Emerson Avocent ACS 6000 Advanced Console Server User Guide
Contents
1. To configure group an LDAP authentication server On the LDAP server edit the info attribute for the user and add the following syntax info group_name lt Group1 gt lt Group2 gt lt GroupN gt DSView software access rights An administrator can configure how the DSView software s viewer session rights will be mapped to the console server s access rights when a user accesses a target via the DSView software s serial viewer To configure the map of DSView software access rights to console server access rights 1 Click Users Authorization DS View Access Rights 2 Select the desired access rights and click Save Event Notifications The console server will generate notifications for a variety of events You can configure the console server to direct or store those event notifications to various destinations for immediate use or for analysis later Event List The Event List screen lists console server events each of which can be configured for SNMP Traps Syslog DSView software Email and SMS To configure Events 1 Click Events and Logs Events 2 Locate the events for which you want notification sent and select the checkbox es next to the event number s 3 Click Edit 4 Ifyou want an event notification sent for any configured event destination type click its associated Send checkbox 5 Click Save The Events page appears with an X in the column below the destination type if the Send box was2. If ICMP is selected from the Protocol menu the ICMP Type pull down menu is activated If an administrator enters the Ethernet interface ethO or eth1 in the input or output interface fields and selects an option 2nd and further packets All packets and fragments or Unfragmented packets and 1st packets from the Fragments pull down menu the target action is performed on packets from or to the specified interface if they meet the criteria in the selected Fragments menu option To add a chain 1 Select Network Firewall 2 Select either Pv4 Filter Table or IPv6 Filter Table as needed 3 Click Add 4 Enter the name of the chain to be added 5 Click Save NOTE Spaces are not allowed in the chain name 6 Add one or more rules to complete the chain configuration To change the policy for a default chain NOTE User defined chains cannot be edited To rename a user added chain delete it and create a new one 1 Select Network Firewall 2 Select either Pv4 Filter Table or IPv6 Filter Table as needed 3 Select the checkbox next to the name of the chain you want to change FORWARD INPUT OUTPUT 4 Click Change Policy and select Accept or Drop from the drop down menu 5 Click Save To add a rule Accessing the Console Server via the Web Manager 33 1 Select Network Firewall 2 Select either Pv4 Filter Table or IPv6 Filter Table as needed 3 From the chain list clickthe name of the chain you wan
3. any valid command lt CR gt Carriage Return or Enter key OK Result Code Sample Command String Command Description ATDT7678900 lt CR gt ew the modem to dial the number 7678900 and attempt to connect to the remote ATS0 2 lt CR gt Enables auto answer option When the modem detects a ring it will attempt to answer after two rings Basic AT Commands Command Description ATA Repeat the previous command ATBO CCITT operation at 300 or 1200 bps ATB1 Bell operation at 300 or 1200 bps default ATD ATDO 9 Dial the DTMF digits 0 to 9 78 Avocent ACS 6000 Advanced Console Server gt Me cE gt 2 5 a Ui o E r D gt Ma KZ ORE JE TI 2 ao gt ius O o oy U ATDP Select pulse dialing effects current and subsequent dialing ATDT Select tone dialing effects current and subsequent dialing ATD Flash go on hook by time defined by S29 Wait for dial tone detection before dialing a number If no dial tone is detected within the time ATDW specified by S7 the modem aborts the rest of the sequence goes on hook and generates an error message Wait for five seconds of silence before proceeding with next dialing string and then complete handshake sequence Pause The modem pauses for a time specified by S8 before dialing the number Most often used ATD ae eee when dialing an outside line through a PBX ATLO ets the speaker volume off ATL1 ets the speaker volume low d
4. arvo ATV1 Appendices 79 Command Description detected NO CARRIER will be reported instead of NO DIALTONE Disables monitoring of busy tones Sends only OK CONNECT RING NO CARRIER ERROR NO DIALTONE and CONNECT XXXX If busy tone detection is enforced and busy tone is detected NO CARRIER will be reported instead of BUSY If dial tone detection is enforced or selected and dial tone is not detected NO CARRIER will be reported instead of NO DIALTONE Enables monitoring of busy tones Sends only OK CONNECT RING NO CARRIER ERROR ATX3 NO DIALTONE and CONNECT or CARRIER XXX If dial tone detection is enforced and dial tone is not detected NO CARRIER will be reported ATX4 Enables monitoring of busy tones Sends all messages default ATZO AT amp CO DCD remains on at all times AT amp C1 DCD follows the state of the carrier default AT amp DO Ignores DTR AT amp D1 Enters the escape mode when ON to OFF transition is detected on DTR Hangs up assumes command state and disables auto answer upon detecting ON to OFF AT amp D2 a transition of DTR default AT amp D3 ON to OF F transition causes the modem to perform a soft reset It is the same as if an ATZ command is issued ATAF ATEGO AE AT amp G2 ATEKO ATAKS ATEKA ATAKS ATAPO AT amp P1 3 67 make break ratio at 10 pulses per second AT amp P2 9 61 make break ratio at 20 pulses per second AT amp P3 3 67 make break ratio at 20 pulses per second AT amp Q
5. Click the On Off or Cycle radio button if desired Or Click Add to add an outlet group The Add Group screen appears Enter the name in the Group Name field Click Save To view and change outlet group information Select Power Management Outlet Groups Click the name of the outlet group you want to view or manage To add outlets click Add to add a new outlet to the group Fill the fields and click Save to return to the Outlet Group Details table To delete outlets check one or more boxes next to the outlet s you want to remove from the group Click Delete then click Close when finished 68 Avocent ACS 6000 Advanced Console Server Network PDUs Power devices connected to the network with SNMP read write enabled can be used for remote power management The console server enables authorized users to turn power on and turn power off in devices that are plugged into the network PDU The following type of power devices are support via network connection Avocent Power Management Power Distribution Unit PM PDU Emerson Network Power MPH2 rack Power Distribution Units PDUs as well as MPX and MPH rack PDUs with RPC2 cards installed Server Technology Sentry family of Switched Cabinet Power Distribution Units CDUs and switched CDU Expansion Module CW CX power devices NOTE SNMP needs to be enabled and have one community with write permission enabled in the PDU By selecting the Network PDUs node an
6. Configure the polling rate d For Avocent Cyclades PDUs enter the power cycle interval and then use the drop down menus to enable or disable Syslog Buzzer and SW Overcurrent Protection 4 Click Save To configure or edit auxiliary port with a connected or internal modem 1 Select Ports Auxiliary Ports 2 Click the Set Dial In or Set Dial Out button and use the drop down menus to configure the Dial in settings 3 Configure the PPP parameters address authentication and so on 4 Click Save CAS Profile An administrator can configure settings for auto discovery and for auto answer features Auto discovery The auto discovery feature will discover the target name of the server connected to the serial port This name will be used as the alias of the serial port When auto discovery is active for a certain serial device upon target connection DCD ON event the appliance will send probe strings and start analyzing target device answers using regular expressions There will be predefined probe and match strings as well as customer defined ones For each probe string sent all regular expressions defined by the match strings will be tested After the last cycle the sequence restarts This procedure will run for a certain period given by the auto discovery time out parameter or until the target is successfully detected If auto discovery fails the Accessing the Console Server via the Web Manager 43 target name will be res
7. IPv4 IPv6 Configures the local IPv4 IPv6 address for this PPP connection Address Remote IPv4 IPv6 Configures the remote Pv4 IP v6 address for this PPP connection Address Uses the radio button to select none PAP CHAP or EAP None no authentication PAP use PAP protocol and the authentication type configured in the PPP authentication type it is configured in the Authentication Unit Authentication page s CHAP use CHAP protocol The configuration of the CHAP secrets should be done while editing the file etc ppp chap secrets EAP use EAP protocol Available authentications CHAP SRP SHA1 and TLS The configuration of the secrets for CHAP should be done while editing the file etc ppp chap secrets The configuration of the secrets for SRP SHA1 should be done while editing the file etc ppp srp secrets Default None Configure the CHAP interval CHAP max challenge and CHAP restart Default values CHAP Interval 0 s CHAP Max Challenge 10 CHAP Restart 3 es Number of seconds being idle before PPP times out Default 0 no time out To configure or to edit one or more serial ports with a connected PDU 1 Select Ports Serial Ports Click the checkbox for one or more serial ports with a connected PDU Click the Set Power button and use the drop down menus to configure the physical settings Click Next or click the Power link amp mp a Use the drop down menu to select the PDU type b
8. Check the box to enable speed auto detection c Configure the polling rate d For Avocent Cyclades PDUs enter the power cycle interval and then use the drop down menus to enable or disable Syslog Buzzer and SW Overcurrent Protection 5 Click Save Power Parameters Parameter Description Physical IN Sba Cisco RI AS Fin Defines the serial port pinout Default Disabled Accessing the Console Server viathe Web Manager 41 Description Defines the speed as 300 1200 2400 4800 9600 19200 38400 57600 or 115200 Default 9600 Defines the parity as either Even Odd or None Default None Defines the data bits as either 5 6 7 or 8 Default 8 Defines the stop bits as either 1 or 2 Default 1 Defines the flow control as none hardware software RxON software or TXON sofware Default None Defines the type or vendor of the PDU connected to the serial port e Auto the vendor will be detected e Avocent Cyclades Avocent Cyclades PM PDU family e SPC SPC power control device family Server Tech Server Tech family Default Auto f When enabled detects the speed of the port Default Disabled Detection Pooling Rate The interval in seconds to update information from the PDU Default 20 For Avocent Cyclades PDUs The interval in seconds between Off and On actions for the power cycle command Default 15 When enabled the PDU will send syslog messages to the appliance Default Enabled Enab
9. Complexity is selected 3 If password complexity is enabled enter the desired values for password complexity 4 Enter the desired values for Default Expiration 5 Click Save User groups User groups are given access and authorizations either by default or as assigned by an administrator Administrators can alter the permissions and access rights of users belonging to the appliance admin or user groups or create additional groups with custom permissions and access rights Administrators can add delete or modify permissions and access rights for users from any group at any time If an administrator configures the console server to restrict user access to ports the administrator can assign users to groups that are authorized for port access The administrator can also authorize groups for power management and data buffer management This document and the software refer to users whose accounts are configured on remote authentication servers as remote users Remote users do not need local accounts Radius TACACS and LDAP authentication services allow group configuration If a remote user is configured as a member of a remote group the authentication server provides the group name to the console server when it authenticates the user A local group by the same name must also be configured on the console server If an authentication server authenticates a remote user but does not return a group then the remote user is by default assigned
10. Connection Terminal Block Oms sa 48VDC 220 0 5A DC Power Connection Details Number Description Number Description 1 Powerswicn GND Ground To turn on a console server with DC power 1 Make sure the console server is turned off Make sure DC power cables are not connected to a power source Remove the protective cover from the DC power block by sliding it to the left or right Loosen all three DC power connection terminal screws Oo 2 N Connect your return lead to the RTN terminal your ground lead to the GND terminal and your 48 VDC lead to the 48 VDC terminal and tighten the screws Slide the protective cover back into place over the DC terminal block If your console server has dual input DC terminals repeat steps 3 6 for the second terminal Connect the DC power cables to the DC power source and turn on the DC power source o N Turn on the console server Installation 13 10 Turn on the power switches of the connected devices Configuring a Console Server A console server may be configured at the appliance level through the command line interface accessed through the CONSOLE or Ethernet port All terminal commands are accessed through a terminal or PC running terminal emulation software NOTE To configure using DSView software see the DS View Software Installer User Guide To configure using the console server s web manager see Chapter 3 To configure using Telnet or SSH see the ACS
11. For connected PDUs click the Select PDU button to activate the Connected PDUs and Outlets fields 2 oe oe 9 Select Connected PDU from the pull down menu 7 Enter the outlets assigned to the user group NOTE Outlets can be specified individually for example 1 3 6 8 or as a range for example 1 4 or a combination of both for example 1 4 6 8 which assigns access to outlets 1 2 3 4 6 and 8 8 Ifa custom PDU ID has been created for future use and you want to pre assign outlets click the Custom button to enter the custom PDU ID name and specify the outlets 9 Click Save To assign appliance access rights for custom user groups 1 Click Users Authorization Groups 2 Click the new user group name 3 Inthe side navigation bar click Access Rights Appliance 4 Select the desired appliance access rights and click Save To configure a group in a TACACS authentication server 60 Avocent ACS 6000 Advanced Console Server 1 On the server add raccess service to the user configuration 2 Define which group s the user belongs to in the raccess service following this syntax group_name lt Group1 gt lt Group2 GroupN gt For example In the console server configure a new authorization group TACACS _1 and configure the access rights for this group In the TACACS server configure the user regina with the following attribute raccess group name TACACS 1 Then configure the user specia
12. RAEPRESS 11 DG DOW Cir id eet cei ee ee 12 Configuring a Console Server 13 Using Telnet or SSH ax 9 Xa e a l k eee oe eee Hd R ee eee eee eee coe de even eee 13 Accessing the Console Server via the Web Manager _ _ 2 222000 KK 17 Web Manager Overview for Administrators 1 2 2 2 000000 ccc cece cece cece cece cece ceeceeeeeeeeeeeeeeees 17 Wizard NOGE u uscuzoto ur la Ske ee ete oleate a tias 18 Expert Mode HHH HH HHHHHHHHHHHHREr E ErHHHHHHHHHHBHHHHH HH 20 ACCESS ato a ea iii 20 wus crea a 3m Seale aes 2 iia ee eget See el Bo 21 System HN HHHH HH nv 22 NOC UNL UD DD en ee ee Se a le n te 22 Date ana WING ss tees er es td Nite et ds ote Rt te de a ee A Ate 26 Help and Language nes 27 AAA tae i e nee EUR ee ost beak oot eh ee aia le ed 27 Boot Configuration 2 222 220 0200 eee 28 Avocent ACS 6000 Advanced Console Server IMPOMMNALION NEW ds pees Bessey E A LA ea MMDP2ZMIDInIPZZPZ D EoE 28 e A tat ee cule A e E e e a a enan 29 IST Oe O 29 SENINGS tino distinto iia ri Samm alone 29 DEVICES ME O R See DO ea SA AN n yn RNIN ere o JR e Wi Sare reyna N Sek DK 2 dereya SON Se SEA 29 IPv4 and IPv6 static routes c ac s n Z dS ab AT 2 n DEWA DAW aah E aA la E Ta N Ae Ta 30 OS tree de ED lt E EN Ma Rte e DT 30 Firewalls ces EN Soak ded dee Std W ot ea Re oe es ye 31 IPSec VPN nas cette ar desatendido 33 SNMP Configuration L cece ccc cece eee cece cece cee a kan AE E RZ 34 P
13. Rights screen appears and lists all access rights available to a member belonging to the admin group All appliance access rights are shown enabled checked Available appliance access rights are e View Appliance Information e Disconnect Sessions and Reboot Appliance e Appliance Flash Upgrade and Reboot Appliance e Configure Appliance Settings e Configure User Accounts e Backup Restore Configuration e Shell Access e Transfer Files 56 Avocent ACS 6000 Advanced Console Server NOTE The Appliance Access Rights screen for the admin and appliance admin user groups is read only and cannot be changed Unchecking any box and clicking Save will result in an error message The console server will maintain all rights selected appliance admin group Members of the appliance admin group have access restricted to tasks for managing only the appliance Appliance admin user group members have no access to the serial ports or power management options and share all of the appliance access rights as admin except for Configure User Accounts and Shell Access which are permanently disabled for this group user group Members of the user group have access to target devices unless they are restricted by an administrator but have no access rights for the console server Administrators can add appliance access rights and permissions and can add users to custom user groups to add permissions and access rights as needed By default all selections on
14. SNMPv3 and ADSAP2 is in FIPS mode All security functions and cryptographic algorithms used by the service are performed in FIPS 140 2 Approved mode To enable the FIPS module 1 Select System Security FIPS 140 2 Check the box to Enable the FIPS 140 2 Module and click Save The console server will automatically reboot During the reboot the console server will erase SSH keys update the configuration of HTTPD SSHD ADSAP2d and SNMPD files and test the 24 Avocent ACS 6000 Advanced Console Server integrity of the FIPS Object Module Once the reboot is complete the console server will accept SSH and HTTPS connections using only FIPS approved ciphers When FIPS is enabled the following restrictions apply For SSH sessions Protocol version 1 will be disabled Triple DES CBS and AES 128 192 256 are the only encryption ciphers that will be accepted HMAC SHA1 and HMAC SHA 1 96 are the only message integrity algorithms that will be accepted Only RSA keys 1024 to 16384 bits will be accepted HTTPS sessions will accept only the SSL v 3 1 TLSv1 protocol to establish the SSL tunnel with one of the following encryption ciphers AES 256 SHA AES 128 SHA Triple DES SHA DES CBC3 SHA SNMP version 3 requests will be accepted when authentication is SHA and the encryption cipher is AES HTTPS Certificate You can generate a new self signed certificate or download a signed certificate to the appliance from an FTP server or from your
15. Serial Session Enabled stores data at all times Disabled stores data when a CAS session is not opened i Default Enabled ws a A special event notification will be generated when input data matches one of the alert strings Status Default Disabled Alert Strings Strings used to generate event notifications Default Empty Name of shell script that will be called when there is match of the alert string in the line The Scripts script will be called with two arguments the port number and the line where the match happened To configure the Dial in Profile for a serial port with a connected modem 1 Select Ports Serial Ports 2 Click the checkbox for a serial port with a connected modem 3 Click the Set Dial button and use the drop down menus to configure the dial in settings 4 Configure the PPP parameters address authentication and so on and click Save Dial in Parameters Parameter Description Enables or disables the port Default Disabled The speed that will be used by mgetty to configure the serial device Default 38400 bps Chat for modem initialization Default d d d d d dATZ OK Configures the local and the remote IP address for the the PPP link If Accept Configuration PPP Address from Remote Peeris selected the remote peer should send both IP addresses local and remote during negotiation Default No Address 40 Avocent ACS 6000 Advanced Console Server Parameter Description Local
16. administrator can add new Network PDUs or edit configuration of current ones The following functionalities are supported for Network PDUs Power Control turn on turn off and cycle reboot outlets rename the PDU and rename the outlets To add a network PDU 1 Select Power Management Network PDUs Click Add Enter the IP address ofthe network PDU Select the PDU type Net ServerTech or Net MPH MPX Enter the interval to poll the PDU for the status of the outlets 9 an K M M Enter the community name that has write permission in the PDU NOTE The support for network PDUs is restricted to power operations turn on turn off cycle outlets rename PDU and rename outlets Active Sessions The console server allows multiple users to log in and run sessions simultaneously The Active Sessions feature allows you to view all active sessions and kill any unwanted sessions Click Active Sessions to view all open sessions on the console server Accessing the Console Server via the Web Manager 69 NOTE If you start another session with the console server while viewing this screen it will not be visible until you click Refresh at the top of the web manager window To kill an active session 1 Click Active Sessions The Active Sessions screen appears and lists all open sessions to the console server by the user s workstation IP 2 Select the checkbox next to the session you want to kill then click the Kill button After a few
17. bridge the gap between IT and facility management and deliver efficiency and uncompromised availability regardless of capacity demands Our solutions are supported globally by local Emerson Network Power service technicians Learn more about Emerson Network Power products and services at www EmersonNetworkPower com 590 767 501G EMERSON CONSIDER IT SOLVED
18. checked on the Events Settings screen 62 Avocent ACS 6000 Advanced Console Server Event Destinations The console server will generate notifications for a variety of events You can configure the console server to direct or store event notifications to various destinations for immediate use or for analysis later To configure Event Destinations 1 2 9 Click on Event and Logs Event Destinations Under the Syslog heading use the drop down menu to select the Facility Select Remote Server IPv4 to enable syslog messages to be sent to one or more remote IPv4 syslog servers and enter the IPv4 Address or Hostname and the UPD port for each remote syslog server Or Select Remote Server IPv6 to enable syslog messages to be sent to one or more remote IPv6 syslog servers and enter the IPv6 Address or Hostname and the UPD port for each remote syslog server Select Appliance Console to send messages to the console server s console Select Root Session to send syslog messages to all sessions where you are logged in as root user Under the SNMP Trap heading enter the name of the community defined in one or more of the SNMP trap servers in the Community field then enter the IP addresses of up to five servers in the server fields Under the SMS heading enter the SMS Server Port and Pager Number information in the appropriate fields Under the Email heading enter the Server Port and Destination Email informa
19. desktop To generate a new self signed certificate 1 Select System Security HTTPS Certificate 2 Check the radio button next to Generate Self Signed Certificate 3 Enter the desired information in the self signed certificate fields Country State Province City Locality Organization Organization Unit Common Name Email Address and Netscape Comment 4 Click Generate Download The generated certificate s information will be displayed 5 Click Install The certificate will be saved and the browser server will restart to use the new certificate To download a signed certificate 1 Select System Security HTTPS Certificate Accessing the Console Server via the Web Manager 25 2 Check the radio button next to Download Certificate from FTP Server to download the file from the FTP server 3 Enter all information aboutthe FTP server FTP site IP address Username Password File Directory and File Name Or Check the radio button next to Download Certificate from My Computer to download the file from your desktop 4 Enter the filename s path or click Browser to browse to the file 5 Click Generate Download The generated certificate s information will be displayed 6 Click Install The certificate will be saved and the browser server will restart to use the new certificate NOTE The browser server will restart to use the new certificate all http https sessions will close and user needs to re es
20. enter the time in the Close Log Files and Open New Ones at Time HH MM field This will be valid for local and NFS data buffering To configure data buffer storage on a syslog server in the Syslog Data Buffering Settings section select a facility number from the drop down menu Log Local 0 Log Local 1 Log Local 2 Log Local 3 Log Local 4 or Log Local 5 Click Save Appliance logging To configure appliance logging 1 2 3 Click Enable appliance session data logging a Select the destination for appliance session data logs from the pull down menu Choices are Local NFS Syslog and DSView b Enable or disable timestamping the appliance session data logs Click Enable appliance session data logging alerts Enter the desired alert strings up to ten in the fields provided 64 Avocent ACS 6000 Advanced Console Server 4 Click Save Sensors The console server has sensors that monitor the internal temperature You can specify an operating range for the console server that fits its environment CAUTION Do not use values that exceed the maximum and minimum temperatures Technical Specifications on page 71 To configure the temperature sensors 1 Click Events and Logs Sensors 2 Inthe Maximum Temperature field enter the temperature in degrees Celsius that if exceeded will generate an event notification 3 Inthe Maximum Temperature Threshold field enter the temperature threshold in degrees Celsius be
21. name will be used when auto discovery fails to discover the server name Check the box to enable speed auto detection NOTE Auto speed detection requires additional configuration in the CAS Profile Auto Discovery Settings screen Use the appropriate drop down menus to set the protocol and authentication type Enter the text session hotkey and power session hotkey in the appropriate fields Enter the TCP port alias for each protocol type Telnet SSH and Raw Mode in the appropriate field Enter the IPv4 or IPv6 alias and its interface in the appropriate field h To allow a session only if DCD is on and to enable auto answer check the appropriate boxes Use the drop down menu to select the DTR mode and enter the DTR off interval Use the drop down menus to enable or disable line feed suppression and NULL after CR suppression Enter the transmission interval break sequence and break interval in the appropriate fields Accessing the Console Server via the Web Manager 37 Use the drop down menus to enable or disable log in out multisession notification and informational message notification 5 Click Next or click the Data Buffering link and use the drop down menus to enable and configure data buffering 6 Click Nextor click the Alerts link a Click Enable Alerts to enable detection of alerts b Click Add to add an alert string In the Alerts String field enter the string In the Script field enter the she
22. seconds the Active Session screen will redisplay the open sessions minus the one you killed Monitoring When you click Monitoring a variety of network and console port information is available for viewing The screens are only for viewing and have no interactivity with the user The following table shows the types of information available Monitoring Screens Screen Name Shows Ethernet ports and PC card Device Name Status enabled disabled Pv4 Address Devices Definition IPv4 Mask and IPv6 Address not available on all models Shows Device Name Profile Settings Signals TX Bytes RX Bytes Frame Error Parity Serial Ports Error Break and Overrun The Reset Counter button allows administrators to reset the statistic counters for selected ports Fips Mode Shows Service Name and Mode Indication Change Password An administrator or user can change their own password from this screen To change your own password 1 Select Change Password 2 Enter the old password and new password in the appropriate fields 3 Confirm the new password then click Save 70 Avocent ACS 6000 Advanced Console Server Web Manager Overview for Regular Users The following figure shows features of the web manager for a regular user Web Manager Regular User Screen TET Avocent SA 027009837 Vito se Cyclades ACS6000 Web Manager Regular Users Screen Functional Areas Number Description 1 Top option bar The name o
23. specify a NextHop IP address The next hop for the remote or right host is the IP address of the router to which the remote host or gateway running IPSec sends packets when delivering them to the left host The next hop for the left host is the IP address of the router to which the console server sends packets to for delivery to the right host 34 Avocent ACS 6000 Advanced Console Server A Fully Qualified Domain Name should be indicated in the ID fields for both the Local Left host and the Remote Right host where the IPSec negotiation takes place The following table describes the fields and options on the PSec VPN Add screen The information must match exactly on both ends for local and remote Field and Menu Options for Configuring IPSec VPN FieldName Definition Name Any descriptive name you wish to use to identify this connection Authentication The authentication protocol used either ESP Encapsulating Security Payload or AH Protocol Authentication Header Boot Action The boot action configured for the host either Ignore Add or Start Bulientication Authentication method used either RSA Public Keys or Shared Secret Enter the required address or text for each of the four fields for both Remote Side and Local Side ID This is the hostname that a local system and a remote system use for IPSec negotiation and authentication It can be a fully qualified domain name preceded by For example hostname xyz com IP Ad
24. speed from the Default Speed on Auto Discovery Failure drop down menu and Probe Speed List d Click Save 3 To add a new probe or match string or delete an existing string perform the following steps a Select Probe Strings or Match Strings 44 4 Avocent ACS 6000 Advanced Console Server b To add a string click Add enter a new string in the New Probe String or New Match String field and click Save c To delete a string select the checkbox for the string and click Delete Click Save To configure the input output strings used by auto answer 1 2 Select Ports CAS Profile Auto Answer To add an auto answer input and output string click Add Enter a new string in the Input String or Output String fields and click Save Or To delete an auto input and output string select the checkbox next to the string you want to delete Click Delete then click Save Pool of CAS ports An administrator can create a pool of serial ports where each serial port in the pool shares a pool name Telnet Port Alias SSH Port Alias Raw Mode Port Alias IPv4 Alias and IPv6 Alias The first available port in the pool is used as the serial port for connection NOTE The multiple session access right does not have any effect when using a pool of CAS ports When all ports in the pool are taken the connection to the pool is denied NOTE All ports in the pool must share the same CAS protocol The protocol is validated durin
25. the Add button You can remove any names from the box on the right by double clicking on the name or by selecting the name and clicking the Remove button 5 Ifyou want to add remote users to the new user group these must be valid names in your remote authentication server add them in the New Remote Users field 6 Click Save To remove members from a user group 1 Click Users Authorization Groups 2 Click the user group name 3 Check the box es of the member s you want to remove Click Delete to delete the selected members To configure a session idle time out and or login profile for a group 1 Click Users Authorization Groups 2 Click on the name of the group whose session idle time out and or login profile you want to set In the side navigation bar click Login Profile 3 Select the radio button to use either the global settings for the Session Timeout or to use custom settings for the user group If using custom settings enter the custom session timeout in seconds in the field 4 Check the Enable Log In Profile box 5 Click fs menu to use the ts_menu application when a member of the selected user group opens a session in the console server Enter the ts menu options in the Options field Or Click CLI to use CLI when opening a session Enter the CLI command in the CLI cmd field and check the box if you want to exit after executing the command 6 Click Save NOTE If the user belongs to multi
26. the Appliance Access Rights screen will be disabled NOTE The Appliance Access Rights screen for the user group can be changed at any time by an administrator This will change the access rights for all members of the console server s user group shell login profile Members of the shell login profile group have access to the shell after logging in By default the root user belongs to this group This is not a protected group and can be deleted Managing user groups Administrators and members of the admin group can create custom user groups that contain any users Permissions and access for custom user groups will be determined by the top level user group permissions To create a custom user group 1 Click Users Authorization Groups The Groups screen is displayed and contains a list of the three default user groups and any additional custom user groups that have been created 2 Click Add in the content area 3 Enter the name of the new user group you are creating 4 Click Save To add members to a user group 1 Click Users Authorization Groups Accessing the Console Server viathe Web Manager 57 2 Click the user group name 3 Click Add The Members Assignment screen is displayed showing a list of available users in the left box and an empty box on the right 4 Move users from the Available Users box on the left to the box on the right by double clicking on the username or by selecting the name and clicking
27. the System tab and enter the the phone number assigned to the DSView server in the Analog Phone Number field Select DSView Settings Dial up and click Enable Dial up Select Modem Type Analog Enter the phone number for the console server you want to use Enter the PPP User and select the PPP Auth Protocol in the appropriate fields For dial in with callback enable the dial back checkbox Select DSView Settings Dial up PPP Password then enter and confirm the password needed to access the ACS 6000 console server Select DS View Settings Dial up IP Addresses Click Generate Automatically to set the IP address automatically or enter the PPP Local IP address and Appliance IP address manually Select DSView Settings Dial up and click Save To configure a console server to receive the dial up connection within the DSView software In a Units view window containing appliances select the ACS 6000 console server you want to configure For a modem attached to a serial port select Ports Serial Ports then select the port that contains the attached modem Click Set Dial In Or For a modem attached to an auxiliary port select Ports Auxiliary Ports then select the port Click Set Dial In or For an internal modem select Ports Auxiliary Ports and select the modem or For a pluggable device modem select Pluggable Devices select the modem and click Save Select DSView Settings Dial up and click Push Co
28. to the user group Accessing the Console Server viathe Web Manager 55 admin group Members of the admin group have full administrative privileges that cannot be changed the same access and configuration authorizations as the default admin user Administrators can configure ports add users and manage power devices connected to the console server NOTE The only configuration allowed for the admin group is adding or deleting members To view admin Appliance Access Rights 1 Click Users Authorization Groups The Group Names screen is displayed showing the three default user groups along with any groups that have been created 2 Click on admin under the Group Name heading The content area will display the Members screen listing all members belonging to the admin group default members are admin and root users NOTE When any Group Name is selected both the content area and side navigation bar change The side navigation bar will display specific menu options for Members and Access Rights which include Serial Power and Appliance rights 3 Inthe side navigation bar click Access Rights Serial or Access Rights Power to access the screens displaying the fixed access rights and permissions for members of the admin group pertaining to serial ports and power management NOTE The Serial and Power screens are read only and cannot be changed 4 Inthe side navigation bar click on Access Rights Appliance The Appliance Access
29. user groups admin appliance admin shell login profile and user A user account must be defined for each user on the console server or on an authentication server The admin and root users have accounts by default and either administrator can add and configure other user accounts Each local user account is assigned to one or more of the user groups CAUTION Change the default passwords for root and admin before you put the console server into operation Local accounts The admin and root are equivalent users but named differently to address users familiar with either Avocent equipment or the Cyclades families of console servers Regular users can be granted permissions by administrators at any time The console server has two local user accounts by factory default admin Performs the initial network configuration The factory default password for admin is avocent The admin user is amember of the admin group and can configure the console server and ports as well as user and group authorizations root Has the same permissions as the admin user The factory default password for root is linux The root user is a member of the admin and shell login profile groups When a root user logs in via the CONSOLE port SSH or telnet the session is pre defined by the login profile to go directly to shell The login profile can be customized so that it does not go directly to shell To add new users 1 Click Users Local Accounts User Name
30. 0 elects direct asynchronous operation AT8Q5 Modem will try an error corrected link AT amp Q6 Selects asynchronous operation in normal mode allows speed buffering and flow control but no error correction AT amp V Displays modem s current configuration When this command is entered the modem will display its current command and register settings ATICO AT C1 Enables MNP 5 data compression Line signal level Returns a value that indicates the received signal level Example 009 9dBM 80 Avocent ACS 6000 Advanced Console Server Command Description Line signal quality Reports line signal quality DAA dependent Returns higher order byte of the EOM value Based on EQM value retrain or fallback fall forward may be iniated if enabled with AT E1 or AT E2 commands AT MS modulation selection This extended format compound parameter controls the manner of operation of the modulation capabilities in the modem It accepts six sub parameters MS lt carrier gt lt automode gt lt min_tx_rate gt lt max_tx_rate gt lt min_rx_rate lt max_rx_ rate gt lt CR gt To read the current settings enter AT MS lt CR gt MS Command Supported Rates Modulation Carrier Description 33600 31200 28800 26400 19200 16800 14400 12000 9600 7200 4800 or 2400 56000 54667 53333 52000 50667 49333 48000 46667 45333 42667 41333 40000 38667 37333 36000 34667 33333 32000 30667 29333 28000
31. 3502 https TCP port 3871 adsap2 UDP port 3211 aidp TCP port 22 sshd The following ports in the DSView software can accept connections from the ACS 6000 advanced console server TCP port 4122 default SSH server TCP port 4514 default data logging or Syslog server 74 Avocent ACS 6000 Advanced Console Server Accessing a Console Server with a DSView Software Installation via Dial up When a DSView software user establishes a serial session the following events occur e The user selects a serial port to access e A viewer is downloaded from the DSView server to the user s workstation e The DSView software passes information to the viewer such as an authorization key the console server s IP address and serial port The viewer then accesses the console server s serial port through an SSH session by passing the authorization key obtained from the DS View server The serial session begins To ensure constant connectivity a DSView server can be configured with an out of band OOB back door that will allow it to call a console server via modem in the event of a network or Internet failure Installing DSView software with an OOB back door The DSView server must be running on hardware that has a connected modem and the console server must have a built in modem or access to a modem via a PCMCIA card USB or serial port For this installation the DSView server must be the central point of reception of both th
32. 4 and IPv6 support e 0000000000000000 noora o ooroo 2 Flexible users and QroupS saa sas ss E ccc nn 3 al D _ r o ee eeeeEEEEerererNMMRRPEBBBBBeBeBPDBbbhn 3 Authentication sre DD HHHH H HHHHINIDMZZQM 3 VPN based on IPSec with NAT traversal l cs ass a sS KK KK KK KK KK 3 Packet HIG rr ee a ee es ees heen toe 3 A 4 Data logging notifications alarms and data buffering 20 222222202 4 Power management 200 22 cc cece cece cece cece cece cece eee KK KK KK KK KK KK KK KK KK KK KK KK KK KK KK KK K KA 4 Auto dISCOVGELY si ilu x la AR d a l helaka eye nek n k n ll El kun n n aO baha ha n ke k k 1420 eas ats 4 FIPS MOdulS oia MHHR ao e ue eMwahH HHHH 4 Configuration Example css eee cece SEE SE SS KEK SK KK SK SK KS KK KK KK KK KK KK KK KK KK KK O 4 instalation tunes tt o EuEnEnEEnENREnEnTmTDnNHNRENHnEEnDTRARTRBnnDnDBD HD NMDDDMIMIMDI 7 A 7 Supplied with the console server 2 2 2 2 eee cee SS SEK cece cece eeceeeceeeccccecceeeeees 7 Additional items needed 7 Rack Mounting SERR es 7 Connecting the Hardware c cece cece cece nono KK KK KK KK KK KK KK KK KK KO 8 Console server connectors nasa kk Sk RS SAR KAK KK SK KK SK KK KK KK KK KK KK KK KK RR KK KK KK KK KK KH 8 Connecting device consoles or modems to serial ports KK 10 Tuming On the Console Seer 11 AG POWGM 32322 cee eddie eena cb uubrtnvenddaguetare nau nus EARE ONEEC ANEAN TORE
33. 6000 Command Reference Guide To connect a terminal to the console server 1 Using anull modem cable connect a terminal or a PC that is running terminal emulation software such as HyperTerminal to the CONSOLE port on the back panel of the console server An RJ 45 to DB9 female cross adaptor is provided The terminal settings are 9600 bits per second bps 8 bits 1 stop bit no parity and no flow control 2 Turn on the console server When the console server completes initialization the terminal will display the login banner plus the login prompt Using Telnet or SSH An authorized user can use a Telnet or SSH client to make a connection directly to the console of a device if all of the following are true The Telnet or SSH e protocol is enabled in the selected security profile e protocol is configured for the port clientis available and it is enabled on the computer from which the connection is made To use Telnet to connect to a device through a serial port For this procedure you need the username configured to access the serial port the port name for example 14 35 60 p 1 device name for example ttyS1 TCP port alias for example 7001 or IP port alias for example 100 0 0 100 and the hostname of the console server or its IP address To use a Telnet client enter the information in the dialog boxes of the client Or To use Telnet in a shell enter the following command 14 Avocent ACS 6000 Advanc
34. Avocent ACS 6000 Advanced Console Server Installer User Guide EMERSON Network Power For important safety information visit www emersonnetworkpower com ComplianceRegulatoryInfo Emerson Emerson Network Power and the Emerson Network Power logo are trademarks or service marks of Emerson Electric Co Avocent the Avocent logo and Cyclades are trademarks or service marks of Avocent Corporation or its affiliates in the U S and other countries Liebert is a trademark and service mark of Liebert Corporation All other marks are the property of their respective owners This document may contain confidential and or proprietary information of Avocent Corporation and its receipt or possession does not convey any right to reproduce disclose its contents or to manufacture or sell anything that it may describe Reproduction disclosure or use without specific authorization from Avocent Corporation is strictly prohibited 2014 Avocent Corporation All rights reserved NOTE This document supports versions up to and including release 3 0 TABLE OF CONTENTS OF CONTENTS Introduction ne 1 Features and Benefits J J css kak cece cece cece cece eee cece ence KK SK KK KK KK KK KK KK KK KK KK KK KK KK KK KK KK KK KK IK 1 ACCESS OPONE roca hee ess Se oe ie ate hs r rr EH RR rrr HH HHH e 1 Web o r gt r U0 0D0 gt DoO bb7 K7Kb0eKKKKKKKBBbKbm mk amp m W W W m WT M M W W W WW WTd 2 IPv
35. CP to have the IPv4 IP address set by the DHCP server e Select Static to enter the IPv4 IP address subnet mask and gateway address manually e Select Pv4 address unconfigured to disable IPv4 5 Select one of the following IPv6 method options Select Stateless if the link is restricted to the local IP address e Select DHCPV6 to have the IPv6 IP address set by the DHCP server e Select Static to enter the IPv6 IP address and prefix length manually e Select Pv6 address unconfigured to disable IPv6 6 Select the Ethernet Mode for the built in interface ETHO and ETH1 30 Avocent ACS 6000 Advanced Console Server NOTE The MAC Address for the device will be displayed after this option IPv4 and IPv6 static routes To add static routes 1 Select Network IPv4 Static Routes or IPv6 Static Routes Any existing static routes are listed with their Destination IP Mask Gateway Interface and Metric values shown 2 Click Add 3 Select Default to configure the default route Or Select Host IP Or Network to enter custom settings for Destination IP Mask Enter the required Destination IP Mask Bits with the syntax lt destination IP gt lt CIDR gt in the Destination IP Mask Bits field 4 Enter the IP address of the gateway in the Gateway field 5 Enter the interface name EthO Eth1 or PPPx in the Interface field when the route is by interface 6 Enter the number of hops to the destination in the Metric field then click S
36. Close Or Check two or more boxes next to the outlets for which you want to change settings Click Edit to change the settings for the outlets you selected Click Save Click PDU to view and configure PDU settings Click Save when finished Click Phases or Banks a Click on the name of a phase or bank to change its settings or click one or more boxes next to the phase s or bank s you want to change b Click Save to save the settings and click Close to return to the Phase screen NOTE The PDU model defines available parameters in the Settings window Accessing the Console Server viathe Web Manager 67 Login An administrator can change the login password for a supported PDU type This password is used by the console server to communicate with the PDU Only one password is supported for all PDUs of the same type To change a PDU password 1 Select Power Management Login 2 Tochange the password for an Avocent or Cyclades PDU an Avocent SPC power control device or a Server Tech PDU enter the password in the appropriately labeled section 3 Click Save Outlet Groups By selecting the Outlet Groups tab you can view status outlet and power consumption for outlet groups as well as configure them You can also turn on turn off or cycle selected outlet groups To manage outlet groups 1 2 5 Select Power Management Outlet Groups Check the box next to the name of the Outlet Group you want to manage
37. ID Display current VCID setting 0 2 VCID o Disable caller ID reporting default VCID Enable caller ID with formatted presentation to the DTE Command Parameter Description VCID Enable caller ID with unformatted presentation to the DTE VRID 0 Displays the formatted caller 1D of the last received call VRID Displays the unformatted caller ID of the last received call 85 86 Avocent ACS 6000 Advanced Console Server Technical Support Our Technical Support staff is ready to assist you with any installation or operational issues you encounter with your Avocent product If an issue should develop follow the steps below for the fastest possible service To resolve an issue 1 Check the pertinent section of this manual to see if the issue can be resolved by following the procedures outlined 2 Visit www avocent com support and use one of the following resources Search the knowledge base or use the online service request Or Select Technical Support Contacts to find the Avocent Technical Support location nearest you About Emerson Network Power Emerson Network Power a business of Emerson NYSE EMR delivers software hardware and services that maximize availability capacity and efficiency for data centers healthcare and industrial facilities A trusted industry leader in smart infrastructure technologies Emerson Network Power provides innovative data center infrastructure management solutions that
38. K56flex 56000 54000 52000 50000 48000 46000 44000 42000 40000 38000 36000 34000 32000 V92 v92 56000 54667 53333 52000 50667 49333 48000 46667 45333 42667 41333 downstream 40000 38667 37333 36000 34667 33333 32000 30667 29333 28000 V92 v92 48000 46667 45333 42667 41333 40000 38667 37333 36000 34667 33333 upstream 32000 30667 29333 28000 26667 25333 24000 81 Set telephone extension option This command enables disables line in use and extension pickup options Set Telephone Extension Options STE n Value Extension Pickup Line In Use 0 default Disabled Disabled Disabled Enabled Enabled Disabled Enabled Enabled If the line is in use and the modem receives an ATDT command to dial out the modem will not go off hook and will display the LINE IN USE result code If the modem is off hook and the extension is picked up the modem will drop the connection and display the OFF HOOK INTRUSION result code AT S registers The S registers use the following format ATSr n lt CR gt where the r is the S register number and n is the parameter to set it to To read the current contents of an S register issue an ATSr lt CR gt command where r is the register in question The modem will then display the value of the S register AT S Registers Register Range Units Default Description S0 0 255 Rings Ring to answer on ATSO 1 lt CR gt means answ
39. OMS ew IeIIeoereeeeeeEeeeeeeeereeeeerrarmrmroarz pm a ESA nas fae 35 Senai POMS Ariss ss ta Sete e oe erate antl el ea o do tee llc 35 AUX Ta a ee E ess AS a be Salt a le ei a e oe 42 CAS Proteccion rastas tas 42 RIR U sico n DO htt or E O CA AK 45 Dial Gut Profil a 9 Eae c kaka tl kah 47 Pluggable Devices yon Ke VE c mene St PR a MN W ka Ser n E W KEKE de ta 48 Device configuration 2 0 2 00 ccc cece cece cece aa Saa aS SS KK KK KS SS KK KK KS KK KK KK KK KK KH 49 Authentication lt script dR BD 49 Appliance authentication 22 2 0 asas as a a a a sa SS KK KS kK KK KK KK KK KK KK KK KK 50 Authentication aseve NnNnH r rF E 51 Users Accounts and User Groups occ cocos 53 Reece eei ita ele Se eed dada das veld sundae bce el ad it es 53 WSER AA count netics teste A betel Wai Wind Bade Bite tote ater ed nae lel oe te 54 DSView software access Hga cnn KK KK KK KK KK KK nan 61 Event Notifications 2 2 2 0 00 202 c STER eee h danina Akh hb O kn xn dey eb he 61 Even BIS R dd AAR 61 Event Destinations si 5 k dela Skee a derl td De Rees eet 62 AA A A O A EEEE ETA 62 Data bulang DD DD Dr pre 63 Appliance IOQGING i J M MN A A MM M R 63 OMS OFS Dan ta ER V Ae CID KA CUA Ga WD CIR TAC O RN Uneaten eet ENA NEV A Meke 64 Power Management coco KK KK KK KK AKA KK KK KK KIR 64 AAA A DD EA 65 O ee NO 67 Outlet Groups a E Bn 67 Network RDU Suecia eae ttn tne a Ut c
40. Or Local authentication may be tried only if a remote authentication server is down Remote_Method_ Down_Local An administrator can configure authentication using the CLI utility and the web manager The default authentication method for the console server and the serial ports is Local Any authentication method that is configured for the console server or the ports is used for authentication of any user who attempts to log in through Telnet SSH or the web manager Appliance authentication The console server authenticates for the console server and the ports either in groups or individually NOTE It is advised when using group authorization that you use the same authentication for both the console server and all serial ports or use Single Sign on Authentication to facilitate group authorization When Single Sign on Authentication is disabled the console server uses the individual configuration based in the destination of the access the console server itself or each serial port Users must use their password each time they access an individual port If enabled Single Sign on Authentication will use the authentication server you choose from the pull down menu for all access and no further authentication will be needed NOTE Selecting unconfigured from the pull down menu will allow the ports to continue to use individual authentication servers and will require your password the first time you access any port After that the port
41. To configure users and change the default user passwords WARNING For security reasons it is recommended you change the default password for both root and admin users immediately 1 Select the Users link in the content area 2 Click a username admin or roof and enter the new password in the Password and Confirm Password fields 20 Avocent ACS 6000 Advanced Console Server Or Click Add to add a user Enter the new username and password in the appropriate fields 3 Optional To force the user to change the default password select the User must change password at next login checkbox Assign the user to one or more groups Optional Configure account expiration and password expiration Click Next ND WW gt Repeat steps 3 7 as needed to configure new user accounts and assign them to default groups NOTE By default all configured users can access all enabled ports Additional configuration is needed if your site security policy requires you to restrict user access to ports 8 Click Save then click Finish Expert Mode The following tabs are available in the side navigation bar of the web manager when an administrator is in Expert mode Access Click Access to view all the devices connected to the console server To view and connect to devices using the web manager 1 Select Access in the side navigation bar The content area displays the name of the console server and a list of names or aliases for all in
42. agement software Messages about the console server and connected servers or devices can also be sent to syslog servers Power management The console server enables users who are authorized for power management to turn power on turn power off and reset devices plugged into a connected power distribution unit PDU The power devices can be connected to any serial port or to the AUX Modem port if an internal modem is not installed For more information see Power Management on page 64 Auto discovery An administrator can enable auto discovery to find the hostname of a target connected to a serial port Auto discovery s default probe and answer strings have a broad range An administrator can configure site specific probe and answer strings Auto discovery can also be configured through the DSView software FIPS module The 140 series of Federal Information Processing Standards FIPS are U S government computer security standards that specify requirements for cryptography modules The console server uses an embedded FIPS 140 2 validated cryptographic module Certificate No 1747 running on a Linux PPC platform per FIPS 140 2 Implementation Guidance section G 5 guidelines For more information see FIPS module on page 23 Configuration Example The following graphic and table illustrate a typical ACS 6000 console server configuration Introduction 5 Typical ACS 6000 Advanced Console Server Configuration Typical ACS 6000 Adva
43. an action either ACCEPT DROP RETURN LOG or REJECT must be selected from the Target pull down menu The selected action is performed on an IP packet that matches all the criteria specified in the rule If LOG is selected from the Target pull down menu the administrator can configure a Log Level a Log Prefix and whether the TCP sequence TCP options and IP options are logged in the Log Options Section If REJECT is selected from the Target pull down menu the administrator can select an option from the Reject with pull down menu the packet is dropped and a reply packet of the selected type is sent Protocol options Different fields are activated for each option in the Protocol pull down menu If Numeric is selected from the Protocol menu enter a Protocol Number in the text field If TCP is selected from the Protocol menu a TCP Options Section is activated for entering source and destination ports and TCP flags If UDP is selected from the Protocol menu the UDP section is activated for entering source and destination ports 32 Avocent ACS 6000 Advanced Console Server Firewall Configuration TCP and UDP Options Fields Field Menu Option Definition Source Port or Destination A single IP address or a range of IP addresses Port TCP Flags TCP only SYN synchronize ACK acknowledge FIN finish RST reset URG urgent and PSH push The conditions in the pull down menu for each flag are Any Set or Unset
44. ance that serves as a single point for access and administration of connected devices such as target device consoles modems and power devices Console servers support secure remote data center management and out of band management of IT assets from any location worldwide NOTE Unless noted references to a console server refer to all models in the 60XX series Console servers provide secure local console port and remote IP and dial up access The console servers run the Linux operating system with a persistent file system in Flash memory and can be upgraded from either FTP or a DSView 4 management software server NOTE Unless otherwise noted all references to DSView software in this document refer to version 4 or greater Multiple administrators can be logged into the console server at the same time and can use the web manager the Command Line Interface CLI utility or DSView software to access and configure the console server Some models feature two PC card slots to support modem Ethernet fast Ethernet fiber optic and storage PC cards 16 bit and 32 bit One USB port supports modem V 92 and Wireles storage devices and USB hubs Two fast Ethernet ports support connections to more than one network or configuration of Ethernet bonding failover for redundancy and greater reliability For dial in and secure dial back with Point to Point Protocol PPP optional internal modems can be factory installed or you can use exter
45. assphrase in the Confirm Secret field Enter the desired number of seconds for server time out in the Timeout field Enter the desired number of retries in the Retries field If you select the Enable Service Type attribute to specify the authorization group checkbox enter the authorization group name for each of the following Service Types Login Framed Callback Login Callback Framed Outbound and Administrative Click Save To configure a TACACS authentication server Select Authentication Authentication Servers TACACS Enter the IP addresses for the First Authentication Server and First Accounting Server If used enter the IP addresses of the Second Authentication Server and Second Accounting Server Select the desired service PPP or raccess from the Service drop down menu Enter your secret word or passphrase in the Secret field applies to both first and second authentication and accounting servers then re enter the secret word or passphrase in the Confirm Secret field Enter the desired number of seconds for server time out in the Timeout field Enter the desired number of retries in the Retries field 52 9 Avocent ACS 6000 Advanced Console Server If you select the Enable User Level attribute to specify the authorization group checkbox enter the authorization group name for up to 15 User Levels Click Save To configure an LDAP S AD authentication server N 8 9 a K WN Select Authent
46. ave Hosts An administrator can configure a table of host names IP addresses and host aliases for the local network To add a host 1 Select Network Hosts 2 Click Add to add a new host 3 Enter the IP address hostname and alias of the host you want to add then click Save To edit a host 1 Select Network Hosts 2 Click on the IP address of the hostname you want to edit 3 Enteranewhostname and alias if applicable then click Save Accessing the Console Server viathe Web Manager 31 Firewall Administrators can configure the console server to act as a firewall By default three built in chains accept all INPUT FORWARD and OUTPUT packets Select the Add Delete or Change Policy buttons to add a user chain delete user added chains and to change the built in chains policy Default chains can have their policy changed Change Policy to accept or drop but cannot be deleted Clicking on the Chain Name allows you to configure rules for chains Firewall configuration is available by clicking on Network Firewall Separate but identical configuration screens are available from either the Pv4 Filter Table or IPv6 Filter Table menu options Only the policy can be edited for a default chain default chain policy options are ACCEPT and DROP When a chain is added only a named entry for the chain is created One or more rules must be configured for a chain after it is added Configuring the firewall For each rule
47. cable to the IN port of the chained PDU Repeat both steps until you have connected the desired number of PDUs NOTE For performance reasons Avocent recommends connecting no more than 128 outlets per serial port Turning On the Console Server The console server is supplied with single or dual AC or DC power supplies WARNING Always execute the shutdown command through the web manager CLI or DSView software under the Overview Tools node before turning the console server off then on again This will ensure the reset doesn t occur while the file system in Flash is being accessed and it helps avoiding Flash memory corruptions AC power To turn on a console server with AC power 1 Make sure the console server is turned off 2 Plug the power cable into the console server and into a power source 3 Turnthe console server on 4 Turn on the power switches of the connected devices 12 Avocent ACS 6000 Advanced Console Server DC power DC power is connected to DC powered console servers by way of three wires Return RTN Ground GND and 48 VDC WARNING It is critical that the power source supports the DC power requirements of your console server Make sure that your power source is the correct type and that your DC power cables are in good condition before proceeding Failure to do so could result in personal injury or damage to the equipment The following diagram shows the connector configuration for DC power DC Power
48. can assign to custom user groups For more information see Users Accounts and User Groups on page 53 Security Security profiles determine which network services are enabled on the console server Administrators can either allow all users to access enabled ports or allow the configuration of group authorizations to restrict access You can also select a security profile which defines which services FTP ICMP IPSec and Telnet are enabled and SSH and HTTP HTTPS access The administrator can select either a preconfigured security profile or create a custom profile For more information see Security on page 22 Authentication Authentication can be performed locally with One Time Passwords OTP a remote Kerberos LDAP NIS RADIUS TACACS authentication server or a DS View server The console server also supports remote group authorizations for the LDAP RADIUS and TACACS authentication methods Fallback mechanisms are also available Any authentication method configured for the console server or the ports is used for authentication of any user who attempts to log in through Telnet SSH or the web manager For more information see Authentication on page 49 VPN based on IPSec with NAT traversal If IPSec is enabled in the selected security profile an administrator can use the VPN feature to enable secure connections IPSec encryption with optional NAT traversal which is configured by default creates a secure tunnel for dedicated com
49. d and click Save NOTE Ethernet Mode will be affected after saving The rest of the configuration will be applied after rebooting Information Click System Information to view the console server s identity versions power and CPU information Accessing the Console Server via the Web Manager 29 Usage Click System Usage to view memory and Flash usage Network Click Network to view and configure the network options for Hostname DNS IP v6 Bonding IP v4 and IPv6 static routes Hosts Firewall IPSec VPN and SNMP Settings Click Network Settings to make changes to the configured network settings Hostname DNS Bonding IPv4 Multiple Routing Table NOTE Pv4 Multiple Routing Table allow administrator to configure two networks one for each interface EHTO and ETH1 with its own default gateway Devices An administrator can select enable and configure the IP addresses assigned to the network interfaces and viewthe MAC address Besides the two standard Ethernet interfaces the list of network interfaces includes entries for any Ethernet PC cards that may be installed To configure a network device 1 Select Network Devices The Devices screen appears with a list of network interfaces and their status enabled or disabled 2 Clickthe name of the network device to configure 3 Select the status either Enabled or Disabled from the drop down menu 4 Select one of the following IPv4 method options e Select DH
50. dem has accepted the command and is now configured to operate in Japan AT GCI lt CR gt Meaning Display current country code GCI 00 Meaning Japan is the current country selected OK 84 Avocent ACS 6000 Advanced Console Server To view which countries are available in the modems firmware enter AT GCl lt CR gt The modem will display all of the possible two digit country codes available Country Codes List Country Code Country Code Country Code Australia oo HongKong 50 Polana fea Ausia Joa nia 53 Portugal 88 China ze Japan jop Spain AD United States B5 Unea Kingdom 4 TT TI Using caller ID The modem can be used to display certain information about incoming telephone calls The modem can inform you of the date time telephone number and name associated with incoming calls When the CID option is enabled information will be displayed between the first and second incoming RING In order for this feature to work properly the telephone line connected to the modem must subscribe to caller ID service offered by the local telephone company A sample of the displayed information is shown below RING DATE 0513 TIME 1346 NMBR 408 767 8900 NAME RADICOM RESEARCH RING The CID information can either be presented formatted as shown previously or unformatted The VCID and VRID commands control the modem CID option Caller ID Information Command Parameter Description VC
51. dress The IP address of the host NextHop The router through which the console server on the left side or the remote host on the right side sends packets to the host on the other side SubNet The netmask of the subnetwork where the host resides Use CIDR notation The IP number followed by a slash and the number of one bits in the binary notation of the netmask For example 192 168 0 0 24 indicates an IP address where the first 24 bits are used as the network address This is the same as 255 255 255 0 Remote Right Side and Local Left Side RSA Key If For PSec VPN authentication you need to generate a public key for the console server and RSA Key is _ find out the key used on the remote gateway Copy and paste for copying the RSA key from selected another source is supported Pre Shared Pre shared password between left and right users SNMP Configuration An administrator can configure SNMP which is needed if notifications are to be sent to an SNMP management application NOTE The Avocent ACS 6000 Enterprise MIB text file is available in the appliance at usr local mibs ACS6000 MIB asn The Avocent ACS 6000 Enterprise TRAP MIB text file is available in the appliance at usr local mibs ACS6000 TRAP MIB asn Both files are also available at www avocent com To configure SNMP 1 Click Network SNMP 2 Click the System button Accessing the Console Server via the Web Manager 35 a Enter the SysCo
52. e An RJ 45 to DB 9F straight through adaptor e A PC running a terminal emulation program Rack Mounting You can mount the console server in a rack or cabinet or place it on a desktop or other flat surface For rack or cabinet mounting two mounting brackets are supplied To rack mount a console server 8 Avocent ACS 6000 Advanced Console Server 1 Install the brackets at the front or back edges of the console server with the screws provided with the mounting kit 2 Mountthe console server in a secure position Bracket Connections for Front Mount Configuration Connecting the Hardware Console server connectors The following figure shows the connectors on the front of the ACS 6000 console server Front of the Console Server ACS 6032 Console Server Shown cyclades Connectors on the Console Server Front Number Description PC card slots not available on all models Installation 9 LEDs on the Console Server Front Label Description e Blue Blinks During unit boot PWR CPU e Solid During operation Off Power is off Amber Link at 10BaseT speed e Yellow Link at 100BaseT speed ION Green Link at 1000BaseT speed Off No link cable disconnected Ethernet fault Dual LED Yellow on top green on bottom e Yellow DTR DCD activity AU DEN e Green TXD and RXD activity e Off No activity Green e Blinks Ready with activity Solid Ready Off Not ready One LED for each seria
53. e asad eset le SH es Coreen ated MO 0 68 ACTIVE SESSIONS SRA e 68 Monitoring cnn 69 Change PaSSWord 2 0 0 22 cee cece eee h n nana 69 Web Manager Overview for Regular Users e cece SK KK KK KK KK KK KK K IR 70 AAA A O AeA entra ta yt Ae 71 Technical Specifications e ce ence eee eee KK KK KK KK KK KK KK KK R 71 Recovering a Console Server s Password 00 0 0 ooo cece cece eee e cece cece KAK KK KK KK KK KK KK KS 72 Port Information for Communication with the DSView Software 22 222 e cece 73 Accessing a Console Server with a DSView Software Installation via Dial up 74 Installing DSView software with an OOB back door 2 2 2 2 2 eee 74 Configuring dial up for a console Server _ 2 2 22 2020 74 Intenda MOJEM ene fonda past lacio ll e nb rote doa hulle a 17 AT MS modulation selection 80 Set telephone extension option cece cece cece cece cece ccccecccccccecceeeeeeeeeeeneees 81 A FOTENE ES orcos ts A dt di 81 Basic modem result codes 82 Digital line QUATd e a a HH HHHH tear 82 Sleep mode operation asas aa saa aa aa a ss a SS a KS SK KK KS Sk KK KK SK KK KK SK KK KK HKH 83 Bosel silale Te NAM a M AA de deta eee 83 Selecting country cod s zarien tepee cece ee cece Xema se lan a 2D n X020 ADE AGS 83 Uap alier aeann E S e r ceca 84 Technical Support oa da Sol seis Se dep eo 86 Introduction The Avocent ACS 6000 advanced console server is a 1U appli
54. e front of the console server For more information go to http emersonnetworkpower com en us products then select Infrastructure Management Serial Consoles Avocent ACS 6000 Advanced Console Server From the product page click the PCMCIA Cards tab to see the list of supported devices NOTE When a pluggable device is not in the current list of supported pluggable devices the console server may attempt to configure the device with standard settings allowing it to work normally Also when a pluggable device is not listed in the internal database the Device Info column may show no text at all or show different text based on the type of card One example is Unknown device f024 rev 01 To install and detect a pluggable device 1 From the side navigation bar select Pluggable Devices 2 Click Enable Pluggable Device Detection to detect connected pluggable devices 3 Connect a device to a USB port on the console server Or Accessing the Console Server via the Web Manager 49 If supported by the console server insert a PC card into a PCMCIA slot 4 The Pluggable Devices table displays all detected pluggable devices NOTE To disable pluggable device detection click Disable Pluggable Device Detection To eject or delete a pluggable device 1 From the side navigation bar select Pluggable Devices 2 Select the checkbox next to the pluggable device you want to eject rename or delete 3 Click Eject Rename or Delete as de
55. e out Enable or disable RPC e Ability to configure access for all users or allow the configuration of group authorizations to restrict access e Select a Security Profile which defines Enabled services FTP ICMP IPSec and Telnet s SSHand HTTP HTTPS access e Enable or disable Bootp Configuration retrieval The administrator can select either a preconfigured Security Profile or create a custom profile Allthe services and the SSH and HTTP HTTPS configuration options that are enabled and disabled for each Security Profile are shown in the Wizard Security and the System Security Security Profile pages To configure a Security Profile 1 Select System Security Security Profile 2 Inthe Idle Timeout field enter the number of minutes before the console server times out open sessions NOTE This value applies to any user session to the appliance via HTTP HTTPS SSH Telnet or CONSOLE port It will not overwrite the value configured for the user s authorization group The new idle time out will be applied to new sessions only 3 Under the Enabled Services section enable or disable the RCP checkbox Accessing the Console Server viathe Web Manager 23 4 Under the Serial Devices heading select whether port access is controlled by user group authorization or configure port access settings to apply to all users 5 Under Bootp Configuration retrieval enable or disable the service 6 Select the checkbox for Cust
56. e packets leaving the downloaded viewer and the console server To ensure this Proxy mode must be configured within the DSView software The viewer will then point to the DSView server not the console server to establish the SSH connection The DSView server would then route the packets by changing both the source and destination IP addresses and act as a middle point of communication Under normal operating conditions packets received from the Video Viewer would route through the DSView server via Ethernet In an error state the DSView server would detect that the normal path to the console server was interrupted and would dial out to the console server pass authentication and establish a PPP connection Packets that would normally pass via Ethernet would instead be routed via PPP Because of the speed differences between Ethernet and dial up performance would be notably slower but still present Multiuser connections would further degrade performance and are not recommended For this reason dial up backup is recommended as an emergency backup feature only Configuring dial up for a console server To configure dial up to a console server within the DSView software NO a K ON 10 11 12 13 14 Appendices 75 In a Units view window containing appliances select the ACS 6000 console server you want to configure For dial in with callback you must first select DS View Server Properties DSView Modem Sessions under
57. e security policy 3 Under the Bootp Configuration Retrieval heading uncheck the box es to disable Bootp configuration retrieval and or live configuration retrieval 4 Ifyou are not using DSView software to manage the appliance uncheck the Allow Appliance to be Managed by DSView box 5 Click Next to configure the Network or click the Network Ports or Users link to open the appropriate screen To configure network parameters 1 Select the Network link in the content area 2 Enter the Hostname Primary DNS and Domain in the appropriate fields 3 Select the IPv4 or IPv6 method for the ETHO interface If using Static enter the Address Mask and Gateway in the appropriate fields 4 Enable or disable IPv6 support 5 Click Next to configure ports or click on the Security Ports or Users link to open the appropriate screen To configure Ports 1 Select the Ports link in the content area 2 Check the box es to enable all ports and or to enable Cisco RJ45 Pin Out to change the pin out when a Cisco cable is connected 3 Use the appropriate drop down menus to select the values for Speed Parity Data Bits Stop Bits Flow Control Protocol Authentication Type and Data Buffering Status 4 Select the Data Buffering Type If using NFS enter the NFS Server and NFS Path information in the appropriate fields 5 Click Next to configure users or click on the Network Security or Users link to open the appropriate screen
58. each administrator needs to verify that changes made during the session were saved Web manager Users and administrators can perform most tasks through the web manager accessed with HTTP or HTTPS The web manager runs in Microsoft Internet Explorer Mozilla 9FirefoxO and Apple Safari on any supported computer that has network access to the console server The list of supported client browsers and their versions are available in the release notes IPv4 and IPv6 support The console server supports dual stack IP v4 and IPv6 protocols The administrator can use the web manager or CLI to configure support for IPv4 addresses only or for both IPv4 and IPv6 addresses The following list describes the IPv6 support provided in the console server e DHCP e Dial in and dial out sessions PPP links e DSView software integration e eth0 and eth1 Ethernet interfaces e Firewall IP tables e HTTP HTTPS Linux kernel Remote authentication Radius Tacacs LDAP and Kerberos servers e SNMP s SSH and Telnet access e Syslog server NOTE Remote authentication NFS NIS and IPSec are not supported with IPv6 Introduction 3 Flexible users and groups An account can be defined for each user on the console server or on an authentication server The admin and root users have accounts by default and either can add and configure other user accounts Access to ports can be optionally restricted based on authorizations an administrator
59. ed Console Server telnet hostname IP_address login username portname device name or telnet hostname IP_address TCP_Port_Alias login username or telnet P_Port_Alias login username To close a Telnet session Enter the Telnet hotkey defined for the client The default is Ctrl q to quit or enter the text session hotkey for the CLI prompt and then enter quit To use SSH to connect to a device through a serial port For this procedure you need the username configured to access the serial port the port name for example 14 35 60 p 1 TCP port alias for example 7001 device name for example ttyS 1 and the hostname of the console server IP address or IP Port alias for example 100 0 0 100 To use an SSH client enter the information in the dialog boxes of the client or To use SSH in a shell enter the following command ssh l username port_name hostname IP_address or ssh l username device_name hostname IP_address or ssh l username TCP_Port Alias hostname IP_address or ssh l username IP Port Alias To close an SSH session Installation 15 At the beginning of a line enter the hotkey defined for the SSH client followed by a period The default is Or enter the text session hotkey for the CLI prompt and then enter quit Installation 16 Accessing the Console Server via the Web Manager Once you ve connected your ACS 6000 console server to a network
60. efault ATL3 ATMO peaker is always off ATM3 peaker if off during dialing and when receiving carrier but on during answering ATQO Enables result codes to the DTE default ATQ1 ATSr Establishes S register r as the default register O O Disables result codes to the DTE ATSrn_ Sets S register r to the value n ATSr Reports the value of S register r ATVO Enables short form result codes ATV1 Enables long form result codes Upon connection the modem reports only the DTE speed for example CONNECT 9600 ATWO Subsequent responses are disabled default Upon connection the modem reports the modulation type line speed the error correction protocol and the DTE speed Subsequent responses are disabled Upon connection the modem reports DCE speed for example CONNECT 2400 Subsequent responses are disabled ATXO Ignores dial and busy tone Sends CONNECT message when a connection is established by blind dialing Disables monitoring of busy tones Sends only OK CONNECT RING NO CARRIER and ATX1 ERROR messages If busy tone detection is enforced and busy tone is detected NO CARRIER will be reported instead of BUSY If dial tone detection is enforced or selected and dial tone is not ATDA D_ ATDP ATDT a ATD ATEO ATEI ATHO ATH1 __ ato ATI2 ans ATLO ATL1 ATL2 ATL3 s ATMO ATM1 ATM2 ATMS Arao atai ATSr___ ATSr n__ ATS
61. er Default Disabled Suppression nol AS Enables the suppression of the NULL character after the CR character Default Disabled Suppression Accessing the Console Server via the Web Manager 39 Parameter Description ee The interval the port waits to send data to a remote client in milliseconds Default 20 Break An administrator can configure the control key as the break sequence entering before the Sequence letter Not available for Raw Default break Interval for the break signal in milliseconds Not available for Raw Default 500 Log In Out Multi Session Notification Enables the notification to multi session users when a new user logs in or a user logs out Not available for Raw Default Disabled Informational Message Notification Displays an information message when a target session is opened Not available for Raw Default Enabled Data Buffering tatus Enables or disables data buffering Default Disabled Displays the type of data buffering Local stores the data buffering file in the local file Type system NFS stores the data buffering file in the NFS server Syslog sends the data to the syslog server DSView sends the data to the DSView software Default Local c When enabled adds the time stamp to the data buffering line for a Local or NFS database Time Stamp a Default Disabled Includes special notification for logins and logouts in data buffering Default Disabled Message
62. er call on first ring detected 0 255 Rings jp Number rings counted SOS oz asci Ja Backspace character SSCS 7 i E 24 0255 isee fo Sleep mode nacimiy timer 29 s O IN HS 82 Avocent ACS 6000 Advanced Console Server Basic modem result codes There are basic codes the modem will issue in response to processing an AT command Result codes may be displayed either in word V1 or numeric VO format by using the Vn command The Qn command controls if result codes are issued QO or not issued Q1 The Xn Wn commands and register S95 determines which result code format the modem will display to indicate the type of connection established There are more than 300 codes The most commonly used are listed in the table below Basic Result Code Listing Numeric Verbose Description lo Jok The modem has received and acknowledged the command CONNECT Connection made at 300bps or extended result codes are off X0 RING An incoming ring signal has been detected i i i i i t mplet NO CARRIER This result code reflects either an intended disconnect or a failure to complete a connection ERROR An invalid command was issued to the modem dl Indicates a 1200bps line or DTE connection NO DIALTONE BUSY The modem has detected a busy tone NO ANSWER After S7 time has elapsed the remote server never answered i NA Line speed or DTE connection at 2400bps ee Line speed or DTE connection at 9600bps CAE Line speed or DTE co
63. er s internal clock is used to provide time and date information NOTE The Current Time displayed in the Date amp Time screen shows only the time when the screen was opened It does not continue to update in real time To set the time and date using NTP 1 Click System Date And Time 2 Select Enable network time protocol 3 Enter the NTP server site of your choice and click Save To set the time and date manually 1 Click System Date And Time 2 Select Set manually 3 Using the drop down menus select the required date and time and click Save To set the time zone using a predefined time zone 1 Click System Date And Time Time Zone 2 Select Predefined 3 Select the required time zone from the drop down menu and click Save To define custom time zone settings 1 Click System Date And Time Time Zone 2 Select Define Time Zone 3 Enter the Time Zone Name and Standard Time Acronym of your choice Accessing the Console Server via the Web Manager 27 4 Enter the GMT Offset 5 Select Enable daylight savings time if needed 6 Select or enter the required values for daylight savings time settings and click Save Help and Language Click System Help And Language and use the drop down menu to select the console server s language Enter the full URL of the online help ending in index html on the local web server in the Online Help URL field Click Save Online help When the online help feature
64. et to the configured target name or to the corresponding unique default target name NOTE The configured target name will be used only after the auto discovery process fails NOTE The auto discovery process starts when there is variation in the DCD signal from OFF to ON disconnect connect the target s cable turn off on the target and when the configuration of the serial port goes from disabled to enabled and there is a target connected in the port The probe strings will be used to stimulate the server such as n a single newline The match strings are regular expressions where H is a placeholder for the target name you want to detect such as H or just xxx Hyyy The first one will extract target name from things such as nanana myTarget a results myTarget jhdsgjhas tg2 kjafja a results tg2 And the second one from things such as hsagdfjhagfxxxTARGETyyyyyy a resulting TARGET To configure the strings for probe match used by auto discovery Perform this procedure to change the default settings or the probe or match strings used in auto discovery 1 Select Ports CAS Profile Auto Discovery The Settings Probe Strings and Match Strings options appear in the side navigation bar 2 Tochange the default auto discovery time out or probe time out perform the following steps a Select Settings b Enter a new value in the Auto Discovery Timeout and Probe Timeout fields c Selecta
65. f the appliance and the name of the logged in user appears on the left side and Refresh Print Logout and Help buttons appear on the right Side navigation bar Menu options appear that are available for regular users Content area Contents change based on the options selected in the side navigation bar Web Manager Options for Regular Users Menu Option Description Displays all the devices the user can access Click on Serial Viewerin a device s Action column to launch a terminal session with that device Power Click PDUs to turn on turn off cycle reboot reset the HW overcurrent protection returnt to factory defaults or rename PDUs connected to the console server Click Outlet Groups to manage groups of outlets on connected PDUs Management PDUs Outlet Groups Change Appendices Technical Specifications Technical Specifications for the ACS 6000 Console Server Hardware Category Value General Information PPC440EPx 533 MHz PowerPC with Security Acceleration Engine 256 MB DDR 2 128 MB NAND Flash embedded ICs on motherboard 2 Ethernet 10 100 1000BT on RJ 45 1 RS232 Console on RJ 45 1 AUX RS232 on RJ 45 or Interfaces internal MODEM V 92 on RJ 45 RJ11 compatible RS232 Serial Ports on RJ 45 1 USB 2 0 Host on Type A connector 2 PC Card CardBus with ejector dual Type II or single Type III Power Information Power Internal 100 240 VAC 50 60 HzOptional Dual entry redundant power supplies 48 VDC option Supp
66. g the connection to the serial port If the protocol does not match the connection will be denied To configure a pool of CAS ports 1 2 Click Ports Pool of CAS Ports To create a pool click the Add button or To edit an existing pool click the name of the pool you want to edit or To delete a pool check the box next to the pool you want to delete and click the Delete button Enter the parameters for the pool in the appropriate fields In the left side of the Pool Members field select the ports to be added to the pool and click Add Accessing the Console Server viathe Web Manager 45 Or In the right side of the Pool Members field select the ports to be removed from the pool and click Remove 5 Click Save NOTE A serial port can only belong to one pool at a time but a user can create an empty pool and add ports to it later Pool of CAS Ports Parameters Parameter Description The name of the pool The pool name is mandatory and should follow hostname guidelines not exceed 64 characters and start with a letter The Port Alias where the pool responds for each protocol e Telnet Port Alias for telnet protocol It is optional Port Alias e SSH Port Alias for ssh protocol It is optional Pool Name s Raw Mode Port Alias for raw mode protocol e Itis mandatory when Raw Mode is configured as protocol for the ports Pool IPv4 Alias The IPv4 address used by the pool This parameter is optional Po
67. he Physical Settings screen then check Enable Cisco RJ Pin Out The following tables show serial port pinout information ACS Console Server Serial Port Pinout Pin No Signal Name Input Output rs TT TT TT r TT Teen T wooo Cisco Serial Port Pinout Pin No Signal Name Input Output CI CL O 2 pes CI To connect devices modems and PDUs to serial ports Make sure the crossover cable used to connect a device has the same pinout type that is configured in the software for the port either Cyclades or Cisco 1 Make sure the devices to be connected are turned off 2 Use CAT 5 or greater crossover cables to connect the devices to the console server using an adaptor if necessary Installation 11 3 To connect modems use straight through CAT 5 or greater cables with an appropriate connector or adaptor USB DB 9 or DB 25 for the modem NOTE To comply with EMC requirements use shielded cables for all port connections WARNING Do not turn on the power on the connected devices until after the console server is turned on To daisy chain PDUs to a console server This procedure assumes that you have one PDU connected to a serial port on a console server NOTE Daisy chaining is not possible with SPC PDUs ServerTech PDUs will allow only one level Master and Slave of daisy chaining 1 Connect one end of a UTP cable with RJ 45 connectors to the OUT port of the connected PDU 2 Connect the other end of the
68. ication Authentication Servers LDAP S AD Enter the IP address of the server Enter the Base At the Secure drop down menu select Off On or Start_TLS Enter the Database User Name Enter your Database Password then re type the database password in the Confirm Password field Enter your desired Login Attributes Click Save To configure a Kerberos authentication server 1 Toc 1 2 3 4 2 3 4 5 Select Authentication Authentication Servers Kerberos Enter the IP address Realm of the server Enter the Realm Domain Name example avocent com Enter the Domain Name example avocent com Click Save onfigure an NIS authentication server Select Authentication Authentication Servers NIS Enter the NIS Domain Name of the server example corp avocent com Enter the NIS Server Address or broadcast default is broadcast Click Save To configure a DSView authentication server 1 2 3 Select Authentication Authentication Servers DS View Enter IP Address 1 4 for the DS View servers in the relevant fields Click Save Accessing the Console Server via the Web Manager 53 Users Accounts and User Groups Access to ports can be optionally restricted based on authorizations that an administrator can assign to custom user groups Groups can also be authorized to manage power while connected to devices The console server has two default users admin and root and four pre defined
69. igure the Socket Client Profile for a serial port with a connected device 1 Select Ports Serial Ports 2 Click the checkbox for a serial port with a connected device 48 Avocent ACS 6000 Advanced Console Server 3 Click Set Socket Client and use the drop down menus to configure the physical settings 4 Configure the Socket Client Settings remote server address TCP port and event trigger and click Save Socket Client Parameters Parameter Description Enable Cisco RJ 45 Pin Out Defines the serial port pinout Defines the status of the serial port as either enabled or disabled Default Disabled Defines the speed as 300 1200 2400 4800 9600 19200 38400 57600 115200 or 230400 Default 9600 Parity Defines the parity as Even Odd or None Default None Data Bits Defines the data bits as 5 6 7 or 8 Default 8 Stop Bits Defines the stop bits as 1 or 2 Default 1 Defines the flow control as none hardware software RxON software or TXON software Default None Remote Server IPv4 or IPv6 address of the remote server Remote TCP Port TCP port to be used to establish a connection with a remote server 2 Configure the event that will trigger the establishment of P TADA Connection the connection DCD Regards or Always Pluggable Devices Flow Control The console server supports a variety of pluggable devices connected to its USB ports Some models also support PC cards connected to the PCMCIA slots on th
70. is configured for your console server clicking the Help button from any form on the web manager opens a new window and redirects its content to the configured path for the online help product documentation NOTE Using the online help feature from the Avocent Cyclades server is not always possible due to firewall configurations nor is it recommended It is generally advisable for you to use the online help system provided with the product or download the online help zip file and run it from a local server The system administrator can download the online help from Avocent For more information on downloading the online help contact Technical Support Once the online help file is obtained in zip format the files must be extracted and put in to a user selected directory under the web server s root directory The web server must be publicly accessible NOTE The default URL for online help is http global avocent com us olh acs6000 v_3 0 0 en index html General An administrator can configure a login banner to display when a user begins a SSHv2 Telnet Console or web manager session To create a login banner 1 Click System General in the side navigation bar 2 Check the box to enable the login banner 3 Enter the text you want displayed upon login in the Login Banner field and click Save 28 Avocent ACS 6000 Advanced Console Server Boot Configuration Boot configuration defines the location from which the console
71. l port The following figure shows the rear connectors on the console server Rear of the Console Server ACS 6032 Console Server Shown cyclades or Connectors on the Console Server Rear Euless Description Power supplies dual AC shown Serial ports 32 ports shown Models come with 4 8 16 32 or 48 serial ports ETH 1 10 100M 1G Ethernet port Can be connected to a second network or used for failover AUX Modem port If an optional internal modem is ordered this port is defined as a V 92 modem at the factory otherwise the port is factory defined as RS 232 with an RJ 45 ACS console server pinout and can be used to connect either an external modem or a power device ETHO 10 100M 1G Ethernet port for remote IP access Console port Allows for local administration and access to connected devices through a terminal or a computer with a terminal emulator 10 Avocent ACS 6000 Advanced Console Server Connecting device consoles or modems to serial ports Use CAT 5 or greater cables and DB 9 or DB 25 console adaptors as needed to connect target device consoles or modems to the serial ports on the console server The console server supports the Cisco serial port pinout configuration which is disabled by default If a Cisco cable is connected to a port an administrator must enable the Cisco pinout for the port An administrator can select Expert Ports Serial Ports SetCAS or SetPower Physical to open t
72. l with the following attribute raccess group name admin During the authentication phase the console server will receive the attribute raccess from the TACACS server The user regina belongs to the authorization group TACACS_1 and the user special belongs to the authorization group admin To configure a group in a RADIUS authentication server Define which group s the user belongs to in the attribute FRAMED_FILTER_ID with the following syntax group_name lt acs6000_group1 gt lt acs6000_group2 gt NOTE The group names should be separated by a comma and end with a semi colon NOTE The ACS 6000 console server accepts multiple FRAMED_FILTER_ID attributes For example In the console server configure new authorization groups RADIUS_1 and RADIUS_2 and configure the access rights for these groups In the Radius server configure the user regina with the following attribute FramedFilterID group name RADIUS 1 RADIUS 2 Or FramedFilterID RADIUS 1 RADIUS 2 Or FramedFilterID RADIUS 1 FramedFilterID RADIUS 2 Then configure the user special with the following attribute Accessing the Console Server via the Web Manager 61 PremedkilteriD groto nemesacminy During the authentication phase the console server will receive the attribute FramedFilterlD from the RADIUS server The user regina belongs to authorization group RADIUS_1 and RADIUS_ 2 and the user special belongs to authorization group admin
73. les or disables the PDU s buzzer Default Enabled When enabled the software s overcurrent protection is on Default Disabled To copy clone the configuration of one port to other ports 1 Select Ports Serial Ports Click the checkbox for the serial port you want to clone Click the Clone button 69 J9 Enter the serial port s to be configured in the Copy Configuration To field and click Save NOTE If the selected port is configured as a CAS Profile the following parameters will not be copied Port Name TCP Port Alias IPv4 Port Alias IPv6 Port Alias and Power merged outlets To reset one or more serial ports to their factory configuration 1 Select Ports Serial Ports 2 Click the checkbox for one or more serial ports you want to reset to their factory configuration then click the Reset To Factory button NOTE Serial ports are set to the CAS Profile and disabled in the factory configuration 42 Avocent ACS 6000 Advanced Console Server Auxiliary ports On the Auxiliary Ports screen you can enable the auxiliary port and configure it based on the type of connected device To configure or edit auxiliary port with connected PDU 1 Select Ports Auxiliary Ports 2 Click the Set Power button and use the drop down menus to configure the physical settings 3 Click Next or click the Power link a Use the drop down menu to select the PDU type b Check the box to enable speed auto detection c
74. ll script that will run when the match happens Click Nextto return to the Alerts screen NOTE The console server allows an administrator to associate one shell script to the alert string When there is a match with the alert string the console server will call the script passing the port number and the line where the match occurs as arguments c Check the box next to an existing alert and click Delete to delete the string d Click Delete Any to delete all strings whether selected or not NOTE Clicking Delete Any will delete all alert strings Selecting all the alert strings and clicking Delete is not the same functon as it will not delete alert strings not shown in the table 7 Click Next or click the Power link a Click Add to add a new outlet Click Selected PDU and select a PDU from the list of detected PDUs Enter the outlet s in the Outlets field and click Next b Check the box next to an existing merged outlet and click Delete to delete it NOTE Power is only available when a single serial port is selected 8 Click Save CAS Profile Parameters Parameter Description Enable Cisco RJ 45 Pin Out Defines the serial port pinout Default Disabled Defines the status of the serial port as either enabled or disabled Default Disabled Defines the speed as 300 1200 2400 4800 9600 19200 38400 57600 115200 or 230400 Speed Default 9600 Defines the parity as either Even Odd or None Default None Defi
75. load to download the firmware to the console server 3 When the download finishes the Install PM Firmware screen appears If the version information is correct click Upgrade Now to start the upgrade of the firmware in the PDU 4 When the upgrade finishes the Finish Upgrade screen appears with the result of the upgrade action Click Finish 66 Avocent ACS 6000 Advanced Console Server NOTE You can upgrade the firmware for multiple PDUs at the same time for Avocent PM PDUs only To view a PDU s information and manage outlets 1 2 Select Power Management PDUs Click the name of the PDU you want to view or manage The Outlet Table with power controls window appears and the side navigation bar displays a list of options To manage outlets of PDU a Check the box es of the outlet number s you want to manage b Click On Off Cycle Lock or Unlock to perform that function for the selected outlet s Click Information in the side navigation bar to view a PDU s information Click Overview in the side navigation bar to view data monitoring information Click Current Voltage Power Consumption Energy Consumption or Environment in the side navigation bar to view a table with appropriate information Click Reset Values to clear Max Min and Average values To configure a PDU Click Settings to expand the side navigation bar Click Outlets Click on an outlet number to change its settings Click Save then click
76. low the maximum temperature NOTE The Maximum Temperature Threshold field will define a region around the maximum temperature When the temperature exceeds the Maximum Temperature plus Threshold an event notification will be generated When the temperature falls below the Maximum Temperature minus Threshold an even notification that the console server has returned to normal operating temperature will be generated This is also true for setting the minimum temperature threshold 4 Inthe Minimum Temperature field enter the temperature in degrees Celsius that if the console server s temperature falls below will generate an event notification 5 Inthe Minimum Temperature Threshold field enter the temperature threshold in degrees Celsius above the minimum temperature 6 Click Save Power Management Connected power devices can be used for remote power management The console server enables users who are authorized for power management to turn power on turn power off and reset devices that are plugged into a connected PDU The following types of power devices can be connected to any serial port or to the AUX Modem port if an internal modem is not installed e Avocent Power Management Power Distribution Unit PM PDU Emerson Network Power MPH2 rack Power Distribution Units PDUs as well as MPX and MPH rack PDUs with RPC2 cards installed Accessing the Console Server via the Web Manager 65 e Cyclades PM Intelligent Power Dist
77. ly available Nominal voltage 120 VAC Typical 0 17 A 20 W Maximum 0 25 A 30 W Consumption Nominal voltage 230 VAC Typical 0 1 A 23 W Maximum 0 15 A 35 W Nominal voltage 48 VDC 20 tolerance Typical 0 5 A Ambient Atmospheric Condition Ratings Temperature Temperature 20 to 80 relative humidity non condensing across the operating temperature range 1 715 x 17 250 x 9 50 in 4 3561 x 43 815 x 24 13 cm 6 7 pounds 2 722 3 175 kg depending on the model Emissions and Immunity FCC Class A USA CE Class A EU ICES 003 Canada VCCI Certifications Japan C Tick Australia no internal modem A Tick Australia KCC Korea Safety UL 60950 1 USA cUL Canada EN 60950 1 EU CB GS GOSTR Russia 72 Avocent ACS 6000 Advanced Console Server Recovering a Console Server s Password To recover the console server s root password 1 N W RF WO M Connect directly to the console servers CONSOLE port Turn the console server off then on again Press the Spacebar to access the uboot prompt Type hw_boot single and press Enter The console server will boot into single user mode Type passwd and press Enter Enter the new password and confirm Type reboot and let the console server boot normally Appendices 73 Port Information for Communication with the DSView Software The following ports on an ACS 6000 advanced console server can accept connections from the DSView management software TCP port
78. munications between the console server and other computers that have IPSec installed ESP and AH authentication protocols RSA Public Keys and Shared Secret are supported For more information see PSec VPN on page 33 Packet filtering An administrator can configure a console server to filter packets like a firewall Packet filtering is controlled by chains which are named profiles with user defined rules The console server filter table contains a number of built in chains that can be modified but not deleted An administrator can also create and configure new chains 4 Avocent ACS 6000 Advanced Console Server SNMP If SNMP is enabled in the selected security profile an administrator can configure the Simple Network Management Protocol SNMP agent on the console server to answer requests sent by an SNMP management application The console server SNMP agent supports SNMP v1 v2 and v3 MIB II and Enterprise MIB For more information see SNMP Configuration on page 34 NOTE The text files with the Enterprise MIB ACS6000 MIB asn and the TRAP MIB ACS6000 TRAP MIB asn are available in the appliance under the usr local mibs directory Data logging notifications alarms and data buffering An administrator can set up data logging notifications and alarms to alert administrators of problems with email SMS SNMP trap or DSView software notifications An administrator can also store buffered data locally remotely or with DSView man
79. n Profile Secure Dial In Callback Users Click Add Enter the name and phone number used to perform the callback in the appropriate fields and click Save To configure PPP OTP users for ports with the Dial in Profile 1 2 3 Select Ports Dial In Profile Secure Dial In PPP OTP Users Click Add Enter the username and passphrase in the appropriate fields and click Save NOTE This PPP OPT user will establish PPP connection after being successfully authenticated To configure EAP TLS as PPP authentication for ports with the Dial in Profile 1 2 Select Ports Serial Ports Or Select Ports Auxiliary Ports Check the box next to the port where the modem is connected and click Set Dial in NOTE If using an auxiliary port the modem can be internal Configure the PPP Address settings For example set the PPP Address to Local Configuration using 10 0 0 1 as the Local IPv4 Address and 10 0 0 2 as the Remote IPv4 Address For PPP Authenticaion select the button next to By Appliance and then select the button next to EAP for the protocol Click Save Select Ports Dial In Profile Settings Use the drop down menu to enable the PPP Connection and click Save Accessing the Console Server via the Web Manager 47 7 Copy the certificates and keys to the etc ppp cert file They must be named server crt the ACS 6000 console server certificate ca crt the Certificate Authority s certificate and serve
80. nal modems or wireless modem CardBus devices Features and Benefits Access options Secure access is available through the following local analog console port and remote digital IP and dial up options s LAN WAN IP network connection e Dial up to a factory configured internal modem optional a modem connected either to a serial port or the AUX port which is only possible when an internal modem is not installed or to a PC phone card installed in one of the PC card slots if applicable or in the USB port ora wireless modem 2 Avocent ACS 6000 Advanced Console Server e Target device connection An authorized user can make a Telnet SSH v1 SSH v2 or Raw connection to a target device For Telnet or SSH to be used for target device connections the Telnet or SSH service must be configured in the Security Profile that is in effect e Console server console connection An administrator can log in either from a local terminal or from a computer with a terminal emulation program that is connected to the console port and can use the CLI utility The CLI utility prompt cli gt displays at login More than one administrator can log into the console server and have an active CLl or web manager session All sessions receive the following warning message when the configuration is changed by another administrator or by the system The appliance configuration has been altered from outside of your session Upon receipt of this message
81. nced Console Server Configuration Descriptions Number Description Number Description 31 Acs 6000 advanced console server Phone line A 3 client Local Area PDU one or more eee A Serial port connection LAN firewall Remote authentication server Either AUX Modem or any serial port De view client server Modem ordered and configured internally at the factory or Remote local external modem on a device in one of the PC card slots or USB 14 Windows Linux port or connected to a serial port or the AUX port computer PC card modem Ethernet or storage not available on all models Introduction 6 Installation Getting Started Before installing your ACS 6000 console server refer to the following list to ensure you have all items that shipped with it as well as other items necessary for proper installation Supplied with the console server e Quick Installation Guide QIG Power Cord RJ 45 to RJ 45 straight through CAT 5 cable RJ 45 to DB 9F cross adaptor DB 25 loop back plug e RJ 45 to DB 25M cross adaptor RJ 45 to DB 25F cross adaptor RJ 45 to DM 25M straight through cable e Mounting brackets screws and cord retention clips Keyhole mounting kit Software License Agreement e Safety Sheet Additional items needed If you are configuring the console server in a standalone configuration you will also need the following items One or more RJ 45 to RJ 45 CAT 5 straight through cables
82. ned to simplify the setup and configuration process by guiding an administrator through the configuration steps An administrator can configure all ports in the CAS Profile and set the Security Profile Network and Users Settings using the Wizard By default the first time an administrator accesses the console server through the web manager the Wizard will be displayed Subsequent log ins will open in Expert mode and once the console server has been configured Expert mode becomes the default mode An administrator can toggle between Expert and Wizard modes by clicking the tab bar on the web manager administrator screen Figure 3 2 shows a typical screen when an administrator is in Wizard mode Wizard Screen Cyclades AC S6000 amp Avocent not allowed and HTTPS SSLA ion to HTTPS Telnet and ICMP nd SNMP urity profile Redirect HTTPATIPS hp guration Retrieval Any time DHCP renews Jes the appliance through HTTPS por 3602 Allow appliance to be managed by OSView The following procedures describe how to configure the console server from the Wizard To configure security parameters and select a Security Profile 1 Select the Security link in the content area Accessing the Console Server viathe Web Manager 19 2 Select the desired Security Profile If using a Custom Security Profile click the checkboxes and enter values as needed to configure the services SSH and HTTP and HTTPS options to conform with your sit
83. nes the data bits as either 5 6 7 or 8 Default 8 Defines the stop bits as either 1 or 2 Default 1 38 Avocent ACS 6000 Advanced Console Server Parameter Description Defines the flow control as none hardware software RxON software or TxON software Default None Port Name Flow Control Name associated with the serial port as an alias Default lt appliance mac address gt p lt port number gt Enable Auto The target name will be discovered and will be associated with this serial port If it fails the Discovery Port Name will be used Default Disabled Enable Speed Auto Detection Tries to discover the speed of the serial port This feature requires additional configuration under the CAS Profile Auto Discovery Settings page Default Disabled The protocol that will be used by authorized users to access the serial port target The console server accepts three protocols for connection to the target Telnet for telnet connection SSH for secure connection and Raw Mode for raw socket connection An administrator can configure the port to accept one two or all three types NOTE Raw protocol requires the configuration of the Raw Mode Port Alias Default value Telnet SSH Authentication Authentication type that will be used to authenticate the user during target session Default Type Local Hotkey to suspend the target session and go to the CLI prompt Not available for Raw Default Ctrl Z Note The defa
84. nfiguration NOTE The following step is only required if CHAP was selected in the PPP Auth Protocol field in the DSView software Settings Dial up window 76 Avocent ACS 6000 Advanced Console Server 15 Log in to the console server s CLI and access the Linux shell Edit the etc ppp chap secrets and add aline in the format where the first column should have the PPP user and the third column should have the PPP password as is shown in the following example pppuser ppppassword gt Appendices 77 Internal Modem Some models of the ACS 6000 console server come equipped with an internal modem This modem is used to originate and answer phone calls and establish communication with other modems to transmit data Controlling the modem s functions is done by using the AT commands These commands are used to instruct the modem to perform functions such as dialing or answering calls and are normally automatically issued by communication software However for some applications custom software may have to be written due to the absence of a normal operating system The modem will automatically accept and process AT commands at most standard DTE Data Terminal Equipment speeds and parity settings For each command issued the modem will respond with a result code to inform you of the modem s status The format of a basic AT command and result code is as follows AT lt Command gt lt CR gt OK AT Attention lt Command gt
85. nnection at 14400bps 14400 Naa Line speed or DTE connection at 19200bps 19200 7 S Line speed or DTE connection at 38400bps 38400 Seed Line speed or DTE connection at 57600bps Digital line guard The modem has an optional Digital Line Guard Circuit that automatically detects an over current situation on the Tip and Ring pins When the modem goes off hook it will immediately check the current on the Tip and Ring pins If the current exceeds 150 mA the modem will display the DIGITAL LINE DETECTED result code and then go back on hook The modem will continue to display this result code until normal current is detected on the Tip and Ring pins during an off hook condition The DLG feature will protect the modem in case it is accidentally connected to a Digital Telephone Line 83 Sleep mode operation The modem can be set to enter the low power sleep mode by setting ATS24 n In this case n is time in seconds that the modem will operate in normal mode with no detected telephone line or DTE line activity before entering low power sleep mode The timer is reset upon any DTE or telephone line activity If S24 is set to zero the modem will never enter the low power sleep mode Disconnecting a call There are several ways to disconnect a call Below are the choices Resetting the modem s power or toggling the Reset Line Pin 12 will disconnect and put the modem back into the OFF line state An ON to OFF transition of
86. ntact information email address of the console server s administrator for example acs6000_admin avocent com b Enter the SysLocation information physical location of the console server for example Cyclades __AC S6000 then click Save to go back to the SNMP screen 3 Click Add to add a new community or v3 user 4 Enter the community name for SNMP v1 v2 or the user name for SNMP v3 in the Name field and enter the OID 5 Select the desired permission from the pull down menu Choices are Read and Write or Read Only 6 Ifthe required SNMP version is v1 or v2 click the Version v7 v2 button then enter the source valid entry is the subnet address Or If the required SNMP version is v1 or v2 using an IPv6 network click the Version v1 v2 for IPv6 network button then enter the source valid entry is the subnet address Or If the required SNMP version is v3 click the Version v3 button then select the Authentication Type MD5 or SHA enter the authentication passphrase or password select the Encryption Method DES or AES enter the privacy passphrase and select the Minimum Authentication Level NoAuthNoPriv AuthNoPriv AuthPriv 7 Click Save NOTE For SNMP v1 v2c the console server will allow an administrator to configure the same community name with different sources filters to have access to specific object identifiers OIDs Ports An administrator can enable and configure serial ports auxiliary
87. ol IPv4 Alias Lu interface used by the IPv4 Alias Default EthO Interface Pool IPv6 Alias The IPv6 address used by the pool This parameter is optional Pool IPv6 Alias interface used by the IPv6 Alias Default Eth0 Interface Dial in Profile An administrator can configure secure dial in settings such as OTP login PPP connections PPP PAP authentication callback and OTP users for PPP connections NOTE If pluggable devices are being used for dial out dial in should be disabled To configure secure dial in settings for ports with the Dial in Profile 1 Select Ports Dial In Profile Settings 2 To enable logging in to the console server through the modem and select a condition for which logging in is allowed perform the following steps a To allow callback connections only select Callback b To allow any connection select Enable 3 Toenable OTP authentication select Enable from the OTP Login Authentication menu 4 To enable and select a condition for PPP connections perform the following steps a To allow PPP callback connections only select Callback 46 6 Avocent ACS 6000 Advanced Console Server b To allow any connection select Enable When the PAP authentication protocol is configured for the port select the authentication type from the PPP PAP Authentication menu Click Save To configure callback users and phone numbers for ports with the Dial in Profile Select Ports Dial I
88. om Moderate Open or Secure under the Security Profile heading 7 Enable disable SSH authentication via username password 8 Click Save DSView software security You can also configure DS View software security settings When the console server is managed by the DSView software the DS View server will supply the certificate to the console server Under normal conditions the DSView software will manage the certificate to clear and replace it with a new certificate as needed If communication with the DSView software is lost the DSView server will be unable to clear the certificate and the console server cannot be used Click the Clear DS View Certificate button to configure the console server in Trust All mode To configure DSView software security settings 1 Select System Security DSView 2 Click the Allow appliance to be managed by DS View checkbox and click Save FIPS module The console server has embedded the FIPS capable OpenSSL that is the combination of the FIPS Object Module the FIPS 140 2 validated module along with a FIPS compatible OpenSSL itis a version of the OpenSSL product that is designed for compatibility with the FIPS Object Module API If an administrator enables the FIPS module the console server will use the FIPS Object Module to perform encryption operations The FIPS module is disabled by default When the FIPS module is enabled the Monitoring FIPS mode page will show what service SSHv2 HTTPS
89. ple groups the login profile used will be the first enabled login profile based on alphabetical order of the group 58 Avocent ACS 6000 Advanced Console Server ts_menu Options Command Description Lp Displays TOP po Li Display local Pv assigned to the seralpor L16 Display local 1Pv6 assigned to the serial port n onedlstsponsandext To add access to serial ports for a user group 1 Click Users Authorization Groups Click the new user group name In the side navigation bar click Access Rights In the content area click Add OT E O N Move serial target devices from the Available Target box on the left to the box on the right by double clicking on the serial target name or by selecting the target and clicking the Add button You can remove any targets from the box on the right by double clicking on the target or by selecting the target and clicking the Remove button 6 Selectthe desired access rights 7 Click Save The Serial screen will appear and show the serial target devices you have authorized for use by the user group with configured permission s 8 Editthe access rights by selecting the checkbox next to one or more of the target names in the list as needed and click Edit The Target Access Rights screen is displayed with the access rights Select the desired access rights and click Save To assign PDU access for a user group NOTE Assigning PDU access to a user group gives them full access
90. ports the CAS Profile and the Dial in Profile from the Ports tab in the side navigation bar On the auxiliary ports screen you can enable the auxiliary port and configure it based on the type of connected device Serial ports On the Serial Ports table you can specify the connection profile CAS Dial In Power Dial Out or Socket Client based on the type of connected device and you can clone the port reset to factory defaults and enable disable ports To enable or disable one or more serial ports 36 Avocent ACS 6000 Advanced Console Server 1 Select Ports Serial Ports 2 Click the checkbox for each port you want to enable or disable 3 Click the Enabled or Disabled button To configure or edit one or more serial ports with the CAS Profile 1 Select Ports Serial Ports 2 Click the checkbox for each port you want to configure 3 Click the Set CAS button a To change the default pinout when a Cisco cable is connected to the selected port s select the Enable Cisco from the RJ 45 pinout checkbox Use the drop down menus to enable or disable the port and set the speed parity data bits stop bits and flow control 4 Click Next or click the CAS link a Enter the port name when only one port was selected or the port name prefix when more than one port were selected The port name will be lt port name prefix gt p lt port number gt Check the box to enable auto discovery In this case the port
91. r key the ACS 6000 console server asymmetric key Dial out Profile To configure the Dial out Profile for a serial port with a connected modem 1 Select Ports Serial Ports Click the checkbox for a serial port with a connected modem Click the Set Dial out button Use the drop down to enable disable the port Configure the phone number to dial on demand in the field Phone No Use the drop down to configure the modem speed Configure the initial chat with modem in the Init Chat field 2 NOOR WN Configure the PPP parameters address authentication and so on and click Save NOTE The Dial out profile will work only to establish PPP link on demand The administrator must configure static route to have packages routed to the PPP interface Dial out Parameters Parameter Description Status Enables or disables the port Default Disabled Phone No The phone number to dial to Sheed The speed that will be used to configure the serial p device and communicate with the connected modem Init Chat Chat for modem initialization Configures the local Pv4 IPv6 address for this Local IPv4 IPv6 Address PPP connection If empty PPP will accept the address from the remote peer Configures the remote IPv4 IPv6 address for this Remote IPv4 IPv6 Address PPP connection If empty PPP will accept the address from the remote peer PPP Idle Timeout Numbenot seconds being idle before PPP times out Default 0 no time out To conf
92. ribution Units IPDUs With Cyclades PM IPDUs up to 128 outlets can be daisy chained and managed from a single serial port e Avocent SPC power control devices Server Technology Sentry family of Switched Cabinet Power Distribution Units CDUs Smart Cabinet Power Distribution Units Smart CDUs and switched CDU Expansion Module CW CX power devices One additional level of power devices can be daisy chained with ServerTech Expansion modules e Server Technology Sentry Power Tower XL PTXL and Power Tower Expansion Module PTXM power devices NOTE The term PDU refers to any of these types of power devices The console server automatically recognizes and supports Liebert RPC2 cards Avocent PM PDUs Cyclades PM PDUs or Avocent SPC devices when the corresponding serial port is configured for power management PDUs To manage a PDU 1 Select Power Management PDUs 2 Select the checkbox next to the PDU you want to manage 3 Click On Off Cycle Reboot PDU Reset HW Overcurrent Protection or Factory Defaults if desired A confirmation appears Click OK NOTE The power controls On Off and Cycle will be applied to all outlets of the PDU 4 Tochange the PDU ID click Rename and enter the name in the New PDU ID field 5 Click Save To upgrade firmware 1 Select the checkbox next to the PDU you want to upgrade and click the Upgrade Firmware button 2 Fill all fields with correct information and click Down
93. s The User Names screen is displayed with a list of all users Click Add The Local User Information screen is displayed Enter the new username and enter a password then confirm the password Select or deselect User must change password at the next login checkbox A ee To add the user to an available user group select the user group name in the box on the left and click Add user is the default group You can remove a user group from the box at right by selecting it and clicking Remove 6 Enter the desired parameters for Password Expiration 54 Avocent ACS 6000 Advanced Console Server e Min Days Enter the minimum number of days allowed between password changes Password changes attempted sooner will be rejected If not specified 1 is the default which disables the restriction Max Days Enter the maximum number of days a password is valid After this period a password change will be forced If not specified 1 is the default which disables the restriction e Warning Days Enter the number of days that a warning is issued to the user prior to expiration Entering 0 will cause the warning to be issued on the expiration day A negative value or no value means that no warning will be issued 7 Enter the desired Account Expiration date YYYY MM DD 8 Click Save To configure password rules 1 Click Users Local Accounts Password Rules 2 If password complexity is desired recommended make sure Check Password
94. server loads the operating system The console server can boot from its internal firmware or from the network By default the console server boots from Flash memory Clicking System Boot Configuration will display the Boot Configuration screen If you need to boot from the network make sure the following prerequisites are met e ATFTP or BootP server must be available on the network Anupgraded console server boot image file must be downloaded from Avocent and made available on the TFTP or BootP server The console server must be configured with a fixed IP address s The bootfilename and the IP address of the TFTP or BootP server is known To configure boot configuration 1 Click System Boot Configuration 2 Under Boot Mode select From Flash and select Image 1 or Image 2 Or Select From Network and enter the following information e Appliance IP Address Enter the fixed IP address or a DHCP assigned IP address to the console server TFTP Server IP Enter the IP address of the TFTP boot server s Filename Enter the filename of the boot firmware 3 Using the drop down menu select whether the Watchdog Timer is enabled If the Watchdog Timer is enabled the console server reboots if the software crashes 4 Using the drop down menu select one of the following speeds for both Ethernet 0 Mode and Ethernet 1 Mode 100BT full 100BT half 10BT full 10BT half or Auto 5 Using the drop down menu select the console port spee
95. sired If renaming a device enter the new name in Rename field Click Save NOTE Always eject a pluggable device from the web manager Any other method may cause a kernel panic Device configuration Storage devices are automatically mounted and configured once detected by the console server Ethernet cards and modems must be configured NOTE Configuration of wireless devices takes effect only after the device is ejected and re inserted To configure a pluggable device 1 From the side navigation bar click Pluggable Devices 2 Foranetwork device click its name to configure its network parameters 3 or 4 For a modem V 92 or wireless click the box next to its name and then click either Set Dial In or Set Dial Out to configure its dial in or dial out parameters Authentication Authentication can be performed locally with OTP or on a remote Kerberos LDAP NIS Radius or TACACS authentication server If the console server is managed by a DSView server DSView authentication is also supported The console server also supports remote group authorizations for the LDAP Radius and TACACS authentication methods Fallback mechanisms of the following types are available 50 Avocent ACS 6000 Advanced Console Server Local authentication can be tried first followed by remote if the local authentication fails Local Remote_Method Or Remote authentication may be tried first followed by local Remote_Method Local
96. stalled and configured devices the user is authorized to access 2 Select Serial Viewer from the Action column A Java applet viewer appears Ina gray area at the top of the viewer the Connected to message shows the IP address of the console server followed by the default port number or alias 3 Log in if prompted The following table describes the available buttons in the Java applet Java Applet Buttons for Connecting to the Purpose EDIE EELS To send a break to the terminal Accessing the Console Server viathe Web Manager 21 Button Purpose Disconnect i To disconnect from the Java applet Select the left icon to reconnect to the server or device or select the right icon to end the session and disconnect from the Java applet System Tools Click System Tools to display icons which can be clicked to reboot or shut down the console server upgrade the console server s firmware save or restore its configuration or open a terminal session with the console server To upgrade a console server s firmware 1 From http www avocent com browse to the product updates section and find the firmware for your console server 2 Save the new firmware to an FTP server or to your desktop 3 From the sidebar of the console server s web manager click System Tools then click Upgrade Firmware 4 Download the file from an FTP server by selecting FTP server a Inthe FTP site field enter the address ofthe FTP server where you sa
97. t to add a rule to 4 Click Add and configure the rule as needed then click Save To edit a rule 1 Select Network Firewall 2 Select either Pv4 Filter Table or IPv6 Filter Table as needed 3 From the chain list click the name of the chain with the rule you want to edit 4 Select the rule you want to edit and click Edit 5 Modify the rule as needed and click Save IPSec VPN Virtual Private Network VPN enables a secure communication between the console server anda remote network by utilizing a gateway and creating a secured connection between the console server and the gateway The IPSec protocol is used to construct the secure tunnel and provides encryption and authentication services at the IP level of the protocol stack NOTE IPSec VPN is not supported with IPv6 When Network PSec VPN is selected the IPSec VPN screen is displayed Use the Add button to add a VPN connection or click on an existing connection name to edit one already in the list Click the Delete button to delete an existing connection If NAT settings need to be changed click the Configure NAT button When you click the Add button the PSec VPN Add screen is displayed NOTE To run IPSec VPN you must enable IPSec under the custom Security Profile The remote gateway is referred to as the remote or right host and the console server is referred to as the local or left host If left and right are not directly connected then you must also
98. tablish the connection Bootp Configuration Retrieval You can set your console server to be reconfigured during boot or at IP renewal To generate configuration to be retrieved 1 Click System Tools Save Configuration and save the configuration to either an FTP site or locally Or Use the list_configuration command to get the CLI template scripts edit the configuration of the console server and save it as a text file Or Edit a file with CLI commands and save it 2 Transfer the saved file to a DHCP server 3 Configure the DHCP server to transfer the configuration file to the console server To reconfigure a console server with bootp 1 Click System Security Security Profile Under the Bootp Configuration Retrieval heading ensure the box next to Enabled is checked 26 Avocent ACS 6000 Advanced Console Server 2 Uncheck the box next to Enable Live Configuration The saved configuration will be retrieved and applied on the next reboot Or Ensure the box next to Enable Live Configuration is checked The saved configuration will be retrieved and applied on the next IP renewal NOTE You must configure your DHCP server in order to transfer the configuration file to your console server Date and Time The console server provides two options for setting the date and time It can retrieve the date and time from a network time protocol NTP server or you can set the date and time manually so that the console serv
99. the DTR signal Pin 4 will also disconnect the modem If you use this method check to make sure that the DTR command is set to amp D2 or amp D3 and not forced 8D0 The remote device can also cause the modem to disconnect If the remote modem disconnects your modem will automatically sense the loss of the carrier signal and return to the OFF line state The ATH or ATZ commands can also be used to disconnect a call In order to issue a command to the modem when it is On Line the modem must be placed into the On Line Command State This is accomplished by issuing a special escape sequence The default value of this three digit escape sequence is the character see S2 to change The is protected by a one second delay before and after it is sent see S12 to change the time When the modem detects the escape sequence the OK result Result code will be displayed and the modem is in the On Line Command State The ATH or ATZ command can now be issued to disconnect the call Selecting country codes Setting the modem s country code is done by with the GCI command To change to one of the 30 available countries issue the AT GCl n command where n is one of the two digit country codes This command must be issued each the modem is turned on It will not automatically store or save this setting It should be part of the Initialization string Example AT GCI 00 lt CR gt Meaning Change country code to Japan OK Meaning The mo
100. tion in the appropriate fields Under the DSView heading enter the IP address of the DSView server where event notifications will be sent in the DS View server field Enter the syslog server port number for the DSView server the SSH information and the buffer warning information in the appropiate fields Click Save Trap Forward The console server will receive SNMP traps and forward them to a remote SNMP trap server To add a SNMP trap server to forward traps 2 3 4 Accessing the Console Server viathe Web Manager 63 Click Events and Logs Trap Forward Click Add Enter the IP address of the remote server and the UDP port Enter the OID to filter traps to send to this server optional To edit SNMP trap server configuration 1 2 3 Click Events and Logs Trap Forward Click the index of the server to be edited Update the UDP port and or the OID and click Save Data Buffering To configure Data Buffering 1 2 Select Events and Logs Data Buffering Enter the segment size in kilobytes and spare segments in the Local Data Buffering Settings section In the NFS Data Buffering Settings section enter the following information NFS Server NFS Path Segment Size Kbytes and Spare Segments NOTE RPC service must be enabled in the Security Profile screen before configuring NFS Data Buffering Settings NFS does not support IPv6 6 To segment data buffering files every day based in hour
101. to all power management functions for that PDU If you want the user group to have access to outlets only use the procedure To assign outlet access for a new custom user group below 1 Clickon Users Authorization Groups Click on the user group name In the side navigation bar click Access Rights Power oe u In the content area click Add The PDU Assignment screen appears with the list of available PDUs in the left box Accessing the Console Server via the Web Manager 59 5 Move PDU devices from the Available PDU box on the left to the box on the right by double clicking on the PDU name or by selecting the PDU and clicking the Add button You can remove any PDUs from the box on the right by double clicking on the PDU name or by selecting the PDU and clicking the Remove button 6 You can specify a custom PDU ID in the field at bottom and assign it a custom PDU ID NOTE The custom PDU ID is for assigning user group authorization to manage PDUs that have not yet been connected to the console server 7 Click Save To assign outlet access for a new custom user group NOTE Assigning outlet access to user groups allows group members to turn outlets on or off and enable locking and power cycle capabilities on compatible PDUs 1 Click Users Authorization Groups Click on the new user group name In the side navigation bar click Access Rights Power Outlets Click Add The Add Outlet screen is displayed
102. ult escape character for ts_menu is Ctrl X Hotkey to suspend the target session and display Power Management Menu to control the outlets merged to the target Not available for Raw Default Ctrl P NOTE The default escape character for ts_menu is Ctrl X Telnet Port Alias TCP port to connect directly to a serial port using Telnet protocol for the connection SSH Port Alias TCP port to connect directly to a serial port using SSH protocol for the connection Raw Mode Port Alias TCP port to connect directly to a serial port using raw socket for the connection Pv4 IP v6 address used to connect directly to a serial port Default not configured empty IPv4 IPv6 Interface ETHO ETH1 associated with the IPv4 IPv6 alias Default ETHO Alias Interface When the DCD is OFF the appliance will deny access for this serial port Default Disabled allow access if DCD is OFF On Enable Auto When the input data matches one input string configured in Auto Answer the output string will Answer be transmitted to the serial port Default Disabled DTR Mode can be set to the following Always On Normal the DTR status will depend on the DTR Mode existence of a CAS session Off Interval when the a CAS session is closed the DTR will stay down during this interval Default Normal S Interval in seconds used by DTR Mode Off Interval in milliseconds Default 100 Eine Feed Enables the suppression of the LF character after the CR charact
103. ved the firmware b Enter the username and password for the FTP server in the appropriate fields c Enter the file directory where the firmware is saved and the filename for the firmware in the appropriate fields or Download the file from your desktop by selecting My Computer a Type the filename for the new firmware or click Browse to open a window to browse to the file 5 Click Download The console server will download the firmware from the specified site and will display a message when the download is complete 6 Click Install 7 Once the new firmware is installed reboot the console server NOTE If the page after installation displays empty or blank values there was not enough memory to upgrade the firmware Reboot the console server and upgrade the firmware again 22 Avocent ACS 6000 Advanced Console Server System Click System to display information about the console server and allow an administrator to configure the console server s system parameters The following tabs are listed under System in the side navigation bar Security Security Profile A Security Profile determines which network services are enabled on the console server During initial configuration the console server administrator must configure security parameters to conform with the site security policy The following security features can be configured either in the web manager CLI or the DSView software Configure the session idle tim
104. will not require password authentication if Single Sign on Authentication is enabled To set authentication for the console server 1 Click Authentication Appliance Authentication 2 Select the desired authentication server from the Authentication Type drop down menu 3 Select Enable fallback to Local type for root user in appliance console portwhen the remote authentication fails and an administrator wants to access the appliance via console port as the root user 4 5 Accessing the Console Server via the Web Manager 51 Select Enable single sign on to enable single sign on authentication and select the desired authentication server from the Authentication Type drop down menu Click Save Authentication servers When using an authentication server you must configure its IP address and in most cases other parameters before it can be used The following authentication servers require configuration RADIUS TACACS LDAP S AD Kerberos NIS and DSView servers To configure a RADIUS authentication server 1 2 8 Select Authentication Authentication Servers RADIUS Enter the IP addresses of the First Authentication Server and First Accounting Server If used enter the IP addresses for the Second Authentication Server and Second Accounting Server Enter your secret word or passphrase in the Secret field applies to both first and second authentication and accounting servers then re enter the secret word or p
105. you can access the console server with its web manager The web manager provides direct access to the console server via a graphical user interface instead of a command based interface NOTE For instructions on accessing the console server via the CLI or DSView software see the Cyclades ACS 6000 Command Reference Guide or the DSView Software Installer User Guide Web Manager Overview for Administrators NOTE For an overview of the web manager for regular users see Web Manager Overview for Regular Users on page 70 To log into the web manager 1 Open a web browser and enter the console server IP address in the address field 2 Login as either admin with the password avocent or as root with the password linux Figure 3 1 shows a typical web manager screen for an administrator and descriptions follow in Table 3 1 Administrator Web Manager Screen 18 Avocent ACS 6000 Advanced Console Server Web Manager Screen Areas AS Description 1 Top option bar The name of the appliance and of the logged in user appear on the left side Refresh Print Logout and Help buttons appear on the right Tab bar Displays whether the admin is in Expert or Wizard mode Side navigation bar Menu options for configuration viewing of system information and access to devices The options change based on user rights Content area Contents change based on the options selected in the side navigation bar Wizard Mode The Wizard mode is desig
Download Pdf Manuals
Related Search