Avocent Cyclades CS ACS-16 2DC
Contents
1. Yes CVDIAHKHSWNKh Figure 9 1 Ports Physical Ports Using this form you can enable or disable ports and configure parameters for individual or a group of serial ports You can select contiguous serial ports on the form by using the Shift key or non contiguous ports by using the Ctrl key on your keyboard You can Enable Selected Ports or Disable Selected Ports by pressing the corresponding button You can select the Modify All Ports button to specify the same parameters for all the serial ports or you can select Modify Selected Ports button and set values for an individual or a group of ports To select one or more serial ports 1 Go to Ports Physical Ports in Expert mode The Physical Ports form appears 2 To select a port or ports do one of the following steps a To select a single port click the port 132 Cyclades ACS Advanced Console Server Installation Administration User Guide b To select multiple ports in a range click the first port in the list and then hold down the Shift key while selecting another port or ports c To select multiple ports that are not in a range click the first port in the list and then hold down the Ctrl key while selecting another port To enable or disable serial ports 1 Go to Ports Physical Ports and select a port or ports to modify 2 To enable selected ports click the Enable Selected Ports button 3 To disable selected ports click the Disable Sel2. Figure 7 9 Expert VPN New Modify Connection Dialog Box The remote gateway is referred to as the Remote or Right host and the console server is referred to as the Local or Left host If left and right are not directly connected then you must also specify a NextHop IP address The next hop for the remote or right host is the IP address of the router to which the remote host or gateway running IPSec sends packets when delivering them to the left host The next hop for the left host is the IP address of the router to which the console server sends packets to for delivery to the right host A Fully Qualified Domain Name in the ID fields for both the Local Left host and the Remote Right host where the IPSec negotiation takes place should be indicated Chapter 7 Network Menu and Forms 93 The following table describes the fields and options on the form Check with your system administrator who defined and configured the security protocols if needed The information must match exactly on both ends local and remote Table 7 12 Field and Menu Options for Configuring a VPN Connection Field Name Definition Connection Name Any descriptive name you wish to use to identify this connection such as MYCOMPANYDOMAIN VPN Authentication Protocol The authentication protocol used either ESP Encapsulating Security Payload or AH Authentication Header Authentication Method Authentication method used
3. By 9 Internet Figure 8 11 Custom Security Profile Dialog Box CAUTION Take the required precautions to understand the potential impacts of each individual service configured under the Custom profile It is not possible to continue working in the Web Manager without selecting a Security Profile Once you select a security profile or configure a custom profile and apply the changes the console server Web Manager restarts in order for the changes to take effect 5 Select apply changes to save the configuration to Flash The console server Web Manager restarts 6 Login after Web Manager restarts 7 The Web Manager defaults to Ports Ports Status page Security certificates The ACS console server generates its own self signed SSL certificate for HTTPS using OpenSSL NOTE It is highly recommended that you use the openssl tool to replace the console server generated certificate Certificate for HTTP security A certificate for HTTP security is created by a Certificate Authority Certificates are most commonly obtained through generating public and private keys using a public key algorithm like Chapter 8 Security Menu and Forms 129 RSA or X 509 The keys can be generated by using a key generator software The procedures to obtain a Signed Digital Certificate is documented in the ACS Command Reference Guide Chapter 3 Authentication Section 3 7 Certificate for HTTP Security User configured digital certificate Yo
4. Total Load Number field Enter the maximum amperes allowed by the IPDU before Max A generating an event Always enabled SPC and ServerTech IPDUs only Total Load Number field Usually set for zero setting this field to a minimum value for Min A current amperes is useful for monitoring if a device or devices lose power unexpectedly which will generate an event SPC and ServerTech IPDUs only Applications IPDU Power Mgmt Software Upgrade An administrator can select Expert Applications IPDU Power Mgmt Software Upgrade to upgrade software firmware for Cyclades PM IPDUs only The screen shows the currently installed software version on the selected IPDU If a newer software version is available you can download new software for your IPDU using the following procedure To download Cyclades IPDU software Use this procedure to download software from the Avocent website 1 Type http www avocent com web en nsf Content Cyclades_Download PM in your browser address field to open the Downloads page NOTE Your web server must be in the same subnet as the console server 2 Compare the displayed version number to the version shown in the Applications IPDU Power Mgmt Software Upgrade screen 3 Ifa newer firmware version is available click the Firmware link associated with the appropriate version The download starts 4 After the download completes copy the file into the tmp folder and rename it with th
5. Task Where Documented Configure serial ports for power management protocol To configure a serial port for IPDU power management on page 148 How administrators perform IPDU power management IPDU Power Management on page 56 using the Web Manager How regular users manager power outlets using the To close an SSH session on page 26 Web Manager Connect the IPDU to the console server unit and daisy To daisy chain Cyclades IPDUs to the console chain multiple IPDUs server on page 22 Connecting third party IPDUs IPDUs from SPC and ServerTech can be connected to and managed by the ACS console server Special cabling and an adaptor is required for this purpose These cables and adaptors are available from Avocent or you can build your own cable as needed See Console server serial port pin out information on page 15 for this purpose NOTE ServerTech IPDU installation management and operation is license based through Avocent s DSView 3 management software only To daisy chain Cyclades IPDUs to the console server This procedure assumes that you have one Cyclades PM IPDU connected to a serial port on the console server NOTE Daisy chaining is not possible with SPC IPDUs ServerTechIPDUs will allow only one level Master and Slave of daisy chaining 1 Connect one end of a UTP cable with RJ 45 connectors to the OUT port of the Cyclades IPDU connected to the serial port on the console server Connect the other end
6. 16 Cyclades ACS Advanced Console Server Installation Administration User Guide To turn on connected devices Turn on the power switches of the connected devices only after you have completed the physical connection to the console server Performing basic network configuration using the wiz command The following procedure assumes that a hardware connection is made between the console server s console port and the COM port of a server To log into the console server through the console From your terminal emulation application log into the console port as root console server login root Password tslinux WARNING For security reasons it is recommended that you change the default password tslinux as soon as possible To change the default password enter the passwd command at the prompt and enter a new password when prompted NOTE The Security Advisory appears the first time console server is accessed or after a reset to factory default parameters If you are upgrading the firmware on the console server the previously configured security parameters are retained in the Flash memory To use the wiz command to configure network parameters 1 Launch the Configuration Wizard by entering the wiz command root CAS root wiz As shown in the sample screen below the system displays the configuration wizard banner and begins running the wizard Chapter 2 Installation 17 TERRA PENG ERS ERODE EE ER PERENE TERATE EENEN ER
7. Make sure an entry for the console server and the Kerberos server exist in the console server s etc hosts file Go to Network Host Table in Expert mode The Host Table form appears Add an entry for the console server if none exists and an entry for the Kerberos server a Click Add The New Modify Host dialog appears b Enter the address in the IP Address field c Enter the name in the Name field d Enter an optional alias in the Alias field Make sure that time date and timezone settings are synchronized on the console server and on the Kerberos server NOTE Kerberos authentication depends on time synchronization Time and date synchronization can be achieved by setting both the console server and the Kerberos server to use the same NTP server 4 5 To specify an NTP server see To configure time and date using an NTP server on page 165 To set the time and date on the console server manually see To set the time and date manually on page 165 Work with the Kerberos authentication server administrator to synchronize the time and date between the console server and the Kerberos server Set the timezone on the console server by going to Administration Time Date in Expert mode as shown in the following figure The default is GMT Chapter 8 Security Menu and Forms 123 System Information Notifications Boot Configuration Timezone Pacific par EditCustom Backup Config Upgrade Firmware Netw
8. Software Upgrade Cear Max Detected Current Elesar Max Detected Temperature Max Detected 16 3 A Syslog ON Buzzer ON Threshold Max 15 0 A Figure 3 4 Regular User View IPDUs Info The following information is displayed for each port configured for power management Table 3 5 Power Management Display Information by Configured Port Form Heading Description Example Number of Units The number of IPDUs connected to the port The first IPDU is 1 referred to as the master Any other IPDUs daisy chained off the first IPDU are referred to as Slaves Syslog Whether syslogging has been configured for messages from this ON IPDU Buzzer Whether a buzzer has been configured to sound when a specified ON alarm threshold is exceeded Number of Outlets Total number of outlets on all connected IPDUs 8 Over Current Protection Whether over current protection is enabled to prevent outlets from OFF being turned on if the current on the IPDU exceeds the specified threshold Model IPDU model number PM8 15A Software Version IPDU firmware version 1 5 0 Alarm Threshold Number of amperes that triggers an alarm or syslog message if it 15 0A is reached Current Current level on the IPDU 0 0A Maximum Detected Maximum current detected 0 4A Clear Max Detected Temperature Use this button to refresh the currently displayed maximum detected temperature Temperature Temperatu
9. To upgrade the console server firmware This procedure is for upgrading the latest release of the console server firmware The upgrade installs the software on the Flash memory 1 Go to Administration Upgrade Firmware The Upgrade Firmware form displays 2 Choose FTP from the Type menu FTP is the only supported type 3 Enter the URL of the FTP server in the FTP Site field 4 Enter the username recognized by the FTP server in the Username field 5 Enter the password associated with the username on the FTP server in the Password field 6 Enter the pathname of the file on the FTP server in the Path and Filename field 7 Click the Upgrade Now button 8 Click cancel changes if you need to restore the backed up configuration files Reboot Selecting Administration Reboot in Expert mode brings up a simple form containing only a Reboot button Clicking the Reboot button reboots the console server To reboot the console server 1 Go to Administration Reboot in Expert mode 2 Click the Reboot button A confirmation dialog box displays 3 Click OK Online Help When the online help feature is configured for your console server clicking the Help button from any form on the Web Manager opens a new window and redirects its content to the configured path for the online help product documentation NOTE Using the online help feature from the Avocent Cyclades server is not always possible due to firewall configurations nor is it r
10. cscccsccssccessecencessseeesceesncesseceececuscesseceaceceneeeseeeenees 70 Chapter 7 Network Menu and Forms uuuurz2us40000nna00nnnnnnnnnnnnannnnnnnnnnnnnnnnnnnnnnnnannnnn nn 73 Host Settings en sees Br RReren entre here gene EEEa EEI TE 74 Gener lh st settings een sense nee 74 Disabling and enabling IPv4 or IPv6 protocols unesserseessessensnnennennonnnennonnnonsnennensnenennennnn 75 IPV4 settingsYisunuenssnu baten ann Ruine h kn cused in ES EVO A Ea EE ent iss heissen 76 EP VO SOLIS nn rennen ansehen on cots E eden uae dNaa ee E tate ddaneav easton 77 SV SLOG EE E E E Sa ees SOA aah read id aa haates pesos A E ae teas 81 PCMCIA Management nni eiei Naa E E nein toed EEEE OTEA Seas eevee 82 VEN CONNECHONS rikaa a aa E A eE EO oe EA EEEE SES E EE EEEIEE Eo eaS 9 SNMP e e e AG hey Des R este Leg Deren E dee Bags E T N 95 Firewall C nfiguration 2 2 2 2 ER RA Bee eT en ee 99 Host Table aaa ao case ac beebbasedes susthacdvseaubes nase OR EE a PERA EE EE EiS 108 State Route Soe nians esiet Sake or ii AE ER E A EE E end SEEE EEE EO AEO r EE E 109 Chapter 8 Security Menu and Forms usuuuussnunnnannnnnnnnnnnnnnnnnnnnnnnnnnnnnnannnnnnnnnnannnnnnn 113 Users Gnd Groups enansp kessnsueiiiireneinensiberipenisttnpnbrehties 113 Active Ports Sessi ns e a E E aE E E E E OE EENES 116 Authenticalion 20 ne E S E E A ASE EE E nee 117 vi Cyclades ACS Advanced Console Server Installation Administration User Guide Configur
11. Click OK 5 Click apply changes Chapter 7 Network Menu and Forms 89 Configuring a wireless LAN PC card You can use the PCMCIA Management form under Network to configure a Wireless LAN PC card When you select Wireless LAN from the pull down menu the dialog box shown in the following figure appears Ohttps 192 168 48 11 Slot 1 Mozilla Fi loj x OK Cancel Wireless LAN IP Address Network Mask MyPrivateNet 7 ESSID Channel 0 Mi Encrypted Key Done 192 168 48 11 9 7 Figure 7 8 Expert Wireless LAN PC Card Configuration Dialog Box The following table provides a brief description of the fields available in the Wireless LAN dialog box Table 7 10 Wireless LAN Dialog Box Fields Field Name Definition PC Card Pull down box to select the type of PC card that you are using IP Address The local IP address of the Ethernet Network Mask The network address of the Ethernet MyPrivateNet ESSID The unique identifier for the wireless access point Channel The communication channel with the access point Encrypted The translation of data into code during transmission Key The key or password to decode the encrypted data To configure a wireless LAN PC card 1 Install the wireless LAN PC card and select Wireless LAN from the pull down menu on the PCMCIA Management form 2 Inthe IP address field enter an IP address 90 Cyclades
12. v Critical v Info es by level v Critical v Info ges by level v Critical Info ssages by level v Figure 7 4 Expert Network Syslog 81 You can use the Syslog form to configure how the console server handles system logged messages The Syslog form allows you to perform the following e Specify one or more syslog servers to receive syslog messages related to ports e Specify rules for filtering messages The top field on the form CAS Ports Facility is used to tell console server where to send syslog messages You can specify a facility number for the messages from serial ports Obtain the facility numbers from the syslog server s administrator You can send the syslog messages 82 Cyclades ACS Advanced Console Server Installation Administration User Guide e To the console port for logging the messages even if no user is logged in e To all sessions where the root user is logged in e To one or more syslog servers You can add or remove syslog servers The bottom part of the form has filtering rules for specifying which types of messages are forwarded based on the following criteria e Severity level Emergency Alert Critical Error Warning Notice Info Debug e Category CAS log Data Buffering log Web log or System log To configure syslogging for serial ports and specify
13. 94 Cyclades ACS Advanced Console Server Installation Administration User Guide A https 192 168 51 3 Custom Profile Microsoft Internet Expl E O X j z a Telnet SNMP FTP RPC SSH SSH Options v SSH v1 SSH port 22 v SSH v2 v allow root access Web Access HTTP amp HTTPS Options 7 HTTP HTTP port 80 v HTTP redirects to HTTPS Y HTTPS HTTPS port 443 Access to Serial Ports allow SSH to Serial Ports allow Telnet to Serial Ports I internet Figure 7 10 Security Custom Profile Dialog 3 To enable IPSec click the checkbox next to IPSec 4 Click on OK 5 Click on Apply Changes 6 To add a VPN Connection click the Add button The New Modify Connection dialog box appears 7 Enter any descriptive name you choose for the connection in the Connection Name field 8 Select either ESP or AH from the Authentication Protocol pull down menu 9 Select Shared Secret or RSA Public Keys from the Authentication Method pull down menu 10 Set up the right and left hosts by doing the following steps a Enter the fully qualified domain name of the hosts in the ID fields These are the hostnames where the IPSec negotiation and authentication happens For example hostname xyz com b Enter the IP address of the host in the IP Address fields c Enter the IP address o
14. Administrators can e Add anew chain and specify rules for that chain e Add new rules to existing chains e Edit a built in chain or delete the built in chain rules Chapter 1 Introduction 7 Add rule and edit rule options When you add or edit a rule you can define any of the options described in the following table Table 1 3 Add Rule and Edit Rule Option Definitions Filter Options Description Source IP and Mask With source IP incoming packets are filtered for the specified IP address With Destination IP and Mask destination IP outgoing packets are filtered If you fill in a source or destination mask all packets are filtered for IP addresses from the subnetwork in the specified netmask NOTE For IPv6 only one field is available lt IP Address gt lt Prefix gt Protocol Select protocol options for filtering from ALL Numeric TCP UDP ESP IPv6 only ICMP IPv4 only and ICMPv6 IPv6 only Input Interface The input interface ethyn used by the incoming packet Output Interface The output interface eth used by the outgoing packet Flag any of the above elements with Inverted to perform target action on packets not matching any criteria specified in that line For example if you select DROP as the target action specify Inverted for a source IP address and do not specify any other criteria in the rule any packets arriving from any other source IP address than the one specified are dropped Numeri
15. Multi User Under Ports Physical Ports in Expert Mode after you select one or more serial ports and click Modify Port s you can select Multi User from the tabbed menu The Multi User form appears The Multi User form enables you to open more than one session from the same serial port Multiple users can connect simultaneously to a serial port To connect to a port or start a shared session the Chapter 9 Ports Menu and Forms 145 user must have permission to access the port If you allow multiple sessions through Allow Multiple Sessions pull down menu the Privilege Users field should be populated with the user names who have access rights The following table describes the available fields on the Multi User form Table 9 8 Expert Multi User Form Fields Field Name Definition Allow Multiple Sessions Options are No Yes show menu Read Write do not show menu and ReadOnly do not show menu Sniff Mode Allow sniffing on multiple user connection to a serial port Privilege Users Users with access rights to a multi user shared session Menu Hotkey The hotkey for accessing the menu Notify Users Checkbox to enable notify users of session access The following table describes the options from the Allow Multiple Sessions pull down menu Table 9 9 Available Options from the Allow Multiple Sessions Pull down Menu Option Description No Do not allow multiple sessions O
16. Table A 1 ACS Console Server Product Specifications ucesserseesnersersnesnernnennernnennennennnensnennen nn 175 x Cyclades ACS Advanced Console Server Installation Administration User Guide xi Terenem Figure 1 1 Front of the ACS Console Server nuuunesnessnesnernnennennennnennnennonnnnnnnnnnensnennonsenansnnsnnn 1 Figure 1 2 ACS Console Server ConnectorS euneunesnnennersesnnennennnensonsnensnnsensnenennnesnennnesennnennnn 1 Figure 2 1 Placement of Mounting Brackets Forward Mounting Configuration Shown 13 Figure 2 2 Configuration Wizard Screen ccccsccesescescessceceseeesceseeeseessecseceaeeaecesesseceeseseseeeeaeens 17 Figure 2 3 Current Configuration Wizard Screen for Option 0 IPv4 Enabled 18 Figure 3 1 Regular ser Form a uuenusenesehesissase dee sanieren 24 Figure 3 2 Regular User IPDU Power Mgmt Form uesserseeserseesnensnesnennnennnennennennnensennnnnnn 27 Figure 3 3 Regular User IPDU Power Mgmt Outlet Groups Ctrl 28 Figure 3 4 Regular User View IPDUs Info 2022422202200220ns0ennensnennensnesennesnnennenennnensennnnnnn 29 Figure 4 1 Administrator Web Manager Buttons uuusesseesserseesnersensnensnesnennennennenennnensennnnnn 32 Figure 4 2 Example of Web Manager Form in Wizard Mode 35 Figure 4 3 Example of Web Manager Form in Expert Mode uusursuesnernnesnnennennernnenennennn 36 Figure 5 1 Administrator
17. User Name Password Repeat Password Group Regular User Shell Comments 12 2 3138 Figure 5 8 Wizard Step 4 Access Add User Dialog Box 46 Cyclades ACS Advanced Console Server Installation Administration User Guide The following table defines the information required in the fields Table 5 5 Wizard Add User Dialog Field Names and Definitions Field name Definition User Name The username for the account being added Password and Repeat The password for the account Password Group The choices in the Group menu are Regular User Default or Admin NOTE To configure a user to be able to perform administrative functions select the Admin group To define a new group go to the Expert mode and select Security Users and Groups Shell Optional The default shell when the user makes an SSH or a Telnet connection Choices are sh Default or bash Comments Optional notes about the user s role or configuration If you click the Change Password button the following dialog box appears Ohttps 192 168 48 11 Change U OK Cancel New Password Repeat New Password Done 192 168 48 1 Figure 5 9 Wizard Step 4 Change Password Dialog Box To add a user Select Step 3 Access The Access form displays Click Add The Add User dialog box appears 3 Enter the username and password in the User Name and Password fields and enter the
18. if not click on the checkbox to deselect DHCP and enter your network settings manually 3 Enter the required network information Select apply changes to save configuration to Flash 5 Select the Next button or proceed to Step 3 Port Profile address that can change Chapter 5 Configuring the ACS Console Server in Wizard Mode 43 Step 3 Port Profile Selecting Step 3 Port Profile displays a form for configuring the Console Access Profile CAS The protocol used to access the serial ports can be configured in this form Step 1 SecurityProfile Step 2 Network Settings Protocol Flow None Control Parity None Set up the CAS Console Access Server profile for the Step 4 Access serial ports Specify the serial parameters for all ports Step 5 Data Buffering Step 6 System Log See Help for more details The previous port specific parameters will be discarded Connection Console Telnet gt Baud 9600 z Rate Authentication Required I Kbps Data Size 3 gt Stop Bits 1 Figure 5 6 Wizard Step 3 Port Profile In Wizard mode the system assumes that all devices will be connected to the serial ports with the same parameter values If you need to assign different parameters to the serial ports that each server or device is connected to use the Expert mode Ports Physical Ports to assign individual port parameters NOTE All serial ports are disabled from the
19. incoming packets are filtered for the specified interface If an interface is entered in the Output Interface field outgoing packets are filtered for the specified interface The input and output interface fields are shown in the following figure along with the options on the Fragments pull down menu Input Interface MT Inverted Output Interface M Inverted Fragments All packets 2nd 3rd fragmented packets Non fragmented and 1st fragmented packets Figure 7 23 Input Output Interface Fields and Fragments Menu Options The following table defines the fields in the above figure Table 7 16 Expert Firewall Configuration Input Output Interface and Fragments Fields Ss Field Definition Input Interface The input interface ethN for the packet Output Interface The output interface ethN for the packet Inverted Inverting an item negates the selected rules Rules will apply to everything except the selected options Fragments The types of packets to be filtered e All packets e 2nd 3rd fragmented packets e Non fragmented and 1st fragmented packets LOG target If you select LOG from the Target field the fields and menus shown in the following figure appear in the LOG Options Section at the bottom of the form Chapter 7 Network Menu and Forms 105 LOG Options Section Log Level emerg Log Prefix l TCP sequence TCP options M IP options Figure 7 24 Firewall Configuration
20. master 152 menus and forms mapping Expert mode 55 methods of accessing the web manager other 20 MIB 95 163 management information base 95 163 MIIMON 75 mode Expert 35 wizard 34 modem connection protocol 135 PCMCIA cards configuring 84 moderate security profile 20 38 125 modes overview of administrative 34 mounting the ACS 13 MTU 77 multiple sessions allow 145 multi user 144 N NEBS certification 179 nexthop 93 NFS file path 143 NIS 4 141 NIS local 4 118 141 NISdownlocal 4 118 141 notification alarm 164 email 161 pager 162 serial ports alarm 164 SNMP trap 163 notifications 8 160 NTP 122 165 190 Cyclades ACS Advanced Console Server Installation Administration User Guide server using 165 number local TCP port 153 remote TCP port 153 trap 163 O OID 97 One Time Password required 84 86 90 online help 172 open security profile 20 38 125 OpenSSH 129 OpenSSL 128 129 options for managing power 11 options stty 150 options TCP 105 other methods of accessing the web manager 20 OTP 4 OTP Local 5 outlet groups configure 66 view information 59 outlets manager 27 57 62 64 65 66 output interface 7 104 over current protection 29 overrun 157 overview of administrative modes 34 P packet filtering on ACS 6 pager notification 162 parity 44 157 passwords IPDU configure 65 PCMCIA cards configuring CDMA 90 configuring compact flash 88 configuring CompactFlash 88 confi
21. password again in the Repeat Password field 4 Select from the Group menu options a Tocreate a regular user account without administrator privileges select Regular User Default from the Group pull down menu b To create an account with administrator privileges select Admin from the Group pull down menus NOTE To define a new group switch to Expert mode and select Security Users and Groups Chapter 5 Configuring the ACS Console Server in Wizard Mode 47 Enter the default shell in the Shell field optional Enter comments to identify the user s role or configuration in the Comments field optional Click OK Click the apply changes button a ON To delete a user 1 Select Step 3 Access The Access form displays 2 Select the username to delete 3 Click Delete 4 Click apply changes To change a password open to anyone who knows the default password and the console server s IP address For security reasons change the root password from the default tslinux as soon as possible Select Step 3 Access The Access form displays Select the name of the user whose password you wish to change Click Change Password The Change User Password dialog box displays Enter the new password in both fields and click OK A eo Sa Click apply changes Step 5 Data Buffering Selecting Step 5 Data Buffering displays a form to allow logging the console data to a data buffer file either locally in the consol
22. 11 4 Figure 7 26 Edit Chain Dialog Box 3 Select the desired policy from the Policy pull down menu 4 Click OK 5 Click apply changes 6 To edit any rules for this chain go to To Edit a Rule To add a rule 1 Go to Network Firewall Configuration 2 Select the chain to which you wish to add a rule from Chain list and then click the Edit Rules button 3 Click the Add Rule button The Add Rule dialog box appears Configure the rule as desired For definitions of the fields in this form see Firewall Configuration on page 99 5 Click OK 6 Click apply changes To edit a rule Go to Network Firewall Configuration 2 Select the chain that you wish to edit from the list and click the Edit Rules button The Edit Rules form appears 3 Select the rule to be edited from the Rules list and then click the Edit button The Edit Rule dialog box appears 108 Cyclades ACS Advanced Console Server Installation Administration User Guide 4 Modify the rule as desired For definitions of the fields in this form see Firewall Configuration on page 99 5 Click OK 6 Click apply changes Host Table The Host Table form enables you to keep a table of hostnames and IP addresses that compose your local network and provides information on your environment Selecting Network Host Tables displays the form shown in the following figure IP Address Name 127 0 0 1 localhost 192 168 160 10 CAS feee abed 0 0 0 0 0 1 Server
23. 143 remote IP 84 153 remote TCP port number 153 replacing the battery 181 requirements port access 25 requirements pre installation 13 root 2 3 16 access allow SSH 38 125 access SSH 55 routes static 109 RPC 38 126 RS232 signal 156 RSA key 93 rule add 7 run checksum 170 RX bytes 157 S safety precautions 178 secured security profile 20 38 125 security profile custom 20 profile default 20 profile moderate 20 38 125 profile open 20 38 125 192 Cyclades ACS Advanced Console Server Installation Administration User Guide profile secured 20 38 125 profile selecting 19 Security Certificates 128 security profiles 124 security profiles and serial port settings 39 126 selecting a security profile 19 serial port authentication 38 125 serial port settings and security profiles 39 126 serial ports alarm notification 164 serial ports connect to 25 servers syslog 8 sessions active ports 116 sessions allow multiple 145 set the time and date 165 settings host 74 shell 46 simple network management protocol SNMP 95 slave 152 SLIP 135 SMS 162 SMTP 161 sniff mode 145 SNMP 8 38 95 126 SNMP trap notification 163 SNMP trap notifications 162 SNMP simple network management protocol 95 SNMPv1 163 SNMPv2 163 SSH menu configuration to launch 70 SSH root access 55 SSH root access allow 38 125 SSH console 133 SSHv1 38 125 134 SSHv2 38 125 134 SSL certificate 128 static routes 109 statistics por
24. 3 Select apply changes to save configuration to Flash 4 Select the Next button or proceed to the next section Step 4 Access Step 4 Access Selecting Step 4 Access displays the form shown in the following figure that enables you to add or delete user accounts and set or change existing passwords Chapter 5 Configuring the ACS Console Server in Wizard Mode 45 In addition administrative privileges can be granted to added users by adding the user accounts to an admin group enabling them to administer the connected devices without the ability to change the configuration of the console server By default any user can access any port as long as a valid user ID and password are used Step 1 Security Profile Step 2 Network Settings Step 3 Port Profile Add users who will be able to access all ports By default all users can access all ports Step 5 Data Buffering See Help for more details Step 6 System Log Users root Figure 5 7 Wizard Step 4 Access The Access form lists the currently defined users and features Add Change Password and Delete buttons In the Users list by default there is a root account that cannot be deleted The root has access privileges to allthe Web Manager s functionality as well as access to all the serial ports on the console server Click the Add button The following form is displayed https 711 72 26 31 3 Add User Mozilla Firefox amp es
25. 60 viii Cyclades ACS Advanced Console Server Installation Administration User Guide Table 6 4 Expert Applications Ipdu Power Mgmt View IPDUs Info Description 61 Table 6 5 IPDU Power Mgmt Configuration Description 22u22n02nnennenneennennennensnnnnensnennennennenn 63 Table 6 6 Conventions Used in Specifying Outlets for User Accessibility ueeeseessererseeneeneennen 68 Table 6 7 Outlet Designations on Daisy chained IPDUs PM10 SHOWN scesssessecesseceeeeeeseeeneees 69 Table 6 8 Methods for Specifying a Specific Port on Daisy chained IPDUs uneenenene 70 Table 7 1 Expert Network Menu Descriptions cesersersnernersnesnnennesnnennernnnnennonnnensnnsnensnennenne san 73 Table 7 2 Network Host Settings General Tab Form Field ueunerseensenseensersennnesnennennennenn 74 Table 7 3 Network Host Setting IPv4 Field Defintions u22u022u22202seennennoennensnennensnennennennnen 77 Table 7 4 Network Host Setting IPv6 Field Defintions u2uu022s22202seennenseennensnnnnensnesnennennenn 78 Table 7 5 Modem Dialog Box Fields uu uuussursesnernnesnesnernnesnennnennonnnnnnnnsnensonnennnesnnennennennnenn 84 Table 7 6 ISDN Dialog Box Fields u2202200ssunseesnensnennersnesnnennesnnennernonnnennonnnonsnnsnensne nennen 85 Table 7 7 GSM Dialog Box Fields is scisceseviness cevsciiasecositasates thats nmen a Bm ann 86 Table 7 8 Ethernet Di
26. 9 0 Polling Rate The time interval at which the IPDU is polled by the PMD 30000 ms Default Voltage The nominal input voltage feeding the power device 127V NOTE Some power devices do not have the capability to read the real input voltage using proper voltage sensors Power Factor The ratio of the real power to the apparent power a number 0 707070 between 0 and 1 that is frequently expressed as a percentage Real power is the capacity of the circuit for performing work ina particular time Apparent power is the product of the current and voltage of the circuit 62 Cyclades ACS Advanced Console Server Installation Administration User Guide Table 6 4 Expert Applications Ipdu Power Mgmt View IPDUs Info Description Continued Form Heading Description Example Cycle Interval The time delay in seconds for powering up subsequent outlets after a given outlet has been powered up Sequence Interval The time delay in seconds when powering up multiple outlets at the same time ServerTech IPDU only Current value The instantaneous current measured from the IPDU at 1 3A this time Threshold Max The maximum current that can be reached before an alarmis 20 0 A initiated or the buzzer sounds or both Max Detected The recorded maximum current reported by this IPDU which 1 3A may include transients Temperature value The maximum temperature allowed in the IPDU before an Max Detected alarm is initiated or
27. ACS Advanced Console Server Installation Administration User Guide 3 In the Network Mask field enter the netmask for the subnet In the MyPrivateNet ESSID field enter the SSID for communicating with others in your network Click OK DE a OY Click apply changes In the Channel field enter a channel number Click the Encrypted checkbox if an encrypted data communication is required Enter a unique key for decoding the encrypted data Configuring aCDMA PC card You can use the PCMCIA Management form under Network to configure a CDMA PC card When you select CDMA from the pull down menu the CDMA dialog box appears CDMA cards are modem cards that make it possible for the console server to receive a dial in connection and support the callback feature using the ppp protocol The following table provides a brief description of the fields available in the CDMA dialog box Table 7 11 CDMA Dialog Box Fields Field Name Definition PC Card Pull down box to select the type of PC card that you are using Local IP The local IP address of the CDMA card used by the ppp connection Remote IP The remote IP address of the CDMA card used by the ppp connection Speed The speed used by console server to access the card Additional Initialization Additional initialization parameter to be sent to the card CDMA configuration has a default command sequence to initialize the card but if additional initialization comma
28. Add Rule and Edit Rule LOG Target Fields The following table defines the menu options and fields in the LOG Options Section Table 7 17 Expert Target LOG Options Selection Fields Field or Menu Name Definition Log Level One of the options in the pull down menu Log Prefix The prefix is included in the log entry TCP Sequence Includes the TCP sequence in the log TCP Options Includes TCP options in the log IP Options Includes IP options in the log REJECT target If REJECT is selected from the Target pull down menu the following pull down menu appears REJECT Options Section Reject with icmp net unreachable z o net unreachable iemp host unreachable iemp port unreachable iemp proto unreachable icmp net prohikited icmp host prohikited echo reply tcp reset Figure 7 25 Firewall Configuration Add Rule and Edit Rule REJECT Target Menu Options 106 Cyclades ACS Advanced Console Server Installation Administration User Guide Any Reject with option causes the input packet to be dropped and a reply packet of the specified type to be sent Table 7 18 Reply Packet Names and Definitions Field Name Definition Reject with Reject with means that the filter will drop the input packet and send back a reply packet according to any of the reject types listed below icmp net unreachable ICMP network unreachable alias icmp host unreachable ICMP host unreachable alias icmp
29. Cyclades Si este es el caso tome las siguientes precauciones Apague el Cyclades ACS advanced console server Asegurase que este tocando tierra antes de tocar cualquier otra cosa que puede ser al tocar la parte trasera del equipo Appendices 183 Bateria IMPORTANTE Una bateria nueva puede explotar si no esta instalada correctamente Remplace la bateria cuando sea necesario solo con el mismo tipo recomendado por el fabricante de la bateria Deshacerse de la bateria de acuerdo a las instrucciones del fabricante de la bateria 184 Cyclades ACS Advanced Console Server Installation Administration User Guide Appendix C Technical Support Our Technical Support staff is ready to assist you with any installation or operating issues you encounter with your Avocent product If an issue should develop follow the steps below for the fastest possible service To resolve an issue 1 Check the pertinent section of this manual to see if the issue can be resolved by following the procedures outlined 2 Check our web site at www avocent com support to search the knowledge base or use the online service request 3 Call the Avocent Technical Support location nearest you 185 Bal A access 139 allow SSH root 38 125 SSH root 55 access requirements port 25 access server CAS profile console 133 access to connected devices configuring 9 accessing ACS 2 accessing the web manager other methods of 20 ACS accessing 2 administrator
30. Cyclades ACS Advanced Console Server Installation Administration User Guide Configuring a CompactFlash PC card or a hard disk drive PC card You can use the PCMCIA Management form under Network to configure a CompactFlash PC card or a hard disk drive PC card When you select CompactFlash Hard Disk from the pull down menu the dialog box shown in the following figure appears A http 192 168 48 11 Slot 1 Mic OK Cancel Compact Flash Hard Disk MV Enable M use for data buffering Ei Figure 7 7 Expert CompactFlash Hard Disk PC Card Configuration Dialog Box The following table provides a brief description of the fields available in the CompactFlash Hard Disk dialog box Table 7 9 CompactFlash Hard Drive Dialog Box Fields Field Name Definition PC Card Select CompactFlash Hard Disk from the pull down menu Enable Checkbox to enable the storage device Use for Data Buffering Checkbox to select the storage device for data buffering To configure a CompactFlash PC card or hard disk drive 1 Install the CompactFlash PC card or the hard disk drive PC card and select CompactFlash Hard Disk from the pull down menu on the PCMCIA Management form The Enable checkbox appears on the Slot dialog box 2 Click the Enable checkbox The Use for data buffering checkbox appear on the Slot dialog box 3 If desired uncheck the Use for data buffering checkbox Default is checked
31. Cyclades ACS advanced console server does not exceed the Class A limits for radio noise emissions from digital apparatus set out in the Radio Interference Regulations of the Canadian Department of Communications L Cyclades ACS advanced console server n mete pas de bruits radio lectriques d passant les limites applicables aux appareils num riques de la classe A prescrites dans le reglement sur le brouillage radio lectrique edict par le Minist re des Communications du Canada Aviso de Precaucion S Mark Argentina Por favor de leer todos los avisos de precauci n como medida preventiva para el operador y el Cyclades ACS advanced console server IMPORTANTE No hacer funcionar el Cyclades ACS advanced console server con la tapa abierta IMPORTANTE Para prevenir un corto circuito en el Cyclades ACS advanced console server al desconectarlo de la red primero desconectar el cable del equipo y luego el cable que conecta a la red Para conectar el equipo a la red primero conectar el cable a la red y luego al equipo IMPORTANTE Asegurarse que el equipo este conectado a tierra para prevenir un shock el ctrico El cable el ctrico del equipo viene con tres clavijas para conectar asegurar conexi n a tierra No use adaptadores o quite la clavija de tierra Si se tiene que utilizar una extension utilice una que tenga tres cables con clavija para conexi n a tierra Para proteger al Cyclades ACS advanced console server de fluctuaciones en corri
32. Solaris Ready NEBS for ACS 16 NEBS and ACS 32 NEBS with single or dual DC power supplies 176 Cyclades ACS Advanced Console Server Installation Administration User Guide Appendix B Safety Regulatory and Compliance Information The following safety regulatory and compliance information for the ACS console server is described in this appendix Safety and environmental guidelines for rack mounting the console server on page 176 Safety precautions for operating the console server on page 178 Sicherheitsvorkehrungen beim Betrieb des Cyclades ACS on page 178 NEBS certification on page 179 Working inside the console server on page 180 Replacing the battery on page 181 Austausch der Batterie on page 181 Remplacement de la batterie on page 181 FCC warning statement on page 181 Notice about FCC compliance for all Cyclades ACS Advanced Console Server models on page 181 Canadian DOC notice on page 182 Aviso de Precauci n S Mark Argentina on page 182 Trabajar dentro del Cyclades ACS Advanced Console Server on page 182 Safety and environmental guidelines for rack mounting the console server NOTE Each heading and its contents in this section is also provided in German Deutsch in italics immediately following the English version The following considerations should be taken into account when rack mounting the Cyclades ACS advanced console server Folgendes sollte beim Rack Einbau des Cyclades ACS beriicksichtigt werden Tempe
33. a SLIP session Assumes the specified console server serial port is connected to an external modem CSLIP Starts a CSLIP session Assumes the specified console server serial port is connected to an external modem Power Management Configures the serial port for power management Assumes an IPDU is connected to the serial port To configure a serial port connection protocol for a console connection This procedure assumes that the selected serial port is physically connected to a console port on a device 1 Go to Ports Physical Ports in Expert mode select a port or ports to modify click the appropriate Modify Ports button The General form appears 2 Click the General tab The General form appears with the number s of the selected port s next to the Done button at the bottom of the form All active tabs are yellow 3 To change the connection protocol select one of the options from the Connection Protocol pull down menu Console Telnet Console SSH Console Telnet amp SSH or Console Raw The default is Console Telnet 4 If you wish to change any of the other current settings see To configure serial port settings to match the connected devices on page 138 5 To further configure the serial port s connection protocol e For user access and authentication methods see Access on page 139 e For TCP Port number and other port configuration options see Other on page 149 136 Cyclades ACS Advanced Console
34. and Server Tech for supported Server Technology IPDUs The username and password are used to authenticate communication between the console server and the IPDU If the IPDU username and password are changed in the IPDU firmware the username and password must be changed in this screen so the console server can use the correct username and password to communicate with the IPDU General Users Management Cyclades Terminal Profile Menu Username Password admin pms SPC Username Password admn admn ServerTech Username Password admn admn Figure 6 8 Applications PMD Configuration 66 Cyclades ACS Advanced Console Server Installation Administration User Guide Applications PMD Configuration Outlet Groups An administrator can select Expert Applications PMD Configuration Outlet Groups to configure outlet groups General Outlet Groups Users Management Group Outlets Cyclades _PDU i1lA 2 i9A 8 Figure 6 9 PMD Configuration Outlet Groups Any configured outlet groups are listed in the Group column followed by the string used to identify the group during configuration in the form IPDU_ID outlets as shown The Add Edit and Delete buttons are used to configure the outlet groups Specify groups of outlets using the following format IPDU_ID outlets Where IPDU_ID is the name configured for the IPDU such as ilA and outlets are numbers separated
35. and the configuration procedures of the Web Manager in Wizard and Expert modes If you are a regular user see Chapter 3 Common Tasks for ACS Console Server Administrators The following table shows some of the common tasks that are performed by an administrator and references to more information about performing the task Table 4 1 Administrator Common Administrative Tasks Task Where documented Set up users and groups to access connected Users and Groups on page 113 devices Set up user authentication to access serial ports Access on page 139 Configure serial ports for power management To configure a power management protocol for an IPDU on page 137 Assign users permissions to manage outlets on To configure an outlet group on page 66 connected Cyclades PMs Set up local or remote data buffering and specify To configure data buffering for serial ports on page 144 alarms for one or more serial ports To choose a method for sending notifications for serial port data buffering events on page 160 Set up logging of system messages to a To view and reset IPDU information on page 62 syslog server 32 Cyclades ACS Advanced Console Server Installation Administration User Guide Table 4 1 Administrator Common Administrative Tasks Continued Task Where documented Select an authentication method for accessing Authentication on page 117 connected devices Configure packet filtering Firewa
36. appear for each protocol are explained in the following sections Numeric protocol fields If Numeric is selected as the protocol when specifying a rule a text field appears to the right of the menu for the desired number TCP protocol fields If TCP is selected as the protocol when specifying a rule the additional fields shown in the following figure appear on the bottom of the form TCP Options Section Source Port to Inverted Destination Port to Inverted TCP Flags SYN any 7 ack any gt FIN any 7 rst any 7 URG any 7 PSH Any Inverted Figure 7 21 Firewall Configuration TCP Protocol Fields and Menu Options Chapter 7 Network Menu and Forms 103 The following table defines the fields and menu options in the TCP Options Section Table 7 14 Expert TCP Options Fields Field Menu Option Definition Source Port A port number for filtering in the Source Port or Destination Port field A range of OR IP address can be specified by adding a second port number in the to field TCP Destination Port packets are filtered for for the range of specified IP addresses AND to TCP Flags The TCP flags cause packets to be filtered for the specified flag and the selected condition The flags are SYN synchronize ACK acknowledge FIN finish RST reset URG urgent or PSH push and the conditions are either Any Set or Unset Inverted By checking this box the TCP options are Inverted
37. be downloaded from Avocent and made available on the TFTP or BootP server The ACS console server must be configured with a fixed IP address The boot filename and the IP address of the TFTP or BootP server is known The following table describes the boot configuration form fields Table 10 6 Boot Configuration Form Fields Field Name Definition IP Address assigned to Ethernet A fixed IP address or a DHCP assigned IP address to the console server Watchdog Timer Whether the watchdog timer is active or inactive If the watchdog timer is active the console server reboots if the software crashes Unit boot from Specify whether to boot the console server from Flash or from the network Boot Type Select to boot from a TFTP server a BootP server or both Boot File Name Filename of the boot program Server s IP Address The IP address of the TFTP or the BootP server Console Speed An alternative console speed from 4800 to 115200 9600 is the default Flash Test Select to test boot from the Flash card You can skip this test or do a full test RAM Test Select to test boot from RAM You can Skip this test do a Quick test or a Full test Fast Ethernet The speed of the Ethernet connection Select the appropriate Ethernet setting if you need to change the Auto Negotiation default value e 100BaseT Half Duplex 100BaseT Full Duplex e 10BaseT Half Duplex 10Base
38. either RSA Public Keys or Shared Secret ID This is the hostname that a local system and a remote system use for IPSec negotiation and authentication It can be a fully qualified domain name preceded by For example hostname xyz com IP Address The IP address of the host NextHop The router through which the console server on the left side or the remote host on the right side sends packets to the host on the other side Subnet The netmask of the subnetwork where the host resides NOTE Use CIDR notation The IP number followed by a slash and the number of one bits in the binary notation of the netmask For example 192 168 0 0 24 indicates an IP address where the first 24 bits are used as the network address This is the same as 255 255 255 0 RSA Key If RSA Public Keys is selected You need to generate a public key for the console server and find out the key used on the remote gateway You can use copy and paste to enter the key in the RSA Key field Pre Shared Secret If Shared Secret is selected Pre shared password between left and right users Boot Action The boot action configured for the host either Ignore Add or Start To configure VPN To enable VPN make sure that PSec is enabled through the security profile section 1 Go to Security Security Profile The Security Profiles screen appears 2 To enable IPSec click on Custom The Security Custom Profile dialog box opens
39. entry press the Add button at the bottom of the SNMPv3 Configuration table The New Modify SNMP Daemon Configuration dialog box appears 3 To edit any SNMP configuration perform the following steps a For SNMPvI or SNMPV2 select the entry from the SNMPv1 SNMPv2 configuration list and click the Edit button b To edit an SNMPv3 entry select an entry from the SNMPv3 Configuration list and click the Edit button The New Modify SNMP Daemon Configuration dialog box appears 4 For SNMP vl or v2 configuration enter or change the following information a Enter the community name in the Community field b Enter the source IP address or range of IP addresses in the Source field 5 For SNMP v3 configuration enter or change the following information a Enter the username in the User Name field b Enter the password in the Password field NOTE The SNMPv3 password must be fewer than 31 characters 6 For any version of SNMP perform the following a Enter the unique object identifier for the object in the OID field b Choose Read Only or Read Write from the Permission field Click OK Click apply changes Chapter 7 Network Menu and Forms 99 NOTE In addition to SNMP configuration described in this section you need to make sure SNMP service is enabled and configured for one or more serial ports in order to send SNMP traps Firewall Configuration Firewall configuration also known as IP filtering refers to the selective blocking
40. factory by default The administrator can enable ports and assign specific users to individual ports through the Expert mode The following table lists the parameters with the available options and a brief description for each Table 5 4 Port Profile Setup Options Parameter Options Description Connection Console Telnet Default Sets the protocol to be used to connect to devices Protocol Console ssh that are connected to serial ports Console Telnetssh Console ssh encrypts data and Console Raw authentication information Console Telnetssh allows users to connect using either protocol Console Raw is for unnegotiated plain socket connections Use Expert mode if you wish to specify any of several other connection protocols that are listed under Ports Physical Ports Modify General Flow Control None Default Must match the flow control method of the devices Hardware Software connected to all serial ports 44 Cyclades ACS Advanced Console Server Installation Administration User Guide Table 5 4 Port Profile Setup Options Continued SSE EEE EE em ge pre Eng ar Pr eo e ee Parameter Options Description Parity None Default Must match the parity used by the devices Odd connected to all serial ports Even Baud Rate Kbps 9600 Default Must match the baud rates of the devices Options range from 2400 921600 connected to all serial ports Kbps Data Size 8 Default Must match the number of dat
41. for IPDUs is also possible if IPDU power management is configured The form displays as shown in the following figure Configure external syslog server location to receive unit s syslog messages Facility Number Local 7 SysLog Servers New SysLog Server Figure 5 12 Wizard Step 6 System Log Chapter 5 Configuring the ACS Console Server in Wizard Mode 51 NOTE To configure syslog with data buffering features for specific ports switch to the Expert mode Ports Physical Ports Modify Selected Ports Data Buffering Before setting up syslogging make sure a pre configured syslog server is available on the same network as the console server From the syslog server administrator obtain the the IP address of the syslog server and the facility number for messages coming from the syslog server To add a syslog server This procedure assumes you have the IP address of the syslog server and the facility number for messages coming from the console server Select Step 6 System Log The System Log form displays 2 From the Facility Number pull down menu select the facility number In the New Syslog Server field enter the IP address of a syslog server and then click the Add button Repeat this step until all syslog servers are listed 4 The new server s appears in the Syslog Servers list 5 Click apply changes To delete a syslog server 1 From the Syslog Server list select the syslog server that you wish to d
42. none Ethernet Port Static Address Figure 7 3 Expert Network Host Settings IPv6 78 Cyclades ACS Advanced Console Server Installation Administration User Guide The following table provides definitions of the IPv6 form fields Table 7 4 Network Host Setting IPv6 Field Defintions EB nn en a ee ee SaaS Field name Field Definition DHCPv6 Select None DNS Domain or DNS Domain from the pull down menu Choosing one selects the options for the information that will be retrieved from the DHCPV6 server e None No further data is retrieved from the server DNS The DNS server IP address is retrieved from the server e Domain The domain path is retrieved from the server e DNS Domain Both the DNS server IP address and the domain path are retrieved from the server Method Select Stateless only Static or DHCP methods from the pull down menu for the desired Ethernet port configuration method Selecting one of these options chooses the method used to obtain and configure IPv6 addresses e Stateless only IPv6 local addresses will be obtained dynamically from the IPv6 router in the local network This method should be used only if the other two methods are unavailable Local IPv6 addresses obtained by the router cannot be used outside of the local network e Static This method configures a static IPv6 address and its prefix length for the interface e DHCP The IPv6 address and its prefix length will be obtained dy
43. of defining the CAS profile The CAS connection protocols apply in the following cases e When a user access the serial port through the Web Manager the session automatically uses the specified protocol to connect to the console of the connected device e When a user logs in remotely to the serial port access is allowed only for the selected protocol If another protocol is used then access is denied For example if you specify the Console SSH protocol the user can use SSH but cannot use Telnet to access the serial port The following table shows the options from the list of connection protocols when the console server serial port is connected to the console port of a server or a device Table 9 1 Connections Protocols When Serial Port is Connected to Device Console Port Protocol Name Result Console Telnet Authorized users can use Telnet to connect to the console of the connected device Console SSH Authorized users can use SSH to connect to the console of the connected device Console TelnetSSH Authorized users can use Telnet and or SSH to connect to the console of the connected device simultaneously When multiple sessions feature is configured simultaneous Telnet and or SSH sessions are allowed through the serial port Console Raw Authorized users can make a Raw Socket connection to the console of the connected device Terminal Server TS profile connection protocols When a server terminal is co
44. of the passage of IP packets between global and local networks The filtering is based on rules that describe the characteristics of the packet For example the contents of the IP header the input output interface or the protocol This feature is used mainly in firewall applications to filter the packets that could potentially harm the network system or generate unnecessary traffic in the network Selecting Network Firewall Configuration displays the form shown in the following figure Host Settings Syslog PCMCIA Management Name Policy Packets VPN Connections INPUT ACCEPT 12823 SNMP FORWARD ACCEPT 0 7 OUTPUT ACCEPT 11478 INPUT ACCEPT 4 FORWARD ACCEPT 0 OUTPUT ACCEPT 0 Host Tables Static Routes Figure 7 14 Expert Network Firewall Configuration You can use the Firewall Configuration form to enable a firewall on the console server You can define rules to allow or disallow packets and configure filtering of packets that are sent and received through console server Packet filtering relies on defined chains and rules See Packet Filtering on page 6 for details Each entry in the list on the Firewall Configuration form represents a chain with a set of rules By default the list has three built in chains as shown in the previous figure The chains accept all INPUT FORWARD and OUTPUT packets You can use the Edit Delete Add and Edit Rules buttons on the form to perform the following to
45. on the Connect form a Java applet viewer appears running an SSH session on the console server A Java applet displays when you connect to the console server The IP address of the console server is followed by the session type The following table describes the available buttons in the Java applet Table 3 2 Java Applet Buttons for Connecting to the Console Server Button Purpose SendBreak To send a break to the terminal Disconnect To disconnect from the Java applet gt Select the left icon to reconnect to the server or device or select the right icon to end BE the session and disconnect from the Java applet Connect to serial ports The list of serial ports includes the port names or administrator defined aliases only for ports you have permission to access Port access requirements When you connect to a serial port to access a server or another device access rights to the specific serial port on the console server is required NOTE If an authentication server is setup in your network an authentication method and the related parameters should be setup to allow access to the connected devices When you select a port from the Serial pull down list and click the Connect button a Java applet viewer appears The Connected to message in a gray area at the top of the screen shows the IP address of the console server followed by the TCP port number 26 Cyclades ACS Advanced Console Server Installation Administration Us
46. page 119 Data Buffering Under Ports Physical Ports in Expert Mode after you select one or more serial ports and click the Modify Port s you can select the Data Buffering form from the tabbed menu The Data Buffering form appears There are different fields on this form depending on whether one or both options are enabled The form displays Enable Data Buffering and Buffer to Syslog options If Enable Data Buffering is active the form displays different fields depending on whether Local or Remote are selected from the Destination menu General Access Data Buffering MultiUser Power Management Other Y Enable Data Buffering Buffer to Syslog Destination Local Mode Circular v File Size Bytes Record the timestamp in the data buffering file Buffering data only when nobody is connected to the port Timeout Hostname Discovery seconds Show Menu Show all options Ronchi Done Figure 9 3 Ports Physical Ports Data Buffering Enabled If Buffer to Syslog is checked data buffer files are sent to the syslog server NOTE Go to Wizard Step 5 System Log or Expert Network Syslog to set up a syslog server The following figure shows both checkboxes Enable Data Buffering and Buffer to Syslog and the Local destination selected Chapter 9 Ports Menu and Forms 143 The following table describes the fields available in the data buffering
47. port unreachable ICMP port unreachable alias icmp proto unreachable ICMP protocol unreachable alias icmp net prohibited ICMP network prohibited alias icmp host prohibited ICMP host prohibited alias echo reply Echo reply alias tcp reset TCP RST packet alias NOTE The packets are matched using tcp flags and appropriate reject type with the REJECT target Firewall configuration procedures The following sections describe the procedures for defining packet filtering To add a chain 1 Go to Network Firewall Configuration 2 Click Add The Add Chain dialog box appears 3 Enter the name of the chain to be added in the Name field 4 Click OK The name of the new chain appears in the list NOTE Spaces are not allowed in the chain name 5 Add one or more rules to finish as described in To add a rule on page 107 To edit a chain Perform this procedure if you wish to change the policy for a default chain NOTE User defined chains cannot be edited If you wish to rename a chain you added delete it and create a new one 1 Go to Network Firewall Configuration Chapter 7 Network Menu and Forms 107 2 Select one of the default chains from Chain list and then click the Edit button NOTE User defined chains cannot be edited If you select one of the default chains the Edit Chain dialog box appears Ohttps 192 168 48 11 Edit Chain Cancel Name FORWARD Policy ACCEPT ha 192 168 48
48. ports are disabled by default allowing the administrator to enable and assign individual ports to users Cyclades ACS Advanced Console Server Installation Administration User Guide NOTE The Default security profile parameters are the same as the Moderate profile Authentication The ACS console server supports a number of authentication methods to assist the administrator with user management Authentication can be performed locally or with a remote server such as RADIUS TACACS LDAP or Kerberos An authentication security fallback mechanism is also employed should the negotiation process with the authentication server fail In such situations the console server follows an alternate defined rule when the authentication server cannot authenticate the user The following table lists the supported authentication methods Table 1 2 Authentication Methods Supported Authentication Type Definition None No authentication DSView Authentication is performed with a DSView 3 server DSView Local DSView management software authentication is tried first then Local DSViewDownLocal Local authentication is performed only if the DSView 3 server is down Kerberos Authentication is performed using a Kerberos server Kerberos Local Kerberos authentication is tried first switching to Local if unsuccessful KerberosDownLocal Local authentication is performed only when the Kerberos server is down LDAP Auth
49. serial port number Displays the name alias for the serial port if one is assigned by Alias the administrator RS232 Signal Status Serial Communication Signal Status Current User s Displays the user s connected to each serial port Ports Statistics Selecting Ports Port Statistics in Expert mode displays the following read only form Refresh PortAlias Baud RateTx bytes Rx bytes Frame Parity PM 9600 1043 7276 0 Thinkpad 9600 67282 461 Telnet 9600 13782 9600 9600 9600 9600 9600 9600 9600 9600 9600 9600 9600 9600 9600 1 2 3 4 5 6 ri 8 9 Figure 9 12 Ports Port Statistics Read Only The following information is available in the Ports Statistics read only form All users have access to this form The information on this page gets updated when you click the Refresh button Table 9 14 Expert Ports Port Status Read Only Form Column Name Description Port The serial port number Alias Displays the name alias for the serial port if one is assigned by the administrator Baud Rate The measure of how fast data is moving between devices Tx Bytes Data transmitted Chapter 9 Ports Menu and Forms 157 Table 9 14 Expert Ports Port Status Read Only Form Continued Column Name Description Rx Bytes Data received Frame A formatted packet of data usually associated with the Data Link layer Parity Error checking bit appended to a da
50. the Group pull down menu Optional Select a shell from the Shell pull down menu Optional Enter information as desired about the user s role or responsibilities Click OK Click apply changes RN ANNE AND Chapter 8 Security Menu and Forms 115 To delete a user or group l 2 3 4 Go to Security Users and Groups The Users and Groups form displays Select the name of a user or group to delete Click Delete Click apply changes To change a user s password gens pa Go to Security Users and Groups The Users and Groups form displays Select the name of the user whose password you wish to change Click Change Password The Change User Password dialog box displays Enter the new password in the New Password field and enter it again in the Repeat New Password field Click OK Click apply changes To add a group Oy ae RC Ra T Go to Security Users and Groups The Users and Groups form displays Under the list of groups click Add The Add Group dialog box displays Enter the name for the new group in the Group Name field Enter one username or multiple comma separated usernames in the Users field Click OK Click apply changes To modify a group DDr Go to Security Users and Groups The Users and Groups form displays Select the name of a group to modify Click Edit The Edit Group form displays Add or delete users from the group as desired Click OK Click apply changes 116 C
51. the buzzer sounds or both for IPDUs equipped with temperature sensors only Clear Max Button to reset the maximum detected current value Detected Current Clear Max Button to reset the maximum detected temperature value Detected Temperature To view and reset IPDU information 1 Select Applications IPDU Power Mgmt View IPDUs Info The View IPDUs Info screen appears 2 To clear the stored values click the Clear Max Detected Current button or the Clear Max Detected Temperature button Applications IPDU Power Mgmt Configuration An administrator can select Expert Applications IPDU Power Mgmt Configuration to configure each configured IPDU NOTE The operating parameters may differ depending on the make and model of IPDU Outlets Manager Outlet Groups Ctrl View IPDUs Info Configuration Software Upgrade Chapter 6 Applications ID ISA serlal port 5 ID 5A V Enable Syslog Enable Buzzer Default Voltage 127 V Enable Over Current Protection Current Threshold Max A ho Model Cyclades PM81 10A Polling Rate 20000 ms Power Factor Figure 6 7 Expert Applications IPDU Power Mgmt Configuration Table 6 5 IPDU Power Mgmt Configuration Description Shown Element Type Description ID Heading Static heading shows current IPDU name and port assignment Model Heading Shows the make and model of IPDU at the designated port ID Text
52. the form shown in the following figure https 192 168 48 11 New Modify Route Mozilla Fire la x Apply Cancel Route Default x Go to Gateway fea Metric a Done 192 168 4811 9 Figure 7 29 Expert Static Routes Add and Edit Dialog Boxes Default Route The example shows the fields and menus that appear when the Default route type is selected from the Route pull down menu The following figure shows the fields and menus that appear when the Network route type is selected from the Route pull down menu 110 Cyclades ACS Advanced Console Server Installation Administration User Guide Onhttps 192 168 48 11 New Modify Route Mozi 0 x Apply Cancel Route Network E Network IP Network Mask Go to Gateway g Metric Eoo E Done 192 168 48 11 9 4 Figure 7 30 Expert Static Routes Add and Edit Dialog Boxes Network Route The following figure shows the fields and menus that appear when the Host route type is selected from the Route pull down menu https 192 168 48 11 New Modify Route Moz lol x Apply Cancel Route Host IP Go to Gateway 5 Metric J N w Done 192 168 48 1 5 Figure 7 31 Expert Static Routes Add and Edit Dialog Boxes Host Route The following table describes the fields that appear when you select a routing type from the New
53. use facility numbers to isolate logs from individual devices into individual files Options range from Localo to Local7 Syslog Buffer Size Maximum size of the buffer in the Syslog server Buffer SysLog at all As indicated times Buffer SysLog only when As indicated no user is connected to the port Hostname Discovery Check to enable the console server to attempt to discover the hostname of the server connected to the serial port Timeout seconds Amount of time in seconds that the console server will try to discover the hostname If it cannot be identified in that time a default name will be assumed Show Menu Choose from the following options to select what will be shown when connected to the serial port to see or work with the data buffering Show all options No Show data buffering file only Show without the erase options or Show and erase data buffering file 144 Cyclades ACS Advanced Console Server Installation Administration User Guide To configure data buffering for serial ports Perform this procedure if you wish to configure data buffering Obtain the facility number for the console server from the system administrator of the syslog server Options range from Local0 to Local7 1 Go to Ports Physical Ports in Expert mode and select a port or ports to modify 2 Select the Data Buffering tab The Data Buffering form displays 3 Select Enable Data Buffering 4 From the Destinat
54. username and password 24 Cyclades ACS Advanced Console Server Installation Administration User Guide Features of Regular User Forms The following figure shows features of the Web Manager when regular users log in 1 2 IPDU Power Mgmt Security Connect to ACS32 Serial 01 9F 52P01 Figure 3 1 Regular User Form NOTE The form area changes according to which menu option is selected Table 3 1 Description of Regular User Web Interface Number Description 1 Form area 2 Console server information area and logout button This area contains the following information logout button Press logout to exit the current session The login screen is displayed Host Name Displays the console server s hostname selected by the administrator IP Address Displays the console server s current IP address Model The model number of the console server 3 Side navigation menu Select one of the options to change the content in the form area For regular users the choices are Connect IPDU Power Mgmt and Security Connect When you select the Connect option the form displayed will allow you to connect to the console server or to serial ports Chapter 3 Web Manager for Regular Users 25 Permission to access a port or perform power management is granted by the administrator when your user account is created Connect to the console server When you click the Connect to ACS radio button
55. 15 Console server serial port pin out information The following table provides the serial port pin out information for the ACS console server Table 2 1 ACS Console Server Serial Port Pin out PE ESS a ee Pin No Signal Name Input Output 1 RTS OUT 2 DTR OUT 3 TxD OUT 4 GND 5 CTS IN 6 RxD IN 7 DCD IN 8 DSR IN Powering up the console server and the connected devices Perform the following procedures in the order shown to avoid problems with components on connected devices To turn on the console server when using AC powered units 1 Make sure the console server s power switch is off 2 Plug in the power cable 3 Turn the console server s power switch es on To turn on the console server when using DC powered units 1 Make sure the console server s power switch is off and the DC power wires are not connected to the DC power source Remove the protective cover from the terminal block Attach the earth ground line to the labeled ground screw Attach the OV line to the labeled return screw Attach the 48V line to the labeled 48V screw Reattach the protective cover an D Attach the DC power wires to the DC power source and then turn the console server s power switch es on NOTE If your console server model is equipped with dual power supplies make sure you turn both power switches on After system initialization abeep sound may warn if one of the power supplies is off
56. 4 form will be displayed 2 If configuring IPv4 using DHCP is desired click the DHCP checkbox NOTE If DHCP is enabled all other fields on the form will not be displayed 3 Under Ethernet Port complete or edit the following fields as necessary a Enter the IP address of the console server in the Primary Address field b Enter the netmask in the Network Mask field c Enter the address of the secondary console server in the Secondary Address field if used d Specify the network mask of the secondary IP in the Secondary Network Mask field e Specify the desired maximum transmission unit in the Maximum Transmission Unit field 4 When finished click apply changes To configure IPv6 protocol 1 If IPv6 is enabled tab is active select the JPv6 tab The IPv6 form will be displayed 2 From the DHCPv6 pull down menu select none DNS Domain or DNS Domain If DHCP is selected then the DHCP options will define the address configuration information is retrieved from the DHCPv6 server DHCP options are e none only the IP address will be retrieved e DNS the DNS address will be retrieved from the DHCPV6 server e Domain the domain path will be retrieved from the DHCPV6 server e DNS Domain both DNS server and domain path will be retrieved from the DHCPv6 server NOTE If either DNS or DNS Domain is selected DNS Service and its associated fields will not be displayed 3 Under Ethernet Port complete or edit the following fi
57. 45 http 38 125 http redirection to https 38 125 https 38 125 ICMP 38 126 ICMP protocol 8 IDE 168 IDE hard disk 83 IDE timeout 150 info view IPDUs 28 60 input interface 7 104 installation procedures basic 13 installing PCMCIA cards 21 inverted checkbox 102 IP local 84 153 remote 84 153 IP alias port 150 IP filtering structure of 6 IPaddress default 21 IPDU power mgmt 56 IPDUs info view 60 view information 60 IPDUs info view 28 IPMI key 147 IPMI server 147 IPsec 38 126 IPv4 configuration 80 disabling 75 enabling 75 IPv6 configuration 80 disabling 75 enabling 75 Ethernet interfaces 78 PPP interfaces 78 serial interfaces 78 ISDN 2 ISDN PCMCIA cards configuring 85 J JCPU 116 K keep alive interval TCP 150 Kerberos 4 122 140 Kerberos local 4 118 140 Kerberosdownlocal 4 118 140 key IPMI 147 key power management 147 key RSA 93 L LDAP 4 140 LDAP local 4 118 140 LDAPdownlocal 4 118 140 local destination 143 local IP 84 153 local port number 153 local TCP port number 153 local terminal 134 local NIS 4 118 141 local radius 4 118 141 local TACACS 4 118 141 log level 105 log prefix 105 logging into the web manager 33 logging to syslog servers prerequisites for 8 login banner 150 logins configuring authentication for ACS 117 management information base MIB 95 163 management IPDU power 56 Index 189 mapping Expert mode menus and forms 55
58. 7022 fProliant2 192 168 48 12 7023 Ciscosooo 192 1684812 7024 Remote IP 192 168 48 11 192 168 48 11 192 168 48 11 192 168 48 11 192 168 48 11 192 168 48 11 192 168 48 11 192 168 48 11 Remote Protocol TCP Port 7001 7002 7003 7004 7005 7006 7007 7008 SSH SSH SSH SSH SSH SSH SSH SSH B Internet Chapter 9 Ports Menu and Forms Figure 9 10 Ports Virtual Ports New Modify Port Names Dialog box 155 Use this form to assign a name or alias to the Slave ports in the cluster Use a naming convention for effective management of the console server and the connected devices on your network Ports Status Selecting Ports Port Status in Expert mode displays the following read only form which displays tabular serial port status information Port Alias oNN AUN Refresh RS232 Signal Status PM RTS CTS DCD DTR RTSDTR RTS DTR RTS DTR RTSDTR RTS DTR RTSDTR RTS DTR RTS DTR RTS DTR RTSDTR RTSDTR RTS DTR RTS DTR RTS DTR RTS DTR Current User s Figure 9 11 Ports Ports Status Read Only 156 Cyclades ACS Advanced Console Server Installation Administration User Guide The information in the following table is available in the Ports Status read only form All users have access to this form The information on this page gets updated when you click the Refresh button Table 9 13 Expert Port Status Read Only Form Column Name Description Port The
59. A KARA CONFIGURATION WIZARD rk K K k k IO RO k k k k k k k k k k k ROR k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k kA INSTRUCTIONS for using the Wizard You can 1 Enter the appropriate information for your system and press ENTER or 2 Press ENTER if you are satisfied with the value within the brackets and want to go on to the next parameter or 3 Press ESC if you want to exit NOTE For some parameters if there is nothing within the brackets it will continue to ask for a value In that case you must enter a valid value or if you do not wish to configure the value Press ENTER to continue Figure 2 2 Configuration Wizard Screen At the prompt press Enter to view the default settings At the prompt enter n to change the defaults Set to defaults y n n n Press Enter to accept the default hostname or enter your own hostname and then press Enter Hostname CAS lt hostname server name gt The IP version Configuration form is displayed Select the IP version you wish to run and press Enter Choices are IPv4 enabled 0 IPv6 enabled 1 or Dual Stack 2 NOTE Depending on which IP configuration you choose the Wizard will direct you to the appropriate form To configure for IPv4 protocol 1 If you have typed 0 or 2 for IP version configuration the IPv4 Configuration form will appear and give you the choice to use DHCP to assign an IP address for your system Default is Y Pre
60. Done 192 168 48 1 9 Figure 7 20 Expert Firewall Configuration Add Rule and Edit Rule Dialog Boxes 102 Cyclades ACS Advanced Console Server Installation Administration User Guide Inverted checkboxes If the Inverted checkbox is enabled for the corresponding option the target action is performed on packets that do not match any of the criteria specified in that line For example you select DROP as the target action from the Target pull down list check Inverted on the line with the Source IP and do not specify any other criteria in the rule any packets arriving from any other source IP address than the one specified are dropped Target pull down menu options The Target pull down menu shows the action to be performed on an IP packet that matches all the criteria specified in a rule The kernel can be configured to ACCEPT DROP RETURN LOG or REJECT the packet by sending a message translating the source or the destination IP address or sending the packet to another user defined chain Source or destination IP and mask If you add a value in the Source IP field incoming packets are filtered for the specified IP address and if you add a value in the Destination IP field outgoing packets are filtered for the specified IP address A value in the Mask field means incoming or outgoing packets are filtered for IP addresses from the network in the specified subnet Protocol You can select a protocol for filtering Fields that
61. Expert Ports Physical Ports Microsoft Internet Explorer x t The current protocol is incompatible with the Security Profile chosen pan Figure 8 10 Serial Ports Protocol Incompatibility Dialog Box To select or configure a security profile The following procedure assumes you have installed a new console server at your site or you have reset the unit to factory default 1 Enter the assigned IP address of the console server in your browser and log in as an administrator Review the Security Advisory and click the Close button 3 The Web Manager is redirected to Wizard Step 1 Security Profile Select a pre defined Security Profile by pressing one of the Secure Moderate Open or Default profiles or create a Custom profile The following dialog box appears when you select the Custom profile 128 Cyclades ACS Advanced Console Server Installation Administration User Guide 7 https 192 168 48 11 Custom Profile Microsoft Interne OK Cancel M Telnet SNMP D IPSec O FTP M RPC M ICMP SSH SSH Options M SSH 1 SSH port 22 M SSH v2 W allow root access Web Access HTTP amp HTTPS Options M HTTP HTTP port 80 l HTTP redirects to HTTPS M HTTPS HTTPS port 443 Access to Serial Ports M allow SSH to Serial Ports M allow Telnet to Serial Ports M allow Raw connection to Serial Ports M allow Bidirect connection to Serial Ports I require Authentication to access Serial Ports ff
62. For ACS 16 NEBS and ACS 32 NEBS models with single or dual DC power supplies you must use shielded cables when connecting devices to all ports Shielded cables are required to comply with NEBS Level 3 certification on these models In addition to meet RoHS requirements a ferrite bead with equal or better impedance than TDK ZCAT2436 1330 must be installed on the Ethernet cable near the console server s Ethernet port Making a direct connection to configure the network parameters On your Windows workstation ensure that a terminal emulation program is installed On servers running a UNIX based operating system such as Solaris or Linux make sure that a compatible terminal emulator such as Kermit or Minicom is installed To connect to the console port You can use a CATS straight through cable with RJ 45 connectors and the appropriate adaptor provided in the product box to assemble a console cable All adaptors have an RJ 45 connector on one end and either a DB25 or DB9 male or female connector on the other end Connect the RJ 45 end of the cable to the port labeled Console on the console server Connect the adaptor end of the cable to the console port of your server or device 3 Open your terminal emulation program start a connection session select an available COM port and enter the following console parameters e Bits per second 9600 bps e Data bits 8 e Parity None e Stop bit 1 Flow control None Chapter 2 Installation
63. IPv6 AliasServer Delete Figure 7 27 Expert Network Host Tables To define the console server s IP address and hostname 1 Go to Network Host Tables The Host Tables form appears 2 To edit a host select the host IP address from the list and click the Edit button 3 To adda host click the Add button The host table dialog box appears 4 Enter the new or modified host address in the IP Address field and the hostname in the Name field NOTE IPv6 must be enabled under Host Settings to add or edit IPv6 host addresses 5 Click OK 6 To delete a host select the host you wish to delete and click Delete 7 Click apply changes Chapter 7 Network Menu and Forms 109 Static Routes The Static Routes form allows you to add routes manually The Routing Table defines which interface should transmit an IP packet based on destination IP information Static routes are a quick and effective way to route data from one subnet to another NOTE IPv6 must be enabled under Host Settings for adding or editing IPv6 addressing Selecting Network Static Routes displays the form shown in the following figure Host Settings Syslog Destination IP Destination Mask Gateway Interface PCMCIA Management 192 168 48 1 VPN Connections SNMP Services Firewall Configuration Host Tables Figure 7 28 Expert Network Static Routes Clicking the Edit or Add buttons displays
64. Inverting an item negates the selected rules Rules will apply to everything except the selected options UDP protocol fields If UDP is selected as a protocol when specifying a rule the additional fields shown in the following figure appear at the bottom of the form Source Port to M Inverted UDP Options Section Destination Port to T Inverted Figure 7 22 Firewall Configuration Add Rule and Edit Rule UDP Protocol Fields The following table defines the fields in the UDP Options Section Table 7 15 UDP Options Field Definition Source Port A port number for filtering in the Source Port or Destination Port field A range of IP OR address can be specified by adding a second port number in the to field TCP Destination Port packets are filtered for for the range of specified IP addresses AND to Inverted By checking this box The UDP options are Inverted Inverting an item negates the selected rules Rules will apply to everything except the selected options 104 Cyclades ACS Advanced Console Server Installation Administration User Guide ICMP protocol fields If ICMP is selected as a protocol the ICMP Type pull down menu is displayed in the ICMP Options Section at the bottom of the Firewall Configuration form Select the ICMP type needed from the list Input interface output interface and fragments If an interface such as ethO or ethl is entered in the Input Interface field
65. Local IP The IP address for the master console server or it can be the global IP address of the cluster in the network First Local TCP Port No The first TCP port number for the Slave For example if the master unit has 16 ports the allocated TCP port numbers to the master are 7001 7016 The First Local TCP Port No is then 7017 This is a virtual TCP port number Remote IP The IP address of the Slave First Remote TCP Port Number The first TCP port number of the Slave The default is 7001 Protocol The communication protocol used by the Slave The options are Telnet or SSH Once you have configured the Slave console server and defined the cluster parameters the Slave serial ports and the connected devices are accessible from the master console server under Applications Connect Serial pull down menu 154 Cyclades ACS Advanced Console Server Installation Administration User Guide To Cluster Console Servers or Modify Cluster Configuration Use this procedure if you wish to cluster console servers and add or modify ports NOTE The console servers should be connected individually to an IP network The units should not be cascaded 1 Go to Ports Virtual Ports in Expert mode and click the Add button to add new Slave ports or click the Edit button to edit a Slave port The New Modify Port dialog box appears https 192 168 48 11 New Modify Port Mozilla Fire Number of
66. Local Local authentication is performed only when the LDAP server is down Local Authentication is performed locally For example using the etc passwd file Chapter 9 Ports Menu and Forms 141 Table 9 5 Expert Authentication Methods and Fallback Mechanisms Continued PE a a a Authentication Type Definition Local Radius Authentication is performed locally first switching to Radius if unsuccessful Local TACACS Authentication is performed locally first switching to TACACS if unsuccessful Local NIS Authentication is performed locally first switching to NIS if unsuccessful NIS NIS authentication is performed NIS Local NIS authentication is tried first switching to Local if unsuccessful NISDownLocal Local authentication is performed only when the NIS server is down Radius Authentication is performed using a Radius authentication server Radius Local Radius authentication is tried first switching to Local if unsuccessful RadiusDownLocal Local authentication is performed only when the Radius server is down TACACS Authentication is performed using a TACACS authentication server TACACS Local TACACS authentication is tried first switching to Local if unsuccessful TACACS DownLocal Local authentication is tried only when the TACACS server is down To configure a serial port login authentication method This procedure configures an authentication met
67. Modify Route dialog boxes Table 7 19 Routing Type Fields in the New Modify Route Dialog Box Field or Menu Name Definition Route Choices are Default Network or Host Network IP Appears only when Network route is selected Type the IP address of the destination network NOTE IPv6 must be enabled before IPv6 addresses are allowed Chapter 7 Network Menu and Forms 111 Table 7 19 Routing Type Fields in the New Modify Route Dialog Box Continued Field or Menu Name Definition Network mask Appears only when Network route is selected Type the netmask of the destination network Host IP Appears only when Host route is selected Type the IP address of the destination host Go to Choices are Gateway or Interface Adjacent field Type the IP address of the gateway or the name of the interface Metric Type the number of hops to the destination To configure static routes Expert 1 Select Network Static Routes The Static Routes form displays To edit a static route select a route from the Static Routes list and then select the Edit button OT To add a static route select the Add button from the form The system invokes the New Modify Route dialog box Choose Default Network or Host from the Route pull down menu If you selected Network perform the following steps a Enter the IP address of the destination network in the Network IP field b Enter the netmask of the destinati
68. NMP RPC ICMP SSH and Raw connections to the Serial Ports Authentication to access serial ports is not required Default security profile See the following tables for the list of enabled services when the Default security profile is used Custom security profile The Custom security profile opens up a dialog box to allow custom configuration of individual protocols or services NOTE By default a number of protocols and services are enabled in the Custom profile however they are configurable to a user s requirements 38 Cyclades ACS Advanced Console Server Installation Administration User Guide The following tables illustrate the properties for each of the security profiles The enabled services in each profile are designated with a check mark Table 5 1 Wizard Serial Port Enabled Services for Each Security Profile Access to console server Secure Moderate Open Default Telnet V sshv1 v V v sshv2 v v vV v Allow SSH root access v v v HTTP vV v vV HTTPS v vV v vV HTTP redirection to HTTPS v V Table 5 2 Wizard Serial Port Enabled Services for Each Security Profile Access to Serial Ports Secure Moderate Open Default Console Telnet v V v Console ssh v v v vV Console Raw v V v Serial Port Authentication vA Bidirect Dynamic Mode Support v v V Table 5 3 Wizard Enabled Protocols for Each Security Profile Other Services Secure Moderate Open Default
69. ON 2 Avocent Cyclades ACS Installation Administration User Guide FCC Warning Statement The Cyclades ACS advanced console server has been tested and found to comply with the limits for Class A digital devices pursuant to Part 15 of the FCC rules These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the Installation and Service Manual may cause harmful interference to radio communications Operation of this equipment in a residential area is likely to cause harmful interference in which case the user is required to correct the problem at his or her own expense Notice about FCC Compliance for All Cyclades ACS Advanced Console Server Models To comply with FCC standards the Cyclades ACS advanced console server requires the use of a shielded CAT 5 cable for all interface ports Notice that this cable is not supplied with either of the products and must be provided by the customer Canadian DOC Notice The Cyclades ACS advanced console server does not exceed the Class A limits for radio noise emissions from digital apparatus set out in the Radio Interference Regulations of the Canadian Department of Communications L Cyclades ACS advanced console server n mete pas de bruits radio lectriques d passant le
70. P servers e Sending data to data buffering servers e Access to NTP server e FTP for configuration backup FTP for firmware upgrade NOTE Virtual ports virtualization are not supported by IPv6 To configure host settings Expert from the General form 1 Go to Network Host Settings The Host Settings General form appears 2 Select Dual Stack IPv4 or IPv6 from the Mode pull down menu NOTE If Dual Stack is selected both the IPv4 and IPv6 tabs will remain active and will run concurrently Selecting Pv4 will disable the IPv6 tab and selecting Pv6 will disable the IPv4 tab in the Host Settings form 3 Enter the name assigned to the IP address of the console server in the Host Name field Enter a console banner in the Console Banner field Enter the Primary DNS Server IP address Enter the Secondary DNS Server IP address if used Enter the domain in the Domain Name field C0 Oy Oe EB To enable Bonding optional click Enabled If Bonding is not desired leave Enabled unchecked and go to Step 10 NOTE If Bonding is enabled you may have to scroll down to see additional entries for Miimon and Updelay 9 If you enabled Bonding check the values for Miimon and Updelay and change them if necessary 10 When finished click apply changes 80 Cyclades ACS Advanced Console Server Installation Administration User Guide To configure IPv4 protocol 1 If IPv4 is enabled tab is active select the JPv4 tab The IPv
71. Physical Ports Factory Settings 2u22u022400ne2seennennenneennennnennanen 39 Figure 5 2 Wizard Step 1 Security Profile Form unesscesserseeseensnesnensnesnennennnensennennnnnsnensonn 40 Figure 5 3 Custom Security Profile Dialog Box 22022u022unseennensennnensnennennnennennenennnensennnnn 41 Figure 5 4 Wizard Step 2 Network Settings DHCP Disabled 22202224220eneenneesnensenen 42 Figure 5 5 Wizard Step 2 Network Settings DHCP Enabled 2u2220222022eeneenseesnennennn 42 Figure 5 6 Wizard Step 3 Port Profile uuuuu22uessenseesnensensnensnesnennnennernnennennnennnnnennnnnnnensonen 43 Figure 5 7 Wiz rd Step 42 ACCESS n sunshine nie nennen 45 Figure 5 8 Wizard Step 4 Access Add User Dialog Box ursuerserseesnernnesnennennennnennnennen en 45 Figure 5 9 Wizard Step 4 Change Password Dialog Box 2u2un22nesnnesnernnennennennnennnennenn 46 Figure 5 10 Wizard Step 5 Data Buffering Local uurseeserseesnensnesnesnnesnnennennennnensnnnnnnn 48 Figure 5 11 Wizard Step 5 Data Buffering Remote userseerserseesnesnnesnnennennernnenennnnnnn 48 Figure 5 12 Wizard Step 6 System Log u uuusserseensersnennonsnesnnesnennnennennernnennennnennonnnnnnnnsnensan en 50 Figure 6 1 Expert Mode Screen Elements uu22u0220002essuennensensnensnennensnennennnennnennenernnensensnnnn 54 Figure 6 2 Expert SSH se
72. SNMP v RPC vV ICMP v v vV FTP IPSec Chapter 5 Configuring the ACS Console Server in Wizard Mode 39 The first step to configure your ACS console server is to select a security profile One of the following situations is applicable when you boot the console server The ACS console server is starting for the first time or after a reset to factory default In this situation when you boot the console server and log in as an administrator to the Web Manager a security warning dialog box appears The Web Manager is redirected to Step 1 Security Profile in the Wizard mode Further navigation to other sections of the Web Manager is not possible without selecting or configuring a security profile Once you select or configure a security profile and apply the changes the console server Web Manager restarts for the security configuration to take effect The console server firmware is upgraded and the system is restarting with the new firmware In this situation the console server was already in use and certain configuration parameters were saved in the Flash memory In this case the console server automatically retrieves the Custom Security Profile parameters saved in the Flash memory and behaves as it was a normal reboot The console server is restarting normally In this situation the console server detects the pre defined security profile You can continue working in the Web Manager Serial port settings and security profiles All ser
73. Server Installation Administration User Guide To configure a serial port connection protocol for a Bidirectional Telnet The following procedure assumes that the selected serial port is physically connected to a terminal For more information on Bidirectional Telnet connection protocol see Bidirectional Telnet protocol on page 134 1 Go to Ports Physical Ports in Expert mode select a port or ports to modify click the appropriate Modify Ports button The General form appears Click the General tab The General form appears with the number s of the selected port s next to the Done button at the bottom of the form and the active tabs are yellow To change the connection protocol select Bidirectional Telnet from the Connection Protocol pull down menu If you wish to change any of the other current settings see To configure serial port settings to match the connected devices on page 138 Go to the Access tab and configure the following settings a Inthe Authorized Users Groups field restrict or deny access to a serial port by specifying one or more users or groups b From the Type pull down menu select an authentication type for the serial port The default is no authentication Type None c Inthe BidirectionLogin Timeout field enter the time for the serial port to return to idle state When the user name is not entered in the terminal window after the login banner is displayed the serial port returns to an idle state The de
74. T Full Duplex Fast Ethernet Max Interrupt Events The maximum number of packets that the CPU handles before an interrupt 0 is the default To configure the console server boot 1 form displays Go to Administration Boot Configuration in Expert mode The Boot Configuration Enter the IP address of the console server in the IP Address assigned to Ethernet field Accept or change the selected option in the Watchdog Timer field Select Flash or Network from the Unit boot from menu 168 Cyclades ACS Advanced Console Server Installation Administration User Guide 5 Select TFTP BootP or Both from the Boot Type menu if you have selected Network from the Unit boot from in step 4 6 Accept or change the filename of the boot program in the Boot File Name field 7 If specifying network boot perform the following steps a Enter the IP address of the TFTP or BootP server in the Server s IP Address field b Select a console speed from the Console Speed pull down menu to match the speed of the terminal you are using on the console port of the console server c Select Skip or Full from the Flash Test pull down menu to bypass or run a test on the Flash memory at boot time d Select Skip Quick or Full from the RAM Test pull down menu to bypass or run a test on the RAM at boot time e Choose an Ethernet speed from the Fast Ethernet pull down menu Specify the maximum number of packets that the CPU handles before an
75. Telecordia Dokument GR 63 CORE Physikalischer Schutz betreffend der Raum und Umgebungsbedingungen sowie GR 1089 CORE Elektromagnetische Kompatibilit t und Elektrische sowie Sicherheitsanforderungen Anmerkung Bitte NEBS konforme abgeschirmte Kabel zum Anschluss von Ger ten an alle Ports verwenden Vorsicht Bitte alle Sicherheitsvorschriften des Vermittlungsamtes bei Anschluss und Abstecken der Alterpath ACS Stromversorgung von der Gleichstromquelle einhalten Um die NEBS Anforderungen zu erf llen bitte sicherstellen dass sich die Umgebungsbedingungen des Einsatzortes innerhalb der Grenzen der NEBS Spezifikation bewegen Working inside the console server Do not attempt to service the console server yourself except when following instructions from Cyclades Technical Support personnel In the latter case first take the following precautions 1 Turn the console server off 2 Ground yourself by touching an unpainted metal surface on the back of the equipment before touching anything inside the unit Electrostatic Discharge ESD Precautions When handling any electronic component or assembly you must observe the following antistatic precautions to prevent damage e Always wear a grounded wrist strap when working around printed circuit boards e Treat all assemblies components and interface connections as static sensitive e Avoid working in carpeted areas and e Keep body movement to a minimum while removing or installing b
76. a bits used by the Options range from 5 8 devices connected to all ports Stop Bits 1 Default Must match the number of stop bits used by the Options are either 1 or 2 devices connected to all ports Authentication Check for enabled If the Authentication Required is enabled user Required Unchecked for disabled Default authentication is enforced using the local passwd database To specify other authentication methods such as RADIUS TACACS LDAP Kerberos or NIS go to Expert mode and select Security Authentication Expert mode provides additional options for custom configuration of serial ports such as assigning an alias to a serial port specifying individual parameters to the serial ports or groups of serial ports or using any of several other connection protocols To set parameters for all serial ports This step configures all serial ports with the same values Use this form if all the devices connected to the serial ports on the console server can run using the same connection protocol with the same speed Also make sure the values you specify here are the same as those in effect on the connected devices If the connected devices require different connection protocols and speed configure individual settings in Expert mode Ports Physical Ports Change network parameters as needed 2 To change whether authentication is required check the Authentication Required checkbox to enable or leave it unchecked to disable
77. a trigger for email notification for serial ports 1 O OO N NE 92 Go to Administration Notifications in Expert mode and select Email from the pull down menu If desired enable Notification Alarm for Data Buffering for an alarm to sound when the trigger action occurs and click either Add or Edit The Notifications Entry dialog box displays Specify the event you wish to trigger a notification in the Alarm Trigger field If you need to edit an existing notification select it from the pull down list and proceed Enter or change the recipient for the notification email in the To field Enter or change the sender email address in the From field Enter or change the subject in the Subject field Enter or edit the text message in the Body field Enter or change the SMTP server s IP address in the SMTP Server field Enter or change the SMTP port number in the SMTP Port field 10 Click OK 11 Click apply changes 162 Cyclades ACS Advanced Console Server Installation Administration User Guide Pager notifications entry When you go to Administration Notifications select Pager from the pull down menu and click on Add or Edit button the Pager Notifications Add Edit dialog box displays The following table describes the available fields in the pager notification entry dialog box Table 10 4 Pager Notification Add Edit Dialog Box Fields Field Name Definition Alarm Trigger The trigger expression used to generate an ala
78. ab The Access form appears To restrict access to one or more users or to a group of users enter previously defined user or group names in the Authorized Users Groups field with names separated by commas 4 To deny access to one or more users or groups preface the user or group names with an exclamation point 5 Click Done 6 Click apply changes Authentication methods and fallback mechanism The following table provides a brief description of the authentication methods When an authentication method is configured to be performed by an authentication server such as Kerberos LDAP RADIUS or TACACS the user can get access denial if either the authentication server is down or it does not authenticate An authentication fallback mechanism can be defined in case the first authentication level fails The following table describes the authentication methods and fallback mechanisms Table 9 5 Expert Authentication Methods and Fallback Mechanisms Authentication Type Definition None No authentication Kerberos Authentication is performed using a Kerberos server Kerberos Local Kerberos authentication is tried first switching to Local if unsuccessful KerberosDownLocal Local authentication is performed only when the Kerberos server is down LDAP Authentication is performed against an LDAP database using an LDAP server LDAP Local LDAP authentication is tried first switching to Local if unsuccessful LDAPDown
79. able If this happens the modem PC card will then be unable to answer subsequent calls To configure a modem PC card 1 Install the modem card and select Modem from the pull down menu on the PCMCIA Management form 2 To enable PPP perform the following steps a Check the PPP checkbox b The Local IP and the Remote IP fields and the Call Back checkbox appear on the Slot dialog box c Enter an IP address in the Local IP field if desired Chapter 7 Network Menu and Forms 85 NOTE By default the IP address of the console server is used Only change the IP address if you have a specific reason to do so d Inthe Remote IP field specify the IP address to assign to the other end of the PPP connection if desired NOTE By default the IP address 10 0 0 1 is assigned Only change the IP address if you have a specific reason to do so 3 To enable OTP authentication check the Authentication One Time Password Required checkbox 4 To enable call back perform the following a Check the Call Back checkbox The Phone Number field displays in the Slot dialog box b Enter a number to use to call back the modem 5 Click OK 6 Click apply changes Configuring an ISDN PC card You can use the PCMCIA Management form under Network to enable users to connect to the console server through an ISDN PC card When you select JSDN from the pull down menu the ISDN dialog box appears The following table provides a brief description o
80. able 9 10 Expert Power Management Form Fields Field Name Definition Enable Power Management on this Port Check mark to enable Power Management on the the selected port s Enable IPMI on this port Check mark to enable IPMI on the selected port s IPMI Key available only if IPMI is enabled The key sequence which the authorized user s can use to perform IPMI power management The default for IPMI power management is Ctrl Shift i Al IPMI Server available only if IPMI is enabled Select the device configured for IPMI power management PowerMgmt Port View listbox for the PM enabled ports and the assigned outlet numbers Power Management Key The key sequence which the authorized user s can use to perform power management The default for IPDU power management is Ctrl p p Allow All Users Radio button to allow all users to perform power management on the configured port Allow Users Groups Radio button to allow only selected users or groups to perform power management on the configured port New User Group available only if Allow Users Groups radio button is selected Entry field to add a new user group Allowed Users Groups available only if Allow Users Groups radio button is selected View list box of authorized users or groups Power management while connected to a port is possible only when one or both of the following conditions are true T
81. alog Box Fields u22u2222222222420nennesnennnennennnensnnnnensnennonsnennnnnnesnnennenennnenn 87 Table 7 9 CompactFlash Hard Drive Dialog Box Fields u02un0002suennenseensensnennensnennennennenn 88 Table 7 10 Wireless LAN Dialog Box Fields uusursurnersnesnnennesnnennernonnennonnnonnennnensne nennen 89 Table 7 11 CDMA Dialog Box Fields man ai 90 Table 7 12 Field and Menu Options for Configuring a VPN Connection 93 Table 7 13 Expert Fields and Menu Options for SNMP Configuration osooso 97 Table 7 14 Expert TCP Options Fields uuusunsueserseesnensessnennesnennnennernnenennnennennnnnnensnennan nn 103 Table 7 I5UDP Optionsia 2 22 eerkeluspn asien riesen le 103 Table 7 16 Expert Firewall Configuration Input Output Interface and Fragments Fields 104 Table 7 17 Expert Target LOG Options Selection Fields o on 105 Table 7 18 Reply Packet Names and Definitions 22u02202200220nsuennensnennersnesnnennesnnennennennnennnn 106 Table 7 19 Routing Type Fields in the New Modify Route Dialog Box uennenseeseenserneennenen 110 Table 8 1 Expert Add User Dialog Field Names and Definitions 114 Table 8 2 Expert Active Ports Sessions Information ruerseesnernsesneennesnernnennernnennennennnensnennen en 116 Table 8 3 Tasks for Setting up Authentication Servers ucncesersernnesnernnesnernnennennnennennannnonsnennann 118 Table 8 4 Enabled Services t
82. and turn power off and then on again for an entire group of outlets NOTE Outlet groups can be defined under PMD Configuration Outlet Groups 60 Cyclades ACS Advanced Console Server Installation Administration User Guide Outlets Manager Outlet Groups Ctrl View IPDUs Info Configuration Software Upgrade Group Name Group Ctrl Individual Outlets ipdu and Port PbRack01 Cycle i241 i2A port 2 92 i2A_2 2A port 2 92 i2A_3 i2A port 2 92 Figure 6 5 Expert Applications IPDU Power Mgmt Outlet Groups Ctrl The Cycle button only can be used to cycle the entire group of outlets when all the outlets are on The following table describes the information available from the Outlet Groups Ctrl form Table 6 3 Expert Outlet Groups Ctrl Information Form Heading Description Group Name IPDU Group name followed by the individual outlets belonging to that group Outlets Group Ctrl Group Ctrl shows status icons for defined group controls IPDU and Port IPDU and Port shown in parentheses are the IPDU ID number and the serial port to which it is connected on the console server Status icons under the Group Ctrl heading are active Individual Status Shows status icons passive for individual outlets within the group Applications IPDU Power Mgmt View IPDUs Info An administrator can select Expert Applications IPDU Power Mgmt View IPDUs Info to view information a
83. ards through a Generic Dial Out application For Configuration details refer to the Cyclades ACS Command Reference Guide Visit the Avocent web site at http www avocent com for a list of supported PC cards To configure a PC card Go to Network PCMCIA Management The PCMCIA Management form appears 2 Insert the card into the PC cardslot on the front of the console server and click the Insert button for the slot in which you installed the PC card 3 Click OK in the dialog box that displays NOTE You can insert a card at any time and the corresponding driver should load automatically Before removing a card you must use the Web Manager to eject the card and stop the system from using the card If you install an IDE PC card in a slot it automatically mounts and no configuration is necessary through this form The card information appears under the Card Type column as shown in the following figure PCMCIA Card Type Action no card Insert Eject Configure 3Com Megahertz 5746 B 001 insert Eject Configure Figure 7 6 PC Card Type by Slot 4 Click the Configure button 5 The Slot dialog box appears 6 Select the desired PC card type from the pull down menu 7 Follow the steps that correspond to the type of the PC card you have installed 84 Cyclades ACS Advanced Console Server Installation Administration User Guide Configuring a modem PC card You can use the PCMCIA Management form under Network to enable a rem
84. ata buffering to the output from the consoles in a Step 4 Access console log file The previous port specific parameters Step 5 Data Buffering will be discarded Step 6 System Log Enable Data Buffering M Destination Remote z NFSFiePpan S Record the timestamp in the data buffering file Show Menu Show all options v Figure 5 11 Wizard Step 5 Data Buffering Remote Chapter 5 Configuring the ACS Console Server in Wizard Mode 49 The following table provides description for each field whether local or remote destination is selected Table 5 6 Wizard Data Buffering Field Names and Definitions Field name Definition Destination Where the buffer files should be stored Local for example Flash or Remote on a server Mode For Local Destination Select Linear for sequential files or Circular for non sequential format Local data buffering stores data in circular or linear mode In circular mode data is written into the specified local data file until the upper limit on the file size is reached then the data is overwritten starting from the top of the file as additional data comes in Circular buffering requires the administrator to set up processes to examine the data during the timeframe before the data is overwritten by new data File Size Bytes For Local Destination Sets the value for this field to be greater than zero Record the timestamp If enabled the system inserts a timestam
85. bout each IPDU controlled by the console server The Clear Max Detected Current button resets the maximum detected current value The Clear Max Detected Temperature button resets the maximum detected temperature value Chapter 6 Applications 61 Outlets Manager OutletGroups Ctrl ViewIPDUs Into Configuration Software Upgrade ID ISA serial port 5 Model Cyclades PM8I 10A Number of Outlets 8 Over Current Protection OFF Number of Inlets 1 Syslog ON Software Version 1 9 0 Buzzer ON Polling Rate 30000 ms Default Voltage 127 V Power Factor 0 707070 Threshold Max 10 0 A Max Detected 0 4A Figure 6 6 IPDU Power Mgmt View IPDUs Info Table 6 4 Expert Applications Ipdu Power Mgmt View IPDUs Info Description Form Heading Description Example ID Either a default name or administrator configured ID appears i1A serial port 1 Model The model of supported IPDU connected to the console server Cyclades PM8 IPDU at the designated port SPC SPC8 Power Control Device Number of Outlets The number of outlets on the IPDU 8 Number of Inlets Total number of inlets available on the target IPDU 1 Syslog Whether syslogging has been configured for messages from ON when this IPDU syslogging is configured Buzzer Whether a buzzer has been configured to sound when a ON when the buzzer specified alarm threshold has reached is configured Software Version IPDU firmware version installed on this IPDU 1
86. c protocol options If you select Numeric as the protocol when specifying a rule you need to specify the desired number TCP protocol options If you select TCP as the protocol when specifying a rule you can define the following options Table 1 4 TCP Protocol Option Definitions Field Menu option Definition Source or Destination Port Specify a source or destination port number for filtering Specify a range to filter TCP packets for any port number within the range TCP Flags Specify any of the flags SYN synchronize ACK acknowledge FIN finish RST reset URG urgent PSH push and one of the Any Set or Unset conditions to filter TCP packets for the specified flag and selected condition UDP protocol options Select UDP options by selecting UDP as the protocol when selecting a rule Choose either the Source or Destination Port from the field as defined above 8 Cyclades ACS Advanced Console Server Installation Administration User Guide ICMP protocol options When you select ICMP as a protocol when specifying a rule you can select the ICMP options available on the display Target actions The Target is the action to be performed on an IP packet that matches all the criteria specified in a tule NOTE If the LOG and REJECT targets are selected additional options are available For detailed information on LOG target options see LOG target on page 104 For detailed information on REJECT target op
87. can access the Web Manager using either DHCP or the default IP address NOTE Accessing the Web Manager using either DHCP or the default IP address requires additional setup and configuration specific to your site s network configuration To use a dynamic IP address to access the Web Manager This procedure assumes that DHCP is enabled and that you are able to obtain the dynamic IP address currently assigned to the console server Mount the console server Connect servers and other devices to be managed through the console server Turn on the console server and connected devices Enter the console server s IP address in the browser s address field St Oe Sy Log in to the console server and finish configuring users and other settings using the Web Manager Chapter 2 Installation 21 To use the default IP address to access the Web Manager The default IP address for the console server is 192 168 160 10 This procedure assumes that you are able to temporarily change the IP address of a server located on the same subnet as the ACS console server 1 Ona server that resides on the same subnet as the console server change the network portion of the IP address of that server to 192 168 160 For the host portion of the IP address you can use any number except 10 0 or 255 2 Open a browser on the server with the changed address Enter the console server s default IP address http 192 168 160 10 to bring up the Web Manager a
88. ces This section provides a list of tasks that a Cyclades ACS advanced console server administrator can perform to enable access to connected devices Configuring access to connected devices During hardware installation of the console server the installer connects the servers devices and any IPDUs to the serial ports During software configuration the console server administrator performs the common tasks listed in the following table Table 1 5 Common Administrator Tasks for Configuring Software Task Where Documented To Configure a Serial Port Connection Protocol for a Console Connection Page 135 To Configure User Access to Serial Ports Page 140 ACS Console Server and Power Management Authorized users can turn on turn off and reboot devices that are plugged into one of the following types of power devices which can be optionally connected to any of the serial ports e Cyclades PM Intelligent Power Distribution Units IPDUs With Cyclades PM IPDUs up to 128 IPDU outlets can be daisy chained from a single serial port e Avocent SPC power control devices 10 Cyclades ACS Advanced Console Server Installation Administration User Guide e Server Technology Sentry family of Switched Cabinet Power Distribution Units CDUs and switched CDU Expansion Module CW CX power devices e Server Technology Sentry Power Tower XL PTXL and Power Tower Expansion Module PT XM power devices NOTE The term IPDU is used
89. ch a nese neh TEE EEEE EAEE E 50 Chapter 6 Applications 22 de ro Eiane aae da eeoa aaa Poea aa eieae Na ankaa iaae 53 Configuring the Console Server in Expert Mode rucrsersersnesnnennesnennonnnennnnnnensnenennesnnennennennnenn 53 Overview of menus and forms zuueseessersersensersennnesnesnnesnernnennnnnonnsnnnnnnnonsennensnennansnesnnennernnnnnnnn 53 Applications Menwand Forms erei a K o E as Ra sce dene eS 55 CONNECE EEE I Sieg dele E a aD Sicha I Taga Shed E apace 55 IPDU Bower Man gement an an nsaiaukense ER gbnslln ipeikuike heilen 56 Applications IPDU Power Mgmt Outlets Group Crtrl zcerseesersersnesnersnennnesnennennennnensnnnn 59 Applications IPDU Power Mgmt View IPDUs Info u 2cursueseersersnenersnennnesnennnennennnnnnenn 60 Applications IPDU Power Mgmt Configuration uuuuusseensenseesnensennnenseennennnesnennennennnenn 62 Applications IPDU Power Mgmt Software Upgrade esserseeserseesnerseesnennnesnnennennennenn 64 Expert Applications PMD Configuration uusssessessessernnensensonnnnnnnennonsennensonnesnennnennernnnnnn 65 Applications PMD Configuration General uuus02202usesseennensensnensnnsnensnennennnesnnnnnennennenn 65 Applications PMD Configuration Outlet Groups u2200200220ennensensnennensnennnennernennerennnnn 66 Applications PMD Configuration Users Management 67 Expert Applications Terminal Profile Menu
90. cify how to handle them Different fields appear on the dialog boxes depending on whether Email Pager or SNMP Trap notification have been selected from the Notifications form To choose a method for sending notifications for serial port data buffering events Go to Administration Notifications in Expert mode The Notifications form displays Enable Notification Alarm for Data Buffering by clicking the checkbox Select Email Pager or SNMP Trap from the pull down menu To create a new entry for an event to trigger an alarm or notification click the Add button Nr ID To edit a previously configured trigger click the Edit button Chapter 10 Administration Menu and Forms 161 Email Notifications Entry When you select Email from the pull down menu and click either the Add or Edit button the Email Notification dialog box is displayed The following table describes the available fields in the email notification entry dialog box Table 10 3 Email Notifications Dialog Box Fields Field Name Definition Alarm Trigger The trigger expression used to generate an alarm untitled dropdown field The first time you specify an alarm trigger the pull down menu is empty A new trigger gets listed in the menu after it is created To From Subject Body The email for the designated recipient of the alarm notification SMTP Server IP The IP address of the SMTP server SMTP Port The port used by the SMTP server To configure
91. cifying a Specific Port on Daisy chained IPDUs Method Description By name If the outlet has been assigned a name such as myoutlet entering myoutlet is sufficient and no other path name is needed By IPDU then outlet Entering IPDUB 3 will designate the same outlet By serial port then outlet If the outlet has been assigned a name such as myoutlet entering myoutlet is sufficient and no other path name is needed All three methods will designate the same outlet Note that when a specific IPDU is named in the chain the outlet number reverts to the IPDU specific outlet number 3 When only the serial port is used the IPDU chain is seen as a continuous series of outlets numbered accordingly Expert Applications Terminal Profile Menu An administrator can select Expert Applications Terminal Profile Menu to configure a terminal command menu This menu is used if a terminal is connected to one of the serial ports and the serial port is configured as a local terminal A connection to a serial port configured as a local terminal launches a session on the terminal with access to the Linux commands on the console unless you configure a menu here Menu title Menu Options Action Name Action Command Edit Delete Add Up Down Figure 6 12 Expert Applications Terminal Profile Menu The menu can contain any command recognized by the Linux operating system
92. click on the Add or Edit button the Notifications SNMP Add Edit dialog box displays SNMP traps are event notifications sent to a list of responsible parties set up to receive alerts for the managed systems Any SNMP enabled device generates Fault Reports Traps that are defined in Chapter 10 Administration Menu and Forms 163 the Management Information Base MIB SNMPv1 and SNMPv2 define the messaging format for the trap The following table describes the available fields in the SNMP trap notification entry dialog box Table 10 5 SNMP Trap Notifications Add Edit Dialog Box Fields Field name Definition Alarm Trigger The trigger expression used to generate an SNMP trap untitled dropdown field The first time you specify an alarm trigger the pull down menu is empty A new trigger gets listed in the menu after it is created OID Type Value The value that uniquely identifies an object to the SNMP agent Trap Number The trap type as defined in the MIB The choices are e Cold Start e Warm Start e Link Down e Link Up e Authentication Failure e EGP Neighbor Loss e Enterprise Specific Community The password used to authenticate the traps Server The IP address of the server running the SNMP Body The content of the notification To configure a trigger for SNMP trap notification for serial ports 1 Go to Administration Notifications in Expert mode select SNMP Trap from the pull down menu If desir
93. commended n is the default if no strings are defined Hostname Discover Answer Strings A list of strings delimited by double quotes and separated by spaces Must be written as POSIX extended regular expressions If no strings are defined then A Za z0 9 _ Llogin is the default If the user regex has more than one group then only the first group is matched To configure hostname discovery probe and answer strings Expert 1 Select Expert Ports Hostname Discovery The Hostname Discovery screen appears 2 Enter one or more strings delimited by double quotes and separated by spaces 3 Click apply changes 158 Cyclades ACS Advanced Console Server Installation Administration User Guide 159 Administration Menu and Forms System Information Selecting Administration System information in Expert mode displays a form containing information about all of the system paramters as shown in the following table Table 10 1 System Information Form Information Parameters System Information e Kernel Version e Current Date e Up Time e Power Supply State CPU Information e CPU Type e Clock Speed e Revision e Bogomips Memory Information e MemTotal e SwapFree e MemFree e Dirty e Buffers e Writeback e Cached e Mapped e SwapCached e Slab e Active e CommitLimit e Inactive e Committed_AS e HighTotal e PageTables e HighFree e VmallocTotal e LowTotal e VmallocUsed e LowF
94. configure packet filtering e Edit default chains e Delete user added chains e Add new chains e Edit rules for chains 100 Cyclades ACS Advanced Console Server Installation Administration User Guide Edit button Selecting one of the default chains and pressing the Edit button the Edit Chain dialog box shown in the following figure appears Ohttps 192 168 48 11 Edit Chain Ioj x OK Cancel Name FORWARD Policy ACCEPT hd Done 192 168 48 11 9 7 Figure 7 15 Expert Firewall Configuration Edit Chain Dialog Box Only the policy can be edited for a default chain The options are ACCEPTand DROP NOTE User defined chains cannot be edited If a user defined chain is selected for editing an error message is displayed If this message appears click OK to continue Figure 7 16 Firewall Configuration User defined Chain Message Delete button If one of the user defined chains is selected and the Delete button is pressed the chain is deleted NOTE Default chains cannot be deleted If one of the default chains is selected and the Delete button is pressed an error message is displayed If this message appears click OK to continue Add button If the Add button is pressed under the Add Chain dialog box shown in the following figure appears Ohttps 192 168 48 11 Add Chain 0 x Name Done 192 168 48 11 9 5 Figure 7 17 Expert Firewall Configura
95. ct an option from 2400 to 921600 Kbps from the Baud Rate pull down menu The default is 9600 3 To change the flow control select None Hardware or Software from the Flow Control pull down menu The default is None 4 To change the parity select None Odd or Even from the Parity pull down menu The default is None 5 To change the data size select an option from 5 to 8 from the Data pull down menu The default is 8 6 To change the stop bits select 7 or 2 from the stop bits pull down menu The default is 1 7 To change whether the DCD Data Carrier Detect State is disregarded or not select either Disregard or Regard 8 Click Done 9 Click apply changes Access Under Ports Physical Ports in Expert Mode select one or more serial ports and click Modify Port s Select Access form from the tabbed menu The Access form appears The following table describes the menu and fields on the Access form Table 9 4 Access Form Menu and Fields Field Description Authorized Users Groups Restrict or deny access to a serial port by specifying one or more users or groups You can deny access to one or more users or groups by entering an exclamation point before the user or group name For example to explicitly deny access to a user called noadmin and enable access only to a single user called johnd you would enter the following Inoadmin johnd Successive names are separated by a comma Type Select an authentication
96. ct connection to configure the network parameters uunneeseesnesseesnenensee nennen 14 Powering up the console server and the connected devices 15 Performing basic network configuration using the wiz command urserseerserseennernnennennennnenn 16 Adding users and configuring ports using the Web Manager ursnessnernersnernnesnesnnennennennnnnnn 20 Other Methods of Accessing the Web Manager u2ss222u2snesnernnennernnennennonnensonnnensnennensnennnnnne sn 20 Inst lling PC Cards 2 2012 bian a aeee akiak ai bannen 21 Connecting Cyclades PM IPDUS uuneeseessesseessensensnensnennonsnennennernnennersonnnennonnnennonsnenson nennen 21 Chapter 3 Web Manager for Regular Users usnsunseonnsnnsunnunnsunuennnunnnunnunnnnunnunnnunnunnnn 23 Using the WED MANAG EF sorps cesta eepe e S E ri EE Sro ERS EEEE EES 23 Features of Regular User Forms uesserssssnesnnesnesnnennesnnennennonnnensnnnnonsnennansnesnnesnesnnennensonnnssnnnsensnnnne 24 Conn Chena eano ie eee A A e A wie ede an E ak oe E EE ib eed 24 Connect t the console s rvet isisisi eiar perseen Eese EE aE S eter aisean ESS 25 COnNEGE to Serial POTTS nannten Riese in eae NS pat senken 25 Connection protocols for serial ports useseesnesnesnnennersennnensnnnnensnennensnesnnesnesnennennennnnnennnensannn 26 IPD U Power Mandgement asirni as eaaa eaa aaa eE E Er EE ea aA aa EEEE i aas 27 Qutlets Manager 22 Abi eee EE E hun naar Biene R eves 27 Qu t
97. curity Profile Secured Moderate Profile is set to MODERATE Moderate is the recommended Security Level This profile enables SSH v1 SSH v2 HTTP HTTPS Telnet SSH and Raw connections to Serial Ports ICMP and HTTP redirection to HTTPS Authentication to access Serial Ports is not required Figure 8 8 Expert Security Security Profile A Security Profile consists of a set of parameters that can be configured in order to have more control over the services that are active at any time Pre defined security profiles There are three pre defined security profiles e Secure The Secure profile disables all protocols except sshv2 HTTPS and SSH to Serial Ports Authentication to access Serial Ports is required and SSH root access is not allowed NOTE SSH root access is enabled when the security profile is set to Moderate or Open If a Secured security profile is selected you need to switch to a Custom security profile and enable the allow root access option Chapter 8 Security Menu and Forms 125 e Moderate The Moderate profile is the recommended security level This profile enables sshvl sshv2 HTTP HTTPS Telnet SSH and Raw connections to the Serial Ports In addition ICMP and HTTP redirection to HTTPS are enabled Authentication to access the serial ports is not required e Open The Open profile enables all services such as Telnet sshv1 sshv2 HTTP HTTPS SNMP RPC ICMP a
98. current process What Name of the current process Chapter 8 Security Menu and Forms 117 To view kill or refresh active user sessions Go to Security Active Ports Sessions The Active Ports Sessions form appears 2 To refresh the display click the Refresh button If you are using this form to view the information you are done 3 To kill a session select the desired session and click the Kill Sessions button Authentication Selecting Security Authentication displays the form shown in the following figure which includes six tabs AuthType RADIUS TACACS LDAP Kerberos and NIS Users and Groups AuthType Radius Tacacs Ldap Active Ports Sessions Authentication Security Profile Unit Authentication Local Nis x Figure 8 3 Expert Security Authentication You can use the Authentication forms to select a method for authenticating logins to the console server or to identify authentication servers that are configured for logins either to the console server or to the serial ports Configuring authentication for console server logins The default authentication method for the console server is Local You can either accept the default or select another authentication method from the Unit Authentication pull down menu on the AuthType form Any authentication method selected for the console server is used for authentication of any user attempting to log into the console server through T
99. d Chain Dialog Box nceneneeenenenne 100 Firewall Configuration Edit Rules for chain_name Form nerenenenenen 101 Firewall Configuration Edit Rules for chain_name Buttons 101 Expert Firewall Configuration Add Rule and Edit Rule Dialog Boxes 101 Firewall Configuration TCP Protocol Fields and Menu Options 102 Figure 7 22 Figure 7 23 Firewall Configuration Add Rule and Edit Rule UDP Protocol Fields 103 Input Output Interface Fields and Fragments Menu Options 104 Firewall Configuration Add Rule and Edit Rule LOG Target Fields 105 Figure 7 25 Figure 7 26 Figure 7 27 Figure 7 28 Figure 7 29 Firewall Configuration Add Rule and Edit Rule REJECT Target Menu Options 105 Edit Chait Dialog BOX 2 cash sass RR sachs seneocaseeasbvacazegsueetsasagebens se 107 Expert Network Host Tables iis ccscvcscceosck ennnen 108 Expert Network Static Routes ccsccsccesscesceseeseceseessceseeseeessessecasensecsecsseeasenees 109 Expert Static Routes Add and Edit Dialog Boxes Default Route 109 List of Figures xiii Figure 7 30 Expert Static Routes Add and Edit Dialog Boxes Network Route 110 Figure 7 31 Expert Static Routes Add and Edit Dialog Boxes Host Route 110 Figure 8 1 Expert Security Users and Groups Form sersserseessesseessersennnensnnnnensnennennennen 113 F
100. d Restoring Configuration Change Task Action Result try changes Click the try changes button Updates the appropriate configuration files Changes are preserved if you log in and log out and even if you restart the system Changes stay in effect unless the cancel changes button is clicked The changes can be restored at any time until the apply changes button is clicked cancel changes Click the cancel changes Restores the configuration files from the backup that was button created the last time changes were applied apply changes Click the apply changes If try changes has not been previously clicked updates button the appropriate configuration files Overwrites the backed up copy of the configuration files The following table illustrates the information that displays in the upper right corner of all Web Manager forms Table 4 4 Administrator Logout Button and Other Information in the Upper Right Form Area Button and Information Purpose logout Click this button to log out Host Name Cyclades Displays the hostname IP address assigned during initial configuration IP Address 192 168 48 11 and the model number of the Cyclades ACS advanced console server Model ACS16 Logging Into the Web Manager The following procedure describes the login process to the Web Manager and what should be expected the first time you login to console server To log into the Web Manager 1 To display the Web Manager en
101. dap conf on the console server Group Authorization on LDAP Group information retrieval from an LDAP authentication server adds another layer of security by adding a network based authorization It retrieves the group information from the authentication server and performs an authorization through the console server To configure a Kerberos authentication server Perform the following procedure to configure a Kerberos authentication server when the console server or any of its ports is configured to use Kerberos authentication method or any of its variations Kerberos Kerberos Local or KerberosDownLocal Before starting this procedure find out the following information from the Kerberos server administrator e Realm name and KDC address Host name and IP address for the Kerberos server 122 Cyclades ACS Advanced Console Server Installation Administration User Guide Also work with the Kerberos server s administrator to ensure that following types of accounts are set up on the Kerberos server and that the administrators of the console server and connected devices know the passwords assigned to the accounts An account for admin If Kerberos authentication is specified for the console server accounts will be needed for all users who need to log into the console server to administer connected devices If Kerberos authentication is specified for the serial ports accounts for users who need administrative access to connected devices
102. de To activate the snmpd services you should go to the Network Services section System Information Settings SysContact Avocent_Corporation SysLocation Cyclades_ACS Access Control SNMPv1 SNMPv2 Configuration Community Source Delete Edit SNMPv3 Configuration User name Permission Figure 7 11 Expert Network SNMP You can use this form to enable notifications about significant events or traps from console server to an SNMP management application such as HP Openview Novell NMS IBM NetView or Sun Net Manager Chapter 7 Network Menu and Forms 97 The following table explains the required parameters to complete the SNMP form and the associated dialog boxes Table 7 13 Expert Fields and Menu Options for SNMP Configuration Field or Menu Option Description SysContact The email address of the console server s administrator for example acs_admin cyclades com SysLocation The physical location of the console server Community SNMP v1 and v2 only A Community defines an access environment The type of access is classified under Permission either read only or read write The most common community is public NOTE Take caution in using a public community name as it is commonly known By default the public community cannot access SNMP information on the console server Source SNMP v1 and v2 only Valid entries ar
103. dlock e Locked e Unlocked e Outlet is locked Click to unlock the outlet e Outlet is unlocked Click to lock the outlet Outlets Group Ctrl Selecting IPDU Power Mgmt Outlet Groups Ctrl displays the following form Connect IPDU Power Mgmt Security Outlets Manager Outlet Groups Ctrl View IPDUs Info Group Name Outlets i241 i2A_2 i2A_3 Group Ctrl Ipdu and Port i2A port 2 i2A port 2 i2A port 2 Individual Status va v2 v2 Figure 3 3 Regular User IPDU Power Mgmt Outlet Groups Ctrl If a user has been authorized to control specific outlet groups assigned by an administrator any group names are displayed under Group Name Outlets In this mode the user can turn on turn off lock or cycle the outlets in the group all at once using the controls under Group Ctrl Ipdu and Ports or turn on turn off or lock individual outlets within the group under Individual Status NOTE The Cycle button can only be used with Cyclades IPDU devices For all other IPDUs this button will not be active View IPDU info Selecting IPDU Power Mgmt View IPDUs Info will display the following form Chapter 3 Web Manager for Regular Users 29 Outlets Manager Outlet Groups Ctrl View IPDUs Info ID i2A serial port 2 Model Cyclades PM amp Number of Outlets 8 Number of Inlets 1 Software Version 1 7 0 Polling Rate 10000 ms Current 0 0A Configuration
104. dmin http www remoteadmin com online help Chapter 10 Administration Menu and Forms 173 The software adds the name of the acs directory to the URL prefix and launches the online help Click Save Click apply changes 174 Cyclades ACS Advanced Console Server Installation Administration User Guide 175 APPENDICES Appendix A Technical Specifications Table A 1 ACS Console Server Product Specifications Processing Capability CPU MPC855T PowerPC Dual CPU Memory 128MB DIMM SDRAM 16MB CompactFlash User Ports Number Ethernet 10 100BT on RJ45 1 RS 232 console on RJ 45 1 RS 232 serial on RJ 45 4 8 16 32 48 depending on model PC card slots 2 supporting secondary Ethernet wireless networking CDMA GPRS GSM V 90 modems and ISDN Type RJ 45 PC card Power Internal 100 240VAC at 50 60 Hz Input Types Optional dual entry redundant power supplies 48VDC option available Environmental Operating Temperature 50 F to 112 F 10 C to 44 C Storage Temperature 40 F to 185 F 40 C to 85 C Humidity 5 to 90 non condensing Physical Dimensions Single Port 6 3 x 4 0 x 1 5 in 16 x 10 x 3 8 cm 4 48 Ports 17 x 8 5 x 1 75 in 43 18 x 21 59 x 4 45 cm Safety and EMC Approvals and Markings FCC Part 15 A ICES 003 C Tick VCCI Class A BSMI Class A MIC Class A CE EN55022 Class A EN55024 EN60950 1 GS CB CSA UL 60950 1
105. e filename pmfirmware To upgrade software on a Cyclades PM IPDU Expert Select Power Mgmt Software Upgrade The Software Upgrade screen is displayed 2 Click Refresh If a tmp pmfirmware exists containing a more recent version of the PM firmware than the one currently installed an Update button is displayed 3 Click Update Click apply changes Chapter 6 Applications 65 To upgrade software on non Cyclades IPDUs Avocent SPC power devices are not user upgradable For Server Technology IPDUs upgrades must be done through a network port Contact Server Technology support to check if new software is available and for information on how to upgrade the device Expert Applications PMD Configuration When an administrator selects Expert Applications PMD Configuration the following three tabs appear e General e Outlet Groups e Users Management An administrator can use these tabs to configure the username and password for IPDUs create groups and authorize users and groups to access specific outlets To find the IPDU ID Expert 1 Select Expert Access IPDU Power Management View IPDUs Info 2 Note the string in the ID field Applications PMD Configuration General An administrator can select Expert Applications PMD Configuration General to configure a username and password for each supported IPDU type The fields are labeled Cyclades for Cyclades PM IPDUs SPC for Avocent SPC power devices
106. e and password to log into the device To connect to the console server This procedure logs you into the console server as a Regular User in an SSH session 1 Go to Applications Connect in Expert mode 2 Click the Connect to ACS radio button 3 Click the Connect button A Java applet viewer appears NOTE The login prompt is displayed whenever your security profile is set to Moderate or Open otherwise an authentication form appears You cannot authenticate unless you change the security profile to Custom and enable allow root access To connect to a device through a serial port 1 Select Applications Connect in Expert mode 2 Click the Serial radio button 3 Select a port number or alias from the Serial pull down menu 4 Click Connect A Java applet viewer appears If authentication is specified for the selected port you are prompted to log in If not you are logged in automatically IPDU Power Management The ACS console server recognizes and supports all Cyclades PM series IPDUs as well as Avocent SPC Switched Rack PDU and ServerTech Switched CDU IPDU products through the common interface The console server s PMD structure accommodates the differences in each of these IPDUs to allow more flexibility with power management options NOTE ServerTech IPDU installation management and operation is license based through Avocent s DSView 3 management software only Selecting JPDU Power Mgmt displays five tabs in
107. e default or a subnet address for example 193 168 44 0 24 OID Object Identifier Each managed object has a unique identifier Permission Read Only access to the entire MIB except for SNMP configuration objects Read Write access to the entire MIB except for SNMP configuration objects User Name and Password SNMP v3 only Clicking the Add or Edit buttons under SNMPv1 SNMPv 2 Configuration displays the New Mod SNMP v1 v2 Configuration dialog box as shown in the following figure https 192 168 48 11 New Mod SNMP v1 lalxi OK Cancel Community Source OID Permission Read Only gt Done 192 168 48 1 9 5 Figure 7 12 Expert New Mod SNMP v1 v2 Configuration Dialog Box Clicking the Add or Edit buttons under SNMPv3 Configuration displays the New Mod SNMP v3 Configuration dialog box as shown in the following figure 98 Cyclades ACS Advanced Console Server Installation Administration User Guide https 192 168 48 11 New Mod lolxi oername O O T 1 OID a Permission Read Only Done 192 168 48 11 7 Figure 7 13 Expert New Mod SNMP v3 Configuration Dialog Box To configure SNMP 1 Go to Networks SNMP The SNMP form appears 2 To enable any version of SNMP perform the following a To add an SNMPv1 SNMPVv2 entry press the Add button under the SNMPv1 SNMPv2 Configuration table b To add an SNMPVv3
108. e mit einer ausreichend geerdeten Stromquelle verbinden Zu diesem Zweck ist das Eingangskabel ist mit einem dreipoligen Stecker ausgestattet Bitte keinesfalls dazwischen liegende adaptor einsetzen oder den Erdungsstift entfernen Falls eine Verl ngerung eingesetzt werden muss bitte ausschlie lich dreipolige Kabel mit ausreichender Erdung verwenden CAUTION To help protect the Cyclades ACS advanced console server from electrical power fluctuations use a surge suppressor line conditioner or uninterruptible power supply Be sure that nothing rests on the cables of the console server and that they are not located where they can be stepped on or tripped over Do not spill food or liquids on console server Vorsicht Um den Alterpath ACS vor elektrischen Netzschwankungen zu bewahren bitte Uberspannungsfilter Entst rfilter oder eine UVS einsetzen Stellen Sie bitte sicher dass sich keine Gegenst nde auf den Kabeln des ACS befinden und dass die Kabel tritt und stolpersicher gef hrt sind Bitte keine Lebensmittel oder Fl ssigkeiten ber den ACS sch tten CAUTION Do not push any objects through the openings of the Cyclades ACS advanced console server Doing so can cause fire or electric shock by shorting out interior components Vorsicht Zur Vermeidung von Brandgefahr oder elektrischen Schlagen bitte keine Gegenstande durch die Offnungen des Alterpath ACS stecken Appendices 179 CAUTION Keep your Cyclades ACS advanced console server away f
109. e server or remotely to an external storage source such as an NFS server or Syslog server Once Enable Data Buffering is selected the form displays a number of fields The displayed fields depends on whether selected Destination is Local or Remote The values set in this form apply to all serial ports Data buffering allows a site to save a record of all communication during a serial port connection session You can set up data buffer files to be stored either in local files on the console server s Flash memory or on the hard disk of an external server such as an NFS or Syslog server 48 Cyclades ACS Advanced Console Server Installation Administration User Guide The following figure shows the form when Enable Data Buffering is checked and the Destination is set to Local Step 1 Security Profile Step 2 Network Settings Step 3 Port Profile Set up data buffering to the output from the consoles in a Step 4 Access console log file The previous port specific parameters Step 5 Data Buffering will be discarded Step 6 System Log Enable Data Buffering M Destination Local x Mode Circular vr File Size Bytes D Record the timestamp in the data buffering file 7 Show Menu Show all options v Figure 5 10 Wizard Step 5 Data Buffering Local The following figure shows the form when the data buffering Destination is set to Remote Step 1 Security Profile Step 2 Network Settings Step 3 Port Profile Set up d
110. ecked 146 Figure 9 5 Ports Physical Ports Power Management Allow All Users 149 Figure 9 6 Ports Physical Ports Power Management Allow Users and Groups 149 Figure 9 7 Ports Virtua Ports n uusnneieenseneeten bes ans blasen 152 Figure 9 8 Ports Virtual Ports New Modify Port Dialog Box enerseenserseennersnesnennnennen 153 Figure 9 9 Ports Virtual Ports New Modify Port Dialog Box enerseenerseennersnesneennennen 154 Figure 9 10 Ports Virtual Ports New Modify Port Names Dialog box 155 Figure 9 11 Ports Ports Status RCAd OMLy csccssccsesccesseceseeenseeeaceceneeeseceenecsaceeaceceneeeeeeenees 155 Figure 9 12 Ports Port Statistics RCAd ONLy cccccccssscceesecesseesseessceceneeeseceeneceseceaceceaeeeeeeenees 156 Figure 10 1 Expert Administration Time Date 2202202202200nnenneennensennnensnennensnenennennen 164 Figure 10 2 Expert Administration Time and Date NTP Enable uncnenennenenen 165 Figure 10 3 Expert Administration Time Date Edit Custom 166 Figure 10 4 Expert Administration Online Help uuu2s02200ssesseessensensnensnennensnenennnennen 172 xiv Cyclades ACS Advanced Console Server Installation Administration User Guide Introduction Overview Each model in the Cyclades ACS advanced console server family is a 1U appliance serving as a single access point for accessing and adm
111. ecommended It is generally advisable for you to use the online help system provided with the product or download the online help zip file and run it from a local server Online help for the ACS console server is shipped with the product and should be loaded on a local server The system administrator can also download the online help from Avocent For more information on downloading the online help contact Technical Support The procedure for configuring the online help on the local server follows Select Administration Online Help in Expert mode The online help configuration page is displayed 172 Cyclades ACS Advanced Console Server Installation Administration User Guide System Information Notifications Time Date Boot Configuration Configures the Online Help path Backup Config Paths ending in will be appended with the product name and version Upgrade Firmware Otherwise the entire path will be used to access the help file Example http www MyHttpServer com online help will be extended to ittp www MyHttpServer com online help acs v_3 2 0 en index html Online Help Path http www cyclades com online help Figure 10 4 Expert Administration Online Help The console server administrator can either use the supplied online help or download the online help zip file and reconfigure the path to a local server where the online help can be stored and accessed by the Web Manager The cons
112. ected Ports button NOTE By default all Serial Ports are disabled from the factory The Administrator can activate and assign specific users to individual physical ports 4 Click apply changes General form Under Ports Physical Ports in Expert Mode if you select one or more ports from the ports list and click the Modify button the General form appears as shown in the following form General Access DataBuffering MultiUser Power Management Other Connection Protocol Console Telnet be Alias Baud Rate Kbps 600 Flow Control None Data ex Parity one gt Stop Bits ka DCD State Disregard 7 Figure 9 2 Ports Physical Ports General Form The General form allows you to define general port settings connect to an IPDU port and select the connection type to a serial port SSH Telnet or both The number of the selected port or ports displays next to the Done button at the bottom of the form in the format Selected ports N where N stands for the port number Connection profiles The following sections describe the available connection protocols for each connection to the serial ports Chapter 9 Ports Menu and Forms 133 Console Access Server CAS profile connection protocols When a serial port is connected to the console port on a device a CAS profile must be defined for the serial port Selecting the appropriate connection protocol on the Ports Physical Ports General is part
113. ected a server terminal to a serial port 1 Select the port and choose a TS profile from the Connection Protocol pull down menu on General form Click the Other tab The Other form displays To change the port number used to access the serial port enter another number in the TCP Port field To change the Keep Alive interval enter another number in the TCP Keep Alive Interval field To change the idle timeout interval enter another value in the Idle Timeout field Specify stty options if desired in the STTY Options field To change the break interval enter a new number in the Break Interval field To change the break sequence enter a new sequence in the Break Sequence field To change the content of the login banner enter new text in the Login Banner field For a dedicated terminal enter the IP address of the desired host in the Host to Connect field Enter the type of terminal in the Terminal Type field Click Done Click apply changes 152 Cyclades ACS Advanced Console Server Installation Administration User Guide Virtual Ports When Virtual Ports is selected the following form appears Figure 9 7 Ports Virtual Ports NOTE Virtual Ports is available only for IPv4 protocol The virtual ports form allows you to perform clustering of the console server units The console server clustering is designed to allow a large number of serial ports up to 1024 to be configured and vir
114. ed enable Notification Alarm for Data Buffering for an alarm to sound when the trigger action occurs and click either Add or Edit The Notifications Entry dialog box is displayed Specify the event you wish to trigger a notification in the Alarm Trigger field If you need to edit an existing notification select it from the pull down list and proceed Enter or change the number in the OID Type Value field Accept the trap number or select a new one from the Trap Number pull down menu Enter a community in the Community field Enter the IP address of the SMTP Server Enter a message in the Body text area Click OK 10 Click apply changes OONDPAN 164 Cyclades ACS Advanced Console Server Installation Administration User Guide Serial ports alarm notification You can configure the notification entry form to monitor the DCD signal so that the system will generate an alarm in any of the following events e A serial console cable is removed from the console server e A device server attached to the console is powered down The configuration also enables you to detect if a modem is in use and is still powered on and active To configure a trigger for serial port alarm notification 1 Go to Administration Notifications in Expert mode 2 Enable the checkbox for Notification Alarm for Data Buffering 3 Select Email Pager or SNMP Trap from the pull down menu 4 Click the Add button 5 Enter Port in the Alarm Trigger field 6 Conf
115. elds as necessary a Choose your configuration method from the Method pull down menu Choices are Stateless only Static or DHCP NOTE It is recommended that Stateless only be used only when none of the other methods is available This means that local configuration from the local router and only the link_local address will be available to the ACS console server b Ifthe DNS Service fields are active none or Domain DHCP selected in Step 2 and Static has been selected under Ethernet Port enter the Primary DNS server IP address If there is a backup DNS server enter the the address of the secondary DNS server in the Secondary DNS server field 4 When finished click apply changes Syslog Chapter 7 Network Menu and Forms When Network Syslog is selected the form shown in the following figure appears Console CAS Ports Facility Local v Syslog Destination v Root User New Syslog Server Emergency Warning Emergency Warning Emergency Warning Emergency Warning v Alert v Notice v Alert v Notice Filter Web log messag v Alert v Notice Filter System log messa vV Alert Notice Server Syslog Servers ilter CAS log messages by level v Critical v Info Filter Data Buffering log me
116. elete from the current facility location and then click Delete 2 Click apply changes 52 Cyclades ACS Advanced Console Server Installation Administration User Guide 53 Applications Configuring the Console Server in Expert Mode Most applications require that you set the Web Manager to Expert mode If you are in Wizard mode and need to perform advanced configuration click the Expert button at the bottom of the left menu panel to switch to Expert mode If the Wizard button displays at the lower left of the screen you are in Expert mode Overview of menus and forms Figure 6 1 shows a typical Expert mode screen The top menu bar contains the primary commands and the left menu panel contains the secondary commands Based on what you select from the top menu bar the left menu panel selections change accordingly and the form area may include tabs for other options as shown 54 Cyclades ACS Advanced Console Server Installation Administration User Guide Connect Pou Power mom PMD Configuration IPMI Power Mgmt Terminal Profile Menu Figure 6 1 Expert Mode Screen Elements Table 6 1 Expert Mode Screen Elements Number Description 1 Top menu Selecting any one of the top menu items will change the left navigation menu and form areas to view status or configure the related console server options or parameters Left navigation menu Selecting any of the left navigation menu items will cha
117. elnet SSH or the Web Manager To configure the console server login authentication method 1 Go to Security Authentication The AuthType form is displayed 2 To specify an authentication method for login to theconsole server select a method from the Unit Authentication pull down menu NOTE Make sure an authentication server is specified for the selected authentication type 118 Cyclades ACS Advanced Console Server Installation Administration User Guide 3 Click apply changes Configuring authentication servers for logins to the console server and connected devices If you are configuring any authentication method other than Local make sure an authentication server is set up for that method The following is a summary of the things you need to know about setting up authentication servers e The ACS console server must be on the same subnet as the authentication server e Each authentication server must be configured and operational e The console server administrator should obtain the necessary information from each authentication server administrator in order set up and identify those servers on the ACS console server For example if LDAP authentication were to be used for logins to the console server and Kerberos for logins to serial ports then the console server needs to have network access to an LDAP and a Kerberos authentication server The administrator needs to perform setup on the console server for both types of a
118. eneennensnensensnennnesnennennen 71 Expert Network Host Settings 22u22u222022n0nsnrsnennnennennnenesnnenersonnnnnnennnonsnnsnensne nn 74 Expert Network Host Settings IPv4 DHCP disabled uneeneeeenn 76 Expert Network Host Settings IPV6 uueesnessnesnesnnennessennnennnennennnnnnennsensnnnensne nn 77 Expert Network SYSIOG 3 nieee ea r A ses 81 Expert Network PCMCIA Management eunessersnensersensnensennsennnennennnennennnensne nn 82 PCCard Type by Slot oneee a a E a aE EE EE ETE 83 Expert CompactFlash Hard Disk PC Card Configuration Dialog Box 88 Expert Wireless LAN PC Card Configuration Dialog Box ueeensenseeneenn 89 Expert VPN New Modify Connection Dialog BOX u222022n22neennennennennnensnennen nn 92 Security Custom Profile Dialog u2uu22nu2nnesnernnennesnnennennennnensnennonnnennnnsnennennen 94 Expert Network SNMP osien ea E E aS 96 Expert New Mod SNMP v1 v2 Configuration Dialog Box 97 Expert New Mod SNMP v3 Configuration Dialog Box ncnerseneenenneennennen 98 Figure 7 14 Figure 7 15 Expert Network Firewall Configuration seeeserssesneennesnernnennernnennennennennnennnnnn 99 Expert Firewall Configuration Edit Chain Dialog Box 100 Firewall Configuration User defined Chain Message sosesc 100 Figure 7 17 Figure 7 18 Figure 7 19 Figure 7 20 Expert Firewall Configuration Ad
119. ente el ctrica utilice una fuente el ctrica de respaldo Asegurarse de que nada descanse sobre los cables del Cyclades ACS advanced console server y que los cables no obstruyan el paso Asegurarse de no dejar caer alimentos o bebidas en el Cyclades ACS Advanced Console Server Installation Administration and User s Guide Si esto ocurre avise a Cyclades Corporation IMPORTANTE No empuje ningun tipo de objeto en los compartimientos del Cyclades ACS advanced console server Hacer esto podria ocasionar un incendio o causar un corto circuito dentro del equipo IMPORTANTE Mantenga el Cyclades ACS advanced console server fuera del alcanc de calentadores y asegurarse de no tapar la ventilaci n del equipo IMPORTANTE El Cyclades ACS advanced console server con alimentaci n de corriente directa CD solo debe ser instalado en areas con restricci n y de acuerdo a los articulos 110 18 110 26 y 110 27 del National Electrical Code ANSI NFPA 701 Edici n 1999 Para conectar la corriente directa CD al sistema utilice cable de 0 75 mm 18 AWG Instalar el interruptor corriente directa CD aprobado por UL entre la fuente de alimentaci n y el Cyclades ACS advanced console server El limite minimo del interruptor deber ser 2 amperes con conductor de 0 75 mm 18 AWG Trabajar dentro del Cyclades ACS Advanced Console Server No intente dar servicio al Cyclades ACS advanced console server solo que este bajo la direcci n de Soporte T cnico de
120. entication is performed against an LDAP database using an LDAP server LDAP Local LDAP authentication is tried first switching to Local if unsuccessful LDAPDownLocal Local authentication is performed only when the LDAP server is down Local Authentication is performed locally For example using the etc passwd file Local Radius Authentication is performed locally first switching to Radius if unsuccessful Local TACACS Authentication is performed locally first switching to TACACS if unsuccessful Local NIS Authentication is performed locally first switching to NIS if unsuccessful NIS NIS authentication is performed NIS Local NIS authentication is tried first switching to Local if unsuccessful NISDownLocal Local authentication is performed only when the NIS server is down OTP Uses the one time password OTP authentication method IPv6 Chapter 1 Introduction 5 Table 1 2 Authentication Methods Supported Continued FE ED mg mp x _ bjEa co om oi gt c ziz mpz Authentication Type Definition OTP Local Uses the local password ifthe OTP password fails Radius Authentication is performed using a Radius authentication server Radius Local Radius authentication is tried first switching to Local if unsuccessful RadiusDownLocal Local authentication is performed only when the Radius server is down TACACS Authentication is performed using a TACACS authentication se
121. enu selection has multiple forms identified by tabs as shown in Figure 4 3 36 Cyclades ACS Advanced Console Server Installation Administration User Guide Applications Outlets Manager s IPDU Multi Outlet Ctrl IPMI Power Mgmt Terminal Profile Menu 1 2 Outlet Outlet Name utlet State Power Up Interval 1 2 3 4 5 6 7 8 SOOOOODOO9OOOOOON D D D M M M M M M D LD EEERERRETERE Figure 4 3 Example of Web Manager Form in Expert Mode 37 Configuring the ACS Console Server in Wizard Mode Step 1 Security Profile A security profile consists of a set of parameters that can be configured in order to have more control over the services active at any time Pre defined security profiles There are three pre defined security profiles e Secure Authentication to access Serial Ports is required and SSH root access is not allowed NOTE SSH root access is enabled when the security profile is set to Moderate or Open If a Secured security profile is selected you must switch to a Custom security profile and enable the allow root access option e Moderate The Moderate profile is the recommended security level This profile enables sshvl sshv2 HTTP HTTPS Telnet SSH and Raw connections to the Serial Ports In addition ICMP and HTTP redirection to HTTPS are enabled Authentication to access the serial ports is not required e Open The Open profile enables all services such as Telnet sshv1 sshv2 HTTP HTTPS S
122. er ucesserseeseersersnensee nennen 25 Available Serial Port Protocols nanastsessenesstiseen essen 26 Regular User Outlet Management Buttons ucrsersnrsnnesnesnnennesnennnensennnennennen nennen 27 Power Management Display Information by Configured Port 29 Administrator Common Administrative Tasks cueensessessnennesseennensennnennensnensnennenne nn 31 Description of Administrator Web Manager Buttons usuesesnnesnernnenerseenennennensennn 32 Administrator Options for Trying Saving and Restoring Configuration Change 33 Administrator Logout Button and Other Information in the Upper Right 33 Wizard Serial Port Enabled Services for Each Security Profile 38 Wizard Serial Port Enabled Services for Each Security Profile 38 Wizard Enabled Protocols for Each Security Profile n os 38 Port Profile Setup Options a n a sceananneeneonslensnnrenienisnlpne 43 Wizard Add User Dialog Field Names and Definitions n se 46 Wizard Data Buffering Field Names and Definitions ucrseesnersersnernnesnesnnennenennnenn 49 Differences Beween Remote and Local Data Buffering 22u02242200nsenne nennen 49 Expert Mode Screen Elements 2 00 5000 setasion ai eiai 54 Expert Outlets Manager Icons Description zusserseesnersnesnnennesnennnennennnennennnensensnennn 58 Expert Outlet Groups Ctrl Information urscesersersnesnnesnesnnennennennnennennnennennnensensnennn
123. er Guide Connection protocols for serial ports You can access a server or a device connected to a serial port by using the connection protocol specified for the port The following table shows the protocols available for the serial ports Table 3 3 Available Serial Port Protocols Connection Type Protocol Console Access Server CAS Telnet ssh Telnet amp ssh Raw Terminal Server TS Telnet sshv1 sshv2 Local Terminal Raw Socket Dial up PPP No Auth PPP SLIP CSLIP Other Power Management Bi directional Telnet TCP port numbers for serial ports The TCP port numbers by default start at 7001 for serial port 1 and increment up to the number of serial ports on your console server The console server administrator may change the default port numbers if needed To use Telnet to connect to a device through a serial port For this procedure you need the hostname of the console server or its IP address and the TCP port number for the serial port to which the device is connected e To use Telnet in a shell enter the following command telnet hostname IP_address TCP port number To close a Telnet session Enter the Telnet hotkey defined for the client The default is Ctrl and q to quit To use SSH to connect to a device through a serial port For this procedure you need the username configured to access the serial port the TCP port number and the hostname of the console server or its IP address e To use SSH
124. er end of the PPP connection if desired NOTE By default the IP address 10 0 0 1 is assigned Only change the IP address if you have a specific reason to do so 4 Enter a personal identification number known to the owner of the GSM card in the PIN Number field 5 To enable call back perform the following a Check the Call Back checkbox The Phone Number field appears on the Slot dialog box b Enter a number for the console server to use to call back the GSM phone 6 Click OK 7 Click apply changes Configuring an Ethernet PC card You can use the PCMCIA Management form under Network to configure an Ethernet PC card When you select Ethernet from the pull down menu the Ethernet dialog box appears The following table provides a brief description of the fields available in the Ethernet dialog box Table 7 8 Ethernet Dialog Box Fields Field Name Definition PC Card Select Ethernet from the Pull down menu IP Address The local IP address of the Ethernet Network Address The network address of the Ethernet To configure an Ethernet PC card 1 Install the Ethernet card and select Ethernet from the pull down menu on the PCMCIA Management form The IP Address and Network Mask fields appear on the Slot dialog box In the IP address field enter the IP address to assign to the Ethernet port In the Network Mask field enter the netmask to assign to the subnet Click OK Click apply changes Oe Gen tS 88
125. er management The Show button shows details about a selected IPDU For Avocent SPC power devices the Outlet Name Minimum On Time Minimum Off Time and Wake State are displayed For Server Technology IPDUs the Outlet Name Post On Delay and Wake State are displayed The following example shows the outlets and their states for a Cyclades IPDU connected to Port 2 58 Cyclades ACS Advanced Console Server Installation Administration User Guide Outlets Manager Outlet Groups Ctrl View IPDUs Info Configuration Software Upgrade ID i1A serial port 1 Save Outlets State Model Cyclades PM8 Done Outlet Outlet Name utlet State 1 i141 i142 i143 e Q Q Q 1A_4 Q E Cycle Edit Q Q Cycle Edit Cycle Edit 19 Cycle Edit D D Cycle Edit i1A_6 i1A_7 i1A_8 Cycle Edit Cycle Edit 2 3 4 5 MA_5 6 7 8 BE Cycle Edit Figure 6 4 Expert Applications IPDU Power Mgmt Outlets Manager Show Outlets The following table illustrates what each icon indicates Table 6 2 Expert Outlets Manager Icons Description Button Purpose Q Yellow bulbs indicate an outlet is switched ON Gray bulbs indicate an outlet is v switched OFF ry An opened padlock indicates that an outlet is unlocked A closed padlock indicates that a an outlet is locked An o
126. er on the subnet that the console server resides using the MAC address e Connect to the console server remotely using Telnet or SSH and use the ifconfig command e Connect directly to the console server and use the ifconfig command through a terminal emulator application e A Web Manager user account must be defined The admin has an account by default and can add regular user accounts to grant access to the connected servers or devices using the Web Manager Types of Users The ACS console server supports the following user account types e The root user who can manage the console server and its connected devices The root user performs the initial network configuration Access privileges are full read write and management NOTE It is strongly recommended that you change the default password tslinux before setting up the console server for secure access to the connected servers or devices e Users who are in an Admin group with administrative privileges e Regular users who can access the connected devices through the serial ports they are authorized for Regular users have limited access to the Web Manager features Security The Cyclades ACS advanced console server includes a set of security profiles that consists of predefined parameters to control access to the console server and its serial ports This feature provides more control over the services that are active at any one time As an additional security measure all serial
127. ersteller empfohlenen Batterietyp Entsorgen Sie die benutzten Batterien nach den Anweisungen des Herstellers Remplacement de la batterie ATTENTION Aly a risque d explosion si la batterie est remplac e par une batterie de type incorrect Mettre au rebut les batteries usag es conform nt aux instructions FCC warning statement The Cyclades ACS advanced console server has been tested and found to comply with the limits for Class A digital devices pursuant to Part 15 of the FCC rules These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the Installation and Service Manual may cause harmful interference to radio communications Operation of this equipment in a residential area is likely to cause harmful interference in which case the user is required to correct the problem at his or her own expense Notice about FCC compliance for all Cyclades ACS Advanced Console Server models To comply with FCC standards the Cyclades ACS advanced console server requires the use of a shielded CATS cable for all interface ports Notice that this cable is not supplied with either of the products and must be provided by the customer 182 Cyclades ACS Advanced Console Server Installation Administration User Guide Canadian DOC notice The
128. ess specific serial ports By default the Enable Raccess Authorization is disabled allowing all users full authorization When this feature is enabled by placing a check mark in the box users groups are denied access unless they have the proper authorization which must be set on the TACACS authentication server itself To see the configuration procedures for a TACACS authentication server refer to the Cyclades ACS Command Reference Guide To configure an LDAP authentication server Perform the following procedure to configure an LDAP authentication server when the console server or any of its ports are configured to use the LDAP authentication method or any of its variations LDAP LDAP Local or LDAPDownLocal Before starting this procedure you will need the following information from the LDAP server administrator e The distinguished name of the search base e The LDAP domain name e Whether to use secure LDAP e The authentication server s IP address You can enter information in the LDAP User Name LDAP Password and LDAP Login Attribute fields but an entry is not required Work with the LDAP server administrator to ensure that the following types of accounts are set up on the LDAP server and that the administrators of the console server and the connected devices know the passwords assigned to the accounts e An account for admin e IfLDAP authentication is specified for the console server accounts for all users who need to l
129. ession on the server The server s IP address should be specified on the Other form Ports Physical Ports Other SSHv2 Dedicates a server terminal connected to the selected serial port to access a server using the SSHv2 protocol When the attached terminal is powered on the console server opens a SSHv2 session on the server The server s IP address should be specified on the Other form Ports Physical Ports Other Local Terminal Dedicates a server terminal connected to the selected serial port for connecting to the console server When the attached terminal is powered on the console server opens a Telnet session on itself The user then can use any of the console server s Linux commands You can also create a terminal profile menu Applications Terminal Profile Menu that enables the user to quickly launch sessions on any number of remote hosts Raw Socket Dedicates a server terminal connected to the selected serial port to access a specific remote host using the Raw Socket protocol When the attached terminal is powered on the console server opens a Raw Socket session on the host using an IP address and TCP port number specified on the Other form Ports Physical Ports Other Bidirectional Telnet protocol Bidirectional Telnet protocol can be selected from the Ports Physical Ports General from Bidirectional Telnet supports both a CAS profile Telnet connection and a TS profile menu shell Both connection protoco
130. exiting from a port as a way to verify and identify the port connection Select Internet protocol from IPv4 IPv6 or Dual Stack which allows Chapter 7 Network Menu and Forms 75 Table 7 2 Network Host Settings General Tab Form Field Continued Field name Field type Description DNS Service Primary DNS Text field Enter the address of the of the domain name server Server Secondary DNS Text field Enter the address of the backup domain name server if used Server Domain Name Text field Enter the name of the host domain Bonding Checkbox Click Enabled to enable bonding Bonding provides redundancy for the Ethernet devices using the standard Ethernet interface as the primary mode of access and a PC card as a secondary mode of access If bonding is enabled the following values should be set Miimon The interval in which the active interface is checked to see if it is still communicating in milliseconds Updelay The time that the system will wait to make the primary interface active after it has been detected as up in milliseconds NOTE If you have set IP Filtering rules before bonding is activated the interface reference in the firewall configuration will be ethO You need to change the interface to bondO in order to reference the bonded interface Disabling and enabling IPv4 or IPv6 protocols The ACS console server allows you to permanently enable or disable either IPv4 or IPv6 protocols during c
131. f the fields available in the ISDN dialog box Table 7 6 ISDN Dialog Box Fields Field Name Definition PC Card Select ISDN from the pull down menu Local IP The local IP address of the PC card Remote IP The remote IP address of the PC card Call Back Check Call Back box to enable the callback security feature Phone Number The phone number that console server uses to call back To configure an ISDN PC card 1 Install the ISDN card and select ISDN from the pull down menu on the PCMCIA Management form The Local IP and Remote IP fields and the Call Back checkbox appear in the Slot dialog box 2 Enter an IP address in the Local IP field if desired By default the IP address of the console server is used Only change the IP address if you have a specific reason to do so 86 Cyclades ACS Advanced Console Server Installation Administration User Guide 3 Inthe Remote IP field specify the IP address to assign to the other end of the PPP connection if desired NOTE By default the IP address 10 0 0 1 is assigned Only change the IP address if you have a specific reason to do so 4 To enable call back perform the following a Check the Call Back checkbox The Phone Number field appears on the Slot dialog box b Enter a number for console server to use to call back modem 5 Click OK 6 Click apply changes Configuring a GSM PC card You can use the PCMCIA Management form under Network to enable a rem
132. f the router through which the host s packets reach the Internet in the NextHop fields d Enter the netmask for the subnet in the Subnet fields in CIDR notation For example 192 168 0 0 24 which translates to 255 255 255 0 Chapter 7 Network Menu and Forms 95 e If RSA Key is selected generate the key for the console server left host and find out the key from the remote gateway right host You can use copy and paste to enter the key in the RSA Key field f If Shared Secret is selected enter the shared secret in the Pre Shared Secret field 11 Select either Ignore Add or Start from the Boot Action pull down menu 12 Click OK 13 Click apply changes SNMP Simple Network Management Protocol SNMP is a set of protocols for managing complex networks SNMP works by sending messages called protocol data units PDUs to different parts of a network SNMP compliant devices agents store data about themselves in Management Information Bases MIBs and return this data to the SNMP requesters The console server s SNMP agent supports SNMPv1 v2 and v3 To use SNMP v1 or v2 you need to specify a community name a source IP address or a range of IP addresses an object ID OID and permission read write or read only SNMP v3 requires username password OID and permission Selecting Network SNMP displays the form shown in the following figure 96 Cyclades ACS Advanced Console Server Installation Administration User Gui
133. fault timeout value is 60 seconds d Inthe BidirectionShell Command field enter the menu shell command for example bin menush to build a custom menu for the TS profile To customize a menu shell go to Web Manager Applications Terminal Profile Menu form For more information on configuring a menu shell see Chapter 6 Expert Applications Terminal Profile Menu on page 70 To configure a serial port connection protocol for a terminal server This procedure assumes that the selected serial port is physically connected to a terminal For more information on Terminal Server connection protocols see Terminal Server TS profile connection protocols on page 133 1 Go to Ports Physical Ports in Expert mode select a port or ports to modify click the appropriate Modify Ports button The General form appears Click the General tab The General form appears with the number s of the selected port s next to the Done button at the bottom of the form and the active tabs are in yellow To change the connection protocol select a Terminal Server connection from the Connection Protocol pull down menu Telnet SSHv1 SSHv2 Local Terminal or Raw Socket To configure a terminal to automatically connect to the console server perform the following steps 5 6 7 Chapter 9 Ports Menu and Forms 137 a Select Local Terminal from the Connection Protocol pull down menu b Define a terminal profile menu Terminal Profile Menu fo
134. field Enter whatever name you wish for this IPDU Polling Rate Number field Enter the polling time how often the console server accesses the IPDU for updates in milliseconds Default is 30000ms Enable Syslog Checkbox Click this checkbox to enable disable syslog logging Cyclades IPDUs only Enable Buzzer Checkbox Click this checkbox to enable disable IPDU alarm buzzer Cyclades IPDUs only Default Voltage Number field The nominal input voltage feeding the power device NOTE Some power devices do not have the capability to read the real input voltage using proper voltage sensors Power Factor Number field The ratio of the real power to the apparent power a number between 0 and 1 that is frequently expressed as a percentage Real power is the capacity of the circuit for performing work in a particular time Apparent power is the product of the current and voltage of the circuit Current Number field Threshold Max A Enter the maximum amperes allowed by the IPDU before generating an alarm Cyclades IPDUs only Exceeding the entered threshold maximum current will also prevent the IPDU from powering up again until the problem is corrected 63 64 Cyclades ACS Advanced Console Server Installation Administration User Guide Table 6 5 IPDU Power Mgmt Configuration Description Continued Shown Element Type Description ID Heading Static heading shows current IPDU name and port assignment
135. files The firmware is upgradeable using an FTP server NOTE Check the file name for the upgrade version and read the upgrade instructions carefully Distinct procedures are required depending on the version you are upgrading from The following table describes the fields in the Upgrade Firmware form Table 10 9 Expert Upgrade Firmware Form Fields Field Menu Name Definition Type FTP is the only supported type FTP Site The URL of the FTP server where the firmware is located The Cyclades FTP site at ftp ftp cyclades com is available for downloading firmware upgrades Username Username recognized by the FTP server The Cyclades FTP username for download is anonymous Password Password associated with the username You can use any password for anonymous login in the password field Path and File Name The pathname of the firmware on the FTP server On the Cyclades FTP server the directory is under pub cyclades alterpath acs released version_number filename where version_number is V_N N N and N N N is the most recent version number for example 2 3 1 The filename includes the version number in the following format zimage_acs_231 bin The pathname for this example would be ftp ftp cyclades com pub cyclades alterpath acs released V_2 6 1 zlmage_acs_261 bin Run Checksum Runs the checksum program to verify the accuracy of the uploaded data Chapter 10 Administration Menu and Forms 171
136. form Table 9 7 Data Buffering Form Fields Field Name Definition Destination Location for the data files Either Local or Remote Mode Local Destination Will be either circular or linear In circular mode data is written into the specified local data file until the upper limit on the file size is reached then the data is overwritten starting from the top of the file as additional data comes in Circular buffering requires the administrator to set up processes to examine the data during the timeframe before the data is overwritten by new data File Size Bytes Local Destination The maximum file size for the data buffer file The file size must be greater than zero NFS File Path Remote Destination The path for the mount point of the directory where data buffer file is to be stored NOTE The NFS server must already be configured with the mount point shared exported and the shared directory from the NFS server must be mounted on the console server Record the timestamp Save a timestamp with the data in the data buffer file Syslog Server The IP address for the preconfigured Syslog server Facility Number Choose a facility number to assign to the console server Obtain the facility number for the console server from the system administrator of the syslog server The facility number is included in any syslog message generated from the console server The server s administrator can
137. form other advanced configuration tasks 42 Cyclades ACS Advanced Console Server Installation Administration User Guide If the DHCP is disabled the form appears as shown in the following figure Step 1 Security Profile Set up the network parameters Step 3 Port Profile Select the DHCP checkbox for automatic configuration Step 4 Access Uncheck the DHCP box to perform manual configuration Step 5 Data Buffering See Help for more details Step 6 System Log DHCP M Host Name eas IP Address Network Mask 192 168 48 11 255 255 252 0 Domain Name eycelades com DNS Server Gateway IP 192 168 44 21 192 168 48 11 Figure 5 4 Wizard Step 2 Network Settings DHCP Disabled If the DHCP is enabled the following form appears Step 1 Security Profile Set up the network parameters Step 3 Port Profile Select the DHCP checkbox for automatic configuration Step 4 Access Uncheck the DHCP box to perform manual configuration Step 5 Data Buffering See Help for more details Step 6 System Log DHCP M Figure 5 5 Wizard Step 2 Network Settings DHCP Enabled To configure the network settings 1 Select Step 2 Network Settings The DHCP form is displayed By default DHCP is active NOTE If DHCP is enabled a local DHCP server assigns console server a dynamic IP The administrator chooses whether or not to use DHCP during initial setup 2 Ifyou are using DHCP proceed to Step 3 Port Profile
138. g to avoid electric shock ATTENTION Cet appareil comporte un ou deux cordon d alimentations Afin de prevenir les choc lectriques debrancer les cordons d alimentation avant de fairt le d pannage Vorsicht Das Geraet hat entweder ein oder zwei Netzverbindungen Um elektrischen Schlag zu vermeiden muessen die Netzverbindungen getrennt sein bevor Wartungsarbeiten vorgenommen werden NEBS certification The models ACS 16 NEBS and ACS 32 NEBS DC powered models are NEBS Level 3 certified and are tested to meet all the requirements and objectives described in Telecordia documents GR 63 CORE Physical Protection which identifies the spatial and environmental criteria and GR 1089 CORE Electromagnetic Compatibility and Electrical Safety requirements NOTE Use shielded cables when connecting devices to all ports to comply with NEBS certification requirements CAUTION Observe all central office safety precautions when connecting and disconnecting the Cyclades ACS advanced console server power supplies from the DC power source To comply with NEBS requirements ensure that your site adheres to the environmental criteria described in the NEBS specifications 180 Cyclades ACS Advanced Console Server Installation Administration User Guide NEBS Zertifizierung Die Alterpath ACS16 und ACS32 mit DC Gleichstromnetzteil gibt es auch in NEBS Level 3 zertifizierter Ausf hrung Diese sind gepr ft auf Einhaltung aller Anforderungen entsprechend
139. guring Ethernet 87 configuring GSM 86 configuring ISDN 85 configuring modem 84 configuring wireless LAN 89 ejecting 91 installing 21 PCMCIA management 82 PCPU 116 PCPU processing time 116 physical ports 131 port destination 7 powermgmt 147 source 7 TCP 149 port access requirements 25 port IP alias 150 port number local 153 local TCP 153 remote TCP 153 TCP 26 ports configuring 20 for power management configuring 11 physical 131 statistics 156 status 155 virtual 152 ports disabling 132 ports enabling 132 power management 9 135 configuring 11 configuring ports for 11 connection protocol 135 from ACS command line 12 IPDU 56 key 147 through the web manager 12 power options for managing 11 powermgmt port 147 ppp 84 135 ppp no auth 135 pre installation requirements 13 prerequisites for logging to syslog servers 8 using the web manager 3 pre shared secret 93 privilege users 145 profiles security 124 serial port settings and security 39 126 protocol 153 authentication 93 connection 26 43 ICMP 8 modem connection 135 power management connection 135 terminal server TS profile connection 133 UDP 7 R raccess 119 raccess authorization 119 Radius 5 141 Radius downlocal 118 Index 191 Radius local 5 118 141 Radiusdownlocal 5 141 RAM 167 raw socket 134 raw console 133 reboot 171 reboot the ACS 171 record time stamp 143 regular user 113 regular user forms 24 remote destination
140. he administrator through six configuration steps When you log in to the console server as an administrator or as a user with administrative privileges by default the system point to Expert Mode Ports Ports Status form The following is a typical form of the console server web interface in Wizard Mode The user entry form varies depending on the selected menu item Step 1 Security Profile Step 2 Network Settings Step 3 Port Profile Step 4 Access Step 5 Data Buffering Step 6 System Log Chapter 4 Web Manager for Administrators 35 Currently there is NO SECURITY PROFILE set You must define a Security Level before proceding with further configuration Please choose from the three preset security levels Secured Moderate or Open You can also configure a customized security profile Figure 4 2 Example of Web Manager Form in Wizard Mode Expert mode Expert is the default mode when logging in to the ACS console server The following is a typical console server screen in Expert mode The main difference in the interface when you switch between the two modes is the addition of a top menu bar in the Expert mode to support more detailed and customized configuration In Expert mode the top menu bar contains the primary commands and the left menu panel contains the secondary commands Based on what you select from the top menu bar the left menu selections will change accordingly Occasionally an Expert mode m
141. he Timezone pull down list 3 Select Enable from the Network Time Protocol pull down menu When NTP is enabled the following form is displayed Timezone Pacific PST Edit Custom Network Time Protocol be NTP Server 129 6 15 28 Figure 10 2 Expert Administration Time and Date NTP Enable 4 Type the IP address of the NTP server in the NTP Server field 5 Click OK 6 Click apply changes Setting up a customized timezone configuration The Edit Custom button next to the Timezone field allows you to set up a customized timezone function such as for daylight savings time or any other timezone offset anomaly that might occur anywhere in the world You can create a timezone identifier of your choice which is added to the Timezone pull down menu options in the main Time Date form When you select the Edit Custom button the following dialog box will appear 166 Cyclades ACS Advanced Console Server Installation Administration User Guide a a26 OK Cancel Timezone Name Pacific Standard Time Acronym pst GMT off 8 00 Enable daylight saving time Done I Internet Figure 10 3 Expert Administration Time Date Edit Custom To create a custom timezone selection l Enter the name of the timezone you would like to appear in the Timezone pulldown menu on the main Time Date form Pacific entered here as an example Choose a preferred o
142. he console server unit has For example a console server unit with 8 serial ports have TCP port numbers 7001 through 7008 150 Cyclades ACS Advanced Console Server Installation Administration User Guide Table 9 11 Other Form Fields Continued Field Name Definition Port IP Alias A name alias for the IP of the selected port A port IP alias field appear when a console CAS profile is selected from the Connection Protocol pull down menu on the General form Windows EMS Checkbox to enable Windows EMS Emergency Management Services Appears only when a console CAS profile is selected from the Connection Protocol pull down menu on the General form TCP Keep Alive Interval Specifies the time interval between the periodic polling by the system to check client processes and connectivity Idle Timeout The maximum time in seconds that a session can be idle before the user is logged off STTY Options Set terminal options Break Interval Usually 250 to 500 milliseconds It s a logical zero on the TXD or RXD lines to reset the communications line Break Sequence Usually a character sequence break Ctrl b Login Banner Enter the text you wish to appear as a login banner when logging into a terminal Host to Connect This field should be populated with the IP address of the device you are connecting to The field is displayed when a terminal server TS profile is selected from the Connection Protocol p
143. he device connected to the console server is plugged into an IPDU and is configured for power management The device connected to the console server is a server with an IPMI controller and the server is added to the IPMI device list To see the list of previously configured IPMI devices or to add a new IPMI device go to Applications IPMI Power Mgmt If you click Enable power management and click the Add button the Add Outlet dialog box appears In this dialog box you can specify the IPDU and the outlet number s into which the device is plugged 148 Cyclades ACS Advanced Console Server Installation Administration User Guide The PM on the Power Management Alias pull down menu in the example figure indicates that a serial port is configured for power management and an IPDU is connected to the configured port Separate outlet numbers with commas as in 1 2 3 4 To configure a serial port for IPDU power management 1 Go to Ports Physical Ports select a port or ports to modify click the appropriate Modify Ports button and the Power Management tab 2 To enable Power Management of a device connected to the current port and plugged into a connected IPDU click Enable Power Management on this port 3 Select the name of a port configured for power management and click the Add button The Add Outlet dialog box appears Enter the outlet number s into which the device is connected to separated by commas Click OK The power management p
144. hod that applies to logins to devices connected to serial ports You can select different methods for individual ports or for groups of ports Click Done BD console server Go to Ports Physical Ports in Expert mode and select a port or ports to modify Click the Access tab To select an authentication method select one of the options in the Type menu Click apply changes The changes are stored in the etc portSlave pSlave conf file on the 6 Make sure that an authentication server is specified for the selected authentication type The following table lists the procedures that apply to each authentication method Table 9 6 List of Authentication Method Procedures Authentication Method Where Documented Kerberos Kerberos Local or Kerberos DownLocal To configure a Kerberos authentication server on page 121 LDAP LDAP Local or LDAP DownLocal To configure an LDAP authentication server on page 120 142 Cyclades ACS Advanced Console Server Installation Administration User Guide Table 9 6 List of Authentication Method Procedures Continued Se u u Bee ee ee ee ee ee Se ee ee eee NIS Local NIS NIS Local or NIS DownLocal To configure a NIS authentication server on page 123 RADIUS Local RADIUS RADIUS Local or RADIUS To configure a RADIUS authentication DownLocal server on page 118 TACACS Local TACACS TACACS Local or To configure a TACACS authentication TACACS DownLocal server on
145. ial ports on console server units shipped from the factory are disabled by default The administrator can enable ports individually or collectively and assign specific users to individual ports The following figure shows the default factory settings of serial ports Virtual Ports Ports Status Modify Selected Ports Modify All Ports Ports Statistics Enable Selected Ports Disable Selected Ports Port Disable Alias Connection Protocol Serial Config 1 Console Telnet 9600 8N1 2 Yes Console Telnet 9600 8N1 3 Yes Console Telnet 9600 8N1 4 Yes Console Telnet 9600 8N1 5 Yes Console Telnet 9600 8N1 6 Yes Console Telnet 9600 8N1 7 Yes Console Telnet 9600 8N1 8 Yes Console Telnet 9600 8N1 9 Yes Console Telnet 9600 8N1 10 Yes Console Telnet 9600 8N1 Figure 5 1 Administrator Physical Ports Factory Settings If you reconfigure the security profile and restart the Web Manager make sure the serial ports protocols and access methods match the selected security profile A reminder dialog box will appear before you can proceed to Step 2 Network Setting 40 Cyclades ACS Advanced Console Server Installation Administration User Guide To select or configure a security profile The following procedure assumes you have installed a new console server at your site or you have reset the unit to factory default 1 Enter the assigned IP address of the console server in yo
146. ication methods see Access on page 139 e To specify the TCP Port number and configure modem initialization and PPP options see Other on page 149 If you are finished click Done Click apply changes To configure a power management protocol for an IPDU This procedure assumes that an IPDU is physically connected to the selected serial port 1 Go to Ports Physical Ports in Expert mode select a port or ports to modify click the appropriate Modify Ports button The General form appears Click the General tab The General form appears with the number s of the selected port s next to the Done button at the bottom of the form To change the connection protocol select Power Management from the Connection Protocol pull down menu 138 Cyclades ACS Advanced Console Server Installation Administration User Guide Enter a desired name for the IPDU in the Alias field 5 Select an access method for the IPDU from the Allow Access by pull down menu The options are SSH Telnet or SSH and Telnet Selecting an access option activates the Access and Other tabs 6 Go to the Access tab a Enter the users groups authorized to access the serial port b Select an authentication type for the serial port from the pull down menu NOTE Authentication type None is not a valid option when the serial port is configured for Power Management connection protocol The system defaults to Local if no authentication type is selected NOTE Configu
147. igure 8 2 Expert Security Active Ports Sessions nuunsessessnesnernnennennennnnnnnennensennen nennen 116 Figure 8 3 Expert Security Authentication ucessesesnnesnesnnennersennennonnnensonsnensnennensne nennen 117 Figure 8 4 Expert Security Authentication LDAP uneesneenessnensensennsennennnensnennen nennen 121 Figure 8 5 Expert Administration Time Date 2u224022020nesnesnnennennennnennennnensnenensennnn nn 123 Figure 8 6 Expert Security Authentication Kerberos uuuneeseessesseesnersensnensnennensne nennen 123 Figure 8 7 Expert Security Authentication NIS u 2222202202200nnenneennensensnensnennensnenennnennen 124 Figure 8 8 Expert Security Security Profile 22u22242220nersuennenneennensennnensnennensnennnnnennenn 124 Figure 8 9 Expert Physical Ports Default Factory Settings uuuu02sunseennersnennensnesnnennennen 127 Figure 8 10 Serial Ports Protocol Incompatibility Dialog Box un02unseeneennensneneennennennn 127 Figure 8 11 Custom Security Profile Dialog Box 2u22u22222unesnernnennennennnnenennnensennennennne nn 128 Figure 9 1 Ports Physical Potts iranier e A E E E 131 Figure 9 2 Ports Physical Ports General Form cccsccecceseecesseesceeeseeesseseeeaeessecnecnsseseenees 132 Figure 9 3 Ports Physical Ports Data Buffering Enabled 142 Figure 9 4 Ports Physical Ports Power Management Enable IPMI Ch
148. igure outlet groups Once defined outlet groups are specified with the dollar sign prefix followed by the outlet group name outlet_groupname For example Cyclades_IPDU specifies an outlets group called Cyclades_IPDU e An administrator can specify outlets in any of the following ways e With a name that was configured for the outlet With an outlet group name preceded by the suffix e With the IPDU ID assigned to the IPDU e With the port number to which the IPDU is connected Chapter 1 Introduction 11 The IPDU and port number are always followed by one or more outlet numbers in brackets outlets Commas between outlet numbers indicate multiple outlets Hyphens indicate a range For example 1 5 8 specifies outlets 1 5 6 7 and 8 e IPDU ID An IPDU ID is automatically assigned to each IPDU when the port to which it is connected is configured for power management An administrator can optionally assign a name to each IPDU Both automatically assigned and administrator assigned names are referred to as IPDU IDs e Specify outlets with the IPDU ID in the following format IPDU_ID outlets For example ilA 4 5 specifies outlets 4 and 5 on an IPDU whose ID is ilA e When devices are plugged into more than one IPDU you can separate multiple IPDU entries with commas in the form IPDU_ID outlets PDU_ID outlets For example i1A 1 5 i1B 2 specifies two outlets on IPDU ilA and one outlet on a daisy chained IPDU whose IPDU ID i
149. igure the parameters selected in step 3 See Notifications on page 160 7 Click OK 8 Click apply changes Time Date Selecting Administration Time Date in Expert mode displays the form shown in the following figure System Information Notifications Boot Configuration Timezone Pacific pst v Editcustom Backup Config Upgrade Firmware Network Time Protocol Disable v Reboot Online Help Day za vear z006 Hour 1 Minute ss Second 52 Figure 10 1 Expert Administration Time Date You can use the Time Date form in Expert mode to set the console server s time and date by manually entering the time and date information in the form or setting it up to acquire time and date Chapter 10 Administration Menu and Forms 165 information from the NTP server which synchronizes the console server s system clock with any of several NTP servers available on the Internet To set the time and date manually 1 Go to Administration Time Date in Expert mode The Time Date form displays 2 Select a timezone from the Timezone pull down list 3 If necessary select Disable from the Network Time Protocol pull down NTP is disabled by default 4 Type the date and time in the fields provided 5 Click apply changes To configure time and date using an NTP server NTP is disabled by default 1 Go to Administration Time Date in Expert mode The Time Date form displays 2 Select a timezone from t
150. in user can have an active CLI or Web Manager session A second root or admin user must abort the session or close the other user s session CAUTION If there are cron jobs running through automated scripts a root or admin user login can cause the automated cron jobs to fail Web Manager ACS console server administrators perform most tasks through the Web Manager either locally or from a remote location The Web Manager runs in a browser and provides a real time view of all equipment connected to the console server The administrator can use the Web Manager to configure users and ports An authorized user can access connected devices through the Web Manager to troubleshoot maintain cycle power and reboot connected devices Access the Web Manager using one of the following ways The IP Network e A dial in or callback connection with one of the following Chapter 1 Introduction 3 e An optional external modem connected to one of the serial ports e A modem on an optional PCMCIA modem card e An optional CDMA GSM or ISDN card Prerequisites for Using the Web Manager The following conditions must be met prior to accessing the Web Manager e Basic network parameters must be defined on the console server so the Web Manager can be launched over the network e The dynamically assigned IP address of the console server must be known This address is found in one of the following three ways e Make an inquiry to the DHCP serv
151. ina shell enter the following command SSH ssh l username TCP port number console server IP_address or the hostname To close an SSH session Enter the hotkey defined for the SSH client followed by a period The default is NOTE Make sure you enter the escape character followed by a period at the beginning of a line to close the SSH session Chapter 3 Web Manager for Regular Users 27 IPDU Power Management IPDU management allows you to manage the power outlets on power management appliance products If you have permission to manage outlets on a power management appliance selecting the JPDU Power Mgmt option will display a form with two tabs Outlets Manager and View IPDUs Info Outlets Manager Outlet Groups Ctrl View IPDUs Info Configuration Software Upgrade PMD Configuration Serial Port 2 Number of Units 1 Ipdu ID Model Vendor i2A PM8 Cyclades IPMI Power Mgmt Terminal Profile Menu Figure 3 2 Regular User IPDU Power Mgmt Form Access the forms under IPDU Power Mgmt menu to manage outlets or view IPDU information Outlets Manager When you select IPDU Power Mgmt Outlets Manager an error message appears either if you do not have permission to manage power on any of the IPDU outlets or the console server cannot detect an IPDU that has been configured for power management If you have permission to manage power on one or more outlets of the power management applia
152. ing authentication for console server logins uesserserseersersnerneesnesnnennennnennennennnennnnn 117 Sec rity Profiles nn sen as AN ergeseire huge tos hoes robert deat gs web haa 124 Security certificate in RER EHER Bi Ac BRERHID E TER AE AE 128 Chapter 9 Ports Menu and Forms uusnuunsannnnannnnnnnannnnannnnnnnnnnnnnnnnnnnnnnnnnnnnnnannnnnnn 131 Physical POTS oe e E E E E aTa as cd ote 131 Virt al Roris 2 2 anna rennen E Teena beac 152 Potts Status uns seve ined E E E E sacha sutve E E an a aT ernennen 155 POPES Statistics nen gan ubee aera eaae a dh Eee Gates po ot WR aon eet eee 156 Expert Ports Hostname Discovery anasan a Ea A AA RE EE 157 Chapter 10 Administration Menu and Forms unsssusnnnannnnnonnnnnnnnnnnnnnnnnnnnnnnnannnnnnn 159 System Informali nscaeensnenes RN WA HL Wits hs eS eee A va eden 159 Notifications ai eona E a E a i E aE r aE E EE aE T eaS 160 TUN C T te ves 22a ku ans ETE EE bp ete na es ES E SE 164 Boot Configuration ana aan pi teehee hada aks code atte hae ONEEN na ar Eee 166 Backup Config ration n 2unsneniennse ansehen Bene ES A A EERE ES 168 Upgrade Firmwar isisa sinar e e allen iTo oE E EE dh EE OAAS aera aise 170 REDOOE PEE T E E T E E E 171 Online Help nn een ean E EO E E EE A O E aE E EEE OESS 171 APPENAICOS monn EE oe a a a an Ree ee 175 Appendix A Technical Specifications cccccccssesscescessessceseeseceseeseeeseesseeseesaecaecnaecaecaeeeseeeeeeeenees 175 Ap
153. inistering servers and other devices supporting both IPv4 and IPv6 protocols The following figure shows the front of the console server Figure 1 1 Front of the ACS Console Server Connectors on the ACS Console Server The following figure depicts the connectors on the back of a typical ACS console server Figure 1 2 ACS Console Server Connectors 2 Cyclades ACS Advanced Console Server Installation Administration User Guide NOTE The number of serial ports and power supplies depends on the model Table 1 1 ACS Console Server Connectors Number Description 1 Power connection This may be single or dual power Dual power requires two power cords 2 Serial port connectors 3 Ethernet port connectors 4 Console port connectors Accessing the ACS Console Server and Connected Devices You can access a console server and the connected servers or devices either locally or remotely using any of the following methods e Web Manager through LAN WAN IP networks e A modem ISDN GSM or CDMA optional PCMCIA card e Using the Web Manager you can log in and launch a console session such as Telnet or SSH to connect to the devices attached to the console server s serial ports e Connecting a server running a terminal emulation program enables an administrator to log into the console server and either enter commands in the console server shell or use the Command Line Interface CLD tool NOTE Only one root or adm
154. interrupt in the Fast Ethernet Max Interrupt Events field 8 Click apply changes Backup Configuration Selecting Administration Backup Config in Expert mode displays the Backup Configuration form The Type pull down menu options on this form are FTP and Storage Device If Storage Device is selected the storage device can be either a CompactFlash or an IDE PCMCIA drive NOTE Use an FTP server to save and retrieve your console server configuration For the backup configuration to work the FTP server must be on the same subnet Ensure that it is accessible from the console server by pinging the FTP server Use a storage device such as a CompactFlash or an IDE PCMCIA drive to save your configuration The following table describes the available fields and buttons in the Backup Config form if FTP is selected Table 10 7 Backup Configuration Settings if Using FTP Server Field Definition Server IP IP address of an FTP server on the same subnet as the console server Verify accessibility by pinging the FTP server FTP Path and Filename Path of a directory on the FTP server where you have write access for saving the backup copy of the configuration file Specify a filename if you wish to save the file under another name For example to save the configuration file zvmppccs 0720_ga acs k26 in a directory called upload on the FTP server you would enter the following in the Path and Filename field upload zvmppccs 0720_qa ac
155. ion pull down menu choose Local or Remote to specify whether the data buffer files are stored locally or remotely on a file server 5 If you chose Local from the Destination pull down menu perform the following a Choose Circular or Linear from the Mode pull down menu b Enter a size larger than 0 in the File Size Bytes field 6 If you chose Remote from the Destination pull down menu enter the NFS mount point for the directory where data buffer file is to be stored in the NFS File Path field NOTE If you are configuring data buffer files to be stored remotely make sure that a system administrator has already configured an NFS server and shared the mount point 7 Click the checkbox next to Record to specify whether to include a timestamp with the data 8 From the Show Menu pull down menu choose Show all options No Show data buffering file only or Show without the erase options 9 If you checked Buffer to Syslog enter the IP address of the syslog server in the Syslog Server field 10 Choose an option from the Facility Number pull down menu 11 Enter the maximum size of the buffer in the Syslog Buffer Size field 12 Click the radio button next to one of the following options a Buffer Syslog at all times b Buffer only when no user is connected to the port 13 Click Done 14 Click apply changes To configure alarm notifications to be sent based on the type of buffered data select Expert Administration Notifications
156. istering 9 configure power management 67 privilege 145 types of 3 users and groups 113 users groups authorized 139 using a storage device 169 using an FTP server 169 using an NTP server 165 using the web manager prerequisites for 3 V view IPDUs info 28 60 view system information 160 virtual ports 152 vpn 5 vpn connections 91 Ww watchdog timer 167 web manager 2 logging into 33 other methods of accessing 20 power management 12 prerequisites for using 3 windows EMS 150 194 Cyclades ACS Advanced Console Server Installation Administration User Guide wireless LAN PCMCIA cards configuring 89 working inside the ACS console server 180 wiz command 16 X wizard mode 34 X 509 Certificate on SSH 129 ON m Avocent The Power of Being There For Technical Support www avocent com support 590 660 501D
157. itsrichtlinien um sich und Ihren Alterpath ACS vor Sch den zu bewahren WARNING Do not operate your Cyclades ACS advanced console server with the cover removed Vorsicht Bitte betreiben Sie den Alterpath ACS nicht mit ge ffnetem Geh use CAUTION To avoid shorting out your Cyclades ACS advanced console server when disconnecting the network cable first unplug the cable from the Host Server unplug external power if applicable from the equipment and then unplug the cable from the network jack When reconnecting a network cable to the back of the equipment first plug the cable into the network jack and then into the Host Server equipment Vorsicht Um Sch den beim Entfernen des Netzwerkkabels zu vermeiden bitte immer zuerst das Kabel vom Host Server entfernen anschlie end die externe Stromzufuhr abklemmen und danach das Kabel aus der Netzwerkbuchse ausstecken Beim Wiederherstellen der Verbindung immer zuerst das Kabel in die Netzwerkbuchse des ACS zuerst einstecken und danach das Kabel in den Host Server einstecken CAUTION To help prevent electric shock plug the Cyclades ACS advanced console server into a properly grounded power source The cable is equipped with a three prong plug to help ensure proper grounding Do not use adaptor plugs or remove the grounding prong from the cable If you have to use an extension cable use a three wire cable with properly grounded plugs Vorsicht Um Stromschl ge zu vermeiden den Alterpath ACS bitt
158. lation Administration User Guide 3 Select a location for the data files from the Destination pull down menu either Local or Remote Additional pull down menus and fields appear depending on which destination is selected 4 When the destination is local perform the following steps a From the Mode pull down menu select Circular or Linear data buffering b Type a file size in bytes into the File Size Bytes field The file size should be greater than zero 5 When the destination is Remote perform the following steps a Inthe NFS File Path field enter the pathname for the mount point of the directory where data buffer file is to be stored For example if the mount point directory s pathname is var adm acslogs enter var adm acslogs in the field NOTE The NFS server must already be configured with the mount point shared exported and the shared directory from the NFS server must be mounted on the console server b To cause a timestamp to be saved with the data in the data buffer file enable the Record the timestamp in the data buffering file c Select an option from the Show Menu pull down menu The choices are show all options No Show data buffering file only and Show without the erase options 6 Click apply changes Step 6 System Log Selecting Step 6 System Log displays a form for identifying one or more syslog servers to receive syslog messages generated by the console server s serial ports Syslogging
159. les Selecting a Security Profile Select a pre defined Security Profile or define a Custom profile for specific services The profiles are 20 Cyclades ACS Advanced Console Server Installation Administration User Guide e Secured Disables all protocols except sshv2 HTTPS and SSH to Serial Ports e Moderate Enables sshvl sshv2 HTTP HTTPS Telnet SSH and Raw connections to Serial Ports ICMP and HTTP redirection to HTTPS e Open Enables Telnet sshv1 sshv2 HTTP HTTPS SNMP RPC ICMP SSH and Raw connections to Serial Ports e Default Sets the profile to the same configuration as Moderate profile e Custom Allows custom configuration of individual protocols and services For detailed information on Security Profiles see Security Profiles on page 124 The administrator can perform the following tasks using the Web Manager e Administer the console server and its connected devices e Configure user and group permissions e Access the serial ports and the connected devices Adding users and configuring ports using the Web Manager NOTE From the factory the console server is configured with all serial ports disabled The administrator can add users enable or disable the serial ports and select and assign specific users to individual ports For more information on managing users and ports see Security Menu and Forms on page 113 and Ports Menu and Forms on page 131 Other Methods of Accessing the Web Manager You
160. lets Group Cirla 2 2 2 Haren asp eN CoE pete de REE ote nue 28 View LP DUG infon uniueinsensesenr en EEEE E saben dev eotteos days REE ENAA ASS 28 SS COUTUEY aea Ss deny te aha Ra Ea E E A EE Aaa EEA dean aaeas tu deena E EA E aaas 30 Chapter 4 Web Manager for AAMinistratorsS cccseceesseeeeseeeeeeseeseeneeeeneeeeeeseeeeeneees 31 Common Tasks for ACS Console Server Administrators useeseessesseesnenseeseensensnensnenennnensne nennen 31 Common Features of Administrator Forms uuseesesnersnesnnennesnersnnennesnnennernonnnensonnnensnnsnensne nennen 92 Logging Int the WebManager renee e Ae aeea K E Eke E e Ee reier ns 33 Overview of Administrative Modes 222022202202s0ensennensnesnennnesnnennenernnennnnnnensonnnnnnonsnensonsnennnn san 34 Wizard m de uu 22 4a2ssessk EE E E E EEE EEE E T A o aS 34 Expert moden iss cops roses out cas a r SRG e e Sees gate ate Oss ins SEEE EE SE SeSe ates 33 Chapter 5 Configuring the ACS Console Server in Wizard Mode ss000 37 Step 1 Security Pr flle 2 2 2 20 2 DRS Eh Lee es SSRIS Lage aged Wesabe LRA 37 tp 2 Network Settings tes 50 5 oped hee Se es Saas ewes eens Wee ee 41 Step 3s Port Profile ins dea beings das baste nese RER Ehenbekkesfen 43 Step F ACCESS anne ns EEE Hirn ren rennen EEE A reiten 44 Step Data Bufferin o sreg s op eee hg Rees aaa as Haas os tees eee Meee Rinne 47 Table of Contents v Step 6 System LOG iiss erein eR eE E EEEE i
161. ll Configuration on page 99 Common Features of Administrator Forms The following figure shows the control buttons displayed at the bottom of the form when logged into the Web Manager as administrator lt 9 9 9 g gt anp back try changes cancel changes apply changes Help next Figure 4 1 Administrator Web Manager Buttons The following table describes the uses for each control button Table 4 2 Description of Administrator Web Manager Buttons Button name Use back Only appears in Wizard mode Returns the previous form try changes Tests the changes entered on the current form without saving them cancel changes Cancels all unsaved changes apply changes Applies and saves all unsaved changes reload page Reloads the page Help Displays the online help next Only appears in Wizard mode Goes to the next form unsaved changes The unsaved changes button appears on the lower right hand corner of the Web Manager and a graphical LED blinks red whenever the current user has made any changes and has not yet saved the changes no unsaved changes The no unsaved changes button appears and a graphical LED appears in green when no changes have been made that need to be saved Chapter 4 Web Manager for Administrators 33 The various Web Manager actions for trying saving and restoring configuration changes are summarized in the following table Table 4 3 Administrator Options for Trying Saving an
162. llow Raw connection to Serial Ports M allow Bidirect connection to Serial Ports I require Authentication to access Serial Ports ll El i he B 9 Internet Figure 5 3 Custom Security Profile Dialog Box CAUTION Take the required precautions to understand the potential impacts of each individual service configured under the Custom profile NOTE It is not possible to continue working in the Web Manager without selecting a security profile A reminder dialog box will appear if you attempt to navigate to other sections of the Web Manager 5 Once you select a security profile or configure a custom profile and apply the changes the console server Web Manager must restart for the changes to take effect A reminder dialog box is displayed Click OK to continue 6 Select apply changes at the bottom of the Web Manager form to save the configuration to Flash The Web Manager restarts 7 Log in after Web Manager restarts and click on the Wizard button to switch to Wizard mode 8 Proceed to Step 2 Network Settings Step 2 Network Settings Selecting Step 2 Network Settings displays a form for reconfiguring existing network settings During initial setup of the console server the basic network settings required to enable logins were configured through the Web Manager Skip this step if the current settings are correct In Expert mode under Network menu you can specify additional networking related information and per
163. ls are supported on one port however connections cannot be opened simultaneously NOTE The console profile features such as data buffering multiple users and event notifications are not available under this protocol When the attached terminal is powered on and the Enter key is pressed a login banner and a login prompt is displayed NOTE If the user does not log in within a configurable timeframe the serial port returns to an idle state The timeout period can be configured through the Web Manager Ports Physical Ports Access form Chapter 9 Ports Menu and Forms 135 The administrator can build custom menus using the Terminal Profile Menu form accessible from Web Manager Applications Terminal Profile Menu or from a terminal window using the menush_cfg command You should specify the bidirectional shell command bin menush in the Web Manager Ports Physical Ports Access form Modem and power management connection protocols The following table shows the connection protocols for modems or IPDUs connected to the serial ports Table 9 3 Connection Protocols for Modems or IPDUs Protocol Name Result PPP No Auth Starts a PPP session without interactive authentication required Assumes the specified console server serial port is connected to an external modem PPP Starts a PPP session with authentication required Assumes the specified console server serial port is connected to an external modem SLIP Starts
164. message filtering 1 Go to Network Syslog in Expert mode The Syslog form appears 2 Select a facility number for messages generated by serial ports by selecting the number from the CAS Ports Facility pull down menu 3 Select a destination for the syslog messages by clicking the checkbox next to one or all of the options Console Root User or Server 4 Add a syslog server to the Syslog Servers list by entering its IP address in the New Syslog Server field and clicking Add 5 Configure the message filtering as per your requirements 6 Click apply changes PCMCIA Management When Network PCMCIA Management is selected the following form appears PCMCIA Card Type Action no card Insert Eject Configure no card Insert Eject Configure Figure 7 5 Expert Network PCMCIA Management You can use the PCMCIA management form to configure the following types of PC cards e 10 100 BaseT Ethernet e 802 11b Wireless LAN V 90 Modem Chapter 7 Network Menu and Forms 83 e ISDN e GSM e CDMA e CompactFlash e IDE Hard Disk NOTE You can insert a card at any time and the corresponding driver should load automatically Before removing a card however you must use the Web Manager to eject the card and stop the system from using the card If you install an IDE PC card in a slot it automatically mounts and no configuration is necessary through this form NOTE The console server supports GPRS and 1xRTT PC c
165. minal This symbol indicates a terminal which must be connected to earth ground prior to making any other connections to the equipment TABLE OF CONTENTS OF CONTENTS List of Tables ee eee vii List of Figures nuuusnuunnnunnnnnnnnnnnnnnnnnnnnnnunnnnunnnunnnnnnnnnnnnnnnnnnnnnnnnnnnnunnnnnnnnnnnnnnnnnnnnnnnnnnnnnennnnn xi Chapter 1 Introduction uuusur22u0nn000nnnnannnnnnnnnnnnannnnnnnnnnnnnnnnnnnnnnannnnnnnnnnnnnnnnnnnnnnnnannnnnn 1 Overview SA Ai Be Ai rot i SS Ge ese ID ER Re a BSA se ak 1 Connectors on the ACS Console Serverio esii e ea he pa S a E 1 Accessing the ACS Console Server and Connected Devices zuesnersesnnennesnnennnesnesnnennennennnensennnnnn 2 Web M n ger u us sea earne E EE Bann ES EEE E EEE TEE cedar deveeel isses 2 Prerequisites for Using the Web Manager sccsscsscsscesecesceseesecesceseceseeseeeaceseecasesaecaecaaeaecnsenaeenees 3 Types Of sers ico Stes Hire Nabi sda ns a Ea E a AEE E E EEE A Ea E E E S EEN 3 SECHFIDV in en EE EE ES O A EE EE E T E O 3 AULNCNEICALION sniper neris eea o eap iaaa EEE Eea Eee Ea E E TANE EERDE EE Eaa RE Eiaa 4 TP VO PE AEE EE EEE E E E E E E 5 Services not supporting IPVO perecer eet er pee e o oa a aea Sp SaS EO i EREEREER 5 VEN nnne n E E N E S aTa EER T E E E A E E EE k 5 Packet Filtering icssicvccossisivel aiteca tabs tive ude evel wie E na acs eves ee sh Bl 6 Structure of IE filtering rnia 8222 KR RE be 6 Add rule and edit rule options
166. mory and behaves as it was a normal reboot The console server is restarting normally In this situation the system detects the pre defined security profile You can continue working in the Web Manager Serial port settings and security profiles All serial ports on ACS console servers shipped from the factory are disabled by default The administrator can enable ports individually or collectively and assign specific users to individual ports The following figure shows the default factory settings of serial ports Chapter 8 Security Menu and Forms 127 Virtual Ports moe NEE Modify Selected Ports ify All Ports Ports Statistics Enable Selected Ports Disable Selected Ports Disable Alias Connection Protocol Serial Config Console Telnet Console Telnet Console Telnet Console Telnet Console Telnet Console Telnet Console Telnet Console Telnet Console Telnet Console Telnet 1 2 3 4 5 6 7 8 9 0 ay Figure 8 9 Expert Physical Ports Default Factory Settings The following situations apply to serial ports when you modify or change a security profile e If you reconfigure the security profile and restart the Web manager you need to make sure the serial ports protocols and access methods match the selected security profile e Ifthe serial port connection protocol is incompatible with the selected security profile the following dialog box appears when you try to access
167. n screen is displayed 4 If None 0 or Domain 1 enter your domain name Domain name corp avocent com 5 Enter the IPv4 or IPv6 address for the Primary DNS domain name server Primary DNS Server 172 26 29 4 lt DNS server IPv4 or IPv6 address gt 6 Press Enter The Current Configurations screen appears If correct enter y after the prompts shown in the following screen example Are all these parameters correct y n n y Do you want to activate your configurations now y n yl y Do you want to save your configuration to Flash y n n y To confirm the configuration enter the ifconfig command After the initial configuration proceed to the Web Manager to select a security profile as described in the following section NOTE To use the Web Manager obtain your ACS console server s IP address The console server may be set up with a static IP address at your site By default the console server uses the IP address provided by the DHCP server If your network does not use DHCP then the console server defaults to 192 168 160 10 Selecting a security profile using the Web Manager After the initial configuration connect to the Web Manager by entering the IP address of the console server in a supported browser NOTE Once you log in to the Web Manager a Security Profile must be selected to further configure console server using the Web Manager For this reason your browser redirects to Wizard Step1 Security Profi
168. namically from a DHCPV6 server Static Address Enter the static IPv6 or IPv4 address of the Ethernet port If entering an IPv6 address enter both the IPv6 address and its prefix length lt ipaddress gt lt prefix length gt Configuring a static IPv6 address is available only if the IPv6 Method selected is Static IPv6 Ethernet interfaces All Ethernet interfaces must be either configured or dynamically assigned including the bonding interface Ethernet IPv6 can be dynamically assigned by a DHCPv6 server IPv6 serial interfaces All serial interfaces can be configured with IPv6 addresses port IP alias IPv6 PPP interfaces All PPP interfaces can be either configured or dynamically assigned with IPv6 addresses This includes all interface types you might configure to use PPP protocol such as serial ports with extended modems analog modem PC cards and ISDN PC cards Chapter 7 Network Menu and Forms 79 Other interfaces All interfaces other than Ethernet bonding and PPP will also be configured with IPv6 addresses including all sub interfaces and virtual interfaces such as VPN tunnels static IPSec tunnels The following list shows the network services that will be configured to support the IPv6 protocol e Access to DNS servers e SNMP e Sending SNMP trap e Remote authentication except to NIS e Access to hosts e Stateful and stateless packet filtering firewall e Static routes e Sending messages and events to SMT
169. nce the Outlets Manager form is displayed The form shows separate entries for each serial port configured for power management a name for the configured serial port if one is defined by the administrator and the number of IPDUs connected The matrix displays a line item for each outlet you are authorized to manage The authorized user can perform the following for any listed outlet e Edit the outlet name Enter a name to identify the server or device plugged into the outlet e Edit the turn on interval The turn on interval is the time interval in seconds that the system waits between turning on the currently selected outlet and the next outlet The default is set at 30 seconds e Cycle Turn power briefly off and on again e Turn the power On Off to the outlet e Lock or unlock the outlet to prevent accidental changes to the power state The following table describes the corresponding buttons to perform the above operations Table 3 4 Regular User Outlet Management Buttons Button or icon Purpose Edit Lets you edit an outlet name and the turn on interval Cycle Turn power briefly off and then on again 28 Cyclades ACS Advanced Console Server Installation Administration User Guide Table 3 4 Regular User Outlet Management Buttons Continued Button or icon Purpose Bulb e Lighted yellow e Unlit gray bulb e Power is on Click to turn power off to that outlet e Turn power off Pa
170. nd Telnet SSH and Raw connections to the Serial Ports Authentication to access serial ports is not required Default security profile The Default Security Profile sets the parameters to same as Moderate profile See the following tables for the list of enabled services when the Default security profile is used Custom security profile The Custom Security Profile opens up a dialog box to allow custom configuration of individual protocols or services NOTE By default a number of protocols and services are enabled in the Custom profile however they are configurable to user s custom requirements The following tables illustrate the properties for each of the Security Profiles The enabled services in each profile is designated with a check mark Table 8 4 Enabled Services to Access the Console Server Under Each Security Profile Access to the Console Server Secure Moderate Open Default Telnet P sshv1 P P P sshv2 P P P P Allow SSH root access P P P HTTP P P P HTTPS P P P P HTTP redirection to HTTPS P P Table 8 5 Enabled Services to Access the Serial Ports Under Each Security Profile Access to Serial Ports Secure Moderate Open Default Console Telnet P P P Console ssh P P P P Console Raw P P P Serial Port Authentication P 126 Cyclades ACS Advanced Console Server Installation Administration User Guide Table 8 5 Enabled Services to Access the Serial Ports Under Each Security P
171. nd is required by the card it will be added to default command sequence For example additional initialization parameters may be required in communication networks of some countries Call Back Checkbox to enable the callback security feature Phone Number The phone number that console server uses to call back Authentication One Time Password Required Checkbox if OTP is required for authentication by way of the CDMA PC card To configure a CDMA PC card 1 Install the CDMA PC card and select CDMA from the pull down menu on the PCMCIA Management form 2 Inthe Local IP field enter the local IP address Chapter 7 Network Menu and Forms 91 3 Inthe Remote IP field enter the remote IP address From the Speed pull down menu select the speed defined by the specifications of the CDMA PC card you are using 5 In the Additional Initialization field enter additional parameters if required by the card 6 To enable call back perform the following a Check the Call Back checkbox The Phone Number field appears on the Slot dialog box b Enter a number for the console server to use to call back the CDMA PC card 7 Click OK 8 Click apply changes Ejecting a PC card Use the Eject button on the PCMCIA management form to eject any PC card before physically ejecting it CAUTION Always use the Eject button to eject the PC card Any other method can cause a kernel panic To eject a PC card 1 Go to Netwo
172. nd log in Installing PC Cards The front panel of the console server has two PC card slots You can insert and configure one card in each of the slots To see a list of supported PC cards go to http www avocent com and follow the product links for ACS To install a PC card 1 Insert the PC card into slot 1 or slot 2 2 Use the Web Manager to configure the PC card NOTE A hard disk PC card is automatically mounted and configured once it is inserted To remove a PC card CAUTION Always use the Web Manager to eject a PC card Any other method may cause a kernel panic 1 Eject the card by using the Eject button on the Web Manager s PC Management form Expert Network PCMCIA Management Eject 2 Remove the card from the slot To configure a PC card See To configure a PC card on page 83 and the sections related to the type of card you need to configure Connecting Cyclades PM IPDUs You can connect Cyclades PM IPDUs to the serial ports on the console server using an RJ 45 to RJ 45 UTP cable Cyclades IPDUs include two RS 232 outlets for serial management and daisy chaining Any combination of Cyclades IPDUs up to 128 outlets can be daisy chained into a single virtual power distribution unit 22 Cyclades ACS Advanced Console Server Installation Administration User Guide The following table lists the related tasks on connecting IPDU units and managing power Table 2 2 Tasks Related to Connecting Cyclades IPDUs
173. nge the information and options in the form area Wizard Expert button If you are Expert mode the button will say Wizard If you are in Wizard mode the button will say Expert Select the button to display the other mode Tabs Tabs are additional buttons that change the content of the form area related to the item you have selected in the left navigation menu Tabs are displayed only with specific forms Form area The form area contains the user controlled text fields checkboxes and pull down menus for configuring the console server Command buttons The command buttons are common to all Web Manager screens and are used to try changes cancel changes apply changes reload pages or select the online help NOTE The unsaved changes no unsaved changes indicator at the far right is green no unsaved changes when you have not made any changes that need to be saved and flashes red unsaved changes when you have made changes but have not selected apply changes NOTE Procedures in this manual use shortcuts to tell how to get to Web Manager forms For example a step telling the user to access the Outlets Manager form uses this convention In Expert mode select Applications IPDU Power Mgmt Outlets Manager Chapter 6 Applications 55 Applications Menu and Forms The remainder of this chapter describes the Applications menu and the related forms The following table provides a description of the left menu panel and links
174. nly two users can connect to the same port simultaneously One shared session and one normal session are allowed Yes show menu More than two simultaneous users can connect to the same serial port A Sniffer menu is presented to the user and they can choose to e Open a sniff session e Open a read write session e Cancel a connection e Send a message to other users connected to the same serial port Read Write do not show menu Read write sessions are opened and the sniffer menu won t be presented ReadOnly do not show menu Read only sessions are opened and the sniffer menu won t be presented To configure multiple sessions and port sniffing for one or more serial ports Go to Ports Physical Ports in Expert mode and select a port or ports to modify Click the Multi User tab 3 To allow or to prevent multiple sessions select an option from the Allow Multiple Sessions pull down menu The options are No Yes show menu Read Write do not show menu ReadOnly 146 Cyclades ACS Advanced Console Server Installation Administration User Guide 4 To configure the type of data that displays on the monitor in a port sharing session select an option from the Sniff Mode pull down menu 5 If you have allowed multiple sessions complete the following fields a Add user names to the Privilege Users field b Enter a hotkey in the Menu Hotkey field to display the sniffer menu on the monitor The defaul
175. nnected to the console port on a device a TS profile must be defined for the serial port Selecting the appropriate connection protocol on the Ports Physical Ports General form is part of defining the TS profile When configuring serial ports to support server terminals you can e Dedicate a terminal to access a single remote server by means of either Telnet SSHv1 SSHv2 or Raw Socket connections e Enable a terminal to access multiple servers through the console server The TS profile must specify the TCP port number the terminal type and the IP address for the remote host on the Ports Physical Ports Other form 134 Cyclades ACS Advanced Console Server Installation Administration User Guide The following table describes the connection protocols that can be selected if a terminal is connected to the selected serial port Table 9 2 Available Connection Protocols When Terminal is Connected to a Serial Port Protocol Name Result Telnet Dedicates a server terminal connected to a serial port to access a server using the Telnet protocol When the attached terminal is powered on the console server opens a Telnet session on the server The server s IP address should be specified on the Other form Ports Physical Ports Other SSHv1 Dedicates a server terminal connected to the selected serial port to access a server using the SSHv1 protocol When the attached terminal is powered on the console server opens an SSHv1 s
176. notice 182 CAS profile console access server 133 CDMA 2 CDMA PCMCIA cards configuring 90 Certificate for HTTP Security 128 certification NEBS 179 chain 6 channel 89 command line power management 12 command wiz 16 common features of administrator forms 32 common tasks for ACS administrators 31 community 97 163 compact flash 83 compact flash PCMCIA cards configuring 88 configuration backup 168 boot 166 firewall 99 outlet groups 66 configuring access to connected devices 9 authentication for ACS logins 117 authentication servers 118 CDMA PCMCIA cards 90 CompactFlash PCMCIA cards 88 Ethernet PCMCIA cards 87 GSM PCMCIA cards 86 ISDN PCMCIA cards 85 modem PCMCIA cards 84 ports 20 ports for power management 11 power management 11 wireless LAN PCMCIA cards 89 connect 24 55 connect to ACS 25 connect to serial ports 25 connect host to 150 connecting Cyclades PM IPDUs 21 connection protocol 26 43 protocol modem 135 protocol power management 135 protocols terminal server TS profile 133 connection name 93 connections vpn 91 connectors on the Cyclades ACS 1 console access server CAS profile 133 raw 133 SSH 133 Telnet 133 TelnetSSH 133 CPU usage 116 CSLIP 135 current 29 custom security profile 20 Cyclades PM IPDU connecting 21 D daisy chain 22 152 data buffering 8 142 Destination 49 File Size 49 Local files 49 Mode 49 NFS File Path 49 Remote server 49 time stamp 49 143 data size 44 da
177. o Access the Console Server Under Each Security Profile 125 List of Tables ix Table 8 5 Enabled Services to Access the Serial Ports Under Each Security Profile 125 Table 8 6 Enabled Protocols for Each Security Profile Shown with a Check Mark 126 Table 9 1 Connections Protocols When Serial Port is Connected to Device Console Port 133 Table 9 2 Available Connection Protocols When Terminal is Connected to a Serial Port 134 Table 9 3 Connection Protocols for Modems or IPDUs 2u22u22nu2nnesnesnnennesnnennennennnensnennen en 135 Table 9 4 Access Form Menu and Fields 2 2220220022422002ennennnensensnennnesnnnnnenernnennennnensennnnnnn 139 Table 9 5 Expert Authentication Methods and Fallback Mechanisms o on 140 Table 9 6 List of Authentication Method Procedures uuserseesnernnesneennesnernnennennnennennennnensnennen nn 141 Table 9 7 Data Buffering Form Fields uu2uussuesenseesnensersnennnesnnnnnesnennnennennnennennennnensnennan en 143 Table 9 8 Expert Multi User Form Fields uurscesserseesnersersnesnnesnesnnesnernnenennnennennennnonsnennann 145 Table 9 9 Available Options from the Allow Multiple Sessions Pull down unenseesersennenn 145 Table 9 10 Expert Power Management Form Fields uu0s2snernnesnernnennennnennennennnensnennen nn 147 Table 9 11 Other Form Fields u u 020e0sueseeet
178. oards to minimize the buildup of static charge Arbeiten am Cyclades ACS Bitte versuchen Sie nicht den ACS selbst zu warten mit Ausnahme unter Befolgung der Anweisungen von Cyclades technischem Personal In diesem Fall bitte folgenden VorsichtsmaBnahmen einhalten 1 Schalten Sie den ACS aus 2 Erden Sie sich bitte selbst durch Ber hren einer blanken Metalloberfl che auf der R ckseite des Ger tes bevor Sie das Innere ber hren Vorsichtsmassnahmen gegen Elektrostatische Entladung ESD Zur Vermeidung von Besch digungen sind bei Arbeiten an elektronischen Komponenten oder Baugruppen die folgenden Vorsichtsma nahmen einzuhalten Appendices 181 e Bitte immer ein Erdungsarmband w hrend der Arbeit an elektronischen Platinen tragen e Bitte alle Baugruppen Komponenten und Steckkontakte als elektrostatisch sensitiv behandeln e Bitte Arbeiten auf Teppichb den vermeiden und e Zur Minimierung von elektrostatischen Aufladungen alle K rperbewegungen w hrend Ein oder Ausbau von Boards auf ein Minimum reduzieren Replacing the battery CAUTION There is the danger of explosion if the battery is replaced incorrectly Replace the battery only with the same or equivalent type recommended by the manufacturer Dispose of used batteries according to the manufacturer s instructions Austausch der Batterie Vorsicht Bei Einsetzen einer falschen Batterie besteht Explosionsgefahr Ersetzen Sie die Batterie nur durch den gleichen oder vom H
179. of the cable to the IN port of the next Cyclades IPDU Repeat steps 1 and 2 until you have connected the desired number of Cyclades IPDUs Only one additional level is allowed with ServerTech IPDUs Contact Avocent Technical Support for more information on e installing SPC and ServerTech IPDUs e replacing an Avocent CCM console management appliance with a Cyclades ACS console server e cabling requirements for using the ACS console server with SPC and ServerTech IPDUs 23 Web Manager for Regular Users Using the Web Manager ACS console server users perform most tasks through the Web Manager The Web Manager runs in a browser and provides a real time view of all equipment connected to the console server Authorized users can use the Web Manager to access devices connected to serial ports e Ifa device console is connected the user can access the console of the target device e Ifa terminal is connected the user can connect from the terminal to the console server and access other servers e Ifa modem is connected a user can dial in and access the console server and connected devices e Ifan IPDU is connected a user can manage power for devices connected to the outlets of the IPDU To log into the Web Manager 1 Type the console server s IP address in your browser s address field NOTE Refer to Chapter 2 for requirements to start the Web Manager 2 Press Enter The Web Manager Login form is displayed 3 Enter your
180. og into the console server to administer connected devices e IfLDAP authentication is specified for serial ports accounts for users who need administrative access to the connected devices To configure LDAP authentication 1 Select Security Authentication LDAP in Expert mode The LDAP form displays with LDAP Server and LDAP Base fields filled in from with the current values in the etc ldap conf file Chapter 8 Security Menu and Forms 121 AuthType Radius Tacacs Ldap Kerberos NIS Ldap Server 127 0 0 1 Ldap Base dc padl dc com m Secure Ldap Ldap User Name Ldap Password Ldap Login Attribute Figure 8 4 Expert Security Authentication LDAP 2 Supply the IP address of the LDAP server in the LDAP Server field 3 Ifthe LDAP authentication server uses a different distinguished name for the search base than the one displayed in the LDAP Base field change the definition The default distinguished name is dc as in dc value dc value If the distinguished name on the LDAP server is o then replace dc in the base field with 0 as in o value o value 4 Replace the default base name with the name of your LDAP domain For example for the LDAP domain name avocent com the correct entry is dc avocent dc com 5 Enable Secure LDAP if required Enter optional information in LDAP User Name LDAP Password and LDAP Login Attribute fields 7 Click apply changes The changes are stored in etc l
181. ole server firmware stores the new link in Flash and accesses the online help files whenever the help button is clicked The Online Help Path field is where the path will be entered for the Web Manager to locate the online help files The Help button on the Web Manager looks for its help files in the location specified here By default http global avocent com us olh acs v_3 2 0 is the location specified in the field It is recommended that the administrator reconfigure this path to use a local server The console server administrator can change the URL in the URL Prefix field to point the Help button to the new local server location for the files To configure the local online help path 1 Extract the files using the appropriate unzip utility for your O S and put them into the desired directory under the web server s root directory This must be a publicly accessible web server For example the following command line would work on a server running UNIX cd SWEB_ SERVER_ROOT acs help gunzip acs online hlp zip By default the online help files are expanded into a console server directory under the directory where the zip file is located 2 Log into the Web Manager as admin and go to Administration Online Help The Help configuration screen displays see Figure 10 4 3 Inthe URL prefix field enter trhe URL of the help files on the server where you installed them The following example would work for a web server named remotea
182. on network in the Network Mask field If you selected Host type the IP address of the destination host in the Host IP field Select Gateway or Interface from the Go to pull down menu and enter the address of the gateway or the name of the interface in the adjacent field Click apply changes 112 Cyclades ACS Advanced Console Server Installation Administration User Guide 113 Security Menu and Forms Users and Groups The Users and Groups form allows you to perform the following tasks e Set up user access to the console server Web Manager e Assign users to specific groups that share common access rights e Assign or change passwords e Create new groups and add to the group list The two groups to which you can assign a user are e Admin Read Write Access e Regular User Limited Read Write Access CAUTION There is only one root user for the initial setup of the console server by the administrator The username is root and the default password is tslinux For security purposes make sure you change this default password as soon as possible Selecting Security Users and Groups in Expert mode displays the form shown in the following figure Users and Groups Active Ports Sessions Authentication User List Group List Security Profile root ada ee Grange Posen mae Dame Em Figure 8 1 Expert Security Users and Groups Form 114 Cyclades ACS Advanced Console Server Installation Admini
183. on the console server The most common use of this feature is to create multiple menu options for launching SSH sessions on several remote hosts Chapter 6 Applications For example you can create a menu called SSH to Servers with options that launch SSH connections to several servers as shown in the following example Menu title SSH to Servers Menu Options Action Name Action Command SSH SunRay ssh 192 168 48 11 SSH MyLinux ssh 192 168 48 15 SSH W2K3 ssh 192 168 48 12 Edit Delete Add Up Down Figure 6 13 Expert Terminal Profile Menu Example To create a menu for a local server terminal 1 Select Expert Applications Terminal Profile Menu The Terminal Profile menu appears 2 Enter a title for the menu in the Menu title field 3 To edit an existing menu option select the Action Name from the table and then click Edit 4 To add anew menu option click Add The Add Option dialog box appears a Enter a title for the menu option in the Title field b Enter an action or command to be executed when the user clicks the menu option in the Action Command field 5 Click OK Click apply changes 71 72 Cyclades ACS Advanced Console Server Installation Administration User Guide 73 7 Network Menu and Forms This chapter describes the Network menu and related forms The following table provides a description of the left menu panel Table 7 1 Expe
184. onfiguration from the Network Host Settings General Mode pull down menu Disabling IPv4 If you disable IPv4 configuration of IPv4 addresses will not be allowed A warning message will be displayed advising you that services not supporting IPv6 will be unavailable The IPv4 tab will be disabled NOTE If services not supporting IPv6 are needed you will have to select Dual Stack IPv4 and IPv6 and those services will be available only for IPv4 Disabling Enabling IPv6 If you disable IPv6 configuration of IPv6 addresses will not be allowed and the IPv6 tab will be disabled If you change IPv6 from disabled to enabled a warning message will be displayed advising you that some services not supporting IPv6 will be unavailable and that you will have to configure those services supporting IPv6 for them to work properly NOTE If services not supporting IPv6 are needed you will have to select Dual Stack IPv4 and IPv6 and those services will be available only for IPv4 76 Cyclades ACS Advanced Console Server Installation Administration User Guide When IPV6 is enabled you will need to configure the following parameters and services to work in IPv6 mode network parameters e authentication servers e DNS e SNMP e SNMP traps e syslog e NTP e VPN connections if any e host table addresses e firewall configuration e static routes if any NOTE Both Wizard and Expert modes of the web interface can be used to configu
185. ork Time Protocol Disable Reboot Online Help Month 3 Day 2a Year z006 38 second 52 Figure 8 5 Expert Administration Time Date 8 Go to Security Authentication Kerberos in Expert mode The Kerberos form displays as shown in the following figure Radius Tacacs Ldap Kerberos NIS Kerberos Server Realm Kerberos Realm Domain cyclades com Name Figure 8 6 Expert Security Authentication Kerberos 9 Fill in the form according to your local setup of the Kerberos server 10 Click apply changes To configure a NIS authentication server Perform the following procedure to configure a NIS authentication server when the console server or any of its ports are configured to use NIS authentication method or any of its variations Local NIS NIS Local or NISDownLocal 1 Go to Security Authentication NIS in Expert mode The NIS form displays as shown in the following figure 124 Cyclades ACS Advanced Console Server Installation Administration User Guide AuthType Radius Tacacs NIS Domain Name NIS Server IP Figure 8 7 Expert Security Authentication NIS 2 Fillin the form according to your configuration of the NIS server 3 Click apply changes Security Profiles Selecting Security Security Profile displays the form shown in the following figure Users and Groups Active Ports Sessions Authentication Se
186. ort and the specified outlet numbers are displayed on the PowerMgmt Port list 6 Enter the power management hotkey in the Power Management Key field Enter a caret for the escape key as in Ap The caret stands for the Ctrl key 7 Click Done 8 Click apply changes NOTE If you wish to configure IPMI power management on this port continue to the IPMI configuration procedure below To configure a serial port for IPMI power management This procedure assumes you have added the connected IPMI device in the Applications IPMI Power Mgmt form 1 To enable IPMI Power Management of an IPMI device connected to the currently selected port perform the following steps a Click the Enable IPMI on this port checkbox The IPMI key and IPMI Server fields appear b Enter a key in the IPMI key field Enter the key combination in the IPMI key field with A as in i The caret stands for the Ctrl key The administrator of the device connected to this serial port uses this hotkey to bring up the IPMI power management screen c Select the name of the IPMI device from the IPMI Server pull down menu 2 Click Done 3 Click apply changes To configure a user for IPDU power management while connected to a serial port Perform this procedure to allow a user to perform power management on a device while connected to it through one of the console server s serial ports Chapter 9 Ports Menu and Forms 149 1 Configure a serial port fo
187. ote user to call into the console server through an installed and configured GSM PC card When you select GSM from the pull down menu the dialog box expands to include specific options When the Call Back checkbox is checked the Phone Number field appears as shown in the following figure The following table provides a brief description of the fields available in the GSM dialog box Table 7 7 GSM Dialog Box Fields Field Name Definition PC Card Select GSM from the pull down menu Local IP The local IP address of the PC card Remote IP The remote IP address of the PC card Pin Number The personal identification number associated with the GSM Call Back Check Call Back box to enable the callback security feature Phone Number The phone number that console server uses to call back Authentication One Time Checkbox if OTP is required for authentication by way of the PC GSM Password Required To configure a GSM PC card 1 Install the GSM card and select GSM from the pull down menu on the PCMCIA Management form The Local IP Remote IPand Pin Number fields and the Call Back checkbox appear on the Slot dialog box 2 Enter an IP address in the Local IP field if desired Chapter 7 Network Menu and Forms 87 NOTE By default the IP address of console server is used Only change the IP address if you have a specific reason to do so 3 Inthe Remote IP field specify the IP address to assign to the oth
188. ote user to call into the console server through an installed modem PC card When you select Modem from the pull down menu the dialog box for the corresponding card slot appears NOTE For all supported PC cards that include a checkbox for Authentication One Time Passwords Required a full description of the One Time Password OTP feature can be found in the Cyclades ACS Command Reference Guide The following table provides a brief description of the fields available in the Modem dialog box Table 7 5 Modem Dialog Box Fields Field Name Definition PC Card Pull down menu to select the type of PC card you are using PPP Checkbox to enable point to point protocol Local IP The local IP address of the PC card Remote IP The remote IP address of the PC card Call Back Checkbox to enable the callback security feature Phone Number The phone number that the console server uses to call back Authentication One Time Checkbox if OTP is required for authentication by way of the PC modem Password Required If you click the PPP checkbox additional fields for a local and remote IP address and a Call Back checkbox appear If you enable Call Back the Phone Number field appears on the Slot dialog box NOTE The syslog to user root must be disabled before root users log in using the modem PC card Failure to do so will cause all syslog information to be sent to dev ttyM1 This will overload the buffer rendering it unus
189. ough Z Suffix Order of ttyS2B 1 8 would indicate that serial port 2 on the console server IPDU in would be used to control the second IPDU in the chain B followed by daisy chain the outlet or range of outlets on that IPDU with user permissions NOTE Daisy chained IPDUs A B C etc create sequentially numbered outlets across IPDUs The following figure shows two daisy chained master slave IPDUs connected to serial port 2 on the console server Figure 6 11 Various Outlet Designations on Daisy chained IPDUs Chapter 6 Applications 69 2 3 1 Ee 81 1 Ee an i 2 f e2 3 ze 83 3 fre 813 4 ze B4 4 ze myoutlet 5 ze 85 5 Pre 815 6 ze 86 6 He B16 7 z 87 7 ze 817 8 fiz B8 8 Ha B18 9 fiz 89 9 fz B19 10 Mae B10 10 Je 820 7 Yr Go ou H 88 Table 6 7 Outlet Designations on Daisy chained IPDUs PM10 shown Number Description 1 ACS console server with serial connection shown at Port 2 The IPDU can be connected to any serial port 2 IPDU A This is the first IPDU in the chain 3 IPDU B This is the second IPDU in the chain 4 Example of an outlet that has been renamed See the following table for details 70 Cyclades ACS Advanced Console Server Installation Administration User Guide There are three different methods to specify the outlet named myoutlet on IPDU B The following table describes the three methods Table 6 8 Methods for Spe
190. p in the buffer NFS File Path For Remote Destination Includes the path where the data buffer file should be stored Show Menu Defines the options you wish to show in the menu of the buffer file The following table shows the differences between remote and local data buffering Table 5 7 Differences Beween Remote and Local Data Buffering eT Option Description Remote server Data is stored in files sequentially The NFS server must be configured with the mount point shared exported In linear mode data is written into a continuous sequence of files and the file spaces is not reused The administrator needs to allow enough space for the expected amount of data and take measures such as moving unneeded data files off line to ensure data does not outgrow the available space Local files Set a file size greater than zero Make sure the file size does not exceed the space available on the console server s Flash memory If needed you can supplement the Flash memory module by installing a Flash memory card with an adaptor or other storage device in a PC card slot NOTE You can perform advanced configuration in Expert mode including the option of setting up data buffering separately for individual or groups of serial ports To configure data buffering 1 Select Step 4 Data Buffering 2 Click the Enable Data Buffering checkbox The Destination pull down menu appears 50 Cyclades ACS Advanced Console Server Instal
191. pendix B Safety Regulatory and Compliance Information urserssersersnesnnesnesnnennennennnennnnnn 176 Appendix C Technical Support a sueeenseraueniesssensaskseankn kckeskheinn sin 184 vii LIST OF TABLES OF TABLES Table 1 1 Table 1 2 Table 1 3 Table 1 4 Table 1 5 Table 2 1 Table 2 2 Table 3 1 Table 3 2 Table 3 3 Table 3 4 Table 3 5 Table 4 1 Table 4 2 Table 4 3 Table 4 4 Table 5 1 Table 5 2 Table 5 3 Table 5 4 Table 5 5 Table 5 6 Table 5 7 Table 6 1 Table 6 2 Table 6 3 ACS Console Server ConnectorS ncessersessnersersnennnesnernnesnersnnsnnenernnennennnennensonnnensnnsnensnennn 2 Authentication Methods Supported cccccccsccessesecescesecesceseeseceseeseceseeseeeseessecasesaecsscaeeaes 4 Add Rule and Edit Rule Option Definitions ucesersersnrsneennesnernnenennnennennennnensn enormen 7 TCP Protocol Option Definitions uceessnesnnesnesnnennernennnernonnnennonsnnsnonnnennennnesnernnenennnnnn 7 Common Administrator Tasks for Configuring Software ucesseeseerserseesnersennensenneennn 9 ACS Console Server Serial Port Pin out uuensessesnnennesnnensennennnonsnennensnenneennennnenan nme 15 Tasks Related to Connecting Cyclades IPDUS uceserseeseersersnennersnennnesnernnennennennnnn 22 Description of Regular User Web Interface uuucressesnnesnesnnennennennnennennnennennnnnnennnennn 24 Java Applet Buttons for Connecting to the Console Serv
192. ports First Local Port Number Local IP 192 168 48 12 First Local TCP Port 7017 Number Remote IP 192 168 48 11 First Remote TCP Port 7001 Number Protocol 192 168 48 11 4 Figure 9 9 Ports Virtual Ports New Modify Port Dialog Box 2 From the pull down menu select the number of ports that you wish to assign as Slaves Choices are 1 4 8 16 32 and 48 Enter the First Local Port Number This is the first port number on the master Enter the Local IP address This is the IP address of the master Enter the First Local TCP Port Number This is the first TCP port number on the master Enter the Remote IP address This is the IP address of the Slave Enter the First Remote TCP Port Number This is the first TCP port number of the Slave The default is 7001 8 Select the communication protocol between the Master and the Slave from the Protocol pull down menu The options are Telnet or SSH SD ON To assign names to Slave ports in the cluster Selecting the Port Names button on the New Modify Port dialog box displays the form shown in the following figure 12 168 48 11 New Modify Port Microsoft Internet Explorer Cancel Port Port Local IP Local Name TCP Port SunRay 192 168 48 12 7017 win_Server 192 168 48 12 7018 17 18 19 20 21 22 23 24 Sun_server 192 16848 12 7019 tr contrai 192 168 48 12 7020 eM wep 192 168 48 12 7021 Prolienti 192 168 48 12
193. r Ger te ungleichm ige mechanische Belastung Circuit overloading Consideration should be given to the connection of the equipment to the supply circuit and the effect that overloading of circuits might have on overcurrent protection and supply wiring Appropriate consideration of equipment nameplate ratings should be used when addressing this concern Elektrische Uberlastung Bitte beachten Sie beim elektrischen Anschluss der Ger te dass diese zum Schutz vor berlastung mit entsprechenden Schutzvorkehrungen ausgestattet sein k nnen Bitte sorgen Sie gegebenenfalls f r Klarheit durch entsprechende Beschriftung Reliable earthing Reliable earthing of rack mounted equipment should be maintained Particular attention should be given to supply connections other than direct connections to the branch circuit such as power strips or extension cords Zuverl ssige Erdung Eine ausreichende Erdung der im Rack montierten Ger te muss sichergestellt sein Insbesondere sollte indirekten Verbindungen zur Stromversorgung ber Powerleisten oder Verl ngerungen besondere Aufmerksamkeit gewidmet werden 178 Cyclades ACS Advanced Console Server Installation Administration User Guide Safety precautions for operating the console server Please read all the following safety guidelines to protect yourself and your Cyclades ACS advanced console server Sicherheitsvorkehrungen beim Betrieb des Cyclades ACS Bitte lesen Sie alle folgenden Sicherhe
194. r IPDU power management as described in the previous section 2 To permit everyone to perform power management on this port click the Allow All Users radio button Allow All Users C Allow Users Groups v Selected ports 4 Done Figure 9 5 Ports Physical Ports Power Management Allow All Users 3 To restrict power management on this port to a set of users authorized to access this port click the Allow Users Groups radio button C Allow All Users Allow Users Groups Allowed Users Groups New User Group m Add gt gt Selected ports 4 Done Figure 9 6 Ports Physical Ports Power Management Allow Users and Groups 4 Entera valid user name or groupname in the New User Group field and click Add 5 Click Done 6 Click apply changes Other Under Ports Physical Ports in Expert Mode after you select one or more serial ports and click Modify Port s you can select the Other form from the tabbed menu to configure other options The Other form appears You can use this form to configure other settings The options on this form may be less common settings The following table describes the available fields in the Other form Table 9 11 Other Form Fields Field Name Definition TCP Port The TCP Port number for a serial port The TCP port numbers by default start from 7001 and increment by 1 up to the number of serial ports that t
195. r must obtain both the IP address of the syslog server from the syslog server s administrator and the facility number for messages from the console server Facility numbers are used on the syslog server for handling messages generated by multiple devices Chapter 1 Introduction 9 Facility numbers for syslog messages Each syslog server has seven local facility numbers available for its administrator to assign to different devices or groups of devices at different locations The available facility numbers are Local0 through Local7 Example of using facility numbers The syslog system administrator sets up a server called syslogger to handle log messages from two console servers One console server is located in S o Paulo Brazil and the other in Fremont California The syslog server s administrator wishes to aggregate messages from the S o Paulo console server into the locall facility and to aggregate messages from Fremont console server into the local2 facility On syslogger the system administrator has configured the system logging utility to write messages from the locall facility to the var log saopaulo config file and the messages from the local2 facility to the var log fremont config file If you were in Fremont and identifying the syslog server using the Web Manager according to this example you would select the facility number local2 from the Facility Number pull down menu on the Syslog form Managing Users of Connected Devi
196. r standard acronym for the timezone PST is shown here for Pacific Standard Time Enter the offset from GMT for the timezone west of GMT is entered as a negative number Click OK Click apply changes To use the custom option to set daylight savings time 1 9 6 Select the Enable daylight saving time checkbox A Timezone Configuration dialog box will appear Enter the daylight savings time DST acronym of your choice in the DST Acronym field Enter the number of hours and minutes HH MM format the clock will be reset at the beginning of the daylight savings time period Positive number only In the following fields enter the date month day and time hours minutes for both the beginning and ending dates of daylight time Click OK to update the Time Date settings and return to the main Time Date form Click apply changes Boot Configuration Boot configuration defines the location from which the console server loads the operating system The console server can boot from its internal firmware or from the network By default the ACS console server boots from Flash memory Selecting Administration Boot Configuration in Expert mode displays the Boot Configuration form If you need to boot from the network you need to make sure the following prerequisites are met Chapter 10 Administration Menu and Forms 167 A TFTP or BootP server must be available on the network An upgraded console server boot image file must
197. r that supports the console server Web Manager such as Netscape Internet Explorer Firefox or Mozilla e Java 2 Runtime Environment JRE version 1 4 2 or later If a more recent version is available go to http java com to locate and download the latest version of J2RE Basic Installation Procedures Mounting the console server You can mount the ACS console server on a wall rack or cabinet or place it on a desktop or other flat surface Two brackets are supplied with six hex screws for attaching the brackets to the console server for mounting kood Figure 2 1 Placement of Mounting Brackets Forward Mounting Configuration Shown e You will need a hex screwdriver and the nuts and bolts provided with the mounting brackets to perform the following procedure 14 Cyclades ACS Advanced Console Server Installation Administration User Guide To rack mount the console server 1 Install the brackets on to the front or back edges of the ACS console server using a screw driver and the screws provided with the mounting kit 2 Mount the console server unit in a secure position Making an Ethernet connection Connect a CATS patch cable from the console server port labeled 10 100Base T to an Ethernet hub or switch To connect devices to serial ports Using patch cables with RJ 45 connectors and DB 9 console adaptors assemble crossover cables to connect the console server serial ports to the device s console port NOTE
198. r the FTP server To backup a copy of the current configuration files press the Save button To download a previously saved copy of the configuration files press the Load button To back up or restore the configuration files using a storage device Go to Administration Backup Config in Expert mode Select Storage Device from the Type pull down menu To backup a copy of the current configuration files select Default Configuration and press the Save button To restore a copy of the configuration files saved on the storage device without replacing the internal Flash configuration select Default Configuration and press the Load button Click apply changes 170 Cyclades ACS Advanced Console Server Installation Administration User Guide 5 Reboot the system See Reboot on page 171 for details To replace the configuration saved on the storage device previously select Replace Configuration and click the Save button 7 To restore a copy of the configuration files saved on the storage device and replace the internal Flash configuration select Replace Configuration and click the Load button 8 Click apply changes Reboot the system See Reboot on page 171 for details Upgrade Firmware Selecting Administration Upgrade Firmware in Expert mode displays the Upgrade Firmware form You can use this form to configure an automated upgrade of the console server s firmware which includes the Kernel applications and configuration
199. range Cycle button is active next to each outlet that is on Displays a dialog box to configure an Outlet Name and Post On Delay Outlet names must begin with a letter Valid characters are letters numbers dash and underscore _ The post on delay is the amount of time in seconds that elapses after the selected outlet is turned on before another outlet is turned on Clicking the Edit button displays the dialog box for specifying Outlet Name and Post On Delay turn on PU interval You can specify a name for the outlet such as the server or device name and change the post on delay turn on interval NOTE The turn on interval is the amount of time in seconds that elapses after the selected outlet is turned on before another outlet can be turned on Third party IPDU information displayed SPC power devices will display the Outlet Name Minimum On Time Minimum Off Time and Wake State Chapter 6 Applications 59 ServerTech IPDUs will display Outlet Name Post On Delay and Wake State To view status lock unlock rename or cycle power outlets NOTE For a group of outlets the Cycle button operates only if all outlets of the group are turned ON 1 Select Expert Applications IPDU Power Mgmt Outlets Manager The Outlets Manager screen appears with each IPDU listed 2 Click the Show button associated with the IPDU whose outlets you want to manage A list of outlets appears 3 To switch an outlet or an outle
200. ration for One Time Password OTP and OTP Local is documented in the Cyclades ACS Command Reference Guide 7 Select the Other tab There are two fields TCP Port and Port IP Alias a A default TCP port number is displayed in the TCP Port field Enter an alternate port number if you are overriding the default b Inthe IP Alias field enter the IP address for the port for direct telnet or SSH access the same address used when the port is configured for console access NOTE For the IP Alias address to work properly you must select Allow Access by Telnet of SSH or both in the General tab form 8 When finished click Done 9 Click apply changes To associate an alias to a serial port An alias can be associated to a port when it is individually selected for modification To associate an alias to a port perform the following steps 1 Goto Ports Physical Ports in Expert mode select a port to modify and click the Modify Ports button 2 Enter the desired string in the Alias field 3 Click Done 4 Click apply changes NOTE The Alias field cannot be set if you select the Modify All Ports To configure serial port settings to match the connected devices The settings for a serial port must match the connection settings on the connected device 1 Go to Ports Physical Ports in Expert mode and select a port or ports to modify The General form appears Chapter 9 Ports Menu and Forms 139 2 To change the baud rate sele
201. rature The manufacturer s maximum recommended ambient temperature for the Cyclades ACS advanced console server is 112 F 44 C Temperatur Die maximal empfohlene Umgebungstemperatur des AlterPath ACS betrdgt 44 C 112 F Elevated operating ambient temperature If the console server is installed in a closed or multi unit rack assembly the operating ambient temperature of the rack environment may be greater than room ambient temperature Therefore consideration should be given to installing the equipment in an environment compatible with the manufacturer s maximum rated ambient temperature See above Appendices 177 Erh hte Umgebungstemperatur im betrieb Bitte treffen Sie entsprechende Vorkehrungen um die Herstellerangaben zur maximalen Umgebungstemperatur einzuhalten Bitte beachten Sie dass bei einer Installation des ACS in einem geschlossenen oder mehrfach best cktem Rack die Umgebungstemperatur im Betrieb h her sein kann als die Raumtemperatur Reduced air flow Installation of the equipment in a rack should be such that the amount of air flow required for safe operation of the equipment is not compromised Luftdurchsatz F r einen sicheren Betrieb bitte auf ausreichenden Luftdurchsatz im Rack achten Mechanical loading Mounting of the equipment in the rack should be such that a hazardous condition is not achieved due to uneven mechanical loading Sicherer mechanischer Aufbau Bitte vermeiden Sie beim Einbau de
202. re network parameters Beyond the network parameters stated above other services must be configured in Expert mode IPv4 settings When you select Network Host Settings IPv4 the following form is displayed General Ethernet Port Primary Address Network Mask 172 26 30 240 255 255 252 0 Secondary Address Secondary Network Mask MTU 1500 Figure 7 2 Expert Network Host Settings IPv4 DHCP disabled NOTE If DHCP is checked the rest of the form is disabled and will not be displayed Chapter 7 Network Menu and Forms 77 Check DHCP checked by default to have the console server pull network parameters from the DHCP server If this box is not checked DHCP disabled the following fields are displayed in the form Table 7 3 Network Host Setting IPv4 Field Defintions Field name Field Definition Primary Address Enter the primary IPv4 address of the ACS console server Network Mask Enter the 32 bit number used to group IPv4 addresses together or to indicate the range of IPv4 addresses for a subnet Secondary Address The secondary IPv4 address of the console server unit By configuring a second IPv4 address the unit will be available for more than one network Secondary Network Mask Optional MTU Maximum Transmission Unit used by the TCP protocol IPv6 settings When you select Network Host Settings IPv6 the following form is displayed General DHCP 6
203. re on the IPDU available only on selected models with temperature sensors 30 Cyclades ACS Advanced Console Server Installation Administration User Guide Table 3 5 Power Management Display Information by Configured Port Continued Form Heading Description Example Maximum Detected Maximum temperature detected Available only on selected models with temperature sensors Clear Max Detected Use this button to refresh the currently displayed maximum Current detected current Security Use the following procedure to set or change your password To change your password Select the Security option from the menu panel The Security form appears Enter your current password in the Current Password field Enter the new password in the New Password and the Repeat New Password fields Click OK Log out and log in using your new password to verify your password change i S en a Ze 31 Web Manager for Administrators This chapter is for system administrators who use the Web Manager to configure the Cyclades ACS advanced console server and its users For information on how to configure the console server using vi or Command Line Interface CLI please consult the Cyclades ACS Command Reference Guide The ACS console server s Web Manager for administrators describes two modes of operation Wizard and Expert This section provides an overview of the Web Manager forms Subsequent sections describe the menus forms
204. ree e VmallocChunk e SwaptTotal PCMCIA Information Socket 0 and Socket 1 Identification Configuration and Status 160 Cyclades ACS Advanced Console Server Installation Administration User Guide Table 10 1 System Information Form Continued Information Parameters Ram Disk Usage e Filesystem e 1k blocks e Used e Available e Use e Mounted To view system information Go to Administration System Information in Expert mode The System Information form displays Scrolling down the form allows you to see all of the information Notifications Selecting Administration Notifications in Expert mode displays the Notifications form allowing you to set up alarm notifications about system issues or other events of interest that occur on the devices connected to the serial ports You can configure notifications to be sent to users through email pager or SNMP traps The following table describes the available fields in the Notifications form Table 10 2 Notifications Form Fields Field Name Definition Notification Alarm for Data Buffering Enable by placing a checkmark in this field unlabeled view table List of alarm types and triggers unlabeled dropdown list Email pager or SNMP notification methods Clicking the Add button or selecting a previously specified event Clicking the Edit button displays the Notifications Entry dialog box The form allows you to define alarm trigger actions and spe
205. rk Network Mask lt netmask gt Press Enter NOTE If you have selected IPv4 enabled and have set the static IP gateway and netmask addresses the IPv4 Current Configuration verification screen will be displayed Check all parameters and press Enter You will be prompted to activate the configuration settings To configure for IPv6 protocol 1 If you entered option 1 or 2 for IP version configuration the IPv6 Configuration Method form will be displayed Choices for IPv6 configuration are Stateless Only 0 Static 1 or DHCP 2 The default is Stateless Only Type the number corresponding to your choice and press Enter The choice you enter selects the method used to assign the IPv6 system address Chapter 2 Installation 19 e Stateless Only The router will multicast the IPv6 prefix along with the console server s MAC address then listen for the other devices on the local network to allow the router to assign the IPv6 address e Static You must manually assign a unique IPv6 address for the console server e DHCP The router will request the IPv6 address from the DHCPv6 server 3 The DHCPv6 options form is displayed Choices are None 0 DNS 1 Domain 2 and DNS and Domain 3 Type the number corresponding to your choice and press Enter e From None 0 Enter your domain name e From Domain 1 Enter your domain name e From DNS 2 Follow the on screen instructions e From DNS 3 The Current Configuratio
206. rk PCMCIA Management The PCMCIA Management form appears 2 Click the Eject button adjacent to the card you wish to remove The card type clears under the Card Type column 3 Click apply changes 4 Remove the PC card from the card slot VPN Connections Virtual Private Network VPN enables a secured communication between the console server and a remote network by utilizing a gateway and creating a secured connection between the console server and the gateway IPSec is the protocol used to construct the secure tunnel IPSec provides encryption and authentication services at the IP level of the protocol stack When VPN Connections is selected under Network the VPN Connections form appears You can use the form to add a VPN connection or edit one already in the list When you click the Edit or Add buttons aNew Modify Connection form appears as shown in the following figure The form displays different fields depending on whether RSA Public Keys or Shared Secret is selected 92 Cyclades ACS Advanced Console Server Installation Administration User Guide https 192 168 48 11 New Modify Connection Mozilla Firefox 0 x a Connection Name I Authentication Authentication RSA Public Keys F Protocol ESP Method RSA Public Keys Remote Right ID IP Address NextHop Subnet RSA Key Local Left ID IP Address NextHop Subnet RSA Key Boot Action Ignore z f Done 192 168 48 11 9 5
207. rm untitled dropdown field The first time you specify an alarm trigger the pull down menu is empty A new trigger gets listed in the menu after it is created Pager Number The pager number of the notification recipient Text The text message for the pager SMS User Name The user name of the notification recipient SMS Server The name or the IP address of the SMS server SMS Port The port used by the SMS server To configure a trigger for pager notification for serial ports 1 Go to Administration Notifications in Expert mode and select Pager from the pull down menu If desired enable Notification Alarm for Data Buffering for an alarm to sound when the trigger action occurs and click either Add or Edit The Notifications Add Edit dialog box displays Specify the event you wish to trigger a notification in the Alarm Trigger field If you need to edit an existing notification select it from the pull down list and proceed Enter or change the pager number in the Pager Number field Enter or edit the text that describes the event in the Text field Oy ie Be Ga Enter or change the Short Message Services SMS username the SMS server s IP address or name and the SMS port number in the SMS User Name SMS Server and SMS Port fields respectively 7 Click OK 8 Click apply changes SNMP trap notifications entry When you go to Administration Notifications and select SNMP Trap from the pull down menu and then
208. rm is at Expert Applications Terminal Profile Menu To configure a terminal to automatically connect to a server perform the following steps a Select Telnet SSHv1 SSHv2 or Raw Socket from the Connection Protocol pull down menu b Specify authorized users groups and the authentication method in the Access form c Specify the TCP Port number the IP address of the remote host and the terminal type using the Other form The Other form is located at Ports Physical Ports Modify Selected Ports Other If you are finished click Done Click apply changes To configure a serial port connection protocol for an external modem This procedure assumes that the selected serial port is physically connected to an external modem 1 6 7 Go to Ports Physical Ports in Expert mode select a port or ports to modify click the appropriate Modify Ports button The General form appears Click the General tab The General form appears with the number s of the selected port s next to the Done button at the bottom of the form and the active tabs are in yellow To change the connection protocol select one of the options from the Connection Protocol pull down menu PPP No Auth PPP SLIP or CSLIP If you wish to change any of the other current settings see To configure serial port settings to match the connected devices on page 138 To further configure the serial port s connection protocol e For user access and authent
209. rofile Continued Access to Serial Ports Secure Moderate Open Default Bidirect Dynamic Mode Support P P P Table 8 6 Enabled Protocols for Each Security Profile Shown with a Check Mark Other Services Secure Moderate Open Default SNMP p RPC P ICMP P P P FTP IPSec NOTE The Default security profile parameters are the same as the Moderate security parameters The first step in configuring your ACS console server is to define a Security Profile One of the following situations is applicable when you boot up the console server unit jean The console server is starting for the first time or after a reset to factory default parameters In this situation when you boot up your console server and log in as an administrator to the Web Manager a security warning dialog box appears The Web Manager is redirected to Stepl Security Profile in the Wizard mode Further navigation to other sections of the Web Manager is not possible without selecting or configuring a Security Profile Once you select or configure a Security Profile and save the changes the console server restarts N The console server firmware is upgraded and the system is restarting with the new firmware In this situation the console server was already in use and certain configuration parameters were saved in the flash memory In this case the console server automatically retrieves the Custom Security Profile parameters saved in the flash me
210. rom heat sources and do not block host s cooling vents Vorsicht Der Alterpath ACS muss vor Hitzequellen gesch tzt werden und die L fterausg nge d rfen nicht blockiert sein CAUTION The Cyclades ACS advanced console server DC powered models are only intended to be installed in restricted access areas Dedicated Equipment Rooms Equipment Closets or the like in accordance with Articles 110 18 110 26 and 110 27 of the National Electrical Code ANSI NFPA 701 1999 Edition Use 18 AWG or 0 75 mm2 or above cable to connect the DC configured unit to the Centralized D C Power Systems Install the required double pole single throw DC rated UL Listed circuit breaker between the power source and the Cyclades ACS advanced console server DC version Minimum Breaker Rating 2A Required conductor size 18 AWG Vorsicht Die Alterpath ACS DC Gleichstrom Modelle sind nur f r den Einsatz in Bereichen mit begrenztem Zugang vorgesehen abgeschlossene Ger ter ume oder Ger teschr nke die entsprechend den Artikeln 110 18 110 26 und 110 27 des National Electrical Code ANSI NFPA 701 1999 Edition ausgef hrt sind Zur Verbindung mit der zentralen Gleichstromversorgung bitte nur Kabel mit mindestens 18 AWG bzw 0 75mm2 verwenden Bitte nur freigegebene zweipolige aber einfach ausl sende und f r Gleichstrom zugelassene Sicherungsautomaten einsetzen CAUTION This unit has one or two power supply cords Disconnect the power supply cord before servicin
211. rt Network Menu Descriptions Menu Selection Use This Menu to Host Settings Configure the network parameters such as Host Name IP addresses DNS services Gateway and Bonding Additional tabs are displayed for IPv4 and IPv6 protocol configuration Syslog Configure how the console server will handle its syslog messages The console server generates syslog messages related to users connecting to ports login failures and other information that can be used for audit and control purposes PCMCIA Management Configure the optional PC cards The console server supports several PC cards including modem ISDN GSM CDMA wireless LAN Ethernet CompactFlash and hard disk drives for data buffer storage Go to http www avocent com for a list of supported PC cards VPN Connections Configure one or more VPN connections to other systems or console server attached devices SNMP Configure SNMP with community names OID and usernames This section and the dialog boxes guide you to configure the required parameters Firewall Configuration Configure static IP tables and how packets should be filtered Host Table View information about the local network environment View table of hosts create edit and delete hosts Static Routes Manually add routes Static routes are a very quick and effective way to route data from one subnet to different subnets 74 Cyclades ACS Advanced Console Server Installation Administration U
212. rver TACACS Local TACACS authentication is tried first switching to Local if unsuccessful TACACS DownLocal Local authentication is tried only when the TACACS server is down The ACS console server is compliant with IPv4 IPv6 and dual stack protocols so that you can enable IPv4 only IPv6 only or both protocols with support for dial up connections and primary network connections You can configure the appliance to obtain its IPv6 network parameters from a DHCPv6 server by static configuration IP address prefix length and default gateway or stateless auto configuration You can add an appliance to the local network using either its IPv6 address or a DNS name Services not supporting IPv6 VPN The following services do not support IPv6 e NIS authentication e NFS data logging e ISDN PC card dial up e Virtual ports The console server administrator can set up VPN connections to establish an encrypted communication between the console server and a host on a remote network The encryption creates a security tunnel for dedicated communications You can use the VPN features on the console server to create a secure connection between the console server every machine on the subnet at the remote location or between the console server and a single remote host To set up a security gateway install IPSec on any machine performing networking over IP including routers firewall machines application servers and end user machines 6 C
213. s common tasks for 31 boot to configure 167 command line power management from 12 connect to 25 firmware to upgrade 171 logins configuring authentication for 117 mounting 13 packet filtering 6 to reboot 171 action boot 93 active ports sessions 116 add outlet group 66 terminal menu option 71 users for power management 67 add rule 7 adding a group 114 a user 114 users 20 admin 113 administering users 9 administrative modes overview of 34 administrator forms common features of 32 administrators common tasks for ACS 31 alarm notification 164 notification serial ports 164 threshold 29 trigger 161 alarms 8 alias 156 alias port IP 150 allow multiple sessions 145 SSH root access 38 125 authentication 4 117 for ACS logins configuring 117 methods 93 140 protocols 93 serial port 38 125 servers configuring 118 authorization raccess 119 user 119 authorized users groups 139 authtype 117 186 Cyclades ACS Advanced Console Server Installation Administration User Guide backup configuration 168 banner login 150 basic installation procedures 13 battery replacing 181 baud rate 44 156 bidirectional 135 bidirectionlogin timeout 139 bidirectionshell command 140 boot action 93 boot configuration 166 boot to configure ACS 167 bootp 167 break 157 break interval 150 break sequence 150 buffer size syslog 143 buffering data 8 142 buzzer 29 61 bytes RX 157 bytes TX 156 C call back 84 Canadian doc
214. s ilB e Port number To specify outlets by the port number to which the IPDU is connected use the suffix ttyS followed by the port number followed by outlets For example ttyS2 16 indicates outlet 16 on an IPDU that is connected to serial port 2 You can specify outlets in a chain of IPDUs with the port ID two different ways e By the outlet sequence For example in ttyS3 2 16 outlet number 2 is the second outlet on the first IPDU in a chain that is connected to port 3 If the first IPDU has 10 outlets outlet number 16 would be the sixth outlet on the second IPDU e By IPDU sequence identified with alphabetic characters The first IPDU is A and the second is B and so forth Precede the character with a hyphen For example ttyS3 B 6 would also refer to the sixth outlet on the second IPDU in the chain connected to port 3 Configuring power management Administrators commonly perform power management through the Web Manager to assign power management permissions to users configure IPMI devices and configure ports for power management Configuring ports for power management by authorized users Administrators of connected devices who have power management permissions can do power management while connected by using a hotkey that brings up a power management screen For IPMI power management the default hotkey is Ctrl Shift l For IPDU power management the default hotkey is Ctrl p Options for managing power Authorized u
215. s k26 Chapter 10 Administration Menu and Forms 169 Table 10 7 Backup Configuration Settings if Using FTP Server Continued Field Definition Username and Password Obtain the user name and password to use from the FTP server s administrator Save Saves the configuration Load Downloads a previously saved copy of the configuration file from the selected device The following table describes the available fields when Storage Device is selected from the Type pull down menu Table 10 8 Backup Configuration if Using Storage Device Field Name Definition Default Configuration The system saves the configuration in the storage device but does not override the internal Flash configuration after reboot Replace Configuration The system saves the configuration in the storage device with a flag REPLACE used by the RESTORECONF utility to override the internal Flash configuration after reboot To back up or restore the configuration files using an FTP server 1 2 3 4 Go to Administration Backup Config in Expert mode Select FTP from the Type pull down menu Enter the IP address of the FTP server in the Server IP field Enter the directory path on the FTP server where you have write permissions in the Path and Filename field Enter the filename after the directory path For example upload zvmppccs 0720_qa acs k26 Enter the user name and password provided by your system administrator fo
216. s limites applicables aux appareils num riques de la classe A prescrites dans le r glement sur le brouillage radio lectrique edict par le Ministere des Communications du Canada Safety and EMC Approvals and Markings FCC Part 15 A ICES 003 C Tick VCCI Class A BSMI Class A MIC Class A CE EN55022 Class A EN55024 EN60950 1 GS CB CSA UL 60950 1 Solaris Ready NEBS for ACS 16 NEBS and ACS 32 NEBS with single or dual DC power supplies Cyclades ACS Advanced Console Server Installation Administration User Guide Avocent the Avocent logo The Power of Being There DSView and Cyclades are registered trademarks of Avocent Corporation or its affiliates in the U S and other countries All other marks are the property of their respective owners 2008 Avocent Corporation All rights reserved 590 660 501D OOF Ee Instructions This symbol is intended to alert the user to the presence of important operating and maintenance servicing instructions in the literature accompanying the appliance Dangerous Voltage This symbol is intended to alert the user to the presence of uninsulated dangerous voltage within the product s enclosure that may be of sufficient magnitude to constitute a risk of electric shock to persons Power On This symbol indicates the principal on off switch is in the on position Power Off This symbol indicates the principal on off switch is in the off position Protective Grounding Ter
217. seleskscherann stil bn GE 149 Table 9 12 New Modify Port Dialog Box Fields usunsueserseesnersersnennnesnnnnennernnenennnenennnnnn 153 Table 9 13 Expert Port Status Read Only Form uusssursersnernnesneennesnernnennennnennennennnensnennan en 156 Table 9 14 Expert Ports Port Status Read Only Form uusersersersnesnnennesnnennesnennennennennennnen 156 Table 9 15 Expert Ports Hostname Discovery Fields 157 Table 10 1 System Information Form uesserseesersersnensersnennnesnesnnesnernnnsnnennernnennennnensensennnonsnennann 159 Table 10 2 Notifications Form Fields 202u02esnnennesnnennennennnennonnennonsnensnrnnenernnennernensennnnnn 160 Table 10 3 Email Notifications Dialog Box Fields usuussersnesnnrsnennnesnernnennennnennennnnnnensnennan en 161 Table 10 4 Pager Notification Add Edit Dialog Box Fields uuensesnersnenseennennenseennensnennenen 162 Table 10 5 SNMP Trap Notifications Add Edit Dialog Box Fields nnneeeseensenneennenne 163 Table 10 6 Boot Configuration Form Fields ucnseesserseesnersersnennnesnennnennernnennennnennennennnonsnennen en 167 Table 10 7 Backup Configuration Settings if Using FTP Server ossos 168 Table 10 8 Backup Configuration if Using Storage Device uuuuesnesnnesnersnennesnnennennnnnnensnennenn 169 Table 10 9 Expert Upgrade Firmware Form Fields 22u224420n20nesneennennennnennennnennennnensne nn 170
218. ser Guide Host Settings Use the Host Settings form to set up basic host network configuation for the types of Internet protocols you need The three tabs across the top of the form are General IPv4 and IPv6 General host settings When you select Network Host Settings the following form is displayed Syslog PCMCIA Management VPN Connections SNMP Firewall Configuration Host Tables Static Routes General Mode Dual Stack Host Name Console Banner CAS AlterPath ACS DNS Service Primary DNS Server ITZEZ 6 2a Secondary DNS Server Domain Name corp avocent com Bonding Enabled Figure 7 1 Expert Network Host Settings The following table describes the fields on the Network Host Settings form Table 7 2 Network Host Settings General Tab Form Field Field name Field type Description Mode Pull down menu concurrent use of both IPv4 and IPv6 protocols NOTE Selecting the Pv4 tab will enable IPv4 protocol configuration and disable IPv6 Selecting the Pv6 tab will enable IPv4 protocol and will disable IPv4 Selecting Dual Stack will enable configuration for both IPv4 and IPv6 protocols Host Name Text field Enter the fully qualified domain name identifying the specific host server on the network Console Banner Text field Enter a text string designed to appear on the console when logging into or
219. sers can perform power management through the console server by using forms in the web manager from a power management screen while logged into a device or from the command line while logged into the console server 12 Cyclades ACS Advanced Console Server Installation Administration User Guide An authorized user with administrative privileges can perform IPDU and IPMI power management A regular user with permissions to the connected devices can perform IPDU power management Power management through the Web Manager Users with power management permissions can perform power management through the Web Manager The Web Manager menu includes two power management options both discussed in Chapter 6 Power management from the console server command line interface CLI ACS console server administrators can use the ipmitool command to manage power on IPMI devices while logged into the console server with administrative rights The ipmitool command is documented in the Cyclades ACS Command Reference Guide Hostname Discovery An administrator can configure hostname discovery on the console server When hostname discovery is enabled for a serial port the console server attempts to discover the hostname of the server connected to the port If the hostname of a server is successfully discovered the hostname of the device connected to it is shown as the serial port alias If the server is later moved to another port and the new port is also config
220. ss Enter to keep DHCP enabled or type n to specify a static IP address for console server By default the console server uses the IP address provided by the DHCP server If your network does not use DHCP the console server will default to 192 168 160 10 Do you want to use DHCP to automatically assign an IP for your system y n y NOTE If you choose to use DHCP and have selected IPv4 enabled option 0 the IPv4 Current Configuration verification screen will be displayed as shown below 18 Cyclades ACS Advanced Console Server Installation Administration User Guide kkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk KKKKKKKKKKK CONFIGURATION WIZARD eek ee ee ee Current configuration Hostname Rogreto Domain name corp company com Primary DNS Server 172 26 29 4 Second DNS Server IPv4 Configuration DHCP enabled IPv Configuration Disable Are all these parameters correct y n n Figure 2 3 Current Configuration Wizard Screen for Option 0 IPv4 Enabled 3 J Verify that the configuration is correct and press Enter You will be prompted to activate the configuration settings If you typed n to change the default static IP address enter a valid IPv4 system address System IP 192 168 160 10 lt console server IP address gt Press Enter Enter the IP address for the gateway Gateway IP eth0 lt gateway_IP address gt Press Enter Enter the netmask for the subnetwo
221. ssion Java Applet uueanesseessessessnenseesnensnnnnensnennennesnnennennernnensnnnannn 55 Figure 6 3 Expert Applications IPDU Power Mgmt Outlets Manager 57 Figure 6 4 Expert Applications IPDU Power Mgmt Outlets Manager Show Outlets 58 Figure 6 5 Expert Applications IPDU Power Mgmt Outlet Groups Ctrl uneesenneen 60 Figure 6 6 IPDU Power Mgmt View IPDUs Info 22022022202200220nsuennensennnennnennennennnensennnnn 61 Figure 6 7 Expert Applications IPDU Power Mgmt Configuration osses 63 xii Cyclades ACS Advanced Console Server Installation Administration User Guide Figure 6 8 Figure 6 9 Figure 6 10 Figure 6 11 Figure 6 12 Figure 6 13 Figure 7 1 Figure 7 2 Figure 7 3 Figure 7 4 Figure 7 5 Figure 7 6 Figure 7 7 Figure 7 8 Figure 7 9 Figure 7 10 Figure 7 11 Figure 7 12 Figure 7 13 Figure 7 16 Figure 7 21 Figure 7 24 Applications PMD Configuration 2u22s22nernnesnernnenesnnennennennnensnensonsnennnnsnennnennen 65 PMD Configuration Outlet Groups uurseessersersnernnesnesnnesnennnennennonnnnnnennnensensnensne nn 66 PMD Configuration Users Management u eneesnensersenseenennnensnennonsnennnn nennen 67 Various Outlet Designations on Daisy chained IPDUS ucesnersesnenneesnennnennenn 69 Expert Applications Terminal Profile Ment 70 Expert Terminal Profile Menu Example 22nu22ussnense
222. sted users are authorized to access and control the outlets specified under the Outlets heading To authorize a user for IPDU power management Select Expert Applications PMD Configuration Users Management Click Add Add Edit PM Users dialog box appears In the User field enter the username In the Outlets field enter the group name IPDU number and outlets that the user can control Click OK AR YN Outlet entry conventions In the most basic case only the IPDU s ID and the outlets named in brackets following the ID are needed to specify which outlets will be accessible by the user It is sometimes desirable to have more control over outlet groups daisy chained IPDUs or which serial port on the console server 68 Cyclades ACS Advanced Console Server Installation Administration User Guide must be used for the permissions to be valid The following table shows the prefix suffix and syntax information used to specify outlets in various circumstances Table 6 6 Conventions Used in Specifying Outlets for User Accessibility Symbol Type Signifies Example Prefix Group Cyclades_PDU would specify the Cyclades_PDU outlets group and that the user specified has permission to control that group of outlets IttyS Prefix Serial port ttyS2 would specify serial port 2 on the console server would be the only one the user would have permissions to use for IPDU management regardless of the IPDU or outlets specified Athr
223. stration User Guide You can use the Users and Groups form to perform the following e Add or delete users e Assign or change user passwords e Add or delete groups e Add users to a group e Delete users from a group Adding a User If you click the Add button on the Security Users and Groups form under the Users List the Add User dialog box appears The following table describes the fields in the Add User dialog box Table 8 1 Expert Add User Dialog Field Names and Definitions Field Name Definition User Name Name of the user to be added Password The password associated with the username Group On the Group pull down menu select Regular User Default or Admin NOTE To configure a user to be able to perform all administrative functions select the Admin group Shell Optional The default shell is bin sh when the user makes a SSH or Telnet connection Comments Optional notes about the user s role or configuration Adding a Group If you click the Add button on the Security Users and Groups form under the Group List the Add Group dialog box appears Add a new group by entering a group name and add individual users separated by commas To add a user Go to Security Users and Groups The Users and Groups form displays Click Add The Add User dialog box displays Enter the username in the User Name field Enter the password in the Password and Repeat Password fields Assign a group from
224. t group on or off click its light bulb icon NOTE For Avocent SPC power devices or Server Technology IPDUs an alert window prompts you that you may need to refresh your browser to view the change in the Outlets Manager Click OK and continue 4 To lock or unlock an outlet or an outlet group click its padlock icon NOTE The outlet locking function is available on Cyclades IPDUs only 5 To cycle power to an outlet click the adjacent Cycle button 6 To change the outlet s name or the Post On Delay click the adjacent Edit button The Edit Outlet dialog box appears a To change the name assigned to the outlet enter a new name in the Outlet Name field Names must begin with a letter Valid characters are letters numbers dash and underscore _ b To change the Post On Delay change the default 0 50 number of seconds in the Post On Delay field NOTE An outlet name should not be changed if the new outlet name is used elsewhere 7 Click OK 8 Click the Save Outlets State button saves outlet states to the IPDU only 9 Click apply changes NOTE For Avocent SPC power devices or Server Technology IPDUs an alert window prompts you that the screen is automatically reloaded Click OK and wait for confirmation that the page has been reloaded Applications IPDU Power Mgmt Outlets Group Ctrl An administrator can select Expert Applications IPDU Power Mgmt Outlet Groups Ctrl to view the status of outlet groups
225. t shown is 4z The caret stands for the Ctrl key c Enable the Notify Users field if desired 6 Click Done 7 Click apply changes Power Management Under Ports Physical Ports in Expert Mode after you select one or more serial ports and click the Modify Port s you can select the Power Management form from the tabbed menu The Power Management form appears You can use this form to make it possible for a user who is connected to a device through the selected serial port to perform power management While connected to the device the user displays a power management menu or dialog box by entering a hotkey NOTE Enable power management on this form refers to IPDU power management Applications IPDU Power Mgmt Additional fields appear on the form if Enable Power management on this port and Enable IPMI on this port are checked as shown in the following figure General Access Data Buffering Multi User Power Management Other a M Enable Power Management on this port IM Enable IPMI on this port IPMI key ss PMiServer Tester 7 PowerMgmt Port Outlet s Number PM 3 4 14 15 Add Delete Power Management Key P Allow All Users Allow Users Groups Selected ports 2 Done Figure 9 4 Ports Physical Ports Power Management Enable IPMI Checked Chapter 9 Ports Menu and Forms 147 The following table describes the available fields in the power management form T
226. ta buffering events 160 daylight savings time 166 default IPaddress 21 default security profile 20 destination local 143 port 7 remote 143 devices Index 187 power management overview 9 with multiple power supplies 11 supported types 23 DNS server 75 dynamic mode support 38 126 E ejecting PCMCIA cards 91 email notification 161 email notifications 161 emergency management service EMS 150 EMS 150 EMS emergency management service 150 EMS windows 150 encrypted 89 ESSID 89 Ethernet 167 Ethernet PCMCIA cards configuring 87 events data buffering 160 Expert mode 35 menus and forms mapping 55 F facility numbers 9 143 fallback mechanism 140 FCC compliance 181 FCC warning statement 181 file path NFS 143 filtering structure of IP 6 firewall configuration 99 firmware to upgrade the ACS s 171 flash 167 flow control 43 forms 188 Cyclades ACS Advanced Console Server Installation Administration User Guide common features of administrator 32 mapping Expert mode 55 regular user 24 fragments 104 frame 157 FTP 38 126 168 FTP server using 169 FTP site 170 G Group Authorization on LDAP 121 Group Authorization on RADIUS 119 Group Authorization on TACACS 119 group adding 114 groups outlets configure 66 view information 59 groups users 113 GSM 2 GSM PCMCIA cards configuring 86 H hard disk IDE 83 host settings 74 host table 108 host to connect 150 hotkey 1
227. ta packet A method of checking the accuracy of transmitted characters Parity is usually not used but can be odd or even A None parity means that data has not exchanged Break An out of band signal on an RS 232 serial port that involves making the Tx data line active for more than two whole character times or about 2ms on a 9600bps line Overrun The amount of time it takes for the new data to overwrite the older unread data Expert Ports Hostname Discovery An administrator can use the Expert Ports Hostname Discovery screen to configure lists of probe and answer strings that apply to all serial ports that have been configured for hostname discovery See Hostname Discovery on page 12 for details about how the strings are used for other configuration needed for hostname discovery to work The probe and answer strings can be left blank The default strings have a broad range and work in most cases Table 9 15 Expert Ports Hostname Discovery Fields Fields Accepted Values Hostname Discovery Probe Strings A list of strings delimited by double quotes and separated by spaces The following C style escape sequences are accepted n new line r carriage return t horizontal tabulation f form feed V backslash and double quote Probe strings can have more than one escape sequence and use regular characters but simpler sequences such as r or n are re
228. ter the IP address of the console server in the address field of your browser NOTE The ACS console server is usually assigned a static IP address If DHCP is enabled you must find out the dynamically assigned IP address each time you need to run the Web Manager If necessary use the default static IP address 192 168 160 10 pre configured in the console server a If DHCP is disabled use the static IP address assigned by the administrator b If DHCP is enabled enter the dynamically assigned IP address The Login page displays 2 Log in as root and type in the root password The default password is tslinux 34 Cyclades ACS Advanced Console Server Installation Administration User Guide CAUTION It is important to change the root password as soon as possible to avoid security breaches If another administrator is already logged in a dialog box will prompt you to log off the other administrator before logging in 3 Select Yes or No and then click Apply NOTE Be sure to read the Security Advisory message that appears on the screen Your pop up blocker must be disabled for the Security Advisory to appear Overview of Administrative Modes The console server Web Manager operates in one of two modes Wizard or Expert NOTE If you select Wizard the mode button will read Expert If you select Expert the mode button will read Wizard Wizard mode The Wizard mode is designed to simplify the setup and configuration process by guiding t
229. the form area as follows e Outlets Manager e Outlet Groups Ctrl e View IPDUs Info e Configuration e Software Upgrade NOTE Using the IPDU power management forms you can manage the power to connected devices only if the serial port where the devices are connected is configured for power management Chapter 6 Applications 57 Applications IPDU Power Mgmt Outlets Manager On the Outlets Manager form under Applications IPDU Power Mgmt you can perform the following tasks for all outlets on all connected IPDUs e Check the status of outlets e Turn outlets on and off e Cycle power e Lock outlets to prevent accidental changes in power state Cyclades IPDUs only e Unlock the outlets Cyclades IPDUs only e Assign an alias to the outlet to identify the device for which it provides power e Save the current configuration to Flash memory in the IPDU The following figure shows an Outlets Manager form Connect IPDU Power Mgmt PMD Configuration Serial Port 1 IPMI Power Mgmt Number of Units 1 Terminal Profile Menu MA PMS Cyclades Serial Port 9 Number of Units 1 Ipdu ID Model Vendor i9A SPCB SPC Outlets Manager Outlet Groups Ctri ViewIPDUsInfo Configuration Software Upgrade Figure 6 3 Expert Applications IPDU Power Mgmt Outlets Manager A list shows the port ID IPDU ID the model and vendor for IPDUs connected to ports that are configured for pow
230. tion Add Chain Dialog Box Chapter 7 Network Menu and Forms 101 Adding a chain only creates a named entry for the chain Rules must be configured for the chain after it is added to the list of chains Edit Rules button If the Edit Rules button is pressed a form appears with a list of headings like the one shown in the following figure The example shows the OUTPUT chain selected for editing Edit Rules for Chain OUTPUT Packets Bytes Target Source Destination Protocol Figure 7 18 Firewall Configuration Edit Rules for chain_name Form The buttons shown in the following figure appear at the bottom of the form Figure 7 19 Firewall Configuration Edit Rules for chain_name Buttons e Pressing the Add button opens the Add Rule dialog box e Selecting a Rule and pressing the Edit button opens the Edit Rule dialog box e Selecting a rule and pressing the Up or Down buttons moves the rule up and down the list Options on the Add Rule and Edit Rule dialog boxes The Add Rule and Edit Rule dialog boxes have the fields and options shown in the following figure Ohttps 192 168 48 11 FORWARD chain Add Rule Mozilla Firefox 10 x a Cancel Target ACCEPT 7 Source IP 10 10 10 11 Mask 255 255 255 0 Inverted Destination ip 192 168 48 1 Mask 255 255 255 0 I Inverted Protocol All 5 T Inverted Input Interface 0 T Inverted u DIT mens Fragments All packets z gt
231. tions see REJECT target on page 105 SNMP The administrator can activate the Simple Network Management Protocol SNMP agent that resides on the console server so that the SNMP agent sends notifications about significant events or traps to an SNMP management application The console server SNMP agent supports SNMP v1 v2 and v3 See To configure SNMP on page 98 for more information Notifications Alarms and Data Buffering The administrator can set up logging notifications and alarms to alert administrators of problems System generated messages on the console server and the connected servers or devices can be sent to syslog servers for handling The administrator can also configure data buffering to store data from communication on serial ports for monitoring Data from communication with serial connected consoles can be stored locally in the console server s flash memory or remotely either on an NFS server or a syslog server Syslog servers Messages about the console server and connected servers or devices can be sent to central logging servers called syslog servers Console data from devices connected to serial ports can be stored in data buffer files on syslog servers By default logging and data buffering are not done Prerequisites for logging to syslog servers Before configuring syslogging ensure that syslog server is pre configured with a public IP address and is accessible from the console server The system administrato
232. to refer to any of these types of power devices The ACS console server automatically recognizes and supports a Cyclades PM IPDU or Avocent SPC device when the serial port to which the power device is connected has been configured for power management Additional requirements for Server Technology IPDUs For supported Server Technology IPDUs the following additional requirements apply e The ACS console server must be managed by a DSView 3 server DS View 3 software version 3 4 1 or above e The needed power device license must be present and the power device must be added to the DS View 3 software The license is automatically downloaded from the DS View 3 server onto the console server Configuration and management can then be performed either through the DS View software or through the Web Manager Conventions used to identify outlets Several formats such as outlet names outlet groups IPDU IDs and port names can be used to identify outlets during configuration as described below e An administrator can configure optional names for each outlet to replace the default names assigned by the system Outlet names must begin with a letter Valid characters are letters numbers dash and underscore _ When an outlet name is configured the name can be used in other power management configurations NOTE Outlet names can be configured in two places in the Web Manager Ensure that names are consistent e An administrator can conf
233. to the detailed information and associated procedure If you are in Wizard mode and need to perform advanced configuration clicking the Expert button at the bottom of the left menu panel to switch the Web Manager to Expert mode Connect Using the Connect form you can connect directly to the console server or to devices connected to the serial ports Connecting to the console server Clicking the Connect to ACS radio button and then clicking on the the Connect displays a Java applet running an SSH session similar to the following figure Ahttps 192 168 48 11 CAS Microsoft Internet Explorer _ SendBreak Disconnect Applet de mud jta Applet started 9 Internet Figure 6 2 Expert SSH session Java Applet NOTE SSH root access is enabled when the security profile is set to Moderate or Open If a Secured security profile is selected you need to switch to a Custom security profile and enable allow root access option Connecting to devices connected to the serial ports The Serial pull down menu lists all the serial port numbers or the administrator assigned aliases that a user is authorized to access Selecting a port number or alias and clicking Connect displays a Java applet with a connection protocol for which the serial port is configured 56 Cyclades ACS Advanced Console Server Installation Administration User Guide If authentication is in effect for the port you need to supply a usernam
234. ts 156 status ports 155 stop bits 44 storage device 168 storage device using 169 structure of IP filtering 6 stty options 150 subnet 93 swapcached 159 syscontact 97 syslocation 97 syslog 29 61 81 buffer size 143 server 143 servers 8 servers prerequisites for logging 8 system information 159 system information to view 160 T table host 108 TACACS 5 141 TACACS downlocal 118 TACACS local 5 118 141 TACACS downlocal 5 141 TCP flags 7 103 keep alive interval 150 options 105 port 149 port number local 153 port number remote 153 port numbers 26 sequence 105 Technical support 184 Telnet 38 125 134 Telnet bidirectional 134 136 Telnet console 133 TelnetSSH console 133 terminal profile menu 70 terminal server TS profile connection protocols 133 terminal type 150 terminal local 134 TFTP 167 time date 164 daylight savings time 166 timer watchdog 167 to configure ACS boot 167 to reboot the ACS 171 to set the time and date 165 to upgrade the ACS s firmware 171 to view system information 160 trap notification SNMP 163 trap number 163 trigger alarm 161 TS profile connection protocols terminal server 133 TTY 116 TX bytes 156 U UDP protocol 7 updelay 75 upgrade ACS s firmware 171 firmware 170 upgrade firmware Cyclades PM IPDU 64 Index 193 usage CPU 116 user adding 114 multi 144 regular 113 user authorization 119 user forms regular 24 users adding 20 admin
235. tually accessed through one IP address NOTE Clustering only works for ports that are configured as CAS profile You can use one console server as the master to control other console servers as Slaves The ports on the Slave unit s appear as if they are part of the master NOTE Multiple IPDUs should only be connected and daisy chained through the serial port of the master console server when you are configuring a cluster This section shows you how to define and configure the Slaves When you click the Add or Edit button on the Ports Virtual Ports form the following dialog box appears Onttps 192 168 48 11 New Modify Port Mozilla Fi Number of ports First Local Port Number Chapter 9 Ports Menu and Forms 153 Local IP 192 168 48 12 First Local TCP Port 7017 Number Remote IP 192 168 48 11 First Remote TCP Port 7001 Number Protocol 192 166 48 11 5 Figure 9 8 Ports Virtual Ports New Modify Port Dialog Box The following table describes the fields available in the Virtual Ports New Modify Port dialog box Table 9 12 New Modify Port Dialog Box Fields Field Name Definition Number of Ports Number of ports on each Slave unit Choices are 1 4 8 16 32 and 48 First Local Port Number The first unallocated port number for the Slave For example if the master unit has 16 ports ports 1 16 are allocated The First Local Port Number is then 17
236. type for the serial port from the pull down list The default is no authentication Type None NOTE Authentication type None is not a valid option when the serial port is configured for Power Management connection protocol The system defaults to Local if no authentication type is selected BidirectionLogin Timeout Configure the time for the serial port to return to idle state if the user name is not typed in the terminal after the login banner is displayed The default timeout value is 60 seconds This field is available only when a Bidirectional Telnet protocol is selected from Ports Physical Ports General Connection Protocol 140 Cyclades ACS Advanced Console Server Installation Administration User Guide Table 9 4 Access Form Menu and Fields Continued D ann ee a un sen ie ee Z_ E lt amp z EEEE es Field Description BidirectionShell Command Specify the menu shell command in this field for example bin menush and build a custom menu for the TS profile using Web Manager Applications Terminal Profile Menu form This field is available only when a Bidirectional Telnet protocol is selected from Ports Physical Ports General Connection Protocol To configure user access to serial ports Use this procedure if you wish to specify a list of authorized users or groups Go to Ports Physical Ports in Expert mode and select a port or ports to modify Click the Access t
237. u can generate a self signed digital certificate It is highly recommended that you use the openssl tool to generate a self signed certificate and replace the console server generated certificate The procedures to configure a self signed digital certificate is documented in the Cyclades ACS Command Reference Guide X 509 certificate on ssh The OpenSSH software included with the console server has support for X 509 certificates The administrator must activate and configure the SSH to use X 509 In order to implement authentication of SSH sessions through exchange of X 509 certificates please refer to the configuration procedures described in the Cyclades ACS Command Reference Guide 130 Cyclades ACS Advanced Console Server Installation Administration User Guide 131 Ports Menu and Forms Physical Ports When Physical Ports is selected under Ports Physical Ports in Expert mode the following form appears Virtual Ports many Ports Status Modify Selected Ports ify All Ports Ports Statistics Enable Selected Ports Disable Selected Ports Port Disable Alias Connection Protocol Serial Config ConsoleDl Console Telnet 9600 8N1 IPDU_01 Power Management 9600 8N1 ws_D1 Console SSH 9600 8N1 ws_02 Console 38H 9600 8N1 ws_03 Console SSH 9600 8N1 WS_Stby Console SSH 9600 8N1 IPDU_D2 Power Management 9600 8N1 DB_FO2 Console TelnetSsH 9600 8N1 DB_FO3 Console TelnetSSH 9600 8N1 DB_FO4 Console TelnetSSH 9600 8N1
238. ull down menu on the General form Terminal Type Select the desired terminal server profile from the drop down menu To configure TCP port number STTY options break interval and the login banner for a serial port connected to a console Go to Ports Physical Ports in Expert mode and select a port or ports to modify Select Modify Selected Port s Select the Other tab To change the port number for the serial port enter another number in the TCP Port field Dh Pye US eS To assign a name to the port s IP address enter an alias in the Port IP Alias field console connection protocol only 6 Ifconnecting to a Microsoft Windows Server 2003 operating system through the Emergency Management Services EMS console enable the Windows EMS console connection protocol only To change the Keep Alive interval enter another number in the TCP Keep Alive Interval field To change the idle timeout interval enter another value in the Idle Timeout field Chapter 9 Ports Menu and Forms 151 Specify stty options if desired in the STTY Options field To change the break interval enter a new number in the Break Interval field To change the break sequence enter a new sequence in the Break Sequence field To change the content of the login banner enter new content in the Login Banner field Click Done Click apply changes To configure terminal server connection options Perform this procedure if you have conn
239. ur browser and login as an administrator 2 Review the Security Advisory and click the Close button NOTE Your browser s pop up blocker must be disabled to see the Advisory 3 The Web Manager is automatically redirected to Wizard Step 1 Security Profile The following form is displayed Step 2 Network Settings Step 3 Port Profile Secured Moderate Open Step 4 Access Step 5 Data Buffering Step 6 System Log Currently there is NO SECURITY PROFILE set You must define a Security Level before proceding with further configuration Please choose from the three preset security levels Secured Moderate or Open You can also configure a customized security profile Figure 5 2 Wizard Step 1 Security Profile Form 4 Select a pre defined security profile by pressing one of the Secure Moderate Open or Default profiles or create a Custom profile The following dialog box is displayed when you select the Custom profile Chapter 5 Configuring the ACS Console Server in Wizard Mode 41 7M https 192 168 48 11 Custom Profile Microsoft Internet OK Cancel M Telnet M SNMP MT IPSec O FTP M RPC M ICMP SSH SSH Options M SSHy1 SSH port 22 M SSH v2 W allow root access Web Access HTTP amp HTTPS Options M HTTP HTTP port 80 I HTTP redirects to HTTPS M HTTPS HTTPS port 443 Access to Serial Ports M allow SSH to Serial Ports M allow Telnet to Serial Ports M a
240. ured for hostname discovery the hostname for the server is again discovered at the new serial port NOTE If the console server is being managed through DSView 3 software hostname discovery can be configured through the DSView 3 software An administrator can also configure site specific probe and answer strings These strings are used to probe the target device that is connected to the selected serial port and extract the hostname from the answer that is received in response to the probe string The result of each probe string is matched against all answer strings If no match is found the next probe string is sent until there are no more probe strings or a match occurs The default strings have a broad range and work in most cases NOTE Probe string configuration requires knowledge of C style escape sequences Answer strings require knowledge of POSIX extended regular expressions Hostnames longer than 31 characters are truncated when the hostname is assigned to the serial port alias 13 Installation Important Pre installation Requirements Before installing and configuring the console server ensure that you have the following e Root Access on your local UNIX machine to use the serial ports e An appropriate terminal application for your operating system e IP address DNS Network Mask and Gateway addresses of your server or terminal the console server and the machine to which the console server is connected e A web browse
241. uthentication servers The administrator completes the appropriate form through the Web Manager Expert Security Authentication to setup an authentication server for every authentication method to be used by the console server and its ports The following table lists the procedures that apply to each authentication method Table 8 3 Tasks for Setting up Authentication Servers Procedures Variations To configure a RADIUS authentication server RADIUS Local RADIUS RADIUS Local or RADIUS on page 118 DownLocal To configure a TACACS authentication server TACACS Local TACACS TACACS Local or on page 119 TACACS DownLocal To configure an LDAP authentication server on LDAP LDAP Local or LDAPDownLocal page 120 To configure a Kerberos authentication server Kerberos Kerberos Local or KerberosDownLocal on page 121 To configure a NIS authentication server on NIS Local NIS NIS Local or NISDownLocal page 123 To configure a RADIUS authentication server Perform the following procedure to configure a RADIUS authentication server when the console server or any of its ports are configured to use RADIUS authentication method or any of its variations Local RADIUS RADIUS Local or RADIUS DownLocal Chapter 8 Security Menu and Forms 119 1 Go to Security Authentication RADIUS in Expert mode 2 Fill in the form according to your local RADIUS server configuration 3 Click apply changes Group authori
242. ver or its ports using TACACS authentication is checked Users with administrator privileges have administrative access and users with regular user privileges have regular user access 4 To specify a time out period in seconds for each authentication attempt type a number in the Timeout field If the authentication server does not respond to the client s login attempt before the specified time period the login attempt is cancelled The user may retry depending on the number specified in the Retries field on this form 5 To specify a number of times the user can request authentication verification from the server before sending an authentication failure message to the user enter a number in the Retries field 6 Click apply changes Group authorization on TACACS Using an authorization method in addition to authentication provides an extra level of system security Selecting Security Authentication TACACS in Expert mode displays the TACACS 120 Cyclades ACS Advanced Console Server Installation Administration User Guide form where an administrators can configure a TACACS authentication server and can also enable user authorization checking By checking the Enable Raccess Authorization checkbox an additional level of security checking is implemented After each user is successfully authenticated through the standard login procedure the console server uses TACACS to determine whether or not each user group is authorized to acc
243. with commas or with dashes to indicate a range as in the following example ilA 1 2 5 15 You can assign outlets from more than one IPDU to a group by using commas to separate them The following example defines an outlet group for two IPDUs one named ilA and the other ilB ilA 1 5 8 i1B 1 3 4 For more information see Conventions used to identify outlets on page 10 See also Applications PMD Configuration General on page 65 to find out the IPDU ID To configure an outlet group 1 Click the Add button The Add Edit Outlet Groups dialog box appears 2 Inthe Group field enter the name of the group you want to add or edit the existing name 3 In the Outlets field add the IPDU ID followed by the specific outlets to assign to the group in brackets For example il A 1 5 8 creates a group of outlets numbered 1 5 6 7 and 8 on IPDU ID ilA You can assign more than one IPDU to the group with a comma between each IPDU 4 Click OK Chapter 6 Applications 67 To delete an outlet group 1 Click the Delete button 2 Select the group name you want to delete 3 Click OK Applications PMD Configuration Users Management An administrator can select Expert Applications PMD Configuration Users Management to configure users to access outlets General Outlet Groups Users Management User Outlets tomr Cyclades_ PDU i1lA 1 8 Figure 6 10 PMD Configuration Users Management The li
244. yclades ACS Advanced Console Server Installation Administration User Guide Active Ports Sessions Selecting Security Active Ports Sessions displays the form shown in the following figure Active Ports Sessions Authentication Security Profile Users and Groups a Uptime 3 22 Users 1 From Login IDLE JCPU 9 22pm 3 20m 0 695 Figure 8 2 Expert Security Active Ports Sessions The Active Ports Sessions form provides status and usage information related to all active serial ports sessions You can use the form to view who is logged into each port and the processes they are running Open sessions are displayed with their identification and statistical data the related data such as CPU usage for a specific client JCPU processes and PCPU processing time The Kill Sessions and Refresh buttons either end or refresh the selected session The following table defines the active ports sessions form fields Table 8 2 Expert Active Ports Sessions Information Field Name Definition User First eight characters of the username TTY Connection method From Where the network connection is from Login Login time in hours and minutes If login was not on the same day the date of login also appears Idle How long since last activity JCPU The amount of CPU time consumed by all active processes including currently running background jobs PCPU The amount of CPU time consumed by the
245. yclades ACS Advanced Console Server Installation Administration User Guide The ESP and AH authentication protocols are supported RSA Public Keys and Shared Secret are supported For detailed information and procedures to configure a VPN connection see VPN Connections on page 91 Packet Filtering The administrator can configure the device to filter packets like a firewall IP filtering is controlled by chains and rules Structure of IP filtering The Firewall Configuration form in the Web Manager is structured on two levels e The view table of the Firewall Configuration form containing a list of chains e The chains which contain the rules controlling filtering Chain A chain is a named profile that includes one or more rules defining either a set of characteristics to look for in a packet or what to do with any packet having all the defined characteristics The console server filter table contains a number of built in chains each referenced according to the packet type they handle As defined in the rules for the default chains all input and output packets and packets being forwarded are accepted Rule Each chain can have one or more rules that define either the packet characteristics being filtered or what to do when the packet matches the rule Each filtered packet characteristic is compared against the rules All defined characteristics must match If no rules are found then the default action for that chain is applied
246. zation on RADIUS Group information retrieval from a RADIUS authentication server adds another layer of security by adding a network based authorization It retrieves the group information from the authentication server and performs an authorization through the console server NOTE When configuring the RADIUS authentication server select the Enable Service Type attribute checking checkbox to authorize the ACS console server to retrieve the level of the user admin or regular based on the Service Type attribute from the RADIUS server Deselect the checkbox to authorize the ACS console server to retrieve the level of user based on the group_name attribute sent by the RADIUS server To configure a TACACS authentication server Perform the following procedure to configure a TACACS authentication server when the console server or any of its ports are configured to use TACACS authentication method or any of its variations Local TACACS TACACS Local or TACACS DownLocal Go to Security Authentication TACACS in Expert mode The TACACS form displays Fill in the form according to your local TACACS server configuration To apply Authorization in addition to authentication to the box and ports select the Enable Raccess Authorization checkbox By default Raccess Authorization is disabled and no additional authorization is implemented When Raccess Authorization is enabled the authorization level of users trying to access the console ser
247. zuusseessesseeseensersnennensnennnesnennnennennnennennonnnnnnonnnensnnsnensnenansne san 7 SNMP una tehana N te ES Rein tes bide Ne ewe abs eats aaa Hirn amp Notifications Alarms and Data Buffering ccccccccecceseeceseeescescessesecseceseeseceseeseceeceseeeeeeneseaeeaeeeasens 8 SYSLOG SCTVENS aiioe sense bias hes hued Glens a Ben EEE E E bon eben 8 Managing Users of Connected Device sisin i ine ee aE Re Teon AaS Eir i EEES 9 Configuring access to connected devices 1 ceseeseceseesscesceseessceseeeeceseeseceaeeeaecaeessecsecusecseceeseeeeaeens 9 ACS Console Server and Power Management uesuesseesuessersensnersnennensnennnnnennnennesnernnensonnnensonsnensann 9 Configuring power management zuessesseesserseesuensensennnonsnennensnesnnnsnesnnennensennnensennnensonsnensan san Il Options fOr managing power uneesesserseesnensuennnnsnensonsnensnesnennnesnennnesnernnennennonnnnnsnnnsonsonsnensan san 11 Hostn me Discovery nase Bin in K EN EKES kaS EEE SEES 12 Ch pter 2 Install ation a aa ra aa en lade 13 Important Pre installation Requirements ncesnesnessnesnesnnesnesnnennnnnannnnnnnennonsnennansnennnesnennnennenennnnne 13 Basic Installation Proced res uua miesessenkkhenschnentispnunn sn samen 13 Making an Ethernet connection unussessnennerseennensennnensnennensnennensnesnnnnnenennnensennnensensnnnsensnennn 14 iv Cyclades ACS Advanced Console Server Installation Administration User Guide Making a dire
Download Pdf Manuals
Related Search