Contents Introduction--1 Product Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Set-up and Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Vertical Console Port Server USER’S GUIDE Installation and Configuration--3 DHCP Configuration Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 User Management--10 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 Administrator Access . . . . .
VCPS CLI Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 cfg . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 clear . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 cps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 date . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 dhcp . . . . . . . . . . . . . . . . .
RADIUS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91 Firewalls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93 Events and Event Log--94 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94 Accessing the Event Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Introduction Product Description The American Power Conversion (APC®) Vertical Console Port Server (VCPS) allows both local and remote access for in-band and out-of-band network management. It is a zero-U, rack-mountable server that can be used to monitor and manage up to 42 servers or other devices with serial consoles within a rack.
Parameter/command syntax and terminology conventions. This manual uses the following syntax and conventions for parameters, commands, and terms: Brackets ([ ]) indicate that the enclosed parameter is optional. The command will be accepted if the parameter is not defined. When the text enclosed by the brackets starts with a hyphen (-) or indicates a list of characters, the parameter can be one of the letters within the brackets.
Installation and Configuration Set-up and Configuration If you are not using DHCP (enabled by default) you must define three TCP/IP settings for the VCPS before it can operate on the network: Vertical Console Port Server USER’S GUIDE Initial set-up • IP address of the VCPS • Subnet mask • IP address of the default gateway To use a DHCP server to configure the TCP/IP settings for a VCPS, see DHCP and BOOTP configuration.
Remote access to the control console You can access the CLI through Telnet or SSH, depending on which is enabled. (An administrator can enable these access methods through the CLI.) Both Telnet and SSH are enabled by default. Vertical Console Port Server USER’S GUIDE See Telnet and SSH for details on how to use these protocols to access the control console. Local access to the control console You can use a local computer to access the control console. 1.
How to recover from a lost password Warning Vertical Console Port Server USER’S GUIDE Any administrator can change any password, including the password for the permanent administrator. If all administrator passwords are lost, the entire configuration of the unit must be reset to defaults. Pressing the Reset button for ten seconds resets all VCPS settings. You can reset the user name and password for VCPS. 1. Press and hold the Reset button on the VCPS for 10 seconds.
The following illustration shows the location of the Reset button on the VCPS front panel. Vertical Console Port Server USER’S GUIDE Reset Button TCP/IP configuration You can manually configure your TCP/IP settings using the network command in the CLI. Enter: network set -b static See network for details on how to configure your TCP/IP settings manually.
DHCP and BOOTP configuration DHCP is enabled by default. To disable or enable DHCP, use the network set mode command in the CLI. Use the dhcp command in the CLI to set DHCP options. Vertical Console Port Server USER’S GUIDE In addition to using manual (static) settings, the VCPS can use a Dynamic Host Configuration Protocol (DHCP) server to provide the settings the VCPS needs to operate on a TCP/IP network. The VCPS can also obtain TCP/IP settings from BOOTP while operating in DHCP mode.
DHCP Configuration Settings DHCP request options Use the dhcp command in the command line interface to configure the Vendor Class, User Class, and Client ID settings of the VCPS. Vertical Console Port Server USER’S GUIDE DHCP response options Each valid DHCP response contains options that provide the TCP/IP settings a VCPS needs to operate on a network and other information that affects the operation of the VCPS. TCP/IP options.
Other options. A VCPS uses the following options within a valid DHCP response to define Network Time Protocol (NTP), Domain Name System (DNS), hostname and domain name settings: • NTP Server, Primary and Secondary (option 42): VCPS accepts an NTP server list from which it extracts the first two servers. Vertical Console Port Server USER’S GUIDE • DNS Server, Primary and Secondary (option 6): Up to two DNS servers that can be used by the VCPS.
User Management The system has a single default user, the permanent administrator. The default user name and password for the permanent administrator are apc and apc, both of which should be changed immediately for security purposes. Vertical Console Port Server USER’S GUIDE Overview The permanent administrator can never be deleted from the system. This administrator can create and assign privileges to other administrators and users.
Administrator Access Vertical Console Port Server USER’S GUIDE A user with administrator access can configure all VCPS network and system parameters and connect to all VCPS ports.
Port-Admin Access A port-admin user can configure all VCPS port parameters and access all ports. The port-admin user has access to the following port-specific commands.
Port-Readonly Access A port-readonly user can view some port parameters but does not have write access. The port-readonly user can connect to ports only in monitor mode. A port-readonly user has access to the following commands.
Port Users Port users can monitor port activity, or they can monitor and access assigned ports. Vertical Console Port Server USER’S GUIDE A port user can monitor or access multiple ports. Ports can be assigned as a port number, port name, or a range of ports. A port user can be assigned to have access to some ports and to only monitor others. For example: user set bob -a 1,5-7:m;10,12:ma This user can monitor ports 1, 5, 6 and 7, and can access ports 10 and 12.
Accessing the Serial Ports Overview • Local access to the CLI through the configuration port Vertical Console Port Server USER’S GUIDE You can access the VCPS serial console ports for attached servers or devices in the following ways: • Telnet/SSH access to the CLI • Telnet/SSH access directly to a specific console port ® 15
Telnet and SSH You can access the console ports through the CLI using Telnet or SSH, using the cps connect command. (An Administrator can enable Telnet or SSH through the CLI.) Vertical Console Port Server USER’S GUIDE You can also access a specific console port directly through Telnet or SSH using base port. See Using Base Port for more information. Telnet and SSH are both enabled by default. See telnetd and sshd for more information on how to configure your VCPS for use with Telnet and SSH.
SSH for high-security access The interface, user accounts, and user access rights are the same whether you access the control console through SSH or Telnet, but to use SSH, you must first configure SSH and have an SSH client program installed on your computer. Vertical Console Port Server USER’S GUIDE For high security, use Secure SHell (SSH) for access to the control console. SSH encrypts user names, passwords and transmitted data.
Attaching Devices to Serial Ports From the CLI, use the cps connect command and specify the port number or port name to attach a device to a serial port. For example, to connect a device to port 5, type: cps connect 5 Vertical Console Port Server USER’S GUIDE or cps connect port5 A user with read-only access or monitor permission only can not write to a port. Any characters typed by that user at the keyboard are not sent to the device attached to the serial port.
• To disconnect from a serial port, type ^Ec. (CTRL +E, then c, followed by period) Vertical Console Port Server USER’S GUIDE Type ^Ec (CTRL +E, then c) to enter a command. In command mode, you can cause the VCPS to perform a number of actions such as disconnecting from a serial port, sending a break sequence, and sending a broadcast message to all users attached to serial ports. These commands are not directly relayed to the device attached to the serial port.
Port Mode Commands and Escape Sequence Using port mode commands Vertical Console Port Server USER’S GUIDE Special port mode commands are accessible using the escape sequence after you have attached to a serial port. The disconnect command detaches from the serial port and returns to the CLI or closes a direct Telnet or SSH session. All port mode commands are preceded by the escape sequence. The default is ^Ec (CTRL +E, then c) followed by one of the port mode commands from the table below.
Vertical Console Port Server USER’S GUIDE Command Character Description r Replay the last 20 lines s Attach to a port in spy mode (read-only) w Display who is attached to the port ? Print command help ENTER or Ignore/abort command ^R (CTRL+R) Replay the last line \ooo Send character by octal code Escape sequence The escape sequence is composed of the escape-character and the command mode character.
Examples Set your command macros: • cmd set macro1 A . - set the macro A to the disconnect command “.
Using Base Port You can use Telnet/SSH to directly access a VCPS serial port using the base TCP port. Vertical Console Port Server USER’S GUIDE The base TCP port default is 9000. You can change the base port setting using the cps set command in the CLI to any unused TCP port from 5000 to 65493. If you use Telnet to directly access a serial port, the following command would connect you directly to the server or device connected to port 5 on the VCPS at the IP address 157.204.7.12. telnet 157.204.7.
Using Direct Port Name Access With SSH You can use SSH to directly access a VCPS serial port using username:portname syntax. In this example, a user named apc has access to a port on VCPS named webserv1.: Vertical Console Port Server USER’S GUIDE ssh apc:webserv1@157.204.7.
Serial Port Logs The Vertical Console Port Server logs all data received from an attached device to a file. There is one log file and one rolled log file for each port. Log files are stored in the conlogs directory on the VCPS, and are named . Vertical Console Port Server USER’S GUIDE Overview After the size of a port log file exceeds 100 Kilobytes, it rolls over to a rolled log file named .0, and restarts logging with an empty log file.
How to Use FTP or SCP to Retrieve Log Files If you are using the encryption-based security protocols for your system, use Secure CoPy (SCP) to retrieve the log file. (You should have FTP disabled.) Vertical Console Port Server USER’S GUIDE If you are an Administrator, you can use FTP or SCP to retrieve a port log file (). The file reports all of the port traffic since the log was last deleted.
including spaces. (For some FTP clients, you must use a colon instead of a space between the IP address and the port number.) ftp>open 2. Use the case-sensitive User Name and Password for an Administrator to log on. For a permanent administrator, apc is the default for User Name and Password. Vertical Console Port Server USER’S GUIDE To use non-default port values to enhance security, see Port assignments. 3. Change to the console logs directory: cd conlogs 4.
Viewing the Log Using the CLI You can use the CLI to display the log for a specific port. Vertical Console Port Server USER’S GUIDE For details on how to use the view command in the CLI to access the event and port logs, see view.
Using the Command Line Interface Overview The VCPS Command Line Interface (CLI) has the following features: Vertical Console Port Server USER’S GUIDE • command line editing • history retrieval • extensive help system ® 29
Command Line Interface Structure and syntax Vertical Console Port Server USER’S GUIDE The CLI is composed of a set of commands that follow a basic syntax: [][
Activating and saving VCPS configurations To save your changes to flash memory so they will be in effect when you reboot the system, you must execute the cfg save command. Vertical Console Port Server USER’S GUIDE When you finish executing a set subcommand, it is only set in the database. To activate your changes, you must execute the cfg run command to restart all services except the network (TCP\IP settings and DHCP). Use the cfg run - n command to restart all services and the network.
History buffer Press the down arrow key to display the first command line entered during your user session. Continue to press the down arrow key to move forward through the command line display. Vertical Console Port Server USER’S GUIDE Press the up arrow key to display the last command line entered during your user session. Continue to press the up arrow key to display earlier command lines.
VCPS CLI Commands Vertical Console Port Server USER’S GUIDE Click on a command to view usage details. Command Use This Command To cfg Save or load the VCPS system configuration to a non-volatile database. clear Clear the event or console logs. cps Configure and administer console port service. date Set the system date, time, and time zone; show the current system date, time and time zone. dhcp Set or display the DHCP configuration, or restart the DHCP interface.
Vertical Console Port Server USER’S GUIDE Command Use This Command To rm Remove files from your directories. snmp Enable or disable SNMP, or change the SNMP port. snmpaccess Create, configure, delete, or list SNMP communities. snmptrap Create, configure, delete, or list SNMP trap receivers. sshd Configure and administer the SSH server. syslog Add, delete, or list remote hosts, or restart syslog. system Set or display the system configuration, or restart the system interface.
cfg Configuration database and file manager. cfg synopsis cfg import [] Vertical Console Port Server USER’S GUIDE cfg export [] cfg save cfg restore-defaults cfg load cfg run [-n] cfg description The cfg command saves, loads, imports, exports, restores defaults or runs a configuration. cfg import [] - Import a configuration from a file. The default name vcps.cfg is used if no filename is given. cfg export [] - Export the current VCPS configuration to a file.
cfg examples • cfg run Run the current configuration except network settings. Vertical Console Port Server USER’S GUIDE • cfg save Save the current configuration.
clear Clear the event or console logs. clear synopsis clear description Vertical Console Port Server USER’S GUIDE clear eventlog | [portlog | ] This command allows the user to clear the event log or individual console port logs. clear options Clear the non-volatile event log and restart event logging. eventlog Clear the console log for the port number or portname.
cps Console port service global configuration command.
cps set break[n] - Set the break sequences for break1 through break9. The break sequence is a sequence of characters that is sent to the console connection upon request. The delay is the time in milliseconds (ms) for each delay (\d) in the sequence. Vertical Console Port Server USER’S GUIDE The following are special insertable characters: character definition \a alert \b backspace \d delay specified for the break sequence.
cps set escapechar - Set the escape character to access the port server commands while attached to a port. Non-printable control characters must be prefixed with ^. For example, to set this value to CTRL+A, type ^A, for the escape character, type ^[, etc. Vertical Console Port Server USER’S GUIDE cps set cmdmodechar - Set the character, while attached to a port, to put the port server in command mode after the escape character has been received.
Vertical Console Port Server USER’S GUIDE Character Definition m Display the message of the day p Redisplay the last 60 lines r Redisplay the last 20 lines s Spy read only w Who is logged on to this console ? Print this message Ignore/cancel command ^R Redisplay the last line \ooo Send character by octal code cps show - Display the current configuration. cps status - Display the console port service status. cps connect - Start a console session on a port.
cps examples • cps set basePort 10000 Change the base port to TCP port 10000. • cps set escapechar ^[ Set break1 sequence to . Vertical Console Port Server USER’S GUIDE • cps set break1 +++\z\d--- 150 Set break1 sequence to '+++'(hw break)(one delay)'---'. Set the delay time for this break sequence to 150ms • cps set macro1 A . Set macro1 commmand character A to '.' (disconnect command). To use, type ^EA (assuming the default escape character ^E). • cps connect 1 Connect to port 1.
date Date and time configuration and display. date synopsis date set [-d mm/dd/yy] [-t hh:mm:ss ] [-z ] Vertical Console Port Server USER’S GUIDE date show [-z | timezones] date description The date command sets and shows the system date, time and time zone configuration. date set - Set the date, time, and time zone. date show - Display the current date and time. date show [timezones | -z] - Display the list of time zones.
date options Set the system date. -d mm/dd/yy --date mm/dd/yy -t hh:mm:ss Vertical Console Port Server USER’S GUIDE Set the system time specified in 24 hour time, ::. --time hh:mm:ss Set the system time zone in POSIX-style specification. -z --zone Use date show timezones to list valid time zones. date examples • date set -d 01/01/05 -z CDT Set the system date to January 1, 2005, central daylight time.
dhcp DHCP client configuration and display. dhcp synopsis Vertical Console Port Server USER’S GUIDE dhcp set [-v ] [-c ] [-u ] dhcp show dhcp description The dhcp command sets and shows the system DHCP client configuration. dhcp set - Set the vendor class, client identifier, and user class. dhcp show - Display the current DHCP configuration. dhcp options Set the DHCP vendor class. -v --vendor Set the DHCP client identifier.
dhcp examples • dhcp set -v APC Set the system DHCP client vendor class to APC. Vertical Console Port Server USER’S GUIDE • dhcp show Shows the current system DHCP client configuration.
exit Log off the VCPS command line interface. exit synopsis exit description Vertical Console Port Server USER’S GUIDE exit This command is used to log off the VCPS command line interface.
ftpd File Transfer Protocol (FTP) server configuration and display. ftpd synopsis ftpd set -p Vertical Console Port Server USER’S GUIDE ftpd [enable | disable] ftpd show ftpd description The ftpd command configures the system FTP server. ftpd set - Set the FTP server configuration parameters. ftpd [enable | disable] - Enable or disable the FTP server. ftpd show - Display the current FTP server configuration.
loadfw Load and check the VCPS firmware. loadfw synopsis loadfw description Vertical Console Port Server USER’S GUIDE loadfw [-w] [-c] [-f [-p ]] The loadfw command updates the VCPS firmware. loadfw options Write the firmware update to persistent memory. -w Check the integrity of the firmware update.
loadfw examples • loadfw -w -f joe@ftpserver:apc_hw10_vcps_101_3.bin Download the firmware, then write it to persistent memory. • loadfw -w Write the firmware to persistent memory after it has been downloaded. Vertical Console Port Server USER’S GUIDE • loadfw -c Check the integrity of the firmware. For details on upgrading VCPS firmware, see Firmware Upgrades.
ls List files. ls synopsis ls description Vertical Console Port Server USER’S GUIDE ls [files] This command lists files in the current working directory. ls [files] List the files in the current directory. Wild cards are allowed. ls examples • ls List the files in the current directory. • ls cfg List the files in the user's cfg directory. • ls *.txt List all files in the current directory that end in ".txt".
network Configure and display TCP\IP and DNS network parameters. network set [-i
] [-n ] [-g ] [-d ] [-h ] [-b ] [-m ] [-p ] [-s ] Vertical Console Port Server USER’S GUIDE network synopsis network show network status network restart network description The network command sets and displays network parameters. network set - Set network parameters. network show - Display the current network configuration.Set the default gateway. -g
--gateway Set the hostname. -h Set which DNS domain to search for unqualified host names. Vertical Console Port Server USER’S GUIDE --host -d --domain Set the boot mode of the interface to either static or dhcp. Use static to assign a fixed address. Use DHCP to assign an address using Dynamic Host Configuration Protocol. dhcp is enabled by default.network examples • network show Display the current network configuration. • network set -i 192.168.1.7 -n 255.255.255.255 -g 192.168.1.1 -b static Set the network address, network mask, default gateway, and bootmode. Vertical Console Port Server USER’S GUIDE • network status Display the current network status. • network restart Restart the network services.
ntp Network Time Protocol client configuration and display. ntp set [-p ] [-s ] [-m ] [-x ] Vertical Console Port Server USER’S GUIDE ntp synopsis ntp enable ntp disable ntp update ntp show ntp description This command lets you display and configure the system NTP client settings, perform an update from a configured NTP server, and enable or disable the periodic NTP time update service.
ntp show - Display the current NTP settings. ntp options Set the primary NTP server using an IP address or hostname. -p Set the secondary NTP server using an IP address or hostname. Vertical Console Port Server USER’S GUIDE --primary -s --secondary Set the minimum NTP poll interval.
ping ICMP echo command. ping synopsis ping description Vertical Console Port Server USER’S GUIDE ping [ | ] This command sends four ping packets to the specified IP address or DNS hostname and shows the reply statistics for each packet as well as the group of packets. ping ip-address - Send ping packets to the specified host and display the results. ping examples • ping www.boingo.com Ping the host at www.boingo.
port Serial console port configuration and display command. port set [-][,] [-b ] [-f ] [-o ] [-n ] [-m ] [-t ] [-i ] [-k ] [-a ] [-l ] Vertical Console Port Server USER’S GUIDE port synopsis port show port list port description The port command is used to configure and display the name and serial communication parameters for the VCPS serial ports.
port set [-f ] - Set the flow control parameters. This value is specified as a plus sign-separated ( + ) list of options. The flow-control options are: • ixon - Enable XON/XOFF flow control on output • ixany - Enable any character to restart output • ixoff - Disable XON/XOFF flow control on input Vertical Console Port Server USER’S GUIDE • crtscts - Enable RTS/CTS (hardware) flow control port set [-o ] - Set the port communication options.
port set [-l [enabled | disabled]] - Enable or disable logging on this port. port show - Show the current configuration of this port. port list - List all ports. Vertical Console Port Server USER’S GUIDE port options Set the baud rate for the specified port. -b --baud Set the parity for the specified port. -p --parity Set the flow control for the specified port. -f --flowctrl Set the options for the specified port.
Set the idle timeout for the specified port. -t --idletimeout Set the idle timeout string for the specified port. -i Set the break sequence number for the specified port. Vertical Console Port Server USER’S GUIDE --idlestring -k --breakseq Set the remote access mode for the specified port to either Telnet or SSH. -a --access Enable or disable logging for the specified port.
port examples • port set 1 --name webserver1 Set the name of port number 1 to webserver1. For more information on break sequences, see the cps command. Vertical Console Port Server USER’S GUIDE • port set webserver1 -k break2 Set the break sequence of the port named webserver1 to break sequence 2. • port set 2 -o cstopb+hupcl Set the options for port 2 to use two stop bits, lower the modem control lines after hang up, and NOT remove the high bit from incoming data.
prompt Command prompt form. prompt synopsis prompt description Vertical Console Port Server USER’S GUIDE prompt [short|long] This command sets the command prompt to either the short or long form. The short form shows the configured host name as the prompt in the format hostname>. The long form shows the user currently logged in for the session and the configured hostname in the format user@hostname>.
radius RADIUS client configuration and display. radius synopsis Vertical Console Port Server USER’S GUIDE radius set [-h ] [-p ] [-s ] [-t ] [-r ] radius show radius description This command is used to configure the RADIUS client on the VCPS. radius set - Configure the RADIUS client parameters for the specified server.
Set the shared secret to use for the specified RADIUS server. -s --secret Set the amount of time, in seconds, to wait for a response from the specified RADIUS server. --timeout Vertical Console Port Server USER’S GUIDE -t Set the number of retries to attempt to contact the RADIUS server before failing a login authentication. If authentication is set up as radius_then_local, the local user database will perform the authentication.
reboot Reboot the system. reboot synopsis reboot description Vertical Console Port Server USER’S GUIDE reboot Reboot the VCPS.
rm Remove files rm synopsis rm description Vertical Console Port Server USER’S GUIDE rm This command deletes files from the user's directories. rm - Delete the specified files. Wild cards are allowed. rm examples • rm * Delete all files in the current directory. • rm cfg/*.cfg Delete all files in the cfg directory that end with *.cfg.
snmp SNMP agent configuration and display. snmp synopsis snmp set -p Vertical Console Port Server USER’S GUIDE snmp [enable | disable] snmp show snmp description This command configures and administers the VCPS SNMP server. snmp set - Configure the SNMP server's parameters. snmp enable - Enable the SNMP server. snmp disable - Disable the SNMP server. snmp show - Display the SNMP server's current configuration. snmp options Sets the SNMP server UDP listening port.
snmpaccess SNMP community configuration and display. snmpaccess synopsis Vertical Console Port Server USER’S GUIDE snmpaccess [add | set] [-a ] [-f ] snmpaccess del snmpaccess show snmpaccess list snmpaccess description This command configures the VCPS SNMP access communities for the SNMP server. snmpaccess add - Create a new SNMP access community. The default value for access is read-only and for address filters is 0.0.0.0/0.
snmpaccess options Set the access rights for the specified community. • r - read-only • w - read-write • disabled - disable access for this community. --access r | w | disabled Vertical Console Port Server USER’S GUIDE -a r | w | disabled Set the range of device addresses that may access the specified community. The address filter is specified as a standard IP address mask.
snmptrap SNMP trap receivers configuration and display. snmptrap synopsis Vertical Console Port Server USER’S GUIDE snmptrap [add | set] [-c ] [-g ] [-a ] snmptrap [show | del] snmptrap list snmptrap description This command configures the SNMP trap receivers that will receive traps from the VCPS. The trap receiver is a single host, specified as an IP address or host name.
Enable or disable trap generation for the specified trap receiver. -g --generate Enable or disable whether the specified trap receiver will receive authentication failure traps from the VCPS. --authenticate Vertical Console Port Server USER’S GUIDE -a snmptrap examples • snmptrap add 192.168.1.45 Add the device at 192.168.1.45 to the list of trap receivers with all default configuration values. • snmptrap set 192.168.1.
sshd Secure shell server (SSH v1 and SSHv2) configuration and display. sshd synopsis Vertical Console Port Server USER’S GUIDE sshd set [-p ] [-c ] [-C ] [-v ] sshd [enable | disable] sshd show sshd keygen -s sshd description Use this command to configure and administer the SSH server. sshd set - Configure the SSH server’s parameters. By default, the SSH server is enabled and uses SSH version 2 with 3DES and Blowfish ciphers.
sshd options Set the TCP port for the SSH server. -p Set the SSH version 2 ciphers to use. This value is specified as a list of ciphers separated by a plus ( + ) sign. Acceptable values are 3des, blowfish, aes128, and aes256. Leaving a cipher out of the list will disable it. Vertical Console Port Server USER’S GUIDE --port -c --v2ciphers Set the SSH version 1 ciphers to use. This value is specified as a list of ciphers separated by a plus ( + ) sign.
sshd examples • sshd set -C blowfish -v 1 Set the SSH server to use the Blowfish cipher only and use SSH version 1. Vertical Console Port Server USER’S GUIDE • sshd set -c blowfish+aes256 --version 2 Set the SSH server to use SSH version 2 with the version 2 ciphers Blowfish and AES256. • sshd keygen -s 2048 Generate a new 2048-bit SSH key.
syslog Syslog messaging recipient configuration and display. syslog synopsis syslog [add | del] Vertical Console Port Server USER’S GUIDE syslog list syslog description Use this command to configure the list of remote syslog servers that will receive syslog messages from the VCPS. The remote host may be specified as an IP address or DNS hostname. syslog add - Add a new remote syslog server to the list. syslog del - Remove a remote syslog server from the list.
system Configure global system and SNMP MIB II parameters system synopsis Vertical Console Port Server USER’S GUIDE system set [-n ] [-c ] [-l ] [-a ] system [show | restart] system description This command lets you configure the global system parameters and restart the system. system set - Configure the system parameters. system show - Display the current system configuration. system restart - Restart the system.
Set the user-specified location information for this VCPS. The default is unknown. Maximum length is 256 characters. -l --location Vertical Console Port Server USER’S GUIDE Set the authentication method used to validate user access for telnet and ssh. Values are local, radius, local_then_radius, or radius_then_local. The default is local.
telnetd Telnet server configuration and display. telnetd synopsis telnetd set [-p ] Vertical Console Port Server USER’S GUIDE telnetd [enable | disable | show] telnetd description This command lets you configure the Telnet server on the VCPS. telnetd set - Configure the Telnet server parameters. telnetd enable - Enable the Telnet server. telnetd disable - Disable the Telnet server. telnetd show - Display the Telnet server current configuration.
user User management and display. user synopsis Vertical Console Port Server USER’S GUIDE user [add | set] [-p ] [-a ] user perm-admin [-n ] [-p ] user [show | del] user [status | list]S user description This command is used to configure the users and their access rights. user add - Add a new user to the system. user set - Configure a user's password and access rights.
--name Set the password for the specified user. The maximum length is 32 bytes. -p --password • admin: Can configure all VCPS network and system parameters, and connect to all VCPS ports. Vertical Console Port Server USER’S GUIDE Select from the following access rights for the specified user: • port-admin: Can configure all VCPS port parameters and access all ports. • port-readonly: Can view some port parameters but does not have write access.
user examples • user add joe -p joespassword -a port-admin Add the user named joe to the system with the password joespassword, and set his access rights to port-admin. Vertical Console Port Server USER’S GUIDE • user set mike -a port1,5-7:m;port10,12:a Set the access rights for the user named mike so that this user can monitor ports 1,5,6,7, and can access ports 10,12.
version Show the current firmware version information for the VCPS. version synopsis version description Vertical Console Port Server USER’S GUIDE version This command displays the current version of the firmware running on the VCPS.
view View syslog and console logs. view synopsis view events Vertical Console Port Server USER’S GUIDE view log [|] view list view description Use this command to view logs that are stored by the system. view events - View the event log. view log - View individual console traffic logs. The port is specified as either a number (1-42) or by the name of the port. For more information on ports, see the port command. view list - Display a list of all the console logs.
who Show users that are currently logged in. who synopsis who description Vertical Console Port Server USER’S GUIDE who This command displays a list of all users who are currently logged onto the system.
Security Security Features As a network device that passes information across the network, the VCPS is subject to the same exposure as other devices on the network. Vertical Console Port Server USER’S GUIDE Planning and implementing security features Use the information in this section to plan and implement the security features appropriate for your environment. Summary of access methods Serial control console. Security Access Access is by user name and password.
SNMP. • Community Name • DNS Host filters • NMS IP filters • Agent Enable/Disable • 20 access communities with read/write/disable capability Vertical Console Port Server USER’S GUIDE Security Access Description The DNS Host filters restrict access only to the NMS at that location, and the NMS IP filters allow access only from designated IP addresses. • 162.245.12.1 allows only the NMS with that IP address to have access. • 162.245.12.0/24 allows access for any NMS on the 162.245.12 segment. • 162.245.
Changing default user names and passwords immediately Vertical Console Port Server USER’S GUIDE As soon as you complete the installation and initial configuration of the VCPS, immediately change the default user name and password. Configuring unique user names and passwords is essential to establish basic security for your system. Port assignments If the Telnet, FTP, or SSH/SCP server uses a non-standard port, a user must specify the port when connecting to the VCPS.
Security Protocols You can select to use the basic security features for the VCPS that control access by providing basic authentication through user names, passwords, and IP addresses, without using encryption. These basic security features are sufficient for most environments in which sensitive data are not being transferred.
Secure SHell (SSH) and Secure CoPy (SCP) The Secure SHell (SSH) protocol provides a secure mechanism to access computer consoles or shells remotely. The protocol authenticates the server (in this case, the VCPS) and encrypts all transmissions between the SSH client and the server. • SSH protects the username and password, the credentials for authentication, from anyone intercepting network traffic.
RADIUS RADIUS (Remote Authentication Dial-In User Service) is an authentication, authorization, and accounting service. Use this option to centrally administer remote access for each VCPS port. Vertical Console Port Server USER’S GUIDE When a user accesses the VCPS, an authentication request is sent to the RADIUS server to determine the user’s permission level. RADIUS user names are limited to 32 characters.
3. Configure RADIUS users. The APC-Permissions attribute must be configured for each administrator, port administrator, and read-only user accessing the VCPS. The APC-Permissions attribute is a string and is set as follows: Vertical Console Port Server USER’S GUIDE RADIUS user names are limited to 32 characters. CPS_PERMS=admin CPS_PERMS= identifies these as console port server permissions. admin is a user permission string. For more information on user permission levels, see User Management.
Firewalls Vertical Console Port Server USER’S GUIDE Although some methods of authentication provide a higher level of security than others, complete protection from security breaches is almost impossible to achieve. Well-configured firewalls are an essential element in an overall security scheme.
Events and Event Log The Vertical Console Port Server logs syslog messages and SNMP MIB II traps for selected events. These events are stored in a local event log and in up to 20 remote syslog servers. Vertical Console Port Server USER’S GUIDE Overview Using the CLI, you can add or delete a remote syslog server, or display a list of remote servers configured to receive messages from VCPS. For details on how to use the syslog command in the CLI, see syslog.
Accessing the Event Log The event log can be accessed using one of these methods: • Offline viewing by transferring the file from the VCPS using either FTP or SCP. The event log is stored as /logs/messages in the file system. Vertical Console Port Server USER’S GUIDE • Direct viewing from within the CLI using the view eventlog command You must be an administrator to use FTP and SCP to access the event log.
Vertical Console Port Server USER’S GUIDE The following table lists the events that are logged by VCPS. All events will be sent to remote syslog servers. SNMP traps are sent for MIB II traps only. Event Definition warmStart † The VCPS is reinitializing and its configuration may change. coldStart † The VCPS is reinitializing and its configuration will not change. reboot The VCPS will shut down and restart its services. shutdown The VCPS will shut down but will not automatically restart.
Firmware Upgrades The VCPS supports upgradable firmware using binary firmware files provided by APC either through the internet or on CD. Each of these files contains protection mechanisms to ensure that the data contained in the file is not corrupted before or during the transfer operation. Vertical Console Port Server USER’S GUIDE Overview When new firmware is transmitted to the VCPS, the program code is updated and new features become available.
Upgrading Firmware Benefits of upgrading firmware Upgrading the firmware on the VCPS has the following benefits: • New firmware has the latest bug fixes and performance improvements. • Keeping the firmware versions consistent across your network ensures that all VCPSs support the same features in the same manner. Vertical Console Port Server USER’S GUIDE • New features become available for immediate use.
Firmware file transfer methods You can transfer the latest firmware to a VCPS using one of the following methods: • Upload the firmware to a VCPS using FTP or SCP. Vertical Console Port Server USER’S GUIDE • Download the firmware from an FTP server (if your company or agency has a centralized FTP server from which to obtain firmware). Instructions for using FTP or SCP. For you to be able to use FTP or SCP to upgrade a single VCPS over the network: • The VCPS must be connected to the network.
3. Type open and the VCPS’s IP address, and press ENTER. If the Port setting for FTP Server has changed from its default of 21, you must use the non-default value in the FTP command. b. For Windows FTP clients, separate the port number from the IP address by a space. For example, if the VCPS’s FTP Server Port setting has been changed from its default of 21, such as to 21000, you would use the following command for a Windows FTP client transferring a file to a VCPS with an IP address of 150.250.6.10.
valid VCPS firmware image. After checks have been performed, an MD5 hash is displayed. This MD5 hash must match the MD5 hash from the .md5 file that accompanied the firmware image file. 9. In the control console, enter loadfw -w to write the firmware image to the VCPS flash memory. Download firmware from an FTP server Vertical Console Port Server USER’S GUIDE 10. Enter reboot to have your changes take effect. To download firmware from an FTP server: 1.
– The -w option writes the file to flash memory after downloading and verifying the file image. Verifying upgrades and updates Vertical Console Port Server USER’S GUIDE To verify that the firmware upgrade was successful, use an SNMP GET to the MIB II sysDescr OID.
Product Information Vertical Console Port Server USER’S GUIDE Warranty and Service Limited warranty APC warrants the VCPS to be free from defects in materials and workmanship for a period of WARRANTY LENGTH from the date of purchase. Its obligation under this warranty is limited to repairing or replacing, at its own sole option, any such defective products.
Obtaining service To obtain support for problems with your VCPS: Vertical Console Port Server USER’S GUIDE 0 1. Note the serial number and date of purchase. For a separately shipped Management Card, the serial number is on the card itself. For a UPS with a pre-installed or embedded card, note the serial number of the UPS itself. 2. Contact Customer Support at a phone number listed under APC Worldwide Customer Support at the end of this manual.
Life-Support Policy General policy Vertical Console Port Server USER’S GUIDE American Power Conversion (APC) does not recommend the use of any of its products in the following situations: • In life-support applications where failure or malfunction of the APC product can be reasonably expected to cause failure of the life-support device or to affect significantly its safety or effectiveness. • In direct patient care.
Specifications Vertical Console Port Server USER’S GUIDE Electrical Item Specification Acceptable input voltage 19–30 VDC Maximum total current draw 110 mA Output relay contact rating 1A @ 30V Physical Item Specification Size (H × W × D) 1.46 × 4.75 × 4.3 in (3.7 × 12.1 × 10.9 cm) Weight 0.25 lb (0.11 kg) Shipping weight 0.8 lb (0.
Index Event log A accessing 95 Access F Firewall, as essential to security 93 Firmware benefits of upgrading 98 file transfer methods 99 files for VCPS 98 obtaining the latest version 98 upgrading 98 verifying upgrades and updates 102 FTP using to retrieve files 26 Administrator access 11 Vertical Console Port Server USER’S GUIDE remotely to the control console 4 using SSH 17 using Telnet 16 B Base port 23 Boot mode process 7 BOOTP configuration 7 C using to upload firmware to the VCPS 99 Comman
Port-Readonly access 13 U R Upgrading firmware 98 User Management administrator access 11 port user access 14 port-admin access 12 port-readonly access 13 RADIUS 91 S enabled and configured with SSH 90 using to retrieve text version of event or data log 26 using to upload firmware to the VCPS 99 Vertical Console Port Server USER’S GUIDE SCP Secure CoPy. See SCP.
APC Worldwide Customer Support Vertical Console Port Server USER’S GUIDE Customer support for this or any other APC product is available at no charge in any of the following ways: • Visit the APC Web site to access documents in the APC Knowledge Base and to submit customer support requests. – www.apc.com (Corporate Headquarters) Connect to localized APC Web sites for specific countries, each of which provides customer support information. – www.apc.
Entire contents © 2005 American Power Conversion. All rights reserved. Reproduction in whole or in part without permission is prohibited. APC and the APC logo are trademarks of American Power Conversion Corporation and may be registered in some jurisdictions. All other trademarks, product names, and corporate names are the property of their respective owners and are used for informational purposes only.
