Manualshelf

User guide

ManualsBrandsAvocent ManualsNetwork CardAdvanced Console Server ACS 6000
11121314151617181920
Chapter 1: Introduction 3
Flexible users and groups
An account can be defined for each user on the console server or on an authentication server. The
admin and root users have accounts by default, and either can add and configure other user
accounts. Access to ports can be optionally restricted based on authorizations an administrator can
assign to custom user groups. For more information, see
Users Accounts and User Groups on page
70.
Security
Security profiles determine which network services are enabled on the console server.
Administrators can either allow all users to access enabled ports or allow the configuration of group
authorizations to restrict access. You can also select a security profile, which defines which
services (FTP, ICMP, IPSec and Telnet) are enabled and SSH and HTTP/HTTPS access. The
administrator can select either a preconfigured security profile or create a custom profile. For more
information, see
Security Configuration on page 65.
Authentication
Authentication can be performed locally, with One Time Passwords (OTP), a remote Kerberos,
LDAP, NIS, RADIUS, TACACS+ authentication server or a DSView 3 server. The console server
also supports remote group authorizations for the LDAP, RADIUS and TACACS+ authentication
methods. Fallback mechanisms are also available.
Any authentication method configured for the console server or the ports is used for authentication
of any user who attempts to log in through Telnet, SSH or the Web Manager. For more
information, see
Authentication on page 67.
VPN based on IPSec with NAT traversal
If IPSec is enabled in the selected security profile, an administrator can use the VPN feature to
enable secure connections. IPSec encryption with optional NAT traversal (which is configured by
default) creates a secure tunnel for dedicated communications between the console server and other
computers that have IPSec installed. ESP and AH authentication protocols, RSA Public Keys and
Shared Secret are
supported. For more information, see IPSec(VPN) on page 81.
Packet filtering
An administrator can configure an ACS 6000 console server to filter packets like a firewall. Packet
filtering is controlled by chains, which are named profiles with user-defined rules. The console
server filter table contains a number of built-in chains that can be modified but not deleted. An
administrator can also create and configure new chains.
SNMP
If SNMP is enabled in the selected security profile, an administrator can configure the Simple
Network Management Protocol (SNMP) agent on the console server to send notifications or traps
to an SNMP management application.