Page 1
Order toll-free in the U.S.: Call 877-877-BBOX (outside U.S. call 724-746-5500) Customer FREE technical support 24 hours a day, 7 days a week: Call 724-746-5500 or fax 724-746-0746 Support Mailing address: Black Box Corporation, 1000 Park Drive, Lawrence, PA 15055-1018 Information Web site: www.blackbox.com • E-mail: info@blackbox.com...
Page 2
Value-Line and Advanced Console Servers Manual Trademarks Used in this Manual Black Box and the Double Diamond logo are registered trademarks of BB Technologies, Inc. Cisco is a registered trademark of Cisco Technology, Inc. Mac is a registered trademark of Apple Computers, Inc.
Page 3
We‘re here to help! If you have any questions about your application or our products, contact Black Box Tech Support at 724-746-5500 or go to blackbox.com and click on “Talk to Black Box.” You’ll be live with one of our technical experts in less than 60 seconds.
Page 4
Value-Line and Advanced Console Servers Manual Federal Communications Commission and Industry Canada Radio Frequency Interference Statements This equipment generates, uses, and can radiate radio-frequency energy, and if not installed and used properly, that is, in strict accordance with the manufacturer’s instructions, may cause inter ference to radio communication. It has been tested and found to comply with the limits for a Class A computing device in accordance with the specifications in Subpart B of Part 15 of FCC rules, which are designed to provide reasonable protection against such interference when the equipment is operated in a commercial environment.
Page 5
Value-Line and Advanced Console Servers Manual Instrucciones de Seguridad (Normas Oficiales Mexicanas Electrical Safety Statement) 1. Todas las instrucciones de seguridad y operación deberán ser leídas antes de que el aparato eléctrico sea operado. 2. Las instrucciones de seguridad y operación deberán ser guardadas para referencia futura. 3.
Page 6
2.2.2 LES1116A,
L ES1132A
a nd
L ES1148A
p ower 2.2.4 LES1108A
p ower 2.3
Network
c onnection
23
2.4
Serial
P ort
c onnection
...
Page 7
4.1.8 NMEA Streaming 4.1.9 Cisco USB console connection 4.2
Add/
E dit
U sers
57
4.3
Authentication
60
4.4
Network
H osts
60
4.5
Trusted
...
Page 8
6.2
SDT
C onnector
c lient
c onfiguration
104
6.2.1 SDT
C onnector
i nstallation 6.2.2 Configuring
a
n ew
c onsole
s erver
g ateway
i n
t he
S DT
C onnector
c lient ...
Page 9
POWER
&
E NVIRONMENTAL
M ANAGEMENT
151
8.1
Remote
P ower
C ontrol
( RPC)
151
8.1.1 RPC
c onnection 8.1.2 RPC
a ccess
p rivileges
a nd
a lerts ...
Page 10
11.2
Upgrade
F irmware
199
11.3
Configure
D ate
a nd
T ime
199
11.4
Configuration
B ackup
200
11.5
Delayed
C onfiguration
C ommit
202
...
15.1.7
Running
c ustom
s cripts
w hen
a
c onfigurator
i s
i nvoked 15.1.8
Backing-‐up
t he
c onfiguration
a nd
r estoring
u sing
a
l ocal
U SB
s tick ...
This
U ser’s
M anual
w alks
y ou
t hrough
i nstalling
a nd
c onfiguring
y our
B lack
B ox
C onsole
S erver
(LES1108A,
L ES1116A,
L ES1132A,
L ES1148A,
L ES1508A)
o r
A dvanced
C onsole
S erver
( LES1208A-‐R2,
...
A
User
can
also
use
the
Management
Console,
but
has
limited
menu
access
to
control
select
devices,
review
t heir
l ogs
a nd
a ccess
t hem
u sing
t he
b uilt-‐in
j ava
t erminal
o r
c ontrol
p ower
t o
t hem.
The
console
server
runs
an
embedded
Linux
operating
system,
and
experienced
Linux®
and
UNIX®
users
...
Page 16
October
2 011
2.0
Release
f or
V 2.8
f irmware
a nd
l ater
December
2 012
3.0
...
LES1116A
16
-‐
1
1
-‐
00
Single
A C
16/64MB LES1108A
8
-‐
1
1
-‐
00
Ext
A C/DC
8/16MB
...
Page 19
If
y ou
a re
i nstalling
t he
c onsole
s erver
i n
a
r ack,
y ou
w ill
n eed
t o
a ttach
t he
r ack
m ounting
brackets
...
Page 20
DB9F-‐RJ45S
s traight
a nd
D B9F-‐RJ45S
c ross-‐over
c onnectors
USB micro-AB adapter cable Antenna with 10 foot extension cable Dual
I EC
A C
p ower
c ords
...
Printed
Q uick
S tart
G uide
2.1.5
Kit
c omponents
L ES1108A
C onsole
S erver
LES1108A
C onsole
S erver
...
Page 22
VDC
connector
from
the
power
supply
plugs
into
the
12VDC
(PWR)
power
socket
on
the
side
of
the
LES1508A.
2.2.2
LES1408A
-‐
L ES1448A,
L ES1308A-‐
L ES1348A
a nd
L ES1208A
-‐
L ES1248A
p ower
The
...
connecting to USB consoles of Managed Devices (e.g. for managing UPS supplies) attaching other external USB peripherals (e.g. an external USB memory stick or modem) adding supported Sierra Wireless cellular USB modems plugging in USB hubs to provide additional ports The USB1.1 port is best reserved for use with an external USB memory stick...
Chapter 3 Initial System Configuration SYSTEM
C ONFIGURATION
Introduction
This
c hapter
p rovides
s tep-‐by-‐step
i nstructions
f or
t he
c onsole
s erver’s
i nitial
c onfiguration,
a nd
f or
connecting
...
After
completing
each
of
the
above
steps,
you
can
return
to
the
configuration
list
by
clicking
in
the
top
left
c orner
o f
t he
s creen
o n
t he
B lack
B ox
l ogo.
...
Page 30
Click
A pply.
S ince
y ou
h ave
c hanged
t he
p assword
y ou
w ill
b e
p rompted
t o
l og
i n
a gain.
T his
time,
...
3.3
Network
I P
a ddress
The
n ext
s tep
i s
t o
e nter
a n
I P
a ddress
f or
t he
p rincipal
E thernet
( LAN/Network/Network1)
p ort
o n
t he
console
...
Page 32
Enter
h ttp://new
I P
a ddress
t o
r econnect
t he
b rowser
o n
t he
P C/workstation
t hat
i s
c onnected
to
...
Page 33
Specify
t he
M aximum
a ttempts
p er
u pdate
i .e.
t he
n umber
o f
t imes
t o
a ttempt
a n
u pdate
...
Page 34
The Services Access settings specify which services the Administrator can use over which network interface to access the console server. It also nominates the enabled services that the Administrator and the User can use to connect through the console server to attached serial and network connected devices.
Page 35
in
rackmount
models.
To
modify
the
default
SNMP
settings,
the
Administrator
must
make
the
edits
at
the
command
line
as
described
in
Chapter
15—Advanced
Configuration.
TFTP
This
service
will
set
up
the
default
tftp
server
on
the
USB
flash
card
(and
is
relevant
...
To
u se
P uTTY
f or
a n
S SH
t erminal
s ession
f rom
a
Windows
client,
enter
the
console
server’s
IP
address
...
Page 39
3.6.1
Enable
t he
M anagement
L AN
The
LES1508A,
LES1408A,
LES1416A,
LES1432A,
LES1448A,
LES1308A,
LES1316A,
LES1332A,
LES1348A,
LES1208A-‐R2,
LES1216A-‐R2,
LES1232A
and
LES1248A-‐R2
console
servers
provide
a
firewall,
router,
and
DHCP
...
Page 40
Note You can configure the second Ethernet port as either a gateway port or as an OOB/Failover port (but not both). Make sure you did not allocate Network 2 as the Failover Interface when you configured the principal Network connection on the System: IP menu. The
...
Page 41
Enter
t he
D efault
L ease
t ime
a nd
M aximum
L ease
t ime
i n
s econds.
T he
l ease
t ime
i s
t he
t ime
that
...
Page 42
By
d efault,
t he
f ailover
i s
n ot
e nabled.
T o
e nable,
s elect
t he
N etwork
p age
o n
t he
S ystem:
I P
menu.
...
Page 43
Click
A pply.
Y ou
h ave
s elected
t he
f ailover
m ethod.
I t
i s
n ot
a ctive
u ntil
y ou
s pecify
t he
e xternal
sites
...
Page 44
Select
E nable
B ridging
o n
t he
S ystem:
I P
G eneral
S ettings
m enu.
Select
B ridge
I nterfaces
o r
B ond
I nterfaces
When
...
Page 45
To add to the static route to the route table of the system: Select the Route Settings tab on the System: IP General Settings menu. Enter a meaningful Route Name for the route . In the Destination Network/Host field enter the IP address of the destination network/host that the route provides access to.
Chapter 4 Serial Port, Host, Device & User Configuration SERIAL PORT AND NETWORK HOST Introduction
The
Black
Box
console
server
enables
access
and
control
of
serially
attached
devices
and
network
attached
devices
(hosts).
The
Administrator
must
configure
access
privileges
for
each
of
these
devices,
...
Page 47
Console
Server
Mode
is
the
default
and
this
enables
general
access
to
serial
console
port
on
the
serially
a ttached
d evices.
Device
Mode
sets
the
serial
port
up
to
communicate
with
an
intelligent
serial
controlled
PDU,
UPS,
...
Page 48
Specify
a
l abel
f or
t he
p ort.
Select
the
appropriate
Baud
Rate,
Parity,
Data
Bits,
Stop
Bits,
and
Flow
Control
for
each
port.
(Note:
T he
R S-‐485/RS-‐422
o ption
i s
n ot
r elevant
f or
c onsole
s ervers.)
Before
proceeding
with
further
serial
port
configuration,
connect
the
ports
to
the
serial
devices
...
Page 49
Logging
L evel
This
s pecifies
t he
l evel
o f
i nformation
t o
b e
l ogged
a nd
m onitored
( referto
C hapter
7 —
Alerts
...
Page 50
If
the
remote
communications
are
tunneled
with
SDT
Connector,
then
you
can
use
Telnet
to
securely
a ccess
t hese
a ttached
d evices
( refer
t o
t he
N ote
b elow).
...
Page 51
PuTTY can be downloaded at http://www.tucows.com/preview/195286.html SSH
We
recommend
that
you
use
SSH
as
the
protocol
where
the
User
or
Administrator
connects
to
t he
c onsole
s erver
( or
c onnects
t hrough
t he
c onsole
s erver
t o
t he
a ttached
s erial
c onsoles)
over
...
Page 52
For
a
U ser
n amed
“ fred”
t o
a ccess
s erial
p ort
2 ,
w hen
s etting
u p
t he
S SHTerm
o r
t he
P uTTY
SSH
...
Page 53
Web
T erminal
S electing
W eb
T erminal
e nables
w eb
b rowser
a ccess
t o
t he
s erial
p ort
v ia
M anage:
Devices:
...
Page 54
For
c onfiguration
d etails,
r efer
t o
C hapter
6 .6—Using
S DT
C onnector
t o
T elnet
o r
S SH
c onnect
t o
d evices
that
...
Page 55
4.1.6
Serial
B ridging
M ode
With
serial
bridging,
the
serial
data
on
a
nominated
serial
port
on
one
console
server
is
encapsulated
into
...
For
e xample,
i f
t he
c omputer
a ttached
t o
s erial
p ort
3
s hould
n ever
s end
a nything
o ut
o n
i ts
s erial
console
...
Page 57
4.2
Add/
E dit
U sers
The
Administrator
uses
this
menu
selection
to
set
up,
edit,
and
delete
users,
and
to
define
the
access
...
Page 58
2. Membership of the user group provides the user with limited access to the console server and connected Hosts and serial devices. These Users can access only the Management section of the Management Console menu and they have no command line access to the console server.
Page 59
Click
A dd
U ser
t o
a dd
a
n ew
u ser.
Add
a
U sername
a nd
a
c onfirmed
P assword
f or
e ach
n ew
u ser.
Y ou
m ay
a lso
i nclude
information
...
Page 60
Click
A pply.
T he
n ew
u ser
c an
n ow
a ccess
t he
N etwork
D evices,
P orts,
a nd
R PC
O utlets
y ou
nominated
...
Selecting
S erial
&
N etwork:
N etwork
H osts
p resents
a ll
t he
n etwork
c onnected
H osts
t hat
h ave
been
...
Page 62
Select
S erial
&
N etwork:
T rusted
N etworks.
To
a dd
a
n ew
t rusted
n etwork,
s elect
A dd
R ule.
...
Page 63
Note The above Trusted Networks will limit Users and Administrators access to the console serial ports. They do not restrict access to the console server itself or to attached hosts. To change the default settings for this access, you will to need to edit the IPtables rules as described in Chapter 14—Advanced.
Page 64
Next,
y ou
m ust
s elect
w hether
t o
g enerate
k eys
u sing
R SA
a nd/or
D SA
( if
u nsure,
s elect
o nly
R SA).
Generating
...
Page 65
Next,
y ou
m ust
r egister
t he
P ublic
K ey
a s
a n
A uthorized
K ey
o n
t he
S lave.
I n
a
c ase
t hat
h as
o nly
o ne
Master
...
Page 66
Once
t he
S SH
c onnection
h as
b een
e stablished,
t he
s ystem
a sks
y ou
t o
a ccept
t he
k ey.
A nswer
y es
a nd
the
...
Page 67
Once
y ou
h ave
a dded
a ll
t he
S lave
c onsole
s ervers,
y ou
c an
a ssign
a nd
a ccess
t he
S lave
s erial
p orts
a nd
the
...
This
serial
port
redirector
software
is
loaded
in
your
desktop
PC,
and
it
allows
you
to
use
a
serial
device
that’s
c onnected
t o
t he
r emote
c onsole
s erver
a s
i f
i t
w ere
c onnected
t o
y our
l ocal
s erial
p ort.
...
Page 69
Select
t he
c onnection
t ype
f or
t he
n ew
c onnection
( Serial,
N etwork
H ost,
U PS,
o r
R PC)
a nd
t hen
select
...
Note To set up a new serially connected RPC UPS or EMD device, configure the serial port, designate it as a Device, then enter a Name and Description for that device in the Serial & Network: RPC Connections (or UPS Connections or Environmental). When applied, this will automatically create a corresponding new Managed Device with the same Name /Description as the RPC/UPS Host (refer to Chapter 8—Power and Environment).
Page 71
console
s ervers provide a simple GUI interface for basic set up as described below. However for more detailed information on configuring Openswan IPsec at the command line and interconnecting with other IPsec VPN gateways and road warrior IPsec software refer http://wiki.openswan.org 4.9.1
...
Page 72
If the VPN gateway is serving as a VPN gateway to a local subnet (e.g. the console server has a Management LAN configured) enter the private subnet details in Left Subnet. Use the CIDR notation (where the IP address number is followed by a slash and the number of ‘one’ bits in the binary notation of the netmask).
Page 73
Enter any descriptive name you wish to identify the OpenVPN Tunnel you are adding, for example NorthStOutlet-VPN Select the Device Driver to be used, either Tun-IP or Tap-Ethernet. The TUN (network tunnel) and TAP (network tap) drivers are virtual network drivers that support IP tunneling and Ethernet tunneling, respectively.
Page 74
If Server has been selected, enter the IP Pool Network address and the IP Pool Network mask for the IP Pool. The network defined by the IP Pool Network address/mask is used to provide the addresses for connecting clients. Click Apply to save changes ...
Page 75
When the OpenVPN software is started, the C:\Program Files\OpenVPN\config folder will be scanned for “.opvn” files. This folder will be rechecked for new configuration files whenever the OpenVPN GUI icon is right-clicked. So once OpenVPN is installed, a configuration file will need to be created: ...
Page 76
5 = helps with debugging connection problems 9 = extremely verbose, excellent for troubleshooting dev tun Select ‘dev tun’ to create a routed IP tunnel or ‘dev tap’ to create an dev tap Ethernet tunnel. The client and server must use the same settings. remote <host>...
Page 77
The log file will be displayed as the connection is established Once established, the OpenVPN icon will display a message notifying of the successful connection and assigned IP. This information, as well as the time the connection was established, is available anytime by scrolling over the OpenVPN icon.
4.11
PPTP
V PN
The
L ES1508A,
L ES1408A,
L ES1416A,
L ES1432A,
L ES1448A,
L ES1308A,
L ES1316A,
L ES1332A,
L ES1348A,
LES1208A-‐R2,
L ES1216A-‐R2,
L ES1232
a nd
L ES1248A-‐R2
c onsole
s ervers
i nclude a PPTP (Point-to-Point Tunneling Protocol) server.
Page 79
Select the Enable check box to enable the PPTP Server Select the Minimum Authentication Required. Access is denied to remote users attempting to connect using an authentication scheme weaker than the selected scheme. The schemes are described below, from strongest to weakest. •...
Page 80
Enable Verbose Logging to assist in debugging connection problems Click Apply Settings 4.11.2 Add a PPTP user Select Users & Groups on the Serial & Networks menu and complete the fields as covered in section 4.2. Ensure the pptpd Group has been checked, to allow access to the PPTP VPN server. Note - users in this group will have their password stored in clear text.
Page 81
Note: To connect remote VPN clients to the local network, you need to know the user name and password for the PPTP account you added, as well as the Internet IP address of the console server. If your ISP has not allocated you a static IP address, consider using a dynamic DNS service.
Page 82
Chapter 5 Firewall, Failover Dial Access FIREWALL, FAILOVER AND OoB DIAL-IN Introduction
The
c onsole
s erver
h as
a
n umber
o f
f ail-‐over
a nd
o ut-‐of-‐band
a ccess
c apabilities
t o
m ake
s ure
i t’s
available
...
Page 83
external modem via a serial cable to the DB9 port, and you can configure the second Ethernet port for broadband OoB access. Make sure you unplug the console server power before installing the modem. When it next boots, it will detect the modem and a PC Card Modem tab will appear under System -> Dial. LES1508A,
...
Page 84
In
t he
R emote
A ddress
f ield,
e nter
t he
I P
a ddress
t o
b e
a ssigned
t o
t he
d ial-‐in
c lient.
Y ou
c an
select
...
Page 85
Note: The User name and Password to be used for the dial-in PPP link are setup when the User is initially set up with dialin Group membership. The dialin Group supports multiple dial-in users. Any dial-back phone numbers are also configured when the User is set up. ...
Page 86
Enter
t he
P PP
U ser
n ame
a nd
P assword
y ou
s et
u p
f or
t he
c onsole
s erver.
...
active
broadband
access
paths
to
the
console
server,
if
you
are
unable
to
access
it
through
the
primary
management
network
(Network
or
Network1),
you
can
still
access
it
through
the
alternate
broadband
path
...
On
the
Management
LAN
Interface
-‐
Network
2,
configure
the
IP
Address/Subnet
Mask/Gateway
the
s ame
a s
N etwork
I nterface
-‐
N etwork
1 .
In
t his
m ode,
N etwork
2
( eth1)
i s
a vailable
a s
t he
t ransparent
b ack-‐up
p ort
t o
N etwork
1
( eth0)
f or
accessing
...
5.4.2
Failover
d ial-‐out
The
c onsole
s erver
m odem
c an
b e
c onfigured
s o
a
d ial-‐out
P PP
c onnection
i s
a utomatically
s et
u p
i n
t he
event
...
Page 91
Note: Your 3G carrier may have provided you with details for configuring the connection including APN (Access Point Name), Pin Code (optional PIN code which may be required to unlock the SIM card), Phone Number (the sequence to dial to establish the connection, defaults to *99***1#), Username/ Password (optional) and Dial string (optional AT commands).
5.6.2 Connect to the CDMA EV-DO carrier network The LES1408A, LES1416A, LES1432A and LES1448A console servers have an internal CDMA modem. The LES1508A, LES1208A-R2, LES1216A-R2, LES1232A and LES1248A-R2 console servers also support attaching an external USB CDMA cellular modem from Sierra Wireless to one of its USB 2.0 ports.
Navigate to the Internal Cellular Modem tab on System: Dial. To connect to your carriers 3G network enter the appropriate phone number (usually #777) and a Username and Password if directed to by your account/plan documentation Select Enable and then click Apply to initiate the Always On Out-of-Band connection 5.6.3 Verify cellular connection Out-of-band access is enabled by default so the cellular modem connection should now be on.
Cellular operation When set up as a console server the 3G cellular modem can be set up to connect to the carrier in either: Failover mode. In this case a dial-out cellular connection is only established in event of a ping failure OOB mode.
Specify the Probe Addresses of two sites (the Primary and Secondary) that the console server is to ping to determine if the principal network is still operational In event of a failure of the principal network the 3G network connection is activated as the access ...
Page 96
5.8
Firewall
&
F orwarding
The
c onsole
s erver
h as
r outing,
N AT,
p acket
f iltering
a nd
p ort
f orwarding
s upport
o n
a ll
p hysical
a nd
virtual
...
Page 97
With
F irewall
R ules,
p acket
f iltering
i nspects
e ach
p acket
p assing
t hrough
t he
f irewall
a nd
accepts
o r
r ejects
i t
b ased
o n
u ser-‐defined
r ules.
Then
...
IP
M asquerading
p erforms
S ource
N etwork
A ddress
T ranslation
( SNAT)
o n
o utgoing
p ackets,
t o
m ake
them
a ppear
l ike
t hey've
c ome
f rom
t he
c onsole
s erver
( rather
t han
d evices
o n
t he
i nternal
n etwork).
When
...
Page 99
Note The DHCP server feature is available only on the LES1508A, LES1408A, LES1416A, LES1432A, LES1448A, LES1308A, LES1316A, LES1332A, LES1348A, LES1208A-R2, LES1216A-R2, LES1232A and LES1248A-R2 console servers. It is not supported on LES1108A, LES1116A, LES1132A and LES1148A console servers. 5.8.3
Port
f orwarding
...
Page 100
Source
A ddress:
T his
a llows
t he
u ser
t o
r estrict
a ccess
t o
a
p ort
f orward
t o
a
s pecific
a ddress.
I n
most
...
Page 101
Click
N ew
F irewall
R ule
Fill
i n
t he
f ollowing
f ields:
N ame:
Name
t he
r ule.
T his
n ame
s hould
d escribe
t he
p olicy
t he
f irewall
r ule
i s
being
...
Chapter 6 Secure SSH Tunneling & SDT Connector SECURE SSH TUNNELING AND SDT CONNECTOR Introduction
Each
B lack
B ox
c onsole
s erver
h as
a n
e mbedded
S SH
s erver
a nd
u ses
S SH
t unneling
s o
r emote
u sers
c an
securely
connect
through
the
console
server
to
Managed
Devices—using
text-‐based
console
tools
(such
...
Using
S DT
C onnector
t o
T elnet
o r
S SH
c onnect
t o
d evices
t hat
a re
s erially
a ttached
t o
t he
...
Page 105
6.2.1
SDT
C onnector
i nstallation
The
S DT
C onnector
s et
u p
p rogram
( SDTConnector
S etup-‐1.n.exe
o r
s dtcon-‐1.n.tar.gz)
i s
included
...
configure
c lients
t o
r un
o n
t he
P C
t hat
w ill
u se
t he
s ervice
t o
c onnect
t o
t he
h osts
a nd
s erial
p ort
d evices
(refer
...
Page 107
Or,
e nter
a
D escriptive
N ame
t o
d isplay
i nstead
o f
t he
I P
o r
D NS
a ddress,
a nd
a ny
N otes
o r
a
Description
...
Page 108
configure
a ccess
t o
n etwork
c onnected
H osts
t hat
t he
u ser
i s
a uthorized
t o
a ccess
and
s et
u p
( for
e ach
o f
t hese
H osts)
t he
s ervices
( for
e xample,
H TTPS,
I PMI2.0)
a nd
the
...
Page 109
Note The SDT Connector client can be configured with unlimited number of Gateways (that is, console servers). You can configure each Gateway to port forward to an unlimited number of locally networked Hosts. There is no limit on the number of SDT Connector clients that can be configured to access the one Gateway.
Page 110
6.2.6
Manually
a dding
n ew
s ervices
t o
t he
n ew
h osts
To
e xtend
t he
r ange
o f
s ervices
t hat
y ou
c an
u se
w hen
a ccessing
h osts
w ith
S DT
C onnector:
...
Page 111
An
e xample
i s
t he
D ell
R AC
s ervice.
T he
f irst
r edirection
i s
f or
t he
H TTPS
c onnection
t o
t he
R AC
s erver—
it
...
Page 112
Note SDT Connector can also tunnel UDP services. SDT Connector tunnels the UDP traffic through the TCP SSH redirection, so it is a “tunnel within a tunnel.” Enter the UDP port where the service is running on the host. This will also be the local UDP port that SDT Connector binds as the local endpoint of the tunnel.
Page 113
Enter
a
N ame
f or
t he
c lient.
E nter
t he
P ath
t o
t he
e xecutable
f ile
f or
t he
c lient
( or
c lick
B rowse
to
...
Click
O K.
6.2.8
Dial
i n
c onfiguration
If
the
client
PC
is
dialing
into
Local/Console
port
on
the
console
server,
you
will
need
to
set
up
a
dial-‐in
PPP
...
Page 115
Browse to the console server and select Network Hosts from Serial & Network, click Add Host, and in the IP Address/DNS Name field enter 127.0.0.1 (this is the Black Box network loopback address). Then, enter Loopback in Description.
Page 116
Assuming
y ou
h ave
a lready
s et
u p
t he
t arget
c onsole
s erver
a s
a
g ateway
i n
y our
S DT
C onnector
client
...
Page 117
Description,
a nd
P assword/Confirm.
S elect
1 27.0.0.1
f rom
A ccessible
H ost(s)
a nd
s elect
P ort
2
from
A ccessible
P ort(s).
C lick
A pply.
...
Page 118
where
n etwork_connection
i s
t he
n ame
o f
t he
n etwork
c onnection
a s
d isplayed
i n
C ontrol
Panel
-‐ >
N etwork
C onnections,
l ogin
i s
t he
d ial-‐in
u sername,
a nd
p assword
i s
t he
d ial-‐in
password
...
Importing
( and
e xporting)
p references
To
e nable
t he
d istribution
o f
p re-‐configured
c lient
c onfig
f iles,
S DT
C onnector
h as
a n
E xport/Import
facility:
...
Page 120
public
k ey
a uthentication.
E ssentially
w hat
y ou
a re
u sing
i s
S SH
o ver
S SH,
a nd
t he
t wo
S SH
c onnections
are
...
Page 121
To
s et
t he
u ser(s)
w ho
c an
r emotely
a ccess
t he
s ystem
w ith
R DP,
c lick
A dd
o n
t he
R emote
Desktop
...
Page 122
In
C omputer,
e nter
t he
a ppropriate
I P
A ddress
a nd
P ort
N umber:
Where
t here
i s
a
d irect
l ocal
o r
e nterprise
V PN
c onnection,
e nter
t he
I P
A ddress
o f
t he
...
Page 123
Click
C onnect.
Note The Remote Desktop Connection software is pre-installed with Windows XP, Vista and Server 2003/2008. For earlier Windows PCs, you need to download the RDP client: Go to the Microsoft Download Center site http://www.microsoft.com/downloads/details.aspx?familyid=80111F21-D48D-426E-96C2- 08AA2BD23A49&displaylang=en and click the Download button This software package will install the client portion of Remote Desktop on Windows 95, Windows...
Page 124
Note The rdesktop client is supplied with Red Hat 9.0: rpm -ivh rdesktop-1.2.0-1.i386.rpm For Red Hat 8.0 or other distributions of Linux; download source, untar, configure, make, make, then install. rdesktop currently runs on most UNIX based platforms with the X Window System and can be downloaded from http://www.rdesktop.org/ ...
Page 125
SDT
S SH
T unnel
f or
V NC
With
SDT
and
Virtual
Network
Computing
(VNC),
Users
and
Administrators
can
securely
access
and
control
Windows
98/NT/2000/XP/2003,
Linux,
Macintosh,
Solaris,
and
UNIX
computers.
There’s
a
range
...
Page 126
To
s et
u p
a
p ersistent
V NC
s erver
o n
R ed
H at
E nterprise
L inux
4 :
Set
...
Page 127
To
establish
the
VNC
connection,
first
configure
the
VNC
Viewer,
entering
the
VNC
Server
IP
address.
A. When
t he
V iewer
P C
i s
c onnected
t o
t he
c onsole
s erver
t hru
a n
S SH
t unnel
( over
t he
p ublic
I nternet,
or
a
dial-‐in
connection,
or
private
network
connection),
enter
localhost
(or
127.0.0.1)
as
the
IP
VNC
...
Page 128
Note For general background reading on Remote Desktop and VNC access we recommend the following: The Microsoft Remote Desktop How-To. http://www.microsoft.com/windowsxp/using/mobility/getstarted/remoteintro.mspx The Illustrated Network Remote Desktop help page. http://theillustratednetwork.mvps.org/RemoteDesktop/RemoteDesktopSetupandTroubleshooting.ht What is Remote Desktop in Windows XP and Windows Server 2003? by Daniel Petri. http://www.petri.co.il/what's_remote_desktop.htm ...
Page 129
B. For
Windows
XP
and
2003
computers,
follow
the
steps
below
to
set
up
an
advanced
network
connection
between
the
Windows
computer,
through
its
COM
port
to
the
console
server.
Both
Windows
2003
and
Windows
XP
Professional
allow
you
to
create
a
simple
dial
in
service
which
can
...
Page 130
Specify
w hich
U sers
w ill
b e
a llowed
t o
u se
t his
c onnection.
T his
s hould
b e
t he
s ame
U sers
w ho
were
...
Page 131
Or, you can set the advanced connection and access on the Windows computer to use the console server defaults: Specify 10.233.111.254 as the From: address Select Allow calling computer to specify its own address Also, you could use the console server default username and password when you set up the new Remote Desktop User and gave this User permission to use the advance connection to access the Windows computer: ...
Page 132
C. For
earlier
version
Windows
computers,
follow
the
steps
in
Section
B.
above.
To
get
to
the
Make
New
C onnection
b utton:
For
Windows
2000,
click
Start,
and
select
Settings.
At
the
Dial-‐Up
Networking
Folder,
click
...
Page 133
6.10.3
Set
u p
S DT
C onnector
t o
S SH
p ort
f orward
o ver
t he
c onsole
s erver
S erial
P ort
In
...
Page 134
In
t he
S ession
m enu,
e nter
t he
I P
a ddress
o f
t he
c onsole
s erver
i n
t he
H ost
N ame
o r
I P
a ddress
field.
...
Page 135
If
y our
d estination
c omputer
i s
s erially
c onnected
t o
t he
c onsole
s erver,
s et
t he
D estination
...
Page 136
I f
y ou
a re
c onnecting
a s
a n
A dministrator
( in
t he
“ admin”
g roup),
t hen
y ou
c an
c onnect
t o
...
Chapter 7 Alerts, Auto-response and Logging ALERTS AND LOGGING Introduction
This
chapter
describes
and
logging
features
of
the
console
the automated response, alert generation server.
The new Auto-Response facility (in firmware V3.5.1 and later) extends on the basic Alert facility available in earlier firmware revisions.
Page 138
To configure a new Auto-Response: Select New Auto-Response in the Configured Auto-Response field. You will be presented with a new Auto-Response Settings menu Enter a unique Name for the new Auto-Response Specify the Reset Timeout for the time in seconds after resolution to delay before this Auto- Response can be triggered again ...
Check Conditions To configure the condition that will trigger the Auto-Response: Click on the Check Condition type (e.g. Environmental, UPS Status or ICMP ping) to be configured as the trigger for this new Auto-Response in the Auto-Response Settings menu 7.2.1 UPS / Power Supply To use the properties of any attached UPS as the trigger event:...
7.2.3 Serial Login/Logout To monitor serial ports and check for login/logout or pattern matches for Auto-Response triggers events: Click on Serial Login/Logout as the Check Condition. Then in the Serial Login/Logout Check menu select Trigger on Login (to trigger when any user logs into the serial port) or Trigger on Logout and specify Serial Port to perform check on, and/or ...
Note: The SMS command trigger condition can only be set if there is an internal or external USB cellular modem detected Trigger Actions To configure the sequence of actions that is to be taken in the event of the trigger condition: ...
Specify the Recipient Email Address to send this email to and the Subject of the email. For multiple recipients you can enter comma separated addresses Edit the Email Text message to send and click Save New Action Note An SMS alert can also be sent via an SMTP (email) gateway.
Click Save New Action Note: To notify the central Nagios server of Alerts, NSCA must be enabled under System: Nagios and Nagios must be enabled for each applicable host or port Resolve Actions Actions can also be scheduled to be taken a trigger condition has been resolved: ...
Page 145
In
t he
S MTP
S erver
f ield,
e nter
t he
o utgoing
m ail
S erver’s
I P
a ddress.
If
t his
m ail
s erver
u ses
a
S ecure
C onnection,
s pecify
i ts
t ype.
...
Page 146
Select
a
S ecure
C onnection
( if
a pplicable)
a nd
s pecify
t he
S MTP
p ort
t o
b e
u sed
( if
o ther
t han
the
...
Page 147
Note The option to directly send SMS alerts via the cellular modem was included in the Management GUI in V3.4. Advanced console servers already had the gateway software (SMS Server Tools 3) embedded however you this could only be accessed from the command line to send SMS messages ...
Note All console servers have the snmptrap daemon to send traps/notifications to remote SNMP servers on defined trigger events as detailed above. LES1408A, LES1416A, LES1432A, LES1448A, LES1308A, LES1316A, LES1332A, LES1348A, LES1208A-R2, LES1216A-R2, LES1232 and LES1248A-R2 console servers also embed the net-snmpd daemon.
Select the Alerts & Logging: Port Log menu option and specify the Server Type to be used, and the details to enable log server access From the Manage: Devices menu the Administrator will can view serial, network and power device logs stored in the console reserve memory (or flash USB).
Level 4 Logs all data transferred to the port and all changes in hardware flow control status and all User connection events Click Apply Note A cache of the most recent 8K of logged data per serial port is maintained locally (in addition to the Logs which are transmitted for remote/USB flash storage).
Page 151
Chapter 8 Power & Environmental Management POWER & ENVIRONMENTAL MANAGEMENT Introduction
Black
Box
console
servers
manage
embedded
software
that
you
can
use
to
manage
connected
Power
Distribution
...
Page 152
Select
t he
S erial
&
N etwork:
R PC
C onnections
m enu.
T his
w ill
d isplay
a ll
t he
R PC
c onnections
that
...
Page 153
Select
t he
a ppropriate
R PC
T ype
f or
t he
P DU
( or
I PMI)
b eing
c onnected:
If
y ou
a re
c onnecting
t o
t he
R PC
v ia
t he
n etwork,
y ou
w ill
b e
p resented
w ith
t he
I PMI
protocol
...
Page 154
i n
t he
s elected
R PC
T ype
o r
w ill
q uery
t he
R PC
i tself
f or
t his
i nformation.
Note The Black Box console servers support most popular network and serial PDUs. If your PDU is not on the default list, then you can add support directly (as covered in Chapter 14—Advanced Configurations) or add the PDU support to either the Network UPS Tools or PowerMan open source projects.
Turn
O FF
Cycle
Status
You
w ill
o nly
b e
p resented
w ith
i cons
f or
t hose
o perations
t hat
a re
s upported
b y
t he
T arget
y ou
have
...
Page 156
8 .2.1
Managed
U PS
c onnections
A
M anaged
U PS
i s
a
U PS
t hat
i s
d irectly
c onnected
a s
a
M anaged
D evice
t o
t he
c onsole
s erver.
Y ou
c an
connect
...
Page 157
For
s erial
U PSes
a ttach
t he
U PS
t o
t he
s elected
s erial
p ort
o n
t he
c onsole
s erver.
F rom
t he
S erial
and
...
Page 158
Select
i f
t he
U PS
w ill
b e
C onnected
V ia
U SB,
o ver
a
p re-‐configured
s erial
p ort,
o r
v ia
SNMP/HTTP/HTTPS
...
Page 159
Note : These login credentials are not related to the Users and access privileges you configured in Serial & Networks: Users & Groups. If
y ou
h ave
m ultiple
U PSes
a nd
r equire
t hem
t o
b e
s hut
d own
i n
a
s pecific
o rder,
s pecify
t he
Shutdown
...
Page 160
Enter
t he
N ame
o f
t he
p articular
r emote
U PS
t hat
y ou
w ant
t o
r emotely
m onitor.
T his
n ame
must
...
Page 161
on
b attery.
I n
c ontrast,
m ore
c ritical
s ervers
m ay
n ot
b e
s hut
d own
u ntil
a
l ow
b attery
w arning
i s
received).
...
Page 162
Click
o n
a ny
p articular
A ll
D ata
f or
a ny
U PS
S ystem
i n
t he
t able
f or
m ore
s tatus
a nd
configuration
...
Page 163
NUT
i s
b uilt
o n
a
n etworked
m odel
w ith
a
l ayered
s cheme
o f
d rivers,
s erver
a nd
c lients:
The
...
The
l atest
r elease
o f
N UT
( 2.4)
a lso
c ontrols
P DU
s ystems.
I t
c an
d o
t his
e ither
n atively
u sing
...
Page 165
8 .3.1
Connecting
t he
E MD
The
E nvironmental
M onitor
D evice
( EMD)
c onnects
t o
a ny
s erial
p ort
o n
t he
c onsole
s erver
v ia
a
special
...
Page 166
Note L ES1108A,
You can attach two external sensors onto the terminals on EMDs that are connected to LES1116A,
L ES1132
a nd
L ES1148A
c onsole servers. LES1508A, LES1408A, LES1416A, LES1208A-‐R2,
L ES1216A-‐ LES1432A, LES1448A, LES1308A, LES1316A, LES1332A, LES1348A, R2,
...
Page 167
Check
L og
S tatus
a nd
s pecify
t he
L og
R ate
( minutes
b etween
s amples)
i f
y ou
w ant
t o
l og
t he
status
...
Chapter 9 Authentication AUTHENTICATION Introduction
The
console
server
is
a
dedicated
Linux
computer
with
a
myriad
of
popular
and
proven
Linux
software
modules
for
networking,
secure
access
(OpenSSH),
and
communications
(OpenSSL),
and
sophisticated
user
...
Page 169
You
c an
c onfigure
t he
c onsole
s erver
t o
t he
d efault
( Local)
o r
u sing
a n
a lternate
a uthentication
m ethod
(TACACS,
...
Page 170
In
a ddition
t o
m ultiple
r emote
s ervers,
y ou
c an
a lso
e nter
s eparate
l ists
o f
A uthentication/
Authorization
...
Page 171
Enter
t he
S erver
A ddress
( IP
o r
h ost
n ame)
o f
t he
r emote
A uthentication/
A uthorization
s erver.
Multiple
...
Page 172
Enter
t he
S erver
A ddress
( IP
o r
h ost
n ame)
o f
t he
r emote
A uthentication
s erver.
M ultiple
remote
...
Page 173
9.1.5
RADIUS/TACACS
U ser
C onfiguration
Users
m ay
b e
a dded
t o
t he
l ocal
c onsole
s erver
a ppliance.
I f
t hey
a re
n ot
a dded
a nd
t hey
l og
i n
v ia
remote
...
Page 174
Select Serial & Network: Authentication Select the relevant Authentication Method Check the Use Remote Groups button 9.1.7
Remote
g roups
w ith
R ADIUS
a uthentication
Enter the RADIUS Authentication and Authorization Server Address and Server Password ...
Page 175
For example, in an existing Active Directory setup, a group of users may be part of the “UPS Admin” and “Router Admin” groups. On the console server, these users will be required to have access to a group “Router_Admin”, with access to port 1 (connected to the router), and another group “UPS_Admin”, with access to port 2 (connected to the UPS).
9.1.9 Remote groups with TACACS+ authentication When using TACACS+ authentication, there are two ways to grant a remotely authenticated user privileges. The first is to set the priv-lvl and port attributes of the raccess service to 12, this is discussed further in section 9.2 of this document.
Note: Kerberos is very sensitive to time differences between the Key Distribution Center (KDC) authentication server and the client device. Please make sure that NTP is enabled, and the time zone is set correctly on the console server. When authenticating against Active Directory, the Kerberos Realm will be the domain name, and the Master KDC will be the address of the primary domain controller.
Page 178
TACACS+
-‐
p am_tacplus
(http://echelon.pl/pubs/pam_tacplus.html)
LDAP
-‐
p am_ldap
...
Page 179
If
t here
i s
a lready
a
F ramed-‐Filter-‐Id,
s imply
a dd
t he
l ist
o f
g roup_names
a fter
t he
e xisting
entries,
...
Page 180
Select
S ystem:
S SL
C ertificate
a nd
f ill
o ut
t he
f ields
a s
e xplained
b elow:
Common
name
This
is
the
network
name
of
the
console
server
once
it
is
installed
in
the
network
...
Page 181
Key
length
This
is
the
length
of
the
generated
key
in
bits.
1024
Bits
are
supposed
to
be
sufficient
for
most
cases.
Longer
keys
may
result
in
slower
response
time
of
the
console
server
...
Chapter 10 Nagios Integration NAGIOS INTEGRATION Introduction
Nagios
i s
a
p owerful,
h ighly
e xtensible
o pen
s ource
t ool
f or
m onitoring
n etwork
h osts
a nd
s ervices.
T he
core
...
10.1
N agios
o verview
Nagios
p rovides
c entral
m onitoring
o f
t he
h osts
a nd
s ervices
i n
y our
d istributed
n etwork.
N agios
i s
f reely
downloadable,
...
Page 184
Distributed
c onsole
s ervers
Black
B ox
c onsole
s ervers.
Serial
a nd
n etwork
h osts
a re
a ttached
t o
e ach
c onsole
s erver.
...
Page 185
10.2.2
Set
u p
d istributed
c onsole
s ervers
This
s ection
p rovides
a
b rief
w alkthrough
o n
c onfiguring
a
s ingle
c onsole
s erver
t o
m onitor
t he
s tatus
o f
o ne
a ttached
network
...
Page 186
Remove
a ll
P ermitted
S ervices.
T his
s erver
w ill
b e
a ccessible
u sing
T erminal
S ervices,
s o
c heck
T CP,
P ort
3 389
and
...
Select
U sers
&
G roups
f rom
t he
S erial
&
N etwork
m enu.
Click
A dd
U ser.
In
U sername,
e nter:
s dtnagiosuser,
t hen
e nter
a nd
c onfirm
a
P assword.
...
Page 188
10.3.2
Enable
N RPE
m onitoring
Enabling
N RPE
a llows
y ou
t o
e xecute
p lug-‐ins
( such
a s
c heck_tcp
a nd
c heck_ping)
o n
t he
r emote
C onsole
s erver
t o
monitor
...
Page 189
10.3.4
Configure
S elected
S erial
P orts
f or
N agios
M onitoring
The
i ndividual
S erial
P orts
c onnected
t o
t he
c onsole
s erver
t o
b e
m onitored
m ust
b e
c onfigured
f or
N agios
c hecks.
R efer
to
...
10.4
Advanced
d istributed
m onitoring
c onfiguration
10.4.1
Sample
N agios
c onfiguration
An
e xample
c onfiguration
f or
N agios
i s
l isted
b elow.
I t
s hows
h ow
t o
s et
u p
a
r emote
C onsole
s erver
t o
m onitor
a
s ingle
host,
...
Page 191
define
s ervice
{
service_description
Serial
S tatus
host_name
server
use
generic-‐service
check_command
check_serial_status
}
define
s ervice
{
...
Page 192
name
Black
B ox_nrpe_daemon_dep
host_name
Black
B ox
dependent_host_name
server
dependent_service_description
Port
L og
service_description
...
Page 193
use
generic-‐service
check_command
check_conn_via_Black
B ox!tcp!22
}
define
s ervice
{
service_description
host-‐port-‐tcp-‐22-‐server
;
h ost-‐port-‐<protocol>-‐<port>-‐<host>
...
Page 195
Time
No
3DES
SSH
t unnel
encryption
NSCA
f or
s ingle
c heck
~
½
s econd
~
½
s econd
~
...
Page 196
Remote
s ite
In
t his
s cenario,
c onfigure
t he
c onsole
s erver
N RPE
s erver
o r
N SCA
c lient
t o
a ctively
c heck
c onfigured
s ervices
a nd
upload
...
Page 197
Remote
s ite
w ith
n o
n etwork
a ccess
In
t his
s cenario
t he
c onsole
s erver
a llows
d ial-‐in
a ccess
f or
t he
N agios
s erver.
P eriodically,
t he
N agios
s erver
w ill
establish
...
Chapter 11 System Management SYSTEM MANAGEMENT Introduction
This
c hapter
d escribes
h ow
t he
A dministrator
c an
p erform
a
r ange
o f
g eneral
c onsole
s erver
s ystem
a dministration
a nd
configuration
...
Pushing
t he
E rase
b utton
o n
t he
r ear
p anel
t wice.
A
b all-‐point
p en
o r
b ent
p aper
c lip
i s
a
s uitable
t ool
f or
t his
procedure.
...
Select
t he
S ystem:
D ate
&
T ime
m enu
o ption.
Manually
s et
t he
Y ear,
M onth,
D ay,
H our
a nd
M inute
u sing
t he
D ate
a nd
T ime
s election
b oxes,
t hen
c lick
S et
Time.
...
Page 201
With
a ll
c onsole
s ervers,
y ou
c an
s ave
t he
b ackup
f ile
r emotely
o n
y our
P C
a nd
y ou
c an
r estore
c onfigurations
f rom
remote
...
The
L ocal
C onfiguration
B ackup
m enu
w ill
d isplay
a ll
t he
c onfiguration
b ackup
f iles
y ou
h ave
s tored
o nto
t he
USB
...
Page 203
changes
t o
a
s pecific
d evice.
F or
e xample,
c hanges
t o
a uthentication
m ethods
o r
u ser
a ccounts
m ay
b e
g rouped
a nd
r un
once
...
Page 204
11.6
FIPS
M ode
The
Advanced
Console
Servers
(LES1208A-‐R2,
LES1216A-‐R2,
LES1232A,
LES1248A-‐R2)
all
use
an
embedded
cryptographic
m odule
t hat
h as
b een
v alidated
t o
m eet
t he
F IPS
1 40-‐2
s tandards.
Note The US National Institute of Standards and Technology (NIST) publishes the FIPS (Federal Information Processing Standard) series of standards.
Chapter 12 Status Reports STATUS REPORTS Introduction
This
c hapter
d escribes
t he
d ashboard
f eature
a nd
t he
s tatus
r eports
t hat
a re
a vailable:
Port
...
Enter
t he
r emote
S yslog
S erver
A ddress
a nd
S yslog
S erver
P ort
d etails
a nd
c lick
A pply.
The
...
Page 208
Click
N ext.
Note: You can configure a custom dashboard for any admin user or for the admin group or you can reconfigure the default dashboard. The Status:Dashboard screen is the first screen displayed when admin users (other than root) log into the console manager.
Page 209
Note: The Alerts widget is a new screen that shows the current alerts status. When an alert gets triggered, a corresponding .XML file is created in /var/run/alerts/. The dashboard scans all these files and displays a summary status in the alerts widget.
Page 210
12.5.2
C reating
c ustom
w idgets
f or
t he
D ashboard
T
o
r un
a
c ustom
s cript
i nside
a
d ashboard
w idget:
Create
...
Page 211
Chapter 13 Management MANAGEMENT Introduction
The
c onsole
s erver
h as
a
s mall
n umber
o f
M anage
r eports
a nd
t ools
t hat
a re
a vailable
t o
b oth
A dministrators
a nd
U sers:
Access
...
13.3.1.2 Web Terminal to Serial Device To enable the Web Terminal service for each serial port you want to access: Select Serial & Network: Serial Port and click Edit. Ensure the serial port is in Console Server Mode Check Web Terminal and click Apply Administrator and Users can communicate directly with serial port attached devices from their browser: ...
Page 214
Administrators
a nd
U sers
c an
a ccess
a nd
m anage
t he
c onnected
p ower
d evices.
Select
M anage:
P ower
_____________________________________________________________________ Page 214 724-746-5500 | blackbox.com...
Chapter 14 Command Line Configuration CONFIGURATION
F ROM
T HE
C OMMAND
L INE
Introduction
For
those
who
prefer
to
configure
their
console
server
at
the
Linux
command
line
level
(rather
than
use
a
browser
and
the
Management
Console),
this
chapter
describes
how
to
use
command
line
access
and
the
config
tool
to
manage
the
...
Page 216
This chapter is not intended to teach you Linux. We assume you already have a certain level of understanding before you execute Linux kernel level commands. The
c onfig
t ool
Syntax
config
[
-‐ ahv
]
[
-‐ d
i d
]
[
-‐ g
i d
]
[
-‐ p
p ath
]
[
-‐ r
c onfigurator
]
[
-‐ s
i d=value
]
[
-‐ P
i d
]
Description
...
Note: The config command does not verify whether the nodes edited/added by the user are valid. This means that any node may be added to the tree. If a user runs the following command: # /bin/config -s config.fruit.apple=sweet The configurator will not complain, but this command is useless. When the configurators are run (to turn the config.xml file into live config) they will simply ignore this <fruit>...
Page 219
The
c ommand
t o
s et
t he
p ort
i n
p ortmanager
m ode:
#
c onfig
-‐ s
c onfig.ports.port5.mode=portmanager
To
s et
t he
f ollowing
o ptional
c onfig
e lements
f or
t his
m ode:
Data
...
Enable
a
T TY
l ogin
f or
a
l ocal
t erminal
a ttached
t o
s erial
p ort
5 :
#
c onfig
-‐ s
c onfig.ports.port5.mode=terminal
#
...
Page 221
#
c onfig
-‐ g
c onfig.users.total
This
c ommand
s hould
d isplay
c onfig.users.total
1 .
N ote
t hat
i f
y ou
s ee
c onfig.users.total
t his
m eans
y ou
h ave
0
U sers
configured.
...
Page 222
To
edit
any
of
the
user
element
values,
use
the
same
approach
as
when
adding
user
elements,
that
is,
use
the
“-‐s”
parameter.
...
Page 223
#
c onfig
-‐ a
14.5
Authentication
To
c hange
t he
t ype
o f
a uthentication
f or
t he
c onsole
s erver:
#
...
Page 224
Assume
t his
v alue
i s
e qual
t o
3 .
I f
y ou
a dd
a nother
h ost,
m ake
s ure
y ou
i ncrement
t he
t otal
n umber
o f
h osts
f rom
3
t o
4 :
#
...
#
c onfig
-‐ s
c onfig.cascade.slaves.total=1
Increment
t his
v alue
w hen
a dding
m ore
s laves.
NOTE:
If
a
slave
is
added
using
the
CLI,
then
the
master
SSH
public
key
will
need
to
be
manually
copied
to
every
slave
device
...
#
c onfig
-‐ s
" config.devices.device3.connections.connection1.type=UPS
U nit"
#
c onfig
-‐ s
" config.devices.device3.name=My
U PS"
#
c onfig
-‐ s
" config.devices.device3.description=UPS
i n
t oom
5 "
#
...
Page 228
#
c onfig
-‐ s
" config.ports.port2.power.description=RPC
i n
r oom
5 "
#
c onfig
-‐ s
c onfig.ports.port2.power.username=rpclogin
#
c onfig
-‐ s
c onfig.ports.port2.power.password=secret
#
...
Page 229
#
c onfig
-‐ s
c onfig.
d evices.device5.name=Envi4
#
c onfig
-‐ s
" config.
d evices.device5.description=Monitor
i n
r oom
5 "
#
c onfig
-‐ s
c onfig.devices.total=5
The
...
Page 230
To
s et
t he
r emote
p ath
a s
' /Black
B ox/logs'
t o
s ave
l ogged
d ata:
#
...
Page 231
#
c onfig
-‐ s
c onfig.alerts.alert2.sensor=temp
#
c onfig
-‐ s
c onfig.alerts.alert2.signal=DSR
#
c onfig
-‐ s
c onfig.alerts.alert2.type=pattern
UPS
P ower
S tatus
A lert
To
...
Page 232
#
c onfig
-‐ s
c onfig.alerts.alert2.type=enviro
Alarm
S ensor
A lert
To
s et
a n
a lert
f or
' doorAlarm'
a nd
' windowAlarm'
t hat
a re
t wo
a larms
c onnected
t o
a n
e nvironmental
s ensor
c alled
'SensorInRoom3'.
...
Page 233
14.16
SNMP
To
s et-‐up
t he
S NMP
a gent
o n
t he
d evice:
#
c onfig
-‐ s
c onfig.system.snmp.protocol=[
U DP
|
T CP
]
#
...
To
e nable
I Pv6
f or
a ll
i nterfaces
#
c onfig
-‐ s
c onfig.system.ipv6.enabled=on
To
c onfigure
t he
m anagement
L AN
i nterface,
u se
t he
s ame
c ommands
a s
a bove
b ut
r eplace:
config.interfaces.wan,
...
Remote
I P
A ddress
172.24.1.2
Authentication
T ype:
...
Page 236
#
c onfig
-‐ s
c onfig.interfaces.lan.dhcpd.enabled=on
#
c onfig
-‐ s
c onfig.interfaces.lan.dhcpd.defaultlease=200000
#
c onfig
-‐ s
c onfig.interfaces.lan.dhcpd.maxlease=300000
#
c onfig
-‐ s
c onfig.interfaces.lan.dhcpd.dns1=192.168.2.3
#
...
Page 237
NAGIOS
s erver
a ddress
192.168.0.10
( upstream
N AGIOS
s erver)
Enable
S DT
f or
N AGIOS
e xt.
Enabled
SDT
g ateway
a ddress
...
Chapter 15 Advanced Configuration ADVANCED CONFIGURATION Introduction
Black
B ox
c onsole
s ervers
r un
t he
e mbedded
L inux
o perating
s ystem.
S o
A dministrator
c lass
u sers
c an
c onfigure
t he
console
...
Page 239
Another
s cenario
w ould
b e
t o
c all
a nother
c ustom
s cript
f rom
t he
/ etc/config/rc.local
f ile,
m aking
s ure
t hat
y our
c ustom
script
...
Page 240
15.1.3
Example
s cript
-‐
P ower
C ycling
o n
P attern
M atch
For
example,
we
have
an
RPC
(PDU)
connected
to
port
1
on
a
console
server
and
also
have
some
telecommunications
device
...
Page 241
This
c reates
a n
o bvious
c omplication
b ecause
t his
s cript
d oes
N OT
c heck
f or
a ny
o ther
d ependencies
t hat
t he
n ode
being
...
Page 242
cp
/ etc/config/config.xml
/ etc/config/config.bak
echo
" backup
o f
/ etc/config/config.xml
s aved
i n
/ etc/config/config.bak"
if
[
-‐ z
$ NUMBER
]
#
t est
w hether
a
s ingular
n ode
i s
b eing
\
#deleted
...
Page 243
-‐e
' s/
/ =/'`"
done
let
C OUNTER++
done
#
d eleting
l ast
u ser
...
Page 244
The
a bove
i s
j ust
o ne
e xample
o f
u sing
t he
p ing-‐detect
s cript.
T he
i dea
o f
t he
s cript
i s
t o
r un
a ny
n umber
o f
c ommands
when
...
Page 245
The
s olution
i s
t o
c reate
a
c ustom
s cript
t hat
r uns
a fter
e ach
c onfigurator
r uns.
A fter
e ach
c onfigurator
r uns,
i t
w ill
c heck
whether
...
To
l oad
a ny
o ther
c onfig
f ile:
#
/ etc/scripts/backup-‐usb
l oad
{ filename}
The
/ etc/scripts/backup-‐usb
s cript
c an
b e
e xecuted
d irectly
w ith
v arious
C OMMANDS
o r
c alled
f rom
o ther
c ustom
s cripts
you
...
Page 247
Black
B ox’s
p ortmanger
p rogram
m anages
t he
c onsole
s erver
s erial
p orts.
I t
r outes
n etwork
c onnection
t o
s erial
p orts,
checks
...
Page 248
Port
2 :
user1
Port
8 :
user2
T he
a bove
o utput
i ndicates
t hat
a
u ser
n amed
“ user1”
i s
a ctively
c onnected
t o
p orts
1
a nd
2 ,
w hile
“ user2”
i s
c onnected
to
...
Page 249
The
r eturn
v alue
f rom
t he
s cript
c ontrols
w hether
t he
u ser
i s
a ccepted
o r
n ot,
i f
0
i s
r eturned
( or
n othing
i s
d one
o n
exit
...
Page 250
If
y ou
a re
n ot
u sing
a
m odem
o n
t he
D B9
c onsole
p ort
a nd
i nstead
w ant
t o
c onnect
t o
i t
d irectly
v ia
a
N ull
M odem
cable,
...
There’s
g ood
d ocumentation
a bout
u sing
t he
i ptables
c ommand
a t
t he
L inux
n etfilter
w ebsite
http://netfilter.org/documentation/index.html.
T here
a re
a lso
m any
h igh-‐quality
t utorials
a nd
H OWTOs
a vailable
v ia
t he
netfilter
...
Page 252
To
s et
t he
M anager
T rap
P ort
f ield
c onfig
-‐ -‐set
c onfig.system.snmp.trapport2=162
..
r eplacing
1 62
w ith
t he
T CP/UDP
p ort
n umber
...
Page 253
OpenSSH,
the
de
facto
open
source
SSH
application,
encrypts
all
traffic
(including
passwords)
to
effectively
eliminate
these
risks.
Additionally,
OpenSSH
provides
a
myriad
of
secure
tunneling
capabilities,
as
well
as
a
variety
of
authentication
...
Page 254
Make
s ure
t hat
t here
i s
n o
p assword
a ssociated
w ith
t he
k eys.
I f
t here
i s
a
p assword,
t hen
t he
B lack
B ox
d evices
w ill
have
...
Page 255
If
t he
B lack
B ox
d evice
s elected
t o
b e
t he
s erver
w ill
o nly
h ave
o ne
c lient
d evice,
t hen
t he
a uthorized_keys
f ile
i s
s imply
a
copy
...
Page 256
More
d ocumentation
o n
O penSSH
c an
b e
f ound
a t:
http://openssh.org/portable.html
http://www.openbsd.org/cgi-‐bin/man.cgi?query=ssh&sektion=1
http://www
o penbsd.org/cgi-‐bin/man.cgi?query=sshd.
15.6.5
Generating
p ublic/private
k eys
f or
S SH
( Windows)
This
...
Page 257
Execute
t he
P UTTYGEN.EXE
p rogram.
Select
t he
d esired
k ey
t ype
S SH2
D SA
( you
m ay
u se
R SA
o r
D SA)
w ithin
t he
P arameters
s ection.
It
...
Page 258
#!/bin/sh
ssh
-‐ L9001:127.0.0.1:4001
-‐ N
-‐ o
S trictHostKeyChecking=no
t estuser@<server-‐ip>
&
This
w ill
r un
t he
t unnel
r edirecting
l ocal
p ort
9 001
t o
t he
s erver
p ort
4 001.
15.6.6
...
Page 259
As
d etailed
i n
C hapter
4 ,
t he
S erver
c onsole
s erver
i s
s etup
i n
C onsole
s erver
m ode
w ith
e ither
R AW
o r
R FC2217
e nabled
and
...
Page 260
To
g enerate
t he
k eys
u sing
O penBSD's
O penSSH
s uite,
w e
u se
t he
s sh-‐keygen
p rogram:
$
s sh-‐keygen
-‐ t
[ rsa|dsa]
Generating
...
Page 261
For
e xample,
a ssume
w e
a lready
h ave
o ne
s erver,
c alled
b ridge_server,
a nd
t wo
s ets
o f
k eys,
f or
t he
c ontrol_room
a nd
the
...
Page 262
OpenSSL
is
based
on
the
excellent
SSLeay
library
developed
by
Eric
A.
Young
and
Tim
J.
Hudson.
The
OpenSSL
toolkit
is
licensed
under
an
Apache-‐style
licence,
which
basically
means
that
you
are
free
to
get
and
use
it
for
commercial
and
non-‐commercial
purposes
subject
to
some
simple
license
conditions.
In
the
console
server,
OpenSSL
is
used
primarily
in
...
Page 263
or
u sing
P SCP:
pscp
-‐ scp
s sl_key.pem
r oot@<address
o f
u nit>:/etc/config/
pscp
-‐ scp
s sl_cert.pem
r oot@<address
o f
u nit>:/etc/config/
PuTTY
...
Page 264
-‐f,
-‐ -‐flash
Turn
b eacon
O N
f or
t argets
( if
i mplemented
b y
R PC).
-‐u,
-‐ -‐unflash
Turn
...
Page 265
15.9.2
The
p mpower
t ool
The
p mpower
u tility
i s
a
h igh
l evel
t ool
f or
m anipulating
r emote
p reconfigured
p ower
d evices
c onnected
t o
t he
c onsole
server
...
Page 266
<powerstrip>
<id>Name
o r
I D
o f
t he
d evice
s upport</id>
<outlet
p ort="port-‐id-‐1">Display
P ort
1
i n
m enu</outlet>
...
Page 268
-‐o
< oemtype>
Select
O EM
t ype
t o
s upport.
T his
u sually
i nvolves
m inor
h acks
i n
p lace
i n
t he
c ode
t o
w ork
a round
q uirks
i n
various
...
Page 269
c hassis
G et
c hassis
s tatus
a nd
s et
p ower
s tate
...
Page 270
The
C DK
e ssentially
p rovides
a
s napshot
o f
t he
B lack
B ox
b uild
p rocess
( taken
a fter
t he
p rograms
h ave
b een
c ompiled
and
...
Appendix A Linux Commands & Source Code The
console
server
platform
is
a
dedicated
Linux
computer,
optimized
to
provide
monitoring
and
secure
access
to
serial
and
n etwork
c onsoles
o f
c ritical
s erver
s ystems
a nd
t heir
s upporting
p ower
a nd
n etworking
i nfrastructure.
Black
Box
console
servers
are
built
on
the
2.4
uCLinux
kernel
as
developed
by
the
uCLinux
project.
This
is
GPL
code
and
...
Page 272
gen-‐keys
SSH
k ey
g eneration
p rogram
getopt
*
Parses
c ommand
o ptions
gettyd
Getty
d aemon
grep
*
Print
l ines
m atching
a
p attern
gunzip
...
Page 273
ping6
IPv6
p ing
pkill
Sends
a
s ignal
t o
p rocess(es)
s elected
b y
r egex
p attern
pmchat
Black
B ox
c ommand
s imilar
t o
t he
s tandard
c hat
c ommand
( via
p ortmanager)
pmdeny
...
Page 274
tar
*
The
t ar
a rchiving
u tility
tc
Show
t raffic
c ontrol
s ettings
tcpdump
Dump
t raffic
o n
a
n etwork
telnetd
...
Page 275
Network
U PS
T ools
( NUT)
p rovides
r eliable
m onitoring
o f
U PS
a nd
P DU
h ardware
a nd
e nsure
s afe
s hutdowns
o f
•...
Page 276
hash [-r] [-p pathname] [name ...] until COMMANDS; do COMMANDS; done help [-s] [pattern ...] variables - Some variable names an wait history [-c] [-d offset] [n] or hi if COMMANDS; then COMMANDS; [ elif while COMMANDS; do COMMANDS; jobs [-lnprs] [jobspec ...] or job kill [-s done { COMMANDS ;...
Appendix C Safety & Certifications Please
t ake
c are
t o
f ollow
t he
s afety
p recautions
b elow
w hen
i nstalling
a nd
o perating
t he
c onsole
s erver:
...
Software, you agree to be bound by the terms of this EULA. If you do not agree to the terms of this EULA, Black Box is not willing to license the Software to you. In such event, do not use or install the Software.
Page 280
Black Box or its authorized retailer. Proof of date of purchase will be required. Any updates to the Software provided by Black Box (which may be provided by Black Box at its sole discretion) shall be governed by the terms of this EULA.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. The names of the authors may not be used to endorse or promote products derived from this software without specific prior written permission.
Page 282
b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License.
Page 283
6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License.
OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Page 286
About Black Box Black Box Network Services is your source for an extensive range of networking and infrastructure products. You’ll find everything from cabinets and racks and power and surge protection products to media converters and Ethernet switches all supported by free, live 24/7 Tech support available in 60 seconds or less.