command Set Description id Display the server identification information
28. User access to serial ports To add groups and users Enter the following command to create user groups and add members if required cli config security addgroup groupname group name usernames name 1 name 2 name nl 2 Enterthe following command to create users with administrative rights or limited access adduser user name admin yes no password password shell shell comments comments Table 3 3 User Access Parameters Parameter Level1 Parameter Level2 Value Description addgroup groupname group name Add group and user members to usernames list of user names manage access to connected servers Separated by commas delgroup groupname lt groupname gt Delete group adduser admin yes no Enable or disable administrative privileges comments lt comments gt password lt password gt shell lt shell gt Specify user access to the Linux shell CLI or none username lt user name gt Add user deluser username lt user name gt Delete user Table 3 3 User Access Parameters Continued Chapter 3 Security 51 Parameter Level1 Parameter Level2 Value Description loadkey url url Using scp get the user s public key username username from the local database of the Cyclades ACS console server url syntax user host pathname passwd newpassword lt password gt Change the user password username lt user name gt T
29. a PC card as a second Ethernet port Bonding enables redundancy for the Ethernet devices using the standard Ethernet interface as the primary mode of access and one PC card as a secondary mode of access When bonding is enabled both the Ethernet port and the PC cards are configured with the same IP address and the same MAC address So the PC card interface automatically takes the place of the standard Ethernet interface if any conditions prevent access to the Cyclades ACS console server through the primary Ethernet port When the standard interface regains functionality it automatically assumes its role as the primary interface and all connection sessions are resumed with no interruption Chapter 2 Network Configuration 33 To configure bonding 1 Enable disable bonding cli config network hostsettings bonding enabled no yes 2 Configure the interval in milliseconds to verify if the primary interface is still active bonding miimon positive integer value 3 Configure the time in milliseconds that the system waits to reactivate the primary interface after it has been detected as up bonding updelay positive integer value 4 Optionally confirm values bonding show 5 Activate and save your configuration Check the bonding configuration from the Linux shell ifconfig After the failover is enabled the bonded Ethernet interfaces are referred to as bondO The eth0 and eth represent the two physical interfa
30. address p Display TCP port P Use TCP port instead of IP address i Display Local IP assigned to the serial port s Show the ports in a sorted order u lt name gt Username to be used in SSH Telnet command Always ask for a username e char Escape character used by Telnet or SSH 76 Cyclades ACS Advanced Console Server Command Reference Guide To close the session from ts menu local 1 Enter the escape character shown when you connect to the port In character text mode the Escape character is Ctrl 2 Console escape commands are displayed Table 4 7 Console Escape Commands LI EE EE EE EE EE EE Command Description go to line mode c go to character mode Z suspend telnet b send break t toggle binary e exit telnet 3 Press e to exit from the session and return to the original menu 4 Select the exit option to return to the shell prompt To close the session from ts_menu Telnet SSH Unless a different escape character is used for closing your Telnet SSH session you may close your entire Telnet session To specify a different character connect to your unit and use the e option For example to set Ctrl as the escape character type telnet e 192 168 160 10 ssh e user1 192 168 160 10 To exit from an entire Telnet session type the escape character For a SSH session type the escape character plus dot NOTE To close an SSH se
31. appropriate to the target timezone For states countries or regions that do not observe daylight saving time the dst parameter must be set to off even if other regions in the target timezone do observe the daylight saving time change In rare occurrences or under special circumstances a region or country might require that a customized daylight saving time be used Such circumstances might require a temporary or permanent change of date for the beginning and ending of daylight time or a time offset greater or less than the usual one hour Instructions follow for customizing the daylight saving time parameters Enter the following command to set the date and time For configuration parameters see Table 5 9 Cyclades ACS Advanced Console Server Command Reference Guide Cli config administration date time parameter value Table 5 9 Date and Time Configuration Parameters Parameter Value date lt mm dd yy gt time hh mm ss Enter the following command to set the timezone For configuration parameters see Table 5 10 cli config administration timezone parameter value Table 5 10 Timezone Configuration Parameters ACHENCUN CEUDONTCTUUN HE OK y A G a Parameter Parameter Level Level2 Value Description Custom Zonelabel Timezone name May be any custom name you choose such as London ChicagoOffice or Sydney or may be a numerical value acronym Timezone acronym The abbrevi
32. configure TCP keepalive 1 Configure the pool interval in milliseconds cli config physicalports all other tcpkeepalive number 2 Activate and save your configuration Firewall Configuration IP Filtering IP filtering consist of blocking the passage of IP packets based on rules defined in the characteristics of the packets such as the contents of the IP header the input output interface or the protocol This feature is used mainly in firewall applications which filter the packets that could crack the network system or generate unnecessary traffic Network Address Translation NAT allows the IP packets to be translated from local network to global network and vice versa This feature is particularly useful when there is demand for more IP addresses in the local network than available as global IP addresses In the Cyclades ACS console server this feature is used mainly for clustering one master console server works as the interface between the global network and the slave console servers NOTE The NAT table is not used with IPv6 The Cyclades ACS console server uses the Linux utility iptables to set up maintain and inspect both the filter and the NAT tables of IP packet rules in the Linux kernel Besides filtering or translating packets the iptables utility is able to count the packets which match a rule and to create logs for specific rules Structure of the iptables The iptables are structured in three levels table cha
33. current process 86 Cyclades ACS Advanced Console Server Command Reference Guide The Process Table The process table displays which processes are running Type ps a to see a table similar to the following Table 5 1 Process Table PID UID VmSize State Command 1 root 592 S sbin inetd 31 root 928 S sbin inetd 32 root 584 S sbin cy ras 36 root 1148 S sbin cy wdt led wat led 154 root 808 R ps a To restart the cy ras process use its process ID or execute the following command runconf This executes the ps command searches for the cy ras process id then sends the signal hup to the process all in one step Never kill cy ras with the signals 9 or SIGKILL Start and Stop Services This feature enables or disables services without rebooting the Cyclades ACS console server Syntax daemon sh h help stop restart service id where service id may be any choice of EVTGEN NIS RPC DB NET LOG SSH NTP SNMP IPSEC PMD LP WEB GDF LOGPIPE ADSAP2 The daemon sh may be executed in two ways 1 Without parameters in the command line It checks the configuration files of the service and restart or stop it if needed 2 Itperforms the requested action stop restart in the list of services given in the command line regardless of any configuration changes The following example restarts power management and data buffering services and it stops SSH and network timer c
34. delete alias Remove an IPMI device authtype mda Add an authentication method md5 none password password lt password gt Assign a password to access the device privilege admin Assign a user access level operator user serverip lt n n n n gt IP address of the device username lt name gt Username to access the device key lt character gt The hotkey used to access the IPMI NOTE The default IPMI hotkey is l where stands for the Ctrl key on the keyboard The hexadecimal code for the Ctrl I default IPMI hotkey is the same as the keyboard s Tab key You may choose to change the default using this parameter server lt alias gt The name of the IPMI device 3 Activate and save your configuration 144 Cyclades ACS Advanced Console Server Command Reference Guide Line printer daemon This feature implements the UNIX Line Printer Daemon LPD in the Cyclades ACS console server and may be used with local serial printers It enables the Cyclades ACS console server to receive network print requests and service them using locally attached serial printers To configure the Ipd Setup the serial port where the serial printer is connected 2 Edit the etc portslave pslave conf file and set the protocol of the serial port to Ipd s2 protocol lpd 3 Create the printer definition Edit the etc printcap file and configure the printer The spool directory is created automatically by cy_ras process Example comment prim
35. e EE N 66 DEEG isdem E RES EUER tede RE KERE EE EE 67 Syslog Messages isi ee bee ue deed Mee E Ie e ee eee eee e teet iet te 96 DCD ON OFF Syslog Messages reete mie leyes tuves et Feste evo teva bees de besede os 96 Notifications and Al rms ii ee e ttr e ES UR EER 97 Dual Power Management eese esee eee Ge aR ee ee Se Se entrent nennen ee tee 99 Date and Time Timezone and Daylight Saving se se ee ee Ge ee ee Ge RR GR Se ee ee ee 99 Daylight Saving Time DST Eseg ees SS se egg ee bg Ag GE eg RS KEER GER WE ese DANK Seg Ee RE Be ig See egg 99 Network Time Protocol NTP o 4 acd hte nid RD t bat dh eiii 101 Session Sr ffing EE canoe ores geo OE HI RR OER OG be 102 ER Ad EE EE EA EE OE RE EE HE 103 ii EE RE EE EE aR EE EEA E EEEE 104 Linear vs Cincislar Dufferin EE OR OE De 104 MenW Shell uae eee en gei e ede dee E ed ee teo 105 Terminal Appearan e s severi eet Nt e N EE N eee epe OE 108 SUDO Configuration GrOup timete rrr in ire eire es 109 Saveconf and Restoreconf 42 in OE EE OE EE ERR 109 Sayeconf utllity 2 eee EE EE e tee ER db dedit hte 109 Restoreconf utility cede e eet e E ee Rd eh Ill 9 1 MR EE EE EE EE OE ER EO E 112 Clustering Using Ethernet Interface eese GR Se Ge ee ee ee ee ee RA Ge ee ee ee 114 Chapter 6 Power Management Rae ee Ke AR KEER EE RA AR RARR ER nenne nnne nnne nnns nnna Ee ann 117 Power Management Protocol uie etes tete es
36. fully qualified domain name FQDN preceded by For example hostname xyz com leftip lt IP_address gt The IPv4 or IPv6 address of the host rightip leftnexthop IP address The IPv4 or IPv6 address of the router through which the rightnexthop Cyclades ACS console server on the left side or the remote host on the right side sends packets to a host on a network leftrsakey string You need to generate a public key for the Cyclades ACS rightrsakey console server and find out the key used on the remote gateway You may use copy and paste to enter the key in the RSA Key field leftsubnet n n n n n The netmask of the subnetwork where the host resides rightsubnet NOTE Use CIDR notation The IP number followed by a slash and the number of one bits in the binary notation of the netmask For example 192 168 0 0 24 indicates an IP address where the first 24 bits are used as the network address This is the same as 255 255 255 0 Secret string Pre shared password between left and right users SNMP Simple Network Management Protocol SNMP works by sending messages called protocol data units PDUs to different parts of a network SNMP compliant devices called agents store data about themselves in Management Information Bases MIBs and return this data to the SNMP requesters The Cyclades ACS console server uses the net snmp package see http www net snmp org for more information Chapter 2 Network Configur
37. le r glement sur le brouillage radio lectrique edict par le Minist re des Communications du Canada Cyclades ACS Advanced Console Server Command Reference Guide Avocent the Avocent logo The Power of Being There DSView and Cyclades are registered trademarks of Avocent Corporation or its affiliates in the U S and other countries All other marks are the property of their respective owners 2009 Avocent Corporation All rights reserved 590 664 501E gbommE Instructions This symbol is intended to alert the user to the presence of important operating and maintenance servicing instructions in the literature accompanying the appliance Dangerous Voltage This symbol is intended to alert the user to the presence of uninsulated dangerous voltage within the product s enclosure that may be of sufficient magnitude to constitute a risk of electric shock to persons Power On This symbol indicates the principal on off switch is in the on position Power Off This symbol indicates the principal on off switch is in the off position Protective Grounding Terminal This symbol indicates a terminal which must be connected to earth ground prior to making any other connections to the equipment TABLE OF CONTENTS OF CONTENTS List OE FIQUEBS oa KRANE EA EO EA AE EO EN vii UU ix Chapter 1 Using the Command Line Interface cessere 1 OVO V
38. login log source sysl filter f root destination d maill destination d pager e To send messages with facility kernel and received messages from syslog clients local and remote to remote syslogd log source sysl source s udp filter f kern destination d udpl To use syslog ng configuration with syslog buffering feature This configuration example uses the syslog buffering feature and sends messages to the remote syslogd 10 0 0 1 1 In etc portslave pslave conf file configure the syslog buffering parameters conf DB_facility 1 all syslog_buffering 100 2 Add the following lines to etc syslog ng syslog ng conf file local syslog clients source sre unix stream dev log destination d_buffering udp 10 0 0 1 filter f buffering facility locall and level notice send only syslog buffering messages to remote server log source src filter f buffering destination d buffering To configure Syslog ng with multiple remote syslog servers 1 Configure syslog facility number to receive messages The remote syslog server filters receive messages according to this parameter cli config network syslog facility lt local0 local7 gt Configure the server s IP address where syslog messages are sent Repeat this step to add additional remote servers cli gt config network syslog add server lt ip address gt Activate and save your configuration 96 C
39. n n n LDAP server IP address or name secureldap yes no To use secure LDAP 58 Cyclades ACS Advanced Console Server Command Reference Guide Group Authorization This feature enables the group information retrieval from the authentication servers TACACS RADIUS and LDAP It adds another layer of security by adding a network based authorization It retrieves the group information from the authentication server and performs an authorization through the Cyclades ACS console server TACACS authorization on serial ports By enabling the raccess parameter administrators implement an additional level of security checking After each user is successfully authenticated through the standard login procedure the Cyclades ACS console server uses TACACS to authorize user access to specific serial ports By default the raccess parameter is disabled When enabled users are denied access unless they have the proper authorization which must be set on the TACACS server itself To configure TACACS authorization on serial ports Enable raccess authorization parameter cli config security authentication tacplusraccess yes no 2 Configure serial ports for user or group access cli config physicalports all or range list 1 xx access users groups list of users or group names separated by commas 3 Activate and save your configuration To configure a TACACS authentication server On the server add raccess service to th
40. new routes by executing the following commands runconf saveconf Check the routes by issuing the following command route n VPN Configuration You can set up VPN connections to establish an encrypted communication between the Cyclades ACS console server and a host on a remote network The encryption creates a security tunnel for dedicated communications To set up a security gateway you should install IPSec The ESP and AH authentication protocols and RSA Public Keys and Shared Secret are supported To configure VPN 1 Execute the following command to enable IPSec cli config security profile custom ipsec yes 2 Configure VPN parameters see Table 2 15 cli config network vpn parameter value 3 Activate and save your configuration 30 Cyclades ACS Advanced Console Server Command Reference Guide Table 2 15 VPN Parameters Parameter Value Description add connection name gt A name to identify the connection authmethod lt rsapubkey sharesecret gt Authentication method used Either RSA Public Key or Shared Secret authprotocol lt ahlesp gt Authentication protocol used Either Encapsulating Security Payload ESP or Authentication Header AH bootaction lt addlignore start gt The boot action configured for the host leftid hostname xyz com This is the hostname that a local system and a remote rightid system use for IPSec negotiation and authentication It may be a
41. number 5 8 gt To configure number of bits per character dcdstate disregard regard To enable or disable Data Carrier Detect DCD flow hard none soft To set the flow control parity even none odd To configure parity pmsessions none To select a connection method to PM IPDU through the serial ssh port in order to execute pm commands ssh_telent telnet protocol bidirectionaltelnet To configure the serial ports connection protocol See consoleraw Connection Profiles and Protocols for a description of each consolessh connection profile consoletelnet consoletelnetssh cslip local pm ppp pppnoauth rawsocket slip sshv1 sshv2 telnet speed lt baud rate gt To configure the serial port speed stopbits lt number 1 2 gt To configure the number of stop bits Chapter 4 Accessing Connected Devices 73 To configure other configuration parameters 1 Execute the following command for one or multiple serial ports Refer to Table 4 3 for configuration parameters cli config physicalports all or range list 1 4 other parameter value 2 Activate and save your configuration Table 4 3 Other Serial Port Configuration Parameters Parameter Value Description banner login banner To set the banner that is displayed when you connect to a serial port Text should be entered in double quotes breakinterval numbers To set break interval in milliseconds ms Usua
42. portslave pslave conf Change the values of the following parameters all authtype kerberos Chapter 3 Security 57 all protocol Socket ssh or socket server or socket server ssh To use the Telnet protocol to access the serial ports set the all protocol parameter to Socket server To use both Telnet and SSH to access the unit set the all protocol parameter to Socket server ssh 3 Editthe etc krb5 conf file vi etc krb5 conf All changes required in this file are related to the network domain Substitute all listed parameters that are configured with cyclades com with the corresponding domain of your network 4 Activate your changes runconf 5 Test the configuration a Access a serial port using the Telnet protocol for example telnet 192 168 0 1 7001 b Log in with the user and password previously configured in the Kerberos server e In the Cyclades ACS console server run the following command Ww 6 Save your changes saveconf LDAP Authentication To configue LDAP authentication on the Cyclades ACS console server 1 Execute the following command Refer to Table 3 6 for authentication parameters cli gt config security authentication parameter lt value gt 2 Activate and save your configuration Table 3 6 LDAP Authentication Parameters Parameter Value Description Idapbasedomain ldapbasedomain Distinguished name of the search base dc cyclades dc com Idapserver n
43. single or all IPDU appliances Factory Default factorydefaults lt IPDU ID gt Restore configuration to factory default for a single or all IPDU appliances Reboot reboot lt IPDU ID gt Restart the IPDU applicances in chain Restore Avocent PM PDU and Cyclades IPDU restore lt IPDU ID Restore the configuration saved in Flash Save save lt IPDU ID gt Save the current configuration in Flash Alarm Threshold Avocent PM PDU alarm lt IPDU ID gt lt threshold gt Set an alarm notification when the current exceeds the selected threshold and Cyclades lt element gt IPDU The element can be bank name A B C XY phase name X Y Z outlet number 1 2 IPDU ID id current IPDU ID Display the current IPDU name or assign a new name new IPDU ID Display display IPDU ID 01180 Set the LED display mode of the IPDU Cyclades IPDU AM cycle time gt HW OCP Avocent PM PDU and Cyclades IPDU hwocp IPDU ID reset Display or reset the overcurrent protection status in a single or all IPDU appliances 124 Cyclades ACS Advanced Console Server Command Reference Guide Table 6 2 pmMenu and pmCommand Commands Continued Menu Item Command Syntax Description Minimum On Time minimumon Set the minimum time an outlet stays On before it is Avocent SPC outlet list sinterval turned Off Minimum Off Time
44. the list of commands in the command history e Edit characters on the command line Table 1 3 Cursor Movement Keys Keyboard Keys Description Ctrl a Move to the start of the current line Ctrl e Move to the end of the line Ctrl b Move back a character same as the left arrow key Ctrl f Move forward a character same as the right arrow key Esc b Move back to the start of the current or previous word Words are composed of letters and digits Esc f Move forward to the end of the next word Words are composed of letters and digits Ctrl I Clear the screen and redraw the current line leaving the current line at the top of the screen Table 1 4 Command History Keys p EE EG Keyboard Keys Description Ctrl n Move forward through the history list fetching the next command same as lt down arrow key gt Ctrl p Move back through the history list fetching the previous command same as lt up arrow key gt NOTE The command history buffer is only available for the last 500 commands in the current session The history is cumulative so terminating the session does not clear the buffer This means a user may log in to the CLI and go back over the commands entered by a previous user Table 1 5 Text Modification Keys 2 IT ET Si ET ONE MA NEE ee ii Keyboard Keys Description Ctrl d Delete the character under the cursor same as Delete key Ctrl h Same as Backspace key
45. the serially connected servers through the IPMI protocol IPMI configuration This program lets you manage IPMI enabled devices locally remotely These functions include printing FRU information LAN configuration sensor readings and remote chassis power control Appendices 141 IPMI ipmitool Syntax ipmitool hvV I interfac H hostname L privlvl A authType P password expression Table A 8 ipmitool Options Option Description Valid Values h Get basic usage help from the command line N A V Increase verbose output level This option N A may be specified multiple times to increase the level of debug output V Display version information N A lt interface gt Selects IPMI interface to use open imb lan lanplus H address Remote server address may be IP address or hostname This option is required for the LAN interface connection N A U username Remote username Default is NULL L lt privivl gt Force session privilege level USER OPERATOR ADMIN Default is USER A lt authtype gt Force session authentication type PASSWORD MD5 MD2 P lt password gt Remote server password Valid password for specified username account 142 Cyclades ACS Advanced Console Server Command Reference Guide Expressions Table A 9 IPMI Commands Expression Description raw Send a RAW I
46. to a serial port ssh 1 username server hostname Table 4 5 SSH Session Configuration Parameters Parameter Description username User configured to access the serial port It is present either in the local database or in an authentication server such as Radius or LDAP Server TCP port number assigned to a serial port for example 7001 pool of ports for example 3000 the alias for the server connected to that serial port or the alias of a pool of ports hostname Workstation name or its IP address To close an SSH session press the hotkey defined for the SSH client followed by a dot the default is tilde NOTE Enter the escape character followed by a dot at the beginning of a line to close the SSH session Accessing serial ports using ts_menu The ts_menu is an application to facilitate connection to the serial ports The following are the methods of executing the ts_menu command e Calling ts menu without specifying arguments e Calling ts menu with command line arguments e Using CLI to call ts menu Calling ts menu without specific parameters To access the serial port configured for Telnet or SSH enter ts menu at the shell prompt The server s aliases or serial ports are displayed as options to start a connection Chapter 4 Accessing Connected Devices 75 Calling ts menu with specific parameters ts menu u user l c ro s auth console port Table 4 6 ts m
47. 1 identified by Protocol socket server TCP port 3000 IP 10 1 0 1 and alias pool 1 e pool 2 identified by Protocol socket ssh TCP port 4000 IP 10 2 0 1 and alias pool 2 The serial ports ttyS1 and ttyS2 belong to pool 1 The serial ports ttyS3 and ttyS4 belong to pool 2 You may access serial port ttyS1 by using TCP port 7001 IP address 10 0 0 1 or alias serial 1 If the ttyS1 is in use and if the user is not an admin user then the connection is dropped 146 Cyclades ACS Advanced Console Server Command Reference Guide Alternately you may access ttyS1 through the pool using TCP port 3000 IP 10 1 0 1 or alias pool 1 If it is not free ttyS2 is automatically allocated If ttyS2 is not free then the connection is dropped Serial port pool pool 1 s1 s1 s1 s1 s1 s2 s2 s2 s2 tty ttyS1 protocol socket server sl pool socket port 3000 TCP port for the pool sl pool ipno 10 1 0 1 IP address for the pool sl pool alias pool 1 alias for the pool SZ Socket port 7001 TCP port 4 for specific allocation ipno 10 0 0 1 IP address for specific allocation alias serial 1 alias for specific allocation tty ttyS2 protocol socket server S25 pool socket port 3000 TCP port for the pool s2 Socket port 7002 TCP port for specific allocation ipno 10 0 0 2 IP address for specific allocation pool ipno 10 1 0 1 IP address for the pool s2 alias serial 2
48. 1 data in local directory var run DB or in remote server indicated by conf nfs data buffering Ramdisk Data buffering files are created in the directory var run DB If the parameter s nn alias is configured for the port nn this name is used For example if the alias is called fremont server the data buffering file is named fremont server data Linear vs Circular buffering For local data buffering this parameter allows users to buffer data in either a circular or linear fashion Circular format cir is a revolving buffer file that is overwritten whenever the limit of the buffer size set by all data buffering is reached In linear format lin data transmission between the remote device and the serial port ceases once the 4k bytes Rx buffer in the kernel is reached Then if a session is established to the serial port the data in the buffer is shown all dont show DBmenu or sxx dont show DBmenu must be 2 cleared and data transmission is resumed Linear buffering is impossible if flow control is set to none Default is cir To configure data buffering 1 Execute the following command to configure data buffering Refer to Table 5 12 for the configuration parameters cli config physicalports all databuffering parameter value 2 Activate and save your configuration Table 5 12 Data Buffering Configuration Parameters Parameter Value Description bufferonlynosession nolyes Buffer only when connect
49. 109 Dial out application using CDMA or GSM GPRS The Cyclades ACS console server supports dial out through GSM GPRS and CDMA 1xRTT wireless PC cards The dial out application connects the port to a remote TCP socket at the specified IP address through a wireless phone network service and an Internet access service Use the etc generic dial conf file to configure dial out ppp connections through a GPRS and IxRTT profiles The etc generic dial conf file defines dial out instances in the following format f begin lt application type gt instanceID de es dus f end application type Above instanceID is an optional string to identify a particular instance and application type is dial out Insert the required parameters for your specific instance Table 2 14 Configuration Parameters for etc generic dial conf Parameter Description begin lt dial out gt lt instance id gt Begins the dial out application Optionally specify a name for the particular instance inPort name lt name gt A label for the incoming port to be used in log messages inPort device lt dev ttyXX gt The modem type used for this interface inPort speed 9600 Connection speed Default is 9600 inPort datasize 8 The number of data bits Default is 8 inPort parity none even odd None even or odd inPort stopbits 1 The number of stop bits inPort flowctrl none hw sw Gateway or interface addres
50. 15 Restoreconf Utility and Storage Device Parameters lIet UH r Ji 5T Media Description lt none gt Read the configuration file from the PC card storage device and if the DEFAULT flag is set use this file as the configuration default If the REPLACE flag is set copy this file to the internal Flash of the Cyclades ACS console server If the DEFAULT flag is not set or there is no configuration file in the PC card storage device read the configuration from the internal Flash local lt File gt Read the configuration from the path and local file sd Read the configuration from the PC card storage device Compact Flash or IDE and if the REPLACE flag is set copy the file to the internal Flash of the Cyclades ACS console server local lt File gt Read the configuration from the path and filename ftp lt remote path and filename gt lt IP address of the FTP server gt lt username gt lt password gt Read the configuration from a remote FTP server tftp remote path and filename IP address of the TFTP server gt Read the configuration from a remote TFTP server ssh lt remote path and filename gt lt IP address of the SSH server gt lt username gt Read the configuration from a remote SSH server 112 Cyclades ACS Advanced Console Server Command Reference Guide Saving or restoring configuration files usi
51. 2 Network Configuration 27 The following example displays the etc ppp peers wireless file In this example note that the connect script initiates the connection The file wireless executes using the chat automated modem communication script with the parameters v verbose mode t timeout and f read the chat script from the etc chatscripts wireless file root CAS root more etc ppp peers wireless nodetach debug dev ttyM1 57600 crtscts lock noauth nomagic user claro show password noipdefault defaultroute ipcp accept local ipcp accept remot noproxyarp novj novjccomp lcp echo interval 0 connect usr local sbin chat v t3 f etc chatscripts wireless By default the etc ppp peers wireless file initiates a dial in connection by reading the chat script configured in the etc chatscripts wireless file 28 Cyclades ACS Advanced Console Server Command Reference Guide The following example illustrates the AT commands e An ATD command to dial the 99 number e An AT CGDCONT 1 IP claro com br to contact a local GPRS broadband service GSM wireless network in Brazil ABORT ABORT ABORT ABORT TEE OK OK TEE OK OK CONNI D BUSY VOICE UI NO NO Telc T CG TD 9 Telc AT amp C TDT D ECT P CARRIER DIALTONE Oo X DCONT 1 IP claro com br 9 o Y 0 777 To specify the telephone carrier in the etc chatscripts wirel
52. 4 4 Telnet Session Configuration Parameters eese ente 74 Table 4 5 SSH Session Configuration Parameters ses see sesse se eee 74 List of Tables xi Table 4 6 ts menu Parameters se a ene e Ee ee ee ee een eee ee ee ee esses e eene an 75 Table 4 7 Console Escape Commands sees se se Se ee Se Se ee ee reir raies araser ee ee ee 76 Table 4 8 ts menu Configuration Parameters essere Se ee Ge ee ee 77 Table OE MENU Options EE EE OE OE OE EE OE N 77 Table 4 10 Example of CAS Configuration with Local Authentication Descriptions 78 Table 4 11 Example of CAS Configuration with Local and Remote Authentication Descriptions 79 Table 4 12 Example of TS Configuration Profile Descriptions eese 61 Table 4 13 Example of Dial in Access Profile Descriptions esee 83 Table 5 I Process Table EE N m a e ORE OR E E E 86 Table 5 2 Global Options Parameters Syslog ng Configuration seen 87 Table 5 3 Source Drivers Parameters Syslog ng Configuration esee 68 Table 5 4 Filters Parameters Syslog ng Configuration eese 89 Table 5 5 Destination Drivers Parameters Syslog ng Configuration i s sesse ses sesse se se se se ee 91 Table 5 6 Send Email Parameters sesse se se se Se se se ee enne trennen treten treten eene 92 Table 5 7 Message Mount Parameters eee
53. 68 100 111 username john password john1234 filepathname images zImage checksum no Activate and save your configuration Close the CLI session and reboot the Cyclades ACS console server cli quit reboot 158 Cyclades ACS Advanced Console Server Command Reference Guide Appendix C Linux File Structure The Linux file system is organized hierarchically with the root directory represented by the forward slash symbol All folders and files are nested within each other below this base directory Table C 1 displays the Linux directory structure Table C 1 Linux Directory Structure Path Description home Contains the working directories of the users bin Contains applications and utilities used during system initialization dev Contains files for devices and ports etc Contains configuration files specific to the operating system lib Contains shared libraries proc Contains process information mnt Contains information about mounted disks opt Location where packages that are not supplied with the operating system are stored tmp Location where temporary files are stored usr Contains most of the operating system files Basic Linux commands Table C 2 describe the basic Linux commands for file manipulation or changing directory and contents Table C 2 File Manipulation Commands Command Description cp file_name destination Copies the file indicated by file_n
54. 6BF 38402252 Action Log D37C67BA 89E7 44BA AE5A 112C6806BODD During nominal Windows Server operations the following GUIDs may be expected SAC 63D02270 8AA4 11D5 BCCF 806D6172696F CMD 63D02271 8AA4 11D5 BCCF 00B0D014A2D0 NOTE These GUIDs are constant and should not be confused with those provided through the lt guid gt tag lt description gt Is the user friendly name of the active channel For the GUI Mode Setup tool they are Debug Log Setup tracing log Error Log Setup errors log Action Log Setup actions log For the Windows Server they are SAC Special Administration Console CMD Command Prompt guid Is a hexadecimal GUID that identifies a specific instance of a channel During a life span of a Windows Server between any two system boots there is a total of 10 channels being allocated one of those may be a GUID for each of the following channel types GUI Mode Setup Debug Log GUI Mode Setup Error Log GUI Mode Setup Action Log SAC The remaining GUIDs are of the CMD channel type For example during Windows setup there are 3 GUIDs assigned to Setup 1 to SAC and the remaining 6 to CMD However during normal Windows operations there is 1 GUID assigned to SAC and the remaining 9 to CMD These GUIDs are created a new for each instance of channels and should not be confused with the constant GUIDs provided via the application type tag listed previously
55. A Linux admin user has access to the full functionality of the CLI except the shell command which provides access to the Cyclades ACS console server Linux shell prompt e Regular user A Linux regular user has access only to limited functionality of the CLI Access is granted only to the applications commands of the CLI utility e CLI interface generates syslog messages for executed commands and when sessions are terminated For example Apr 19 17 51 44 src dev log swes 129 CLI 413 User root starts an interactive CLI session cli config Apr 19 16 28 02 src dev log swes 129 CLI 412 Session closed due idletimeout Apr 19 17 54 23 src dev log8swes 129 CLI 413 User root executed quit e CLI writes every command executed in interactive mode in the file history This file stores the last 1000 commands executed in any CLI session Modes of operation Chapter 1 Using the Command Line Interface The following table describes the three modes of executing commands using the CLI utility Table 1 1 Modes of Operation 3 Mode Description Command Line CLI is invoked in the Linux shell with commands and parameters For example root CAS root bin CLI config network hostsettings hostname parameter Batch CLI commands may be saved in a text file and executed in batch mode by invoking the CLI utility with the f filename option e CLI commands may be used in a shell script For example bin CLI
56. ACS Console Server Integration eese eere 118 viii Cyclades ACS Advanced Console Server Command Reference Guide ix LIST OF TABLES OF TABLES Table 1 1 Modes of Operation se Se Se ee ee eene enne ete treten trennen erret 3 Table 1 2 CLI Commands for Saving Configuration Changes esee 4 Table 1 3 C rsor Movement Keys s RU Re e aere e e ERR RS 5 Table 1 4 Command History K ys EE EE Hn p e eene 5 Table 1 5 Text Modification Keys esse se ee ee ee ee eese teet ener nennen tenere treten ennt 5 Table 1 6 CLI Global Commands i eiae i ei pt e PR US 6 Table 1 7 CLI Command Arguments sesse se ee ee ee ee eerte retener enne treten tree nette 6 Table 2 1 IPv4 Specific Configurations eese eerte nennen nene enne nne Il Table 2 2 IPv6 Specific Configurations eese eterne etre entrent 12 Table 2 3 Host Settings Parameters and Values esee eere eene 14 Table 2 4 Security Profiles eu addere dr n ER GEHE e etes 15 Table 2 5 Custom Security Profile Parameters esee eere ene 16 Table 2 6 PC Card Configuration and Monitoring Commandis eene 17 Table 2 7 Ethernet PC Card Configuration Parameters eene 18 Table 2 8 Wireless LAN PC Card Configuration Parameters esee 18 Table 2 9 Modem PC Card Configuration Parameters eese 19 Table 2 10 GSM PC Card Configuration Parame
57. AP Ldap Authentication is performed using an LDAP server Local Ldap Local authentication is performed if LDAP fails or if the LDAP LdapDownLocal server is down Local Local Authentication performed locally NIS Radius or TACACS Local Nis authentication is used if the local authentication fails Local Radius Local TacacsPlus NIS Nis NIS authentication is performed Local authentication is Nis Local performed if NIS fails or if the NIS authentication server NisDownLocal is down OTP Otp Uses the one time password OTP authentication method Available for serial port Otp Local or use local if OTP fails authentication only Radius Radius Authentication is performed using a Radius server Local Radius Local RadiusDownLocal authentication is performed if Radius fails or the Radius server is down Chapter 3 Security 49 Table 3 1 Cyclades ACS Console Server Serial Port and General Authentication Methods Continued Authentication type Parameter Description TACACS TacacsPlus TacacsPlus local TacacsPlusDownlocal Authentication is performed using a TACACS authentication server A local authentication is performed if TACACS fails or if the TACACS authentication server is down None none Available for serial port authentication only Not a valid option when the serial port is configured for Power Management protocol The system defaults to Local if no authentication type is selected To configure au
58. AUTION It is possible that all outlets get turned off during the upgrade process Make sure to shut down all connected devices before starting the firmware upgrade process 4 Execute the pmfwupgrade application from the shell prompt Table 6 4 describe the parameters pmfwupgrade lt options gt all s serial device name IPDU id lt filename gt Table 6 4 pmfwupgrade Application Parameters Parameter Description h Show the help message and exit f Upgrade the firmware without asking any questions V Show messages about the status of the upgrade S serial device name Serial port name where the PM IPDU is connected This option upgrades all IPDU appliances in daisy chained IPDUs connected to the serial port IPDU id IPDU identification name filename The new firmware to upload to the PM unit Default tmp pmfirmware Chapter 6 Power Management 129 SNMP Proxy The SNMP proxy for power management feature allows the Cyclades ACS console server to proxy SNMP requests to the IPDU This allows SNMP clients to query and control the remote IPDU using standard set and get commands The following parameters and features are controlled in the remote IPDU e The number of IPDU units connected to the Cyclades ACS console server e The number of outlets connected to a serial port e The number of IPDU units connected to a serial port in a daisy chain configuration e The insta
59. Addressing To enable IPv4 network addressing From the shell prompt on your terminal enter the following command CLI 2 From the cli prompt enter the following cli gt config network hostsettings ipmode dualstack This will enable both IPv4 and IPv6 network addressing Or cli gt config network hostsettings ipmode ipv4 This will enable IPv4 network addressing only To set IPv4 specific configurations From the cli prompt enter the following cli gt config network hostsettings Follow the parameters in Table 2 1 for the rest of the configuration Table 2 1 IPv4 Specific Configurations IPv4 Specific Level 1 IPv4 Specific Level 2 Description primipaddress nnn nnn nnn nnn The primary IP address of the Cyclades ACS console server automatically obtained if DHCP is enabled secipaddress nnn nnn nnn nnn The secondary IP address of the Cyclades ACS console server primsubnetmask nnn nnn nnn nnn Subnet mask for the primary IP address secsubnetmask nnn nnn nnn nnn Subnet mask for the secondary IP address dhcp nnn nnn nnn nnn An IPv4 address will be dynamically obtained from a DHCPv4 server IPv6 addressing Services not supported in IPv6 IPv6 does not support the following services e NIS authentication 12 Cyclades ACS Advanced Console Server Command Reference Guide e NFS data logging e ISDN PC cards dial up e Virtual ports To enable IPv6 network addressing
60. CS console server OPIE one time passwords in everything software on the Cyclades ACS console server supports OTP authentication on PC modem cards OPIE software on the Cyclades ACS console server supports the OTP authentication method and the OTP Local fallback option for serial ports The OTP authentication method is supported for dial ins through modem GSM and CDMA PC cards See http www freebsd org doc en books handbook one time passwords html for more details about OTP OTP authentication configuration tasks Cyclades ACS console server administrators must perform the following tasks to set up and configure OTP e Mount the OTP database on any of the following storage units e The main Flash memory on Cyclades ACS console server e PCMICA Compact Flash card e NFS mounted directory e Configure OTP for each user The Cyclades ACS console server administrator must make sure each user who needs to use OTP has a local account on the Cyclades ACS console server and is registered with the OTP system e Configure a PC modem card for OTP authentication You may use WMI or the CLI utility to configure a modem for OTP To set up and configure an OTP database 1 Openaconsole window and log in to the Cyclades ACS console server as root Chapter 3 Security 63 2 Execute the following command to configure the OTP database do create otpdb 3 Enter the desired location where you want the OTP database stored The following table s
61. Get the number IPDU outlets connected to the serial port 16 f snmpget m all v 2c t 4 c cyclades 10 10 0 1 cyPMNumberOutlets 16 Enter 130 Cyclades ACS Advanced Console Server Command Reference Guide enterprises cyclades cyACSMgmt cyPM cyPMtable cyPMEntry cyPMNumberOutl ets 16 8 3 Get the number of IPDU units connected to serial port 14 snmpget m all v 2c t 4 c cyclades 10 10 0 1 Enter cyPMNumberUnits 14 enterprises cyclades cyACSMgmt cyPM cyPMtable cyPMEntry cyPMNumberUnit s 14 2 131 APPENDICES Appendix A Additional Features and Applications Windows 2003 server management Emergency Management Services EMS is a new feature in the Windows 2003 Server that allows out of band remote management and system recovery tasks All Emergency Management Services output is accessible using a terminal emulator connected to the server serial port Besides the normal character mode output sent to the serial console Windows also sends xml tags Those tags may be captured and processed by the Cyclades ACS console server so that the administrator may automate the actions to be taken You may manage the server through the Special Administration Console SAC which is the console when connected directly to the Windows Server through Telnet or SSH session Configuring Windows 2003 server management To manage a Windows 2003 server it is necessary to enable the EMS service Syntax bootcfg ems EDIT OFF ON s
62. ICES klogin stream tcp nowait root usr sbin tcpd usr local sbin klogind ki 56 Cyclades ACS Advanced Console Server Command Reference Guide telnet stream tcp nowait root usr sbin tcpd usr local sbin telnetd Restart the inetd service daemon sh restart NET Save the configuration saveconf To test the configuration 1 8 The client must have a kerberized SSH In addition configure the following parameters in the etc ssh ssh config file GSSAPIAuthentication yes GSSAPICleanupCreds yes The client must have the same krb5 conf file in the Kerberos server scp root kerberos server cyclades com etc krb5 conf etc krb5 conf Request the ticket from the Kerberos server kinit f p john Password for john CYCLADES COM You are prompted to insert the principal password which is in the Kerberos server database Check to see if the ticket received successfully klist Connect from the client to the Cyclades ACS console server through SSH ssh john acs48 2 cyclades com Open an SSH session to one of the Cyclades ACS console server s ports ssh john 7001 acs48 2 cyclades com RLOGIN to the Cyclades ACS console server with forwardable tickets rlogin 1 john acs48 2 cyclades com F Telnet to the Cyclades ACS console serverwith forwardable tickets telnet 1 john acs48 2 cyclades com F Kerberos server authentication 1 Open the etc portslave pslave conf file vi etc
63. IEW siren OR esaaesdendy 1 Understanding the CLL Utility o RR ES ER E Ue RR ERES 1 Accessing the CL ics e ae OR AR REL av aged EUR Ve t e Eee pepe ie 1 Important features of the CLI utility esee eese eene tentent netter entente 2 MOd S Of dr iti ISI rr erede se RE Ree SEEK 3 CLI N yi EE EE EE EE N OR EE EE EE OES 4 Saving CLT Changes s e dee ide ema RT HO BOERE d eere MAAG 4 Using CLI hotkeysi ec EE OE Pe EG EE EA N 5 Chapter 2 Network ConfiguratiON sees ee Ra ee KERR AR KRAG ER EER AR KRAAK ER Re AR REG REK Re ee RR Ge nannten 9 Network Settings OE EE OE EO gie d e EE ds 9 IPV4and ie addressing ai etae et het ee dus 10 IPv4 Addressing dee deed de et ied ee tene Il TP VO addressing ico ide oaa RD enden aie EE piede 11 IPv4 and IPv6 common parameters sesse esse se ee se ee eese eene tenente ee ee rennen 13 Do MAMMA REN 14 Sec rity du KIE EE EE e te editt dpt 15 Enable serial ports e e temer rete ee ten gd 16 PC Card Managemelt ved Ra ted edes leoi ae o Na te Der gere Rl ESE 17 PG Card Network DeviCes c eser e Re A ete pete e evene eee tese ERE pe ee P eR ERR 18 Ethernet cards e ER e e EE EE ER HR ewe 18 Wireless LAN AGO EO RE S I ERAT S RATES EI e Ii ere tere 18 Mod m de AE cn UR RR EE EE AU RERO S e HE E DE 19 GSM PC cards iunii eie etm EE det OR e e ken Re EN 20 CDMA card c nfigu rdtion eq ee PER e EER 21 ISDN AE ORE EE RE EE EE EE DE 22 PGEE and
64. ISDN PC card cli config network pcmcia 2 isdn localip 10 0 0 1 remoteip 10 0 0 2 2 Enable callback and add the call back number if desired cli config network pcmcia 2 isdn enablecallback yes callbacknum 4155552515 3 Activate and save your configuration PC CF and IDE Media Cards The Cyclades ACS console server s PC card slots support media cards such as Compact Flash CF or IDE hard disk drives Use a CF card with a PC card adaptor to back up configuration files Use a PC card hard drive for data buffering Supported file systems The PC cards are detected when they are inserted in the slot and the system mounts the file system ext2 in the mnt ide directory If you need to mount the file system vfat edit the FSTYPE ext2 parameter in the pcmcia ide opts file and change the file system to vfat Partition a PC card hard drive for VFAT Usage mkdosfs A c C v I 1 bad block file b backup boot sector m boot msg file n volume name i volume id s sectors per cluster S logical sector size f number of FATs h hidden sectors F fat size r root dir entries R reserved sectors dev name blocks Chapter 2 Network Configuration 23 Initialize a PC card hard drive for VFAT echo 0x0e sfdisk dev hda f mkdosfs dev hdal Partition a PC card hard drive for ext2 Usage mke2fs c t 1 filename b block size f fragment size i i bytes per inode j J jou
65. NFS When using remote files the limitation is imposed by the remote server disk partition space and the data is kept in linear sequential files in the remote server When using local files the limitation is imposed by the size of the available ramdisk You may wish to have data buffering done in file syslog or both For syslog all syslog_buffering and conf DB_facility are the parameters to be dealt with and syslog ng conf file should be set accordingly Please see Syslog ng on page 87 for the syslog ng configuration file The data buffering parameters are configured in file all data buffering Conf nfs data buffering is a remote network file system where data buffering is written to instead of the default directory var run DB When commented it indicates local data buffering The directory tree to which the file is written must be NFS mounted and the local path should point to mnt DB nfs The remote host must have NFS installed and the administrator must create export and allow read write privileges to the directory The size of this file is not limited by the value of 104 Cyclades ACS Advanced Console Server Command Reference Guide the parameter s1 data buffering though the value cannot be zero since a zero value turns off data buffering The conf nfs data buffering parameter format is server name or IP address gt lt remote pathname gt For example if data buffering is enabled for port 1 the data is stored in the file ttyS
66. NN 1 3 6 1 2 1 2 2 1 2 1 s V SFULLDATE HOST MSGN hi Sending a message to a remote syslogd server destination d udp udp lt remote IP address gt port 514 The following example sends syslogs to syslogd located at 10 0 0 1 destination d udpl udp 10 0 0 1 port 514 Connecting sources filters and actions To connect the sources filters and actions use the following statement An action is an incoming message from one of the listed sources A match for each of the filters is sent to the listed destination log source S1 source S2 filter F1 filter F2 destination D1 destination D2 where e Sx Identifies the defined sources e Fx Identifies the defined filters e Dx Identifies the defined actions or destinations Examples of connecting sources filters and actions e To send all messages received from local syslog clients to console log source sysl destination d console e To write all messages with levels info notice or warning and received from syslog clients local and remote to var log messages file Chapter 5 Administration 95 log source sysl source s udp filter f messages destination d messages e To send an email if message received from local syslog client has the string kernel panic log source sysl filter f kpanic destination d maill e Tosend an email and pager if message received from local syslog client has the string root
67. NOTE Typing all escape char or sN escape char from the sniff session or send message mode makes the Cyclades ACS console server to show the previous menu The first regular sessions are not allowed to return to the menu If you kill all regular sessions using option 4 your session initiates as a regular session automatically To configure session sniffing 1 Execute the following command for one or multiple serial ports Refer to Table 5 11 for session sniffing parameters cli config physicalports all or range list 1 xx multiuser parameter value 2 Activate and save your configuration Table 5 11 Session Sniffing Parameters Parameter Value Description hotkey character To configure the escape character The selected character must be preceded by the character For example k notifyusers yes no To configure multiuser notification multisessions no ro rw yes To configure multiple sessions privilegeusers list of user names To determine which users may receive the sniff menu Separated by commas sniffmode in inout no urt Determines what other users connected to the very same port may see of the session of the first connected user main session Valid values are in shows data written to the port out shows data received from the port in out shows both streams off disables sniffing Data Buffering Data buffering may be done in local files or in remote files through
68. OTP authentication To configure a GSM PC card example 1 Enable and configure the GSM PC card cli config network pcmcia 2 gsm localip 10 0 0 1 remoteip 10 0 0 2 pin 1234 2 Enable callback and add the call back number if desired cli config network pcmcia 2 modem gsm enablecallback yes gsm callbacknum 4155552515 localip 10 0 0 1 remoteip 10 0 0 2 3 Enable One Time Password authentication if required Activate and save your configuration Chapter 2 Network Configuration 21 CDMA card configuration In order to configure a CDMA PC card enter the following command Refer to Table 2 11 for parameter descriptions cli config network pcmcia slot cdma addinit additional initialization speed modem speed localip n n n n remoteip n n n n enablecallback yes no callbacknum string otpauthreq yes no Table 2 11 CDMA PC Card Configuration Parameters Parameter Value Description addinit additional initialization Set an additional initialization parameter to be sent to the card There is a default command sequence to initialize the card but if an additional initialization command is required by the card it may be added using this command speed modem speed This parameter defines the speed that the Cyclades ACS console server uses to access the card enablecallback yes no Enable or disable CDMA call back feature callbacknum string Add a call back n
69. Os Avocent FCC Warning Statement The Cyclades ACS advanced console server has been tested and found to comply with the limits for Class A digital devices pursuant to Part 15 of the FCC rules These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the Installation and Service Manual may cause harmful interference to radio communications Operation of this equipment in a residential area is likely to cause harmful interference in which case the user is required to correct the problem at his or her own expense Notice about FCC Compliance for All Cyclades ACS Advanced Console Server Models To comply with FCC standards the Cyclades ACS advanced console server requires the use of a shielded CAT 5 cable for all interface ports Notice that this cable is not supplied with either of the products and must be pro vided by the customer Canadian DOC Notice The Cyclades ACS advanced console server does not exceed the Class A limits for radio noise emissions from digital apparatus set out in the Radio Interference Regulations of the Canadian Department of Communications L Cyclades ACS advanced console server n mete pas de bruits radio lectriques d passant les limites applicables aux appareils num riques de la classe A prescrites dans
70. PMI request and print response i2c Send an I2C Master Write Read command and print response lan Configure LAN Channels chassis Get chassis status and set power state event Send pre defined events to MC mc Management Controller status and global enables sdr Print Sensor Data Repository entries and readings sensor Print detailed sensor information fru Print built in FRU and scan SDR for FRU locators sel Print System Event Log SEL pef Configure Platform Event Filtering PEF sol Configure IPMIv2 0 Serial over LAN isol Configure IPMlv1 5 Serial over LAN user Configure Management Controller users channel Configure Management Controller channels session Print session information sunoem OEM Commands for Sun servers exec Run list of commands from file set Set runtime variable for shell and exec To Configure IPMI 1 Enter the following command to enable IPMI or edit an existing configuration cli gt config ipmi add edit delete Configure serial ports for power management and IPMI protocol Refer to Table A 10 for configuration parameters cli config physicalports all or range list 1 xx powermanagement disableIPMI enableIPMI key character server lt name gt gt Table A 10 IPMI CLI Configuration Parameters Appendices 143 Parameter Value Description add alias Add and configure an IPMI device edit alias Edit the parameters of an IPMI enabled device
71. PPP or a terminal emulation program 2 Cyclades ACS Advanced Console Server Command Reference Guide Remote users may access the Cyclades ACS console server CLI through SSH by using a terminal emulation program to dial into an external modem or by creating a PPP connection with an external modem or a PC card modem e By clicking Connect to ACS in WMI After logging into the WMI you may access the CLI by clicking the Connect menu option Important features of the CLI utility e Only one user logged in as root or admin may have an active CLI or WMI session A second user who connects through the CLI or the WMI as root or admin have a choice to abort the session or close the other user s session NOTE If there are cron jobs running through automated scripts a root or admin user login may cause the automated cron jobs to fail e CLI has three possible user levels e Rootuser A Linux root user has access to the full functionality of the CLI interface Root users have access to the shell command in the CLI that provides access to the Cyclades ACS console server shell prompt NOTE An administrator may enforce the Linux shell to execute the CLI utility when the user logs into the Cyclades ACS console server bin CLI A user with root access may invoke the Linux shell from the CLI interface An admin or a regular user who is configured with CLI as the default shell may not access the Linux shell e Admin
72. Pv6 addresses obtained by the router cannot be used outside the local network static IPv6 address will be statically configured dhcp IPv6 address and its prefix length will be dynamically obtained from a DHCPv6 server staticipaddress ipaddress prefix length Configures a static IPv6 address and its prefix length for the interface This is available only if ipv6method is configured as static To configure a static primary IP address in IPv6 mode enter the following cli config network hostsettings ipv6 staticpaddress IPv6 address To configure a dynamic primary IP address in IPv6 mode enter the following cli config network hostsettings ipv6 ipv6method stateless only or cli config network hostsettings ipv6 ipv6method dhcp IPv4 and IPv6 common parameters To set up parameters common to IPv4 and IPv6 mode To set up or change the primary DNS server enter the following cli config network hostsettings primdnsserver primary DNS server ip Similarly configure the secondary DNS server if necessary cli config network hostsettings secdnsserver secondary DNS server ip To set up or change the domain name where your system resides enter the following cli config network hostsettings domain domain name To configure the gateway enter the following cli config network stroutes add default gateway gateway IP address 14 Cyclades ACS Advanced Console Server Command Reference Guide NOTE If t
73. Response JOE FEE JUTE HARK BANE FAR ID OTP key is 499 KV3881 JOE FEE JUTE HARK BANE FAR To generate OTP passwords Execute the command opiekey to generate passwords for the users NOTE Do not execute the opiekey command through dial in or an unsecured remote connection such as Telnet The following example uses MD5 5 option to verify data integrity The n count option followed by the sequence number 498 generates 5 passwords ending with number 498 f opiekey 5 n 5 498 KV6178 Chapter 3 Security 65 Using the MD5 algorithm to compute response Reminder Don t use opiekey from telnet or dial in sessions Enter secret pass phrase john s secret pass phrase 494 HOST DRUG CLAN NARY HILT BULB 495 DUG JET CAIN SKIN SIGN BRAE 496 ALOE DUEL HUB SIT AMMO MI 497 REEK K RECK CUT NEWS AMY 498 ALGA DEAD PUN FLUB LYRA LEN 2 Give the OTP username secret pass phrase and the OTP passwords generated in this procedure to the user Configuring a PC modem GSM or CDMA card using OTP authentication You may configure the PC cards for OTP authentication using WMI or CLI e In WMI go to Configuration Network PCMCIA Management and click on the Configure button and enable One Time Password Authentication for a modem GSM or CDMA card e See the following sections for configuration procedures using the CLI utility To configure a mod
74. TFTP SERVER Save to SSH server saveconf ssh FILE SSH SERVER USER Table 5 14 Saveconf Utility and Storage Device Parameters Media Description none Save the configuration to internal Flash sd default replace Save the configuration to a PC card storage device Compact Flash or IDE local lt File gt Save the configuration to the path and filename ftp remote path and filename IP address of Save the configuration to a remote FTP server the FTP server username password tftp remote path and filename IP address of Save the configuration to a remote TFTP server the TFTP server ssh remote path and filename IP address of Save the configuration to a remote SSH server the SSH server username Restoreconf utility Syntax Chapter 5 Administration 111 Enter the following at the shell prompt to see the syntax for the options f restoreconf help Usage Restore from flash restoreconf Restore from factory default restoreconf factory default Restore from storage device restoreconf sd Restore from local file restoreconf local FILE Restore from FTP server restoreconf ftp FILE FTP SERVER USER PASSWORD Restore from TFTP server restoreconf tftp FILE TFTP SERVER Restore from SSH server restoreconf ssh FILE SSH SERVER USER Table 5
75. Table 4 11 TT I3 10 k e Figure 4 2 Example of CAS Configuration with Local and Remote Authentication a Table 4 11 Example of CAS Configuration with Local and Remote Authentication Descriptions 79 Item Description Item Description 1 Servers on Serial Ports 6 Ethernet Hub or Switch 2 Cyclades ACS Console Server 7 Remote Data Server 3 Power Cable 8 Ethernet Router 4 Ethernet CAT 5 Cable 9 Local User 5 TACACS Server 10 User To test a CAS configuration 1 Createa new user in the local database adduser username t passwd username 80 Cyclades ACS Advanced Console Server Command Reference Guide 2 Make sure the physical connection between the Cyclades ACS console server and the servers is correct 3 Confirm the communication parameters 9600 bps 8N1 are set on both the server and the Cyclades ACS console server 4 Make sure the server is configured to route console data to its serial console port Console Redirection 5 Telnet to the server connected to Port 1 From a server on the local network not from the console try to Telnet to the server connected to the port 1 of the Cyclades ACS console server using the following command telnet ip address gt TCP port A Telnet session should open on the server connected to Port 1 8 To activate and save the changes run the following commands runconf saveconf Terminal Server TS profile
76. Telnet or SSH I c Sorted list ports c option sort by console server and exit auth Interactive authentication ro Read Only mode S Show sorted ports lt console port gt Connect direct to console port u lt name gt Username to be used in SSH Telnet command 78 Cyclades ACS Advanced Console Server Command Reference Guide Configuration examples Console Access Server CAS profile With the Cyclades ACS console server set up as a CAS profile you may access a connected server s serial console port from a workstation on the network There is no authentication by default but the system may be configured for an authentication server such as Radius LDAP or a local database Figure 4 1 displays an example of a CAS environment and descriptions follow in Table 4 10 This configuration example has local authentication and serially connected workstations Figure 4 1 Example of CAS Configuration with Local Authentication Table 4 10 Example of CAS Configuration with Local Authentication Descriptions Item Description Item Description 1 Servers on Serial Ports 6 Ethernet Hub or Switch 2 Cyclades ACS Console Server 7 Ethernet Router 3 Power Cable 8 Local User 4 Ethernet CAT 5 Cable 9 User 5 Local Network Server Chapter 4 Accessing Connected Devices Figure 4 2 displays another configuration example for remote and local authentication data buffering and remote access Descriptions follow in
77. a named pipe Available options owner name group name perm mask Equals global options template string Syslog ng writes the string in the file You may use the MACROS in the string unix stream filename and unix dgram filename This driver sends messages to a UNIX socket in either SOCKET STREAM or SOCK DGRAM mode udp lt ip address gt port number and tcp ip address gt port number This driver sends messages to another host ip address port using either UDP or TCP protocol program lt program name and arguments gt This driver fork executes the given program with arguments and sends messages down to the stdin of the child usertty lt username gt This driver writes messages to the terminal of a logged in username 92 Cyclades ACS Advanced Console Server Command Reference Guide The following is an example of how to send an email destination ident pipe dev cyc_alarm template sendmail lt pars gt where lt ident gt uniquely identifies the destination Table 5 6 Send Email Parameters Email field Parameter To address t lt name gt lt name gt CC address c lt name gt lt name gt Bcc address b lt name gt lt name gt Reply to address r lt name gt lt name gt From address f lt name gt Subject s lt text gt Message m lt text message SMTP server h lt IP addre
78. ades serial port adaptor 2 Cyclades ACS Console Server 5 RJ 45 serial cable on Cyclades ACS console server port XX connect to serial port of managed servers using Cyclades serial port adaptor Managed Servers Straight through RJ 45 serial cable for 3 6 Avocent PM PDUs and Cyclades IPDUs connect to ACS console server port YY Power Management Protocol The serial port s configured with the Power Management protocol allows you to connect and configure IPDUs using an enabled serial port Refer to Figure 6 1 and the following procedure to configure power management protocol Chapter 6 Power Management 119 To configure power management protocol 1 Configure a serial port with the power management protocol cli gt config physicalports lt YY gt general protocol pm Configure the connection type SSH Telnet or both for users to connect to the IPDU cli gt config physicalports lt YY gt general pmsessions ssh ssh telnet telnet Define a unique name for each connected IPDU appliance cli config physicalports YY general alias server alias Configure the communication protocol for each target server connected to a serial port cli config physicalports XX general protocol consoletelnet consolessh consoletelnetssh cli config physicalports XX powermanagement enable Enable IPDU outlets enable outletList ZZ For example enable outletList ipudA 1 ipduB 2 5 7 Configure us
79. ame to the path indicated by destination optext txt tmp Copies the file text txt in the current directory to the tmp directory Copies the file robo php in the chap directory to the current ocp chap robo php excess php directory and renames the copy excess php rm file name Removes the file indicated by file name mv file name destination Moves the file indicated by file name to the path indicated by destination Appendices 159 Table C 2 File Manipulation Commands Continued Command Description mkdir directory name mkdir spot mkdir tmp snuggles Creates a directory named directory name Creates the directory spot in the current directory Creates the directory snuggles in the directory tmp rmdir directory name Removes the directory indicated by directory name pwd Supplies the name of the current directory While logged in the user is always in a directory The default initial directory is the user s home directory home username Is options directory name Lists the files and directories within directory name Some useful options are for more detailed output and a which shows hidden System files cd directory name Changes the directory to the one specified cat file name Prints the contents of file name to the screen one dot Represents the current directory two dots Represents one directory above the current directory
80. are available for transfer at var run DB or an alternate path defined by the user in the pslave conf file Once the cy ras program detects the protocol as billing it starts the billing application The billing application then opens the port as configured in pslave conf and starts reading it Records terminated by billing eor string are expected to be received The Cyclades ACS console server doesn t change the termination method transferring the same sequence to the file The name of the temporary file used to write these records is CycXXXXX YYMMDD hhmmss tmp where XXXXX is the hostname or alias YYMMDD is the year month day hhmmss is the hour min sec This name helps the user archive and browse their directory as the file may be chronologically listed not based on its creation or modification times but based on when its contents were recorded Also whenever hostname is not significant the user may use the alias name s1 alias in pslave conf to match their actual plant like PABX trunk9 The temporary file described previously is closed and renamed to cycXX XX X Y YMMDD hhmmss txt and a new temporary file is opened when e the maximum number of records specified by billing records is reached e the lifetime specified by billing timeout finishes If no record is received within a file lifetime period no file is saved NOTE A zero value for billing record stops the application and a zero value for billing timeout means n
81. ary printer name and alias lp lp2 serial printer on port ttyS2 suppress header and or banner page ssh spool directory the name is fixed as lp ttySnn when nn is the serial port number sd var spool lpd lp ttyS2 printer device lp dev ttyS2 log filename 1f var log lpd log set serial port speed as 115 200 bps br115200 1pllp2 serial printer on port ttyS2 zsh sd var spool lpd lp ttyS2 N lp dev ttyS2 N lf var log lpd 1log Enable the printer daemon file etc Ipd sh and change the option ENABLE to YES 5 Allow clients to use the service Edit the file etc hosts lpd and include the host names that have permission to use the Cyclades ACS console server printers NOTE The Ipd needs to translate the IP address of the request message to the host name check your resolv conf file 6 Restart the processes by executing the commands runconf and daemon sh Appendices 145 7 Execute saveconf command to save the configuration in Flash 8 Check the Cyclades ACS console server configuration by entering the following command at your workstation f lpr P lp lt ACS IP address file that you want printer CAS port pool CAS port pooling allows you to access a free serial port from a pool in addition to the original feature where you could access a specific serial port When you access a serial port through the pool sniff session and multiple sessions features are not available This feature i
82. ated name for the zonelabel For example PST for Pacific Standard Time gmtoff lt hh mm gt GMT Offset This is the number of hours either ahead or behind Greenwich Mean Time GMT in hours For example PST the offset is 8 00 hours dst offlon Daylight Saving Time DST Set to on for custom daylight saving time settings to be active dstacronym DST acronym The abbreviated name used to describe the timezone when daylight saving time is in effect For example PDT for Pacific Daylight Time dstsave lt hh mm gt This is the amount of time that the clock moves forward or back at the beginning and end of daylight saving time for the target timezone dststartday see format in The day Jan Dec gt lt 1st 4th last gt lt Sun Sat gt that Description DST starts for the target timezone dststarttime lt hh mm gt The precise time of day hh mm that DST starts for the target timezone dstendday see format in The day Jan Dec gt lt 1st 4th last gt lt Sun Sat gt that Description DST ends for the target timezone dstendtime lt hh mm gt The precise time of day hh mm that DST ends for the target timezone Chapter 5 Administration 101 Table 5 10 Timezone Configuration Parameters Continued KEER NE EE COR Ee N EE NOMEN NIIS E REDE EE ee Parameter Parameter Level1 Level2 Value Description Standard 01h east GMT 14h east GMT GMT 01h west GMT
83. ation 31 NOTE Check the SNMP configuration before gathering information about the Cyclades ACS console server by SNMP There are different types of attacks an unauthorized user may implement to retrieve sensitive information contained in the MIB By default the SNMP configuration in the Cyclades ACS console server does not permit the public community to read SNMP information In order to configure SNMP v1 v2 enter the following command Refer to Table 2 16 for a list of parameters cli config network snmp vl v2 parameter value Table 2 16 SNMP v1 v2 Configuration Parameters Parameter Value Description syscontact string The email address of the Cyclades ACS console server administrator Syslocation string The physical location of the Cyclades ACS console server community string The group to which devices and management stations running SNMP belong oid string Object Identifier Each managed object has a unique identifier permission string Read Only access to the entire Management Information Base MIB except for SNMP configuration objects Read Write access to the entire MIB except for SNMP configuration objects Source string The host IP address To configure SNMP v1 v2 example 1 The following command configures SNMP v1 v2 with the following parameters i community avocent e OID 1 e permission ro read only e source allowed host 192 168 0 200 cli confi
84. ault password is tslinux NOTE It is strongly recommended to change the default password tslinux to a new password before configuring the Cyclades ACS console server for secure access 2 To change a password run the command root CAS root passwd New password 3 Launch the configuration wizard by entering the wiz command root CAS root wiz 4 The system displays a configuration wizard banner instructions for using the utility and the current configuration 5 Atthe prompt Set to defaults enter n to change the defaults 6 Continue through the configuration parameters until you are prompted to determine if the parameters are correct Are all these parameters correct y n n 7 Enter n to go back and change any configuration parameters 10 Cyclades ACS Advanced Console Server Command Reference Guide Or If you enter y you will be prompted to save your configuration after the following warning is displayed Note If you are NOT connected to this unit through a console and you have just reconfigured the IP of this unit activating the new configurations may cause you to lose connection In that case please reconnect to the unit by the new IP address and manually issue a saveconf to save your configurations to flash Do you want to activate your configurations now y n y 8 Activate and save your configuration when prompted to do so To confirm the configuration enter the ifconfig command The n
85. authtype local all protocol socket ssh Activate and save the configuration runconf saveconf Add a user with the same name as the principal in the Kerberos server adduser john Configure the krb5 conf file The etc krb5 conf file must be exactly the same as the one that is in the Kerberos server It is highly recommended to copy it directly from the server instead of editing it To copy using scp execute the following command scp root kerberos server cyclades com etc krb5 conf etc krb5 conf Extract the host that is in the Kerberos server database to the Cyclades ACS console server kadmin p admin admin Where the first admin is the service and the second admin is the user This prompts a Kerberos server menu To extract the configured hosts run the following commands in the kadmin menu kadmin ktadd host acs48 2 cyclades com kadmin q To list all configured hosts in the Kerberos server run the following command which displays all hosts added through the ktadd command in the Kerberos server f klist k Configure hostname and domain name hostname acs48 2 domainname cyclades com To access the Cyclades ACS console server through rlogin and Telnet In addition to performing the steps described in To configure the Cyclades ACS console server for SSH on page 54 make the following configuration changes 1 Configure the etc inetd conf file by uncommenting the following line lines KERBEROS SERV
86. ay be configured with the parameter accthost2 tacplussecret lt tacplussecret gt This is the shared secret password necessary for communication between the Cyclades ACS console server and the TACACS Servers tacplusraccess yes no This is raccess authorization on the TACACS server Should be enabled for authorization on serial ports tacplustimeout number This is the time out in seconds for a TACACS authentication query to be answered tacplusretries number Defines the number of times each TACACS server is tried before another is contacted The first server authhost1 is tried for the specified number of times before the second authhost2 if configured is contacted and tried for the specified number of times If the second server fails to respond TACACS authentication fails To configure a RADIUS authentication server 1 On the Radius server edit etc raddb users and add a new string attribute ATTRIBUTE Framed Filter Id similar to the following example groupuserl Auth Type Local Password xxxx Service Type Callback Framed User Callback Number 305 Framed Protocol PPP Framed Filter Id group_name lt Group1 gt lt Group2 gt lt GroupN gt Fall Through No If the Frame Filter Id already exists add the group_name to the string starting with a colon Chapter 3 Security 61 2 Onthe Cyclades ACS console server use the CLI utility to edit the parameters descri
87. be bank name A B C XY phase name X Y Z outlet number 1 2 Temperature temperature display reset Display temperature on an IPDU if the IPDU unit is lt IPDU ID gt equipped with a temperature sensor Reset the maximum detected temperature in a single or all IPDU appliances Humidity humidity display reset Display humidity or reset the maximum detected Avocent PM PDU and ServerTech lt IPDU ID gt humidity in a singe or all IPDU appliances Chapter 6 Power Management 123 Table 6 2 pmMenu and pmCommand Commands Continued Menu Item Command Syntax Description Voltage voltage display lt IPDU Display voltage in a single or all IPDU appliances ID gt Buzzer buzzer status on off Configure a buzzer to sound when a specified alarm Avocent PM PDU lt IPDU ID gt threshold has reached for a single or all IPDU and Cyclades appliances Options are Status On to activate or Off IPDU to deactivate Current Protection currentprotection Enable or disable current protection This option is to Avocent PM PDU status on off prevent the outlets from being turned on if the current and Cyclades lt IPDU ID gt on the IPDU exceeds the specified threshold IPDU Syslog syslog status on off Enable or disable syslogging and alarm notification Avocent PM PDU and Cyclades IPDU lt IPDU ID gt Version ver lt IPDU ID gt Display the software and hardware version of a
88. bed in the following table cli config security authentication parameter value Table 3 9 Radius Configuration Parameters Parameter Value Description radiusauthsvr1 n n n n This address indicates the location of the Radius authentication server A second Radius authentication server may be configured with the parameter radiusauthsvr2 radiusacctsvr1 n n n n This address indicates the location of the Radius accounting server which may be used to track how long users are connected after being authorized by the authentication server Its use is optional If this parameter is not used accounting is not be performed If the same server is used for authentication and accounting both parameters must be filled with the same address A second Radius accounting server may be configured with the parameter accthost2 radiussecret lt radiussecret gt This is the shared secret password necessary for communication between the Cyclades ACS console server and the Radius servers radiustimeout lt number gt This is the timeout in seconds for a Radius authentication query to be answered radiusretries lt number gt Defines the number of times each Radius server is tried before another is contacted The first server radiusauthhost1 is tried for the specified number of times before the second radiusauthhost2 if configured is contacted and tried for the specified number of times If the seco
89. ble describes each connection profile and supported protocols Table 4 1 Connection Profiles and Protocols Connection Supported Profile Protocol Description Console Access Telnet Configure when a serial port is connected to the console port of Server CAS SSH a server TelnetSSH Raw Terminal Server Telnet Configure when a terminal is connected to the console port of TS SSHv1 a server SSHv2 Local Terminal Raw Socket Bidirectional Telnet CAS Supports both CAS profile Telnet connection and TS profile menu Telnet Telnet TS shell Both connection protocols are supported on one port however connections can not be opened simultaneously Modem RAS PPP Configure when a modem is connected to a serial port PPP No Auth SLIP CSLIP Power Power Configure when a power management device is connected to a Management Management serial port 72 Cyclades ACS Advanced Console Server Command Reference Guide Serial ports general parameters To configure general parameters Execute the following command for one or multiple serial ports Refer to Table 4 2 for port configuration parameters cli config physicalports all or range list 1 4 general parameter value 2 Activate and save your configuration Table 4 2 Serial Port General Configuration Parameters Parameter Value Description alias server alias To name a server connected to the serial port datasize lt
90. ccess to the menu the user s default shell must be modified to run the bin menush In etc passwd the shell should be changed as per the following example user FrE6QU 505 505 Embedix User home user bin menush In pslave conf the port where the serial terminal is attached must be configured for login with local authentication s lt x gt protocol login s lt x gt authtype local Chapter 5 Administration 107 Where x is the port number being configured Activate and save the configuration changes runconf saveconf 108 Cyclades ACS Advanced Console Server Command Reference Guide To set up which servers the users may access 1 Enter the following command to set up a menu which is prompted when you connect from a dumb terminal Refer to Table 5 13 for configuration parameters cli config applications terminalmenu add parameter value 2 Activate and save your configuration Table 5 13 Terminal Profile Menu Configuration Parameters Parameter Value Description menutitle string Type a description for the menu title bar actionname action name Enter n identification for the command For example server name command string Enter a command such as telnet host ip NOTE You may open an SSH connection to the desired server To do so substitute telnet host ip with ssh l username host ip Terminal Appearance You may change the banner appearance when a connection is
91. certificate and replace the Cyclades ACS console server s generated certificate To generate a self signed certificate 1 Open the etc reg key file and update the user data with your organization specific data vi etc req key req default bits 1024 distinguished nam cyclades prompt no x509 extensions x509v3 cyclades C US ST CA L Fremont O Cyclades Corporation OU R amp D CN www cyclades com emailAddress support cyclades com x509v3 subjectKeyIdentifier hash authorityKeyIdentifier keyid always issuer always basicConstraints CA true nsComment This is just a TEST certificate nsCertType server sslCA Remove the files etc ca pem 3 Execute the following script bin firstkssl sh 4 Reboot the Cyclades ACS console server or restart WMI 68 Cyclades ACS Advanced Console Server Command Reference Guide X 509 certificate on SSH The OpenSSH software included with the Cyclades ACS console server has support for X 509 certificates The administrator must activate and configure SSH to use X 509 To configure X 509 certificate for SSH 1 Enter the following command to configure X 509 certificate See Table 3 12 for the list of parameters cli config security profile custom ssh ssh x509 parameter value Table 3 12 X 509 Certificate Parameters Parameter Value CA file path and filename of CA certificate hostkey path and
92. ces To check which physical interface is the primary and which is the failover look for the status NOARP The interface which has the NOARP status eth by default is the failover While eth is in active and standby mode eth0 is sending and receiving packets If you have IP filtering rules set before bonding is activated the interface reference in the firewall IP filtering is set to ethO Change the interface to bondO in order to reference the bonded interface For example there is a rule to drop the SSH packets to access the Cyclades ACS console server box with no bonding iptables A INPUT p tcp dport 22 i eth0 j REJECT If you activate bonding change the rule to reference the bonded interface iptables A INPUT p tcp dport 22 i bond0 j REJECT Hosts To configure hosts 1 Adda host name with IP address cli config network hosttable add hostip n n n n name hostname You may repeat this step as many times as necessary 2 Activate and save your configuration 34 Cyclades ACS Advanced Console Server Command Reference Guide TCP keepalive The objective of this feature is to allow the Cyclades ACS console server to recognize when the socket client SSH or Telnet goes down without closing the connection properly The TCP engine of the Cyclades ACS console server sends a TCP keepalive message ACK to the client If the maximum retry number is reached without an answer from the client the connection is closed To
93. d values are 9600 19200 38400 57600 115200 id line number Specifies the operating system entry line number in the operating systems section of the Boot ini file to which the operating system load options are added The first line after the operating systems section header is 1 p password Specifies the password of the user account that is specified in u port communications port Specifies the COM port to be used for redirection Do not use if remotely administered output is being disabled BIOSSET get BIOS settings to determine port COM1 COM2 COM3 COM4 s server Specifies the name or IP address of a remote server do not use backslashes The default is the local server u domain user Runs the command with the account permissions of the user specified by User or Domain User The default is the permissions of the current logged on user on the server issuing the command With the EMS service enabled in Windows configure the Cyclades ACS console server as console profile to manage the Windows 2003 server Windows sends xml tags in the following situations e During Windows installation it sends lt channel switch gt with the setup logs e During boot it sends the lt machine info gt information e When switching channels it sends the lt channel switch gt information e During system crash it sends the BP to indicate BreakPoint The machine info tag is emitted o
94. de Setup Debug Log channel tag follows lt channel switch gt lt name gt setuplog txt lt name gt lt description gt Setup tracing log lt description gt lt type gt Raw lt type gt lt guid gt 6 28e904 1298 11d7 b54e 806e6f 6e6963 lt guid gt lt application type gt 5ed3bac7 a2f9 4e45 9875 b25 9ea3f 291f lt application type gt lt channel switch gt 136 Cyclades ACS Advanced Console Server Command Reference Guide The BP tag is emitted when the Windows server system halts such that only elements of the kernel are the most recently operating logic Table A 4 BP Tags Description Element Description INSTANCE CLASSNAME ls the type of break point Currently there is only one type emitted such as Blue Screen which indicates the system was halted prematurely It is represented by the CLASSNAME BLUESCREEN value lt machine info gt Described previously lt PROPERTY NAME gt Provides additional details such as error code of the abnormal condition that caused the break point A sample encoding of the Break Point tag follows lt xml gt lt BP gt lt INSTANCE CLASSNAME BLUESCREEN gt lt PROPERTY NAME STOPCODE TYPE string gt lt VALUE gt 0xE2 lt VALUE gt lt PROPERTY gt lt machine info gt name NTHEAD 800I 1 name guid 00000000 0000 0000 0000 000000000000 guid processor architecture x86 processor architecture os version 5 2 os version
95. e already X delete chain Delete the specified user defined chain There must be no references to the chain If there are you must delete or replace the referring rules before the chain may be deleted If no argument is given it attempts to delete every non built in chain in the table Chapter 2 Network Configuration 37 Table 2 18 iptables Commands Options Continued HE EE EE EN N EEE N EE N RC NU GE ENE NE EE OE EE DERE ui e iL LLL Command Description P policy Set the policy for the chain to the given target Only non user defined chains may have policies and neither built in nor user defined chains may be policy targets E rename chain Rename the user specified chain to the user supplied name This is cosmetic and has no effect on the structure of the table h help Help Gives a very brief description of the command syntax Rule specification The following parameters define a rule specification as used in the add delete insert replace and append commands Table 2 19 iptables Rules Specifications Parameter Description p protocol protocol The protocol of the rule or of the packet to check The specified protocol may be one of TCP UDP ICMP ICMPv6 for IPv6 configurations ESP IPv6 only all or it may be a numeric value representing one of these protocols or a different one A protocol name from etc protocols is also allowed A argument before the protocol inverts the
96. e configured server if the defined string appears add Snmptrap gt body string community string oid lt string gt server lt string gt cancel trapnum 0 6 authfailure coldstar egpneighborloss enterprisespecific linkdown linkup warmstart alarm yes no Activate or deactivate the alarm feature If you don t enable it syslog messages won t be generated when there is incoming data from the ports delete Delete any previously configured string edit Edit any previously configured string To configure notifications The following example demonstrates configuring the Cyclades ACS console server to send an email every time the root user logs into a server connected to a serial port The trigger string is configured as root login The server connected to the Cyclades ACS console server must be properly configured to send Syslog messages Enable alarm notification otherwise messages received through the serial ports are ignored cli config administration notifications alarm yes 2 Adda trigger string cli config administration notifications addemail root login 3 Configure the email notification parameters and SMTP server and port id add Email body Testing configuration add Email gt from ACSConsoleServer add Email gt to someone yourdomain com add Email gt smtpserver 200 200 200 2 Chapter 5 Administration 99 add Email smtpport 25 add Email gt subject Testing Config 4 Activate and
97. e defined sensor to zero Sensors Unit sensors unit lt IPDU ID gt lt unit gt Display or set the unit Celsius or Fahrenheit for the temperature sensor Sensors sensors threshold lt IPDU Display or set the environment monitoring thresholds Threshold ID sensor name high For set all arguments are required critical high warn low warn low critical pmCommand Alternatively you can use the pmCommand to manage IPDU appliances Refer to Table 6 2 for command syntax and arguments Usage pmCommand command lt arguments gt To manage IPDU appliances through pmCommand 1 Enter the following command at the shell prompt to invoke the power management command utility pmCommand 2 At the pmCommand prompt type help to see a list of commands along with a description or type menu to invoke the menu driven interface 3 Alternatively if you know the specific command and argument enter it with the following format pmCommand command arguments 126 Cyclades ACS Advanced Console Server Command Reference Guide To manage power through the Cyclades ACS console server 1 From the Cyclades ACS console server open a Telnet or SSH session to the serial port where your server is connected 2 Access the IPDU by entering the preconfigured hotkey The default is p a If you have permission to access the server outlet s the IPDU appliance menu appears Table 6 3 desc
98. e packet through DROP means to drop the packet on the floor QUEUE means to pass the packet to userspace if supported by the kernel RETURN means stop traversing this chain and resume at the next rule in the previous calling chain If the end of a built in chain is reached or a rule in a built in chain with target RETURN is matched the target specified by the chain policy determines the fate of the packet i in interface name Optional name of an interface via which a packet is received for packets entering the INPUT and FORWARD chains When the argument is used before the interface name the sense is inverted If the interface name ends in a plus then any interface which begins with this name matches If this option is omitted the string plus is assumed which matches with any interface name 0 out interface name Optional name of an interface via which a packet is going to be sent for packets entering the FORWARD and OUTPUT chains When the argument is used before the interface name the sense is inverted If the interface name ends in a plus then any interface which begins with this name matches If this option is omitted the string plus is assumed which matches with any interface name f fragment This means that the rule only refers to second and further fragments of fragmented packets Since there is no way to tell the source or destination ports of such a packet or ICMP
99. e that specifies frequency of execution and the name of shell script It should be set using the traditional crontab file format Example active root etc tst cron src NOTE In etc crontab files you may only have one active entry per user For instance from the earlier example you cannot add another active entry for root because it already has an entry If you want to add more scripts you may just add them to the source file for example etc tst cron src Chapter 5 Administration 113 The etc crontab files file may point to any desired file that calls the scripts to be run The Cyclades ACS console server has example file for it etc tst cron src The file that is pointed out in the etc crontab files file must follow the following structure PATH usr bin bin SHELL bin sh HOME 0 59 etc tst_cron sh This file is called etc tst_cron src It can have any name but it follows structure showed previously The fourth line of the example file follows this structure minutes hours month day month week day and command It is possible to specify different tasks to run on different dates and times Each command must be on separated lines See Crontab syntax Crontab syntax A crontab task consists of four date time fields and a command field Every minute cron checks all crontabs for a match between the current date time and their tasks If there s a match the command is executed The system crontab has an additio
100. e user configuration 2 Define to which group or groups the user belong user username global cleartext lt password gt service raccess group name lt Groupl gt lt Group2 GroupN gt To configure user permission on the TACACS server 1 On the TACACS server open the file etc tacacs tac plus cfg NOTE The location of this configuration file may be different on your Linux distribution Chapter 3 Security 59 2 Edit the parameters as per the following example Refer to Table 3 7 for descriptions user tomj name Tom Jones service raccess portl LAB2 ttyS2 port2 192 168 0 1 ttyS1 port3 CAS ttyS1 port4 172 32 20 10 ttyS6 port5 LAB1 ttyS7 port6 Knuth ttyS16 Table 3 7 Parameters for Specifying User Authorization on a TACACS Server Parameter Description user username Defines the username as specified on the Cyclades ACS console server name optional description To specify additional information about the user optional This parameter must include quotes The maximum number of characters allowed is 256 Adding more than 256 characters stops the server from restarting and produces a FAILED message at the time of authorization service authorization method Specifies the authorization method used and whether the user is allowed or denied access when the raccess parameter is set on the Cyclades ACS console serv
101. ed blocked logged or jumped to a user defined chain For the nat table the packet may also have its source IP address and source port altered for the POSTROUTING chain or have the destination IP address and destination port altered for the PREROUTING and OUTPUT chain When a chain is analyzed the rules of this chain are reviewed one by one until the packet matches one rule If no rule is found the default action for that chain is taken Configuring IP tables IPv4 Syntax iptables command chain rule specification t table options f iptables E old chain name new chain name where e table May be filter or nat If the option t is not specified the filter table is assumed e chain For filter table INPUT OUTPUT FORWARD or a user created chain e for nat table PREROUTING OUTPUT POSTROUTING or a user created chain 36 Cyclades ACS Advanced Console Server Command Reference Guide IPv6 Syntax ip6tables command chain rule specification t table options f ip6tables E old chain name new chain name where e table May only be a filter table The option t does not need to be specified e chain INPUT OUTPUT FORWARD or a user created chain NOTE Fragmented packets cannot be filtered in IPv6 configurations Command Only one command may be specified on the command line unless otherwise specified in Table 2 18 Table 2 18 iptables Commands Options Command Description A append Append one
102. ed to the serial port buffersyslogonlynose nolyes Only syslog is buffered ssion desttype local remote Define the data buffering location filesize file size in bytes Defines the maximum size of the data buffer file This parameter must be greater than zero otherwise all parameters relating to data buffering are disregarded mode cir lin Choose between circular or linear data buffering nfspath lt pathname gt Define the NFS path Chapter 5 Administration 105 Table 5 12 Data Buffering Configuration Parameters Continued VEER ENE NEE ON UNE N N N WE CNN GSC E Ee N ER DE EE ENE A Parameter Value Description showmenu file fileanderase no Control the DB menu options noerase yes Syslogserver n n n n Defines the IP address of the Syslog server Syslogsize record length in Maximum size of syslog data buffer message bytes 40 255 gt syslogfacility local0 local7 Defines the facility number for messages generated by the Cyclades ACS console server to be sent to the Syslog server timestamp nolyes Choose YES to enable timestamp and NO to disable it Menu Shell This application allows you to customize a menu presented to users when they connect to the Cyclades ACS console server from a terminal The menu may be configured to allow users to connect to different servers on the local network When the menu shell is configured you may connect to the Cyclades ACS console server u
103. em PC card example on page 19 To configure a GSM PC card example on page 20 To configure a CDMA PC card example on page 21 Shadow Passwords The Cyclades ACS console server has support for shadow passwords which enhances the security of the system authentication files Shadow Passwords are enabled by default If you are upgrading from release 2 3 0 2 or earlier a previous configuration is detected and the translation from etc passwd to etc shadow happens automatically Digital Certificates Certificate for HTTP security The following procedure enables you to obtain a Signed Digital Certificate A certificate for the HTTP security is created by a Certification Authority CA Certificates are most commonly obtained through generating public and private keys using a public key algorithm like RSA or X 509 The keys may be generated by using a key generator software To obtain a signed digital certificate 1 Enter the OpenSSL command Key generation may be done using the OpenSSL package using the following command 66 Cyclades ACS Advanced Console Server Command Reference Guide openssl req new nodes keyout private key out public csr The Certificate Signing Request CSR generated by the command contains some personal or corporate information and its public key Table 3 11 Required Information for the OpenSSL Package Parameter Description Country Name 2 letter code The country code consisting o
104. en is successful and the examples of values that may replace the macros Table A 5 f windows boot Macros Macro Description Value to replace macro INSTANCE Reason for the break point Currently there is BLUESCREEN CLASSNAME gt only one type BLUESCREEN lt PROPERTY NAME gt Additional details about break point STOPCODE lt VALUE gt Additional details about break point OxE2 lt name gt Machine name MY_WIN_SERVER lt guid gt GUID that uniquely identifies this server If 4c4c4544 8e00 4410 8045 no such value is available all 0 s GUID 80c04f4c4c20 string is used lt processor architecture gt Processor architecture It may be either x86 x86 or IA64 lt os version gt Windows version 5 2 lt os product gt Which Windows Server product It may be Windows Server 2003 Windows Server 2003 Datacenter Edition Windows Server 2003 Embedded Windows Server 2003 Enterprise Edition or Windows Server 2003 lt os service pack gt Alphanumeric string that identifies the most None up to date service pack installed If none installed the string is None lt tty gt Cyclades ACS console server serial port tty S1 ttyS1 or alias name 138 Cyclades ACS Advanced Console Server Command Reference Guide For the f windows boot the following macros are available Table A 6 f windows boot Available Macros Macro Description Value to replace macro lt name gt Machine name
105. ends it back to the user The login program or kinit decrypts the TGT using the user s key which is computed from the user s password The TGT which is set to expire after a certain period of time is stored in the credentials cache An expiration time is set so that a compromised TGT may only be used for a certain period of time usually eight hours unlike a compromised password which could be used until changed The user does not have to re enter the password until the TGT expires or a new session is started When the user needs access to a network service the client uses the TGT to request a ticket for the service from the Ticket Granting Service TGS which runs on the KDC The TGS issues a ticket for the desired service which is used to authenticate the user Configuring the Cyclades ACS console server to use Kerberos tickets authentication The following procedure describes the Cyclades ACS console server s configuration assuming that the kerberos server with ticket support is properly configured with the following parameters e Principal john e Host acs48 cyclades com To configure the Cyclades ACS console server for SSH 1 Configure and start an NTP server Configuration must be synchronized with an NTP server To configure an NTP server see To configure an NTP server on page 101 Chapter 3 Security 55 Configure authentication type and protocol in the etc portslave pslave conf file with the following parameters all
106. enu Parameters Parameter Description u user Invokes ts menu as the user named by user This requires a password to be entered The user have access only to the authorized serial ports Le Generates a list of ports to which a user has access Port aliases are shown if defined For remote ports clusters if port alias is not defined they are shown as ip_addr port ip_addr referring to the slave Cyclades ACS console server The default displays ports in alphabetical order but if c flag is specified the listing is sorted by console server master unit showing first ro Invokes ts_menu in read only mode You may connect to any port to which you have access in read only mode s Invokes ts_menu in a way that all ports including slave are presented in a single list sorted in alphabetical order auth For backward compatibility This option makes the new ts menu implementation behave as the old one so that authentication is performed again to access each port console If issued produces a direct connection to that port If you have no access rights to the port port or if the port does not exist the application returns a console not found message and terminates The console port may be the port alias or the port number If you are trying to access a clustered port the port number must include a reference to the slave Cyclades ACS console server as host port Host is the slave hostname or IP
107. er Only users who have this parameter set to raccess have authorization to access the specified ports port lt gt lt ACS gt lt Port gt Specify which serial ports on the Cyclades ACS console server the user has authorization to access port is a sequential label used by the Cyclades ACS console server ACS is the name or IP address of the Cyclades ACS console server box lt Port gt is the serial port the user may access on the specified Cyclades ACS console server 3 On the Cyclades ACS console server use the CLI utility to edit the parameters described in the following table 60 Cyclades ACS Advanced Console Server Command Reference Guide cli config security authentication parameter value Table 3 8 TACACS Configuration Parameters Parameter Value Description tacplusauthsvr1 n n n n This address indicates the location of the TACACS authentication server A second TACACS authentication server may be configured with the parameter tacplusauthsvr2 tacplusacctsvri n n n n This address indicates the location of the TACACS accounting server which may be used to track how long users are connected after being authorized by the authentication Server Its use is optional If this parameter is not used accounting is not performed If the same server is used for authentication and accounting both parameters must be filled with the same address A second TACACS accounting server m
108. er permission to access an IPDU appliance enable pmusers all or list of users separated by commas Define the hotkey used to open the IPDU menu The format is Ctrl plus a character The default is i enable pmkey i Activate and save your configuration cli config runconfig cli config savetoflash IPDU Configuration and Management Power management utility The power management utility may be used to manage power on servers plugged into one or more outlets on an IPDU appliance The power management utility may be invoked by one of the following commands pmMenu You are presented with a menu driven interface to select the desired command pmCommand You may enter commands at the pmCommand prompt using the appropriate command arguments 120 Cyclades ACS Advanced Console Server Command Reference Guide IPDU identification When configuring and assigning names to IPDU appliances it is important to consider the following information e An IPDU appliance should have a unique name referred to as an IPDU ID e Ifthe IPDU ID is not defined or is duplicated the Cyclades ACS console server assigns a default name to an IPDU appliance e Once the IPDU ID is saved the Cyclades ACS console server identifies the IPDU appliance regardless of the serial port it is connected to or its position in the cluster To rename or assign a name to an IPDU 1 From the command prompt execute the pmCommand pmCommand T
109. es Continued BEE EE EEN EN NE N EE EE SSS Parameter Level1 Parameter Level2 Value Description secdnsserver IPv6 address prefix length Secondary DNS Server IPv4 or IPv6 primipaddress nnn nnn nnn nnn Primary IP address IPv4 specific secipaddress nnn nnn nnn nnn Secondary IP address IPv4 specific primsubnetmask nnn nnn nnn nnn Primary subnet mask IPv4 specific secsubnetmask nnn nnn nnn nnn Secondary subnet mask IPv4 specific Security Profiles A security advisory appears the first time the Cyclades ACS console server is turned on or when the unit is reset to factory default parameters Once you have configured the basic network settings a security profile must be selected in order to proceed to further configuration procedures Table 2 4 describes the protocols and services available for each security profile Table 2 4 Security Profiles Security profile Description Secured Predefined security profile All protocols and services are disabled except SSHv2 HTTPs and SSH to Serial Ports Moderate Predefined security profile Enables SSHv1 SSHv2 HTTP HTTPs Telnet SSH and Raw Default connections to serial ports ICMP and HTTP redirection to HTTPs Open Predefined security profile Enables all services Telnet SSHv1 SSHv2 HTTP HTTPS SNMP RPC ICMP and Telnet SSH and Raw connections to Serial Ports Custom Administrator may confi
110. es on UDP port 514 source s udp udp ip 0 0 0 0 port 514 e Listen to messages from a client at IP address 10 0 0 1 on UDP port 999 source s udp 10 1 udp ip 10 0 0 1 port 999 3 Define Filters filter identifier expression where identifier Uniquely identifies a given filter e expression Builds a boolean expression using internal functions Table 5 4 Filters Parameters Syslog ng Configuration Option Description facility Selects messages based on their facility code facility code level level code or priority Selects messages based on their priority level code program lt string gt Tries to match the lt string gt to the program name field of the log message host lt string gt Tries to match the lt string gt to the hostname field of the log message match lt string gt Tries to match the lt string gt to the message itself The following are examples of how to define filters e To filter by facility filter f facilty facility facility name Examples filter f daemon 1 facility daemon Jj filter f kern facility kern filter f debug not facility auth authpriv news mail 90 Cyclades ACS Advanced Console Server Command Reference Guide e To filter by level filter f level level lt level name Examples filter f messages level info warn filter f emergency level emerg filter f a
111. esee SA ee Ge ee ee ee ee ee Ge Ge ee 92 Table 5 8 System Notifications Parameters eee Se See Se ee Ge ee ee Ge RA GR SA GR ee 97 Table 5 9 Date and Time Configuration Parameters eere 100 Table 5 10 Timezone Configuration Parameters esee eene enne 100 Table 5 11 Session Sniffing Parameters sesse se se ee eren nennen trennen 103 Table 5 12 Data Buffering Configuration Parameters eese nennen 104 Table 5 13 Terminal Profile Menu Configuration Parameters eese 108 Table 5 14 Saveconf Utility and Storage Device Parameters sene 110 Table 5 15 Restoreconf Utility and Storage Device Parameters esee Ill Table 5 16 Example of Using the Clustering Feature Descriptions iese se ses se Se Se se ee ei 114 Table 5 17 Clustering Configuration Parameters eese nennen 115 Table 6 1 PM IPDU and ACS Console Server Integration Descriptions eese 118 Table 6 2 pmMenu and pmCommand Commuands eese enne 121 Table 6 3 IPDU Appliance Command Menu eese eee ener rennen 126 Table 6 4 pmfwupgrade Application Parameters eese eene eee 128 xii Cyclades ACS Advanced Console Server Command Reference Guide Table A 1 EMS Configuration Parameters and Switches esee 131 T ble A 2 Machine Info Tags coo go epe et mU robe tUe 132 Table A 3 Elements in the c
112. ess file Open the etc chatscripts wireless file for editing 2 Remove the pound signs next to one of the Telco definitions Modify the commands to initiate the contact with your GSM CDMA wireless service provider and to dial the correct number 4 Save the changes and close the file To configure the etc pcmcia serial opts file Open the etc pcmcia serial opts file for editing 2 If the GSM card needs a PIN uncomment the following line and replace 1111 with the PIN INITCHAT d d d d d datz OK at tcpin 1111 OK 3 Comment out the following line to inactivate mgetty on the specified port The port is directly controlled by the pppd application INITTAB sbin mgetty 4 Save the changes and close the file Chapter 2 Network Configuration 29 To configure dial out automatic restart 1 Enable the default feature in the etc daemon d gendial sh file to automatically restart the dial out function after a reboot Execute the saveconf command to save the gendial sh file Activate dial out by restarting the GDF daemon daemon sh restart GDF A message similar to the following displays confirming the GDF daemon restart Sep 23 18 06 10 src_dev_log CAS showlogmsg bin daemon sh CONFIG Network daemon generic dial started To configure a static route for dial out Open the etc network st routes file and add the desired static routes to the file Save the changes and close the file Activate
113. et te iet lor ee etel re e ee eb 118 IPDU Configuration and Management esses eerte trennen enne 119 Power management utility eese eee eee ennt enne Ge Se ee ee ee ee 119 vi Cyclades ACS Advanced Console Server Command Reference Guide IPDU identification s on t RO een i eie tap 120 EN ER OE EE EE N ER EE EE 121 pmGCommarid OR ES e RE UR de aeta EN 125 IPDU password oc 2s ned EE EE hes eed tete tend eite Rete e pat 127 IPDU ai MT EE EE EE OR tet etr EE HA 128 SNMP PEOXY 5 ER EE EE KO OE N alee T 129 Appendices EA oreet en De Ee vas ee Ge ei EL ER 131 Appendix A Additional Features and Applications ee se se ee Ge Ge Ge GR SR Re ee ee 131 Appendix B Upgrades and Troubleshooting eene 150 Appendix C Linux File Structure asia ied AR d e iive e iden 158 Appendix D The vi Editor iue RE EE EE OE br ND 160 Appendix E Technical Support eese eese tentent enne nente nete ennt entrent 162 vii DIU Figure 4 1 Example of CAS Configuration with Local Authentication ees 78 Figure 4 2 Example of CAS Configuration with Local and Remote Authentication 79 Figure 4 3 Example of TS Configuration Profile eese 1 Figure 4 4 Example of Dial in Access Profile eise sesse ee se ee ee Ge eterne nennen 83 Figure 5 1 An Example on Using the Clustering Feature eese 114 Figure 6 1 IPDU and
114. ew network settings will be displayed IPv4 and IPv6 addressing NOTE All the following configuration parameters are available in the wizard wiz CAUTION If you are accessing the CLI through a network connection instead of the through a console port you risk losing network access and control of the Cyclades ACS console server when you change the IP mode or the IP address Be sure to keep track of the new IP address before activating the new configuration so you can reconnect By default IPv4 and IPv6 network addressing will be enabled The Cyclades ACS advanced console server allows the following network addressing configurations e Pv4 only e IPv6only e Dual Stack IPv4 and IPv6 Disabling IPv4 If you disable IPv4 configuration of IPv4 addresses will not be allowed A warning message will display advising you that services not supporting IPv6 will be unavailable The IPv4 tab will be disabled Disabling Enabling IPv6 If you disable IPv6 configuration of IPv6 addresses will not be allowed and the IPv6 tab will be disabled If you change IPv6 from disabled to enabled a warning message will display advising you that some services not supporting IPv6 will be unavailable You will have to configure those services supporting IPv6 for proper operation Chapter 2 Network Configuration 11 NOTE If services not supporting IPv6 are needed select Dual Stack IPv4 and IPv6 and those services will be available for IPv4 IPv4
115. f the cursor is shifted right o Creates a new line below the current line and insert text all lines are shifted down dd Removes the entire current line X Deletes the letter at the cursor position Appendices 161 Once you have completed your file modification enter the line mode by typing colon and one of the following commands Table D 4 vi Line Mode Commands Command Description w Saves the file w is for write wq Saves and closes the file q is for quit q Closes the file without saving w file Saves the file with the name lt file gt e file Opens the file named lt file gt 162 Cyclades ACS Advanced Console Server Command Reference Guide Appendix E Technical Support Our Technical Support staff is ready to assist you with any installation or operating issues you encounter with your Avocent product If an issue should develop follow the steps below for the fastest possible service To resolve an issue 1 Check the pertinent section of this manual to see if the issue can be resolved by following the procedures outlined 2 Visit www avocent com support and use one of the following resources Search the knowledge base or use the online service request Or Select Technical Support Contacts to find the Avocent Technical Support location nearest you 2 Avocent The Power of Being There o For Technical Support www avocent com support 590 664 501E
116. f two letters State or Province Name full name Provide the full name not the code of the state Locality Name Enter the name of your city Organization Name Organization for which you are obtaining the certificate Organizational Unit Name Department or section where you work Common Name Name of the server where the certificate should be installed Email Address Your email address or the administrator s email address 2 Submitthe CSR to CA for approval This service may be requested by accessing the CA s web site Visit pki page org for a list of CAs 3 Once approved CA sends the certificate file to the originator The certificate is stored on a directory server The following procedures describe the certificate installation process To install the certificate on the web server Log in to the Cyclades ACS console server 2 Create the etc CA server pem file by combining the certificate with the private key cat Cert cer private key gt etc CA server pem 3 Copy the certificate to the etc CA cert pem file cp Cert cer etc CA cert pem 4 Save the configuration in Flash t saveconf 5 Reboot the Cyclades ACS console server for the certificate to take effect User configured digital certificate The Cyclades ACS console server generates its own self signed OpenSSL It is highly recommended that you use the openssl Chapter 3 Security 67 SSL certificate for HTTPs using tool to generate a self signed
117. file Table 4 13 Example of Dial in Access Profile Descriptions Item Description Item Description 1 Dial up Management Station 5 Ethernet CAT 5 Cable 2 Modem 6 Ethernet Hub or Switch 3 Cyclades ACS Console Server 7 Ethernet Router 4 Power Cable 8 Remote Servers 84 Cyclades ACS Advanced Console Server Command Reference Guide 85 Administration Process Monitoring The command w displays information about the currently logged in users and their processes It calls two commands w ori and w cas The w ori is the new name of the original command w and the w cas displays the CAS session s information The header of w ori displays the current time how long the system has been running how many users are currently logged on excluding the CAS users and the system load averages for the past one five and fifteen minutes The following entries are displayed for each user excluding the CAS users Login name The tty name The remote host Login time Idle time JCPU time It is the time used by all processes attached to the tty PCPU time It is the time used by the current process named in the what field The command line of the user s current process The header of w cas displays how many CAS users are currently logged on The following entries are displayed for each CAS user Login name The tty name The remote host and remote port Login time The process ID The command line of the
118. filename of hostkeys gt authorizedkeys path and filename of authorized keys 2 Activate and save your configuration The following is an example on how to configure X 509 certificate ssh x509 cp CA file etc ssh ca bundle crt ssh x509 cp hostkey etc ssh hostkey ssh x509 cp authorizedkeys etc ssh authorized keys ssh x509 chmod 600 etc ssh authorized keys ssh x509 chmod 755 cli config runconfig cli config savetoflash NOTE X 509 certificate for SSH may also be configured by executing the following script at the command prompt 4 ssh act x509 To connect to the Cyclades ACS console server and serial ports using SSH X 509 certificate Configure X 509 certificate for SSH Configure the client you need to access with X 509 certificate 3 Copy the certificate files to the Cyclades ACS console server See Certificate for HTIP security if needed To verify that the file was copied run the following command at the prompt root acs48 root ls 1 etc ssh ca ca bundle crt root acs48 root ls 1 etc ssh hostkey Chapter 3 Security 69 4 Configure the serial ports for socket ssh protocol and assign the IP address of the connected device 70 Cyclades ACS Advanced Console Server Command Reference Guide 71 Accessing Connected Devices This chapter describes set up and configuration parameters for accessing serial ports and connected devices Connection Profiles and Protocols The following ta
119. g network snmp vl1v2 add community avocent oid 1 permission ro source 192 168 0 200 2 Runthe following commands to activate and save the configuration In order to configure SNMP v3 enter the following command Refer to Table 2 17 for a list of parameters cli config network snmp v3 parameter value 32 Cyclades ACS Advanced Console Server Command Reference Guide Table 2 17 SNMP v3 Parameters Parameter Value Description Syscontact string The email address of the Cyclades ACS console server administrator Syslocation string The physical location of the Cyclades ACS console server oid string Object Identifier Each managed object has a unique identifier password string User password permission string Read Only access to the entire Management Information Base MIB except for SNMP configuration objects Read Write access to the entire MIB except for SNMP configuration objects username string User name To configure SNMP v3 example 1 The following command configures SNMP v3 with the following parameters e username john e password john1234 e OID 1 e permission ro read only NOTE The SNMP v3 password may be a maximum of 30 characters cli config network snmp v3 add username john password john1234 oid 1 permission ro 2 Activate and save your configuration Bonding The Cyclades ACS console server provides failover Ethernet bonding using
120. gure individual protocols and services and configure access to serial ports To select a predefined security profile Configure a predefined security profile by entering the following string at the CLI prompt cli config security profile secured moderate open To configure a custom security profile 1 Navigate to the custom menu cli config security profile custom 16 Cyclades ACS Advanced Console Server Command Reference Guide 2 Enable or disable desired protocols or services Refer to Table 2 5 for the list of parameters and values custom parameter value 3 Activate and save your configuration Table 2 5 Custom Security Profile Parameters Parameter Level1 Parameter Level2 Parameter Level3 Value ftp yes no icmp yes no ipsec yes no ports auth2 yes no bidirect yes no raw2sport yes no ssh2sport yes no telnet2sport yes no rpc yes no snmp yes no ssh gt root_access yes no ssh_x509 gt CA file hostkey path and filename of CA certificate authorizedkeys path and filename of authorized keys sshd port number sshv1 yes no sshv2 yes no telnet yes no web gt http yes no http2https yes no http_port lt number gt https yes no https_port lt number gt Enable serial ports By default the Cyclades ACS console server is configured with all serial ports disabled To enable serial ports Enable single or multiple serial ports cli config physicalport
121. hannel switch Tag eene 134 Table A 4 BP Tags Description eese eere GR nennen nennen ee Ge ee enne 136 Table A 5 f windows boot Matos ise pter eei dade Rede ee RR 137 Table A 6 f windows boot Available Macros cessere enne nennen 138 Table 7 Server Commands teo eet aS eter rere ae od rte 139 Table A 8 ipmitool Options aee eee diee te e NE ieu 141 Table A 9 IPMI Commands ie ee e tee seven ERE EE RE USERS 142 Table A 10 IPMI CLI Configuration Parameters eese eene ener 143 Table B 1 CPU LED Code Interpretation eese ener reete 153 Table B 2 CLI Boot Configuration Parameters se se se Ge se ee ee ee eene eene 155 Table B 3 CLI Session Management Parameters eese eene enne eene eene 156 Table B 4 Backup Configuration Parameters eese nennen een enne 156 Table C 1 Linux Directory Structure eese eee eese entente enne enne nennen enne Re ee 158 Table C 2 File Manipulation Commands eese tenente ener nennen 158 Table DAs Vi EG ES i t ote IUE ER OE NEN N ODE 160 Table D 2 vi Navigation Commands osiensa nes eterne eerte eene en 160 Table D 3 vi File Modification Commands eese 160 Table D 4 vi Line Mode Commands se se see ee ee ee ee ee eene nenne hehehe eene nnn e ese sese enean erri 161 Using the Command Line Interface Overview The Cyclades
122. he gateway address is IPV6 link local range identified by the first 10 bits equal to 1111111010 then the interface id is required config network stroutes add default gateway gateway IP address interface interface ID Activate and save your configuration cli config runconfig cli config savetoflash Host settings To configure host settings 1 Enter the following string at the CLI prompt Refer to Table 2 3 for host settings parameters and values cli config network hostsettings parameter value 2 Activate and save your configuration Table 2 3 Host Settings Parameters and Values Parameter Level1 Parameter Level2 Value Description banner console banner Banner for the user shell bonding Redundancy for the ethernet interface miimon number The interval in which the active interface is checked to see if it is still updelay number communicating in milliseconds The time the system waits to make the primary interface active after it has been detected as up in milliseconds dhcp yes no Enable or disable DHCP domain domain name gt Domain name hostname string Cyclades ACS console server name mtu lt number 200 1500 gt Maximum Transmission Unit used by the TCP protocol primdnsserver lt IPv6_address gt lt prefix_length gt Primary DNS Server IPv4 or IPv6 Chapter 2 Network Configuration 15 Table 2 3 Host Settings Parameters and Valu
123. here the remote socket connection is to be made is 200 246 93 87 The port number is defined as 7001 An appl retry definition is added that changes the number of retries from the default of 5 to 7 etc generic dial conf begin dial out testApp inPort name InPort inPort device dev ttyS1 outPort name OutPort outPort pppcall wireless outPort remote ip 200 246 93 87 outPort remote port 7001 appl retry T end dial out To configure the etc generic dial out conf file 1 Configure the desired port with generic dial protocol in etc portslave pslave conf s lt N gt protocol generic dial 2 To enable dial out for the selected port configure the file etc generic dial conf with the parameters described in Table 2 14 3 Configure the PPP options pppd in etc ppp peers lt name gt where lt name gt is the same as the filename variable specified in the outPort pppcall filename parameter in etc generic dial conf 26 Cyclades ACS Advanced Console Server Command Reference Guide To configure the etc ppp peers file The default file in etc ppp peers is called wireless The wireless file reads a script from the etc chatscripts wireless file 1 Open the etc ppp peers wireless file for editing 2 Enter the device name for the port The following example displays dev ttyM1 entered as the device name for PC card slot 1 3 Enter the user name after the user keyword Save the changes and close the file Chapter
124. hows the available options Table 3 10 OTP Database Location Options Location Notes Local Locally on the Cyclades ACS console server Flash memory PCMCIA A Compact Flash PC card must be installed and configured NFS host path host DNS name or IP address of the NFS server path Directory shared by the NFS server 4 Enable OTP By default OTP is disabled 5 The OTP database is mounted once you enable OTP Proceed to the following section to register users and generate OTP passwords To register users for OTP The following procedures should be performed for each user who requires OTP authentication The following example demonstrates how to add and register a new user to the Cyclades ACS console server 1 Log in locally through the Cyclades ACS console server port as root or use ssh to log in remotely 2 Execute the adduser command If a user account exists in the Cyclades ACS console server skip this step and proceed to step 3 to register the user for OTP adduser username New password users passwd Re enter new password users passwd 3 Execute the opiepasswd command to register a user and generate a default OPIE key This command initializes the system information to allow using OPIE login NOTE You may use the c option console mode if you have secure access to the Cyclades ACS console server Running OPIE commands through an unsecured connection may reveal your password and compromise security
125. ication 54 Kerberos server authentication eee esee eene eee 56 EDAP Authentication e ed UR e OE ep ie Eee e eet geb eg de Ese 57 Group Authorizationi ede ea ted et deter ta n ee iens 58 TACACS authorization on serial ports se see se ee eerte nennen 58 One Time Password OTP Authentication eese sees sees eee AA Re ee entente nnns 62 OTP authentication configuration tasks ese se ee ee ee ee ee Ge eere nennen nennen nee 62 Shadow ES ORE RO RE HERE EE EE OE ER DeC 65 Digital ES IR EE EE EE ER EE N nv Hd 65 Certificate for HTTP security ais eet EE EE EE 65 User configured digital certificate eee eene ener enne 67 X 309 certificate OM SSH set ER REESE 68 Table of Contents v Chapter 4 Accessing Connected Devices EER ARK RAAR ER EER AR RE Ge REK Ke ee Ka 71 Connection Profiles and Protocols eese Ge ee Ge opea Ge Ge ee ee ee ee ee 71 Serial ports general parameters diete OE N 72 Accessing serial ports using ts menu eerte ee Se ee Se ee k Ge Ge RA GR ee 74 REDE STADE uid RO EE EE EE e tene GER 77 Configuration examples iiie eg eed Ge VER Dey ee Rose deeg Ge ere e Eed ee Re eg Ge Pe 78 Chapter 5 Administration cccsecceeseceesseeeeneeeeesecaeenseeeeeeesseneeeeeeeeeseseaeeenseeseseeeeensees 85 PrOGOSS MONUOTANG m 65 Na SEE RE teo ET OE EE OE OR EE RIS 86 Start and Stop Services iue re N EE HER
126. iew 3 software The DSView 3 server enables the Server Technology Switched and Smart CDUs PTXL and PTXM models licensing feature for the selected serial ports in the Cyclades ACS console server The Cyclades ACS console server may have multiple IPDUs connected to appropriately configured serial ports Devices may be plugged into outlets on the IPDUs and connected to other serial ports on the Cyclades ACS console server In addition one or more outlets may be configured for each port and controlled individually or simultaneously with other outlets in a configured group The Cyclades ACS console server administrator may control all outlets or may assign outlets to individual users or groups of users Figure 6 1 displays a typical setup for the IPDU and the Cyclades ACS console server descriptions follow in Table 6 1 The IPDU serial console is connected to port YY of the Cyclades ACS console server the server s serial consoles are connected to ports WW and XX of the Cyclades ACS console servers and the servers power plugs are connected to power outlets 1 and 6 on the IPDU 118 Cyclades ACS Advanced Console Server Command Reference Guide fadi Fi amp Figure 6 1 IPDU and ACS Console Server Integration Table 6 1 PM IPDU and ACS Console Server Integration Descriptions Item Description Item Description 1 IPDU 4 RJ 45 serial cable on Cyclades ACS console server port WW connect to serial port of managed servers using Cycl
127. in and rule A table may contain several chains and each chain may contain several rules Table The table indicates how the iptables works There are currently three independent tables supported by the iptables but only two are used e filter This is the default table e nat This table is consulted when a packet that creates a new connection is encountered Chapter 2 Network Configuration 35 Chain Each table contains a number of built in chains and may also contain user defined chains The built in chains are called according to the type of packet User defined chains are called when a rule matched by the packet points to the chain Each table has a specific set of built in chains For the filter table e INPUT For packets coming into the box itself e FORWARD For packets being routed through the box e OUTPUT For locally generated packets For the nat table IPv4 only e PREROUTING For altering packets as soon as they come in e OUTPUT For altering locally generated packets as soon as they come in e POSTROUTING For altering packets as they are about to go out Rule Each chain has a sequence of rules These rules contain e How the packet should appear in order to match the rule Some information about the packet is checked according to the rule such as the IP header the input and output interfaces the TCP flags and the protocol e What to do when the packet matches the rule The packet may be accept
128. ise NOTE For IPv6 configurations ICMPv6 types apply such as icmpv6 net unreachable SNAT NAT table only IPv4 only This target is only valid in the nat table in the POSTROUTING chain It specifies that the source address of the packet should be modified and all future packets in this connection are also mangled and rules should cease being examined It takes one option Table 2 26 SNAT Target SNAT target Description to source ipaddr This may specify a single new source IP address an inclusive range of IP lt ipaddr gt port port addresses and optionally a port range which is only valid if the rule also specifies p tcp or p udp If no port range is specified then source ports below 1024 are mapped to other ports below 1024 Those between 1024 and 1023 inclusive are mapped to ports below 1024 and other ports are mapped to 1024 or above Where possible no port alteration occurs DNAT NAT table only IPv4 only This target is only valid in the nat table in the PREROUTING and OUTPUT chains and user defined chains which are only called from those chains It specifies that the destination address of Chapter 2 Network Configuration 43 the packet should be modified and all future packets in this connection are also mangled and rules should cease being examined It takes one option Table 2 27 DNAT Target DNAT target Description to destination ipaddr This may specify a single
129. ith the specified prefix up to 29 letters long and useful for distinguishing messages in the logs log tcp sequence Log TCP sequence numbers This is a security risk if the log is readable by users log tcp options Log options from the TCP packet header log ip options Log options from the IP packet header REJECT filter table only This is used to send back an error packet in response to the matched packet otherwise it is equivalent to DROP This target is only valid in the INPUT FORWARD and OUTPUT chains and 42 Cyclades ACS Advanced Console Server Command Reference Guide user defined chains which are only called from those chains Several options control the nature of the error packet returned Table 2 25 LOG Extension LOG extension Description reject with type The type given may be icmp net unreachable icmp host unreachable icmp port unreachable icmp proto unreachable icmp net prohibited or icmp host prohibited which return the appropriate ICMP error message port unreachable is the default The option echo reply is also allowed it may only be used for rules which specify an ICMP ping packet and generates a ping reply Finally the option tcp reset may be used on rules which only match the TCP protocol This causes a TCP RST packet to be sent back This is mainly useful for blocking ident probes which frequently occur when sending mail to broken mail hosts which won t accept your mail otherw
130. k n n n n channel number essid lt string gt encrypt yes no key string Table 2 8 Wireless LAN PC Card Configuration Parameters Parameter Value Description channel numbers Communication channel number encrypt yes no WEP data encryption key string Encryption key essid string Service set identifier ip n n n n IP address of the wireless PC card mask n n n n Subnet mask of the wireless PC card 2 Activate and save your configuration Chapter 2 Network Configuration 19 The following example shows the usage of wireless LAN configuration parameters cli config network pcmcia 1 wireless ip 192 168 11 11 mask 255 255 255 0 channel 6 essid mylocation encrypt yes key 421536615 cli config runconfig cli config savetoflash Modem PC cards In order to configure a modem PC card enter the following command Refer to Table 2 9 for parameter descriptions cli config network pcmcia slot number 1 2 modem ppp yes no localip lt n n n n gt remoteip n n n n enablecallback yes no callbacknum string otpauthreq yes no Table 2 9 Modem PC Card Configuration Parameters Parameter Value Description enablecallback yes no Enable or disable modem call back feature callbacknum string Add a call back number when callback is enabled localip n n n n Assign a local IP address for PPP communication remoteip n n n n Assign a remote IP address for PPP c
131. ket and reconfigures it for use cardctl reset Sends a reset signal to a socket subject to approval by any drivers already bounded to the socket cardctl eject Stops the application and unloads the client driver cardctl insert Reloads the driver and restarts the application You may insert the card anytime and the drivers should load automatically however you must run cardctl eject before ejecting the card to stop the application using the card Failure to do so may force the Cyclades ACS console server to hang during the card removal Make sure to specify the slot number when using the cardctl command cardctl eject 0 1 18 Cyclades ACS Advanced Console Server Command Reference Guide PC Card Network Devices Ethernet cards To configure an Ethernet PC card Execute the following command cli config network pcmcia slot number 1 2 ethernet ip lt n n n n gt mask n n n n NOTE If IPv6 mode is enabled IPv6 mode addresses can be entered for the IP address parameters associated with PC cards Table 2 7 Ethernet PC Card Configuration Parameters Parameter Value Description ip n n n n IP address of the ethernet card mask n n n n Subnet mask for the ethernet card 2 Activate and save your configuration Wireless LAN cards To configure a wireless PC card Execute the following command cli config network pcmcia slot number 1 2 wireless ip lt n n n n gt mas
132. lert level alert e To filter by matching a string in the received message filter f match match string Example to filter by matching the string named filter f named match named e To filter alarm messages filter f alarm facility local 0 conf DB facility and level info and match ALARM and match your string Example to filter alarm message with the string kernel panic filter f kpanic 1 facility local 0 conf DB facility and level info and match ALARM and match kernel panic e To eliminate SSHD debug messages filter f sshd debug not program sshd or not level debug e To filter the syslog buffering filter f syslog buf facility local 0 conf DB facility and level notice e To define actions destinations destination identifier destination driver params destination driver param where identifier Uniquely identifies a given destination destination driver Configures a method of output for a given message e params Configures a required or an optional parameter for each destination driver Chapter 5 Administration 91 Table 5 5 Destination Drivers Parameters Syslog ng Configuration Option Description file filename options This is one of the most important destination drivers in syslog ng It allows you to output log messages to the named file The destination filename may incl
133. lient services daemon sh PMD stop SSH NTP restart DB Syslog ng Chapter 5 Administration 87 Syslog ng daemon reads log system console messages and log files on remote syslog servers as specified by its configuration file In addition syslog ng may filter messages based on its content and perform an action for example send an email or pager message The etc syslog ng syslog ng conf file is used to perform specific configurations To configure syslog ng 1 Define Global Options options optl params opt2 params Table 5 2 Global Options Parameters Syslog ng Configuration Option time reopen n Description The time to wait before a dead connection is re established time reap n The time to wait before an idle destination file is closed sync freq n The number of lines buffered before written to file The file is synced when this number of messages has been written to it mark freq n The number of seconds between two MARKS lines log fifo size n The number of lines fitting to the output queue chain hostname yes no or long hostname yes no Enable disable the chained hostname format use time recvd yes no Use the time a message is received instead of the one specified in the message use dns yes no Enable or disable DNS usage syslog ng blocks on DNS queries so enabling DNS may lead to a Denial of Service attack gc idle threshold
134. lly 250 to 500 milliseconds breakseguence break To set the break sequence Usually a character sequence Sequence break Ctrl b host hostname IP address or the name of the server to which you are connecting idletimeout numbers To configure idle time out which is the maximum time in seconds that a session may be idle before the user is logged off portip lt n n n n gt To configure an ip alias to the serial port sttyoptions lt stty options gt To set terminal options tcpkeepalive numbers To configure poll interval in milliseconds ms Specifies the time interval between the periodic polling to check client processes and connectivity tcpport number To configure socket port number Four digit values are valid for this parameter for example 7001 terminaltype terminal type To configure the terminal type when connecting to a host system winems yes no Enables or disable Windows Emergency Management Services EMS 74 Cyclades ACS Advanced Console Server Command Reference Guide To open and close a telnet session to a serial port f telnet hostname TCP port number Table 4 4 Telnet Session Configuration Parameters Parameter Description hostname Workstation name or its IP address TCP port number TCP port number assigned to the serial port To close a Telnet session press the hotkey defined for the Telnet client the default is Ctrl To open and close an SSH session
135. ly matches packets with the SYN flag set and the ACK FIN and RST flags unset syn Only match TCP packets with the SYN bit set and the ACK and FIN bits cleared Such packets are used to request TCP connection initiation for example blocking such packets coming in an interface prevents incoming TCP connections but outgoing TCP connections are unaffected It is equivalent to tcp flags SYN RST ACK SYN If the flag precedes the syn the sense of the option is inverted 40 Cyclades ACS Advanced Console Server Command Reference Guide Table 2 20 TCP Extensions Continued De RE EE mcum enu suum EC DLL ZU EE EE Ee a TCP extension Description tcp option number Match if TCP option is set UDP extensions These extensions are loaded if the protocol udp is specified or m udp is specified It provides the following options Table 2 21 UDP Extensions UDP extension Description source port port port Source port or port range specification See the description of the source port option of the TCP extension for details destination port port port Destination port or port range specification See the description of the destination port option of the TCP extension for details ICMP extension This extension is loaded if the protocol icmp is specified or m icmp is specified It provides the following option NOTE For IPv6 configurations the icmpv6 protocol is used
136. m minimum average power ID gt lt element gt consumption of a defined element or all elements if one is not defined The element can be bank name A B C XY phase name X Y Z outlet number 1 2 Cumulative Power cumulativepower reset Display or clear the cumulative power consumption of a lt IPDU ID lt element gt defined element or all elements if one is not defined to zero The element can be bank name A B C XY phase name X Y Z outlet number 1 2 Chapter 6 Power Management 125 Table 6 2 pmMenu and pmCommand Commands Continued BEE EER NE N HIC N NE ENE NE ER N EE N NE NS N SaaS Menu Item Command Syntax Description Power Factor powerfactor reset lt IPDU ID gt lt element gt Display or reset the maximum minimum average recorded power factor of a defined element or all elements if one is not defined The element can be bank name A B C XY phase name X Y Z outlet number 1 2 Voltage Info voltageinfo reset lt IPDU Display or clear the maximum minimum average ID lt element gt recorded voltage for the defined element or all elements if one is not defined to zero The element can be bank name A B C XY phase name X Y Z outlet number 1 2 Sensors sensors reset lt IPDU ID Display or clear the maximum minimum average lt sensor name gt recorded lt type gt for th
137. made to a server The banner appearance may be port specific or a unified banner for all ports To configure the terminal appearance 1 Enter the following command to configure a banner for one or multiple serial ports cli config physicalports all range other banner login banner NOTE A banner string with spaces must be enclosed by double quotes string1 string2 gt 2 Activate and save your configuration Chapter 5 Administration 109 SUDO Configuration Group SUDO configuration group allows users belonging to the administrator admin group by way of commands from the shell command line to configure the Cyclades ACS console server s features provided by the WMI and CLI NOTE As supplied the Cyclades ACS console server version 2 6 1 and up provides a user admin from the admin group with the password cyclades The username admin cannot be added or deleted from the WMI or the CLI so if a user with the username admin belonging to the admin group is required a shell script must be executed by user root from the shell command line The sudoers configuration file has already been configured to allow execution and modification of commands utilities and configuration files by a user from the admin group The sudoers file etc sudoers may be edited by user root either to exclude or to include commands utilities and configuration files that are to be used with the sudo command by users from the admin group NOTE The
138. may be invoked at the top of a shell script if the script contains only CLI commands Any type of shell may be used to run CLI commands along with other commands For example Create a script that calls bin CLI to configure a hostname in batch mode Vbin CLI config network hostsettings hostname FremontACS config savetoflash wa Run a CLI command from the same script that is running other Linux commands Vbin bash bin CLI s config network hostsettings hostname FremontACS Runmultiple CLI commands from a script that is running other Linux commands Vbin bash bin CLI lt lt EOF config network hostsettings hostname FremontACS config security adduser username johndoe config savetoflash EOF Interactive CLI is invoked and commands and parameters are entered in the Linux shell CLI is active until the quit command is issued For example CLI gt config network hostsettings dhcp lt yes gt CLI gt config runconfig CLI gt config savetoflash CLI gt config quit root CAS root 4 Cyclades ACS Advanced Console Server Command Reference Guide CLI Navigation Autocompletion Autocompletion may be used to find out what commands and parameters are available Pressing the Tab key twice displays all the commands at the top level For example cli Tab Tab administration info return version applications portStatus shell config quit show Pressing the Tab key once after partially typing a command a
139. me NTHEAD 800I 1 name guid 00000000 0000 0000 0000 000000000000 guid processor architecture x86 processor architecture os version 5 2 os version os build number 3735 os build number os product Windows Server 2003 Enterprise Editions os product os service pack None c os service pack lt machine info gt In the SAC command line each time you enter the cmd command you create a channel A channel is the Command Prompt environment where you may enter the command prompt commands such as dir cd edit del or copy You may switch back and forth between channel s and SAC by pressing Esc or Tab keys You may create up to nine channels nine command prompt sessions Whenever we switch channels the lt channel switch gt tag is sent 134 Cyclades ACS Advanced Console Server Command Reference Guide The following elements are included in the lt channel switch gt tag Table A 3 Elements in the lt channel switch gt Tag Element Description lt application type gt Is a hexadecimal GUID signifying the application or tool that is running on the Windows Server platform and communicating via this active channel It is to be used to discern the different interaction modes During the Windows GUI mode Setup phase the following GUIDs identify the specific types of data being emitted Debug Log 5ED3BAC7 A2F9 4E45 9875 B259EA3F291F Error Log 773D2759 19B8 4D6E 8045 2
140. minimumoff Set the minimum time an outlet stays turned Off before it Avocent SPC outlet list lt interval gt is turned back On Wake Up State wakeup Set the outlet state after a cold boot It can be set to On SPC and outlet list on off last Off or the last saved state ServerTech last is for ServerTech only Sequence Interval seginterval Set the delay time in seconds when turning on multiple outlet list lt interval gt outlets at the same time Valid only on a master Server Technology Sentry CDU Cycle Interval cycleinterval Set the time delay in seconds for turning on ServerTech outlet list sinterval subsequent outlets after an outlet has been turned on N A menu Enter menu mode from pmCommand only Cold Start Delay coldstartdelay IPDU ID Set the duration of the cold start delay for the defined Avocent PM duration PDU or all connected PDUs when one is not defined PDU Current Threshold currentthreshold IPDU ID Display or set the threshold for current of one element lt element gt lt thresholds gt Set command requires element argument The element can be pdu bank name A B C XY phase name X Y Z outlet number 1 2 Power Off Delay poweroffdelay lt outlet list gt Set the time delay in seconds for turning off outlets Avocent PM delay PDU Power Info powerinfo reset lt IPDU Display or clear the maximu
141. mode in the Linux shell or in a batch mode Table 1 7 CLI Command Arguments Argument Description q Suppress the output of error messages from CLI t lt time gt Timeout in minutes default is 10 minutes T Disable the idle time out Same as t 0 Chapter 1 Using the Command Line Interface 7 Table 1 7 CLI Command Arguments Continued BERE EE NUES N N EE DUNS SN EE N si N e RE I I IL LLILZIZICLCLZrY Argument Description S Save changes to flash This is the same as savetoflash command batch mode only r Activate changes This is the same as runconfig command batch mode only f lt filename gt Executes the commands in the file lt filename gt 8 Cyclades ACS Advanced Console Server Command Reference Guide Network Configuration Network Settings The following instructions assume you are installing a new Cyclades ACS console server or you have reset an existing unit to factory default parameters Default configuration is with IPV4 and IPV6 enabled e IPVA networking will be enabled and the main Ethernet interface IP address will be obtained from a DHCPv4 Server e IPV6 networking will be enabled only for the basic services of the main Ethernet interface and its IPv6 address will be obtained from a local router stateless only option To configure initial network parameters using the wiz command 1 From your terminal emulation application log into the console port as root The def
142. n Sets the threshold value for the garbage collector when syslog ng is idle GC phase starts when the number of allocated objects reach this number Default 100 gc busy threshold n Sets the threshold value for the garbage collector When syslog ng is busy GC phase starts create dirs yes no Enable the creation of new directories owner name Set the owner of the created file to the one specified Default root group name Set the group of the created file to the one specified Default root perm mask Set the permission mask of the created file to the one specified Default 0600 88 Cyclades ACS Advanced Console Server Command Reference Guide Define Sources Source identifier source driver params source driver params where identifier Uniquely identifies a given source source driver A method of retrieving a given message params Each source driver takes a required or an optional parameter Table 5 3 Source Drivers Parameters Syslog ng Configuration Option Description internal Messages are generated internally in syslog ng unix stream They open the given AF UNIX socket and start listening for messages filename options Options owner name group name perm mask are equal and global options unix dgram filename options keep alive yes no Selects whether to keep connections opened when Syslog ng is restarted May be used only with unix st
143. nal field User that tells cron with which user id the command should be executed The fields are e Min minute of execution 0 59 e Hour hour of execution 0 23 e Mdsay day of month of execution 1 31 e Month month of execution 1 12 or names e Waday day of week of execution 0 7 0 or 7 is sunday or names e Command Anything that may be launched from the command line 114 Cyclades ACS Advanced Console Server Command Reference Guide Clustering Using Ethernet Interface Clustering allows cascading multiple Cyclades ACS console servers so that one master may be used to access all console servers on the network The master Cyclades ACS console server can manage up to 1024 serial ports There are no special connections required between the master and slave Cyclades ACS console servers except they all need to be connected in the same physical network Figure 5 1 displays an example of clustering with one master and two slaves descriptions follow in Table 5 16 TT pos 3 Figure 5 1 An Example on Using the Clustering Feature Table 5 16 Example of Using the Clustering Feature Descriptions Item Description Item Description 1 Cyclades ACS Console Server Master 5 Servers on Serial Ports Ethernet LAN IP 20 20 20 1 TCP Port Address Range 7017 7032 Secondary IP 209 81 55 110 2 Cyclades ACS Console Server Master 6 Servers on Serial Ports Ethernet LAN IP 20 20 20 2 TCP Port Address
144. nce by Windows Server during its system boot sequence This tag is also emitted as part of the BP tag The following elements are included in machine info tag Table A 2 Machine Info Tags Element Description guid It is the GUID that uniquely identifies the server platform Normally this is an SMBIOS provided identification If no such value is available all O s GUID string is used See Example of sample encoding on page 133 lt name gt Is the system name Appendices 133 Table A 2 Machine Info Tags Continued EEE Mug Ee Ee N OE EE ny RE ool A IL LLLLLLLLLLLLLLLALCIIE TO Element Description lt os build number gt Is a numeric string that identifies a successive Windows Build lt os product gt Is the name of the Windows Server 2003 product currently running on this server It is one of the following Windows Server 2003 Datacenter Edition Windows Server 2003 Embedded Windows Server 2003 Enterprise Edition Windows Server 2003 lt os service pack gt Is an alphanumeric string that identifies the most up to date service pack installed If none installed the string is None lt os version gt Is the numeric identification of the Windows version currently running lt processor architecture gt Is either x86 or IA64 designating the two processor architectures currently supported by Windows Server 2003 Example of sample encoding lt xml gt machine info na
145. nd configure upload scripts using FTP or SSH The config billing sh script configures the files etc billing_up conf etc billing crontab and etc crontab files Usage config billing sh X options X is the port number to be configured options S Speed d data size b stopbit p parity r billing records e billing EOR this parameter must be on like n D billing dir S serverFar t date Appendices 149 T timeout i ip n netmask R route u upload Any parameter that is not specified remains unchanged The following parameters are configured by default for billing sxx authtype none Sxx protocol billing sxx flow none sxx dcd 0 sxx sniff mode no Select the u option to execute the billing upload files sh script The script presents the following sequential menu where the upload options may be configured billing upload files sh Transfer Mode ftp or scp ftp Local Directory var run DB Remote server IP 192 168 1 101 Remote directory var billing User billing Password billing Upload Interval in minutes NOTE Instead of running the u option the etc billing up conf may be configured manually to change the parameters If the parameters remain unchanged the default parameters are uploaded NOTE If the scp transfer mode is selected and there is no defined authentication the script generates a key and uploads to the server The key must be stored on the se
146. nd server fails to respond Radius authentication fails radiussvctype yes no Set to no to authorize the ACS console server to retrieve the level of user based on the group name attribute sent by the RADIUS server Set to yes to authorize the ACS console Server to retrieve the level of the user admin or regular based on the Service Type attribute from the RADIUS server To configure RADIUS authorization on the Cyclades ACS console server to access the serial ports 1 In CLI mode enter the following string cli config physicalports serial port number access users groups list of users or group names separated by commas 62 Cyclades ACS Advanced Console Server Command Reference Guide 2 Activate and save your configuration To configure an LDAP authentication server On the LDAP server edit the info attribute for the user and add the following syntax info group_name lt Group1 gt lt Group2 gt lt GroupN gt To configure LDAP authorization on the Cyclades ACS console server to access the serial ports 1 In CLI mode enter the following string cli gt config physicalports lt all or range list 1 xx gt access users groups lt list of users or group names separated by commas gt 2 Activate and save your configuration One Time Password OTP Authentication This section describes the procedures required to set up and configure OTP one time password for dial in to the Cyclades A
147. new destination IP address an inclusive range lt ipaddr gt port port of IP addresses and optionally a port range which is only valid if the rule also specifies p tcp or p udp If no port range is specified then the destination port is never modified MASQUERADE NAT table only IPv4 only This target is only valid in the nat table in the POSTROUTING chain It should only be used with dynamically assigned IP dialup connections If you have a static IP address you should use the SNAT target Masquerading is equivalent to specifying a mapping to the IP address of the interface the packet is going out on but also has the effect that connections are forgotten when the interface goes down This is the correct behavior when the next dialup is unlikely to have the same interface address and hence any established connections are lost anyway It supports one option Table 2 28 Masquerade Target Target Description to ports lt port gt lt port gt Specifies a range of source ports to use This parameter overrides the default SNAT source port selection heuristics see SNAT NAT table only IPv4 only This parameter is valid when the rule specifies p tcp or p udp REDIRECT NAT table only IPv4 only This target is only valid in the nat table in the PREROUTING and OUTPUT chains and user defined chains which are only called from those chains It alters the destination IP address to send the packet to the machine i
148. ng CLI Use the following commands to save or restore configuration files Crond Save to Flash cli config savetoflash Save to PC card cli administration backupconfig saveto sd default replace Load from PC card cli administration backupconfig loadfrom sd default replace Save to FTP server cli administration backupconfig saveto ftpserverip n n n n pathname string username string password string Load from FTP server cli administration backupconfig loadfrom ftpserverip n n n n pathname string username lt string gt password lt string gt Crond is a service provided by the Cyclades ACS console server that allows automatic periodically run custom made scripts It replaces the need to run commands manually The crond daemon configuration is divided in three parts etc crontab files The name of this file cannot be changed and it must point only to one file Source file Holds information about frequency of cron jobs and the files that should be executed It may have any name since it is pointed out by the etc crontab files Script files These are the script files that are scheduled and are pointed by the source file explained previously The following parameters are created in the etc crontab files file Status Active or inactive The script does not execute if inactive User The process runs with the privileges of a valid local user Source Pathname of the crontab fil
149. ng the username and password configured in Step 1 Run the following commands to activate and save your configuration runconf saveconf Dial in access profile The Cyclades ACS console server serial ports may be configured to allow remote users to access the local network through a modem To configure a dial in access profile 1 2 3 4 mi Configure the serial port for PPP protocol Create a new user on the authentication server From the console ping the authentication server to make sure it is reachable Confirm modem settings The Cyclades ACS console server is set for communication at 57600 bps 8N1 The modems should be programmed to operate at the same speed on the DTE interface Make sure the server is configured to route console data to the serial console port Dial in to the Cyclades ACS console server from a remote server using the username and password created The server dialing in must be configured to receive its IP address from the remote access server the Cyclades ACS console server in this case and to use PAP authentication Run the following command to activate and save your configuration runconf saveconf Chapter 4 Accessing Connected Devices 83 Figure 4 4 displays an example of a dial in access profile with Radius authentication and ppp protocol on the serial lines Descriptions follow in Table 4 13 Q m1 N na on E EE dd Figure 4 4 Example of Dial in Access Pro
150. ntaneous RMS current being drawn from each of the IPDU connected to a serial port e The software version of the IPDU connected to a serial port e The information about sensors Current Voltage Power Factor and the Power Consumption of the PDU and for each element banks phases outlets e The name of the outlet as configured in the IPDU e The alias of the server that is configured for using the IPDU outlet e The name of the Cyclades ACS console server to which the IPDU is connected e The status of the outlet e Power status 0 Off 1 On 3 unknown e Lock state 0 Unlock 1 Lock 2 unknown SNMP proxy allows an administrator to control the IPDU outlets using SNMP set commands The SNMP commands that may be executed on each outlet are ON OFF CYCLE and LOCK NOTE The Cyclades ACS console server proxies all SNMP requests to the IPDU Therefore there is a small delay if an outlet cycling is requested by the snmpset command To successfully cycle an outlet a four second or higher time out must be specified To run this command for more than one outlet or for units configured as daisy chain this time should be recalculated To configure SNMP proxy The following example shows how to configure this feature 1 Getthe Cyclades ACS console server serial port number to which the IPDU is connected snmpget m all v 2c t 4 c cyclades 10 10 0 1 cyNumberOfPM Enter enterprises cyclades cyACSMgmt cyPM cyNumberOfPM 0 2 2
151. nterface Card Detected S S S L Network Boot Error S S S S L Real Time Clock Error S S S S S L NOTE The Ethernet error mentioned in the previous table occurs automatically if the Fast Ethernet link is not connected to an external hub during the boot If the Fast Ethernet is not being used or is connected later this error may be ignored Rear panel LEDs The Cyclades ACS console server rear panel has serial console and ethernet connectors with LEDs that have the following functionality Ethernet connector e Col collision Shows collision on the LAN every time the unit tries to transmit an Ethernet packet e DT LK data transaction link state DT flashes when there is data transmitted to or received from the LAN It is hard ware controlled LK keeps steady if the LAN is active The green LED is Data Transaction activity and the yellow LED is LinK state e 100 If 100BT is detected the LED lights on If 10BT is detected it turns off Console connector e CP CPU activity It flashes at roughly 1 second intervals e Pl Power supply 1 ON e P2 Power supply 2 ON Serial connector e LK DTR Its software controlled e DT Data transmitted to or received from the serial line It s hardware controlled Boot configuration To configure boot parameters Appendices 155 1 Use the following command to configure the boot parameters of the Cyclades ACS console server Refer to Table B 2 for the description of parameters
152. o add groups and users example Add a group called FremontACS that includes the users john and mary Security addgroup groupname FremontACS usernames john mary Add a regular user no admin privileges named john with the password john1234 security adduser username john admin no password john1234 Load a key for the local root user accessed by root 2 192 168 0 1 home key security loadkey username username url url security loadkey username root url root 192 168 0 1 home key Activate and save your configuration NIS Client NIS Network Information System provides generic client server database access facilities that can be used to distribute information This makes the network appear as a single system with the same accounts on all hosts The objective of this feature is to allow the administrator to manage ACS accounts on an NIS server The NIS client feature requires the files and commands listed in Table 3 4 Table 3 4 NIS Client Requirements File Command Description letc yp conf This file contains the configuration used by ypbind etc domainname conf This file contains the NIS domain name set by the command domainname ust sbin ypbind Finds the server for NIS domains and maintains the NIS binding information 52 Cyclades ACS Advanced Console Server Command Reference Guide Table 3 4 NIS Client Requirements Continued File Command Description us
153. o time out is desired The file is closed after billing records are received 148 Cyclades ACS Advanced Console Server Command Reference Guide To configure billing 1 Open the etc portslave pslave conf file and configure the following parameter according to your application all protocol billing 2 Inthe data buffering section of pslave conf file configure the following parameters all billing records 50 all billing timeout 60 min all billing eor n NOTE The values presented implement the billing feature for all ports of the product If the configuration fora specific port is required all related parameters beginning with all must be changed to S x where x is the number of the port to be configured Disk space issue It is important to note that there is protection against disk space problems If you configure flow control to hardware for the serial port all flow hard in the pslave conf file the application monitors the available disk space and if it is less than 100 Kb the serial interface deactivates RTS signal on the RS 232 RTS is reactivated once the disk free space is greater than 120 Kb Billing wizard This feature improves the billing application by using a script and automating the upload of the billing records files from the Cyclades ACS console server to a remote server using FTP or SSH config billing sh script The config billing sh script is used to configure a serial port for billing protocol a
154. oaded file is not corrupted and to verify the zImage saved in Flash run the following command md5sum mnt flash zImage The system responds with a message similar to the following 5bcc7d9b3c61502b5c9269cbecd20317 mnt flash zImage Check the system s response against the md5 text file on the tftp server Appendices 151 For example the lt zImage_filename md5 gt text file contains information similar to the following 5bcc7d9b3c61502b5c9269cbecd20317 tftpboot zlImage filename If the alphanuemeric string matches the downloaded file execute the reboot command 8 After reboot the Cyclades ACS console server is updated with the new firmware Confirm by issuing the following command cat proc version Troubleshooting To restore system due to Flash memory loss If the contents of Flash memory are lost after an upgrade follow the instructions below to restore your system 1 2 3 10 11 Recycle the power on your Cyclades ACS console server Using the console wait for the self test messages If you get no boot messages verify that you have the correct setting otherwise press s immediately after turning on the Cyclades ACS console server to skip an alternate boot code Cyclades ACS console server boots using its original boot code During the self test press Esc after the Ethernet test Testing Ethernet MERE Re RR Re ee de ig hoe Rog When the Watch Dog Timer prompt appears press Enter Watchd
155. of the Cyclades ACS console server sudo will not work and the DSView 3 software plug in will not work NOTE NIS does not work if Security Profile is set to Moderate or Secured It only works if the Security Profile is Open 48 Cyclades ACS Advanced Console Server Command Reference Guide To configure serial port authentication 1 2 authentication parameters Execute the following command for one or multiple serial ports Refer to Table 3 1 for cli config physicalports all or range list 1 xx access authtype parameter Activate and save your configuration To configure general authentication to the Cyclades ACS console server 1 2 Execute the following command to configure authentication Refer to Table 3 1 for authentication parameters and fallback mechanisms cli config security authentication authtype parameter Activate and save your configuration Table 3 1 Cyclades ACS Console Server Serial Port and General Authentication Methods Authentication type Parameter Description DSView DSView Authentication is performed using DSView 3 management DSView Local software Local authentication is performed if the DSView 3 DSViewDownLocal Software fails or if the server is down Kerberos Kerberos Authentication is performed using a Kerberos server Local Kerberos Local authentication is performed if Kerberos fails or if the KerberosDownLocal Kerberos server is down LD
156. og timer A ctive or I nactive I Choose the option Network Boot when asked Firmware boot from F lash or N etwork N Select the TFTP option instead of BootP The host must be running TFTPD and the new ZImage file must be located in the proper directory For example tftpboot for Linux Boot type B ootp T ftp or Bot H H Enter the filename of the zImage file on the host Boot File Name lt zImage_filename gt Enter the IP address of the Ethernet interface IP address assigned to Ethernet interface 192 168 48 11 Enter the IP address of the host where the new zImage file is located Server s IP address 192 168 49 127 Accept the default MAC address by pressing Enter MAC address assigned to Ethernet 00 60 2E 01 6B 61 152 Cyclades ACS Advanced Console Server Command Reference Guide 12 When the Fast Ethernet prompt appears press Enter Fast Ethernet A uto Neg 100 B tH 100 Bt F 10 B t F 10 Bt H A The Cyclades ACS console server should begin to boot off the network and the new image is downloaded At this point follow the upgrade process to save the new zImage file into Flash again NOTE Possible causes for the loss of Flash memory may include downloaded wrong zlmage file downloaded as ASCII instead of binary or problems with Flash memory If the Cyclades ACS console server booted properly the interfaces may be verified using ifconfig and ping If ping does not work check
157. ollowing command from the shell prompt to test the configuration f ssh 1 lt username gt lt TCP port of the serial port in the slave IP address of the master p TCP port of the virtual port in the master Use the following commands to edit or delete a previously configured virtual port cli config virtualports editslave n n n n cli config virtualports deleteslave n n n n 116 Cyclades ACS Advanced Console Server Command Reference Guide 117 Power Management A Cyclades PM IPDU enables you to remotely control and manage power to target devices attached to the Cyclades ACS console server When used in conjunction with the Cyclades ACS console server the Cyclades IPDU delivers management capabilities that integrate the Cyclades ACS console server and power management into a single interface In addition to Cyclades PM IPDUs the following power distribution units are supported by the Cyclades ACS console server e Avocent 1000 2000 3000 Power Management Power Distribution Units PM PDUs e Avocent SPC series power control devices e Server Technology Sentry family of switched cabinet power distribution units CDUs and CDU expansion devices e Server Technology Sentry Power Tower XL PTXL and Power Tower XM PTXM power devices Server Technology Sentry Smart CDU NOTE Configuration and management of Server Technology Sentry Switched and Smart CDUs PTXL and PTXM models must be handled through the DSV
158. ommunication ppp yes no Enable or disable PPP service otpauthreq yes no Enable or disable One Time Password OTP authentication To configure a modem PC card example 1 Enable and configure the modem PC card cli config network pcmcia 2 modem ppp yes localip 10 0 0 1 remoteip 10 0 0 2 2 Enable callback and add the call back number if desired cli config network pcmcia 2 modem modem ppp yes modem enablecallback yes modem callbacknum 4155552515 localip 10 0 0 1 remoteip 10 0 0 2 3 Enable One Time Password authentication if required Activate and save your configuration 20 Cyclades ACS Advanced Console Server Command Reference Guide GSM PC cards In order to configure a GSM PC card enter the following command Refer to Table 2 10 for parameter descriptions cli config network pcmcia slot number 1 2 gt gsm localip lt n n n n gt remoteip n n n n enablecallback yes no callbacknum string pin string otpauthreq yes no Table 2 10 GSM PC Card Configuration Parameters Parameter Value Description enablecallback yes no Enable or disable GSM call back feature callbacknum string Add a call back number when callback is enabled localip n n n n Assign a local IP address for PPP communication remoteip n n n n Assign a remote IP address for PPP communication pin lt string gt Enter the assigned PIN otpauthreq yes no Enable or disable One Time Password
159. on outlet list Turn an outlet On Prompts you to enter a list of IPDU ID outlet numbers Off off outlet list Turn an outlet Off Prompts you to enter a list of IPDU ID outlet numbers Cycle cycle outlet list Turn an outlet Off and On again recycle power Prompts you to enter a list of outlet numbers Lock lock outlet list Lock a set of outlets in On or Off state to avoid Avocent PM PDU and Cyclades IPDU accidental changes Prompts you to enter a list of IPDU ID gt lt outlet numbers Unlock Avocent PM PDU and Cyclades unlock lt outlet list gt Unlock the selected outlets Prompts you to enter a list of lt IPDU ID gt lt outlet numbers IPDU Status status outlet list gt Display the status of the selected outlets Prompts you to enter a list of outlet numbers N A interval outlet list Display or set the interval for an outlet to turn on lt delay gt Power On Delay Avocent PM PDU Cyclades IPDU and ServerTech powerondelay outlet list lt delay gt Display or configure post turn on outlet delay Prompts you to enter a list of outlet numbers Name name lt outlet entry gt Define a name or an alias for an outlet lt outlet name gt Current current reset lt IPDU ID Display the amount of current that is running through the lt element gt IPDU or reset the maximum detected current in a single or all IPDU appliances The element can
160. onsole speed 9600 P erform or S kip Flash test P S kip Q uick or F ull RAM test F Fast Ethernet A uto Neg 1 00 BtH 100 Bt F 10 B t F 10 Bt H A Fast Ethernet Maximum Interrupt Events 0 Maximum rate of incoming bytes per second 0 2 Press Enter for all fields but the Maximum rate of incoming bytes per second field 3 Typethe maximum amount of bytes that may be received by the interface per second A value of zero disables the feature Enter a value of 50000 for optimum performance NOTE Using larger values does not harm your system but makes it more sensible to storms Using smaller values may enforce this feature to be triggered by the normal traffic 4 Save your changes to Flash Do you confirm these changes in flash Y es N o Q uit IN CPU LEDs Normally the CPU status LED should blink consistently one second on one second off If this is not the case an error has been detected during the boot The blink pattern may be interpreted via the following table Table B 1 CPU LED Code Interpretation Event CPU LED Morse code Normal Operation S short short short Flash Memory Error Code L long long long Cyclades ACS Advanced Console Server Command Reference Guide Table B 1 CPU LED Code Interpretation Continued FEE om EN ER NN EE NE an OE N EE E Event CPU LED Morse code Flash Memory Error Configuration S L Ethernet Error S SL No I
161. or more rules to the end of the selected chain When the source and or destination names resolve to more than one address a rule is added for each possible address combination D delete Delete one or more rules from the selected chain There are two versions of this command The rule may be specified as a number in the chain starting at 1 for the first rule or as a rule to match R replace Replace a rule in the selected chain If the source and or destination names resolve to multiple addresses the command fails Rules are numbered starting at 1 insert Insert one or more rules in the selected chain as the given rule number Thus if the rule number is 1 the rule or rules are inserted at the head of the chain This is also the default if no rule number is specified L list List all rules in the selected chain If no chain is selected all chains are listed It is legal to specify the Z zero option as well in which case the chain s are automatically listed and zeroed The exact output is affected by the other arguments given F flush Flush the selected chain This is equivalent to deleting all the rules one by one Z zero Zero the packet and byte counters in all chains It is legal to specify the L list list option as well to see the counters immediately before they are cleared N new chain New chain Create a new user defined chain by the given name There must be no target of that nam
162. pens the following menu to these administrators which is defined by the parameter all admin users or sN admin users in the file pslave conf ttySN is being used by first user name Initiate a regular session Initiate a sniff session Send messages to another user Kill session s Quit UP UNDH ox x Enter your option If you select 1 Initiate a regular session the serial port is shared with the users that were previously connected You are able to read and write to the serial port If you select 2 Initiate a sniff session you may read everything that is sent or received through the serial port according to the parameter all sniff mode or sN sniff mode If you select 3 Send messages to another user the Cyclades ACS console server sends your messages to all the sessions but not to the tty port Everyone connected to that port sees all exchanges of information as if they were physically in front of the console These messages are formatted as Message from user PID message text goes here gt gt by the ACS If you select 4 Kill session s the Cyclades ACS console server displays a list of PID username pairs You are able to select a session by typing its PID or all to kill all sessions If you kill all the regular sessions a regular user session initiates automatically Select Option 5 Quit to close the current session and the TCP connection Chapter 5 Administration 103
163. r bin ypwhich Returns the name of the NIS server that supplies the NIS services usr bin ypcat Prints the values of all keys from the NIS database specified by map name usr bin ypmatch Prints the values of one or more keys from the NIS database specified by map name usr sbin domainname Shell script to read write the NIS domain name NIS Client Configuration 1 3 4 Run the command domainname Make sure that you have the NIS domain name set domainname NIS domain name Show or set the system s NIS YP domain name for example f domainname avocent mycompany nis Edit the etc yp conf file Configure the NIS server For example if the NIS server has the IP address 192 168 160 110 add the following line to the file ypserver 192 168 160 110 Edit the etc nsswitch conf file to include the NIS in the lookup order of the databases Configure the parameter all sxx authype as local To test the configuration 1 Start with the following command usr sbin ypbind Display the NIS server name by running the following command usr bin ypwhich Display the all users entry by running the following command usr bin ypcat t passwd byname Display the user s entry in the NIS passwd file usr bin ypmatch t userid username passwd byname If the preceding steps performed successfully change the etc inittab file by uncommenting the line that performs a ypbind upon startup Chapter 3 Security 53
164. ream Default yes max connections n Limits the number of simultaneously opened connections May be used only with unix stream Default 10 tcp options These drivers let you receive messages from the network and as the name of the drivers show you may use both TCP and UDP None of tcp and udp drivers require positional parameters By default they bind to 0 0 0 0 514 which means that syslog ng listens on all udp options available interfaces Options ip ip address The binding IP address Default 0 0 0 0 port lt number gt UDP TCP port used to listen messages Default 514 max connections n Limits the number of simultaneously opened connections Default 10 file filename Opens the specified file and reads messages pipe filename Opens a named pipe with the specified name and listens for messages You need to create the pipe using the mkfifo command The following are examples of how to define sources Read from a file source identifier file filename Read messages from temp filel file source filel file temp filel Receive messages from the kernel Chapter 5 Administration source s kernel file proc kmsg Receive messages from local syslogd clients source sysl unix stream dev log e Receive messages from remote syslogd clients source s udp udp ip cliente ip port udp port gt e Listen to messages from all machin
165. ribe the commands available through the menu If you do not have permission to access an outlet the following message appears It was impossible to start a Power Management Session You can t access any Power Management functionality Please contact your Console Server Administrator If you can access outlet s but have no access to outlet s of a specific server the following message appears You cannot manage the outlet s of this server Pleas nter the outlet s or for help 3 Enter the outlet s you want to manage The main menu appears only if you have permission for those outlet s Type h to display the help information Table 6 3 IPDU Appliance Command Menu Command Description Exit Exits the power management session Help Display a list of available commands with a description On Turn outlet s On Off Turn outlet s Off Cycle Turn an outlet Off and On again recycle power Lock Locks a set of outlets in On or Off state to avoid accidental changes Unlock Unlocks the selected outlets Status Displays the status of the selected outlets Interval Configures the post turn on delay Other Allows you to manage other outlets Check the status of the server s outlet s by typing 8 to select Status 5 If the outlet s are locked you must unlock them first Type 7 to select Unlock The Cycle command turns off the outlet for a few seconds and turns it back on Type 5 to select
166. rnal options N number of inodes m reserved blocks percentage o creator os g blocks per group L volume label M last mounted directory O feature r fs revision R raid opts qvSV device blocks count Initialize a PC card hard drive with ext2 echo L sfdisk dev hda Partition a CF card Usage sfdisk options device Check an ext2 or VFAT filesystem fsck t ftype dev lt hdxx gt Configure media PC cards cli config network pcmcia slot cflash paramter yes no Table 2 13 Media PC Card Parameters Parameter Value Description enable yes no Activate the media card in the PC card slot databuf yes no Enable or disable data buffering cancel Disable the media card in the PC card slot The following example shows the usage of the PC card parameters 1 Enable the Compact Flash or PC card hard drive cli config network pcmcia 1 cflash enable yes 2 Enable data buffering on this device cli config network pcmcia 2 cflash databuf yes 3 Activate and save your configuration NOTE Before removing the media PC card you must run cardctl eject from the shell prompt to ensure the data is properly written to the media 24 Cyclades ACS Advanced Console Server Command Reference Guide It is also possible to save and restore the configuration files to or from PC card media by executing the saveconf and restoreconf utilities See Saveconf and Restoreconf on page
167. route root CAS root netstat rn Routes may be added at the Linux shell prompt using the following command route add del net host target netmask nt msk gw gt way interf Table 2 30 Routing Table Parameters Parameter Description add del Routes may be either added or deleted One of these options must be specified net host Net is for routes to a network and host is for routes to a single host target Target is the IP address of the destination host or network IPv4 nnn nnn nnn nnn IPv6 IPv6 address prefix length netmask and nt msk Netmask and nt mask are necessary only when subnetting is used Otherwise a mask appropriate to the target is assumed IPv4 parameter only gw and gt way Specifies a gateway when applicable The IP address or hostname of the gateway is specified by the gt way parameter NOTE This can be an IPv4 or an IPv6 address Chapter 2 Network Configuration 45 Table 2 30 Routing Table Parameters Continued Parameter Description interf The interface to use for the route Must be specified if a gateway is not When a gateway is specified the operating system determines which interface is to be used Use the following command to configure static routes Refer to Table 2 31 for the list of parameters and the descriptions cli config network stroutes add parameter value Table 2 31 Static Routes Parameters and Values Parameter Value
168. rver with the appropriate configuration Execute saveconf and restart the Cyclades ACS console server to activate the options related to billing upload 150 Cyclades ACS Advanced Console Server Command Reference Guide Appendix B Upgrades and Troubleshooting Upgrades Below are the six files added to the standard Linux files in the mnt flash directory when an upgrade is needed boot alt alternate boot code boot conf active boot code boot ori original boot code config tgz Cyclades ACS console server configuration information zImage Linux kernel image To upgrade the Cyclades ACS console server 1 2 3 4 Log in to the Cyclades ACS console server as root Go to mnt flash FTP to the host where the new firmware is located Log in to the FTP server and go to the directory where the firmware is located ftp ftp open server ftp user admin ftp Password adminpw ftp cd tftpboot ftp bin ftp get zImage nnn zImage ftp quit NOTE The destination filename in the mnt flash directory must be zlmage Example hostname server directory tftpboot username admin password adminpw firmware filename on that server zlmage nnn NOTE Due to space limitations the new zlmage file may not be downloaded with a different name then renamed The Cyclades ACS console server searches for a file named zlmage when booting and there is no room in Flash for two zlmage files 5 To make sure the downl
169. s range list 1 32 enable yes Chapter 2 Network Configuration 17 2 Activate and save your configuration PC Card Management The Cyclades ACS console server s PC card slots support a number of interface cards such as Ethernet modem V 90 GSM CDMA and ISDN wireless LAN and storage cards Go to http www avocent com Then follow the links to Cyclades ACS console servers select your model number and click on the link for a list of supported PC cards PC card configuration and monitoring commands During the Cyclades ACS console server s boot process the cardmgr daemon monitors PC card sockets loads client drivers and runs user level scripts in response to card insertion and removal The cardctl command may be used at the Linux shell prompt to check the status of a socket or to view its configuration parameters Table 2 6 PC Card Configuration and Monitoring Commands Utility Description Ismod Displays the modules loaded for the PC card devices cardctl status Displays the socket s current configuration parameters cardctl config Displays the socket configuration including power settings interrupt VO Settings and configuration registers cardctl ident Displays card identification information including product identification strings manufacturer ID codes and function ID codes cardctl suspend Shuts down and disables power to a socket cardctl resume Restores power to a soc
170. s available for serial ports configured as CAS profile only You may define more than one pool of serial ports Each serial port may only belong to one pool The pool is uniquely identified by a four parameter scheme e protocol e pool ipno pool alias pool socket port The three parameters pool ipno pool alias and pool socket port have the same meaning as ipno alias and socket port respectively Ports that belong to the same pool must be configured with the same value It is strongly recommended that you configure the same values in all parameters related to authentication for all serial ports belonging to a pool You may access the serial ports from a pool with the same commands you use to access a specific serial port You need to use pool ipno pool alias or pool socket port instead of ipno alias or socket port with an SSH or Telnet command When a connection request arrives using one of pool ipno pool alias or pool socket port the Cyclades ACS console server looks for the first free serial port from the pool and assigns it to the connection If there is no free serial port in the pool the connection is dropped To configure port pooling Configuration is made in the etc portslave pslave conf file Don t forget to activate and save the configuration by issuing the commands runconf and saveconf respectively The following is an example of serial port pool configuration In this example there are two pools e pool
171. s the identity of users as well as confirms receipt of communication to authorized recipients Security Profiles The Cyclades ACS console server includes a set of security profiles that consist of predefined parameters to control access to the Cyclades ACS console server and its serial ports To select a predefined or define a custom security profile refer to Security Profiles on page 15 NOTE As an additional security measure all serial ports are disabled by default which allows the administrator to enable and assign individual ports to users Authentication The Cyclades ACS console server supports a number of authentication methods that may help the administrator with the user management Authentication may be performed locally or with a remote server such as RADIUS TACACS LDAP NIS or Kerberos Should the negotiation process with the authentication server fail an authentication security fallback mechanism is also employed In such situations the Cyclades ACS console server follows an alternate defined rule when the authentication server is down or does not authenticate the user CAUTION If you set the authentication service in the Cyclades ACS console server to NIS make sure that there is an entry for user id 0 zero the root user in the NIS server If you do not want an entry for user id 0 in the NIS server set the authentication service in the Cyclades ACS console server to Nis Local Otherwise root will not be able to ssh out
172. s used for the route outPort name name A label for the outgoing port to be used in log messages outPort pppcall filename Name of file from which the pppd reads options The file is located at letc ppp peers filename outPort remote ip IP address IP address of the remote workstation to which you want to connect outPort remote port port Remote TCP port for connections from this interface Chapter 2 Network Configuration 25 Table 2 14 Configuration Parameters for etc generic dial conf Continued BEE LOL EN EEE aaa Parameter Description outPort connection permanent Specifies how to maintain the outgoing path on demand permanent always connected on demand connects only when data enters through the serial port outPort timeout timeout Specify the inactivity time in seconds after which the connection is dropped seconds Any value other than zero enables the timeout appl retry interval minutes Specify the time to wait before reconnecting after a connection failure end lt dial out gt Ends the dial out application The following example displays the tail of an etc generic dial conf file with a dial out instance defined The outPort pppcall is defined as wireless to tell the application to read options from the etc ppp peers wireless file The outPort remote ip defines the IP address of the servers w
173. save your configuration Dual Power Management The Cyclades ACS console server comes with two power supplies which it may self monitor If either of them fails two actions are performed sounding a buzzer and generating a syslog message This automanagement may be disabled no actions are taken or enabled default any time by issuing the commands f signal ras buzzer off t signal ras buzzer on To disable the buzzer in boot time edit the shell script bin ex wdt led sh and remove the keyword buzzer The buzzer won t sound if there is a power failure in any power supply This parameter does not affect the behavior of the command signal ras buzzer on off To make this change effective even after future reboots create a line with bin ex wdt led sh in etc config files save and quit the file and run saveconf NOTE This section applies only to the dual power supply model of the Cyclades ACS console server Date and Time Timezone and Daylight Saving To adjust the date and time use the date command Timezone is configured using the CLI utility or WMI see ACS Installation Administration and User Guide for using the WMI to set time date and timezone information NOTE Setting the system timezone creates a new file called etc localtime which erases etc TIMEZONE Daylight Saving Time DST When the DST parameter is set to on the Cyclades ACS console server automatically adjusts its time information to comply with the time shift
174. sing a serial terminal You may select a server to connect to from the list or exit the system Welcome 1 Sun server 2 Dell server 3 Linux server 4 Quit Option gt To configure and set up a Menu Shell 1 Assign the menu shell to users who require access using the options provided by the menush cfg utility 106 Cyclades ACS Advanced Console Server Command Reference Guide 3 Type menush cfg and use the available options to define a menu title and menu commands MenuShell Configuration Utility Please choose from one of the following options 1 Define Menu Title 2 Add Menu Option 3 Delete Menu Option 4 List Current Menu Settings 5 Save Configuration to Flash 6 Quit Option gt Choose Add Menu Option and complete the requested fields The following question defines the action that must be taken Enter the command for the new menu option Select option 5 to save the configuration changes to Flash NOTE Action may be telnet host ip or ssh I username host ip where host ip is the IP address of the target server To assign ports to the menu shell 1 If no authentication is required to gain access to the menu configure the following parameters in etc portslave pslave conf for the ports that use this menu shell s lt x gt protocol telnet conf telnet bin menush s lt x gt authtype none Where lt x gt is the port number being configured If authentication is required to gain a
175. sponding to that rule s position in the chain Match extensions Iptables may use extended packet matching modules These are loaded in two ways implicitly when p or protocol is specified or with the m or match option followed by the matching module name after these various extra command line options become available depending on the specific module TCP extensions These extensions are loaded if the protocol specified is tcp or m tcp is specified It provides the following options Table 2 20 TCP Extensions i qe TCP extension Description source port port port Source port or port range specification This may either be a service name or a port number Inclusive range may also be specified using the format port port If the first port is omitted 0 is assumed if the last is omitted 65535 is assumed If the second port is greater then the first they is swapped The flag sport is an alias for this option destination port port port Destination port or port range specification The flag dport is an alias for this option tcp flags mask comp Match when the TCP flags are as specified The first argument is the flags which we should examine written as a comma separated list and the second argument is a comma separated list of flags which must be set Flags are SYN ACK FIN RST URG PSH ALL NONE Hence the command iptables A FORWARD p tcp tcp flags SYN ACK FIN RST SYN on
176. ss or name gt Port used default 25 p lt port gt Table 5 7 shows the message mount parameters Table 5 7 Message Mount Parameters RE Parameter Description FULLDATE The complete date when the message was sent FACILITY The facility of the message PRIORITY or LEVEL The priority of the message PROGRAM The message was sent by this program BUFFERING or SOCK HOST The name of the source host FULLHOST The name of the source host and the source driver Format lt source gt lt hostname gt MSG or MESSAGE The message received Chapter 5 Administration 93 The following example displays an email sent to z none com SMTP s IP address 10 0 0 2 from the email address a none com with subject ALARM The message carries the current date hostname of the Cyclades ACS console server and the message received from the source destination d maill pipe dev cyc alarm template sendmail t z none com f a none com s V ALARMV NN m SFULLDATE HOST SMSG h 10 0 0 2 um The following example shows how to send a message to the sms server destination ident pipe dev cyc alarm template sendsms lt pars gt where lt ident gt uniquely identify the destination The parameters are pars d
177. ssion the escape character followed by a dot must be entered at the beginning of a line To call ts menu from CLI 1 Execute the following command from the CLI prompt Refer to Table 4 8 for configuration parameters cli applications connect parameter value 2 Activate and save your configuration Chapter 4 Accessing Connected Devices 77 Table 4 8 ts menu Configuration Parameters Parameter Value Description consolename consolename Name of the serial port to which you need to connect list To display a list of the available serial ports readonly To connect to the console of a server in read only mode Add the serial port name parameter cli applications connect readonly consolename lt consolename gt TS Menu Script The ts menu script may be used to avoid typing long Telnet or SSH commands It presents a menu with the server names connected to the serial ports of the Cyclades ACS console server You must execute ts menu from a local system using a console Telnet SSH or a terminal connected to a serial port Syntax ts menu options console port Table 4 9 ts menu Options Option Description p Display TCP port P Use the TCP port instead just IP i Display local IP assigned to the serial port u lt name gt Username to be used in SSH Telnet command U Always ask for an username e char Escape character used by
178. sts the current sessions Backup configuration Save or restore configuration to an FTP server cli gt administration backupconfig parameter lt value gt Table B 4 Backup Configuration Parameters Parameter Level1 Parameter Level2 Parameter Level3 Value loadfrom ftp username lt username gt password lt password gt serverip lt serverip gt pathname lt pathname gt sd default config filename gt replace lt config filename gt saveto ftp username lt username gt password lt password gt serverip lt serverip gt pathname lt pathname gt sd default lt config filename gt replace lt config filename gt In the following example the command loads a configuration from a server with IP address 192 168 0 1 username john password john1234 and the configuration file located at home configuration backupconfig gt loadfrom serverip 192 168 0 1 pathname home configuration username john password john1234 Appendices 157 Firmware upgrade To upgrade the firmware on the Cyclades ACS console server 1 Enter the following command at the CLI prompt cli gt administration upgradefw ftpsite lt n n n n gt username lt name gt password lt password gt filepathname lt path gt checksum lt yes no gt As an example the following parameters are used to show the command usage FTP Server 192 168 100 111 Path images zImage User john Password john1234 cli administration upgradefw ftpsite 192 1
179. sudoers file is not saved to Flash automatically If you make changes to this file and wish to save the changes follow the standard procedure to save the config files file For an admin group user to be allowed to execute commands from the shell prompt the sudo command must be used Commands requiring root access privileges are executed by an admin user with the following command sudo shell command shell utility ACS utility other required parameters If a user with username admin belonging to the admin group is required the following shell script must be executed by user root to configure it addadmin Saveconf and Restoreconf The Cyclades ACS console server has two utilities for saving and restoring the configuration Saveconf utility The saveconf utility automatically creates a file in Flash to save the default and replace flags The filename is mnt flash config tgz You can also save a configuration file to and restore a configuration file from a remote ftp tftp or ssh server 110 Cyclades ACS Advanced Console Server Command Reference Guide Syntax Enter the following at the shell prompt to see the syntax for the options t saveconf help Usage Save to flash saveconf Save to storage device saveconf sd default replace Save to local file saveconf local FILE Save to FTP server saveconf ftp FILE FTP SERVER USER PASSWORD Save to TFTP server saveconf tftp FILE
180. t IPDUA 1 5 IPDU2 5 7 Activate and save your configuration cli config runconfig cli config savetoflash To configure user access to outlets 1 pmMenu Invoke the CLI utility and navigate to the pmdconfig directory cli gt config applications pmdconfig Enter one of the following strings to add or edit outlet groups pmdconfig gt usermanagement add lt username gt pmdconfig gt outletgroups edit lt groupname gt Assigning outlets to the user User username gt outletlist lt IPDU ID gt outlet name Activate and save your configuration cli gt config runconfig cli gt config savetoflash To manage IPDU appliances through pmMenu 1 3 Enter pmMenu at the shell prompt to open the power management menu Table 6 2 provides explanation for each menu item Select an option from the menu Follow the command instructions for the selected option Table 6 2 pmMenu and pmCommand Commands Menu Item Command Syntax Description Exit exit Exit pmMenu and return to the command prompt Help help Display a list of available commands with a description Who Am whoami Display the name of the current user List IPDUs listipdus List the IPDUs connected to the appliance 122 Cyclades ACS Advanced Console Server Command Reference Guide Table 6 2 pmMenu and pmCommand Commands Continued Menu Item Command Syntax Description List Groups listgroups List all outlet groups On
181. ters eese 20 Table 2 11 CDMA PC Card Configuration Parameters eene 21 Table 2 12 ISDN PC Card Configuration Parameters esse ese es se ee ee ee ee be Re Se ee ee ee 22 Table 2 13 Media PC Card Parameters sees ses se ese see se ee Se Se ee ee Ge ee Ge RA Re ee ee en 23 Table 2 14 Configuration Parameters for etc generic dial conf uses esse se se es 24 T ble 2 15 VAAS OE EE eo ee ee EE OE EE EN 30 Table 2 16 SNMP vI v2 Configuration Parameters see sees se ese ese ee se ese ee se se ee de ee ee ee ee ee 3l Table 2 17 SNMP v3 Parameters o eet eee eei elt tee epos 32 Table 2 18 iptables Commands Options eese eene eene ene 36 Table 2 19 iptables Rules Specifications ee Se ee Se Se ee ee Ge ee ener nenne 37 x Cyclades ACS Advanced Console Server Command Reference Guide T ble 2 20 TCP Extensions rc e b e ee EE deed s 39 T ble 2 2L5UDP Extensions ees dah tee eee babe RR 40 T ble 2 22 ICMP Extensions esee o reden e edm ur tidie 40 Table 2 23 Multiport Extensions ss e ete eee ta tee Ube eere da aede 40 Table 2 24 LOG Extensions siis ep aae deed ep a Ret eive eei EE 4I Table 2 25 LOG Extensi oti 2 bie e ER SER e d em E eo etre 42 T ble 2 20 SNAT Tatg t i e ie RE Ea RE D RR er EE 42 T ble 2 27 DNAT Target get ei ee eei e eei ede ete 43 Table 2 28 Masquerade Target citet er e RE HR Er ee e e ibd 43 T ble 2
182. test The number zero is equivalent to all Protocol all matches with all protocols and is taken as default when this option is omitted S source address mask Source specification Address may be either a hostname a network name or a plain IP address The mask may be either a network mask or a plain number specifying the number of 1 s at the left side of the network mask Thus a mask of 24 is equivalent to 255 255 255 0 A argument before the address specification inverts the sense of the address The flag src is a convenient alias for this option d destination address mask Destination specification See the description of the s source flag for a detailed description of the syntax The flag dst is an alias for this option 38 Cyclades ACS Advanced Console Server Command Reference Guide Table 2 19 iptables Rules Specifications Continued HE EN NEE a ER N 5 SON a EE iy etui LLLI IXQ Parameter Description j jump target This specifies the target of the rule for example what to do if the packet matches it The target may be a user defined chain other than the one this rule is in one of the special built in targets which decide the fate of the packet immediately or an extension see Match extensions If this option is omitted in a rule then matching the rule has no effect on the packet s fate but the counters on the rule is incremental The special built in targets are ACCEPT means to let th
183. the routing table using the command route The file etc config files contains a list of files that are affected by saveconf and restoreconf commands At the command prompt issue the command cat etc config files to see the list of files that are available in the Flash and are loaded into the Ramdisk at the boot time NOTE If any of the files listed in etc config files are modified the Cyclades ACS console server administrator must execute the command saveconf before rebooting the Cyclades ACS console server or the changes are lost If a file is created or a filename altered its name must be added to this file before executing saveconf and rebooting This speeds up the resolution of most problems Setting the maximum number of bytes received by the interface You can avoid CPU overload by setting a limit to the rate of bytes received The bootconf utility offers a way of setting this limit The default is set to 0 which disables the function For optimum performance set the value to 50000 LEDs Appendices 153 To set a limit of bytes received by the interface per second 1 Run bootconf Current configuration MAC address assigned to Ethernet 00 60 2e 00 16 b9 IP address assigned to Ethernet interfac 192 168 160 10 Watchdog timer A ctive or I nactive A Firmware boot from F lash or N etwork F Boot type B ootp T ftp or Bot H IT Boot File Name zvmppcts bin Server s IP address 192 168 160 1 C
184. thentication servers Execute the following command to configure authentication server parameters Refer to Table 3 2 for authentication servers parameters cli config security authentication parameter value 2 Activate and save your configuration NOTE If IPv6 is enabled then IP addresses in Table 3 2 can be entered in IPv6 format Table 3 2 Authentication Servers Parameters Authentication Server Parameter Value Kerberos krbdomain domain name krbserver n n n n LDAP Idapbasedomain sldapbasedomain Idapserver n n n n NIS nisdomain domain name nisserver n n n n Radius radiusacctsvr1 n n n n radiusacctsvr2 n n n n radiusauthsvr1 n n n n radiusauthsvr2 n n n n radiusretries number radiussecret lt radiussecret gt radiussvctype lt yes no gt radiustimeout lt number gt LDAP secureldap yes no 50 Cyclades ACS Advanced Console Server Command Reference Guide Table 3 2 Authentication Servers Parameters Continued e _ _ _ Authentication Server Parameter Value TACACS tacplusacctsvri n n n n tacplusacctsvr2 n n n n tacplusauthsvr1 n n n n tacplusauthsvr2 n n n n tacplusraccess yes no tacplusretries number tacplussecret tacplussecret tacplustimeout number
185. tself locally generated packets are mapped to the 127 0 0 1 address It supports one option Table 2 29 Redirect Target Target Description to ports lt port gt lt port gt Specifies a range of source ports to use This parameter overrides the default SNAT source port selection heuristics see SNAT NAT table only IPv4 only This parameter is valid when the rule specifies p tcp or p udp 44 Cyclades ACS Advanced Console Server Command Reference Guide To configure firewall fwset script Iptables rules are stored in etc network firewall The fwset script saves the iptables rules in etc network firewall and saves it to Flash memory fwset restore Restores the iptables rules previously saved in etc network firewall to their original configuration This command is executed at boot to invoke the last saved configuration 1 Execute fwset restore 2 Add the required chains and rules See Configuring IP tables on page 35 3 Execute iptables save etc network firewall 4 Execute fwset etc network firewall to save the configuration in Flash memory Static Routes The Static Routes form allows you to manually add routes The routing table defines which interface should transmit an IP packet based on destination IP information Static routes are a quick and effective way to route data from one subnet to another The static routing table may be viewed using either of the following commands root CAS root
186. ude macros by prefixing the macro name with a sign which gets expanded when the message is written Since the state of each created file must be tracked by syslog ng it consumes some memory for each file If no new messages are written to a file within 60 seconds controlled by the time reap global option it s closed and its state is freed Available macros in filename expansion HOST The name of the source host from where the message originated FACILITY The name of the facility from which the message is tagged PRIORITY or LEVEL The priority of the message PROGRAM The name of the program the message was sent by YEAR MONTH DAY HOUR MIN SEC The year month day hour min sec of the message was sent TAG Equals FACILITY LEVEL FULLHOST The name of the source host and the source driver source driver 9 hostname MSG or MESSAGE The message received FULLDATE The date of the message was sent Available options log fifo size number The number of entries in the output file sync freq number The file is synced when this number of messages has been written to it owner name group name perm mask Equals global options template string Syslog ng writes the string in the file You may use the MACROS in the string encrypt yes no Encrypts the resulting file compress yes no Compresses the resulting file using zlib pipe filename options This driver sends messages to
187. umber when callback is enabled localip n n n n Assign a local IP address for PPP communication remoteip n n n n Assign a remote IP address for PPP communication otpauthreq yes no Enable or disable One Time Password OTP authentication To configure a CDMA PC card example 1 Enable and configure the CDMA PC card cli config network pcmcia 2 cdma speed 28800 addinit command Enable callback and add the call back number if desired cli config network pcmcia 2 cdma cdma gt enablecallback yes callbacknum 4155552515 localip 10 0 0 1 remoteip 10 0 0 2 Enable One Time Password authentication if required Activate and save your configuration 22 Cyclades ACS Advanced Console Server Command Reference Guide ISDN PC cards In order to configure an ISDN PC card enter the following command Refer to Table 2 12 for parameter descriptions cli config network pcmcia slot isdn localip lt n n n n gt remoteip lt n n n n gt enablecallback yes no callbacknum lt string gt Table 2 12 ISDN PC Card Configuration Parameters Parameter Value Description enablecallback yes no Enable or disable ISDN call back feature callbacknum string Add a call back number when callback is enabled localip n n n n Assign a local IP address for PPP communication remoteip n n n n Assign a remote IP address for PPP communication To configure an ISDN PC card example 1 Enable and configure the
188. utomatically completes the parameter name If there is more than one parameter name beginning with the typed characters then pressing the Tab key again displays them all For example cli i Tab info cli a Tab Tab administration applications Pressing the Tab key after the first level command displays the commands one level down in the hierarchy For example cli config Tab administration ipmi restorefromflash security applications network runconfig discardchanges physicalports savetoflash Saving CLI changes Configuration changes made in any of the CLI modes are temporarily Changes are not activated and saved into the configuration files unless you run the commands described in the following table Table 1 2 CLI Commands for Saving Configuration Changes Command Action config runconfig Saves and activates configuration changes in the appropriate configuration files config savetoflash Saves any unsaved configuration changes in the configuration files and creates a zipped backup copy of the files in a backup directory for possible later retrieval config discardchanges Restores the backed up configuration files overwriting any configuration changes made since the last time the savetoflash option was executed Chapter 1 Using the Command Line Interface 5 Using CLI hotkeys The CLI hotkeys may be used to perform the following types of actions e Move the cursor on the command line e Move through
189. yclades ACS Advanced Console Server Command Reference Guide Syslog Messages The Cyclades ACS console server may generate syslog messages to enable system administrators to monitor system changes Syslog messages are generated when specific actions are performed or certain conditions are met through user entered commands The system generates and sends messages to a syslog server using the following format e Tag a fixed string used by the user to create filters EVT event number gt e Text the text that contains the condition or action You may use the information provided in the CYCLADES ACS TRAP MIB ASN to create filters and generate alarms about the Cyclades ACS console server events DCD ON OFF Syslog Messages The Cyclades ACS console server may generate an alert when a serial console cable is removed from the Cyclades ACS console server or when the serially attached server is turned off Also when a modem is connected this feature may detect if the modem is still turned on and active The DCD signal is monitored and a syslog message is generated when the state of the signal changes The syslog message may be handled by syslog ng to generate an event notification To configure DCD syslog messages 1 Open the etc portslave pslave conf file vi etc portslave pslave conf 2 Setthe all dcd or sXX dcd parameter to 1 in the etc portslave pslave conf file all dcd 1 or sXX dcd 1 Where XX is the desired port number 3
190. ype help to see a list of commands or menu to invoke the menu driven interface 2 To view a list of connected IPDU appliances enter the following command pmCommand listipdus 3 To change an IPDU ID enter the following command pmCommand id current IPDU ID new IPDU ID NOTE Issuing a pmCommand without an IPDU ID may apply the changes to all IPDU appliances connected to the Cyclades ACS console server or it may generate an error message Make sure to add the IPDU ID to a pmCommand IPDU appliances may also be referenced by the location of the IPDU In this case the location should be preceded with an exclamation For example to display the maximum detected current on the third IPDU connected to serial port 2 enter the following command at the pmCommand prompt pmCommand current display ttyS2 C Outlet groups should be referenced by a name which is unique among the outlet groups For example pmCommand lock groupl To configure outlet groups l Invoke the CLI utility and navigate to the pmdconfig directory cli config applications pmdconfig 2 Enterone of the following strings to add or edit outlet groups pmdconfig outletgroups add groupname pmdconfig outletgroups edit groupname Chapter 6 Power Management 121 At the Group prompt enter the following string to assign outlets to the group Group groupname outletlist IPDU ID outlet name For example Group groupname gt outletlis
Download Pdf Manuals
Related Search