BLACK BOX® Advanced Console Server Installation, Administration, and User’s Guide Software Version 2.6.0 BLACK BOX® Corporation 1000 Park Drive Lawrence, PA 15055-1018 877-877-2269 http://www.blackbox.
© 2005 BLACK BOX® Corporation, all rights reserved Information in this document is subject to change without notice. BLACK BOX® is the registered trademark of BLACK BOX® Corporation in the United States and other countries. All trademarks, trade names, logos and service marks referenced herein, even when not specifically marked as such, belong to their respective companies and are not to be considered unprotected by law.
Contents Before You Begin ...................................................... 1 Audience .............................................................................................. 1 Document Organization ....................................................................... 1 Related Documents .............................................................................. 3 BLACK BOX® firmware Upgrades ................................................ 4 Chapter 1: Introduction ......................
Contents Syslog Servers ................................................................................ 23 Prerequisites for Logging to Syslog Servers ............................... 23 Administering Users of Connected Devices ...................................... 24 Planning Access to Connected Devices ......................................... 24 Configuring Access to Connected Devices .................................... 25 CS and Power Management .......................................................
Chapter 3: Web Manager for Regular Users.......... 51 Using the Web Manager ..................................................................... 51 Features of Regular User Forms ........................................................ 53 Connect .............................................................................................. 54 Connect to CS ................................................................................. 55 Connect to Serial Ports ...........................................
Contents Step 3: Port Profile ......................................................................... 90 Step 4: Access ................................................................................. 93 Step 5: Data Buffering .................................................................... 98 Step 6: System Log ....................................................................... 103 Chapter 6: Configuring the CS in Expert Mode... 107 Overview of Menus and Forms .................................
Configuring an Ethernet PCMCIA Card ................................... 171 Configuring a PCMCIA Compact Flash Card or a PCMCIA Hard Disk Drive ................................................................................. 172 Configuring a Wireless LAN PCMCIA Card ........................... 174 Configuring a CDMA PCMCIA Card ...................................... 176 Ejecting a PCMCIA Card ......................................................... 178 VPN Connections ....................................
Contents General ...................................................................................... 243 Connection Profiles ................................................................... 244 Console Access Server (CAS) Profile Connection Protocols ... 245 Terminal Server (TS) Profile Connection Protocols ................. 245 Bidirectional Telnet Protocol .................................................... 247 Modem and Power Management Connection Protocols ........... 248 Access ................
formation ................................................................ 323 Safety Guidelines for Rack-Mounting the CS ................................. 323 Safety Precautions for Operating the Advanced Console Server ..... 324 Working inside the Advanced Console Server ................................ 326 Replacing the Battery ....................................................................... 326 FCC Warning Statement ..................................................................
Contents x
Tables Table v-1: Table v-2: Table 1-1: Table 1-2: Table 1-3: Table 1-4: Table 1-5: Table 1-6: Table 1-7: Table 1-8: Table 1-9: Table 2-1: Table 2-2: Table 2-3: Table 2-4: Table 3-1: Table 3-2: Table 3-3: Table 3-4: Table 3-5: Table 3-6: Table 3-7: Table 4-1: Typographic Conventions................................................ 3 Other Terms and Conventions ......................................... 4 Model Numbers and Configuration Options ................... 8 CS Supported Authentication Methods ......
Tables Table 4-2: Table 4-3: Table 4-4: Table 4-5: Table 5-1: Table 5-2: Table 5-3: Table 5-4: Table 5-5: Table 5-6: Table 5-7: Table 5-8: Table 6-1: Table 6-2: Table 6-3: Table 6-4: Table 6-5: Table 6-6: Table 7-1: Table 7-2: Table 7-3: Table 7-4: Table 7-5: Table 7-6: Table 7-7: Table 8-1: xii Administrator > Web Manager Buttons......................... 70 Administrator > Options for Trying, Saving, and Restoring Configuration Changes..................................................
Table 8-2: Table 8-3: Table 8-4: Table 8-5: Table 8-6: Table 8-7: Table 8-8: Table 8-9: Table 8-10: Table 8-11: Table 8-12: Table 8-13: Table 8-14: Table 8-15: Table 8-16: Table 8-17: Table 8-18: Table 9-1: Table 9-2: Table 9-3: Table 9-4: Table 9-5: Table 9-6: Table 9-7: Table 9-8: Table 10-1: Expert > Host Settings Form Fields ............................ 155 Expert > Form Fields for a Modem Card .................... 164 Expert > Form Fields for an ISDN Card .....................
Tables Table 10-2: Expert > Console Connection Protocols...................... 245 Table 10-3: Expert > Terminal Server (TS) Connected Protocols.. 246 Table 10-4: Expert > Protocols for Serial Ports Connected to Modems or IPDUs ....................................................... 248 Table 10-5: Expert > Access Form Fields ...................................... 262 Table 10-6: Expert > Authentication Methods ...............................
Figures CS Front with PCMCIA Card Slots .............................. 8 Figure 1-2: CS Back with Connectors ............................................. 8 Figure 1-3: BLACK BOX® CS family of Advanced Console ......... Servers........................................................................... 9 Figure 1-4: CS Connectors............................................................. 10 Figure 1-5: IPDU Integration With CS .......................................... 26 Figure 2-1: CS Setup Example ....
Figures Figure 4-1: Figure 4-2: Figure 4-3: Figure 4-4: Figure 4-5: Figure 4-6: Figure 5-1: Figure 5-2: Figure 5-3: Figure 5-4: Figure 5-5: Figure 5-6: Figure 5-7: Figure 5-8: Figure 5-9: Figure 5-10: Figure 5-11: Figure 5-12: Figure 5-13: Figure 5-14: Figure 5-15: Figure 6-1: Figure 7-1: Figure 7-2: Figure 7-3: Figure 7-4: Figure 7-5: Figure 7-6: xvi ..................................................................................... 64 Administrator > Web Manager Buttons ......................
Figure 7-7: Figure 7-8: Figure 7-9: Figure 7-10: Figure 7-11: Figure 7-12: Figure 7-13: Figure 7-14: Figure 7-15: Figure 7-16: Figure 7-17: Figure 7-18: Figure 7-19: Figure 7-20: Figure 7-21: Figure 7-22: Figure 7-23: Figure 7-24: Figure 7-25: Manager..................................................................... 124 Expert > Outlets Manager Icons ............................... 125 Expert > Edit Outlets Dialog Box ............................. 125 IPDU Power Mgmt. > View IPDUs Info .................
Figures Figure 7-26: Figure 8-1: Figure 8-2: Figure 8-3: Figure 8-4: Figure 8-5: Figure 8-6: Figure 8-7: Figure 8-8: Figure 8-9: Figure 8-10: Figure 8-11: Figure 8-12: Figure 8-13: Figure 8-14: Figure 8-15: Figure 8-16: Figure 8-17: xviii Box ............................................................................ 149 Expert > Terminal Profile Menu Example ................
Figure 8-18: Figure 8-19: Figure 8-20: Figure 8-21: Figure 8-22: Figure 8-23: Figure 8-24: Figure 8-25: Figure 8-26: Figure 8-27: Figure 8-28: Figure 8-29: Figure 8-30: Figure 8-31: Figure 8-32: Expert > “New/Mod SNMP v1 v2 Configuration” Dialog Box ................................................................ 186 Expert > “New/Mod SNMP v3 Configuration” Dialog Box ............................................................................ 186 Expert > Network > Firewall Configuration.............
Figures Figure 8-33: Firewall Configuration “Add Rule” and “Edit Rule” Figure 8-34: Figure 8-35: Figure 8-36: Figure 8-37: Figure 8-38: Figure 8-39: Figure 8-40: Figure 8-41: Figure 8-42: Figure 9-1: Figure 9-2: Figure 9-3: Figure 9-4: Figure 9-5: Figure 9-6: Figure 9-7: Figure 9-8: Figure 9-9: xx UDP Protocol Fields ................................................. 196 Firewall Configuration “Add Rule” and “Edit Rule” ICMP Type Menu Options ........................................
Expert > Administration > Time/Date ..................... 226 Figure 9-11: Expert > Security > Authentication > Kerberos........ 227 Figure 9-12: Expert > Security > Authentication > NIS................ 228 Figure 9-13: Expert > Security > Security Profile ........................ 228 Figure 9-14: Expert > Physical Ports Default Factory Settings .... 232 Figure 9-15: Security Profile and Serial Ports Configuration Alert232 Figure 9-16: Serial Ports Protocol Incompatibility Dialog Box ....
Figures Figure 10-13: Connection Protocols > Terminal Server .................. 253 Figure 10-14: Expert > Ports > Physical Ports > Modem Connection Active Tabs................................................................ 254 Figure 10-15: Expert > Ports > Physical Ports > Modem Connection . ................................................................................... 255 Figure 10-16: Connection Protocols > Modem ..............................
Figure 10-33: Expert > Ports > Virtual Ports > New/Modify Port Dialog Box ................................................................ 285 Figure 10-34: Expert > Applications > Connect > Serial pull-down menu.......................................................................... 287 Figure 10-35: Expert > Ports > Virtual Ports > New/Modify Port Dialog Box ................................................................
Figures xxiv
Procedures T T T T T T T T T T T T T T T T T T T T T T T T To check Java Plug-in Support in the Browser.......................................... 35 To Install JRE Version 1.4.2 or later and Register the Plug-in.................. 35 To rack-mount CS, perform the following steps: ...................................... 37 To Make an Ethernet Connection .............................................................. 38 To Connect Devices to Serial Ports ........................................................
Procedures T T T T T T T T T T T T T T T T T T T T T T T T T T T T T xxvi To Log Into the Web Manager................................................................... 72 To Select or Configure a Security Profile.................................................. 84 To configure the Network Settings ............................................................ 89 To Set Parameters for All Serial Ports....................................................... 92 To Add a User.............................
T T T T T T T T T T T T T T T T T T T T T T T T T T T T T T T T To Configure Host Settings [Expert] ....................................................... 157 To Configure Syslogging for Serial Ports and Specify Message Filtering .... .................................................................................................................. 160 To Configure a PCMCIA Card ................................................................ 162 To Configure a Modem PCMCIA Card..........................
Procedures T T T T T T T T T T T T T T T T T T T T T T T T T T T T xxviii To Select One or More Serial Ports ......................................................... 242 To Enable or Disable Serial Ports........................................................... 243 To Configure a Serial Port Connection Protocol for a Console Connection . ..................................................................................................................
T T T T T To Back Up or Restore the Configuration Files using an FTP Server..... 314 To Back Up or Restore the Configuration Files using a Storage Device 315 To Upgrade the CS’s firmware ................................................................ 317 To Reboot the CS..................................................................................... 318 To Configure the Online Help Path .........................................................
Procedures xxx
Before You Begin This installation, administration, and user’s guide provides background information and procedures for installing, configuring, and administering the BLACK BOX® Advanced Console Server and for accessing connected servers and other connected devices. Audience This manual is intended for installers and system administrators of the CS and for users who may be authorized to connect to devices, to manage power through the CS, and to monitor the CS’s temperature.
Before You Begin 3: Web Manager for Regular Users Describes how authorized users use the Web Manager to access devices that are connected to ports on the CS. 4: Web Manager for Administrators Explains how the CS administrator uses the Web Manager to add and delete users, define port access, and perform other common administration tasks. 5: Configuring CS in Wizard Mode Describes the 6-step procedure to configure the Advanced Console Server in Wizard mode.
Related Documents 10: Ports Menu & Forms Provides an overview of each form associated with the “Ports” menu, describes the functionality of the individual elements in each form, and provides stepby-step configuration procedures. 11: Administration Menu & Forms Provides an overview of each form associated with the “Administration” menu, describes the functionality of the individual elements in each form, and provides step-by-step configuration procedures.
Before You Begin Table v-1: Typographic Conventions Typeface Meaning Example Emphasis Titles, emphasized or new words or terms See the Advanced Console Server Quick Start. Filename or Command Names of commands, files, and directories; onscreen computer output. Edit the pslave.conf file. User type What you type in an example, compared to what the computer displays [root] ifconfig eth0 The following table describes other terms and conventions.
Introduction This chapter introduces the Advanced Console Server family of advanced console servers, provides an overview of its features, and briefly describes the features for understanding the information and procedures in the rest of this manual.
Introduction Administering Users of Connected Devices Page 22 Power Management Page 23 Overview The Advanced Console Server is a 1U device that serves as a single access point for using and administering servers and other devices. The following figure shows the front of the CS with its two PCMCIA card slots, and the back of a LS1032A with its Serial, Ethernet, and Console ports.
Product Models and Configurations Table 1-1: Model Numbers and Configuration Options Model Number Serial Ports LS1008A 8 LS1016A 16 LS1032A 32 LS1048A 48 The following figure illustrates the BLACK BOX® family of advanced console servers.
Introduction Connectors on the BLACK BOX® CS The following figure depicts the connectors on the back of a LS1008A. Serial Ports Power Supply Ethernet Port Console Port Figure 1-3: LS1008A Connectors The number of serial ports and power supplies depends on the model, see table 1-1 for model numbers and configurations options. Accessing CS and Connected Devices You can access CS and the connected servers or devices locally or remotely using any of the following methods.
Web Manager Note: If there are cron jobs running through automated scripts, a “root” or “admin” user login can cause the automated cron jobs to fail. Make sure that the users with administrative privileges are aware of this. Web Manager CS administrators perform most tasks through the Web Manager either locally or from a remote location. The Web Manager runs in a browser and provides a real-time view of all the equipment that is connected to the CS.
Introduction • • Make an inquiry to the DHCP server on the subnet that the CS resides, using the MAC address (The MAC address is labeled at the bottom of the CS). • Connect to CS remotely using Telnet or SSH and use the ifconfig command. • Connect directly to the CS and use the ifconfig command through a terminal emulator application. A user account must be defined on the Web Manager. By default, the “admin” has an account on the Web Manager.
Authentication Authentication CS supports a number of authentication methods that can help the administrator with the user management. Authentication can be performed locally or with a remote server, such as RADIUS, TACACS+, LDAP, or Kerberos. An authentication security fallback mechanism is also employed, should the negotiation process with the authentication server fails. In such situations, the CS follows an alternate defined rule when authentication server is down or does not authenticate the user.
Introduction 12 Authentication Type Definition Local/TACACS+ Authentication is performed locally first, switching to TACACS+ if unsuccessful. Local/NIS Authentication is performed locally first, switching to NIS if unsuccessful. NIS NIS authentication is performed. NIS/Local NIS authentication is tried first, switching to Local if unsuccessful. NISDownLocal Local authentication is performed only when the NIS server is down.
VPN VPN The CS administrator can set up VPN connections to establish an encrypted communications between the CS and a host on a remote network. The encryption creates a security tunnel for a dedicated communications. You can use the VPN features on CS to create the following types of connections: • A secure tunnel between CS and a gateway at a remote location so every machine on the subnet at the remote location has a secure connection with CS.
Introduction Chain A chain is a named profile that includes one or more rules that define the following: • A set of characteristics to look for in a packet • What to do with any packet that has all the defined characteristics The CS filter table contains a number of built-in chains. The CS administrator can define additional chains and can edit the built-in chains. The built-in chains are referenced according to the type of packet they handle as shown in the following list: • INPUT - For incoming packets.
Packet Filtering on CS Add Rule and Edit Rule Options When you add or edit a rule you can define any of the options described in the following table. Table 1-3: Filter Options for Packet Filtering Rules Filter Options Description Source IP and Mask Destination IP and Mask If you specify a source IP, incoming packets are filtered for the specified IP address. If you specify a destination IP, outgoing packets are filtered for the specified IP address.
Introduction packets arriving from any other source IP address than the one specified are dropped. Numeric Protocol Options If you select Numeric as the protocol when specifying a rule, you need to specify the desired number. TCP Protocol Options If you select TCP as the protocol when specifying a rule, you can define the following options.
Packet Filtering on CS UDP Protocol Options When you select UDP as a protocol when specifying a rule, you can select the UDP options defined in the following table. Table 1-5: UDP Protocol Packet Filtering Options Field Definition Source Port - OR Destination Port Specify a source or destination port number for filtering in the “Source Port” or “Destination Port” field. You can specify a source or destination port number for filtering in the “Source Port” field.
Introduction • • • • • • • • • • • • • precedence-cutoff source-quench redirect network-redirect host-redirect TOS-network-redirect TOS-host-redirect echo-request router-advertisement router-solicitation time-exceeded ttl-zero-during-transit ttl-zero-during-reassembly • parameter-problem • ip-header-bad • required-option-missing • timestamp-request • timestamp-reply • address-mask-request • address-mask-reply Target Actions The “Target” is the action to be performed on an IP packet that mat
Packet Filtering on CS If the “LOG” and “REJECT” targets are selected, additional options are available. The following table describes the options for the “LOG” Target. Table 1-6: LOG Target Action Options Options Definition Log Level emerg alert crit err warning notice info debug Log Prefix The prefix to use in the log entry. TCP Sequence Includes the TCP sequence in the log. TCP Options Includes TCP options in the log. IP Options Includes IP options in the log.
Introduction Firewall Configuration Procedures The following table has links to the procedures for defining packet filtering using the Web Manager. To Add a Chain Page 199 To Edit a Chain Page 199 To Add a Rule Page 200 To Edit a Rule Page 201 SNMP The CS administrator can activate Simple Network Management Protocol (SNMP) agent that resides on the CS so that the SNMP agent sends notifications about significant events or traps to an SNMP management application.
Notifications, Alarms, and Data Buffering Notifications, Alarms, and Data Buffering The CS administrator can setup logging, notifications, and alarms to alert administrators about problems. System generated messages on CS and the connected servers or devices can be sent to syslog servers for handling. The administrator can also configure data buffering to store data from communication on serial ports for monitoring.
Introduction An Example of Using Facility Numbers The syslog system administrator sets up a server called “syslogger” to handle log messages from two CS boxes. One CS is located in São Paulo, Brazil, and the other in Fremont, California. The syslog server’s administrator wants to aggregate messages from the São Paulo CS into the local1 facility, and to aggregate messages from Fremont CS into the local2 facility.
CS and Power Management Configuring Access to Connected Devices During hardware installation of CS, the installer connects the servers, devices, and any IPDUs to the serial ports. During software configuration, the CS administrator performs the common tasks listed in the following table. Table 1-7: Tasks for Configuring Access to Connected Devices Task Where documented Configure a serial port connection protocol for a console connection Page 246 Configure user access to serial ports.
Introduction • • • commands. Authorized users can also perform IPMI power management of serially-connected devices. The CS uses IPMI V1.5. Remote power management of devices that are plugged into an IPDU that is connected to CS The intelligent power distribution unit (IPDU) can be an AlterPath PM connected to any serial port. Up to 128 IPDU outlets can be daisychained. The diagram below shows a typical setup of the CS and an AlterPath PM unit.
CS and Power Management The following table list the tasks for power management and where they are described.
Introduction Options for Managing Power The sections listed below describe the different ways that the authorized users can perform power management through CS. • From forms in the Web Manager • From a power management screen while logged into a device • From the command line while logged into CS An authorized user with administrative privileges can perform IPDU and IPMI power management. A Regular User with permissions to the connected devices can perform IPDU power management.
Chapter 2 Installation and Configuration This chapter covers the topics listed in the following table. Shipping Box Contents Page 28 Important Pre-Installation Requirements Page 32 Basic Installation Procedures Page 34 Other Methods of Accessing the Web Manager Page 45 Installing PCMCIA Cards Page 46 Connecting AlterPath PM IPDUs Page 47 The following figure illustrates an example of an CS configured with connected devices.
Installation and Configuration Figure 2-1: CS Setup Example Shipping Box Contents The shipping box contains the CS along with the items shown in Table 2-1 and Table 2-2 for CS4 through CS48, and CS1 respectively. The entry for each part provides an illustration, its part number, description, and purpose. You can use checkboxes to check off each item, and you can use the part numbers from this table to reorder any of the parts.
Shipping Box Contents R Item Description Purpose 3. Power cable. To connect the CS to a power source. 4. RJ45 to DB25F crossover adapter To connect the console port to a computer that has a DB-25 male connector. 5. RJ45 to DB25M crossover adapter To connect the console port to a computer that has a DB-25 female connector. 6. RJ45 to DB9F crossover adapter To connect the console port to a computer that has a DB-9 connector. 7.
Installation and Configuration R Description Purpose 9. RJ45 to DB25M straight-thru cable Use for modems and other DCE devices. 10. DB25F Loopback Use to test and diagnose serial ports. 11. 2 - Mounting brackets with 10 - screws (2 spares) Use to mount the CS to a rack or cabinet.
Shipping Box Contents Table 2-2: Shipping Box Contents for LS1001A R Item Description Purpose 1. Documentation CD PDF copies of this guide. 3. RJ45 to DB9F crossover adapter To connect the console port to a computer that has a DB-9 connector. 4. DB25F Loopback Use to test and diagnose serial ports. 5. 3.5mm Block Plug Use to establish RS-485 connection. 6. DB9F to DB25M adapter Use to convert serial port connectors. 7. Bumpon Protect Pads Adhesive pads to protect and stabilize CS1.
Installation and Configuration RJ45 to RJ45 7ft. CAT5 cable 8. Use for the following: • To connect a device or an IPDU to a serial port. • To connect an Ethernet port to the LAN. • To connect a terminal to a console port. 9. DB9F to DB25F crossover cable To connect the RS-232 serial port to a computer that has a DB-25 male connector. 10. Power Supply Power supply. +5V/2.5A Power Cable 6ft. 2-Pin 11. To connect the CS to a power source.
Important Pre-installation Requirements Java Plug-In Requirement for Serial Port Access The JRE version 1.4.2 or later must be installed for a user to be able to access a serial port using the Java applet viewing window. After you download and install J2RE version 1.4.2 or later, check your browser configuration to see if the Java plug-in is configured with your browser. T To check Java Plug-in Support in the Browser 1. To check Internet Explorer on Windows, do the following steps. a.
Installation and Configuration If needed, download the JRE from http://java.com. The web site automatically checks your configuration and installs the latest version of JRE if one is not available. 2. If JRE is already installed on your system and you just want to activate your browser, do the following steps. a. Go to your system's Control Panel > Java Plug-in > Browser b. Enable the browser(s) for Java Plug-in. c. Test your browser(s) to see if the correct Java Plug-in is being used.
Basic Installation Procedures Mounting the CS You can mount the CS on a wall, rack, or cabinet, or place it on a desktop or other flat surface. Two brackets are supplied with six hex screws for attaching the brackets to CS for mounting. See item 14 in the shipping content section. • • T If you are not mounting the CS, place the unit on a desk or table. If you are rack-mounting the CS, obtain a hex screwdriver and appropriate nuts and bolts before starting the following procedure.
Installation and Configuration T To Make an Ethernet Connection 1. Connect the RJ-45 end of the cable to the port labeled “Console” on the CS. 2. Connect the adapter end of the cable to the console port of your server or device. 3. Connect a patch cable from the CS port labeled 10/100Base-T to an Ethernet hub or switch. Connecting Servers and Other Devices to CS The following sections describes the recommended preparation for connecting servers or devices to CS.
Basic Installation Procedures Making a Direct Connection to Configure the Network Parameters. Perform the following steps to connect a terminal or a computer to the console port of the CS. This procedure assumes you know how to use a terminal or terminal emulation program. On a PC, ensure that HyperTerminal or another terminal emulation program is installed on the Windows operating system.
Installation and Configuration Note: If your CS model is equipped with dual power supplies, make sure you turn both power switches on. After system initialization, a beep sound may warn if one of the power supplies is off. T To Turn Power On Connected Devices • Turn on the power switches of the connected devices only after you have completed the physical connection to CS.
Basic Installation Procedures Note: It is strongly recommended to change the default password “bb” before setting up the CS for secure access to the connected servers or devices. T To Change the root password 1. Enter the passwd command. [root@CAS root]# passwd d. Enter a new password when prompted. New password: new_password Re-enter new password: new_password Password changed The following Security Advisory appears the first time CS is powered on, or when the unit is reset to factory default parameters.
Installation and Configuration Figure 2-2: Security Advisory Console Message Important - Security Advisory! Console Management provides critical access to management features of attached equipment. Please take the required precautions to understand the potential impacts this device may have to your SECURITY policies. From factory, this device is configured as follows: - single password for ROOT; - all serial port DISABLED; - DHCP, Telnet, SSHv1 & SSHv2 and HTTP & HTTPS enabled.
Basic Installation Procedures As shown in the sample screen below, the system brings up the configuration wizard banner and begins running the wizard. 2. At the prompt, enter n to change the defaults. Set to defaults (y/n)[n]: n 3. Press Enter to accept the default hostname, otherwise enter your own hostname. Hostname [CAS]: fremont_branch_CS 4. Press Enter to keep DHCP enabled, or enter “n” to specify a static IP address for CS. By default, CS uses the IP address provided by the DHCP server.
Installation and Configuration 5. To change the default static IP address, see your network administrator to obtain a valid IP address. System IP[192.168.160.10]: CS_IP_address 6. Enter the domain name. Domain name[blackbox.com]: domain_name 7. Enter the IP address for the Primary DNS (domain name) server. Primary DNS Server[192.168.44.21] : DNS_server_IP_address 8. Enter the IP address for the gateway. Gateway IP[eth0] : gateway_IP_address 9. Enter the netmask for the subnetwork.
Basic Installation Procedures Note: To use the Web Manager, ask your system administrator for the CS’s IP address. CS may be set up with a static IP address at your site. By default, CS uses the IP address provided by the DHCP server. If your network does not use DHCP, then CS defaults to 192.168.160.10. Selecting A Security Profile Using the Web Manager After the initial configuration, connect to the Web Manager by entering the IP address of the CS in a supported browser.
Installation and Configuration • Access the serial ports and the connected devices. Adding Users and Configuring Ports Using the Web Manager Enabling Ports and Assigning Users. Note: From the factory, CS is configured with all serial ports disabled. • The administrator can add users, enable or disable the serial ports, and select and assign specific users to individual ports.
Other Methods of Accessing the Web Manager Other Methods of Accessing the Web Manager You can access the Web Manager using one of the following methods. Note: The following methods require additional setup and configuration, which could be specific to your site’s network configuration.
Installation and Configuration 2. Bring up a browser on the computer whose address you changed, enter the CS’s default IP address, http://192.168.160.10 to bring up the Web Manager, and log in. Installing PCMCIA Cards The front panel of the CS has two PCMCIA card slots as shown in the following figure. You can insert and configure one card in each of the slots. See Appendix C, “Supported PCMCIA Cards". PCMCIA Slots Figure 2-3: Front Panel PCMCIA Card Slots T To Install a PCMCIA Card 1.
Connecting AlterPath PM IPDUs Figure 2-4: PCMCIA Eject Button in Web Manager 2. Physically remove the card from the slot. T To Configure a PCMCIA Card See Chapter 8, “To Configure a PCMCIA Card”, and the sections related to the type of card you need to configure. Connecting AlterPath PM IPDUs You can connect AlterPath Power Management (PM) intelligent power distribution units (IPDUs) to the serial ports on the CS using an RJ-45 to RJ45 UTP cable.
Installation and Configuration Figure 2-5: AlterPath PMs Connected to the CS The following table lists the related tasks on connecting IPDU units and managing power. Table 2-4: Tasks Related to Connecting AlterPath PMs Task Where Documented Configure serial ports for power management protocol. “To Configure a Serial Port for IPDU or IPMI Power Management” on page 274 How the administrators perform IPDU power “IPDU Power Mgmt.
Chapter 3 Web Manager for Regular Users This chapter describes the requirements and the procedures for “Regular Users” to use the Web Manager. Regular users are those who have configured accounts on the CS with limited access rights. Regular users can perform the following tasks using the Web Manager. • Access computers and devices that are connected to the serial ports on the CS. • Perform IPDU power management. • Change their current password. This chapter contains the following sections.
Web Manager for Regular Users The CS administrator can use the Web Manager to configure users and ports. An authorized user can access connected devices through the Web Manager to troubleshoot, maintain, recycle power, and reboot connected devices. T Logging in to the Web Manager 1. Connect your web browser to CS by typing in the Console Access Server’s IP address (e.g., https://10.10.10.10) provided to you by your system administrator in your internet browser.
Features of Regular User Forms Features of Regular User Forms The following figure shows features of the Web Manager when regular users log in. Form area Logout button and CS information area Menu Figure 3-2: Regular User Form The form in the middle changes according to which menu option is selected. The following table illustrates the functions that are common to all the forms. Table 3-1: Common Screen Information Form Area Purpose Click this button to log out.
Web Manager for Regular Users Table 3-1: Common Screen Information (Continued) Form Area Purpose Displays the hostname and IP address assigned during initial configuration, and the model number of the CS. Brings up the online help. Connect When you select the “Connect” option, the following form appears. Figure 3-3: Regular User > Connect Form You can use this form to connect to the CS console, or to one of the serial ports as described in the following sections.
Connect Connect to CS When you click the “Connect to CS” radio button on the “Connect” form, a Java applet viewer appears running an SSH session on the CS. The following figure shows the Java applet when you connect to the CS. Note in the “Connected to” message in the below figure at the top of the screen the IP address of the CS followed by the session type, in this case “SSH”.
Web Manager for Regular Users Table 3-2: (Continued)Java Applet Buttons Button Purpose To disconnect from the Java applet Select the left icon to reconnect to the server or device; or select the right icon to end the session and disconnect from the Java applet. Connect to Serial Ports The list of serial ports includes the port names or administrator-defined aliases only for ports you have permission to access.
Connect depending on your requirements. The following table shows the protocols the CS administrator can choose for the serial ports. Table 3-3: Serial Ports Connection Protocols Connection Type Protocol Console Access Server (CAS) Telnet, SSH, Telnet&SSH, Raw Terminal Server (TS) Telnet, SSHv1, SSHv2, Local Terminal, Raw Socket Dial-up PPP-No Auth.
Web Manager for Regular Users T To Use SSH to Connect to a Device Through a Serial Port For this procedure, you need the username configured to access the serial port, the TCP port number, and the hostname of the CS or its IP address. • To use SSH in a shell, enter the following command: ssh -l username:TCP_port_number CS_IP_address T To Close an SSH Session Enter the hotkey defined for the SSH client followed by a dot “.”. The default is “~.
IPDU Power Mgmt. Outlets Manager When you go to IPDU Power Mgmt.>Outlets Manager tab, the message shown in the following figure appears if, 1- You do not have permission to manage power on any of the AlterPath PM outlets or, 2- CS cannot detect an AlterPath PM that has been configured for power management. Contact the CS administrator for help, if you see this message.
Web Manager for Regular Users The form shows separate entries for each serial port configured for power management, a name for the configured serial port if one is defined by the administrator, and the number of IPDUs connected. The matrix displays a line item for each outlet you are authorized to manage. The authorized user can do the following for any listed outlet: • Edit the outlet name. Enter a name to identify the server or device plugged into the outlet. • Edit the power up interval.
IPDU Power Mgmt. View IPDUs Info When you go to IPDU Power Mgmt.>View IPDUs Info, the form appears as shown in the following figure. Figure 3-8: Regular User > View IPDUs Info The following information is displayed for each port that is configured for power management. Table 3-5: Regular User > Information on the View IPDUs Info Form Description Example Name Either a default name or administrator-configured name. PM Number of Units The number of IPDUs connected to the port.
Web Manager for Regular Users Table 3-5: Regular User > Information on the View IPDUs Info Form Over Current Protection Description Example Whether over current protection is enabled (to prevent outlets from being turned on if the current on the IPDU exceeds the specified threshold). OFF Description Example Model AlterPath PM model number PM8 15A Software Version PM firmware version 1.5.0 Alarm Threshold Number of amperes that triggers an alarm or syslog message if it is reached 15.
IPDU Multi-Outlet Ctrl power supply device is connected to are on the same PM or not, the outlets can be grouped together and managed simultaneously from this form. When you select IPDU Multi-Outlet Ctrl form, the following figure appears if, 1. There is no multi-outlet device defined. 2. Power Management is not enabled for the serial port the device is connected to. 3. CS cannot detect an AlterPath PM that has been configured for power management.
Web Manager for Regular Users Figure 3-10: Regular User > IPDU Multi-Outlet (with permissions) Notice in the above figure that the first line of each group, the light bulb, the lock icon, and the Cycle button operate over the entire group. The light bulb and lock icons next to the individual outlets are used to display the status of each outlet but cannot be used to control the individual outlets. The following table describes the icons in the first line of each group.
Security outlet in the group turns on only after the power up interval specified for the current outlet has elapsed. This parameter can be configured through the IPDU Power Mgmt. form. See “To Close an SSH Session” on page 56. Security When you select the “Security” menu option, the following form appears. . Table 3-7: Regular User > Password Management Form T To Change Your Password 1. Select the “Security” option from the menu panel. The “Security” form appears. 2.
Web Manager for Regular Users 64
Chapter 4 Web Manager for Administrators Overview This chapter is for system administrators who use the Web Manager to configure the CS and its users. For information on how to configure CS using vi or Command Line Interface (CLI), please consult the BLACK BOX® CS Installation, Administration, and User’s Guide. The CS Web Manager for administrators describes two modes of operation, Wizard and Expert. This chapter provides an overview of the Web Manager forms.
Web Manager for Administrators BLACK BOX® Web Manager CS administrators perform most tasks through the BLACK BOX® Web Manager either locally or from a remote location. The Web Manager provides a real-time view of the equipment that is connected to the CS. The CS administrator can use the Web Manager to configure users and ports. An authorized user can access connected devices through the Web Manager to troubleshoot, maintain, recycle power, and reboot connected devices.
Common Tasks for CS Administrators Common Tasks for CS Administrators The following table shows some of the common tasks that are performed by an administrator and links to the process and procedure for performing the task. Table 4-1: Administrator > Common Administrative Tasks Task Where Documented Set up users and groups to access connected devices. “Users and Groups” on page 208 Set up user authentication to access serial ports. “Access” on page 259 Configure serial ports for power management.
Web Manager for Administrators Common Features of Administrator Forms The common features of all Web Manager forms for CS administrators are described in the following sections. • Buttons and CS Information • Getting more information Buttons and CS Information The following figure shows the control buttons that display at the bottom of the form when the logged in user is an administrator. Figure 4-1: Administrator > Web Manager Buttons The following table describes the uses for each control button.
Common Features of Administrator Forms Table 4-2: Administrator > Web Manager Buttons Button Name Use The unsaved changes button appears on the lower right hand corner of the Web Manager and a graphical LED blinks red whenever the current user has made any changes and has not yet saved the changes. The no unsaved changes button appears and a graphical LED appears in green when no changes have been made that need to be saved.
Web Manager for Administrators The following table illustrates the information that displays in the upper right corner of all Web Manager forms. Table 4-4: Administrator > Logout Button and Other Information in the Upper Right Form Area Purpose Click this button to log out. Displays the hostname, IP address assigned during initial configuration, and the model number of the Advanced Console Server.
Logging Into the Web Manager Figure 4-2: Administrator > Web Manager Login Form 2. Log in as “root” and type in the root password. The default password is “bb”. Caution: It is important to change the “root” password as soon as possible to avoid security breaches. If another administrator is already logged in, the dialog box shown in the following screen example appears.
Web Manager for Administrators Figure 4-3: Administrator > Multi Administrator Login Message 3 Click the appropriate radio button and then click Apply. Note: The following Security Advisory appears the first time CS is accessed. Browser’s pop-up blocker should be disabled for this dialog box to appear.
Overview of Administrative Modes Figure 4-4: Administrator > Security Advisory Message Overview of Administrative Modes The CS Web Manager operates in two modes: 1. Wizard 2. Expert In Wizard mode, the Expert button displays. In Expert mode, the Wizard button displays. Clicking these buttons toggles between Wizard and Expert mode. Expert is the default mode.
Web Manager for Administrators Wizard Mode The Wizard mode is designed to simplify the setup and configuration process by guiding the administrator through six configuration steps. When you log in to CS as an administrator or as a user with administrative privileges, by default the system point to Expert Mode>Ports>Ports Status form. To change to the Wizard Mode, click on the “Wizard” button located in the left bottom corner of the menu panel.
Overview of Administrative Modes menu bar in the Expert Mode to support more detailed and customized configuration. In Expert mode the top menu bar contains the primary commands, and the left menu panel contains the secondary commands. Based on what you select from the top menu bar, the left menu selections will change accordingly. Occasionally, an Expert Mode menu selection has multiple forms, which are identified by tabs such as the one shown in Figure 4-6.
Web Manager for Administrators Table 4-5: Administrator > CS Configuration and Expert Menus Chapters 76 Security Menu [Expert] Chapter 9 Ports Menu [Expert] Chapter 10 Administration Menu [Expert] Chapter 11
Chapter 5 Configuring CS in Wizard Mode There are six configuration steps displayed in the menu panel of the Web Manager in Wizard mode. The following table lists the sections where the steps are described.
Configuring CS in Wizard Mode Note: SSH root access is enabled when the security profile is set to “Moderate” or “Open”. If a “Secured” security profile is selected, you need to switch to a “Custom” security profile, and enable “allow root access” option. 2. Moderate - The Moderate profile is the recommended security level. This profile enables SSHv1, SSHv2, HTTP, HTTPS, Telnet, SSH and Raw connections to the Serial Ports. In addition, ICMP and HTTP redirection to HTTPS are enabled.
Table 5-1: Wizard > Enabled services to access the CS under each security profile. Secure Moderate Open Default1 3 Telnet 3 3 3 3 3 3 Allow SSH root access 3 3 3 HTTP 3 3 3 3 3 3 SSHv1 SSHv2 HTTPS Custom 3 3 3 HTTP redirection to HTTPS User Configurable Access to CS 3 1-The Default security profile parameters are the same as Moderate profile. Table 5-2: Wizard > Enabled services to access the serial ports under each security profile.
Configuring CS in Wizard Mode Table 5-3: Wizard > Enabled protocols for each security profile shown with a check mark. Secure Moderate Open SNMP 3 RPC 3 3 ICMP 3 Default1 Custom 3 FTP IPSec User Configurable Other Services 1-The Default security profile parameters are the same as Moderate profile. The first step in configuring your Advanced Console Server is to select a Security Profile. One of the following situations is applicable when you boot the CS unit. 1.
Serial Port Settings and Security Profiles All serial ports on CS units shipped from the factory are disabled by default. The administrator can enable ports individually or collectively and assign specific users to individual ports. The following figure shows the default factory settings of serial ports.
Configuring CS in Wizard Mode T To Select or Configure a Security Profile The following procedure assumes you have installed a new CS at your site, or you have reset the unit to factory default. 1. Enter the assigned IP address of the CS in your browser and login as an administrator. The following security warning dialog box appears.
Note: Your browser’s pop-up blocker should be disabled for this dialog box to appear. 2. Review the Security Advisory and click the “Close” button. 3. The Web Manager is redirected to Wizard > Step 1: Security Profile. The following form is displayed. Figure 5-4: Wizard > Step 1: Security Profile Form 4. Select a pre-defined Security Profile by pressing one of the “Secured”, “Moderate”, “Open”, or “Default” profiles, or create a “Custom” profile.
Configuring CS in Wizard Mode Figure 5-5: Custom Security Profile Dialog Box Caution: Take the required precautions to understand the potential impacts of each individual service configured under the "Custom" profile Refer to Table 5-1 on page 79, and the subsequent tables for a comparison of the available services in each security profile. Refer to the Glossary for a definition of the available services.
Note: It is not possible to continue working in the Web Manager without selecting a Security Profile. The following dialog box appears if you try to navigate to other sections of the Web Manager. 5. Once you select a security profile or configure a custom profile and apply the changes, the CS Web Manager restarts in order for the changes to take effect. The following dialog box appears. 6. Select “apply changes” to save the configuration to Flash. CS Web Manager restarts. 7.
Configuring CS in Wizard Mode In preparation to configure network settings collect the following information and proceed with the network configuration procedure. • Hostname • An IP address for CS • Domain name • DNS server’s IP address • Gateway IP address • Network mask • NTP server’s IP address (if you are using a time/date server) In Expert mode, under Network menu, you can specify additional networkingrelated information and perform other advanced configuration tasks.
Figure 5-7: Wizard > Step 2: Network Settings - DHCP enabled. T To configure the Network Settings 1. Select “Step 2: Network Settings.” The system brings up the DHCP form. By default DHCP is active. Note: If DHCP is enabled, a local DHCP server assigns CS a dynamic IP address that can change. The administrator chooses whether or not to use DHCP during initial setup. 2.
Configuring CS in Wizard Mode 5. Select the “Next” button, or proceed to “Step 3: Port Profile”. Step 3: Port Profile Selecting “Step 3: Port Profile” brings up a form for configuring the Console Access Profile (CAS). The protocol used to access the serial ports can be configured in this form. Figure 5-8: Wizard > Step 3: Port Profile In “Wizard” mode the system assumes that all devices will be connected to the serial ports with the same parameter values.
The following table lists the parameters with the available options and a brief description for each. Table 5-4: Wizard > Serial Port Profile Parameters and Usage Parameter Options Description Connection Protocol Console (Telnet) [Default] Console (SSH) Console (TelnetSSH) Console (Raw) Sets the protocol to be used to connect to devices that are connected to serial ports. Console (SSH) encrypts data and authentication information. Console (TelnetSSH) allows users to connect using either protocol.
Configuring CS in Wizard Mode Table 5-4: Wizard > Serial Port Profile Parameters and Usage (Continued) Parameter Options Description Authentication Required Check for enabled. If the “Authentication Required” is enabled, user authentication is enforced using the local passwd database. Unchecked for disabled. [Default] To specify other authentication methods such as RADIUS, TACACS+, LDAP, Kerberos, or NIS go to Expert mode and select Security>Authentication.
3. To change the parity, select “None,” “Odd” or “Even” from the “Parity” pull-down menu. The default is “None.” 4. To change the baud rate, select an option from 2400 to 921600 Kbps from the “Baud Rate” pull-down menu. The default is 9600, which is the most common baud rate for devices. 5. To change the data size, select an option from 5 to 8 from the “Data Size” pull-down menu. The default is 8. 6. To change the stop bits, select 1 or 2 from the “Stop Bits” pull-down menu. The default is 1. 7.
Configuring CS in Wizard Mode Figure 5-9: Wizard > Step 4:Access The Access form lists the currently defined Users and has “Add”, “Change Password”, and “Delete” buttons. In the Users list by default, there is a “root” account that cannot be deleted. The “root” has access privileges to all the Web Manager’s functionality as well as access to all the serial ports on the CS. Clicking the “Add” button, brings up the following form.
Figure 5-10:Wizard > Step 4: Access Add User Dialog Box The following table defines the information required in the fields. Table 5-5: Wizard > Add User Dialog: Field Names and Definitions Field Name Definition User Name The username for the account being added. Password and Repeat Password The password for the account. Group The choices in the “Group” menu are “Regular User” [Default] or “Admin.” Note: To configure a user to be able to perform administrative functions, select the “Admin” group.
Configuring CS in Wizard Mode Table 5-5: Wizard > Add User Dialog: Field Names and Definitions Field Name Definition Shell Optional. The default shell when the user makes an SSH or a Telnet connection. Choices are: sh [Default] or bash. Comments Optional notes about the user’s role or configuration. If you click the “Change Password” button, the following dialog box appears. Figure 5-11: Wizard > Step 4: Change Password Dialog Box T To Add a User 1. Select “Step 3: Access” The Access form displays.
b. To create an account with administrator privileges, select “Admin” from the “Group” pull-down menus. Note: To define a new group, switch to ”Expert” mode, and select Security > Users and Groups. 4. Select whether the user of this group is a NonBio or a BioUser. The BioUser group should only be selected if authentication is made through the AlterPath Bio (biometric authentication). 5. Enter the default shell in the “Shell” field (optional). 6.
Configuring CS in Wizard Mode 3. Click “Change Password.” The “Change User Password” dialog box displays. 4. Enter the new password in both fields, and click OK. 5. Click “apply changes.” Step 5: Data Buffering Selecting “Step 5: Data Buffering” brings up a form to allow logging the console data to a data buffer file either locally in CS or remotely to an external storage source such as an NFS server or Syslog server. The following figure shows the form when “Enable Data Buffering” is inactive.
CS’s flash memory or on the hard disk of an external server, such as an NFS or Syslog server. The following figure shows the form when Data Buffering is set to enabled, and the “Destination” is set to “Local”.
Configuring CS in Wizard Mode Figure 5-14:Wizard > Step 5: Data Buffering [Remote] The following table provides description for each field whether local or remote destination is selected. Table 5-6: Wizard > Data Buffering Field Names and Definitions Field Name Definition Destination Where the buffer files should be stored. Local, for example, flash, or Remote on a server. Mode For Local Destination - Select Linear for sequential files, or Circular for non-sequential format.
Field Name Definition File Size (Bytes) For Local Destination - Sets the value for this field to be greater than zero. Record the timestamp... If enabled, the system inserts a timestamp in the buffer. NFS File Path For Remote Destination - Includes the path where the data buffer file should be stored. Show Menu Defines the options you want to show in the menu of the buffer file. Note: Make sure that enough disk space is available to store the files in the location you select.
Configuring CS in Wizard Mode Note: You can perform advanced configuration in Expert mode including the option of setting up data buffering separately for individual or groups of serial ports. T To Configure Data Buffering 1. Select “Step 4: Data Buffering” 2. Click the “Enable Data Buffering” checkbox. The “Destination” pull-down menu appears. 3. Select a location for the data files from the “Destination” pull-down menu (either “Local” or “Remote”).
a. In the “NFS File Path” field, enter the pathname for the mount point of the directory where data buffer file is to be stored. For example, if the mount point directory’s pathname is /var/adm/ cslogs, enter /var/adm/cslogs in the field. Note: The NFS server must already be configured with the mount point shared (exported), and the shared directory from the NFS server must be mounted on the CS. b.
Configuring CS in Wizard Mode The form appears as shown in the following figure. Figure 5-15:Wizard > Step 6: System Log Note: To configure syslog with data buffering features for specific ports, switch to the Expert Mode, Ports > Physical Ports > Modify Selected Ports > Data Buffering. Before setting up syslogging, make sure an pre-configured syslog server is available on the same network as the CS. Obtain the following information from the syslog server’s administrator.
The System Log form displays. 2. From the Facility Number drop-down menu, select the facility number. 3. In the “New Syslog Server” field, enter the IP address of a syslog server, and then click the “Add” button. (Repeat this step until all syslog servers are listed.) 4. The new server(s) appear in the Syslog Servers list. 5. Click “apply changes.” T To Delete a Syslog Server 1.
Configuring CS in Wizard Mode Table 5-8: CS Configuration and Expert Menus Chapters 104 Network Menu [Expert] Chapter 8, “Network Menu & Forms Security Menu [Expert] Chapter 9, “Security Menu & Forms Ports Menu [Expert] Chapter 10, “Ports Menu & Forms Administration Menu [Expert] Chapter 11, “Administration Menu & Forms
Chapter 6 Configuring the CS in Expert Mode This chapter provides an overview of configuring the CS Web Manager in Expert Mode. The following chapters in this manual introduces the Expert mode forms and functionality. The Expert mode is designed for the advanced user administrator who needs to configure the CS beyond the capabilities of the basic wizard mode. This chapter includes the following sections:.
Configuring the CS in Expert Mode These forms are identified by their tabs. Select the tab to access the desired form. Top Menu Left Menu Tabs Form Area Command buttons Wizard/Expert Figure 6-1: Expert Mode Screen Elements Note: Procedures in this manual use shortcuts to tell how to get to Web Manager forms. For example, a step telling the user to access the “Outlets Manager” form use this convention, “In Expert mode, go to Applications> IPDU Power Mgmt.
Mapping of the Expert Mode Menus and Forms Mapping of the Expert Mode Menus and Forms The following table illustrates a mapping of the menus and forms available in Expert mode. If you are viewing this document online, click any term to go to the section where the form is described. Table 6-1: Expert Mode Menu and Forms Applications Network Security — Connect — IPDU Power Mgmt. — Outlets Manager — View IPDUs Info — Users Manager — Configuration — Software Upgrade [for the AlterPath PM] — IPDU Power Mgmt.
Configuring the CS in Expert Mode Description of Forms in Expert Mode The following table briefly describes the functionality of each menu and the related forms. For detailed procedures refer to the page where documented for each section. Table 6-2: Expert > Applications Form Use This Form To: Connect Connect to the CS shell through a secure Chapter 7, Page 116 SSH session, or connect to a specific serial port. IPDU Power Mgmt.
Description of Forms in Expert Mode Table 6-3: Expert > Network Menu Selection Use this menu to: Where Documented Host Settings Configure host connections, including: Ethernet Port connections, DNS Service, and Name Service Access. Chapter 8, Page 152 Syslog Configure how CS will handle its Chapter 8, Page 157 syslog messages. CS generates syslog messages related to users connecting to ports, login failures and other information that can be used for audit and control purposes.
Configuring the CS in Expert Mode Table 6-3: Expert > Network Menu Selection Use this menu to: Where Documented Static Routes To manually add routes. Static routes are a very quick and effective way to route data from one subnet to different subnets. Chapter 8, Page 202 Table 6-4: Expert > Security Menu Selection Use this menu to: Where Documented Users and Groups Create or edit users and groups, establish or change their passwords, access rights and privileges.
Description of Forms in Expert Mode Table 6-5: Expert > Ports Menu Selection Use this menu to: Where Documented Virtual Ports Perform Clustering. One CS can be used as a Master to control other CS (slaves) units. All ports of the slave unit appear as if they are in the master unit. This section shows how to define and configure the slaves. Chapter 10, Page 281 Port Status View the current status of each port. The information provided here are: RS232 Signal Status and user connected to each port.
Configuring the CS in Expert Mode Table 6-6: Administration Menu Selection Use this menu to: Where Documented Time/Date Set the timezone and configure the system’s Date and Time. Network Time Protocol (NTP) can also be used. Chapter 11, Page 305 Boot Configuration Configure CS to boot from its internal firmware or from the network. Chapter 11, Page 307 Defines the settings for loading the operating system in the event that the CS fails to boot successfully.
Description of Forms in Expert Mode BLACK BOX® CS Installation, Administration, and User’s Guide 113
Configuring the CS in Expert Mode 114
Chapter 7 Applications Menu & Forms This Chapter describes the “Applications” menu and the related forms. The following table provides a description of the left menu panel and links to the detailed information and procedures. Table 7-1: Expert > Applications Menu Menu Selection Use this menu to: Where Documented Connect Connect to the CS shell via a secure SSH session or connect to the serial ports. Page 116 IPDU Power Mgmt.
Applications Menu & Forms Table 7-1: Expert > Applications Menu Menu Selection Use this menu to: Where Documented Terminal Profile Menu Configure a menu of commands that will be Page 146 presented to the user when they power on their computer terminal and login to the CS. This is a special application used only when the CS is being used as server with terminals attached. Applications Under “Applications” in Expert mode, five options appear in the left menu panel as shown in the following figure.
Applications Figure 7-2: Expert > Applications > Connect Form Using the “Connect” form, you can connect directly to CS, or to the devices that are connected to the serial ports. • Connect to CS Clicking the “Connect to CS” radio button and clicking the “Connect” button, brings up a Java applet running an SSH session similar to the following figure.
Applications Menu & Forms Figure 7-3: Expert > SSH session Java Applet Note: SSH root access is enabled when the security profile is set to “Moderate” or “Open”. If a “Secured” security profile is selected, you need to switch to a “Custom” security profile, and enable “allow root access” option. For more information see Chapter 9, “Security Menu & Forms. • Serial The “Serial” pull-down menu lists all the serial port numbers or the administrator-assigned aliases that a user is authorized to access.
Applications Figure 7-4: Expert > Serial Port Java Applet Note the difference between “Connect to CS” and “Serial” connections in the “Connected to” grey bar circled in red in the above two figures. If authentication is in effect for the port, you need to supply a username and password to log into the device. T To Connect to the CS This procedure logs you into the CS as a “Regular User” in a SSH session. 1. Go to Applications > Connect in Expert mode. 2. Click the “Connect to CS” radio button. 3.
Applications Menu & Forms A Java applet viewer appears. If your security profile is set to “Moderate” or “Open” you receive a “root” prompt, otherwise, an authentication form appears. You cannot authenticate unless you change the security profile to “Custom” and enable “allow root access”. T To Connect to a Device Through a Serial Port 1. Go to Applications > Connect in Expert mode. 2. Click the “Serial” radio button. 3. Select a port number or alias from the “Serial” pull-down menu. 4. Click “Connect.
Applications The following table provides links to description and procedures for the forms of the IPDU Power Mgmt. tabs. Outlets Manager Page 121 View IPDUs Info Page 124 Users Manager Page 127 Configuration Page 129 Software Upgrade [for AlterPath PM] Page 131 Outlets Manager On the “Outlets Manager” form under Applications>IPDU Power Mgmt., you can do the following tasks for all outlets on all connected IPDUs.
Applications Menu & Forms Figure 7-6: Expert > Applications > IPDU Power Mgmt. > Outlets Manager The following table illustrates what each icon indicates Table 7-2: Expert > Outlets Manager Icons Description Button Purpose Yellow bulbs indicate an outlet is switched on.Gray indicates an outlet is switched off. An opened padlock indicates that an outlet is unlocked. A closed padlock indicates that an outlet is locked. An orange “Cycle” button is active next to each outlet that is on.
Applications Figure 7-7: Expert > Outlets Manager Icons Clicking the Edit button brings up the following dialog box. Figure 7-8: Expert > Edit Outlets Dialog Box You can specify a name for the outlet, for example, the server or device name, and change the power up interval. Note: The power up interval is the amount of time (in seconds) that elapses after the selected outlet is turned on before another outlet can be turned on. T To View Status, Lock, Unlock, Rename, or Cycle Power Outlets 1.
Applications Menu & Forms 4. To momentarily power an outlet off and then on again, click the adjacent “Cycle” button. 5. To change the outlet’s name or the power up interval, click the adjacent “Edit” button. The Edit Outlet dialog box appears. a. To change the name assigned to the outlet, enter a new name in the “Outlet Name” field. b. To change the time between when this outlet is turned on and another can be turned on, change the default 0.50 number of seconds in the “Power Up Interval” field. 6.
Applications configured for syslogging, an alarm buzzer, and over current protection. The configuration is done through the IPDU Power Mgmt Configuration form. The following table describes the information viewable on the “View IPDUs Info” form. The information shown in the table appears for each serial port that is configured for power management. For example, Figure 7-9 displays “Serial Port 1: General Information” configured for power management.
Applications Menu & Forms Table 7-4: Expert > View IPDUs Unit Information Description Example Model AlterPath PM model number PM8 15A Software Version AlterPath PM firmware version 1.5.0 Alarm Threshold Number of amperes that triggers an alarm or syslog message if it is reached 15.0A Current Current level on the IPDU 0.0A Maximum Detected Maximum current detected 0.4A Button to reset the maximum detected current value.
Applications Users Manager On the “Users Manager” form under Applications > IPDU Power Mgmt., you can assign users to outlets. The following figure shows the form with two users listed for a dual AlterPath PM. The AlterPath PM is connected to serial port 1, which is configured for power management. Figure 7-10: IPDU Power Mgmt> Users Manager If more than one serial port is configured for power management, multiple users lists appear, one for each IPDU power management port.
Applications Menu & Forms When a user is added, their name is added to the list on the Users Manager form, as shown in the following figure. T To Configure Users to Manage Power Outlets on IPDUs 1. Go to Applications > IPDU Power Mgmt. > Users Manager. The “Users Manager” form appears. 2. To disable a user’s ability to manage power, select the username from the Users Information list and then click “Delete.” 3. To edit a user, select the username from the Users Information list and then click “Edit.
Applications Configuration On the “Configuration” form under Applications > IPDU Power Mgmt., you can specify the following: • • An alias for the IPDU A threshold current between 1 and xx amperes. (The maximum current depends on the AlterPath PM model. Refer to "View IPDUs Info" section to determine your PM model. • Any of the following actions to occur if the threshold current is exceeded on the IPDU. • Over-current protection.
Applications Menu & Forms Figure 7-12: Expert > Applications > IPDU Power Mgmt. > Configuration Note: The number of amps shown in the Master Unit (and Slave units if available) pull-down menu varies according to the model of the connected PM. Figure 712 shows number 15 for two 15 amp PMs as a Master and a Slave.
Applications 3. Click “apply changes.” Software Upgrade [for the AlterPath PM] On the “Software Upgrade” form under Applications > IPDU Power Mgmt., you can upgrade the software on AlterPath PM IPDUs. The following figure shows the Software Upgrade form listing the current software version on the AlterPath PM IPDU connected to Serial Port 1. Figure 7-13:Expert > Applications > IPDU Power Mgmt.
Applications Menu & Forms T To Download AlterPath PM Software You can use this procedure to download the AlterPath PM software. 1. On a computer in the same subnet as the CS, bring up a browser and go to http://www.cyclades.com/support/downloads.php 2. Find the section on the downloads page for the AlterPath PM, and compare the latest driver’s version number to the version shown in the Applications > IPDU Power Mgmt. > Software Upgrade form.
Applications This procedure requires the following: • A more-recent version of the AlterPath PM software than the one shown on the “Software Upgrade” form. • You downloaded the more-recent version of the AlterPath PM software and copied it into the CS’s /tmp directory with the filename pmfirmware. 1. Go to Applications > Power Mgmt. > Software Upgrade. The Software Upgrade form displays. 2. Click the Refresh button.
Applications Menu & Forms Figure 7-14: Expert > Applications > IPDU Multi-Outlet Ctrl Whether the power supplies are connected to the same PM or not, all outlets that are configured to the same serial port can be treated as a group and controlled simultaneously from this form. The following form displays if Multi-Outlet Ctrl is not configured. For the procedure, see “To Configure a Serial Port for IPDU or IPMI Power Management” on page 143.
Applications Figure 7-15: Expert > Applications > Multi-Outlet Ctrl [not configured] Prerequisites for Multi-Outlet Control In order to control groups of outlets from the IPDU Multi-Outlet Control page, the following prerequisites must be met. • An AlterPath PM must be plugged into one of the serial ports, and that serial port must be configured for power management. • A device connected to a serial port must be plugged into at least two outlets on the PM.
Applications Menu & Forms Figure 7-16: Expert > Applications > Multi-Outlet Control Icons The icons in the first line of each group are described in the following table. Table 7-5: Expert > IPDU Multi-Outlet Ctrl form icons Button Purpose A grey light bulb icon indicates that the group is off. A yellow light bulb indicates that the group is on. Clicking the light bulb icon once changes the power status of all of the outlets in the group.
Applications Note: Only one outlet needs to be powered on or unlocked in order for the entire group to be considered on or unlocked. In this case, it takes two clicks to turn the power off or to lock the entire group instead of the one click. (one click is sufficient when all of the outlets are in the same state). The first click turns the other outlets on or unlocks them so that all the outlets are in the same state; the second click turns all of the outlets off or locks them.
Applications Menu & Forms a. Click the yellow light bulb icon adjacent to the group name once to turn all of the outlets off. All of the outlets are in the same state. b. To turn all of the outlets on, click the grey light bulb icon adjacent to the group name. T To Lock or Unlock a Group of Outlets in the Same Power State Use these instructions if all of the outlets in a group are either locked or unlocked. 1. Go to Applications > IPDU Multi-Outlet Ctrl. 2.
Applications 1. Go to Applications > IPDU Multi-Outlet Ctrl. 2. Make sure that all of the outlets are turned on. 3. See “To Power On or Power Off a Group of Outlets in the Same Power State” on page 137 if needed. 4. Click the Cycle button adjacent to the group name.
Applications Menu & Forms Figure 7-18:Expert > IPMI Power Mgmt. “Add/Edit IPMI Device” Dialog Boxes After you fill out the fields or make changes and save the changes, the device is added to the IPMI Devices list or the configuration for the device is changed. The following figure shows an entry for an IPMI server. Figure 7-19:Expert > IPMI Power Mgmt.
Applications authorized to connect to serial ports can perform IPMI power management on a serially-connected device while connected. To configure power management of IPMI devices the following CS information must be obtained from the IPMI device’s administrator.
Applications Menu & Forms Button Purpose When the status is unknown, a question mark appears instead of the light bulb. A question mark indicates either of the following conditions. • The device was added or deleted and the changes were not saved. • The device did not answer IPMI requests. Turn power briefly off and then on again Add and configure a new IPMI device. Select an IPMI device to review or change its configuration. Delete an IPMI device.
Applications f. Enter a password for administering the remote device in the “Password” field and go to Step 5. 4. To edit the configuration for a device, click the “Edit” button on the line with the device’s name, and make the desired changes on the Edit dialog box. 5. Click OK. 6. Click “apply changes.” T To Manage Power on an IPMI Device 1. Go to Applications > IPMI Power Mgmt. Entries for all previously-defined IPMI devices appear on the form. 2.
Applications Menu & Forms Figure 7-20: Expert > Serial Port > Power Management > Enable Power Management 4. Click the “Add” button The “Add Outlet” dialog box appears. Figure 7-21: Expert > Power Management Add Outlet Dialog Box 5. Enter the outlet number(s) - separated by comma - into which the device is connected to. 6. Click OK.
Applications The power management port and the specified outlet numbers display on the PowerMgmt Port list. 7. Enter the power management hot key in the “Power Management Key” field. Enter a caret (^) for the escape key, as in ^p. The caret stands for the Ctrl key. T To Configure a User for IPDU Power Management While Connected To a Serial Port Perform this procedure to allow a user to perform power management for a device while connected to the device through one of the CS’s serial ports. 1.
Applications Menu & Forms T To enable IPMI Power Management of an IPMI device connected to the currently-selected port 1. Check the checkbox next to “Enable IPMI on this port.” The “IPMI key” and “IPMI Server” fields appear. Figure 7-23: Expert > Serial Port > Power Management > Enable IPMI 2. Enter an IPMI hot key. A user of the device connected to this serial port can use this hot key to bring up the IPMI power management screen while connected to the port.
Applications configured as a local terminal launches a session directly on the CS with access to the Linux commands on the CS unless you configure a menu here. The following figure shows an empty menu. Figure 7-24:Expert > Applications > Terminal Profile Menu The menu can contain any command recognized by the Linux operating system on the CS. The most common use of this feature is to create multiple menu options for launching SSH sessions on remote hosts.
Applications Menu & Forms For example, you can create a menu called “SSH to Servers” with options that launch SSH connections to several servers, such as the one shown in the following screen example. Figure 7-26: Expert > Terminal Profile Menu Example The command menu then appears when the terminal is powered on. T To Create a Menu for a Local Computer Terminal 1. Go to Applications > Terminal Profile Menu. The “Terminal Profile” menu displays. 2. Enter a title for the menu in the “Menu title” field. 3.
Applications 5. Click “apply changes.
Applications Menu & Forms 150
Chapter 8 Network Menu & Forms This Chapter describes the “Network” menu and the related forms. The following table provides a description of the left menu panel and links to the detailed information and procedures. Table 8-1: Expert > Network Menu Menu Selection Use this menu to: Where Documented Host Settings Configure the network parameters such as Host Name, IP addresses, DNS services, Gateway, and Bonding Page 152 Syslog Configure how the CS will handle its syslog Page 157 messages.
Network Menu & Forms Menu Selection Use this menu to: Where Documented SNMP Configure Simple Network Management Protocol (SNMP) with community names, OID and user names. This section and the dialog boxes guide you to configure the required parameters. Page 181 Firewall Configuration Configure static IP tables, and how packets should be filtered. Page 186 Host Tables Page 201 View information about the local network environment. View table of hosts; create, edit, and delete hosts.
Network If the “DHCP” is not enabled, then other options appear on the form as shown in the following figure. Figure 8-2: Expert > Network > Host Settings [DHCP Disabled] The following table provides a brief definition of the Host Settings form fields. Table 8-2: Expert > Host Settings Form Fields Filed Name Field Definition Host Name The fully qualified domain name identifying the specific host computer on the network.
Network Menu & Forms Table 8-2: Expert > Host Settings Form Fields 154 Filed Name Field Definition Console Banner A text string designed to appear on the console upon logging into and exiting from a port as a way to verify or identify the particular port connection. Primary IP IP address of the CS unit. Secondary IP The secondary IP address of the CS unit. By configuring a second IP address, the unit will be available for more than one network.
Network Table 8-2: Expert > Host Settings Form Fields Filed Name Field Definition Bonding Enables redundancy for the Ethernet devices using the standard Ethernet interface as the primary mode of access and a PCMCIA card as a secondary mode of access. If bonding is enabled, the following values should be set. Miimon: The interval in which the active interface is checked to see if it is still communicating (in milliseconds).
Network Menu & Forms The console banner appears on the console upon logging into and exiting from a port as a way to verify or identify the particular port connection 5. Under Ethernet Port, complete or edit the following fields, as necessary. a. Enter the IP address of the CS in the “Primary IP” field. b. Enter the netmask in the “Network Mask” field. c. If the CS has a second Ethernet card in a PCMCIA slot, enter the CS’s second IP address in the “Secondary IP” field. d.
Network Syslog When Network > Syslog is selected the form shown in the following figure appears. Figure 8-3: Expert > Network > Syslog You can use the Syslog form to configure how the CS handles system logged messages. The Syslog form allows you to do the following: • • Specify one or more syslog servers to receive syslog messages related to ports. Specify rules for filtering messages.
Network Menu & Forms The top field on the form “CAS Ports Facility” is used to tell CS where to send syslog messages. • • • You can specify a facility number for the messages from serial ports. Obtain the facility numbers from the syslog server’s administrator. You can send the syslog messages to: • The console port for logging the messages even if no user is logged in) • To all sessions where the root user is logged in • To one or more syslog servers. You can add or remove syslog servers.
Network Figure 8-4: Expert > Network > PCMCIA Management You can use the PCMCIA management form to configure the following types of PCMCIA cards. For a list of the supported PCMCIA cards see Appendix C. • • • • • • • • 10/100 Base-T Ethernet 802.11b Wireless LAN V.90 Modem ISDN GSM CDMA Compact Flash IDE Hard Disk Note: You can insert a card at any time and the corresponding driver should load automatically.
Network Menu & Forms T To Configure a PCMCIA Card 1. Go to Network > PCMCIA Management. The PCMCIA Management form appears. 2. Insert the card into the PCMCIA slot on the front of the CS and Click the “Insert” button for the slot in which you installed the PCMCIA card. The following dialog box appears. 3. Click OK. The card information appears under the “Card Type” column as shown in the following figure. 4. Click the Configure button. 5.
Network 6. Select the desired PCMCIA card type from the pull-down menu. 7. Follow the procedure that corresponds to the type of the PCMCIA card you have installed.
Network Menu & Forms Figure 8-5: Expert > PCMCIA Modem Card Configuration Dialog Box The following table provides a brief description of the fields available in the Modem dialog box. Table 8-3: Expert > Form Fields for a Modem Card Field Name Definition [PCMCIA Card] Pull-down menu to select the type of PCMCIA card that you are using. PPP Check box to enable point-to-point protocol. Local IP The local IP address of the PCMCIA card. Remote IP The remote IP address of the PCMCIA card.
Network Figure 8-6: Expert > PCMCIA Modem Card Configuration Dialog Box PPP If you enable “Call Back”, the Phone Number field appears on the Slot dialog box, as shown in the following figure.
Network Menu & Forms T To Configure a Modem PCMCIA Card 1. Install the modem card and select “Modem” from the pull-down menu on the PCMCIA Management form. 2. To enable PPP, do the following steps: a. Check the PPP checkbox. b. The “Local IP and the “Remote IP” fields, and the “Call Back” check box appear on the Slot dialog box. c. Enter an IP address in the “Local IP” field, if desired. By default, the IP address of the CS is used. Only change the IP address if you have a specific reason to do so. d.
Network Figure 8-8: Expert > ISDN PCMCIA Card Configuration Dialog Box The following table provides a brief description of the fields available in the ISDN dialog box. Table 8-4: Expert > Form Fields for an ISDN Card T Field Name Definition [PCMCIA Card] Select ISDN from the pull-down menu. Local IP The local IP address of the PCMCIA card. Remote IP The remote IP address of the PCMCIA card. Call Back Check box to enable the callback security feature.
Network Menu & Forms 2. Enter an IP address in the “Local IP” field, if desired. By default, the IP address of the CS is used. Only change the IP address if you have a specific reason to do so. 3. In the “Remote IP” field, specify the IP address to assign to the other end of the PPP connection, if desired. By default, the IP address 10.0.0.1 is assigned. Only change the IP address if you have a specific reason to do so. 4. To enable call back, do the following: a. Check the “Call Back” check box.
Network Figure 8-9: Expert > GSM PCMCIA Card Configuration Dialog Box When the “Call Back” checkbox is checked, the Phone Number field appears as shown in the following figure.
Network Menu & Forms The following table provides a brief description of the fields available in the GSM dialog box. Table 8-5: Expert > Form Fields For a GSM Card T Field Name Definition [PCMCIA Card] Select GSM from the pull-down menu. Local IP The local IP address of the PCMCIA card. Remote IP The remote IP address of the PCMCIA card. Pin Number The personal identification number associated with the GSM. Call Back Check box to enable the callback security feature.
Network a. Check the “Call Back” check box. The “Phone Number” field appears on the Slot dialog box. b. Enter a number for the CS to use to call back the GSM phone. 6. Click OK. 7. Click “apply changes.” Configuring an Ethernet PCMCIA Card You can use the “PCMCIA Management” form under “Network” to configure an Ethernet PCMCIA card. When you select Ethernet from the pull-down menu, the dialog box shown in the following figure appears.
Network Menu & Forms T Field Name Definition Network Address The network address of the Ethernet. To Configure an Ethernet PCMCIA Card 1. Install the Ethernet card and select “Ethernet” from the pull-down menu on the PCMCIA Management form. The “IP Address” and “Network Mask” fields appear on the Slot dialog box. 2. In the “IP address” field, enter the IP address to assign to the Ethernet port. 3. In the “Network Mask” field, enter the netmask to assign to the subnet. 4. Click OK. 5.
Network Figure 8-12: Expert > PCMCIA Compact Flash/Hard Disk Configuration Dialog Box The following table provides a brief description of the fields available in the Compact Flash/Hard Disk dialog box. Table 8-7: Expert > Form Fields for a Compact Flash/Hard Disk T Field Name Definition [PCMCIA Card] Select Compact Flash/Hard Disk from the Pulldown menu. Enable Check box to enable the storage device. Use for Data Buffering Check box to use the storage device for data buffering.
Network Menu & Forms The “Enable” checkbox appears on the Slot dialog box. 2. Click the “Enable” checkbox. The “Use for data buffering” checkbox appear on the Slot dialog box. 3. If desired, uncheck the “Use for data buffering” checkbox. Default is checked. 4. Click OK. 5. Click “apply changes.” Configuring a Wireless LAN PCMCIA Card You can use the “PCMCIA Management” form under “Network” to configure a Wireless LAN PCMCIA card.
Network Table 8-8: Expert > Form Fields for a Wireless LAN Card. T Field Name Definition [PCMCIA Card] Pull-down box to select the type of PCMCIA card that you are using. IP Address The local IP address of the Ethernet. Network Mask The network address of the Ethernet. MyPrivateNet (ESSID) The unique identifier for the wireless access point. Channel The communication channel with the access point. Encrypted The translation of data into code during transmission.
Network Menu & Forms Configuring a CDMA PCMCIA Card You can use the “PCMCIA Management” form under “Network” to configure a CDMA PCMCIA card. When you select “CDMA” from the pull-down menu, the dialog box shown in the following figure appears. Figure 8-14: Expert > PCMCIA CDMA Card Configuration Dialog Box CDMA cards are modem cards that makes it possible for CS to receive a dialin connection and support callback feature using the "ppp" protocol.
Network T Field Name Definition Speed The speed used by CS to access the card. Additional Initialization Additional initialization parameter to be sent to the card. CDMA configuration has a default command sequence to initialize the card, but if additional initialization command is required by the card, it will be added to default command sequence. For example, additional initialization parameters may be required in communication networks of some countries.
Network Menu & Forms Ejecting a PCMCIA Card Use the “Eject” button on the PCMCIA management form to eject any PCMCIA card before physically ejecting it. Any other method can cause a kernel panic. T To Eject a PCMCIA Card From the Card Slot 1. Go to Network > PCMCIA Management. The PCMCIA Management form appears. 2. Click the Eject button adjacent to the card you want to remove. The card type clears under the Card Type column. 3. Click “apply changes.” 4.
Network Figure 8-15: Expert > Network > VPN Connections You can use the form to add a VPN connection or edit one that is already in the list. When you click the “Edit” or “Add” buttons, a “New/Modify Connection” form appears, as shown in the following figure. The form displays different fields depending on whether “RSA Public Keys” or “Shared Secret” are selected.
Network Menu & Forms Figure 8-16: Expert > VPN “New/Modify Connection” Dialog Box The remote gateway is referred to as the Remote or “Right” host, and the CS is referred to as the Local or “Left” host. If left and right are not directly connected, then you must also specify a “NextHop” IP address. The next hop for the remote or right host is the IP address of the router to which the remote host or gateway running IPSec sends packets when delivering them to the left host.
Network Table 8-10: Expert > Field and Menu Options for Configuring a VPN Connection Field Name Definition Connection Name Any descriptive name you want to use to identify this connection such as “MYCOMPANYDOMAIN-VPN.” Authentication Protocol The authentication protocol used, either “ESP” (Encapsulating Security Payload) or “AH” (Authentication Header). Authentication Method Authentication method used, either “RSA Public Keys” or “Shared Secret.
Network Menu & Forms Field Name Definition Boot Action The boot action configured for the host, either Ignore, Add, Start. T To Configure VPN To enable VPN, make sure that IPSec is enabled through the security profile section. 1. Go to Network > VPN Connections. The VPN Connections form appears. 2. To edit a VPN connection, select the name of the VPN connection, and click the “Edit” button. 3. To add a VPN Connection, click the “Add” button. The “New/Modify Connection” dialog box appears. 4.
Network e. If “RSA Key” is selected, generate the key for the CS (left host) and find out the key from the remote gateway (right host). You can use copy and paste to enter the key in the “RSA Key” field. f. If “Shared Secret” is selected, enter the shared secret in the “PreShared Secret” field. 8. Select either “Ignore”, “Add”, or “Start” from the “Boot Action pulldown menu. 9. Click OK. 10. Click “apply changes.
Network Menu & Forms Figure 8-17: Expert > Network > SNMP You can use this form to enable notifications about significant events or traps from CS to an SNMP management application, such as HP Openview, Novell NMS, IBM NetView, or Sun Net Manager. The following table explains the required parameters to complete the SNMP form and the associated dialog boxes.
Network Table 8-11: Expert > Fields and Menu Options for SNMP Configuration Field or Menu Option Description SysContact The email address of the CS’s administrator, for example, support@bb.com. SysLocation The physical location of the CS. Community SNMP v1 and v2 only. A Community defines an access environment. The type of access is classified under “Permission”: either read only or read write. The most common community is “public”.
Network Menu & Forms Figure 8-18: Expert > “New/Mod SNMP v1 v2 Configuration” Dialog Box Clicking the “Add” or “Edit” buttons under “SNMPv3 Configuration” brings up the “New/Mod SNMP v3 Configuration” dialog box, as shown in the following figure. Figure 8-19:Expert > “New/Mod SNMP v3 Configuration” Dialog Box T To Configure SNMP 1. Go to Networks > SNMP. The SNMP form appears. 2.
Network The “New/Modify SNMP Daemon Configuration” dialog box appears. 3. To edit any SNMP configuration, do the following steps. a. To edit an SNMPv1/SNMPv2 entry, select the entry from the “SNMPv1/SNMPv2 Configuration” list and click the “Edit” button. b. To edit an SNMPv3 entry, select an entry from the “SNMPv3 Configuration” list and click the “Edit” button. The “New/Modify SNMP Daemon Configuration” dialog box appears. 4. For SNMP v1 or v2 configuration, enter or change the following information: a.
Network Menu & Forms Table 8-12: Expert > Tasks for Configuring SNMP Task Where Documented To configure one or more serial ports to send SNMP traps. See “SNMP Trap Notifications Entry” on page 302 Firewall Configuration Firewall configuration, also known as IP filtering, refers to the selective blocking of the passage of IP packets between global and local networks. The filtering is based on rules that describe the characteristics of the packet.
Network Each entry in the list on the Firewall Configuration form represents a chain with a set of rules. The list by default has three built-in chains, as shown in the previous figure. The chains accept all INPUT, FORWARD, and OUTPUT packets.
Network Menu & Forms Figure 8-22:Firewall Configuration “User-defined Chain” Message “Delete” Button If one of the user-defined chains is selected and the “Delete” button is pressed the chain is deleted. Note: Default chains cannot be deleted. If one of the default chains is selected and the “Delete” button is pressed the message shown in the following figure appears.
Network Figure 8-24:Expert > Firewall Configuration “Add Chain” Dialog Box Adding a chain only creates a named entry for the chain. Rules must be configured for the chain after it is added to the list of chains. “Edit Rules” Button If the “Edit Rules” button is pressed, a form appears with a list of headings like the one shown in the following figure. The example shows the OUTPUT chain selected for editing.
Network Menu & Forms Figure 8-26:Firewall Configuration “Edit Rules for chain_name” Buttons • • • Pressing the “Add” button opens the “Add Rule” dialog box. Selecting a “Rule” and pressing the “Edit” button opens the “Edit Rule” dialog box. Selecting a rule and pressing the “Up” and “Down” buttons moves the rule up and down the list. Options on the “Add Rule” and “Edit Rule” Dialog Boxes The “Add Rule” and “Edit Rule” dialog boxes have the fields and options shown in the following figure.
Network For example, you select “DROP” as the target action from the “Target” dropdown list, check “Inverted” on the line with the “Source IP”, and do not specify any other criteria in the rule, any packets arriving from any other source IP address than the one specified are dropped. Target Pull-down Menu Options The “Target” pull-down menu shows the action to be performed on an IP packet that matches all the criteria specified in a rule.
Network Menu & Forms Protocol You can select a protocol for filtering. The “Protocol” pull-down menu is shown in the following figure. Figure 8-30:Firewall Configuration “Add Rule” and “Edit Rule” Protocol Menu Options The additional fields that appear for each protocol are explained in the following sections. Numeric Protocol Fields If Numeric is selected as the protocol when specifying a rule, a text field appears to the right of the menu for the desired number, as shown in the following figure.
Network Figure 8-32:Firewall Configuration “Add Rule” and “Edit Rule” TCP Protocol Fields and Menu Options The following table defines the fields and menu options in the “TCP Options Section.” Table 8-13: Expert > TCP Options Fields Field/Menu Option Definition Source Port - OR Destination Port -ANDto A port number for filtering in the “Source Port” or “Destination Port” field. A range of IP address can be specified by adding a second port number in the “to” field.
Network Menu & Forms Figure 8-33:Firewall Configuration “Add Rule” and “Edit Rule” UDP Protocol Fields The following table defines the fields in the UDP Options Section. Table 8-14: Expert > UDP Options Fields Field Definition Source Port - OR Destination Port -ANDto A port number for filtering in the “Source Port” or “Destination Port” field. A range of IP address can be specified by adding a second port number in the “to” field. TCP packets are filtered for for the range of specified IP addresses.
Network Figure 8-34:Firewall Configuration “Add Rule” and “Edit Rule” ICMP Type Menu Options BLACK BOX® CS Installation, Administration, and User’s Guide 195
Network Menu & Forms Input Interface, Output Interface, and Fragments If an interface (such as eth0 or eth1) is entered in the “Input Interface” field, incoming packets are filtered for the specified interface. If an interface is entered in the “Output Interface” field, outgoing packets are filtered for the specified interface. The input and output interface fields are shown in the following figure along with the options on the “Fragments” pull-down menu.
Network LOG Target If you select “LOG” from the “Target” field, the fields and menus shown in the following figure appear in the “LOG Options Section” at the bottom of the form. Figure 8-36:Firewall Configuration “Add Rule” and “Edit Rule” LOG Target Fields The following table defines the menu options and fields in the “LOG Options Section.
Network Menu & Forms REJECT Target If REJECT is selected from the Target pull-down menu, the following pulldown menu appears Figure 8-37:Firewall Configuration “Add Rule” and “Edit Rule” REJECT Target Menu Options Any “Reject with” option causes the input packet to be dropped and a reply packet of the specified type to be sent.
Network Table 8-17: Expert > Reject Options Sections Field Name Definition icmp-net-prohibited ICMP network prohibited alias. icmp-hostprohibited ICMP host prohibited alias. echo-reply Echo reply alias. tcp-reset TCP RST packet alias. Note: The packets are matched (using tcp flags and appropriate reject type) with the REJECT target. Firewall Configuration Procedures The following sections describe the procedures for defining packet filtering: T To Add a Chain 1.
Network Menu & Forms Note: User-defined chains cannot be edited. If you want to rename a chain you added, delete it and create a new one. 1. Go to Network > Firewall Configuration 2. Select one of the default chains from Chain list, and then click the “Edit” button. If you select a user-defined chain, the dialog box shown in the following figure appears. If you select one of the default chains, the “Edit Chain” dialog box appears. 3.
Network 2. Select the chain to which you want to add a rule from Chain list, and then click the “Edit Rules” button. 3. Click the “Add Rule” button. The “Add Rule” dialog box appears. 4. Configure the rule as desired. For definitions of the fields in this form see “Firewall Configuration” on page 186. 5. Click OK. 6. Click “apply changes.” T To Edit a Rule 1. Go to Network > Firewall Configuration 2. Select the chain that you want to edit from the list and click the “Edit Rules” button.
Network Menu & Forms Figure 8-38: Expert > Network > Host Tables T To Define the CS’s IP Address and Hostname 1. Go to Network > Host Tables The Host Tables form appears. 2. To edit a host, select the host IP address from the list and click the “Edit” button. (You can use the “Up” and “Down” buttons to navigate through the list.) 3. To add a host, click the “Add” button. The “host table” dialog box appears. 4.
Network Figure 8-39: Expert > Network > Static Routes Clicking the “Edit” or “Add” buttons brings up a form shown in the following figure. Figure 8-40: Expert > Static Routes “Add” and “Edit” Dialog Boxes Default Route The example shows the fields and menus that appear when the “Default” route type is selected from the “Route” pull-down menu.
Network Menu & Forms The following figure shows the fields and menus that appear when the “Network” route type is selected from the “Route” pull-down menu. Figure 8-41: Expert > Static Routes “Add” and “Edit” Dialog Boxes Network Route The following figure shows the fields and menus that appear when the “Host” route type is selected from the “Route” pull-down menu.
Network Figure 8-42: Expert > Static Routes “Add” and “Edit” Dialog Boxes - Host Route The following table describes the fields that appear when you select a routing type from the “New/Modify Route” dialog boxes. Table 8-18: Expert > Fields and Menus for Configuring Static Routes Field or Menu Name Definition Route Choices are “Default,” “Network,” or “Host.” Network IP Appears only when “Network” route is selected. Type the IP address of the destination network.
Network Menu & Forms 3. If you selected “Network, do the following steps. a. Enter the IP address of the destination network in the “Network IP” field. b. Enter the netmask of the destination network in the “Network Mask” field. 4. If you selected “Host,” type the IP address of the destination host in the “Host IP” field. 5. Select “Gateway” or “Interface” from the “Go to” pull-down menu and enter the address of the gateway or the name of the interface in the adjacent field. 6. Click “apply changes.
Chapter 9 Security Menu & Forms This Chapter describes the “Security” menu and the related forms. The following table provides a description of the left menu panel and links to the detailed information and procedures. Table 9-1: Expert > Security Menu Menu Selection Use this menu to: Where Documented Users and Groups Create or edit users and groups, establish or change their passwords, and access rights and privileges.
Security Menu & Forms Users and Groups Users and Groups form allows you to do the following tasks: • Set up user access to the CS Web Manager • Assign users to specific groups that share common access rights • Assign or change passwords • Create new groups and add to the group list. The two groups to which you can assign a user are: • • Admin - Read/Write Access Regular User - Limited Read/Write Access Caution: There is only one “root” user for the initial setup of the CS by the administrator.
• • Add users to a group Delete users from a group Adding a User If you click the “Add” button on the Security > Users and Groups form under the “Users List”, the following dialog box appears. Figure 9-2: Expert > Security > Users and Groups > “Add User” Dialog Box The following table describes the fields in the “Add User” dialog box. Table 9-2: Expert > Add User Dialog Field Names and Definitions Field Name Definition User Name Name of the user to be added.
Security Menu & Forms Table 9-2: Expert > Add User Dialog Field Names and Definitions Field Name Definition Shell Optional. The default shell is /bin/sh when the user makes an SSH or Telnet connection. Comments Optional notes about the user’s role or configuration. Adding a Group If you click the “Add” button on the Security > Users and Groups form under the “Group List”, the following dialog box appears.
3. Enter the name in the “User Name” field. 4. Enter the password in the “Password” and “Repeat Password” fields. 5. Assign a group from the “Group” pull-down menu. 6. Optional: Select a shell from the “Shell” pull-down menu. 7. Optional: Enter information, as desired, about the user’s role or responsibilities. 8. Click OK. 9. Click “apply changes.” T To Delete a User or Group 1. Go to Security > Users and Groups The Users & Groups form displays. 2. Select the name of a user or group to delete. 3.
Security Menu & Forms The Users & Groups form displays. 2. Under the list of groups, click “Add.” The “Add Group” dialog box displays. 3. Enter the name for the new group in the “Group Name” field. 4. Enter one user name or multiple comma-separated user names in the “Users” field. 5. Click OK. 6. Click “apply changes.” T To Modify a Group 1. Go to Security > Users and Groups The Users and Groups form displays. 2. Select the name of a group to modify. 3. Click “Edit.” The “Edit Group” form displays. 4.
Figure 9-4: Expert > Security > Active Ports Sessions The Active Ports Sessions form provides status and usage information related to all active serial ports sessions. You can use the form to view who is logged into each port and the processes they are running. Open sessions are displayed with their identification and statistical data, the related data such as CPU usage for a specific client, JCPU processes, and PCPU processing time.
Security Menu & Forms T Field Name Definition JCPU The amount of CPU time consumed by all active processes including currently running background jobs. PCPU The amount of CPU time consumed by the current process. What Name of the current process. To View, Kill, or Refresh Active User Sessions 1. Go to Security > Active Ports Sessions in Expert mode. The Active Ports Sessions form appears. 2. To refresh the display, click the “Refresh” button.
Figure 9-5: Expert > Security > Authentication You can use the Authentication forms to: • • Select a method for authenticating logins to CS. Identify authentication servers that are configured for logins to CS or to the serial ports. Configuring Authentication for CS Logins The default authentication method for CS is Local. You can either accept the default or select another authentication method from the “Unit Authentication” pull-down menu on the AuthType form.
Security Menu & Forms Figure 9-6: Expert > Security > Authentication > AuthType Form Any authentication method selected for CS is used for authentication of any user attempting to log into the CS through Telnet, SSH, or the Web Manager. T To Configure the CS Login Authentication Method 1. Go to Security > Authentication. The “AuthType” form displays, as shown in the figure 9-6. 2. To specify an authentication method for login to CS, select a method from the “Unit Authentication” pull-down menu. 3.
The following is a summary of the things you need to know about setting up authentication servers. • • • CS must be on the same subnet as the authentication server. Each authentication server must be configured and operational. The CS administrator should obtain the necessary information from each authentication server administrator, in order set up and identify those servers on CS.
Security Menu & Forms Table 9-4: Tasks for Setting up Authentication Servers. Method Variations Procedures NIS NIS, Local/NIS, NIS/Local, or NISDownLocal See “To Configure a NIS Authentication Server” on page 225 T To Configure a RADIUS Authentication Server Perform the following procedure to configure a RADIUS authentication server when CS or any of its ports are configured to use RADIUS authentication method or any of its variations (Local/RADIUS, RADIUS/ Local, or RADIUS/DownLocal). 1.
Group Authorization on RADIUS Group information retrieval from a RADIUS authentication server adds another layer of security by adding a network-based authorization. It retrieves the “group” information from the authentication server and performs an authorization through CS. To see the configuration procedures for a RADIUS authentication server refer to the CS Command Reference Guide, Chapter 3, Section 3.4 “Group Authorization”.
Security Menu & Forms 2 Fill in the form according to your local TACACS+ server configuration. 3 To apply “Authorization” in addition to authentication to the box and ports, select the “Enable Raccess Authorization” check box. By default “Raccess Authorization” is disabled, and no additional authorization is implemented. When “Raccess Authorization” is enabled, the authorization level of users trying to access CS or its ports using TACACS+ authentication is checked.
configuration procedures for a TACACS+ authentication server refer to the CS Command Reference Guide, Chapter 3, Section 3.4 “Group Authorization”. T To Configure an LDAP Authentication Server Perform the following procedure to configure an LDAP authentication server when the CS or any of its ports are configured to use the LDAP authentication method or any of its variations (LDAP, LDAP/Local, or LDAPDownLocal).
Security Menu & Forms Figure 9-9: Expert > Security > Authentication > LDAP 2. Supply the IP address of the LDAP server in the “LDAP Server” field. 3. If the LDAP authentication server uses a different distinguished name for the search base than the one displayed in the “LDAP Base” field, change the definition. The default distinguished name is “dc,” as in dc=value,dc=value. If the distinguished name on the LDAP server is “o,” then replace dc in the base field with o, as in o=value,o=value. 4.
authorization through CS. To see the configuration procedures for an LDAP authentication server refer to the CS Command Reference Guide, Chapter 3, Section 3.4 “Group Authorization”. T To Configure a Kerberos Authentication Server Perform the following procedure to configure a Kerberos authentication server when CS or any of its ports is configured to use Kerberos authentication method or any of its variations (Kerberos, Kerberos/Local, or KerberosDownLocal).
Security Menu & Forms iv. Enter an optional alias in the “Alias” field. 2. Make sure that time, date, and timezone settings are synchronized on the CS and on the Kerberos server. Note: Kerberos authentication depends on time synchronization. Time and date synchronization can be achieved by setting both CS and the Kerberos server to use the same NTP server. a. To specify an NTP server, see “To Configure Time and Date Using an NTP Server” on page 306. b.
Figure 9-11: Expert > Security > Authentication > Kerberos 5. Fill in the form according to your local setup of the Kerberos server. 6. Click “apply changes.” T To Configure a NIS Authentication Server Perform the following procedure to configure a NIS authentication server when CS or any of its ports is configured to use NIS authentication method or any of its variations (Local/NIS, NIS/Local, or NISDownLocal). 1. Go to Security > Authentication > NIS in Expert mode.
Security Menu & Forms Figure 9-12:Expert > Security > Authentication > NIS 2. Fill in the form according to your configuration of the NIS server. 3. Click “apply changes.” Security Profiles Selecting Security > Security Profile brings up the form shown in the following figure.
A Security Profile consists of a set of parameters that can be configured in order to have more control over the services that are active at any time. Pre-defined Security Profiles There are three pre-defined security profiles: 1. Secure - The Secure profile disables all protocols except SSHv2, HTTPS, and SSH to Serial Ports. Authentication to access Serial Ports is required, and SSH root access is not allowed. Note: SSH root access is enabled when the security profile is set to “Moderate” or “Open”.
Security Menu & Forms The following tables illustrate the properties for each of the Security Profiles. The enabled services in each profile is designated with a check mark. Table 9-5: Expert > Enabled services to access the CS under each security profile.
Table 9-7: Expert > Enabled protocols for each security profile shown with a check mark. Secure Moderate Open SNMP 3 RPC 3 3 ICMP 3 Default1 Custom 3 FTP IPSec User Configurable Other Services 1-The Default security profile parameters is the same as Moderate profile. The first step in configuring your Advanced Console Server is to define a Security Profile. One of the following situations is applicable when you boot up the CS unit. 1.
Security Menu & Forms Serial Port Settings and Security Profiles All serial ports on CS units shipped from the factory are disabled by default. The administrator can enable ports individually or collectively and assign specific users to individual ports. The following figure shows the default factory settings of serial ports. Figure 9-14: Expert > Physical Ports Default Factory Settings The following situations apply to serial ports when you modify or change a security profile.
• If the serial port connection protocol is incompatible with the selected security profile the following dialog box appears when you try to access Expert > Ports > Physical Ports Figure 9-16:Serial Ports Protocol Incompatibility Dialog Box T To Select or Configure a Security Profile The following procedure assumes you have installed a new CS at your site, or you have reset the unit to factory default. 1. Enter the assigned IP address of the CS in your browser and login as an administrator.
Security Menu & Forms Figure 9-17: Security Advisory Dialog Box Note: Your browser’s pop-up blocker should be disabled for this dialog box to appear. 2. Review the Security Advisory and click the “Close” button. 3. The Web Manager is redirected to Wizard > Step 1: Security Profile The following form is displayed.
Figure 9-18:Wizard > Step 1: Security Profile Form 4. Select a pre-defined Security Profile by pressing one of the “Secured”, “Moderate”, “Open”, or “Default” profiles, or create a “Custom” profile. The following dialog box appears when you select the “Custom” profile.
Security Menu & Forms Figure 9-19: Custom Security Profile Dialog Box Caution: Take the required precautions to understand the potential impacts of each individual service configured under the "Custom" profile. Refer to Table 9-5 on page 228, and the subsequent tables for a comparison of the available services in each security profile. Refer to the Glossary for a definition on some of the available services.
Note: It is not possible to continue working in the Web Manager without selecting a Security Profile. The following dialog box appears if you try to navigate to other sections of the Web Manager. 5. Once you select a security profile or configure a custom profile and apply the changes, the CS Web Manager restarts in order for the changes to take effect. The following dialog box appears. 6. Select “apply changes” to save the configuration to Flash. CS Web Manager restarts. 7.
Security Menu & Forms Security Certificates CS generates its own self-signed SSL certificate for HTTPS using OpenSSL. Note: It is highly recommended that you use the “openssl” tool to replace the CS generated certificate. Certificate for HTTP Security A certificate for HTTP security is created by a CA (Certificate Authority). Certificates are most commonly obtained through generating public and private keys using a public key algorithm like RSA or X.509.
Chapter 10 Ports Menu & Forms This Chapter describes the “Ports” menu and the related forms. The following table provides a description of the left menu panel in the Web Manager and links to the detailed information and procedures. Table 10-1: Expert > Ports Menu Menu Selection Use this menu to: Where Documented Physical Ports Activate or deactivate the serial ports. Set the parameters for each or all ports. Configure specific parameters for the serial ports where IPDU devices are connected.
Ports Menu & Forms Menu Selection Use this menu to: Where Documented Ports Statistics View information on the data reception (Rx bytes) and transmission (Tx bytes) on each physical port. View current CAS user(s), Baud rate, frame, parity, break, and overruns. Page 288 The Ports section of CS configuration in Expert Mode provides the following menu choices: • Physical Ports – Allows you to view and modify the physical port settings.
Using the forms described in the following sections, you can perform custom configuration of serial ports. Physical Ports When Physical Ports is selected under Ports > Physical Ports in Expert mode, the following form appears. Figure 10-2: Expert > Ports > Physical Ports Using this form you can enable or disable ports, and configure parameters for individual or a group of serial ports.
Ports Menu & Forms tabs Figure 10-3: Expert > Ports > Physical Ports > “Modify .... Ports ” Tab Options T To Select One or More Serial Ports 1 Go to Ports > Physical Ports in Expert mode The Physical Ports form appears. 2 To select a port or ports, do one of the following steps. • To select a single port, click the port. • To select multiple ports in a range, click the first port in the list and then hold down the Shift key while selecting another port or ports.
To Configure Multiple Sessions and Port Sniffing for One or More Serial Ports Page 270 To Configure a Serial Port for IPDU or IPMI Power Management Page 274 To Configure a User for IPDU Power Management While Connected To a Serial Port Page 276 To Configure TCP Port Number, STTY Options, Break Interval, and the Login Banner for a Serial Port Connected to a Console Page 279 T To Enable or Disable Serial Ports 1 Go to Ports > Physical Ports, and select a port or ports to modify.
Ports Menu & Forms Figure 10-4: Expert > Ports > Physical Ports > General Form The General form allows you to define general port settings, connect to an IPDU port, and select the connection type to a serial port (SSH, Telnet, or both). The number(s) of the selected port(s) displays next to the “Done” button at the bottom of the form in the format: “Selected ports #:N,” where N stands for the port number.
Console Access Server (CAS) Profile Connection Protocols When a serial port is connected to the console port on a device, a Console Access Server (CAS) profile must be defined for the serial port. Selecting the appropriate connection protocol on the Ports > Physical Ports > General is part of defining the CAS profile.
Ports Menu & Forms Selecting the appropriate connection protocol on the Ports > Physical Ports > General form is part of defining the TS profile. You can configure serial ports to support computer terminals in the following two ways: • Dedicate a terminal to access a single remote server by means of either Telnet, SSHv1, SSHv2, or Raw Socket connections. • Enable a terminal to access multiple servers through CS.
Table 10-3: Expert > Terminal Server (TS) Connected Protocols (Continued) Protocol Name Result Local Terminal Dedicates a computer terminal that is connected to the selected serial port for connecting to CS. When the attached terminal is powered on, CS opens a Telnet session on itself. The user then can use any of the CS’s Linux commands. You can also create a terminal profile menu, Applications > Terminal Profile Menu that enables the user to quickly launch sessions on any number of remote hosts.
Ports Menu & Forms from a terminal window using the menush_cfg command. You should specify the bidirectional shell command, /bin/menush in the Web Manager, Ports > Physical Ports > Access form. Modem and Power Management Connection Protocols The following table shows the connection protocols for modems or AlterPath PM IPDUs connected to the serial ports.
Figure 10-5: Expert > Ports > Physical Ports > Console Connection Active Tabs 2. Click the General tab. The General form appears with the number(s) of the selected port(s) next to the Done button at the bottom of the form, and all the active tabs in yellow. Figure 10-6: Expert > Ports > Physical Ports > Console Connection 3. To change the connection protocol, select one of the options from the “Connection Protocol” pull-down menu: Console (Telnet), Console (SSH), Console (Telnet & SSH), or Console (Raw).
Ports Menu & Forms Figure 10-7:Connection Protocols > Console 4. If you want to change any of the other current settings, see "To Configure Serial Port Settings to Match the connected devices" on page 257. 5. To further configure the serial port’s connection protocol: • • T For user access and authentication methods see "Access" on page 259. To specify the TCP Port number and other port configuration options see "Other" on page 277.
The General form appears with the number(s) of the selected port(s) next to the Done button at the bottom of the form, and the active tabs highlighted in yellow. Figure 10-9: Expert > Ports > Physical Ports > Bidirectional Telnet Connection 3. To change the connection protocol, select Bidirectional Telnet from the “Connection Protocol” pull-down men.
Ports Menu & Forms 4. If you want to change any of the other current settings, see "To Configure Serial Port Settings to Match the connected devices" on page 257. 5. Go to “Access” tab and configure the following settings: • In the “Authorized Users/Groups” field restrict or deny access to a serial port by specifying one or more users or groups. • From the “Type” pull-down menu, select an authentication type for the serial port. The default is no authentication (Type=None).
The General form appears with the number(s) of the selected port(s) next to the Done button at the bottom of the form, and the active tabs highlighted in yellow. Figure 10-12: Expert > Ports > Physical Ports > Terminal Server Connection 3. To change the connection protocol, select a Terminal Server connection from the “Connection Protocol” pull-down men, “Telnet”, “SSHv1”, “SSHv2”, “Local Terminal”, or “Raw Socket”.
Ports Menu & Forms 4. To configure a terminal to automatically connect to CS, do the following steps. a. Select “Local Terminal” from the “Connection Protocol” pull-down menu. b. Define a terminal profile menu. “Terminal Profile Menu” form is at Expert > Applications > Terminal Profile Menu. 5. To configure a terminal to automatically connect to a server, do the following steps. a. Select “Telnet”, “SSHv1”, “SSHv2”, or “Raw Socket” from the “Connection Protocol” pull-down menu. b.
The General form appears with the number(s) of the selected port(s) next to the Done button at the bottom of the form, and the active tabs highlighted in yellow. Figure 10-15: Expert > Ports > Physical Ports > Modem Connection 3. To change the connection protocol, select one of the options from the “Connection Protocol” pull-down menu: “PPP-No Auth.”, “PPP”, “SLIP”, or “CSLIP”.
Ports Menu & Forms 4. If you want to change any of the other current settings, see "To Configure Serial Port Settings to Match the connected devices" on page 257. 5. To further configure the serial port’s connection protocol: • For user access and authentication methods, see "Access" on page 259. • To specify the TCP Port number, and configure modem initialization and PPP options see "Other" on page 277. 6. If you are finished, click “Done.” 7. Click “apply changes.
Figure 10-18: Expert > Ports > Physical Ports > Power Management Connection 3. To change the connection protocol, select “Power Management” from the “Connection Protocol” pull-down menu. Figure 10-19: Connection Protocols > Power Management 4. Enter a desired name for the IPDU in the “Alias” field.
Ports Menu & Forms 5. Select an access method to the IPDU from the “Allow Access by” dropdown menu. The options are SSH, Telnet, or SSH and Telnet. Selecting an access option activates the “Access” and “Other” tabs. 6. Go to “Access” tab. a. enter the users/groups that are authorized to access the serial port. b. Select an authentication type for the serial port from the pull-down menu.
8. If you are finished, click “Done.” 9. Click “apply changes.” T To Associate an Alias to a Serial Port An alias (name) can be associated to a port when it’s individually selected for modification. To associate an alias to a port perform the following steps. 1. Go to Ports > Physical Ports in Expert mode, select a port to modify, and click the Modify Ports button. 2. Enter the desired string in the Alias field. 3. Click “Done.” 4. Click “apply changes.
Ports Menu & Forms Figure 10-21: Expert > Ports > Physical Ports > Serial Port Settings 2. To change the baud rate, select an option from 2400 to 921600 Kbps from the Baud Rate pull-down menu. The default is 9600, which is the most common baud rate for seriallymanaged devices. 3. To change the flow control, select None, Hardware, or Software from the Flow Control pull-down menu. The default is None. 4. To change the parity, select None, Odd, or Even from the Parity pull-down menu. The default is None. 5.
7. To change whether the “DCD (Data Carrier Detect) State” is disregarded or not, select either “Disregard” or “Regard”. 8. Click “Done.” 9. Click “apply changes.” Access Under Ports > Physical Ports in Expert Mode, after you select one or more serial ports, and click the Modify Port(s), select the Access form from the tabbed menu. The following form appears.
Ports Menu & Forms The following table describes the menu and fields on the Access form. Table 10-5: Expert > Access Form Fields Field Description Authorized Users/Groups Restrict or deny access to a serial port by specifying one or more users or groups. You can deny access to one or more users or groups by entering an exclamation point (!) before the user or group name.
Table 10-5: Expert > Access Form Fields Field Description BidirectionShell Command Specify the menu shell command in this field, for example, /bin/menush and build a custom menu for the TS profile using Web Manager > Applications > Terminal Profile Menu form. This field is available only when a Bidirectional Telnet protocol is selected from Ports > Physical Ports > General > Connection Protocol.
Ports Menu & Forms defined in case the first authentication level fails. See the following table on authentication methods and fallback mechanisms. Table 10-6: Expert > Authentication Methods 262 Authentication Type Definition None No authentication. Kerberos Authentication is performed using a Kerberos server. Kerberos/Local Kerberos authentication is tried first, switching to Local if unsuccessful. KerberosDownLocal Local authentication is performed only when the Kerberos server is down.
T Authentication Type Definition NISDownLocal Local authentication is performed only when the NIS server is down. Radius Authentication is performed using a Radius authentication server. Radius/Local Radius authentication is tried first, switching to Local if unsuccessful. RadiusDownLocal Local authentication is performed only when the Radius server is down. TACACS+ Authentication is performed using a TACACS+ authentication server.
Ports Menu & Forms The following table lists the procedures that apply to each authentication method. Table 10-7: Expert > Procedures to Configure an Authentication Server Authentication Method Where Documented Kerberos, Kerberos/Local, or Kerberos/ DownLocal "To Configure a Kerberos Authentication Server" on page 223. LDAP, LDAP/Local, or LDAP/DownLocal "To Configure an LDAP Authentication Server" on page 221.
There are different fields on this form depending on whether one or both options are enabled. The form displays “Enable Data Buffering” and “Buffer to Syslog” options. If “Enable Data Buffering” is active, the form displays different fields depending on whether “Local” or “Remote” are selected from the “Destination” menu. If “Buffer to Syslog” is checked, data buffer files are sent to the syslog server. Note: Go to Wizard > Step 5:System Log, or Expert > Network > Syslog to set up a syslog server.
Ports Menu & Forms Table 10-8: Expert > Data Buffering Form Fields Field Name Definition Mode (Local Destination) circular or linear. In circular mode, data is written into the specified local data file until the upper limit on the file size is reached; then the data is overwritten starting from the top of the file as additional data comes in. Circular buffering requires the administrator to set up processes to examine the data during the timeframe before the data is overwritten by new data.
T To Configure Data Buffering for Serial Ports Perform this procedure if you want to configure data buffering. Obtain the facility number for the CS from the system administrator of the syslog server. Options range from Local0 to Local7. 1. Go to Ports > Physical Ports in Expert mode, and select a port or ports to modify. 2. Select the Data Buffering tab. The Data Buffering form displays. 3. Select “Enable Data Buffering” and perform the following steps. a.
Ports Menu & Forms • Show data buffering file only • Show without the erase options 4. If you checked “Buffer to Syslog,” perform the following steps. a. Enter the IP address of the syslog server in the “Syslog Server” field. b. Choose an option from the “Facility Number” pull-down menu. Note: Obtain the facility number from the system administrator of the syslog server. Options range from Local0 to Local7. c. Enter the maximum size of the buffer in the “Syslog Buffer Size” field. d.
Figure 10-25:Expert > Port > Physical Ports >Multi User The Multi User form enables you to open more than one session from the same serial port. Multiple users can connect simultaneously to a serial port. To connect to a port or start a shared session, the user must have permission to access the port. If you allow multiple sessions through “Allow Multiple Sessions” drop-down menu, the “Privilege Users” field should be populated with the usernames who have access rights.
Ports Menu & Forms Field Name Definition Notify Users Checkbox to enable notify users of session access. The following table describes the options from the “Allow Multiple Sessions” pull-down menu. Table 10-10: Expert > Options on the “Allow Multiple Sessions” Menu Menu Option Description No Do not allow multiple sessions. Only two users can connect to the same port simultaneously. One shared session and one normal session are allowed.
3. To allow or to prevent multiple sessions, select an option from the “Allow Multiple Sessions” pull-down menu. The options are: “No,” “Yes (show menu),” “Read/Write (do not show menu),” “ReadOnly.” 4. To configure the type of data that displays on the monitor in a port-sharing session, select an option from the “Sniff Mode” pull-down menu. 5. If you have allowed multiple sessions, complete the following fields. a. Add usernames to the “Privilege Users” field. b.
Ports Menu & Forms You can use this form to make it possible for a user who is connected to a device through the selected serial port to perform power management. While connected to the device, the user brings up a power management menu or dialog box by entering a hot key. Note: “Enable power management” on this form refers to IPDU power management, Applications > IPDU Power Mgmt.
Field Name Definition Enable IPMI on this port Check mark to enable IPMI on the selected port(s). IPMI Key (available only if IPMI The key sequence which the authorized user(s) can use to perform IPMI power management. is enabled) The default for IPMI power management is Ctrl+Shift+i (^I) IPMI Server (available only if IPMI is enabled) Select the device configured for IPMI power management. PowerMgmt Port View listbox for the PM enabled ports and the assigned outlet numbers.
Ports Menu & Forms Power management while connected to a port is possible only when one or both of the following conditions are true. • • The device connected to CS is plugged into an AlterPath PM IPDU and is configured for power management. The device connected to CS is a server with an IPMI controller and the server is added to the IPMI device list. To see the list of previously configured IPMI devices, or to add a new IPMI device, go to Applications > IPMI Power Mgmt.
2. To enable Power Management of a device connected to the current port and plugged into a connected IPDU, click “Enable Power Management on this port.” and perform the following steps. a. Select the name of a port configured for power management and click the “Add” button. The “Add Outlet” dialog box appears. b. Enter the outlet number(s) into which the device is connected to separated by commas. c. Click OK. The power management port and the specified outlet numbers display on the PowerMgmt Port list. d.
Ports Menu & Forms 4. Click “Done.” 5. Click “apply changes.” T To Configure a User for IPDU Power Management While Connected To a Serial Port Perform this procedure to allow a user to perform power management on a device while connected to it through one of the CS’s serial ports. 1. Configure a serial port for IPDU power management as described in the previous section. 2. To permit everyone to perform power management on this port, click the “Allow All Users” radio button.
4. Enter a valid username or groupname in the “New User/Group” field, and click “Add.” 5. Click “Done.” 6. Click “apply changes.” Other Under Ports > Physical Ports in Expert Mode, after you select one or more serial ports, and click the Modify Port(s), you can select the Other form from the tabbed menu to configure other options. The following form appears. Figure 10-31:Expert > Ports > Physical Ports > Other Form You can use this form to configure other settings.
Ports Menu & Forms Table 10-12: Expert > Ports > Physical Ports > Other Form Fields 278 Field Name Definition TCP Port The TCP Port number for a serial port. The TCP port numbers by default start from 7001 and increment by +1 up to the number of serial ports that the CS unit has. For example, an CS unit with 8 serial ports have TCP port numbers 7001 through 7008. Port IP Alias A name (alias) for the IP of the selected port.
T Field Name Definition STTY Options Set terminal options. Break Interval Usually 250 to 500 milliseconds. It’s a logical zero on the TXD or RXD lines to reset the communications line. Break Sequence Usually a character sequence ~break (Ctrl-b) Login Banner Enter the text you wish to appear as a login banner when logging into a terminal. Host to Connect This field should be populated with the IP address of the device you are connecting to.
Ports Menu & Forms 3. To change the port number for the serial port, enter another number in the “TCP Port” field. 4. To assign a name to the port’s IP address, enter an alias in the “Port IP Alias” field. (Console connection protocol only) 5. If connecting to a Microsoft Windows Server 2003 operating system through the Emergency Management Services (EMS) console, enable the “Windows EMS”. (Console connection protocol only) 6.
3. To change the port number used to access the serial port, enter another number in the “TCP Port” field. 4. To change the keep-alive interval, enter another number in the “TCP Keep-alive Interval” field. 5. To change the idle timeout interval, enter another value in the “Idle Timeout” field. 6. Specify stty options, if desired, in the “STTY Options” field. 7. To change the break interval, enter a new number in the “Break Interval” field. 8.
Ports Menu & Forms Figure 10-32: Expert > Ports > Virtual Ports The virtual ports form allows you to perform clustering of CS units. The CS clustering is designed to allow a large number of serial ports (up to 1024) to be configured and virtually accessed through one IP address. Note: Clustering only works for ports that are configured as CAS profile. You can use one CS as the “master” unit to control other CS units as “slaves”. The ports on the slave unit(s) appears as if they are part of the master unit.
Figure 10-33: Expert > Ports > Virtual Ports > New/Modify Port Dialog Box The following table describes the fields available in the Virtual Ports New/ Modify Port dialog box. Table 10-13: Expert > New/Modify Port Dialog Box Fields Field Name Definition Number of Ports Number of ports on each slave unit. Choices are 1, 4, 8, 16, 32 and 48. First Local Port Number The first unallocated port number for the slave. For example, if the master unit has 16 ports, ports 1-16 are allocated.
Ports Menu & Forms Field Name Definition First Local TCP Port No. The first TCP port number for the slave. For example, if the master unit has 16 ports, the allocated TCP port numbers to the master are 7001-7016. The “First Local TCP Port No.” is then 7017. This is a virtual TCP port number. Remote IP The IP address of the slave. First Remote TCP Port Number The first TCP port number of the slave. The default is 7001. Protocol The communication protocol used by the slave.
Figure 10-34: Expert > Applications > Connect > Serial pull-down menu T To Cluster CS Units or Modify Cluster Configuration Use this procedure if you want to cluster CS units and add or modify ports. Note: CS boxes should be connected individually to an IP network. The units should not be cascaded. 1. Go to Ports > Virtual Ports in Expert mode, and click the “Add” button to add new slave ports, or click the “Edit” button to edit a slave port. The New/Modify Port dialog box appears.
Ports Menu & Forms This is the first port number on the master, after the last port number on the master. 4. Enter the “Local IP” address. This is the IP address of the master. 5. Enter the “First Local TCP Port Number”. This is the first TCP port number on the master, after the last port number on the master. 6. Enter the “Remote IP” address. This is the IP address of the slave. 7. Enter the “First Remote TCP Port Number”. This is the first TCP port number of the slave. The default is 7001. 8.
Figure 10-36: Expert > Ports > Virtual Ports > New/Modify > Port Names Dialog box Use this form to assign a name or alias to the slave ports in the cluster. Use a naming convention for effective management of the CS units and the connected devices on your network. Ports Status Selecting Ports > Port Status in Expert mode, brings up the following readonly form, which displays tabular serial port status information.
Ports Menu & Forms Figure 10-37: Expert > Ports > Ports Status (Read-Only) The information in the following table is available in the Ports Status readonly form. All users have access to this form. The information on this page gets updated when you click the “Refresh” button. Table 10-14: Expert > Port Status Read-Only Form Column Name Description Port The serial port number. Alias Displays the name (alias) for the serial port if one is assigned by the administrator.
Figure 10-38: Expert > Ports > Port Statistics (Read-Only) The following information is available in the Ports Statistics read-only form. All users have access to this form. The information on this page gets updated when you click the “Refresh” button. Table 10-15: Expert > Ports>Port Status Read-Only Form Column Name Description Port The serial port number. Alias Displays the name (alias) for the serial port if one is assigned by the administrator.
Ports Menu & Forms Column Name Description Parity Error checking bit appended to a data packet. A method of checking the accuracy of transmitted characters. Parity is usually not used, but can be odd or even. A None parity means that data has not exchanged. 290 Break An out-of-band signal on an RS-232 serial port that involves making the Tx data line active for more than two whole character times (or about 2ms on a 9600bps line).
Chapter 11 Administration Menu & Forms This Chapter describes the “Administration” menu and the related forms. The following table provides a description of the left menu panel links to the detailed information and procedures. Table 11-1: Expert > Administration Menu Menu Selection Use this menu to: Where Documented System Information View information on the system hardware, version, file system and PCMCIA cards loaded.
Administration Menu & Forms Menu Selection Use this menu to: Where Documented Boot Configuration Configure CS to boot from its internal firmware or from the network. Page 307 This section defines the settings for loading the operating system in the event that the CS fails to boot successfully. CS can boot from its internal firmware or from the network. Backup Config Configure an FTP server to save Page 310 and retrieve your CS configuration, or choose a storage device to store your configuration.
Figure 11-1: Expert > Administration > System Information You can use the form to view the information shown in the following table.
Administration Menu & Forms Table 11-2: System Information 294 Information Parameters System • • • • Kernel Version Current Date Up Time Power Supply State CPU • • • • CPU Type Clock Speed Revision Bogomips Memory • • • • • • • • • • • • • • • • • • • • • • • MemTotal MemFree Buffers Cached SwapCached Active Inactive HighTotal HighFree LowTotal LowFree SwapTotal SwapFree Dirty Writeback Mapped Slab CommitLimit Committed_AS PageTables VmallocTotal VmallocUsed VmallocChunk
Table 11-2: System Information Information Parameters PCMCIA Socket 0 and Socket 1 Identification, Configuration, and Status RAMDisk Usage T • • • • • • Filesystem 1k-blocks Used Available Use% Mounted To View System Information 1. Go to Administration > System Information in Expert mode. The System Information form appears. 2. To view all the information scroll down the form. Notifications Selecting Administration > Notifications in Expert mode brings up the following form.
Administration Menu & Forms Figure 11-2: Expert > Administration > Notifications You can use this form to set up alarm notifications about system issues, problems, or other events of interest that occur on the devices that are connected to the serial ports. You can configure notifications to be sent to users through email, pager or SNMP traps. The following table describes the available fields in the “Notifications” form.
Clicking the Add button or selecting a previously specified event and clicking the Edit button brings up the “Notifications Entry” dialog box. The form allows you to define alarm trigger actions and specify how to handle them. Different fields appear on the dialog boxes depending on whether Email, Pager, or SNMP trap notification have been selected from the “Notifications” form. T To Choose a Method for Sending Notifications for Serial Port Data Buffering Events 1.
Administration Menu & Forms Figure 11-3: Expert > Administration > Notifications > Email > Add/Edit Dialog box The following table describes the available fields in the email notification entry dialog box. Table 11-4: Expert > Email Notifications Dialog Box Fields 298 Field Name Definition Alarm Trigger The trigger expression used to generate an alarm.
T Field Name Definition [untitled dropdown field] The first time you specify an alarm trigger the pull-down menu is empty. A new trigger gets listed in the menu after it is created. To/From/Subject/ Body The email for the designated recipient of the alarm notification. SMTP Server IP The IP address of the SMTP server. SMTP Port The port used by the SMTP server. To Configure a Trigger for Email Notification for Serial Ports 1.
Administration Menu & Forms Pager Notifications Entry When you go to Administration > Notifications, select “Pager” from the pulldown menu, and click on “Add” or “Edit” button the following dialog box appears.
The following table describes the available fields in the pager notification entry dialog box. Table 11-5: Expert > Pager Notifications Dialog Box T Field Name Definition Alarm Trigger The trigger expression used to generate an alarm. [untitled dropdown field] The first time you specify an alarm trigger the pull-down menu is empty. A new trigger gets listed in the menu after it is created. Pager Number The pager number of the notification recipient. Text The text message for the pager.
Administration Menu & Forms 6. Enter or change the Short Message Services (SMS) username, the SMS server’s IP address or name, and the SMS port number in the “SMS User Name,” “SMS Server,” and “SMS Port” fields respectively. 7. Click “OK.” 8. Click “apply changes.” SNMP Trap Notifications Entry When you go to Administration > Notifications, select “SNMP Trap” from the pull-down menu, and click on “Add” or “Edit” button the following dialog box appears.
Figure 11-5: Expert > Administration > Notifications > SNMP Trap > Add/ Edit Dialog box SNMP traps are event notifications that are sent to a list of responsible parties that are set up to receive alerts for the managed systems. Any SNMP enabled device generates Fault Reports (Traps) that are defined in the Management Information Base (MIB). The trap definition varies with the SNMPv1 and SNMPv2, which defines the messaging format.
Administration Menu & Forms T To Configure a Trigger for SNMP Trap Notification for Serial Ports 1. Go to Administration > Notifications in Expert mode, select SNMP Trap from the pull-down menu. If desired, enable “Notification Alarm for Data Buffering” for an alarm to sound when the trigger action occurs; and click either Add or Edit. The “Notifications Entry” dialog box appears 2. Specify the event you want to trigger a notification in the “Alarm Trigger” field. 3.
3. Select Email, Pager, or SNMP Trap from the pull-down menu. 4. Click the Add button. 5. Enter “Port” in the Alarm Trigger field. 6. Configure the parameters selected in step 3, Email, Pager, or SNMP Trap. See “Notifications” on page 295. 7. Click “OK.” 8. Click “apply Changes.” Time/Date Selecting Administration > Time/Date in Expert mode brings up the form shown in the following figure.
Administration Menu & Forms Figure 11-7: Expert > Administration > Time/Date > NTP Enable Setting Time and Date with NTP NTP (Network Time Protocol) is an Internet standard protocol which enables your system clock to be synchronized with the true time, defined as the average of many high-accuracy clocks around the world. NTP is disabled by default. T To Manually Set the Time and Date 1. Go to Administration > Time/Date in Expert mode. The Time/Date form appears. 2.
4. Type the IP address of the NTP server in the “NTP Server” field. 5. Click “OK.” 6. Click “apply changes.” Boot Configuration Selecting Administration > Boot Configuration in Expert mode brings up the form shown in the following figure. Figure 11-8: Expert > Administration > Boot Configuration Boot configuration defines the location from where CS loads the operating system. The CS can boot from its internal firmware or from the network. By default, CS boots from flash memory.
Administration Menu & Forms The following table describes the boot configuration form fields. Table 11-7: Expert > Boot Configuration Form Fields Field Name Definition IP Address assigned to Ethernet A fixed IP address or a DHCP assigned IP address to the CS unit. Watchdog Timer Whether the watchdog timer is active or Inactive. If the watchdog timer is active, the CS reboots if the software crashes. Unit boot from Specify whether to boot CS from flash or from the network.
Table 11-7: Expert > Boot Configuration Form Fields T Field Name Definition Fast Ethernet Max. Interrupt Events The maximum number of packets that the CPU handles before an interrupt (0 is the default). To Configure CS Boot 1. Go to Administration > Boot Configuration in Expert mode. The Boot Configuration form appears. 2. Enter the IP address of the CS in the “IP Address assigned to Ethernet” field. 3. Accept or change the selected option in the “Watchdog Timer” field. 4.
Administration Menu & Forms 8. Click “apply changes.” Backup Configuration Selecting Administration > Backup Config in Expert mode brings up the form shown in the following figure. Figure 11-9: Expert > Administration > Backup Config The “Type” pull-down menu options on this form are “FTP” and “Storage Device.” The storage device can be either a compact flash or an IDE PCMCIA drive. • • 310 Use an FTP server to save and retrieve your CS configuration.
The following table describes the available fields and buttons in the “Backup Config” form if “FTP” is selected. Table 11-8: Expert > Backup Config Type FTP Form Fields and Buttons Field Definition Server IP IP address of an FTP server on the same subnet as the CS. (Verify accessibility by pinging the FTP server.) Path and Filename Path of a directory on the FTP server where you have write access for saving the backup copy of the configuration file.
Administration Menu & Forms Figure 11-10: Expert > Administration > Backup Config > Storage Device The following table describes the available fields when “Storage Device” is selected from the “Type” drop-down menu. Table 11-9: Expert > Backup Config Type Storage Device Form T Field Name Definition Default Configuration The system saves the configuration in the storage device but does not override the internal flash configuration after reboot.
directory path. For example, /upload/zvmppccs.0720_qa.csk26. 5. Enter the username and password provided by your system administrator for the FTP server. 6. To backup a copy of the current configuration files, press the “Save” button. 7. To download a previously saved copy of the configuration files, press the “Load” button. T To Back Up or Restore the Configuration Files using a Storage Device 1. Go to Administration > Backup Config in Expert mode. The Backup Config form appears. 1.
Administration Menu & Forms Figure 11-11: Expert > Administration > Upgrade Firmware You can use this form to configure an automated upgrade of the CS’s firmware which includes the Kernel, applications, and configuration files. The firmware is upgradeable using an FTP server. You can upgrade the firmware directly through BLACK BOX®’ FTP site at ftp://ftp.blackbox.com/lan/ Term-Servers/, or download the new firmware to a local FTP server and upgrade from there.
Field/Menu Name Definition FTP Site The URL of the FTP server where the firmware is located. This can be a local FTP server, or the BLACK BOX®’ FTP site at ftp://ftp.blackbox.com/lan/Term-Servers/ Username Username recognized by the ftp server. Password Password associated with the username for the ftp server. Path and File Name The pathname of the firmware on the ftp server. Run Checksum T For example, /blackbox/lan/Term-Servers/ LS1016A_LS1032A/v230/zvmppcbb.
Administration Menu & Forms Reboot Selecting Administration > Reboot in Expert mode brings up the form shown in the following figure. Figure 11-12: Expert > Administration > Reboot Clicking the “Reboot” button reboots the CS. T To Reboot the CS 1. Go to Administration > Reboot in Expert mode. 2. Click the “Reboot” button. A confirmation dialog box appears. 3. Click OK.
Online Help Selecting Administration > Online Help in Expert mode brings up the form shown in the following figure. Figure 11-13:Expert > Administration > Online Help BLACK BOX® host the online-help on an FTP server accessible from the Internet. The path to the BLACK BOX® FTP server is configured by default on CS and is viewable in the “Online Help Path” field as http:// www.blackbox.com/.
Administration Menu & Forms 3. In the “Online Help Path” field configure the path to the location of the documenation on your local server. Note: When a directory path is ended with a “/”, the firmware appends the product name and verison. For example, http://www.myserver.com/online-help/ would be http://www.myserver.
Appendix A Technical Specifications The following table lists the Advanced Console Server hardware specifications CPU MPC855T (PowerPC Dual-CPU) Memory 128MB DIMM SDRAM / 16MB CompactFlash Interfaces 1 Ethernet 10/100BT on RJ45 1 RS232 Console on RJ45 RS232 Serial Ports on RJ45 PCMCIA slots supporting: Secondary Ethernet, Wireless networking, CDMA, GPRS, GSM, V.90 modems, ISDN.
Technical Specifications Certification FCC Part 15, A EN55022, A (CE) EN55024 UL 1950 Solaris Ready™ 320
Appendix B Safety, Regulatory, and Compliance Information The following Safety Information for Advanced Console Server are described in this appendix.
Safety, Regulatory, and Compliance Information Temperature The manufacturer's maximum recommended ambient temperature for the Advanced Console Server is 122 ºF (50 ºC). Elevated Operating Ambient Temperature If the CS is installed in a closed or multi-unit rack assembly, the operating ambient temperature of the rack environment may be greater than room ambient temperature.
Safety Precautions for Operating the Advanced Console Server Caution: Do not operate your Advanced Console Server with the cover removed. Caution: To avoid shorting out your Advanced Console Server when disconnecting the network cable, first unplug the cable from the Host Server, unplug external power (if applicable) from the equipment, and then unplug the cable from the network jack.
Safety, Regulatory, and Compliance Information 0.75 mm2 or above cable to connect the DC configured unit to the Centralized D.C. Power Systems. Install the required double-pole, single-throw, DC rated UL Listed circuit breaker between the power source and the Advanced Console Server DC version. Minimum Breaker Rating: 2A. Required conductor size: 18 AWG.
FCC Warning Statement Caution: Bei Einsetzen einer falschen Batterie besteht Explosionsgefahr. Ersetzen Sie die Batterie nur durch den gleichen oder vom Hersteller empfohlenen Batterietyp. Entsorgen Sie die benutzten Batterien nach den Anweisungen des Herstellers. FCC Warning Statement The Advanced Console Server has been tested and found to comply with the limits for Class A digital devices, pursuant to Part 15 of the FCC rules.
Safety, Regulatory, and Compliance Information Aviso de Precaución S-Mark Argentina Por favor de leer todos los avisos de precaución como medida preventiva para el operador y el Advanced Console Server. Caution: No hacer funcionar el Advanced Console Server con la tapa abierta. Caution: Para prevenir un corto circuito en el Advanced Console Server al desconectarlo de la red, primero desconectar el cable del equipo y luego el cable que conecta a la red.
Trabajar dentro del Advanced Console Server 1999. Para conectar la corriente directa (CD) al sistema, utilice cable de 0.75 mm (18 AWG). Instalar el interruptor corriente directa (CD) aprobado por UL entre la fuente de alimentación y el Advanced Console Server. El limite mínimo del interruptor deberá ser 2 amperes, con conductor de 0.75 mm (18 AWG).
Safety, Regulatory, and Compliance Information 328
Appendix C Supported PCMCIA Cards BLACK BOX® CS supports the PCMCIA cards listed in the table below. Note that some PCMCIA cards have been discontinued by their manufacturers and are marked accordingly.
Supported PCMCIA Cards Table C-1: Supported PCMCIA Cards Brand Model 10/100BT Ethernet& V.90 (56k) Modem Combo Xircom XEM5600 10/100BT Ethernet and 56k V.90 modem combination (Discontinued) 802.11b Wireless Ethernet Proxim ORiNOCO 11b Client PC Gold Card - 8410-WD (Discontinued) Linksys Instant Wireless Network PC Card - WPC11 Ver.3 Fiber Optic Danpex 1300C FX100BT SC Danpex 1300C FX100BT ST V.90 (56k) Modem Xircom XM5600 56K Modem PC Card Zoom Modem V.
Table C-1: Supported PCMCIA Cards Brand Model Compact Flash2 SanDisk 64MB CF Memory + Adapter (Discontinued) St.
Supported PCMCIA Cards 332
Glossary Authentication The process by which a user’s identity is checked within the network to ensure that the user has access to the requested resources. Basic In/Out System Chips on the motherboard of a computer contain read only (BIOS) memory instructions that are used to start up a computer. The operating system of a PC also makes use of BIOS instructions and settings to access hardware components such as a disk drive.
Glossary 334 BogoMips BogoMips (from "bogus" and MIPS). Unscientific measurement of CPU speed made by the Linux kernel when it boots to calibrate an internal busy-loop. Bonding (Linux) Ability to detect communication failure transparently, and switch from one LAN connection to another. The Linux bonding driver has the ability to detect link failure and reroute network traffic around a failed link in a manner transparent to the application.
assigning IP addresses without using the standard IP address classes like Class A, Class B or Class C. In CIDR notation, an IP address is represented as A.B.C.D /n, where "/n" is called the IP prefix or network prefix. The IP prefix identifies the number of significant bits used to identify a network. For example, 192.9.205.22 /18 means, the first 18 bits are used to represent the network and the remaining 14 bits are used to identify hosts. Common prefixes are 8, 16, 24, and 32.
Glossary Console Terminal used to configure network devices at boot (start-up) time. Also used to refer to the keyboard, video and mouse user interface to a server. Console Port Most of the equipment in a data center (servers, routers, switches, UPS, PBX, etc.) has a serial console port for out-ofband management purposes. DHCP Dynamic Host Configuration Protocol. A protocol for automatic TCP/IP configuration that provides static and dynamic address allocation and management.
than one machine. Usually, all of the machines on a given Network will have the same thing as the right-hand portion of their Domain Names (matisse.net in the examples above). It is also possible for a Domain Name to exist but not be connected to an actual machine. This is often done so that a group or business can have an Internet e-mail address without having to establish a real Internet site. In these cases, some real Internet machine must handle the mail on behalf of the listed Domain Name.
Glossary Flow Control A method of controlling the amount of data that two devices exchange. In data communications, flow control prevents one modem from "flooding" the other with data. If data comes in faster than it can be processed, the receiving side stores the data in a buffer. When the buffer is nearly full, the receiving side signals the sending side to stop until the buffer has space again.
Each address has a network number, an optional sub network number and a host number. The first two numbers are used for routing, while the host number addresses an individual host within the network or sub network. A subnet mask is used to extract network and sub network information from the IP address. IP packet filtering This is a set of facilities in network equipment that allows the filtering of data packets based on source/destination addresses, protocol, TCP port number and other parameters.
Glossary After a client and server has used Kerberos to prove their identity, they can also encrypt all of their communications to assure privacy and data integrity as they go about their business. LDAP Lightweight Directory Access Protocol. A software protocol for enabling anyone to locate organizations, individuals, and other resources such as files and devices in a network, whether on the Internet or on a corporate intranet.
Trial and error is the only sure way of finding the optimal MTU, but there are some guidelines that can help. For example, the MTU of many PPP connections is 576, so if you connect to the Internet via PPP, you might want to set your machine's MTU to 576 too. Most Ethernet networks, on the other hand, have an MTU of 1500.
Glossary 255.255.255.0), however, its value is needed to be understood as a 32-bit number with certain number of ones on the left end and zeros as the rest. The mask cannot have an arbitrary value. The primary function of a subnet mask is to define the number of IP hosts that participate in an IP subnet. Computers in the same IP subnet should not require a router for network communication.
initial 1 in this OID is directly below root. This is called an absolute OID. However, a path to the variable may be specified relative to some node in the OID tree. For example, 2.1.1.7 specifies the sysContact object in the system group, relative to the Internet (.1.3.6.1) node in the OID tree. This is called a relative OID. Off-Line Data Buffering This is a CAS feature that allows capture of console data even when there is no one connected to the port. OID See Object Identifier.
Glossary developed a standard for small, credit card-sized devices, called PC Cards. Originally designed for adding memory to portable computers, the PCMCIA standard has been expanded several times and is now suitable for many types of devices including network cards (NICs). The PCMCIA 2.1 Standard was published in 1993. As a result, PC users can be assured of standard attachments for any peripheral device that follows the standard.
service. RADIUS allows a company to maintain user profiles in a central database that all remote servers can share. RISC Reduced Instruction Set Computer. This describes a computer processor architecture that uses a reduced set of instructions (and achieves performance by executing those instructions very fast.) Most UNIX servers (Sun Sparc, HP, IBM RS6000, Compaq Alpha) were designed with a processor using a RISC architecture. The Intel ® x86 architecture.
Glossary sending messages, called protocol data units (PDUs), to different parts of a network. SNMP-compliant devices, called agents, store data about themselves in Management Information Bases (MIBs) and return this data to the SNMP requesters. (Source: Webopedia) SNMP Traps Notifications or Event Reports are occurrences of Events in a Managed system, sent to a list of managers configured to receive Events for that managed system. These Event Reports are called Traps in SNMP.
characteristics, usually those that differ from implementationdependent defaults. Otherwise, it modifies the terminal state according to the specified operands. TACACS Terminal Access Controller Access Control System. Authentication protocol, developed by the DDN community, that provides remote access authentication and related services, such as event logging. User passwords are administered in a central database rather than in individual routers, providing an easily scalable network security solution.
Glossary terminal servers are sometimes used as console access servers. TTY 1. In Unix, refers to any terminal; sometimes used to refer to the particular terminal controlling a given job (it is also the name of a Unix command which outputs the name of the current controlling terminal). 2. Also in Unix, any serial port, whether or not the device connected to it is a terminal; so called because under Unix such devices have names of the form tty.
The timer can also be used for other purposes, for example, to actuate the refresh (or reload) button in a Web browser if a Web site does not fully load after a certain length of time following the entry of a Uniform Resource Locator (URL).
Glossary 350
Index A access 259 allow SSH root 79, 228 root 345 SSH root 118 access requirements, port 54 access server (CAS) profile, console 243 (CAS), console 242, 335 access to connected devices configuring 23 planning 22 accessing CS 8 accessing the web manager, other methods of 45 action, boot 180 active ports sessions 212 add rule 15 adding a group 210 a user 209 users 44 admin 208 administering users 22 administration menu & forms 291 administrative modes, overview of 73 administrator forms, common features o
Index raccess 220 user 220 authorized users/groups 260 authtype 215, 216 bumpon protect pads 31 buzzer 59, 125 bytes, RX 289 bytes, TX 289 B C backup configuration 310 banner, console 154 banner, login 279 basic installation procedures 34 battery, replacing 324 baud rate 89, 289, 333 bidirectional 246 bidirectional Telnet 242 bidirectionlogin timeout 260 bidirectionshell command 261 biometric authentication 278 BIOS 333 Black Box CS, connectors on the 8 BogoMips 334 bonding 155, 334 boot action 180 boo
boot 307 firewall 186 configuring access to connected devices 23 authentication for CS logins 215 authentication servers 216 CDMA PCMCIA cards 174 compact flash PCMCIA cards 170 CS in Expert mode 105 CS in Wizard mode 77 Ethernet PCMCIA cards 169 GSM PCMCIA cards 166 ISDN PCMCIA cards 164 modem PCMCIA cards 161 network parameters 38 ports 44 ports for power management 25 ports for power management using CLI access server CAS 242, 335 access server CAS profile 243 banner 154 raw 243 SSH 243 Telnet 243 Telne
Index File Size 99 Local files 99 Mode 98 NFS File Path 99 off-line 343 Remote server 99 time stamp 99, 266 data size 89 data buffering events 297 default IPaddress 45 default, security profile 43 destination local 266 port 16 remote 266 detected maximum 126 DHCP 45, 66, 336 DNS server 154, 336 document organization 1 documentation CD 28 documents, related 3 domain name 154, 336 dynamic mode support 79, 228 E ejecting PCMCIA cards 176 email notification 299 email notifications 297 emergency management ser
FTP site 315 G gateway IP 154 Group Authorization on LDAP 222 Group Authorization on RADIUS 219 group, adding 210 groups, users 208 GSM 8 GSM PCMCIA cards, configuring 166 H hard disk, IDE 159 host name 153 host settings 152 host table 201 host to connect 279 hotkey 269 hotkeys 4 hot-swap 338 http 79, 228 http redirection to https 79, 228 https 79, 228 I ICMP 80, 229, 338 ICMP protocol 17 icons, power management 135 IDE 310 IDE hard disk 159 IDE timeout 278 identifiers (OID), object 342 info, view IPDUs
Index K keep-alive interval, TCP 278, 347 Kerberos 11, 224, 262, 339 Kerberos/local 11, 217, 262 Kerberosdownlocal 11, 217, 262 key, IPMI 273 key, power management 273 key, RSA 179 L LDAP 11, 217, 262, 340 LDAP/local 11, 217, 262 LDAPdownlocal 11, 217, 262 local destination 266 local IP 162, 283 local port number 283 local TCP port number 284 local terminal 245 local/NIS 12, 218, 262 local/radius 11, 217, 262 local/TACACS+ 12, 217, 262 log level 197 log prefix 197 logging into the web manager 70 logging t
N navigation shortcuts 4 NEBS 341 NEBS certification 324 network mask 154, 341 network menu & forms 151 network parameters, configuring 38 nexthop 179 NFS 342 NFS file path 266 NIS 12, 218, 262 NIS/local 12, 218, 262 NISdownlocal 12, 218, 263 notification alarm 304 email 299 pager 301 serial ports alarm 304 SNMP trap 304 notifications 21, 295 NTP 224, 305, 342 server, using 306 setting time and date 306 setting time and date with 306 number local TCP port 284 remote TCP port 284 trap 303 O object identifie
Index PCPU processing time 213 physical ports 239 planning access to connected devices 22 plug-in, Java 33 PM IPDUs, connecting AltherPath 47 port 344 destination 16 powermgmt 273 source 16 TCP 278 port access requirements 54 port IP alias 278 port number local 283 local TCP 284 remote TCP 284 TCP 55 ports configuring 44 enabling 44 for power management, configuring 25 menu & forms 237 physical 239 statistics 288 status 287 virtual 281 power management 23, 246 configuring 24 configuring ports for 25 connec
RAS 242 RAS, modem 242 raw socket 245 raw, console 243 reboot 316 reboot the CS 316 record time stamp 266 regular user 208 regular user forms 51 regular users, web manager 49 related documents 3 remote destination 266 remote IP 162, 284 remote TCP port number 284 replacing the battery 324 requirements, port access 54 requirements, pre-installation 32 RISC 345 root 8, 10, 38 access 345 access, allow SSH 79, 228 access, SSH 118 routes, static 202 routing table 345 RPC 80, 229, 345 RS232 signal 288 RSA key 179
Index SNMP traps 346 SNMP, simple network management protocol 181 SNMPv1 303 SNMPv2 303 SSH (secure shell) 346 SSH root access 118 SSH root access, allow 79, 228 SSH, console 243 SSH, secure shell 345 SSHv1 79, 228, 244 SSHv2 79, 228, 244 SSL certificate 236 static routes 202 statistics, ports 288 status, ports 287 stop bit 346 stop bits 89 storage device 310 storage device, using 313 straight-thru cable 30 structure of IP filtering 13 stty 346 stty options 279 subnet 179 subnet mask 346 sun/netra 29 swapc
trap notification, SNMP 304 trap number 303 traps, SNMP 346 trigger, alarm 298 TS profile connection protocols, terminal server 243 TS, terminal server 242 TTY 213, 348 TX bytes 289 typographic and other conventions 3 U UDP 348 UDP protocol 17 updelay 155 upgrade CS’s firmware 315 firmware 4, 313 software 131 usage, CPU 213 user adding 209 multi 268 regular 208 user authorization 220 user forms, regular 51 users adding 44 administering 22 assigning 44 privilege 269 types of 10 users and groups 208 users ma
Index X X.
