Dominion SX User Guide 3.2.0 Copyright © 2010 Raritan, Inc. DSX-v3.
This document contains proprietary information that is protected by copyright. All rights reserved. No part of this document may be photocopied, reproduced, or translated into another language without express prior written consent of Raritan, Inc. © Copyright 2010 Raritan, Inc. All third-party software and hardware mentioned in this document are registered trademarks or trademarks of and are the property of their respective holders.
To avoid potentially fatal shock hazard and possible damage to Raritan equipment: Do not use a 2-wire power cord in any product configuration. Test AC outlets at your computer and monitor for proper polarity and grounding. Use only with grounded outlets at both the computer and monitor. When using a backup UPS, power the computer, monitor and appliance off the supply.
Contents How to - Dominion SX Essentials xiv Case 1. Upgrading SX Firmware via Web Browser.....................................................................xiv Case 2. Configuring and Using Direct Port Access via SSH .......................................................xiv Case 3. Using Exclusive Write Access via RSC .......................................................................... xv Case 4. Configuring LDAP ...................................................................................
Contents Chapter 4 Initial Software Configuration 16 Dominion SX Initial Software Configuration ................................................................................. 16 Date / Time Configuration.................................................................................................. 18 Network Configuration ....................................................................................................... 19 Deployment .............................................................
Contents Chapter 7 Remote Authentication 38 Configuring RADIUS .................................................................................................................... 38 Configuring LDAP ........................................................................................................................ 39 Configuring TACACS+ .................................................................................................................
Contents View a Certificate Authority ............................................................................................... 87 Manage the Client Certificate Revocation List (CRL) ........................................................ 87 Add a New Certificate Revocation List to the SX .............................................................. 87 Delete a Certificate Revocation List from the SX ..............................................................
Contents Performing a Factory Reset on the SX ...................................................................................... 111 Rebooting the SX ....................................................................................................................... 111 Chapter 12 Diagnostics 112 Network Infrastructure Tools ...................................................................................................... 112 Status of Active Network Interfaces ...............................
Contents Administering the Dominion SX Console Server Configuration Commands ............................. 136 Configuring Events..................................................................................................................... 136 Configuring Log.......................................................................................................................... 137 Cleareventlog Command ................................................................................................
Contents Adduser Command .......................................................................................................... 169 Deletegroup Command ................................................................................................... 170 Deleteuser Command ...................................................................................................... 170 Editgroup Command ........................................................................................................
Contents Chapter 14 Intelligent Platform Management Interface 200 Discover IPMI Devices ............................................................................................................... 201 IPMI Configuration ..................................................................................................................... 202 Chapter 15 Power Control 205 Port Power Associations ............................................................................................................
Contents Dominion SX Terminal Ports ..................................................................................................... 236 Dominion SX16 and SX32 Terminal Ports................................................................................. 237 Appendix B System Defaults 239 Initiate Port Access .................................................................................................................... 240 Supported Character Length of Various Field Types ....................
Contents TACACS+ Server Configuration ................................................................................................ 259 CiscoSecure ACS ...................................................................................................................... 260 Active Directory .......................................................................................................................... 263 Appendix E Modem Configuration 264 Client Dial-Up Networking Configuration ...........
How to - Dominion SX Essentials This chapter includes 10 of the most common cases to help quickly familiarize users with practical operation on Dominion SX units. Note that data entered in the cases are created as examples, and could vary upon different situations. Case 1. Upgrading SX Firmware via Web Browser To upgrade SX firmware version for enhanced features or service patches: 1. Check Raritan support website for availability of latest firmware version: (http://www.raritan.
How to - Dominion SX Essentials 3. Edit the DPA SSH TCP Port to which SSH client will connect, and then click OK. 4. Log in to Dominion SX through a web browser. On the Setup > Services page, select TCP port on Direct Port Access Mode, and then click OK. 5. Launch the SSH client, such as Plink or PuTTY. Enter the IP address and change the default TCP Port to connect to the port enabled (for example, plink -ssh -P 2203 192.168.51.9). See Direct Port Access (on page 46) for details. Case 3.
Chapter 1: How to - Dominion SX Essentials 3. Click OK. See Configuring LDAP (on page 39) for details. Case 5. Creating Power Association Group To associate the target server with more than one power outlets physically connected to it: 1. After logging in to SX via a web browser, make sure a power strip has been configured previously (To add a power strip: choose Setup > Power Strip Configuration. See Power Strip Configuration (on page 207) for details).
How to - Dominion SX Essentials Case 6. Performing Factory Reset on SX To set SX configuration back to factory defaults through the GUI: 1. Log in to SX via a web browser with your login username and password, such as (admin/raritan). 2. Choose Maintenance > Factory Reset. You will be prompted to confirm your decision. 3. Do not power off SX unit as it reboots with default configuration. 4. You will be re-directed to the login page after the unit is rebooted.
Chapter 1: How to - Dominion SX Essentials 2. Choose the Port Access Tab, and click the port name you wish to access, for example, Port 1. 3. Select YES to proceed through security warning(s). 4. The Raritan Serial Console (RSC) will be launched in a separate window - press the Enter key to "wake up" session. 5. Type in target system's native commands in the RSC window/console. 6. Choose Emulator > Exit. Click YES on the confirmation dialog to exit and the RSC window will close.
How to - Dominion SX Essentials e. The console will display all the ports on the SX unit with port numbers. f. Enter a port number at the prompt, for example: admin> 1 g. To return to the SX console, enter the escape sequence characters. For example, simultaneously press the control and closed bracket key (]). h. To exit the target serial console session, enter the letter "q" to quit. You will be re-directed to the SX console, and the port serial console session is now closed. 2.
Chapter 1 Preface The Dominion SX User Guide provides the information needed to install, set up and configure, access devices such as routers, servers, switches, VPNs, and power strips, manage users and security, and maintain and diagnose the Dominion SX secure console server. In This Chapter Audience ....................................................................................................1 Conventions .............................................................................................
Chapter 1: Preface Acronym CSC Meaning Common Socket Connection DPA Direct Port Access HTTP Hypertext Transfer Protocol HTTPS HTTP Secure (over SSL) LAN Local Area Network LDAP Lightweight Directory Access Protocol LDAP/S Lightweight Directory Access Protocol/Secure NFS Network File System NTP Network Time Protocol PPP Point to Point Protocol RADIUS Remote Authentication Dial In User Service RSC Raritan Serial Console SMTP Simple Mail Transfer Protocol SSH Secure Shell SSL Secu
Chapter 2 Introduction In This Chapter Dominion SX Overview..............................................................................3 Product Features .......................................................................................4 Package Contents .....................................................................................
Chapter 2: Introduction Product Features Comprehensive Console Management 4 Remote Management: Access, monitor, administer, and troubleshoot up to 48 target devices (depending on the model) via Secure Socket Shell (SSH), Telnet, Local Port, or Web browser with only one IP address. Direct Port Access via TCP/IP address per port; or one IP address and TCP Port numbers. Notification: Create notification messages by email alerts.
Chapter 2: Introduction Strong Security and User-Authentication SSHv2 Support Encryption Security: 128-bit SSL handshake protocol and RC4 encryption. User Authentication Security: local database, remote authentication Supports RADIUS, TACACS+, LDAP, LDAP(S), Microsoft Active Directory®, and NTP. Supports user-defined and installable security Certificates. Reliable Connectivity Optional Modem Connectivity: For emergency remote access if the network has failed.
Chapter 2: Introduction Package Contents Each Dominion SX ships with the following: 6 (1) Dominion SX unit with mounting kit (rack-mount kit is optional on some units) (1) Raritan Dominion SX User Guide CD-ROM, which contains the installation and operations information for the Dominion SX (1) Printed Dominion SX Quick Setup Guide (1) Power cord (1) Release Notes (1) Packing List page (1) RJ45 serial loop-back plug (1) DB9 Factory Reset Adapter for some units (Other units ha
Chapter 3 Installation There are two ways of completing the initial network installation of the Dominion SX: Using a serial cable with a VT100/equivalent, such as a PC with HyperTerminal Using Ethernet (with an installation computer) This section describes the steps necessary to configure Dominion SX for use on a local area network (LAN). The following table describes the factory default network settings that come with the Dominion SX.
Chapter 3: Installation Pre-Installation Ensure that you have the correct cabling ready to connect to the serial consoles of the target server(s) or other serially managed devices that provide a console port. The following sections describe information that you must supply to complete the configuration of the Dominion SX. Obtain all required configuration information prior to performing the configuration steps. If you are uncertain of any information, contact your system administrator for assistance.
Chapter 3: Installation 5. Connect the female end of the external power cord to the back of the chassis. 6. Connect the male end of the external power cord to the power supply outlet. 7. Power ON the Dominion SX unit. Note: The unit will perform a hardware and firmware self-test, then start the software boot sequence, which takes a short time. It is complete when the light turns on and remains on.
Chapter 3: Installation UNIX (including Sun Solaris) system: route add 192.168.0.192 -interface. [Example: route add 192.168.0.192 15.128.122.12 -interface] 3. Type ping 192.168.0.192. Go to step 4 if you receive a successful reply from the Dominion SX unit. If an error occurs, verify that the default IP address is entered correctly and that a route to that IP address exists. 4.
Chapter 3: Installation 6. If you click View Certificate on the Security Alert-Certificate page, a Certificate dialog appears. See Security (on page 77) and Appendix C: Certificates (see "Certificates" on page 243) for information about installing certificates.
Chapter 3: Installation The login dialog appears after you finish viewing the security alerts and the Certification Information screen. Log in with the default username admin and password raritan. Use all lowercase letters. 7. After login, the Dominion SX prompts you to change the default password: 8. Type a new secure password then retype it (Remember the new password for next login.) 9. Click OK. The Dominion SX Port Access page opens. (See Initial Software Configuration (on page 16) for details.
Chapter 3: Installation 5. Type a new password, and then retype it (Remember this password). A page opens, showing the Dominion SX unit's status and serial channel ports. Note: If the password entered does not follow the password rules, an error message will appear as a warning. You will be logged out and must start over to set your password. Network Access 1. Ensure that the installation computer has the route for 192.168.0.192 and that it can communicate with IP address 192.168.0.192. 2.
Chapter 3: Installation Network Configuration 1. Type Configuration to change the unit's configuration. 2. Type Network to select the network configuration. 3. Type: admin > Config > Network > interface enable true if lan1 ip 192.16.151.12 mask 255.255.255 gw 192.168.51.12 Upon successfully entering the data, a report will display the new network configuration and you will be prompted to reboot the unit. 4. Type yes to reboot the Dominion SX. 5. Remove the serial cable. 6.
Chapter 3: Installation is the user's assigned group is the user's password is extra information (optional, no spaces) is the user's phone number (optional) is true or false, allowing the user to login or not 2. Type top to return to the top level of the CLI menu.
Chapter 4 Initial Software Configuration After the hardware installation, perform the initial software configuration. Log in to the Dominion SX from either a browser or through a Command Line Interface (see Command Line Interface (on page 116) for CLI information). In This Chapter Dominion SX Initial Software Configuration ............................................16 Deployment .............................................................................................
Chapter 4: Initial Software Configuration 2. Click the Setup tab. The Setup page opens, containing links to the Configuration and Logging pages. Important: After you complete each configuration task, you must return to the Setup tab to perform the next configuration task.
Chapter 4: Initial Software Configuration Date / Time Configuration 1. Choose Setup > Date / Time. The Date / Time Configuration page opens. 2. Select the correct time zone from the UTC Offset drop-down menu. 3. Select one of the following: User Specified Time - Click this radio button and enter the date and time manually in the corresponding fields. Synchronize with NTP Server - Click this radio button and enter the IP address of a Network Time Protocol (NTP) server in the Primary Time Server.
Chapter 4: Initial Software Configuration After you click OK, the system displays one of the following pages: A confirmation page, which contains the settings you chose and a confirmation message at the top of the page. An error page, which contains the original Date / Time page and the error message. Network Configuration 1. Choose Setup > Network. The Network Configuration page opens.
Chapter 4: Initial Software Configuration 3. Select the Mode from the Mode drop-down menu. Default is Auto. 4. Type the Domain Name in the Domain field. 5. Type the Unit Name in the Unit Name field. 6. In the Ports section: Type 5000 or another port number in the CSC Port field. Type 5000 or another port number in the Discovery Port field. 7. Click OK. Dominion SX displays either a confirmation or error page. 1. Click OK when the confirmation window appears.
Chapter 4: Initial Software Configuration Note: The login display should appear verifying that the unit has been properly configured and can be accessed from the network. 6. Log in with username admin and the password you created earlier. 7. On the Home page, click the Setup tab and select the various configuration options for configuring the SX and each console port. Modem Connection (Optional) To configure the SX for a modem connection: 1. Connect a phone line to the modem port. 2.
Chapter 5 Network Settings and Services This chapter explains how to configure the basic network settings for the SX and how to configure the various access protocols (SSH, telnet, and so forth). It also explains how to configure the SX for modem access and how to enable IP forwarding and create static routes. In This Chapter Configuring the Basic Network Settings ..................................................22 Configuring the Network Service Settings ...............................................
Chapter 5: Network Settings and Services Configure the Network Settings of Dominion SX To configure the network settings: 1. Select either None or DHCP from the drop-down menu to determine a method for IP Auto Configuration. The default is DHCP. 2. Type an IP address for the Dominion SX in the IP Address field. 3. Type the subnet mask in the Subnet Mask field. 4. Type the IP address of the gateway router in the Gateway IP Address field. 5. Select the speed from the drop-down menu in the Mode field.
Chapter 5: Network Settings and Services Service HTTPS Default Setting Enabled. The default port is 443. This can be changed. Encryption is set to SSL, but this can be changed to TLS. Telnet Disabled for security reasons. This can be enabled and the port configured. SSH Disabled by default. This can be enabled and the port configured. The configurable option labeled Fixed TCP Window is enabled by default when SSH access is enabled, making SSH connection work under Windows Vista® operating system.
Chapter 5: Network Settings and Services Change Network Service Settings 1. Choose Setup > Services. The Network Service Settings page opens. 2. Make any necessary changes to the appropriate fields.
Chapter 5: Network Settings and Services 3. Fixed TCP Window is checked by default, enabling SSH connection to work under the Windows Vista® operating system. Note: Some Operating Systems may require TCP window scaling for successful SSH connections, in which case, the „Fixed TCP Window‟ option needs to be disabled. Note: Customers experiencing slow SSH connectivity in Dominion SX 3.1.5 or select theDominion SX 3.1.6 after upgrading to Dominion SX 3.1.
Chapter 5: Network Settings and Services c. Select Console Only to allow only console connections. Allows only CLI access through a terminal emulation programs such as Hypertreminal. 4. If you selected All or PPP Only as the modem access mode: a. Type the IP addresses of the Point-to-Point (PPP) server in the PPP Server IP field. The default is 10.0.0.1 b. Type the IP address of the PPP client in the PPP Client IP field. The default is 10.0.0.2. 5. If you selected PPP Only as the modem access mode: a.
Chapter 5: Network Settings and Services Add a New Static Route To add a new Static Route: 1. Choose Setup > Static Routes. The Static Routes page opens, containing an Enable IP Forwarding panel and a Static Routes List. 2. Go to the Static Routes List and click Add New Route. The Static Route page opens. 3. On an SX with one LAN interface, LAN appears automatically in the Interface field. On an SX with two LAN interfaces, select the one you want from the drop-down menu in the Interface field.
Chapter 5: Network Settings and Services 4. Type the IP address, subnet mask, and gateway of the destination host in the Destination, Mask, and Gateway fields. 5. Type the TCP maximum segment size (MSS) in bytes in the MSS field. 6. Type the TCP windows size for connections over this route in bytes in the Window field. 7. Type the initial round trip time (IRTT) for TCP connections over this route in milliseconds (1-12000) in the IRTT field. 8. Select your route type from the Flags drop-down menu.
Chapter 6 User Profiles and Groups This chapter explains how to create and manage user profiles and user groups. In This Chapter Managing User Profiles ...........................................................................30 Managing User Groups ...........................................................................33 Managing User Profiles User profiles serve two purposes: To provide users with a username and password to log into the SX. To associate the user with a user group.
Chapter 6: User Profiles and Groups Dialback number (if one has been defined) User group 3. The User List page also indicates whether the user profile is active or inactive. Create a User Profile To create a new user profile: 1. Choose User Management > User List. The User List page opens (as shown in Display a List of User Profiles (on page 30)). 2. Click Add New User. The New User page opens. 3. Type a login name in the Username field. This is the name the user enters to log into the SX.
Chapter 6: User Profiles and Groups 4. Type the user's full name in the Full Name field. This field is required. 5. Type the user's telephone number in the Dialback field. This field is optional. 6. Type any comments about the user profile in the Information field. This field is to help you identify the profile and is optional. 7. Type the password in the Password field, and then type it again in the Confirm Password field. This field is required.
Chapter 6: User Profiles and Groups Delete a User Profile To delete an existing user profile: 1. Choose User Management > User List. The User List page opens (as shown in Display a List of User Profiles (on page 30)). 2. Click the checkbox to the left of the user profile you want to delete. You can select more than one. 3. Click Delete. You are prompted to confirm the deletion. 4. Click OK. The selected user profiles are deleted.
Chapter 6: User Profiles and Groups 2. Click Add New User Group. The New Group page opens.
Chapter 6: User Profiles and Groups 35
Chapter 6: User Profiles and Groups 3. Type a group name in the Group Name field. You can enter any number of characters up to a maximum of 255. You can enter all letters and numbers, as well as the underscore character (_). The user name is case sensitive. 4. Select the class from the drop-down menu in the Class field. Your choices are: Operator - This is the default.
Chapter 6: User Profiles and Groups 6. Select the ports that the users associated with this group are permitted to access. You can select all ports or you can select any combination of individual ports. 7. Select the ports for which users associated with the group are allowed to access the power commands. Only administrators can access the power strips via CLI directly. 8. Click OK. The user group is created and should appear in the User List page. Modify a User Group To modify an existing user group: 1.
Chapter 7 Remote Authentication This chapter explains how to configure RADIUS, LDAP, and TACACS+ authentication. Tip: If you are setting up remote authentication, it is a good idea to keep local authentication enabled. When an authentication request reaches the SX, it looks to authenticate the user remotely first, and then looks to authenticate the user locally.
Chapter 7: Remote Authentication 2. In the RADIUS panel, click the RADIUS button to enable RADIUS authentication. 3. Under Primary Radius, type the following information: IP address of the RADIUS server Port on which the RADIUS server is listening (default is 1812) Shared secret 4. If you have a backup RADIUS server, enter the same information in the Secondary Radius fields. 5. Click OK. RADIUS authentication is enabled.
Chapter 7: Remote Authentication 5. Type the 'root' point to bind to the server in the Base DN field. This is the same as Directory Manager DN (for example, BaseDn: cn=Directory Manager). 6. Type a string in the Query field. Make sure the same string is added as an attribute in the Search field. For example, if the authorization query string is DominionSX, an attribute named DominionSX must be added under the given domain specified by the Search field.
Chapter 7: Remote Authentication Configuring TACACS+ You can use the Terminal Access Controller Access-Control System Plus (TACACS+) to authenticate SX users instead of using local authentication. To configure TACACS+: 1. Choose Setup > Remote Authentication. The Remote Authentication page opens, displaying a TACACS+ panel. 2. In the TACACS+ panel, click the TACACS+ button to enable TACACS+ authentication. 3.
Chapter 8 Port Configuration and Port Access Application Port configuration allows Administrators to define the serial/console port settings in order to communicate with remote target devices. Note: You can access the Raritan Serial Console (RSC) from the Port page. See Raritan Serial Console (on page 48) for RSC information. In This Chapter Port Keywords .........................................................................................43 Port Configuration..........................................
Chapter 8: Port Configuration and Port Access Application Port Keywords You can create port keywords and associate them with: Events Local/remote syslog messages SNMP traps Port keywords work as a filter. If a keyword is detected, only then will a corresponding message be logged in a local/NFS port log. A corresponding event will be sent via SMTP (if configured) and corresponding trap will be sent via SNMP (if configured).
Chapter 8: Port Configuration and Port Access Application Port Configuration To configure one or more ports: 1. Choose Setup > Port Configuration. The Port Configuration page opens. 2. Select the port(s) you want to configure. You can select one port or several ports, providing that all selected port configurations are identical. To select specific ports, click the checkboxes to the left of the port numbers and then click Edit. To select all ports, click Select All. The Edit Port page opens. 3.
Chapter 8: Port Configuration and Port Access Application Change as follows: Select control from the drop-down menu in the Escape Mode field. Type the character in the Escape Character field. The default for the Dominion SX is ] (closed bracket). Note: See Configuring Ports (on page 153) for details on port configuration commands. 7. Select the terminal emulation type from the drop-down menu in the Emulation field. The choices are: VT100 VT220 VT320 ANSI 8.
Chapter 8: Port Configuration and Port Access Application Note: Anonymous access should be enabled for DPA to succeed. 13. Select from the Multiple Writers drop-down if you want multiple clients to be able to write to the port at the same time. The default behavior is that only one user may have write access to the port at a single time. 14. Click OK. Direct Port Access To configure direct port access: 1. Choose Setup > Services. The Network Service Settings page opens.
Chapter 8: Port Configuration and Port Access Application 9. Reboot the SX unit. This is necessary for the direct port access settings to take effect. Direct Port Access via HTTP You can connect directly to a port on the Dominion SX without having to log in to a GUI interface by using HTTP. To access the a Dominion SX port using HTTP: Use the following address: http:///dpa.
Chapter 8: Port Configuration and Port Access Application Raritan Serial Console Use the following steps to launch the Raritan Serial Console (RSC). 1. Click the Port Access tab. 2. Click the Name of the port you want to access for the RSC, for example, Port1 or Port2. Firefox users will be prompted to enter the personal client certification key. Note: A Security message appears only if you use HTTPS to connect to the RSC. 3. Click Yes. A Warning - Security pop up appears. 4.
Chapter 8: Port Configuration and Port Access Application Java Runtime Environment (JRE) The RSC will function with JRE™ version 1.4.2_05 or later (except for JRE version 1.5.0_02). However, for optimum performance, Raritan recommends using JRE 1.5.0 (except for version 1.5.0_02). Depending on your operating system and browser, it is possible that you must adjust JRE configurations to prevent problems with the system's memory. Note: Raritan does not support JRE version 1.5.0_02 for use with the RSC.
Chapter 8: Port Configuration and Port Access Application Java Tab in JRE 1.5 2. Locate Java Runtime Settings. 3. Insert the values of the Java Runtime Parameters using the syntax in the following table, which contains the non-standard options. Values - Syntax -Xms in bytes -Xmn in bytes -Xmx in bytes Description Default/Comments Sets the initial 2097152 (2MB) size of the The -server flag increases the Java heap default size to 32M.
Chapter 8: Port Configuration and Port Access Application Command Example: -Xms128M -Xmn128M -Xmx512M See the following links for additional information and for all the non-standard options: http://java.sun.com/j2se/1.4.2/docs/tooldocs/windows/java.html (http://java.sun.com/j2se/1.4.2/docs/tooldocs/windows/java.html) http://java.sun.com/docs/hotspot/VMOptions.html (http://java.sun.com/docs/hotspot/vmoptions.
Chapter 8: Port Configuration and Port Access Application Emulator 1. Click the Emulator drop-down menu to display a list of topics. IMPORTANT: RSC sessions are affected by the Idle Timeout which is set, by default, to 10 minutes for security purposes. If you have not changed the Idle Timeout setting from the default, your RSC session could be closed automatically if your RSC configuration time exceeds the Idle Timeout period. See Security (on page 77) for details on changing the Idle Timeout setting.
Chapter 8: Port Configuration and Port Access Application 1. Change the default Idle Timeout setting and then launch the RSC. Note: If the RSC Idle timeout expires, the Dominion SX Idle timeout period begins. Settings Note: An Administrator can set Terminal emulation settings using Setup > Port Configuration. 1. Choose Emulator > Settings. The Settings screen displays the General tab with the default settings. 2.
Chapter 8: Port Configuration and Port Access Application 3. The Show Confirmation Dialog on Exit checkbox is selected by default, but you can deselect it based on preference. 4. The Terminal Size default is selected, or you can choose a different size from the drop-down menu. 5. The Backspace Sends default is ASCII DEL, or you can choose Control-H from the Backspace Sends drop-down menu. 6. The History Buffer Size default is 200, or you can use the arrows to change the buffer size. 7.
Chapter 8: Port Configuration and Port Access Application 2. Click Default to accept the Default settings, and then click Ok to close the Display Settings window. To change the settings, follow these steps: a. The Terminal Font Properties default is Arial, or you can choose a font from the Terminal Font Properties scrolling list. b. The Antialiase Font checkbox is selected by default, or you can deselect the checkbox. c.
Chapter 8: Port Configuration and Port Access Application 3. Choose the following from their respective drop-down menus: Foreground Color Background Color 4. Choose one of the following from the Encoding drop-down menu: US-ASCII ISO-8859-1 ISO-8859-15 5. Choose one of the following from the Language drop-down menu: English Japanese Korean Chinese 6. Click Ok to close the Display Settings window.
Chapter 8: Port Configuration and Port Access Application Get Write Access Only Administrators and Operators can get write access. The user with Write Access can send commands to the target device. Write Access can be transferred among users working in the Raritan Serial Console via the Get Write Access command. To enable Write Access, choose Emulator > Click Get Write Access. You now have Write Access to the target device.
Chapter 8: Port Configuration and Port Access Application Connected Users The Connected Users command allows you to view a list of other users who are currently connected on the same port. 1. Choose Emulator > Connected Users. 2. A check mark appears in the Write Access column after the name of the User who has Write Access to the console. 3. Click Close to close the Connected Users window. Exit 1. Choose Emulator > Exit to close the Raritan Serial Console. The Exit Confirmation dialog appears. 2.
Chapter 8: Port Configuration and Port Access Application Edit Use the Copy, Paste, and Select All text commands to relocate and/or re-use important text. To copy and paste all text: 1. Choose Edit > Select All. 2. Choose Edit > Copy. 3. Position the cursor at the location where you want to paste the text. 4. Click once to make that location active. 5. Choose Edit > Paste.
Chapter 8: Port Configuration and Port Access Application Note: The copy-paste limit of text in Raritan Serial Console is 9999 lines. Keyboard shortcuts that you can use to highlight, copy, and paste all or partial lines of text: Click and drag your mouse over the text you wish to copy. Use Ctrl+C to copy text. Position the cursor where you want to paste the text and click in that location to make it active. Use Ctrl+V to paste text.
Chapter 8: Port Configuration and Port Access Application Start Logging The Start Logging function allows you to collect raw console data from the target device and save it to a file on your computer. When you start RSC, the Logging indicator on the status bar indicates whether logging is on or off. 1. Choose Tools > Start Logging. 2. Choose an existing file or provide a new file name in the Save RSC Log dialog. When an existing file is selected for logging, data gets appended to the contents.
Chapter 8: Port Configuration and Port Access Application Stop Logging Choose Tools > Stop Logging. The logging stops. Send Keystroke 1. Choose Tools > Send Keystroke. A Send Keystroke dialog appears: 2. Enter the keystroke combinations that you want and select a Key Code name from the drop-down menu. 3. Send the keystroke combinations. Send Text File 1. Choose Tools > Send Text File. A Send Text File screen appears. 2. Open the directory of the Text file. 3.
Chapter 8: Port Configuration and Port Access Application Toggle Power The Toggle Power function lets you power on or off the device that is connected to the associated outlet on a Power Distribution Unit (PDU). For example, if a router is connected to one of the outlets on the PDU, you can toggle the router’s power on or off. You must configure the association of outlets to the target port of the device before you can use the Toggle Power feature.
Chapter 8: Port Configuration and Port Access Application Chat When using browser access over SSL, an interactive chat feature called Chat allows you and other users on the same port to communicate. You can conduct an online dialog for training or collaborative diagnostic activities. The maximum length of a chat message is 300 characters. Note: When a chat is initiated, a chat window appears on the monitors of all SSL users logged on to the port.
Chapter 8: Port Configuration and Port Access Application Help Help Topics include online assistance for operating the Raritan Serial Console and release information about Raritan Serial Console. Help Topics To access help topics: Choose Help > Help Topics. About Raritan Serial Console The About Raritan Serial Console dialog displays the copyright and version information (name and revision number) of the console terminal emulation software.
Chapter 8: Port Configuration and Port Access Application Standalone Raritan Serial Client Requirements The following requirements must be met to support the Raritan Serial Console: The RSC will function with JRE™ version 1.4.2_05 or later (except for JRE version 1.5.0_02) . However, for optimum performance, Raritan recommends using JRE 1.5.0 (except version 1.5.0_02). Your system may require configuration adjustments depending on the operating system and browser.
Chapter 8: Port Configuration and Port Access Application 2. Click the Advanced tab and then click Environment Variables. 3. In the System variables section, click New.
Chapter 8: Port Configuration and Port Access Application 4. In the New System Variable dialog, add JAVA_HOME to the Variable name block and the path you wrote down earlier in the Variable value block. 5. Click OK. 6. Select the PATH variable and click Edit. 7. Add %JAVA_HOME%\bin to the end of the current Variable value. Ensure a semicolon (;) separates the new value from the last value in the string.
Chapter 8: Port Configuration and Port Access Application 8. Click OK. 9. Select the CLASSPATH variable and click Edit. 10. Ensure the CLASSPATH Variable value is configured properly; that is, its value must have a period (.) in it. If, for any reason, there is no CLASSPATH variable defined, create one.
Chapter 8: Port Configuration and Port Access Application Setting Linux OS Variables To set Java™ for a specific user, open and edit the .profile file located in the /home/Username folder. To set Java for all users, open the .profile file in your /etc folder: 1. Find the line where you set your path: export PATH=$PATH:/home/username/somefolder 2. Before that line you must set your JAVA_HOME and then modify your PATH to include it by adding the following lines: export JAVA_HOME=/home/username/j2sdk1.4.
Chapter 8: Port Configuration and Port Access Application These commands can either be typed at the terminal each time you log in, or you can add them to your .bashrc for bash shell or .cshrc for csh and tcsh so that each time you log in, the path is already set. See your shell documentation if you encounter problems. 3. If the JRE is version 1.4.2_05 or later, proceed with the RSC installation. If the JRE is version 1.5.0_02 or is an older version than 1.4.2_05, go to the Sun website at (http://java.
Chapter 8: Port Configuration and Port Access Application Note: The standalone version of RSC is available from the Raritan Support website: http://www.raritan.com/support/sup_upgrades.aspx (http://www.raritan.com/support/sup_upgrades.
Chapter 8: Port Configuration and Port Access Application 7. Click Next. The Windows shortcut page opens. 8. Select the Program Group for the Shortcut. 9. Click Next. The installation finished page opens. 10. Click Done.
Chapter 8: Port Configuration and Port Access Application Launching RSC on Windows Systems 1. Double-click the shortcut or use Start Programs to launch the standalone RSC. The Raritan Serial Console Login connection properties dialog appears. 2. Enter the Dominion Dominion SX IP address, account information, and the desired target (port).
Chapter 8: Port Configuration and Port Access Application 3. Click Start. The RSC opens with a connection to the port. Note: In case of unrecognized characters or blurry screens in RSC window due to localization support, try changing the font to Courier New. Choose Emulator > Settings > Display, and select Courier New for Terminal Font Properties or GUI Font Properties. Installing RSC for Sun Solaris and Linux You must have administrative privileges to install RSC. 1. Log in to your Sun Solaris™ machine.
Chapter 8: Port Configuration and Port Access Application d. Click Next again. The installation is complete. The final page indicates where you will find an uninstaller program and provides the option to generate an automatic installation script. 6. Click Done to close the Installation dialog. Launching RSC on Sun Solaris 1. Open a terminal window and change to the directory where you installed the RSC. 2. Type ./start.sh and press the Enter key to launch RSC. 3.
Chapter 9 Security There are a number of elements to consider when addressing security for console servers, including Encrypting the data traffic sent between the operator console and the SX unit. Providing authentication and authorization for users. Logging data relevant to the operation so it can later be viewed for auditing purposes. In some cases, this data is required for compliance with governmental or company regulations. Encryption of port data log sent to a remote nfs server.
Chapter 9: Security Security Settings Choose the Security tab to view security-related tools. The Security Settings page opens.
Chapter 9: Security Login Settings Choose Security > Login Settings. This panel includes Local Authentication, Login Handling, and Strong Password Settings. Local Authentication 1. Go to the Local Authentication panel and select the Enable Local Authentication checkbox. 2.
Chapter 9: Security Lockout Period on Invalid Login (minutes): 5 3. Accept the system defaults or type your own. Login Handling 1. Go to the Login Handling panel and enter a value in the User Idle Timeout (minutes) field. This is the length of inactive time, after which the user is timed out. Default time is 10 (minutes). Note: If no port connections are established from CC-SG to Dominion SX within the configured time of User Idle Timeout, service sessions from both devices will be disconnected. 2.
Chapter 9: Security Configure Kerberos 1. Click Enable Kerberos. 2. Type the name of the file you want for your Hosts File in the Hosts File field or click on the Browse drop-down menu and select your file. 3. Type the name of the file you want for your Kerberos Configuration File in the Kerberos Configuration File field or click on the Browse drop-down menu and select your file. 4.
Chapter 9: Security Generate a Certificate Signing Request To generate a Certificate Signing Request (CSR): 1. Choose Security > Certificate. The Certificate page opens. 2. Click the Generate a Certificate Signing Request radio button. 3. Click on the drop-down menu in the Bits field. Keep the 1024 default or change it to 512. 4.
Chapter 9: Security Email address 5. To view the default certificate or the CSR, click the appropriate radio buttons. 6. Click OK. The CSR is generated. Install a User Key To install a user key on the SX: 1. Choose Security > Certificate. The Certificate page opens. 2. Select the Install User Key radio button. 3.
Chapter 9: Security Note: If the Dominion SX is not used to generate the certificate signing request and an external certificate is used instead, encryption needs to be removed from the private key before installing it on the Dominion SX. If this is the case, to remove the encryption from the key, a command such as openssl rsa -in server.key -out server2.key and server2.key should be used. Encrypted private keys are used to prevent the web server from being started by unauthorized users.
Chapter 9: Security SSL Client Certificate SSL Security certificates are used in browser access to ensure that the device to which you are attached is the device that is authorized to be connected. See Appendix C: Certificates (see "Certificates" on page 243) for details on SSL Certificates. This section describes only how to configure the certificates, but you can find additional SSL Certificate information at: http://www.microsoft.com/technet/prodtechnol/ie/reskit/6/part2/c06i e6rk.
Chapter 9: Security Enable Client Certificate Authentication To enable Client Certificate Authentication: 1. Select the Enable SSL Client Certification checkbox. 2. Click OK to enable the Client Certificate authentication.
Chapter 9: Security Install a New Trusted Certificate Authority To install a new trusted Certificate Authority (CA) to the SX, the CA certificate must be on an accessible FTP server. 1. Select the Install Certificate Authority checkbox. 2. Fill in the data needed to retrieve the certificate from the FTP server. 3. Click OK to retrieve and install the CA certificate to the SX. Remove a User-Added Certificate Authority To remove a user-added CA from the SX: 1.
Chapter 9: Security Delete a Certificate Revocation List from the SX To delete a CRL from the SX: 1. Select the Delete Certificate Revocation List checkbox. 2. In the CRL Name field, type the name of the CA to which this CRL belongs. 3. Click OK to delete the CRL. View a Certificate Revocation List To view a CRL: 1. Select the View Certificate Revocation List checkbox. 2. Click OK to retrieve the list of CRLs.
Chapter 9: Security Banner Dominion SX optionally supports a customizable welcome banner of maximum 5000 words, 8 words per row, that appears after log in. The banner identifies where the user has logged into. Dominion SX also allows you to add a consent banner that forces the user to accept stated conditions prior to advancing into operation of the console server. Note: When you are logged in to the SX via GUI, a banner using a fixed width typeface and a common dimension like 80x25 appears.
Chapter 9: Security 5. Click OK. Security Profiles The SX provides three security profiles for your use. The profiles simplify the task of assigning permissions to users and groups by defining basic permissions that automatically apply to all users.
Chapter 9: Security Edit the Custom Profile To edit the Custom profile: 1. Choose Security > Security Profiles. The Security Profiles page opens. 2. Click the Edit Custom Profile link. The Edit Custom Security Profile page opens. 3. Check one or more of the following checkboxes. Telnet Access Strong Password Required Single Login Per User Timeout Required TLS Required Redirect HTTP to HTTPS 4. Click OK.
Chapter 9: Security Enable the Firewall To enable the firewall: 1. Choose Security > Firewall. The Firewall page opens, displaying the existing IPTables rules. 2. Select the Enable Firewall checkbox. 3. Click OK. Note: When you enable IP forwarding for Dual LAN units, use IPTables rules to create policies for traffic being forwarded between LAN interfaces Add an IPTables Rule To add an IPTables rule: 1. Choose Security > Firewall. The Firewall page opens, displaying the default IPTables rules. 2.
Chapter 9: Security Note: Rules are added using the IPTables command to the kernel. These rules take effect immediately but persist permanently only after clicking the Save button. If there is a mistake in the rules and as a result, the unit becomes inaccessible, while the Save action allows you to recover from the mistake. Reboot the system. If you do not Save the rules, you lose them in the reboot.
Chapter 10 Logging This chapter explains how to enable and configure the various SX logs. In This Chapter Configuring Local Event Logging ............................................................94 Configuring SMTP Logging .....................................................................98 Configuring NFS Logging ......................................................................101 Configuring SNMP Logging ...................................................................
Chapter 10: Logging Enable System Logging This feature sends event log messages to a remote Syslog server. The messages from the Dominion SX unit are sent to the LOCAL0 channel of the Syslog server for more efficient parsing. To set this feature up: 1. Go to the System Logging panel and click the Enable System Logging checkbox. (To turn this feature off, clear this checkbox.) 2. Type the IP address of the remote Syslog server in the Primary IP Address field. 3.
Chapter 10: Logging Note: If no specific IPs are entered for the port data destination servers, port logs are sent to the Syslog server configured in the System Logging section. If the Syslog category is set to Local0, then system events and port logs are sent to all servers configured in the System Logging"section and Port Syslog section. 3. Type the IP address of the remote Syslog server in the Primary IP Address field. 4.
Chapter 10: Logging 3. Type the maximum file size allowed in the Size field. Once this size is reached, a new file is created to store the port log data. If you enter a value of 0, the Dominion SX will not create a new file. 4. Type the time interval (in seconds) between two timestamp messages in the log file in the Timestamp (Interval) field. If you enter a value of 0, this will disable timestamps in the log file. The maximum value is 99999.
Chapter 10: Logging Configure Encryption To configure encryption: 1. Go to the Encryption panel and select the Encryption checkbox. To turn this feature off, deselect this checkbox. 2. Accept the default encryption key or type a new one in the NFS Encryption Key (RC4) field. 3. Click OK. Block Port Access On Failure This feature will specify NFS mount behavior. This feature appears as checked by default, and NFS behaves as a soft mount.
Chapter 10: Logging Enable SMTP Logging To enable SMTP logging: 1. Go to the SMTP Settings panel and select the Enable SMTP Server checkbox. 2. Type the IP address of the SMTP server in the SMTP Server IP Address field. 3. Type the username and password in the Username and Password fields. These are required to access the SMTP server. 4. Type your source address in the Source Address field. 5. Click OK. Select a New SMTP Event To select a new SMTP event: 1.
Chapter 10: Logging Available events include: event.amp.notice.port.connection event.amp.notice.user.logoff event.amp.notice.backup event.amp.notice.restore event.amp.notice.config.directaccesslockout event.amp.notice.reboot event.amp.notice.boot event.amp.notice.config.datacom event.amp.notice.config event.amp.notice.upgrade event.amp.keyword event.amp.strongpasssword event.amp.banner event.amp.firewall event.amp.iptablesaved event.amp.
Chapter 10: Logging Configuring NFS Logging Network File System (NFS) logging allows you to log all port activity to an NFS shared directory. All user activity and user port logins and logouts are logged. There are two log files: Input: Records all input (keystrokes) from users. Output: Contains all the messages that come from the server into the console server. This includes all user input that is echoed back from the managed device/server. You must also enable port logging.
Chapter 10: Logging Configuring SNMP Logging The SX supports Simple Network Management Protocol (SNMP) traps and logging. Enable SNMP Logging To enable SNMP logging: 1. Choose Setup > SNMP. The SNMP page opens. 2. Go to the SNMP Setting panel and select the Enable SNMP checkbox. 3. Type an SNMP public community in the Public Community field. The default is Public. The public community determines which SNMP management stations receive SNMP alerts. 4. Click OK.
Chapter 10: Logging Create a New SNMP Destination SNMP destinations determine which SNMP management stations receive SNMP traps. To create a new SNMP destination: 1. Go the SNMP Destination panel and type the IP address of the new destination in the IP Address field. 2. By default, the new destination will use the standard SNMP port of 162. Change this to another port by entering a different port number in the Port field. Click OK.
Chapter 11 Maintenance The Dominion SX maintenance features presented in this chapter allow the administrator perform the following tasks: Manage event logs View configuration report Backup and restore the Dominion SX unit settings Upgrade firmware and track upgrade history Reset to factory default settings Reboot the unit In This Chapter Managing the Local Event Log ............................................................. 104 Displaying a Configuration Report ..................
Chapter 11: Maintenance Display the Local Event Log To display the contents of the local event log, choose Maintenance > View Event Log. The following figure shows a typical event log. Note: If the number of events in the log exceeds the size of one page, click the Next link that appears under “Event Log” at the top of the screen to display the next page. For each event, the log gives the date and time the event was logged and a brief description.
Chapter 11: Maintenance Clear the Event Log To clear the event log: 1. Choose Maintenance > Clear Event Log. You are prompted to confirm the clear action. 2. Click Yes. The log is cleared of all contents. (If you change your mind, click No.) Send the Event Log To send the contents of the event log to a remote FTP server: 1. Choose Maintenance > Send Event Log. The Send Event Log page opens. 2. Enter the IP address of the FTP server in the IP address field. 3.
Chapter 11: Maintenance Displaying a Configuration Report The Configuration Report provides detailed information about the SX unit. To display the report, choose Maintenance > Configuration Report.
Chapter 11: Maintenance 3. Type the login name of the account on the system where the backup will be stored in the Login field. 4. Type the password of the account on the system where the backup will be stored in the Password field. 5. Type the path to the backup file in the Remote Path field. 6. Type the name of the file in which the backup will be saved in the Remote File field. 7. Click OK.
Chapter 11: Maintenance 7. Click OK. Upgrading the SX Firmware You can display the version of the firmware currently running on the SX, upgrade the firmware to a later version, and display a history of firmware upgrades. Note: Dominion SX can only be upgraded, while downgrade is not possible. Display the Current Firmware Version To display the current version of firmware running on an SX unit, choose Maintenance > Firmware Version.
Chapter 11: Maintenance Note: Many upgrades can be performed "anonymously" from the FTP server. To perform the upgrade: 1. Choose Maintenance > Firmware Upgrade. The Firmware Upgrade page opens. 2. Type the IP Address of the FTP server in the IP Address field. 3. Type your login name in the Login field. 4. Type your password in the Password field. 5. Type the path to the firmware file in the File Path field (for example, /home/downloads/firmware/UpgradePack_2.5.6_3.1.0.5.2/Pack1of1). 6. Click Upgrade.
Chapter 11: Maintenance Display a Firmware Upgrade History To display the firmware upgrade history for an SX unit, choose Maintenance > Firmware Upgrade History. The Firmware Upgrade History page opens, displaying the version of each past firmware upgrade and the date and time the upgrade was performed. Performing a Factory Reset on the SX Performing a factory Reset returns the SX unit to its default factory settings.
Chapter 12 Diagnostics The Diagnostics function provides the administrator with the tools to test the network and to monitor processes. Click the Diagnostics tab to display the Diagnostics page, which provides links to Network Infrastructure Tools and Administrator Tools. In This Chapter Network Infrastructure Tools .................................................................112 Administrator Tools - Process Status ....................................................
Chapter 12: Diagnostics Network Statistics 1. Choose Diagnostics > Network Statistics. page opens. The Network Statistics 2. By default, all statistics are shown. To show specific statistics, select an entry from the drop-down menu in the Options field.
Chapter 12: Diagnostics Interfaces Groups Statistics Program 3. Click Refresh to update the information. Ping Host 1. Choose Diagnostic > Ping Host. The Ping Host page opens. 2. Type the IP address of the host to be pinged in the IP Address field. 3. Click Ping. The page displays the results of the ping. Trace Route to Host 1. Choose Diagnostics > Trace Route to Host. The Trace Route to Host page opens. 2. Type the IP address of the host in the IP Address field. 3.
Chapter 12: Diagnostics Administrator Tools - Process Status 1. Choose Diagnostics > Process Status. The Process Status page opens. 2. Click Refresh to update the information.
Chapter 13 Command Line Interface In This Chapter Command Line Interface Overview .......................................................117 Accessing the Dominion SX Using CLI .................................................118 SSH Connection to the Dominion SX ....................................................118 Telnet Connection to the Dominion SX .................................................120 Local Port Connection to the Dominion SX ...........................................
Chapter 13: Command Line Interface Command Line Interface Overview The Dominion SX Serial Console supports all serial devices, including: Servers, including Windows Server 2003® when using the Emergency Management Console (EMS-) Special Administration Console, or SAC with BIOS redirection in the server BIOS Routers Layer 2 switches Firewalls Power strips Other user equipment The Dominion SX allows an Administrator or User to access, control, and manage multiple serial devices.
Chapter 13: Command Line Interface Accessing the Dominion SX Using CLI Access the Dominion SX using one of these methods: TELNET via IP connection HTTP and HTTPS via IP connection SSH (Secure Shell) via IP connection Local Port-via RS-232 serial interface Many SSH/TELNET clients are available and can be obtained from the following locations: PuTTY - http://www.chiark.greenend.org.uk/~sgtatham/putty/ http://www.chiark.greenend.org.uk/~sgtatham/putty/ SSH Client from ssh.com - www.ssh.
Chapter 13: Command Line Interface SSH Access from a UNIX/Linux Workstation To open an SSH session from a UNIX®/Linux® workstation and log in as the user admin, enter the following command: ssh -l admin 192.168.30.222 The Password prompt appears. Login To log in, enter the user name admin as shown: Login: admin The password prompt appears. Enter the default password: raritan Password: The welcome message appears. You are now logged in as an Administrator.
Chapter 13: Command Line Interface Telnet Connection to the Dominion SX Due to the lack of security, user name, password and all traffic is in clear-text on the wire. Telnet access is disabled by default. Enabling Telnet To use Telnet to access the Dominion SX, first access the Dominion SX from the CLI or a browser. CLI 1. Use the following command: Admin Port > Config > Services > telnet enable true The system returns the following message: The system will need to be rebooted for changes to take effect.
Chapter 13: Command Line Interface Local Port Connection to the Dominion SX If your Dominion SX's terminal port uses an RJ45 jack, a special cable (CRLVR) is used with an ASCSDB9F connector on the client machine. The CRLVR may also be used if RJ45-RJ45 connection to local port is established - that is, if you connect the local port of a Dominion SX device as a serial target to another Dominion SX.
Chapter 13: Command Line Interface Navigation of the CLI Before using the CLI, it is important to understand CLI navigation and syntax. There are also some keystroke combinations that simplify CLI use. Completion of Commands The CLI supports the completion of partially-entered commands. After entering the first few characters of an entry, press the Tab key. If the characters form a unique match, the CLI will complete the entry. If no match is found, the CLI displays the valid entries for that level.
Chapter 13: Command Line Interface Commands top Description Return to the top level of the CLI hierarchy, or the “username” prompt history Display the last 200 commands the user entered into the Dominion SX CLI show Show the settings for the given parameter or show all configurations by default help Display an overview of the CLI syntax quit Places the user back one level logout Logs out the user session 123
Chapter 13: Command Line Interface Show Command The show command displays various configuration settings and is available at all levels.
Chapter 13: Command Line Interface RSC Version: 1.0.0.1.16 Supporting software: OpenSSH_4.3p2, OpenSSL 0.9.7i 14 Oct 2005 HTTP Server version: Apache/2.2.0 HTTP Server built: Mar 29 2006 16:06:30 TELNET Linux NetKit 0.17 Note: Dominion SX security is not impacted if the version of Apache 2.2 installed on the remote host is older than 2.2.9. Initial Configuration Dominion SX units come from the factory with default factory settings.
Chapter 13: Command Line Interface Date and Time Configuration Note: It is important to set the date and time correctly to ensure that log entries and events contain the correct timestamp. Return to the top menu level by entering the top command. Use the following command to view the current date and time settings: Admin Port > Config > Time > clock The system displays the current settings.
Chapter 13: Command Line Interface CLI Prompts The Command Line Interface prompt indicates the current command level. The root portion of the prompt is the login name. For a direct admin serial port connection with a terminal emulation application, Admin Port is the root portion of a command. admin > For TELNET/SSH, admin is the root portion of the command: admin > config > network > 0 CLI Commands Available CLI commands. Command Description backup System command to backup the console server settings.
Chapter 13: Command Line Interface Command Description backup System command to backup the console server settings. ipmi IPMI Configuration commands. listports List accessible ports. Kerberos Kerberos based Network Authentication. ldap LDAP Configuration. localauthentication Local Authentication Configuration. logout Logout of the current CLI session. maintenance Switch to System Maintenance commands. netstat Print network connections. nfsget Generates an encryption key.
Chapter 13: Command Line Interface Command Description backup System command to backup the console server settings. top Return to the root menu. traceroute Print the route to a remote system. upgrade System command to upgrade the firmware. upgradehistory System command to show the upgrade history. userlist List users. vieweventlog Displays the local event log.
Chapter 13: Command Line Interface Defining SSL Security Certificates SSL Security certificates are used in browser access to ensure that the device you are attaching to is the device that is authorized to be connected. This section describes only how to configure the certificates on the console server. See Appendix C: Certificates (see "Certificates" on page 243) for details on SSL Certificates.
Chapter 13: Command Line Interface Command Language Interface Permissions Administrators can execute all commands. Operators and Observers can execute only the following commands: connect (the port list appears after returning from connect command) ? (functions as help) logout password history Target Connections and the CLI The purpose of the Dominion SX is to let authorized users establish connections to various targeted devices using the connect command.
Chapter 13: Command Line Interface Set Escape Sequence To set the Escape sequence, ensure that the default Escape sequence set on the Dominion SX server does not conflict with a key sequence required by either the Access Client or the host operating system. The Escape key sequence is user-configurable. Console sub-mode should be displayed when the default escape key sequence ^] (programmable) is pressed.
Chapter 13: Command Line Interface secondaryldap radius primaryradius secondaryradius tacacsplus primarytacacs secondarytacacs Note: When configuring the LDAP server, the query string format on the server should contain the name of a group configured on the Dominion SX. When configuring the Radius server, the Filter-ID format for the users on the server should have the following format “raritan:G{GroupOnSX}:D{DialbackNumber}“.
Chapter 13: Command Line Interface LDAP Command primaryldap Description secondaryldap Used to configure the secondary ldap settings. Used to configure the primary ldap settings.
Chapter 13: Command Line Interface RADIUS Command The RADIUS menu provides access to commands used to configure access to a RADIUS server. Syntax primaryraduius <> RADIUS Command Example admin > Config > Authentication > radius > primaryradius Following is information using the Raritan-Vendor-Specific attribute, which is defined in the custom dictionary file. The dictionary file must be created at following location /usr/share/freeradius/ Dictionary File Configuration # -*- text -*# # dictionary.
Chapter 13: Command Line Interface TACACS+ Command The TACACS+ menu offers commands used to configure access to a TACACS+. Syntax primarytacacs <> TACACS+ Command Example admin > Config > Authentication > radius > primarytacacs Administering the Dominion SX Console Server Configuration Commands Note: CLI commands are the same for SSH, Telnet, and Local Port access sessions.
Chapter 13: Command Line Interface smtp Configure the SMTP server settings.
Chapter 13: Command Line Interface eventlogfile Command Description logging. size value Maximum size of local log file (in bytes). style Specifies what action to take when the maximum size is reached: wrap will cause the log to circle around when end is reached. flat will cause logging to stop when the end is reached.
Chapter 13: Command Line Interface portsyslog Command Description to remote a NFS server and also to the Syslog server. primaryip ipaddress Primary Portlog Syslog server address secondaryip ipaddress Secondary Portlog Syslog server address category category Portlog Syslog message category 0 ~ 7 corresponds to Local0 ~ Local7 portsyslog Command Example admin > Config > Log > portsyslog enable true primaryip 192.168.134.11 secondaryip 192.168.245.
Chapter 13: Command Line Interface nfssetkey Command key string Description Provide key string to be used for encryption Note: aes128 is not supported in 3.0. nfssetkey Command Example admin > Config > Log > nfssetkey type aes128 key D2F05B5ED6144138CAB920CD NFS Encryption Enable Command To enable port logging and encryption of data: admin > Config > Log > portlog enable true encrypt true Portlog Command The portlog command enables and configures the logging of port data.
Chapter 13: Command Line Interface portlog Command Description SX port. encrypt Enable/Disable Encryption of log data sent to the remote NFS Server. block on failure Indicate whether the NFS Server is a soft mount (when set to false) or a hard mount (when set to true).
Chapter 13: Command Line Interface 6. Decrypt the file using the command: ./decrypt -f -e -o 7. The decrypted file should be saved in . Sendeventlog Command The sendeventlog command sends the local logfile to a remote FTP server.
Chapter 13: Command Line Interface Configuring a Modem The Modem menu offers commands used to configure modem access. Callback (dialback) occurs when the originator of a call is immediately called back in a second call as a response to the first dial-in. Both Dial-in and Dialback must be enabled, and the dialback number for a user must be configured in the authentication service used on the device (local, RADIUS, LDAP, or TACACS+).
Chapter 13: Command Line Interface Modem Menu Command Examples admin > Config > modem > dialin enable true serverip 10.0.13.211 clientip 10.0.13.212 accessmodes PPPOnly admin > Config > modem > dialback enable true admin > Config > Modem > show modem Modem Settings Dialin Enabled: false Access Mode: All Server Address: 10.0.13.211 Client Address: 10.0.13.212 Dialback with local user Before a modem connection can be established, the local user for dial-in authentication should be configured.
Chapter 13: Command Line Interface RADIUS Server Settings ---------------------------------------Primary Server Enabled - true IP Address - 10.0.0.188 Port - 1812 Secret - qaz1wsx On the Remote Radius Server, the user's configuration should contain the following line: Filter-Id = "raritan:G{}:D{}" Dialback with remote LDAP user (OpenLdap v.2 & v.3) Dial-in and Dialback should be enabled on the device used for modem communication.
Chapter 13: Command Line Interface The Remote LDAP Server user's configuration should be: Dialback with remote TACACS user (Tacacs+ v.4.0.3a) Dial-in and Dialback should be enabled on the device used for modem communication. Primary (or/and Secondary) TACACS Server Settings should be configured correctly and enabled on the Dominion SXs: Primary Server Enabled - true IP Address - 10.0.0.
Chapter 13: Command Line Interface Commands routeadd Description Add route to kernel routing table routedelete Delete route of kernel routing table Note: All operations that normally trigger a reboot or prompt the user for feedbacks are now added a new parameter named force. This force parameter prevents reboot, prompting or both from taking place until all configurations are completed.
Chapter 13: Command Line Interface interface Command gw ipaddress Description Gateway IP Address obtained from the IP administrator. mode Set Ethernet Mode to auto detect or force 100Mbps full duplex (100fdx) force The force parameter is used so that sequences of commands can be inserted without need for user interaction.
Chapter 13: Command Line Interface Ports Command The ports command is used to configure the network ports.
Chapter 13: Command Line Interface Routeadd Command The routeadd command is used to add a route to the kernel routing table.
Chapter 13: Command Line Interface Getconfig Command The getconfig command retrieves the script from an FTP server. This command appears only in the administrator's help menu. You can write a script using the same sequence and commands used in a normal CLI session, also known as a recorded session. The script can be used to set up commonalities among multiple Dominion SX devices, including remote authentication servers, users, and security settings.
Chapter 13: Command Line Interface nfs Command enable Description Enable or disable NFS logging. primaryip primaryip IP address of the primary NFS server. secondaryip secondaryip IP address of the secondary NFS server. primarydir primarydir Primary Server mount directory secondarydir secondarydir Secondary Server mount directory nfs Command Example The following command displays the current NFS settings: admin > Config > NFS > nfs NFS Settings : Enable : 0 Primary IP : 0.0.0.
Chapter 13: Command Line Interface Configuring Ports Ports Configuration Menu Target serial ports are configured from the CLI using the ports menu. In addition to the description of the physical nature of the ports, other services may also be defined, including: The escape sequence used to disconnect from the port to access the emulator to send breaks or control multi user functions such as Ctrl + a. The exit string sent to the target when an idle timeout occurs.
Chapter 13: Command Line Interface 154 ports config Command escapemode Description escapechar char Escape character emulation type Target Emulation type: VT100|VT220|VT320|ANSI sendbreak duration Duration of the sendbreak signal.
Chapter 13: Command Line Interface ports config Command Example admin > ports >config port 1 name ld1 bps 115200 parity odd flowcontrol hw detect true escapemode none emulation VT100 The following command displays the current settings for port 1: admin > Config > Port > config port 1 Port number 1: Name: Port1 BPS: 9600 Parity: 0 Flow control: 0 RSC Terminal Emulation: VT100 Disconnect: Disabled Application: RaritanConsole Exit String: Escape: Control-] DPA: IP: 0.0.0.
Chapter 13: Command Line Interface Port 1: Configuration Saved. After entering the password, you have direct access to port 1, using the newly assigned IP specifically for port 1. The following example configures DPA port settings for a group of ports (make sure a free range of IPs are available for dpa IP mode usage): admin > Config > Port > config port 1-32 dpaip 10.0.13.200 or admin > Config > Port > config port * dpaip 10.0.13.200 In both cases above, port 1 will have an IP assigned as 10.0.13.
Chapter 13: Command Line Interface In both cases above, port 1 will have ssh port 7000 and telnet port 8000 assigned for direct port access, port 2 will have ssh port 7001 and telnet port 8001, and so on.
Chapter 13: Command Line Interface Configuring Services These commands provide the ability to configure the Dominion SX server services: 158 DPA Encryption HTTP HTTPS Logout LPA SSH Telnet fixedtcpwindow
Chapter 13: Command Line Interface dpa Command The permitted TCP Port Range is 1024-64510. When run without the mode parameter, the system displays the current dpa type.
Chapter 13: Command Line Interface Note: There is currently no way to set the device back to the default DPA IP of 0.0.0.0. dpa Command Example The following example chooses the DPA IP mode IP: admin > Config > Services > dpa mode IP Note: When any changes are made over DPA mode and ports DPA configuration, the Dominion SX needs to be rebooted to apply new settings. DPA changes will not be available until after the Dominion SX is rebooted.
Chapter 13: Command Line Interface Enable: 1 Group Settings: Name: Anonymous Class: Operator Ports: To configure Anonymous group settings choose config > user and execute the following command: admin > Config > User > editgroup name Anonymous class op ports 1,2,3,4,5 Editing group... Group Anonymous: Configuration Saved The 'Anonymous' group is successfully configured. DPA Anonymous access The DPA is already configured (see the DPA configuration settings section). DPA Mode is IP, IP 10.0.13.
Chapter 13: Command Line Interface If option suppress is "none", authentication credentials are shown (username: password:). configuration > ports > config port 1 suppress none ssh -l anonymous 10.0.13.240 Password: Authentication successful. Starting DPA for port 1 Authentication successful. Escape Sequence is: Control-] You are now master for the port. Encryption Command The encryption command sets the type of encryption for HTTPS. Note: The factory default value of this protocol is SSL.
Chapter 13: Command Line Interface http Command enable Description Enable/Disable HTTP access port value HTTP server default listen port (tcp) redirect Enable/Disable redirection from HTTP to HTTPS http Command Example The example below enables http access and redirection to https and sets the default port to 2. admin > Config > Services > http enable true port 2 redirect true HTTPS Command The https command is used to control https access and define the port.
Chapter 13: Command Line Interface LPA Command The lpa command is used to display and set local port access configuration. Dominion SX units have one or two local ports, depending on the model. See Appendix A (see "Dominion SX Serial RJ-45 Pinouts" on page 233) for pinouts on DB9-M and RJ45-F ports. Syntax lpa [enable ] [bps value] lpa Command none Description The lpa command with no parameters specified displays the current LPA configuration.
Chapter 13: Command Line Interface Telnet Command Syntax telnet [enable ] [port value] telnet Command enable Description Enable or disable Telnet access. port value Telnet server tcp listen port telnet Command Example The command below enables telnet access on port 23. admin > Config > Services > telnet enable true port 23 fixedtcpwindow Command The fixed TCP Window is enabled by default. The Fixed TCP window command is used to disable automatic TCP window scaling.
Chapter 13: Command Line Interface SMNP Add Command The add command adds trap recipients. A recipient is an IP address with an optional space- separated port number. Traps may be sent to multiple ports with the same IP address. Syntax add [dest ipaddress] [port value] add Command dest ipaddress Description SNMP destination IP address port value SNMP destination port SNMP add Command Example admin > Config > SNMP > add 72.236.162.
Chapter 13: Command Line Interface public community-string Community string snmp Command Example admin > Config > SNMP > snmp enable true public XyZZy1 Configuring Time Time-related configuration mode commands: clock ntp timezonelist Clock Command The clock command allows you to set the time and date for the server. Syntax clock [tz timezone] [datetime datetime-string] clock Command tz timezone Description The timezone index is a number corresponding to the desired time zone.
Chapter 13: Command Line Interface ntp Command enable Description primip primip The primary NTP server to use first. secip secip The NTP server to use if the primary is not available. Enable or disable the use of NTP. ntp Command Example The following command enables NTP. admin > Config > Time > ntp enable true primip 132.163.4.101 Timezonelist Command The timezonelist command returns a list of timezones and associated index values. The index values are then used as part of the clock command.
Chapter 13: Command Line Interface addgroup Command name groupname Description Group name class Group user class erator or server ports Port(s) assigned to the group. Single port or range of ports (1-n or 1,3,4 or * for all ports) power Power strip assigned to the group. Single power strip or range of power strips.
Chapter 13: Command Line Interface Deletegroup Command The deletegroup command deletes an existing group. Syntax deletegroup [name groupname] deletegroup Command name groupname Description Group name deletegroup Command Example admin > Config > User > deletegroup name unixgroup Deleteuser Command The deleteuser command is used to remove a specified user.
Chapter 13: Command Line Interface editgroup Command Description assigned to the group. sharing Indicate whether port access is shared while the port is being utilized. editgroup Command Example admin > Config > User > editgroup name unixgroup class op ports 1,4 power 1,4 Edituser Command The edituser command is used to manage information about a specified user.
Chapter 13: Command Line Interface Users Command The users command shows the details of existing users. Syntax users users Command Example admin > Config > User > users Connect Commands The connect commands allow you to access ports and their histories. Command connect Description Connect to a port. The port sub-menu, reached using escape key sequence. clearhistory Clear history buffer for this port. close, quit, q Close this target connection. gethistory Display the history buffer for this port.
Chapter 13: Command Line Interface Command associate Description Associate a Power Strip outlet to a Dominion SX Port. association View Currently configured associations. cycle Power cycle specified ID. Note: If you are connecting a PX to the Dominion SX, it is recommended you set the power cycle time to 5 seconds. off Power off specified ID. on Power on specified ID. outlet Edit outlet information. powerdelay Configure global Power Strip delays. powergroup Switch to Power Group Menu.
Chapter 13: Command Line Interface uptime Print the current system uptime information IPMI Commands IPMIDiscover and IPMITool commands allow you to work with IPMI-supported devices. IPMIDISCOVER The ipmidiscover tool is user to discover Intelligent Platform Management Interface (IPMI) servers in the network. The IP address range can be set using startIP and endIP. Only users belonging to the Administrator group are able to configure the support of IPMI. The supported IPMI version 2.0.
Chapter 13: Command Line Interface IPMITOOL This command lets you manage the IPMI functions of a remote system, including printing FRU information, LAN configuration, sensor readings, and remote chassis power control. The ipmitool command controls IPMI-enabled devices. The user name to access the IPMI device is ADMIN, password ADMIN.
Chapter 13: Command Line Interface ipmitool Command [-o ] Description [-C ] The remote server authentication, integrity, and encryption algorithms to use for IPMIv2 lanplus connections. See table 22-19 in the IPMIv2 specification. The default is 3 which specifies RAKP-HMAC-SHA1 authentication, HMAC-SHA1-96 integrity, and AES-CBC-128 encryption algorithms. raw - Send a RAW IPMI request and print response Select OEM type to support.
Chapter 13: Command Line Interface ipmitool Command Description shell - Launch interactive IPMI shell exec - Run list of commands from file set - Set runtime variable for shell and exec ipmitool Command Example The following command allows the user to get the chassis status and set the power state. admin> IPMI > ipmitool -I lan -H 10.0.22.
Chapter 13: Command Line Interface Command listports column Description List accessible ports. admin > listports Port no. Port name 1 Port1 [U] 2 Port2 [U] 3 Port3 [U] 4 Port4 [U] Can be 1,2,3. Indicates the number of columns to display the port list in. Port names up to 23 characters are displayed when two columns are needed to display the available ports.
Chapter 13: Command Line Interface Maintenance Commands The maintenance commands allow you to perform maintenance-related tasks on the Dominion SX firmware: backup cleareventlog factoryreset firmware logoff reboot restore sendeventlog upgrade upgradehistory upgradestatus userlist vieweventlog Note: All operations that normally trigger a reboot or prompt the user for feedbacks are now added a new parameter named force.
Chapter 13: Command Line Interface [ip ipaddress] IP address of the target system where the backup will be written. Username of the account on the system where the backup will be stored. Password of the account on the system where the backup will be stored. [path pathname] Specifies the path to the backup file. [file filename] Specifies the name of the file in which the backup will be saved.
Chapter 13: Command Line Interface Syntax factoryreset factoryreset Command Example admin > Maintenance > factoryreset Network Settings: Name: DominionSX Domain : raritan.com CSC Port: 5000 Discover Port: 5000 DHCP Client: true IP: 192.168.0.192 Net Mask : 255.255.255.0 Gateway : 192.168.0.192 Failover : true Do you wish to commit these settings (no/yes) (default: no) Firmware Command The firmware command provides the versions of the firmware.
Chapter 13: Command Line Interface Reboot Command The reboot command restarts the Dominion SX console server. This command is only available to users with administrative privileges. All user sessions will be terminated without warning, and no confirmation will be required. It is highly recommended that you ask all users to log off before you reboot the unit. The userlist command can be used to display a list of connected users and sessions.
Chapter 13: Command Line Interface restore Command Example In this example, the console server data is being retrieved from a system at IP address 192.168.51.220. The guest account and password are used. The data will be pulled from the top level of the guest account in a file named backupfile. admin > system > restore ip 192.168.51.220 login guest password guestpassword path /home/bac file backupfile1 Sendeventlog Command The sendeventlog command sends the local logfile to a remote FTP server.
Chapter 13: Command Line Interface login login FTP Server login name password password FTP Server password path pathname FTP server path. For example, /ftphome/UpgradePack/Pack1of1 upgrade Command Example admin > Maintenance > upgrade ip 10.0.0.188 login sx password qaz1wsx path /var/ftp/UpgradePack_2.5.6_3.0.0.1.15/Pack1of1 Upgradehistory Command The upgradehistory command provides information about the last time you upgraded the system.
Chapter 13: Command Line Interface Security Commands Dominion SX controls the ability to hack into the system by using random logins. These security command menus provide access to the commands needed to configure the Dominion SX security features: banner certificate firewall kerberos loginsettings securityprofiles Banner Command The banner command controls the display of a security banner immediately after login.
Chapter 13: Command Line Interface password password FTP Server password path pathname FTP server path for the banner file banner.txt. for example,/ftphome/banner.txt ftpgetbanner Command Example admin > Security > Banner> ftpgetbanner ip 72.236.162.171 login raritan password acy path /ftphome/banner.txt Certificate Command Menu The certificate command menu provides the client and server commands to create and manage security certificates.
Chapter 13: Command Line Interface viewcrl View Client CA CRL Certificate Certificate Client Command Example Enable SSL Client Certificates: admin > Security > certificate > clientcert enable true Install Certificate Authority: admin > Security > certificate > add ip 10.0.0.189 login root password passwordword path /home/cert/ SXCert file cacert.pem ca ca_test Add Certificate Renovation List: admin > Security > certificate > addcrl ip 10.0.0.
Chapter 13: Command Line Interface Server Command Example Install User Certificate: admin > Security > certificate > installusercert ip 10.0.0.189 login root password pass path /home/SXCert file sx.pem Install User Key: admin > Security > certificate > installuserkey ip 10.0.0.189 login root password pass path /home/ SXCert file sx.
Chapter 13: Command Line Interface IPtables Command The iptables command is an administration tool for IPv4 packet filtering and Network Address Translation (NAT). The iptables command provides an interface to the linux iptables. The command parameters and options are the same as the linux system command. iptables Command Description -A input Append one or more rules to specified chain. --dport Destination port. --flush Clear the iptables.
Chapter 13: Command Line Interface iptables Command Examples Iptables can be configured in a plethora of ways that is outside the scope of this document. The examples below show some simple configuration options created with iptables. The following example enables a log for iptables: admin > firewall > iptables -A INPUT -t filter -j LOG --log-prefix DOM_IPACL -m state --state NEW -s Adding a default local rule The default local rule is included as part of the standard Dominion SX implementation.
Chapter 13: Command Line Interface View the current iptables To view the current iptables rule: admin > Security > firewall > iptables --list or admin > Security > firewall > iptables -xvnL Clear the iptables rules To clear the iptables rules. admin > Security > firewall > iptables --flush Save the configured settings To save the iptables rules into the local database. admin > Security > firewall > iptables-save Note: No spaces between iptables and save.
Chapter 13: Command Line Interface Kerberos and Dominion SX The Dominion SX can use Kerberos authentication with the following steps and as a result, Kerberos-based network mutual authentication, and symmetric, also called private/secret, key cryptography can be achieved in the CLI and GUI of the Dominion SX for remote user authentication. See the MIT Kerberos website for information about Kerberos, KDC, kadmin, client machine setup, and the FAQs related to these topics. 1. Set your krb5.
Chapter 13: Command Line Interface Diagnostic Tips: Use the name command in the network menu to set the FQDN for the Dominion SX. Disable HTTP redirect from the services menu. Synchronize the time of the client machine, Dominion SX, KDC and kadmin machines using time menu and ntp option. The above 3 machines should be pingable by FQDN. Get the hosts file using gethostnamefile from the Kerberos menu. Use klist to check the ticket expiration.
Chapter 13: Command Line Interface Command Description retries. localauth Configure local authentication. lockoutperiod Lockout period on invalid login attempt. singleloginperuser Restrict to a single login session per user. strongpassword Configure strong password rules. unauthorizedportaccess Unauthorized (Anonymous) port access. portaccess Configure port access shared by user group. profiledata Modify or view a security profile.
Chapter 13: Command Line Interface Invalidloginretries Command The invalidloginretries command specifies the number of failed invalid login attempts before the account is deactivated.
Chapter 13: Command Line Interface Singleloginperuser Command The singleloginperuser command enables or disables multiple logins per user. Syntax singleloginperuser [enable ] singleloginperuser Command enable Description Enable/Disable multiple login sessions per user. singleloginperuser Command Example admin > Security > LoginSettings > singleloginperuser enable true Strongpassword Command The Dominion SX server supports both standard and strong passwords.
Chapter 13: Command Line Interface strongpassword Command uppercase Description If true, force uppercase characters in password. lowercase If true, force lowercase characters in password. numeric If true, force numeric characters in password. other If true, force other characters in password. strongpassword Command Example The following example sets the Strong Password rules in effect: Strong password is enabled.
Chapter 13: Command Line Interface Portaccess Command Syntax portaccess portaccess Command portaccess Description Indicate whether port access should be private or shared. portaccess Command Example admin > Security > LoginSettings > portaccess share admin > Security > LoginSettings > portaccess private Securityprofiles Commands The securityprofiles command menu provides access to the commands used to configure and control security profiles.
Chapter 13: Command Line Interface profiledata Command [name ] Description Specifies the type of security profile. [telnet ] Enable/Disable telnet. [strongpass ] Enable/Disable strong password. [timeout ] Enable/Disable idle timeout. [single ] Enable/Disable single login per user. [redirect ] Enable/Disable redirection from HTTP to HTTPS.
Chapter 14 Intelligent Platform Management Interface The Intelligent Platform Management Interface (IPMI) lets you manage the IPMI functions of a remote system. The following topics are covered in this chapter: Discover IPMI Devices IPMI Configuration The Intelligent Platform Management Interface (IPMI) lets you manage the IPMI functions of a remote system. In This Chapter Discover IPMI Devices ..........................................................................201 IPMI Configuration ........
Chapter 14: Intelligent Platform Management Interface Discover IPMI Devices To discover IPMI servers on the network: 1. Choose IPMI > Discover IPMI Devices. The Discover IPMI Devices page opens. 2. Leave the Options field blank or enter -t timeout [seconds]. 3. Type starting and ending IP addresses in the corresponding fields. SX will discover all IPMI devices within this range of IP addresses. 4. Click the IPMI Discover button.
Chapter 14: Intelligent Platform Management Interface IPMI Configuration IPMI configuration allows you to manage the IPMI functions of a remote system, including printing FRU information, LAN configuration, sensor readings, and remote chassis power control. 1. Choose IPMI > IPMI Configuration. The IPMI Configuration page opens. 2. Click the Help button to get IPMI configuration information, which appears on the IPMI Configuration page. Help: ipmitool version 1.8.7 usage: ipmitool [options...
Chapter 14: Intelligent Platform Management Interface -H hostname interface Remote host name for LAN -p port Remote RMCP port [default=623] -U username Remote session username -f file Read remote session password from file -S sdr Use local file for remote SDR cache -a Prompt for remote password -e char Set SOL escape character -C ciphersuite interface Cipher suite to be used by lanplus -k key Use Kg key for IPMIv2 authentication -L level Remote session privilege level [default=ADMINISTRAT
Chapter 14: Intelligent Platform Management Interface power Shortcut to chassis power commands event Send pre-defined events to MC mc enables Management Controller status and global sdr readings Print Sensor Data Repository entries and sensor Print detailed sensor information fru locators Print built-in FRU and scan SDR for FRU sel Print System Event Log (SEL) pef Configure Platform Event Filtering (PEF) sol Configure and connect IPMIv2.
Chapter 15 Power Control Power Control allows you to manage power functions. The following topics are covered in this chapter: Power Control Associations Power Control Power Strip Power Control Power Strip Status Important: A maximum of 31 powerstrips can be run with the Dominion SX. In This Chapter Port Power Associations ....................................................................... 205 Power Strip Configuration .....................................................................
Chapter 15: Power Control 2. Click Add. The Port Power Association page opens. 3. Select the port from the drop-down menu in the Port field. 4. Select the power strip name from the drop-down menu in the Power Strip field. 5. Select the outlet to associate with the port from the drop-down menu in the Outlet field. 6. Click Add. Note: It is not recommended to access the port associated with a power strip via RSC or CLI.
Chapter 15: Power Control 2. Click Add. The Port Power Association page opens. 3. Select the association in the Outlet Association list. 4. Click Delete. Power Strip Configuration Important: A maximum of 31 powerstrips can be run with the Dominion SX. To configure a power strip: 1. Choose Setup > Power Strip Configuration. 2. Click Add. The Power Strip Configuration page opens. 3. Type a name and description in the Name and Description fields. 4.
Chapter 15: Power Control 2. Click Add. The Power Association Groups page opens. 3. Type a name and description in the Group Name and Description fields. 4. Select the number of outlets from the drop-down menu in the Number of Outlets field. 5. Click OK. Power Control Click the Power Control tab to display the power control-related tools.
Chapter 15: Power Control Associations Power Control Choose Power Control > Associations Power Control to access the tool to manage power control associations. Note: When executing power on/off operation, about ~5 seconds are added to the configured sequential interval, resulting in an operational delay time (minimum amount of time to operate). If power cycle is selected, all associated outlets will be powered off sequentially, and then powered on sequentially.
Chapter 15: Power Control Power Strip Power Control Choose Power Control > Power Strip Power Control to access the Outlet Control page, where you can manage power strips.
Chapter 15: Power Control Power Strip Status Choose Power Control > Power Strip Status to check power strip status. CLI Command for Power Control CLI Port Power Association Description: Power Control menu - Associate a power strip outlet to an SX port Scenario #1 Pre-condition Port power association - add outlet Administrator user is logged in via CLI. Power Strip device (DPX) is physically connected to SX named PowerStr1. User is in power menu. Action Type command. Press Enter.
Chapter 15: Power Control Scenario #2 Pre-condition Port power association - associate 6 outlets to one port Administrator user is logged in via CLI. Power Strip device (DPX) is physically connected and configured to DSX named PowerStr1. User is in power menu. Action Type command - associate [port port] [powerstrip powerstrip] [outlet outlet] to associate Outlet1 to Port1 Press Enter. Repeat steps 3 and 4 for Outlet 2, 3, 4, 5 and 6.
Chapter 15: Power Control Scenario #4 Port power association - associate one outlet to two ports Power Strip device (DPX) is physically connected and configured to the SX named PowerStr1. User is in power menu. Action Enter command Press Enter CLI Input associate port 1 powerstrip PowerStr1 outlet 1 associate port 2 powerstrip PowerStr1 outlet 1 Scenario #5 Pre-condition Port power association - associate all available outlets to ports Administrator user is logged in via CLI.
Chapter 15: Power Control Scenario #7 Pre-condition Port power association - associate outlets from 6 different power strips to one port Administrator user is logged in via CLI. 6 Power Strip devices (DPX) are physically connected and configured to SX. User is in power menu. Action Enter Command to associate Port1 to Outlet1 of PowerStr1. Press Enter. Repeat steps 1 and 2 to associate Port1 with Outlet1 from each of the other PDUs.
Chapter 15: Power Control Scenario #1 Action Remove port power association Enter command. Press Enter. CLI Input Command: unassociate port 1 powerstrip PowerStr1 outlet 1 Scenario #2 Pre-condition Delete multiple outlets association Administrator user is logged in via CLI. Power Strip device (DPX) is physically connected and configured to the SX named PowerStr1. User is in power menu. Action Enter command. Press Enter.
Chapter 15: Power Control Scenario #2 CLI Input Power strip configuration after factory reset Command: factoryreset CLI Power Association Group Description: Power > PowerGroups menu Scenario #1 Pre-condition Create new power group Administrator user is logged in via CLI. Power strip device (DPX) named PowerStr1 is physically connected to Port1 of SX. Administrator is in Power > PowerGroups menu. Action Enter Command. Press Enter.
Chapter 15: Power Control CLI Input Command: addpowergroupport name "test Group" port port 2-4,10 Scenario #4 Pre-condition Remove group member Administrator user is logged in via CLI. Power strip device (DPX) named PowerStr1 is physically connected to Port1 of SX. Administrator is in Power > PowerGroups menu. Action Enter Command. Press Enter. CLI Input Command: deletepowergroupport name "Test Group" port 2 Scenario #5 Pre-condition Delete power group Administrator user is logged in via CLI.
Chapter 15: Power Control Scenario #2 Pre-condition Switch on/off all Outlets Administrator user is logged in via CLI. Power Strip device (DPX) named PowerStr1 is physically connected to Port1 of SX. Administrator is in power menu. Action Enter Command. Press Enter. CLI Input on powerstrip PowerStr1 outlet * off powerstrip PowerStr1 outlet * Scenario #3 Pre-condition Switch on/off group of outlets Administrator user is logged in via CLI.
Chapter 15: Power Control Scenario #5 Sequence interval for switch off operation Press Enter. Enter command to switch off group of outlets. Press Enter. CLI Input powerdelay sequence 2 off powerstrip PowerStr1 outlet 1,3,7 Scenario #6 Pre-condition Sequence interval for switch on operation Administrator user is logged in via CLI. Power Strip device (DPX) named PowerStr1 is physically connected to Port1 of SX. Administrator is in power menu. Action Enter command to set sequence interval. Press Enter.
Chapter 15: Power Control Scenario #1 Association Power Control - Recycle Port Association (Target is associated to One Outlet) Pre-condition Administrator user is logged in via CLI. Power Strip device (DPX) named PowerStr1 is physically connected to Port1 of SX. Port Power Association named Target2 is already created and available in the list. Outle1 of PowerStr1 is associated to Target2. Administrator is in Power Control > Associations Power Control menu.
Chapter 15: Power Control Scenario #3 Association Power Control - Recycle Port Association (Target is associated to Two Outlets from two different Power Strip devices) Port Power Association named Target2 is already created and available in the list. Outle1 of PowerStr1 is associated to Target2. Administrator is in Power Control > Associations Power Control menu. Action Select Port Association named Target2 Click on Power Recycle Interval and enter value Press Recycle button.
Chapter 15: Power Control Scenario #1 Turn ON Group Association Administrator is in power menu. Group Association named Group1 (shown in Fg.1) is already created. Action Enter Command. Press Enter. CLI Input Command: on nodegroup Group1 Scenario #2 Turn ON Group Association (outlets in association are with different statuses) Administrator user is logged in via CLI. Pre-condition Administrator is in power menu. Group Association named Group1 (shown in Fg.1) is already created.
Chapter 15: Power Control Scenario #4 CLI Input Turn OFF Group Association (outlets in association are with different statuses) Command: off nodegroup Group1 Scenario #5 Pre-condition Recycle Group Association Administrator user is logged in via CLI. Administrator is in power menu. Group Association named Group1 (shown in Fg.1) is already created. Action Enter Command. Press Enter.
Chapter 15: Power Control Scenario #8 Pre-condition Turn OFF Group and Port Association simultaneously Administrator user is logged in via CLI. Administrator is in power menu. Group Association named Group1 (shown in Fg.1) is already created. Port3 is already associated with outlet8 of PowerStr1 which has been created and available in the list. Action Enter Command. Press Enter.
Chapter 15: Power Control Scenario #1 CLI Input Power Strip Status Command: powerstrip name PowerStr1 Result Status of PDU should correctly display the following parameters: Power Consumption Average Power Apparent Power True RMS Voltage True RMS Current Maximum Current Status of the outlet breaker Internal Temperature Scenario #2 Pre-condition Status of Power Strip that is actually turn off or disconnected Administrator user is logged in via CLI.
Chapter 15: Power Control Scenario #4 Pre-condition Power Strip Status - Outlet status when port association is removed Administrator user is logged in via CLI. Power strip device (DPX) named PowerStr1 is physically connected to Port1 of SX. Outlet1 and Outlet2 are associated with Port1. Outlet1 and Outlet2 are with status "ON". Administrator is in Power menu. Action Check the current status of outlets - outlet1 is turn on Remove Outlet1 and Outlet2 from outlet association to Port1.
Appendix A Specifications This appendix contains sections describing: SX models and specifications Requirements and tested browser requirements SX hardware for connecting SX to common vendor models SX Serial RJ-45 pinouts DB9 and DB25 Nulling Serial Adapter Pinouts SX Terminal ports In This Chapter Dominion SX Models and Specifications...............................................227 Maximum Number of Connections for a Single User ............................230 Requirements .......
Appendix A: Specifications Model Ports Built-In Modem # of Ethernet Ports 2 Power Supply No # of Local Ports 2 DSXA-16-DL 16 DSXA-16-DL M 16 Yes 1 2 Dual AC DSXA-32 32 Yes 1 1 Dual AC DSXA-32-AC 32 No 2 1 Dual AC DSXA-32-DL 32 No 2 2 Dual AC DSXA-32-DL M 32 Yes 1 2 Dual AC DSXA-48 48 Yes 1 2 Dual AC DSXA-48-AC 48 No 2 2 Dual AC Dual AC The following table lists the Dominion SX models, their dimensions, and weights.
Appendix A: Specifications MODEL DSXA-48 DSXA-48-AC DIMENSIONS (W) x (D) x (H) 17.32" x 11.41" x 1.75"; 440 x 290 x 44 mm WEIGHT 17.32" x 11.41" x 1.75"; 440 x 290 x 44 mm 8.97lbs; 4.04 kg 8.97lbs; 4.04 kg The following table lists the information of Cables/Adapters/Brackets. The Dominion SX is able to support long distance cables.
Appendix A: Specifications Only RoHS and WEEE compliant units are available in the EU and other selected areas. RoHS and WEEE compliant units can be provided elsewhere upon request. CRLVR-15: 1. A Cat5 cable in YELLOW color with a length of 15 feet. 2.
Appendix A: Specifications Requirements The following table lists the requirements for the SX. Requirements Form factor Description 1U, rack mountable (brackets included on DSX16, DSX32, DSXA-8 and DSX48) Power 110/240VAC auto-switching: 50-60 Hz Max. power consumption 4-Port SX: 5.75W 8-port SX: 6W 16-port SX: 8W 32-port SX: 9.375W 48-port SX: 12.
Appendix A: Specifications PLATFORM WIN XP Professional SP2 - SUN JRE™ 1.5.0_06 BROWSER Internet Explorer® 6.0 Internet Explorer 7.0 Firefox® 2.0 Internet Explorer 6.0 WIN XP Home Edition SP2 - SUN JRE 1.5.0_06 Internet Explorer 7.0 Netscape® 7.1 FireFox 1.5.0.1 Mozilla® 1.6 WIN 2000 Professional SP4 SUN JRE 1.5.0_06 Internet Explorer 6.0 WIN 2000 Professional SP2 SUN JRE 1.4.2_05 Internet Explorer 6.0 Fedora Core® 4 JRE 1.4.2_05 ® FireFox 1.5.0.1 Mozilla 1.6 Netscape 7.1 Slackware 10.
Appendix A: Specifications Vendor Device Console Connector Serial Connection SX-48 models that have this connector to another Dominion SX.
Appendix A: Specifications 7 DSR 8 CTS See http://www.raritan.com/support for the latest information about the Dominion SX serial pinouts (RJ-45).
Appendix A: Specifications RJ-45 (female) 1 DB25 (female) 5 2 6, 8 3 3 4 1 5 7 6 2 7 20 8 4 DB25M Nulling Serial Adapter Pinouts RJ-45 (female) 1 DB25 (male) 5 2 6, 8 3 3 4 1 5 7 6 2 7 20 8 4 235
Appendix A: Specifications Dominion SX Terminal Ports All Dominion SX models, except the DSX16 and DSX32, have the same pinouts on the two DB9M serial ports. This applies to models with two serial ports. All dual-LAN (dual-power) models have one RJ-45 serial port. The DSX16 and DSX32 models have only one external DB9M serial port (labeled TERMINAL). All dual-LAN (dual-power) models have one RJ-45 serial port. The DSX16 and DSX32 models have only one external DB9M serial port (labeled TERMINAL).
Appendix A: Specifications DB9M PIN 3 SIGNAL TxD 4 DTR (H) 5 GND 6 7 RTS (H) 8 9 Dominion SX16 and SX32 Terminal Ports A modem should not be connected to the terminal ports on DSX16 and DSX32 because the Ring Indicator (RI) signal is not present. These models have a built-in modem that can be enabled or disabled. The modem is disabled by default.
Appendix A: Specifications Additional information about the Dominion SX16 and SX32 Terminal Ports: 238 Pins 1 and 9 are used to factory reset units shipped after August 2004. Units shipped prior to August 2004 have the DB9M port labeled RESERVED (not TERMINAL/RESERVED), since this port was used to factory reset the unit, with a Factory reset adapter shipped with each SX unit. Pins 1 and 6 were used for factory reset.
Appendix B System Defaults This appendix contains the system defaults and directions for port access. Item IP Address Default 192.168.0.192 Subnet Mask 255.255.255.
Appendix B: System Defaults Item Logging to NFS Default Serial Ports Baud Rate 9600 Parity None Flow Control None In This Chapter Initiate Port Access ................................................................................240 Supported Character Length of Various Field Types ............................
Appendix B: System Defaults You may have to open additional ports when NFS logging, LDAP servers, and so forth. These ports may vary from installation to installation, depending on network topologies, virtual Local Area Networks (VLANs), and firewall configurations. Contact your network administrator for site-specific information and settings.
Appendix B: System Defaults 242 Field Type Character Length Power Cycle Delay 5-60 Power Strip Name 64 Power Strip Description 255 Power Association Group Name 255 Power Association Group Description 255 PortLog Prefix 64 PortLog Timestamp 0-99999 PortLog NFS Update 0-99999 PortLog In/Out Directory 64 SMTP Username 255 SMTP Password 128 SMTP Source address 64 Event Destination 64 NFS Directory 128 SNMP Community 64 SNMP Dest Port 1-65535 Login Inactive Expiration 0-65535
Appendix C Certificates This appendix contains information on Certificates and Certificate Authorities and provides directions to: Install Dominion SX CA Certificate to a Browser Certificate. Install SX Server Certificate for IE Browsers. Install SX Server Certificate for Netscape Navigator®. Install a Third Party Root Certificate In Browsers. **Generate a CSR for a Third Party CA to sign. **Install Third Party Certificate to SX. **Install Client Certificate root into the SX.
Appendix C: Certificates Default SX Certificate Authority Settings The Server Certificate generated in the Dominion SX unit must be installed in the browser in order for the browser to trust the Server Certificate. Each time you access an SSL-enabled Dominion SX unit, you see a New Site Certificate window. You can accept this on a per-session basis or you can eliminate this window's appearance by accepting a session certificate permanently.
Appendix C: Certificates Remove an Accepted Certificate Removing a previously accepted certificate from a Dominion SX unit uses the same process whether removing a Raritan default certificate or removing a user-installed third-party certificate. Note: The Dominion SX does not use encrypted private keys. When removing encryption from the key, the Dominion SX uses a command such as openssl rsa -in server.key -out server2.key or server2.key. 1. Choose Tools > Options. 2.
Appendix C: Certificates 4. Select the Web Sites tab, select the certificate name that is the common name of the IP address of the Dominion SX, and click Delete. 5. Click OK on the Delete Web Site Certificates window to confirm the deletion of the certificate. 6. On the left side of this page, locate Certificates, and click Web Sites. 7. Click OK on the Options Advanced Window.
Appendix C: Certificates VeriSign Incorporated http://www.verisign.com/ http://www.verisign.com/ Note: Some CAs will provide the root certificate code in text format rather than providing a downloadable root certificate. If this occurs, select the root certificate code, copy it, and follow the steps outlined in the section Install the Raritan Root Certificate, then follow the steps outlined below.
Appendix C: Certificates Generate a CSR for a Third Party CA to Sign To have a third party CA certificate (for example, Verisign) installed on the Dominion SX rather than the internal CA on the Dominion SX signing the certificate, a Certificate Signing Request (CSR) must be generated by the SX to be signed. The third party CA will take this CSR and generate a Certificate. This certificate must be installed on the Dominion SX along with the CA's public key in order for this certificate to be enabled.
Appendix C: Certificates 5. Send the generated CSR to a third party CA to get it signed. 6. CA returns a Signed Certificate built from the CSR. 7. Install the certificate to Dominion SX. 8. Reboot the Dominion SX unit. If the CSR is generated by an external source: 1. Generate a CSR for the Dominion SX by an external computer. 2. Send this CSR to the third party CA to get it signed. 3. CA returns a Signed Certificate built from the CSR. 4. Install the certificate to the Dominion SX. 5.
Appendix C: Certificates Install Client Root Certificate into the DominionSX In order for Client Certificates to be recognized as valid by the SX, the Root Certificate of the CA that signed the Client Certificates must be installed on the SX unit with the following steps: 1. Retrieve the CA's Root certificate used to sign the client certificates and place it on an accessible FTP server 2. Choose Security > SSL Client Certificates. 3. Select Install Certificate Authority. 4.
Appendix C: Certificates 6. If the certificate is ASCII encoded, select ASCII. If it is a binary certificate file, select binary. 7. Enter a unique name for this certificate to be stored on the Dominion SX. 8. Click OK and the Dominion SX should retrieve the specified certificate file with supplied credentials. Import Certificates from Windows XP Follow these steps to load the Dominion SX certdb with sufficient certificates to allow for LDAP connectivity: 1. Launch Internet Explorer®. 2.
Appendix C: Certificates Import Certificates from Dominion SX via CLI A user with Administrator privileges can do the following to import certificates for LDAP. Type the configuration command and issue the following commands: Config > Authentication > LDAP > LDAPS >getservercert ip login password path / file ROOT_BIN.
Appendix C: Certificates D4:1D:8C:D9:8F:00:B2:04:E9:80:09:98:EC:F8:42:7E Fingerprint (SHA1): DA:39:A3:EE:5E:6B:4B:0D:32:55:BF:EF:95:60:18:90:AF:D8:07:09 Signature Algorithm: PKCS #1 MD2 With RSA Encryption Signature: 65:dd:7e:e1:b2:ec:b0:e2:3a:e0:ec:71:46:9a:19:11: b8:d3:c7:a0:b4:03:40:26:02:3e:09:9c:e1:12:b3:d1: 5a:f6:37:a5:b7:61:03:b6:5b:16:69:3b:c6:44:08:0c: 88:53:0c:6b:97:49:c7:3e:35:dc:6c:b9:bb:aa:df:5c: bb:3a:2f:93:60:b6:a9:4b:4d:f2:20:f7:cd:5f:7f:64: 7b:8e:dc:00:5c:d7:fa:77:ca:39:16:59:6f:0e:ea:d3:
Appendix D Server Configuration This appendix contains sections describing the steps to configure Dominion SX units and authentication servers for the following authentication protocols: Microsoft Internet Authentication Service (IAS) RADIUS Server Cisco Access Control Server (ACS) Radius Server TACACS+ (Terminal Access Controller Access-Control System Plus) In This Chapter Microsoft IAS RADIUS Server .............................................................. 254 Cisco ACS RADIUS Server ....
Appendix D: Server Configuration 3. Highlight Networking Services then click the Details... button. 4. Select the Internet Authentication Service checkbox and then click OK. 5. Click Next> and continue with the wizard steps. IAS Active Directory Access If using a Domain Controller, set IAS to access the Active Directory® using the following steps: 1. Launch IAS (choose Start > All Programs > Administrative Tools > Internet Authentication Service). 2.
Appendix D: Server Configuration 4. The Policy Conditions dialog appears. Click the Add... button. 5. Select the NAS-IP-Address name and click the Add... button. Type the IP address of the Dominion SX unit. 6. Type a second condition using the name Windows-Group and the value SX User Group. Click Next>. 7. Select the Grant remote access permission radio button. 8. Click Next>. The Profile dialog appears. 9. Click the Edit Profile... button. 10. Choose the Authentication tab.
Appendix D: Server Configuration Note: If required, create a policy to allow dialup access to all users that are members of a group (Windows® may already have a default Policy in place to permit access by any user with Dial In enabled, so this new policy would be optional. If you want to use a new Policy, ensure that it appears above the default policy). 17. Ensure that the service is started. 18.
Appendix D: Server Configuration 4. Click Network Configuration in the left panel of the page and select Add Entry to add/edit an AAA Client. This must be done for each unit that is going to be accessed via RADIUS. 5. Click Authenticate Using drop-down menu and select RADIUS (IETF). 6. Click Submit. 7. Click Interface Configuration in the left panel of the page. 8. Click the RADIUS (IETF) link to edit properties. 9. Under the User and Group columns, select the Filter-Id checkbox. 10. Click Submit. 11.
Appendix D: Server Configuration Note: If there is more then one Radius user requiring the same authorization on the Dominion SX, the Filter-Id attribute and its value can be defined at the group level on the Cisco ACS as long as these users belong to the same group. TACACS+ Server Configuration The Dominion SX unit has the capability to use Terminal Access Controller Access-Control System Plus (TACACS+) for authentication services.
Appendix D: Server Configuration CiscoSecure ACS These instructions are written for CiscoSecure ACS version 3.2. Note: See the following URL: http://cisco.com/en/US/products/sw/secursw/ps2086/products_user_guid e_chapter09186a008007cd49.html#12231 1. Add Dominion SX as a client on Cisco ACS TACACS+.
Appendix D: Server Configuration 2. Select Interface Configuration. 3. Select TACACS+ (Cisco IOS). 4. Add dominionsx service under the heading New Services.
Appendix D: Server Configuration 5. When adding or editing a user or group, the dominionsx service will appear under the heading TACACS+ Settings. The service can be enabled per user or per group by selecting the dominionsx and Custom Attributes checkboxes. Add the attributes (user-type) and the appropriate values to the text box. Note: The value for the user-group attribute is case sensitive; ensure that it matches exactly the same as the local group name on Dominion SX unit.
Appendix D: Server Configuration Active Directory Microsoft Active Directory® uses the LDAP protocol natively, and can function as an LDAP server and authentication source for the Dominion SX. See the following Microsoft URL for information about Active Directory: http://support.microsoft.com/default.aspx?scid=kb;en-us;321051 If you choose LDAP authentication protocol, complete the LDAP fields as follows: Default Port / User Defined Port - By default, LDAP uses port 389.
Appendix E Modem Configuration If you are connecting to HyperTerminal via modem and are using a Dominion SX prior to version 3.1.7, do not disconnect from HyperTerminal without first properly logging off. Disconnecting without logging off will cause the modem to still believe it is connected to HyperTerminal, which prevents users from dialing back in and reestablishing a connection. This issue only occurs with Dominion SX versions prior to 3.1.7. In This Chapter Client Dial-Up Networking Configuration ....
Appendix E: Modem Configuration 2. Click New in the Dial-Up Networking dialog. The New Phonebook Entry dialog allows you to configure the details of this connection. 3.
Appendix E: Modem Configuration Dial using - Modem being used to connect to Dominion SX; if there is no entry here, there is no modem installed in your workstation 4. Click the Security tab. The Security section allows you to specify the level of security to use with the modem connection. When connecting to the Dominion SX, security is provided by SSL/ with RC4 encryption, therefore no dial-up security is required.
Appendix E: Modem Configuration 5. Click the "Accept any authentication including clear text" radio button. 6. Click OK to return to the main Dial page. 7. Click Dial. See the Windows NT® Users Guide if you receive any error messages. Windows 2000 Dial-Up Networking Configuration 1. Choose Start > Programs > Accessories > Communications > Network and Dial-Up Connections.
Appendix E: Modem Configuration 2. Double-click the Make New Connection icon when the Network and Dial-Up Connections window appears. 3. Click Next and follow the steps in the Network Connection Wizard dialog to create custom dial-up network profiles.
Appendix E: Modem Configuration 4. Click the Dial-up to private network radio button and click Next. 5. Select the checkbox before the modem that you want to use to connect to the Dominion SX and then click Next. 6. Type the area code and phone number you wish to dial in the appropriate fields.
Appendix E: Modem Configuration 7. Click the Country/region code drop-down arrow and select the country or region from the list. 8. Click Next. The Connection Availability dialog appears. 9. Click the Only for myself radio button in the Connection Availability dialog.
Appendix E: Modem Configuration 10. Click Next. The Network Connection has been created. 11. Type the name of the Dial-up connection. 12. Click Finish. 13. Click Dial to connect to the remote machine when the Dial dialog appears. A dialog indicating that a successful connection has been established will appear. Consult the Windows 2000® Dial-up Networking Help if you receive any error messages. Windows Vista Dial-Up Networking Configuration (Shared KSX II, SX) 1. Click Start and then click Network.
Appendix E: Modem Configuration Windows XP Dial-Up Networking Configuration 1. Choose Start > Programs > Accessories > Communications > New Connection Wizard. 2. Click Next and follow the steps in the New Connection Wizard to create custom dial-up network profiles. 3. Click the Connect to the Internet radio button and click Next.
Appendix E: Modem Configuration 4. Click the "Set up my connection manually" radio button and click Next.
Appendix E: Modem Configuration 5. Click the "Connect using a dial-up modem" radio button and click Next.
Appendix E: Modem Configuration 6. Type a name to identify this particular connection in the ISP Name field and click Next.
Appendix E: Modem Configuration 7. Type the phone number for the connection in the Phone number field and click Next. 8. Type your ISP information. Type the user name and password in the appropriate fields, and retype the password to confirm it.
Appendix E: Modem Configuration 9. Select the checkbox before the appropriate option below the fields and click Next. 10. Click Finish. 11. Click Dial to connect to the remote machine when the Dial dialog appears. A dialog indicating that you connected successfully appears. If you get any errors, consult Windows XP® Dial-up Networking Help. Note: The maximum modem speed connecting to the Dominion SX is 33,600 bps, as it is a Linux® default limitation.
Appendix F Troubleshooting The following tables describe problems and suggested solutions for the problems. In This Chapter Page Access ..........................................................................................278 Firewall ..................................................................................................279 Login ......................................................................................................280 Port Access ..............................................
Appendix F: Troubleshooting Problem Solution DNS error and reading that the server is unreachable. Remove any installed Dominion SX certificates and restart the browser. Unsupported Encryption The unit supports only 128-bit SSL encryption. In Internet Explorer®, view Help > About Internet Explorer and determine the maximum SSL bit strength for the browser. If it is not at the desired strength, it is recommended that the browser be upgraded.
Appendix F: Troubleshooting Problem SSL Security Warnings Solution The unit embeds its Internet Address (IP) in its SSL certificate. Should the firewall perform Network Address Translation (NAT), the SSL certificate will not match the IP address recognized by the browser generating a security warning. This is normal behavior. The warning message does not affect operation of the unit. Login Problem Login Failure Solution To provide additional security, the unit login page expires after three minutes.
Appendix F: Troubleshooting change port access rights to a user who is already logged in to the unit. Upgrade Problem FTP - Server Unreachable Solution If FTP server specified in the upgrade panel is unreachable or incorrect, the upgrade process halts until a response is received from the FTP server or until a timeout occurs. Wait and allow the FTP Server Unreachable message to appear.
Appendix F: Troubleshooting 282
Appendix F: Troubleshooting Problem Upgrade failed in dual-LAN units Solution While upgrading dual-LAN units from 2.5.x versions, an error message appears stating "The upgrade has failed. Check your upgrade directory and/or your connections, and try again.". (See the figure below for details.) In order to properly complete the upgrade, do not reboot the unit when the message appears, but re-apply the upgrade pack again.
Appendix F: Troubleshooting Modem Problem Login Failure Solution The unit supports Web-browser access through the modem at connection speeds of 28.8K bps or greater. If the baud rate is insufficient, the user may be unable to log in to the unit via the modem. 28.8K bps minimum connection speed is recommended for browser-based modem authentications (login). For CLI-based access, using SSH or Telnet, speed as low as 9600bps is adequate.
Appendix F: Troubleshooting resolve. This problem seems to stem from the Vista's implementation of TCP auto tuning. Vista's Enterprise (and Business) editions utilize an aggressive scaling factor, which causes issues in packet segmentation, leading to SSH handshake messages being split apart and connection to never complete. The problem with Vista, is what Vista is doing when it sees that the SX cannot support the window scaling size of 8. Microsoft has described this problem at http://support.microsoft.
Appendix F: Troubleshooting Lines are Overwritten after Column 80 in Linux The default Linux® terminal setting is to display 80 columns at a time. However, RSC defaults to 132 columns. Since the defaults do not match, the last line in the columns may be overwritten when you perform a carriage return at the end of the last line. To avoid this, set the default display columns to the same value or execute the stty cols 132 command.
Index A About Security Profiles • 90 Accept a Certificate (Session-Based) • 244 Accessing Telnet from a Windows PC • 120 Accessing the Dominion SX Using CLI • 118 Acronyms • 1 Active Directory • 263 Add a New Certificate Revocation List to the SX • 87 Add a New Static Route • 28 Add an IPTables Rule • 92 Addgroup Command • 168 Adduser Command • 169 Administering the Dominion SX Console Server Configuration Commands • 128, 136 Administrator Tools - Process Status • 115 Anonymous Port Access • 47 Associations
Index Configuring Logging and Alerts • 130 Configuring Modem Access • 26 Configuring Network • 146 Configuring NFS • 151 Configuring NFS Logging • 101 Configuring Ports • 45, 153 Configuring Power • 172 Configuring RADIUS • 38 Configuring Services • 158 Configuring SMTP Logging • 98 Configuring SNMP • 165 Configuring SNMP Logging • 102 Configuring TACACS+ • 41 Configuring the Basic Network Settings • 22 Configuring the Network Service Settings • 23 Configuring Time • 167 Configuring Users • 168 Configuring
Index G Generate a Certificate Signing Request • 82 Generate a CSR for a Third Party CA to Sign • 248 Getconfig Command • 151 Give the Dominion SX a Name • 22 Groups Command • 171 H Hardware Installation • 8 Help • 65 How to - Dominion SX Essentials • xiv HTTP Command • 162 HTTPS Command • 163 I Idletimeout Command • 194 Import Certificates from Dominion SX via CLI • 252 Import Certificates from Windows XP • 251 Importing Certificates for LDAP • 250 Inactiveloginexpiry Command • 194 Initial Configuration
Index Microsoft IAS RADIUS Server • 254 Modem • 284 Modem Configuration • 21, 264 Modem Connection (Optional) • 21 Modify a User Group • 37 Modify a User Profile • xvii, 32 N Name Command • 147, 148, 179 Navigation of the CLI • 119, 122 Network Configuration • 19 Network Infrastructure Tools • 112 Network Settings and Services • 22 Network Statistics • 113 NFS Encryption Enable Command • 140 nfsgetkey Command • 139 nfssetkey Command • 139 Notices • 2 NTP Command • 167 P Package Contents • 6 Page Access •
Index SMNP Add Command • 166 SNMP Command • 166 SNMP Delete Command • 166 Specifications • iii, 227 SSH Access from a UNIX/Linux Workstation • 119 SSH Access from a Windows PC • 118 SSH Command • 164 SSH Connection • 284 SSH Connection to the Dominion SX • 118 SSL Client Certificate • 85 Standalone Raritan Serial Client Requirements • 66 Standalone Raritan Serial Console Installation • 65 Status of Active Network Interfaces • 112 Strong Password Settings • 80 Strong Security and User-Authentication • 5 Str
U.S./Canada/Latin America Monday - Friday 8 a.m. - 6 p.m. ET Phone: 800-724-8090 or 732-764-8886 For CommandCenter NOC: Press 6, then Press 1 For CommandCenter Secure Gateway: Press 6, then Press 2 Fax: 732-764-8887 Email for CommandCenter NOC: tech-ccnoc@raritan.com Email for all other products: tech@raritan.com China Europe Europe Monday - Friday 8:30 a.m. - 5 p.m. GMT+1 CET Phone: +31-10-2844040 Email: tech.europe@raritan.com United Kingdom Monday - Friday 8:30 a.m. to 5 p.m.
