Subscribe to Our Youtube Channel
Related Manuals for Opengear ACM5000
Summary of Contents for Opengear ACM5000
- Page 1 User Manual ACM5000 & ACM5500 RIM Gateways IM4000 & IM4200 DCIM Managers CM4000 DCIM Console Servers SD4000 Secure Device Server Rev: 4.5 April 16 2012 Advanced Console Server & RIM Gateway User Manual...
- Page 2 Do not remove the metal covers. There are no operator serviceable components inside. Opening or removing the cover may expose you to dangerous voltage which may cause fire or electric shock. Refer all service to Opengear qualified personnel To avoid electric shock the power cord protective grounding conductor must be connected through to ground.
-
Page 4: Table Of Contents
ACM5508-2-M, ACM5508-2-I, ACM5504-5-G-I, ACM5504-5-GV-I and ACM5504-2-P power 2.2.7 IM4216-34-DDC, IM4208-2-DDC, IM4216-2-DDC, IM4232-2-DDC and IM4248-2-DDC power Network Connection Serial Port Connection Opengear Classic RJ45 pinout (option –X0) 2.4.1 2.4.2 Cisco Rolled (Cyclades) RJ45 pinout (option -X1) 2.4.3 Cisco RJ45 pinout (option -X2) - Page 5 User Manual Configure Serial Ports 4.1.1 Common Settings 4.1.2 Console Server Mode 4.1.3 SDT Mode 4.1.4 Device (RPC, UPS, EMD) Mode 4.1.5 Terminal Server Mode 4.1.6 Serial Bridging Mode 4.1.7 Syslog 4.1.8 NMEA Streaming Add/ Edit Users 4.2.1 Set up new Group 4.2.1 Set up new Users Authentication...
- Page 6 Table of Contents 5.7.3 Cellular routing 5.7.4 Cellular CSD dial-in setup Firewall & Forwarding 5.8.1 Configuring network forwarding and IP masquerading 5.8.2 Configuring client devices 5.8.3 Port / Protocol forwarding 5.8.4 Firewall rules SSH TUNNELS & SDT CONNECTOR Configuring for SSH Tunneling to Hosts SDT Connector Client Configuration 6.2.1 SDT Connector client installation...
- Page 7 UPS status 8.2.6 Overview of Network UPS Tools (NUT) Environmental Monitoring 8.3.1 Connecting the EMD and its sensors 8.3.2 Connecting sensors to ACM5000 and ACM5500s 8.3.3 Adding EMDs and configuring the sensors 8.3.4 Environmental alerts 8.3.5 Environmental status Digital I/O Ports 8.4.1...
- Page 8 Table of Contents 10.3.2 Enable NRPE monitoring 10.3.3 Enable NSCA monitoring 10.3.4 Configure selected Serial Ports for Nagios monitoring 10.3.5 Configure selected Network Hosts for Nagios monitoring 10.3.6 Configure the upstream Nagios monitoring host 10.4 Advanced Distributed Monitoring Configuration 10.4.1 Sample Nagios configuration 10.4.2 Basic Nagios plug-ins 10.4.3 Additional plug-ins 10.4.4 Number of supported devices...
- Page 9 User Manual 14.1.22 NAGIOS ADVANCED CONFIGURATION 15.1 Custom Scripting 15.1.1 Custom script to run when booting 15.1.2 Running custom scripts when alerts are triggered 15.1.3 Example script - Power cycling on pattern match 15.1.4 Example script - Multiple email notifications on each alert 15.1.5 Deleting configuration values from the CLI 15.1.6 Power cycle any device upon a ping request failure 15.1.7 Running custom scripts when a configurator is invoked...
- Page 10 Table of Contents Console Server & RIM Gateway User Manual...
-
Page 12: This Manual
Introduction THIS MANUAL This Users Manual walks you through installing and configuring the following Opengear product lines: ACM5504-5-G-I, ACM5504-2-P, ACM5508-2-M and ACM5008-2-P Remote Infrastructure Management (RIM) gateways ACM5002, ACM5004, ACM5004-2, ACM5004-G, ACM5004-I, ACM5003-M & ACM5003-W Remote Infrastructure Management (RIM) gateways (with –SDC, -E and -F options) and ACM5004-G/GV (with –SDC and -E options) &... - Page 13 User Manual Types of users The console server supports two classes of users: Firstly there are the administrative users who will be authorized to configure and control the console server; and to access and control all the connected devices. These administrative users will be set up as members of the admin user group and any user in this class is referred to generically in this manual as the Administrator.
- Page 14 Introduction The console server runs an embedded Linux operating system, and experienced Linux and UNIX users may prefer to undertake configuration at the command line. You can command line access by dial-in or directly connecting to the console server’s serial console/modem port, or by using ssh or Telnet to connect to the console server over the LAN, or with PPTP, IPsec or OpenVPN.
- Page 15 Opengear may make improvements and/or changes in this manual or in the product(s) and/or the program(s) described in this manual at any time. This product could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein;...
-
Page 16: Installation
Chapter 2: Installation INSTALLATION This chapter describes how to install the console server hardware and connect it to controlled devices. Models There are multiple families and models, each with a different number of network/ serial /USB ports or power supply and wireless configurations: Model Serial... -
Page 17: Im4208-2, Im4216-2, Im4232-2, Im4248-2 And Im4216-34 Kit Components
User Manual The various product families support different software features: Feature by DHCP DDNS WLAN Auto Internal FIPS FTP & IPsec, PPTP Model/Family Failover Response Flash TFTP & OpenVPN ACM500x-x-x yes** if -W 2GB* ACM550x-x-x yes** CM4xxx IM4004-5 IM4216-34 16GB IM42xx-2-Xx 16GB SD400x... -
Page 18: Im4004-5 Kit Components
Chapter 2: Installation Proceed to connect your IM42xx to the network, to the serial ports of the controlled devices, and to power as outlined below Note The IM4216-2-DDC, IM4232-2-DDC, IM4248-2-DDC and IM4216-34-DDC products are DC powered and the kits do not include an IEC AC power cord 2.1.2 IM4004-5 kit components... -
Page 19: Cm4008 Kit Components
User Manual Proceed to connect your CM4116 (or CM4132/CM4148) to the network, to the serial ports of the controlled devices, and to power as outlined below 2.1.4 CM4008 kit components Part # 509000 CM4008 Console Manager Part # 440016 2 x Cable UTP Cat5 blue Part # 319000 Connector DB9F-RJ45S straight and DB9F-RJ45S... -
Page 20: Sd4001 Kit Components
Part #539000 Quick Start Guide and CD-ROM Unpack your ACM5000 kit and verify you have all the parts shown above, and that they all appear in good working order. The ACM5004-G has an external 3G aerial to be attached. ... -
Page 21: Acm5500 Kit Components
Part #539000 Quick Start Guide and CD-ROM Unpack your ACM5000 kit and verify you have all the parts shown above, and that they all appear in good working order The ACM5004-5-G(V)-I also has an external 3G aerial to be attached ... -
Page 22: Im4004-5 And Cm4008 Power
ACM500x, ACM500x-2, ACM500x-M/W/I/G and ACM500x-SDC power All the ACM5000 models are supplied with an external AC-12VDC wall mount power supply. This comes with a selection of wall socket adapters for each geographic region (North American, Europe, UK, Japan or Australia). The 12V DC connector from the power supply unit plugs into the 12VDC (PWR) power jack on the side of the console server casing ... -
Page 23: Acm5508-2-M, Acm5508-2-I, Acm5504-5-G-I, Acm5504-5-Gv-I And Acm5504-2-P Power
User Manual The ACM5000 models can also be powered from an external +9V DC to +30V DC power source - by connecting the DC power lines to a power plug that plugs into the 12VDC (PWR) jack. Similarly the ACM5000 can be powered by connecting an external 9V AC to 24V AC power source to this jack. -
Page 24: Network Connection
The RJ45 LAN ports are located on the front panel of the rack-mount CM41xx and IM42xx console servers. The RJ45 LAN ports are located on the side of the smaller ACM5500, ACM5000, CM4001/8 and SD4001/2 units. All physical connections are made using industry standard Cat5 cabling and connectors. Ensure you only connect the LAN port to an Ethernet network that supports 10Base-T/100Base-T. -
Page 25: Serial Port Connection
(or external serial modem out of band connection). All console server models except the SD4001, ACM5000 and ACM5500 have a dedicated DB9 Local Console port. This DB9 connector is located on the front of the CM4100, IM4004-5 and IM4200 models and on the rear of the CM4001 and CM4008. -
Page 26: Opengear Classic Rj45 Pinout (Option -X0)
*The first serial port can be reassigned to be a console/modem port Opengear Classic RJ45 pinout (option –X0) 2.4.1 The CM4000, CM4100 and IM4004 models have the Opengear Classic RJ45 pinout shown below. The IM4200 console servers are also available with this RJ45 pinout as an option: SIGNAL... -
Page 27: Cisco Rj45 Pinout (Option -X2)
USB2.0 ports The ACM5000 models have two USB2.0 ports. However one or both of these may be pre-allocated internally. For example the ACM5004-W has one internal USB committed for the 802.11 adapter, so there is only one external USB port free. -
Page 28: Acm5004-G/G-I And Acm5504-5-G-I Sim
3G cellular modem that requires a SIM card and external antenna. All the other IM4200, ACM5000, ACM5500 and IM4004-5 models support an external USB cellular modem. Such modems have internal antennas however they may benefit from an external antenna. -
Page 29: External Usb Cellular Modems
Digital I/O and Environmental Sensors Any ACM5000 or ACM5500 model with an –I in the model number, or any ACM5000 with the –E option all ship with an external green connector block for attaching environmental sensors and digital I/O devices. -
Page 30: System Configuration
Chapter 3: Initial System Configuration SYSTEM CONFIGURATION This chapter provides step-by-step instructions for the initial configuration of your console server, and connecting it to the Management or Operational LAN. This involves the Administrator: Activating the Management Console Changing the Administrator password ... -
Page 31: Browser Connection
User Manual Now add a static entry to the ARP table and ping the console server to assign the IP address to the console server. In the example below, a console server has a MAC Address 00:13:C6:00:02:0F (designated on the label on the bottom of the unit) and we are setting its IP address to 192.168.100.23. -
Page 32: Administrator Password
Allow forwarding to the cellular destination network (System/Firewall page. Refer Chapter 5) Enable IP masquerading for cellular connection (System/Firewall page. Refer Chapter 5) After completing each of the above steps, you can return to the configuration list by clicking the Opengear logo in the top left corner of the screen. -
Page 33: Set Up New Administrator
User Manual Select System: Administration Enter a new System Password then re-enter it in Confirm System Password. This is the new password for root, the main administrative user account, so it is important that you choose a complex password, and keep it safe ... -
Page 34: Network Ip Address
Chapter 3: Initial System Configuration Network IP Address The next step is to enter an IP address for the principal Ethernet (LAN/Network/Network1) port on the console server; or enable its DHCP client so that it automatically obtains an IP address from a DHCP server on the network it is to be connected to. -
Page 35: Ipv6 Configuration
With Dynamic DNS (DDNS) an advanced console server whose IP address is dynamically assigned (and that may change from time to time) can be located using a fixed host or domain name. The ACM5500, ACM5000, IM4004-5 and IM4200 family of advanced console servers (with Firmware 3.0.2 and later) support DDNS. -
Page 36: System Firewall - Service Access
Chapter 3: Initial System Configuration Supported DDNS providers include: DyNS www.dyns.cx dyndns.org www.dyndns.org GNUDip gnudip.cheapnet.net ODS www.ods.org TZO www.tzo.com 3322.org (Chinese provider) www.3322.org Upon registering with the DDNS service provider, you will select a username and password, as well as a hostname that you will use as the DNS name (to allow external access to your machine using a URL). - Page 37 User Manual devices) using a range of access protocols/services – and for each such access, the particular service must be running with access through the firewall enabled. By default HTTP, HTTPS, Telnet and SSH services are running, and these services are enabled on all network interfaces. However, again by default, only HTTPS and SSH access to the console server is enabled, while HTTP and Telnet access is disabled.
- Page 38 Chapter 15 – Advanced Configuration TFTP/FTP If a USB flash card or internal flash is detected on an ACM5000, ACM5500, IM4200 or IM4004-5 advanced console server, then enabling this service will set up default tftp and ftp server on the USB flash.
-
Page 39: Communications Software
So you will need to have appropriate communications software tools set up on the Administrator (and User) client’s computer. Opengear provides the SDT Connector as the recommended client software tool, however other generic tools such as PuTTY and SSHTerm may be used, and these are all described below. -
Page 40: Putty
Chapter 3: Initial System Configuration SDT Connector is a light weight tool that enables Users and Administrators to securely access the Console server, and the various computers, network devices and appliances that may be serially or network connected to the console server. SDT Connector is a Java client program that couples the trusted SSH tunneling protocol with popular access tools such as Telnet, SSH, HTTP, HTTPS, VNC, RDP to provide point-and-click secure remote management access to all the systems and devices being managed. -
Page 41: Sshterm
User Manual 3.5.3 SSHTerm Another common communications package that may be useful is SSHTerm, an open source package that can be downloaded from http://sourceforge.net/projects/sshtools: To use SSHTerm for an SSH terminal session from a Windows Client you simply Select the ‘File’ option and click on ‘New Connection’... - Page 42 Chapter 3: Initial System Configuration The ACM5504-5-G-I, IM4216-34 and IM4004-5 console server models have an integrated four or thirty-two port management LAN switches (with firewall, router, DHCP server and switch functions). The IM4216-34 is normally configured to have an active 32 port Management LAN (Ethernet 1-32) switch plus have Network 2 configured for OoB or Failover ...
-
Page 43: Configure The Dhcp Server
User Manual connections to Managed Devices on the Management LAN are secure. The LAN ports can also be configured in bridged or bonded mode (as described later in this chapter) or they can be manually configured from the command line. 3.6.2 Configure the DHCP server The IM4200 family, ACM5508-2-I/M, ACM5504-5-G-I, IM4004-5 and ACM5004-2 console servers also host a DHCP... -
Page 44: Select Failover Or Broadband Oob
Chapter 3: Initial System Configuration The DHCP server also supports pre-assigning IP addresses to be allocated only to specific MAC addresses and reserving IP addresses to be used by connected hosts with fixed IP addresses. To reserve an IP addresses for a particular host: ... -
Page 45: Aggregating The Network Ports
User Manual Click Apply. You have selected the failover method however it is not active until you have specified the external sites to be probed to trigger failover, and set up the failover ports themselves. This is covered in Chapter 5. Note The ACM5504-5-G-I, IM4004-5 and IM4216-34 can be configured with an active Management LAN/gateway and with one of the switched Ethernet ports configured for OoB/Failover (ETH 1 on the ACM5504-5-G-I and IM4004-5... -
Page 46: Wireless Lan
Some console server models support 802.11 wireless LAN connections. The ACM5003-W has an internal 802.11g wireless client LAN adapter The other ACM5000 models and IM4004-5 models can be fitted externally with a Opengear WUBR-101 802.11g USB dongle To configure the wireless LAN connection LAN card you must first install the USB dongle in the console server. - Page 47 User Manual To configure the IP settings of the wireless LAN: Select DHCP or Static for the Configuration Method If you selected Static then manually enter the new IP Address, Subnet Mask, Gateway and DNS server details. This selection automatically disables the DHCP client If you selected DHCP the console server will look for configuration details from a DHCP server on your management LAN.
-
Page 48: Static Routes
Chapter 3: Initial System Configuration Select the Wireless Network Type where Infrastructure is used to connect to an access point and Ad- hoc to connect directly to a computer Select the Wireless Security mode of the wireless network (WEP, WPA etc) and enter the required Key/ Authentication/ Encryption settings Note: The Wireless screen in Status: Statistics will display all the locally accessible wireless LANs (with SSID and Encryption/Authentication settings). - Page 49 User Manual Enter Route Gateway with the IP address of a router that will route packets to the destination network Enter a value in the Metric field that represents the metric of this connection. This generally only has to be set if two or more routes conflict or have overlapping targets.
-
Page 50: Serial Port, Host, Device & User Configuration
Chapter 4: Serial Port, Device and User Configuration SERIAL PORT, HOST, DEVICE & USER CONFIGURATION The Opengear console server enables access and control of serially-attached devices and network-attached devices (hosts). The Administrator must configure access privileges for each of these devices, and specify the services that can be used to control the devices. -
Page 51: Common Settings
User Manual Serial Bridge mode enables the transparent interconnection of two serial port devices over a network Select Serial & Network: Serial Port and you will see details of the serial ports that are currently set up By default each serial port is set in Console Server mode. For the port to be reconfigured click Edit ... -
Page 52: Console Server Mode
Chapter 4: Serial Port, Device and User Configuration Note The Signaling Protocol menu item only presents in ports with RS422/485 options (i.e. Port 1 on SD4002 and SD4001, and all ports on ACM5004-2-I, ACM5508-2-I and ACM5504-5-G-I). The options available are RS232, RS422, RS485 and RS485 Echo mode ... - Page 53 User Manual Click OK. The installation might take several minutes. If the remote communications are being tunneled with SDT Connector, then Telnet can be used for securely accessing these attached devices (refer Note below). Note In Console Server mode, Users and Administrators can use SDT Connector to set up secure Telnet connections that are SSH tunneled from their client computers to the serial port on the console server.
- Page 54 Chapter 4: Serial Port, Device and User Configuration PuTTY can be downloaded at http://www.tucows.com/preview/195286.html Note In Console Server mode, when you connect through to a serial port you connect via pmshell. To will generate a BREAK on the serial port you need to type the character sequence '~b' (and if you're doing this over SSH you'll need to type "~~b") It is recommended that you use SSH as the protocol where the User or Administrator connects to the console server (or connects through the console server to the attached serial consoles) over the Internet or any other...
- Page 55 User Manual This syntax enables Users to set up SSH tunnels to all serial ports with only a single IP port 22 having to be opened in their firewall/gateway Note In Console Server mode, when you connect through to a serial port you connect via pmshell. To will generate a BREAK on the serial port if you're connected over SSH, you'll need to type the character sequence "~~b"...
-
Page 56: Sdt Mode
Chapter 4: Serial Port, Device and User Configuration Device must be set up with both its Serial port connection and Power connection configured. The command to bring up the power menu is ~p Single Connection This setting limits the port to a single connection so if multiple users have access privileges for a particular port only one user at a time can be accessing that port (i.e. -
Page 57: Terminal Server Mode
User Manual 4.1.5 Terminal Server Mode Select Terminal Server Mode and the Terminal Type (vt220, vt102, vt100, Linux or ANSI) to enable a getty on the selected serial port The getty will then configure the port and wait for a connection to be made. An active connection on a serial device is usually indicated by the Data Carrier Detect (DCD) pin on the serial device being raised. -
Page 58: Syslog
Chapter 4: Serial Port, Device and User Configuration You may secure the communications over the local Ethernet by enabling SSH however you will need to generate and upload keys (refer Chapter 14 – Advanced Configuration) 4.1.7 Syslog In addition to inbuilt logging and monitoring (which can be applied to serial-attached and network-attached management accesses, as covered in Chapter 7 - Alerts and Logging) the console server can also be configured to support the remote syslog protocol on a per serial port basis: ... -
Page 59: Add/ Edit Users
User Manual You can use pmshell, webshell, SSH, RFC2217 or RawTCP to get at the stream: For example using the Web Terminal: Note: This GPS support is also available for IM4200-G with an internal cellular modem. The NMEA data stream presents on ports 9/17/33/49 for the IM4208/16/32/48 models. -
Page 60: Set Up New Group
Chapter 4: Serial Port, Device and User Configuration To simplify user set up, they can be configured as members of Groups. With firmware V3.5.2 and later there are five Groups set up by default (where earlier versions only had admin and user by default): admin Provides users with unlimited configuration and management privileges pptpd... -
Page 61: Set Up New Users
User Manual Add a Group name and Description for each new Group, then nominate the Accessible Hosts, Accessible Ports and Accessible RPC Outlet(s) that you wish any users in this new Group to be able to access Click Apply 4.2.1 Set up new Users To set up new users, and to classify users as members of particular Groups:... - Page 62 Chapter 4: Serial Port, Device and User Configuration Click Add User to add a new user Add a Username and a confirmed Password for each new user. You may also include information related to the user (e.g. contact details) in the Description field Note The User Name can contain from 1 to 127 alphanumeric characters (however you can also use the special characters "-"...
-
Page 63: Authentication
User Manual Note For more information on enabling the SDT Connector so each user has secure tunneled remote RPD/VNC/Telnet/HHTP/HTTPS/SoL access to the network connected hosts refer Chapter 6. Authentication Refer to Chapter 9.1 - Remote Authentication Configuration for authentication configuration details Network Hosts To monitor and remotely access a locally networked computer or device (referred to as a Host) you must identify the Host and specify the TCP or UDP ports/services that will be used to control that Host:... -
Page 64: Trusted Networks
Chapter 4: Serial Port, Device and User Configuration Add or edit the Permitted Services (or TCP/UDP port numbers) that are authorized to be used in controlling this host. Only these permitted services will be forwarded through by SDT to the Host. All other services (TCP/UDP ports) will be blocked. -
Page 65: Serial Port Cascading
Master. Opengear’s clustering connects each Slave to the Master with an SSH connection. This is done using public key authentication so the Master can access each Slave using the SSH key pair (rather than using passwords). This ensures... -
Page 66: Automatically Generate And Upload Ssh Keys
Chapter 4: Serial Port, Device and User Configuration secure authenticated communications between Master and Slaves enabling the Slave console server units to be distributed locally on a LAN or remotely around the world. 4.6.1 Automatically generate and upload SSH keys To set up public key authentication you must first generate an RSA or DSA key pair and upload them into the Master and Slave console servers. -
Page 67: Manually Generate And Upload Ssh Keys
User Manual Next you must select whether to generate keys using RSA and/or DSA (if unsure, select only RSA). Generating each set of keys will require approximately two minutes and the new keys will destroy any old keys of that type that may previously been uploaded. -
Page 68: Configure The Slaves And Their Serial Ports
Chapter 4: Serial Port, Device and User Configuration Next, you must register the Public Key as an Authorized Key on the Slave. In the simple case with only one Master with multiple Slaves, you need only upload the one RSA or DSA public key for each Slave. The use of key pairs can be confusing as in many cases one file (Public Key) fulfills two roles –... -
Page 69: Managing The Slaves
User Manual Select Serial & Network: Cascaded Ports on the Master’s Management Console: To add clustering support select Add Slave Note You will be prevented from adding any Slaves until you have automatically or manually generated SSH keys: To define and configure a Slave: ... -
Page 70: Serial Port Redirection (Portshare)
PortShare for Linux The PortShare driver for Linux maps the console server serial port to a host tty port. Opengear has released the portshare-serial-client as an open source utility for Linux, AIX, HPUX, SCO, Solaris and UnixWare. This utility can be freely downloaded from the ftp site. -
Page 71: Managed Devices
User Manual The .tar file can be freely downloaded from the ftp site. Refer to the PortShare User Manual and Quick Start for details on installation and operation. Managed Devices Managed Devices presents a consolidated view of all the connections to a device that can be accessed and monitored through the console server. - Page 72 Chapter 4: Serial Port, Device and User Configuration To add a new network connected Managed Device: T he Administrator adds a new network connected Managed Device using Add Host on the Serial&Network: Network Host menu. This automatically creates a corresponding new Managed Device (as covered in Section 4.4 - Network Hosts) ...
-
Page 73: Ipsec Vpn
Management LAN subnet at the remote location Configuration of IPsec is quite complex so Opengear provides a simple GUI interface for basic set up as described below. However for more detailed information on configuring Openswan IPsec at the command line and interconnecting with other IPsec VPN gateways and road warrior IPsec software refer http://wiki.openswan.org and... - Page 74 Chapter 4: Serial Port, Device and User Configuration Click Add and complete the Add IPsec Tunnel screen Enter any descriptive name you wish to identify the IPsec Tunnel you are adding such as WestStOutlet-VPN Select the Authentication Method to be used, either RSA digital signatures or a Shared secret (PSK) If you select RSA you will asked to click here to generate keys.
-
Page 75: Openvpn
Otherwise leave this blank If the Opengear VPN gateway is serving as a VPN gateway to a local subnet (e.g. the console server has a Management LAN configured) enter the private subnet details in Left Subnet. Use the CIDR notation (where the IP address number is followed by a slash and the number of ‘one’... -
Page 76: Enable The Openvpn
Configuration of OpenVPN can be complex so Opengear provides a simple GUI interface for basic set up as described below. However for more detailed information on configuring OpenVPN Access server or client refer to the HOW TO and FAQs at http://www.openvpn.net... -
Page 77: Configure As Server Or Client
User Manual In Tunnel Mode, nominate whether this is the Client or Server end of the tunnel. When running as a server, the advanced console server supports multiple clients connecting to the VPN server over the same port. In Configuration Method, select the authentication method to be used. To authenticate using certificates select PKI (X.509 Certificates) or select Custom Configuration to upload custom configuration files. - Page 78 Chapter 4: Serial Port, Device and User Configuration To enter authentication certificates and files, Edit the OpenVPN tunnel. Select the Manage OpenVPN Files tab. Upload or browse to relevant authentication certificates and files. Apply to save changes. Saved files will be displayed in red on the right-hand side of the Upload button. Console Server &...
- Page 79 User Manual To enable OpenVPN, Edit the OpenVPN tunnel Check the Enabled button. Apply to save changes Note: Please make sure that the console server system time is correct when working with OpenVPN. Otherwise authentication issues may arise Advanced Console Server &...
-
Page 80: Windows Openvpn Client And Server Set Up
Chapter 4: Serial Port, Device and User Configuration Select Statistics on the Status menu to verify that the tunnel is operational. 4.10.3 Windows OpenVPN Client and Server set up Windows does not come standard with any OpenVPN server or client. This section outlines the installation and configuration of a Windows OpenVPN client or a Windows OpenVPN server and setting up a VPN connection to a console server. - Page 81 User Manual Once installed on the Windows machine, an OpenVPN icon will have been created in the Notification Area located in the right side of the taskbar. Right click on this icon to start (and stop) VPN connections, and to edit configurations and view logs When the OpenVPN software is started, the C:\Program Files\OpenVPN\config folder will be scanned for “.opvn”...
- Page 82 Chapter 4: Serial Port, Device and User Configuration syslog IM4216_OpenVPN_Server The Windows client/server configuration file options are: Options Description #description: This is a comment describing the configuration. Comment lines start with a ‘#’ and are ignored by OpenVPN. Client Specify whether this will be a client or server configuration file. server In the server configuration file, define the IP address pool and netmask.
- Page 83 User Manual The log file will be displayed as the connection is established Once established, the OpenVPN icon will display a message notifying of the successful connection and assigned IP. This information, as well as the time the connection was established, is available anytime by scrolling over the OpenVPN icon.
-
Page 84: Pptp Vpn
Similarly, telecommuters can also set up a VPN tunnel over their cable modem or DSL links to their local ISP. To set up a PPTP connection from a remote Windows client to your Opengear appliance and local network: 1. Enable and configure the PPTP VPN server on your Opengear appliance 2. - Page 85 192.168.1.10-20). This must be a free IP address (or a range of free IP addresses), from the network (typically the LAN) that remote users are assigned while connected to the Opengear appliance Enter the desired value of the Maximum Transmission Unit (MTU) for the PPTP interfaces into the MTU field (defaults to 1400) ...
-
Page 86: Add A Pptp User
One connection is for the ISP, and the other connection is for the VPN tunnel to the Opengear appliance. Note: This procedure sets up a PPTP client in the Windows 7 Professional operating system. The steps may vary slightly depending on your network access or if you are using an alternate version of Windows. - Page 87 Note: To connect remote VPN clients to the local network, you need to know the user name and password for the PPTP account you added, as well as the Internet IP address of the Opengear appliance. If your ISP has not allocated you a static IP address, consider using a dynamic DNS service.
-
Page 88: Call Home
Chapter 4: Serial Port, Device and User Configuration 4.12 Call Home All console servers with Firmware V3.2 and later, include the Call Home feature which initiates the setup of a secure SSH tunnel from the console server to a centralized CMS6100 or VCMS server (referred to herein as CMS). The console server then registers as a “candidate”... -
Page 89: Accept Call Home Candidate As Managed Console Server On Cms
User Manual Enter the Password that you configured on the CMS as the Call Home Password Click Apply These steps initiate the Call Home connection from the console server to the CMS. This creates an SSH listening port on the CMS, and sets the console server up as a candidate. -
Page 90: Calling Home To A Generic Central Ssh Server
Chapter 4: Serial Port, Device and User Configuration The Local Console Servers drop down list in lists all the console servers which are on the same subnet as the CMS, and are not currently being monitored The Remote Console Servers drop down list in the Detected Console Servers section lists all the console servers that have established a Call Home connection, and are not currently being monitored (i.e. - Page 91 User Manual By selecting Listening Server, you may create a Remote port forward from the Server to this unit, or a Local port forward from this unit to the Server: Specify a Listening Port to forward from, leave this field blank to allocate an unused port ...
-
Page 92: Firewall, Failover & Oob Access
CM4116/4148 units. The serial ports on the ACM5500, ACM5000 and SD4001 are by default all configured as RJ serial Console Server ports. However Port 1 can be configured to be the Local Console/Modem port OoB Dial-In Access Once a modem has been attached to the console server you can configure the console server for dial-in PPP access. - Page 93 User Manual Note By default the modem port on all Opengear console servers is set with software flow control and the baud rate is set at: - 115200 baud for external modems connected to the “Serial DB9 Port” on CM4008, CM41xx, IM42xx and...
- Page 94 Chapter 5: Firewall, Failover and Out of Band Console Server & RIM Gateway User Manual...
-
Page 95: Using Sdt Connector Client
User Manual Select the Authentication Type required. Access is denied to remote users attempting to connect using an authentication scheme weaker than the selected scheme. The schemes are described below, from strongest to weakest. Encrypted Authentication (MS-CHAP v2): The strongest type of authentication to use; this is the recommended option ... -
Page 96: Set Up Linux Clients
Chapter 5: Firewall, Failover and Out of Band 5.2.5 Set up Linux clients The online tutorial http://www.yolinux.com/TUTORIALS/LinuxTutorialPPP.html presents a selection of methods for establishing a dial up PPP connection: Command line PPP and manual configuration (which works with any Linux distribution) Using the Linuxconf configuration tool (for Red Hat compatible distributions). -
Page 97: Failover Dial-Out
5.3.2 Failover dial-out The ACM5500, ACM5000, IM4004-5 and IM4200 family of advanced console servers can be configured so a dial-out PPP connection is automatically set up in the event of a disruption in the principal management network. Note: Only SSH access is enabled on the failover connection. However in firmware versions later than 3.0.2 HTTPS access is also enabled. - Page 98 Chapter 5: Firewall, Failover and Out of Band Specify the Probe Addresses of two sites (the Primary and Secondary) that the IM console server is to ping to determine if Network / Network1 is still operational Select the System: Dial menu option and the port to be configured (Serial DB9 Port or PC Card or Internal Modem Port) ...
-
Page 99: Oob Broadband Ethernet Access
OoB Broadband Ethernet Access The ACM5500, ACM5000, IM4004-5 and IM4200 family of advanced console servers have a second Ethernet port (LAN2 on the ACM5004-2, ACM5508-2-I/M and ACM5504-3-P, Network 2 on the IM4200-2 or ETH-1 on the IM4004-5, IM4216- 34 and ACM5504-5-G-I) that can be configured for alternate and OoB (out-of-band) broadband access. -
Page 100: Broadband Ethernet Failover
Ensure when configuring the principal Network 1 Settings (eth0) connection, the Failover Interface is set to None Broadband Ethernet Failover The second Ethernet port on the ACM5500, ACM5000, IM4004-5 and IM4200 family of advanced console servers can also be configured for failover to ensure transparent high availability. ... -
Page 101: Cellular Modem Connection
Cellular Modem Connection The ACM5500, ACM5000, IM4004-5 and IM4200 family of advanced console servers support internal and/or external cellular modem. These modems first need to be set up to validate they can connect to the carrier network. They then can be configured for operation in Failover mode, OoB mode, Cellular router mode or CSD mode. -
Page 102: Connect To The Gsm Hsupa/Umts Carrier Network
The ACM5004-G(-I), ACM5504-5-G-I models and IM4200-G families have an internal GSM modem that will connect to any major GSM carrier globally. The ACM5500, ACM5000, IM4004-5 and IM4200 family of advanced console servers also support attaching an external USB GSM/HSPA cellular modem from Sierra Wireless to one of its USB 2.0 ports. -
Page 103: Connect To The Cdma Ev-Do Carrier Network
The ACM5004-GV, ACM5504-5-GV-I and IM4200-DAC-X2-GV models have an internal CDMA modem. The IM4200- DAC-X2, ACM5000, ACM5500 and IM4004-5 models also support attaching an external USB CDMA cellular modem from Sierra Wireless to one of its USB 2.0 ports. Both will connect to the Verizon network in North America. - Page 104 Firewall, Failover and Out of Band OTASP Activation: Before this can be achieved you need both a working account and an activated device in that the Opengear's ESN (Electronic Serial Number) needs to be registered with an appropriate plan on your Carriers account ...
-
Page 105: Verify Cellular Connection
For example Verizon have been known to use an MSL of 000000 and the phone number assigned to the Opengear device as both the MDN and MSID with no spaces or hyphens e.g. - Page 106 Chapter 5: Firewall, Failover and Out of Band You can measure the received signal strength from the Cellular Statistics page on the Status: Statistics screen. This will display the current state of the cellular modem including the Received Signal Strength Indicator (RSSI) Note: Received Signal Strength Indicator (RSSI) is a measurement of the Radio Frequency (RF) power present in a received radio signal at the mobile device.
-
Page 107: Cellular Operation
User Manual threshold number of consecutive attempts fail, the service will cause the unit to reboot. This can be used to force a clean restart of the modem and its services to work around any carrier issues. Cellular Operation When set up as a console server the 3G cellular modem can be set up to connect to the carrier in either: Failover mode. -
Page 108: Cellular Failover Setup
Chapter 5: Firewall, Failover and Out of Band For inbound OoB connection with such a plan you will need to use Call Home with a VCMS/CMS6110 or set up a In out of band access mode the internal cellular modem will continually stay connected. The alternative is to set up Failover mode on the console server as detailed in the next section. -
Page 109: Cellular Routing
User Manual The Operational Status will change as the cellular modem finds a channel and connects to the network The Failover & Out-of-Band screen will display information relating to a configured Failover/OoB interface and the status of that connection. The IP Address of the Failover/ OoB interface will be presented in the Failover &... -
Page 110: Firewall & Forwarding
Firewall, Failover and Out of Band Firewall & Forwarding Opengear console servers and cellular routers with Version 3.3 firmware (and beyond) have basic routing, NAT (Network Address Translation), packet filtering and port forwarding support on all network interfaces. Console Server & RIM Gateway User Manual... -
Page 111: Configuring Network Forwarding And Ip Masquerading
Internet or external network gateway Gx cellular routers or other IM400, ACM5500 or ACM5000 model with external cellular modem) or via other Ethernet networks on two Ethernet port models (IM42xx-2 and ACM500x-2 console servers): ... - Page 112 Chapter 5: Firewall, Failover and Out of Band Note: Network forwarding allows the network packets on one network interface (i.e. LAN1/ eth0) to be forwarded to another network interface (i.e. LAN2/eth1 or dial-out/cellular). So locally networked devices can IP connect through the console server to devices on remote networks.
-
Page 113: Configuring Client Devices
User Manual 5.8.2 Configuring client devices Client devices on the local network must be configured with Gateway and DNS settings. This can be done statically on each device, or using DHCP (on IM and ACM models). Manual Configuration: Manually set a static gateway address (being the address of the console server) and set the DNS server address to be the same as used on the external network i.e. - Page 114 Chapter 5: Firewall, Failover and Out of Band Click on the Disabled link next to DHCP Server which will bring up the System: DHCP Server page Check Enable DHCP Server To configure the DHCP server, tick the Use interface address as gateway check box ...
-
Page 115: Port / Protocol Forwarding
User Manual The DHCP server also supports pre-assigning IP addresses to be allocated only to specific MAC addresses and reserving IP addresses to be used by connected hosts with fixed IP addresses. To reserve an IP addresses for a particular host. Once applied, devices on the internal network will be able to access resources on the external network. -
Page 116: Firewall Rules
Chapter 5: Firewall, Failover and Out of Band Output Address: The target of the port forward. This is an address on the internal network where packets sent to the Input Interface on the input port range are sent. Output Port Range: The port or range of ports that the packets will be redirected to on the Output Address. Ranges use the format start-finish. - Page 117 User Manual Note Prior to firmware V3.4 this tab was labeled Port Rules and fewer firewall rules could be configured Click New Firewall Rule Fill in the following fields: Name: Name the rule. This name should describe the policy the firewall rule is being used to implement (e.g.
- Page 118 Chapter 5: Firewall, Failover and Out of Band Action: Block The firewall rules are processed in a set order- from top to bottom. So rule placement is important. For example with the following rules, all traffic coming in over the Network Interface is blocked except when it comes from two nominated IP addresses (SysAdmin and Tony): To allow all incoming traffic on all To allow all incoming...
-
Page 120: Ssh Tunnels & Sdt Connector
SSH TUNNELS & SDT CONNECTOR Each Opengear console server has an embedded SSH server and uses SSH tunneling so remote users can securely connect through the console server to Managed Devices - using text-based console tools (such as SSH, telnet, SoL) or graphical tools (such VNC, RDP, HTTPS, HTTP, X11, VMware, DRAC, iLO). -
Page 121: Configuring For Ssh Tunneling To Hosts
SDT Connector Client Configuration The SDT Connector client works with all Opengear console servers. Each of these remote console servers have an embedded OpenSSH based server which can be configured to port forward connections from the SDT Connector client to hosts on their local network as detailed in the previous chapter. -
Page 122: Configuring A New Gateway In The Sdt Connector Client
Chapter 6: Secure SSH Tunneling & SDT Connector Note For Windows clients, the SDTConnectorSetup-1.n.exe application will install the SDT Connector 1.n.exe and the config file defaults.xml. If there is already a config file on the Windows PC then it will not be overwritten. To remove earlier config file run the regedit command and search for “SDT Connector”... - Page 123 User Manual Enter the IP or DNS Address of the console server and the SSH port that will be used (typically 22) Note If SDT Connector is connecting to a remote console server through the public Internet or routed network you will need to: ...
-
Page 124: Auto-Configure Sdt Connector Client With The User's Access Privileges
Chapter 6: Secure SSH Tunneling & SDT Connector Auto-configure SDT Connector client with the user’s access privileges 6.2.3 Each user on the console server has an access profile which has been configured with those specific connected hosts and serial port devices the user has authority to access, and a specific set of the enabled services for each of these. This configuration can be auto-uploaded into the SDT Connector client: ... -
Page 125: Manually Adding Hosts To The Sdt Connector Gateway
Gateway. SD4001/40022/4008 and CM4001/4008 devices support at least 10 simultaneous client tunnels; ACM5000, ACM5500, IM4216/4248 and CM4116/4148 each support at least 50 such concurrent connections. So for a site with a CM4116 gateway you can have, at any time up to 50 users securely controlling an unlimited number of network attached computers and appliances (servers, routers etc) at that site. -
Page 126: Manually Adding New Services To The New Hosts
Chapter 6: Secure SSH Tunneling & SDT Connector Select which Services are to be used in accessing the new host. A range of service options are pre-configured in the default SDT Connector client (RDP, VNC, HTTP, HTTPS, Dell RAC, VMware etc). However if you wish to add new services the range then proceed to the next section (Adding a new service) then return here ... - Page 127 User Manual The second redirection is for the VNC service that the user may choose to later launch from the RAC web console. It is automatically loads in a Java client served through the web browser, so it does not need a local client associated with it. ...
-
Page 128: Adding A Client Program To Be Started For The New Service
Chapter 6: Secure SSH Tunneling & SDT Connector Note that for UDP services, you still need to specify a TCP port under General. This will be an arbitrary TCP port that is not in use on the gateway. An example of this is the SOL Proxy service. It redirects local UDP port 623 to remote UDP port 623 over the arbitrary TCP port 6667 6.2.7 Adding a client program to be started for the new service... -
Page 129: Dial In Configuration
User Manual Also some clients are launched in a command line or terminal window. The Telnet client is an example of this so the “Path to client executable file” is telnet and the “Command line format for client executable” is cmd /c start %path% %host% %port% : ... -
Page 130: Sdt Connector To Management Console
With earlier firmware: Browse to the console server and select Network Hosts from Serial & Network, click Add Host and in the IP Address/DNS Name field enter 127.0.0.1 (this is the Opengear's network loopback address) and enter Loopback in Description ... -
Page 131: Sdt Connector - Telnet Or Ssh Connect To Serially Attached Devices
Apply Select Network Hosts from Serial & Network and click Add Host In the IP Address/DNS Name field enter 127.0.0.1 (this is the Opengear's network loopback address) and enter Loopback in Description Remove all entries under Permitted Services and select TCP and enter 200n in Port. (This configures the Telnet port enabled in the previous step, so for Port 2 you would enter 2002) ... -
Page 132: Using Sdt Connector For Out-Of-Band Connection To The Gateway
Chapter 6: Secure SSH Tunneling & SDT Connector Groups from Serial & Network. Click Add User. Enter a Username, Description and Password/Confirm. Select 127.0.0.1 from Accessible Host(s) and select Port 2 from Accessible Port(s). Click Apply. Using SDT Connector for out-of-band connection to the gateway SDT Connector can also be set up to connect to the console server (gateway) out-of-band (OoB). -
Page 133: Importing (And Exporting) Preferences
User Manual cmd /c start "Stopping Out of Band Connection" /wait /min rasdial network_connection /disconnect where network connection is the name of the network connection as displayed in Control Panel -> Network Connections. To stop a pre-configured dial-up connection under Linux, use the following Stop Command: poff network_connection To make the OoB connection using SDT Connector: ... -
Page 134: Sdt Connector Public Key Authentication
Microsoft’s Remote Desktop Protocol (RDP) enables the system manager to securely access and manages remote Windows computers – to reconfigure applications and user profiles, upgrade the server’s operating system, reboot the machine etc. Opengear’s Secure Tunneling uses SSH tunneling, so this RDP traffic is securely transferred through an authenticated and encrypted tunnel. - Page 135 User Manual Check Allow users to connect remotely to this computer Click Select Remote Users To set the user(s) who can remotely access the system with RDP click Add on the Remote Desktop Users dialog box Note If you need to set up new users for Remote Desktop access, open User Accounts in the Control Panel and proceed through the steps to nominate the new user’s name, password and account type (Administrator or Limited)
-
Page 136: Configure The Remote Desktop Connection Client
Chapter 6: Secure SSH Tunneling & SDT Connector When the remote user connects to the accessed computer on the console session, Remote Desktop automatically locks that computer (so no other user can access the applications and files). When you come back to your computer at work, you can unlock it by typing CTRL+ALT+DEL. - Page 137 User Manual Click Connect Note The Remote Desktop Connection software is pre-installed with Windows XP, Vista and Server 2003/2008, however for earlier Windows PCs you will need to download the RDP client: Go to the Microsoft Download Center site http://www.microsoft.com/downloads/details.aspx?familyid=80111F21- D48D-426E-96C2-08AA2BD23A49&displaylang=en and click the Download button This software package will install the client portion of Remote Desktop on Windows 95, Windows 98 and 98 Second Edition, Windows Me, Windows NT 4.0 and Windows 2000.
-
Page 138: Sdt Ssh Tunnel For Vnc
Chapter 6: Secure SSH Tunneling & SDT Connector Note The rdesktop client is supplied with Red Hat 9.0: rpm -ivh rdesktop-1.2.0-1.i386.rpm For Red Hat 8.0 or other distributions of Linux; download source, untar, configure, make, make then install. rdesktop currently runs on most UNIX based platforms with the X Window System and can be downloaded from http://www.rdesktop.org/ C. - Page 139 User Manual RealVNC http://www.realvnc.com is fully cross-platform, so a desktop running on a Linux machine may be displayed on a Windows PC, on a Solaris machine, or on any number of other architectures. There is a Windows server, allowing you to view the desktop of a remote Windows machine on any of these platforms using exactly the same viewer.
-
Page 140: Install, Configure And Connect The Vnc Viewer
Chapter 6: Secure SSH Tunneling & SDT Connector D. Most other operating systems (Solaris, HPUX, PalmOS etc) either come with VNC bundled, or have third party VNC software that you can download 6.9.2 Install, configure and connect the VNC Viewer VNC is truly platform-independent so a VNC Viewer on any operating system can connect to a VNC Server on any other operating system. -
Page 141: Using Sdt To Ip Connect To Hosts That Are Serially Attached To The Gateway
User Manual You can then establish the VNC connection by simply activating the VNC Viewer software on the Viewer PC and entering the password Note For general background reading on Remote Desktop and VNC access we recommend the following: ... -
Page 142: Establish A Ppp Connection Between The Host Com Port And Console Server
Chapter 6: Secure SSH Tunneling & SDT Connector 6.10.1 Establish a PPP connection between the host COM port and console server (This step is only necessary for serially connected computers) Firstly, physically connect the COM port on the host computer that is to be accessed, to the serial port on the console server then: A. - Page 143 User Manual Specify which Users will be allowed to use this connection. This should be the same Users who were given Remote Desktop access privileges in the earlier step. Click Next On the Network Connection screen select TCP/IP and click Properties ...
-
Page 144: Set Up Sdt Serial Ports On Console Server
Chapter 6: Secure SSH Tunneling & SDT Connector The console server default Username is portXX where XX is the serial port number on the console server. The default Password is portXX So to use the defaults for a RDP connection to the serial port 2 on the console server, you would have set up a Windows user named port02 ... -
Page 145: Set Up Sdt Connector To Ssh Port Forward Over The Console Server Serial Port
User Manual Note When you enable SDT, this will override all other Configuration protocols on that port Note If you leave the Username and User Password fields blank, they default to portXX and portXX where XX is the serial port number. So the default username and password for Secure RDP over Port 2 is port02 ... - Page 146 Chapter 6: Secure SSH Tunneling & SDT Connector In the Session menu enter the IP address of the console server in the Host Name or IP address field For dial-in connections, this IP address will be the Local Address that you assigned to the console server when you set it up as the Dial-In PPP Server ...
- Page 147 User Manual If your destination computer is serially connected to the console server, set the Destination as <port label>:3389 e.g. if the Label you specified on the serial port on the console server is win2k3, then specify the remote host as win2k3:3389 . Alternative you can set the Destination as portXX:3389 where XX is the SDT enabled serial port number e.g.
- Page 148 Chapter 6: Secure SSH Tunneling & SDT Connector Note How secure is VNC? VNC access generally allows access to your whole computer, so security is very important. VNC uses a random challenge-response system to provide the basic authentication that allows you to connect to a VNC server.
-
Page 150: Alerts, Automated Response And Logging
Chapter 7: Alerts and Logging ALERTS, AUTOMATED RESPONSE AND LOGGING This chapter describes the automated response, alert generation and logging features of the console server. The new Auto-Response facility (in firmware V3.5.1 and later) extends on the basic Alert facility available in earlier firmware revisions. - Page 151 User Manual To configure a new Auto-Response: Select New Auto-Response in the Configured Auto-Response field. You will be presented with a new Auto- Response Settings menu Enter a unique Name for the new Auto-Response Specify the Reset Timeout for the time in seconds after resolution to delay before this Auto-Response can be triggered again ...
-
Page 152: Check Conditions
Chapter 7: Alerts and Logging Check Conditions To configure the condition that will trigger the Auto-Response: Click on the Check Condition type (e.g. Environmental, UPS Status or ICMP ping) to be configured as the trigger for this new Auto-Response in the Auto-Response Settings menu 7.2.1 Environmental To configure Humidity or Temperature levels as the trigger event:... -
Page 153: Alarms And Digital Inputs
User Manual Note: Before configuring Environmental Checks as the trigger in Auto-Response you will need first to configure the Temp and/or Humidity sensors on your ACM5000 or attached EMD 7.2.2 Alarms and Digital Inputs To set the status of any attached Smoke or Water sensors or digital inputs as the trigger event: ... -
Page 154: Ups Status
Chapter 7: Alerts and Logging Note: Before configuring UPS checks in Auto-Response you first must configure the attached UPS 7.2.4 UPS Status To use the alert state of any attached UPS as the Auto-Response trigger event: Click on UPS Status as the Check Condition ... -
Page 155: Icmp Ping
User Manual Note: Before configuring serial port checks in Auto-Response you first must configure the serial port in Console server mode. Also most serial port checks are not resolvable so resolve actions will not be run 7.2.6 ICMP Ping To use a ping result as the Auto-Response trigger event: ... -
Page 156: Cellular Data
Chapter 7: Alerts and Logging 7.2.7 Cellular Data This check monitors the aggregate data traffic inbound and outbound through the cellular modem as an Auto-Response trigger event. Click on Cellular Data as the Check Condition Note: Before configuring cellular data checks in Auto-Response the internal or external USB cellular modem must be configured and detected by the console server 7.2.8 Custom Check... -
Page 157: Sms Command
User Manual 7.2.9 SMS Command An incoming SMS command from a nominated caller can trigger an Auto-Response: Click on SMS Command as the Check Condition Specify which Phone Number (in international format) of the phone sending the SMS message ... -
Page 158: Trigger Actions
Chapter 7: Alerts and Logging Trigger Actions To configure the sequence of actions that is to be taken in the event of the trigger condition: For a nominated Auto-Response - with a defined Check Condition - click on Add Trigger Action (e.g. Send Email or Run Custom Script) to select the action type to be taken. -
Page 159: Perform Rpc Action
User Manual 7.3.3 Perform RPC Action Click on Perform RPC Action as the Add Trigger Action. Enter a unique Action Name and set the Action Delay Time Select a power Outlet and specify the Action to be performed (power On, OFF or Cycle) ... -
Page 160: Resolve Actions
Chapter 7: Alerts and Logging Resolve Actions Actions can also be scheduled to be taken a trigger condition has been resolved: For a nominated Auto-Response - with a defined trigger Check Condition - click on Add Resolve Action (e.g. Send Email or Run Custom Script) to select the action type to be taken Note: Resolve Actions are configured exactly the same as Trigger Actions except the designated Resolve Actions are... -
Page 161: Send Sms Alerts
User Manual You may enter a Sender email address which will appear as the “from” address in all email notifications sent from this console server. Many SMTP servers check the sender’s email address with the host domain name to verify the address as authentic. -
Page 162: Send Snmp Trap Alerts
Chapter 7: Alerts and Logging Similarly you can specify the specific Subject Line that will be sent with the email. Generally the email subject will contain a truncated version of the alert notification message (which is contained in full in the body of the email). However some SMS gateway service providers require blank subjects or require specific authentication headers to be included in the subject line ... - Page 163 User Manual Select the Manager Protocol. SNMP is generally a UDP-based protocol though infrequently it uses TCP instead. Enter the host address of the SNMP Network Manager into the Manager Address field. Enter the TCP/IP port number into the Manager Trap Port field (default =162). ...
-
Page 164: Send Nagios Event Alerts
Chapter 7: Alerts and Logging noAuthNoPriv No authentication or encryption. authNoPriv Authentication only. An authentication protocol (SHA or MD5) and password will be required. authPriv Uses both authentication and encryption. This is the highest level of security and requires an encryption protocol (DES or AES) and password in addition to the authentication protocol and password. -
Page 165: Serial Port Logging
User Manual From the Manage: Devices menu the Administrator will can view serial, network and power device logs stored in the console reserve memory (or flash USB). The User will only see logs for the Managed Devices they (or their Group) have been given access privileges for (Refer Chapter 13). -
Page 166: Network Tcp And Udp Port Logging
Chapter 7: Alerts and Logging Click Apply Note A cache of the most recent 8K of logged data per serial port is maintained locally (in addition to the Logs which are transmitted for remote/USB flash storage). To view the local cache of logged serial port data select Manage: Port Logs 7.6.3 Network TCP and UDP port logging... -
Page 167: Power Device Logging
User Manual 7.6.5 Power device logging The console server also logs access and communications with network attached hosts and maintain a history of the UPS and PDU power status. To activate and set the desired levels of logging for each serial (Section 7.4) and/or network port (Section 7.5) and/or power and environment UPS (refer Chapter 8) Advanced Console Server &... -
Page 168: Power, Environment & Digital I/O
Power, Environmental & Digital I/O POWER, ENVIRONMENT & DIGITAL I/O Opengear console servers manage Remote Power Control devices (RPCs including PDUs and IPMI devices) and Uninterruptible Power Supplies (UPSes). They also monitor remote operating environments using Environmental Monitoring Devices (EMDs) and sensors, and can provide digital I/O control. - Page 169 User Manual Click Add RPC Connected Via presents a list of serial ports and network Host connections that you have set up with device type RPC (but have yet to connect to a specific RPC device): When you select Connect Via for a Network RPC connection then the corresponding Host Name/Description that you set up for that connection will be entered as the Name and Description for the power device Alternately if you select to Connect Via a Serial connection then you will need to enter a Name and...
- Page 170 Power, Environmental & Digital I/O If you are connecting to the RPC by a serial port you will be presented with all the serial RPC types currently supported by the embedded PowerMan and Opengear’s power manager: Enter the Username and Password used to login into the RPC (Note that these login credentials are not related the Users and access privileges you will have configured in Serial &...
- Page 171 The console server will then configure the RPC with the number of outlets specified in the selected RPC Type or will query the RPC itself for this information Opengear’s console servers support the majority of the popular network and serial PDUs. If your PDU is not on Note the default list then support can be added directly (as covered in Chapter 14 - Advanced Configurations) or by having the PDU supported added to either the Network UPS Tools or PowerMan open source projects.
-
Page 172: Rpc Access Privileges And Alerts
Chapter 8: Power, Environmental & Digital I/O 8.1.2 RPC access privileges and alerts You can now set PDU and IPMI alerts using Alerts & Logging: Alerts (refer Chapter 7). You can also assign which user can access and control which particular outlet on each RPC using Serial &Network: User &Groups (refer Chapter 4) 8.1.3 User power management The Power Manager enables both Users and Administrators to access and control the configured serial and network... - Page 173 User Manual Click on View Log or select the RPCLogs menu and you will be presented with a table of the history and detailed graphical information on the selected RPC Click Manage to query or control the individual power outlet. This will take you to the Manage: Power screen Advanced Console Server &...
-
Page 174: Uninterruptible Power Supply Control (Ups)
Power, Environmental & Digital I/O Uninterruptible Power Supply Control (UPS) All Opengear console servers can be configured to manage locally and remotely connected UPS hardware using Network UPS Tools. Network UPS Tools (NUT) is a group of open source programs that provide a common interface for monitoring and administering UPS hardware;... - Page 175 User Manual For serial UPSes attach the UPS to the selected serial port on the console server. From the Serial and Network: Serial Port menu, configure the Common Settings of that port with the RS232 properties etc required by the UPS (refer Chapter 4.1.1 Common Settings).
- Page 176 Network UPS Tools (NUT version 2.4) However for CM4001/8 and SD4001/2/8 models you will need to upload the driver you need from www.opengear.com/download Click New Options in Driver Options if you need to set driver-specific options for your selected NUT driver and hardware combination (more details at http://www.networkupstools.org/doc)
-
Page 177: Remote Ups Management
(but not managed) by your console server. The upsc and upslog clients in the Opengear console server can configured to monitor remote servers that are running Network UPS Tools managing their locally connected UPSes. These remote servers might be other Opengear console servers or generic Linux servers running NUT. -
Page 178: Controlling Ups Powered Computers
(particularly the smaller sites) will be USB or serially connected. Having a CM4001, ACM5000 or IM4004-5 at these remote sites would enable the system manager to centrally monitor the status of the power supplies at all sites, and centralize alarms. So he/she can be warned to initiate a call-out or take shut down actions ... -
Page 179: Ups Alerts
MONITOR managedups@192.168.0.1 1 username password slave - managedups is the UPS Name of the Managed UPS - 192.168.0.1 is the IP address of the Opengear console server - 1 indicates the server has a single power supply attached to this UPS... - Page 180 Chapter 8: Power, Environmental & Digital I/O Click on any particular All Data for any UPS System in the table for more status and configuration information on the select UPS System Select UPS Logs and you will be presented with the log table of the load, battery charge level, temperature and other status information from all the Managed and Monitored UPS systems.
-
Page 181: Overview Of Network Ups Tools (Nut)
User Manual 8.2.6 Overview of Network UPS Tools (NUT) NUT is built on a networked model with a layered scheme of drivers, server and clients. NUT can be configured using the Management Console as described above, or you can configure the tools and manage the UPSes directly from the command line. - Page 182 Powerman (open source software from Livermore Labs that also is embedded in Opengear console servers) These NUT clients and servers all are embedded in each Opengear console server (with a Management Console presentation layer added) … and they also are run remotely on distributed console servers and other remote NUT monitoring systems.
-
Page 183: Environmental Monitoring
The ACM5000 and ACM5500 advanced console server models also each have internal temperature sensor and can optionally be configured to have up to four general purpose status sensor ports (which can be connected smoke or water detector and vibration or open-door sensors) directly connected. -
Page 184: Connecting Sensors To Acm5000 And Acm5500S
EMD EMD sensor Note: You can attach two sensors onto the terminals on EMDs that are connected to console servers with Opengear Classic pinouts. However console servers with -01 and -02 pinouts only support attaching a single sensor to each The EMD can be used only with an Opengear console server and cannot be connected to standard RS232 serial ports on other appliances. - Page 185 (OUT1 & OUT2), the later having inverting outputs with higher voltage/current transistor By default on the ACM5000 and ACM500 each SENSOR and DIO port is configured as an Input, so they are available to be used with external environmental sensors attached ...
-
Page 186: Adding Emds And Configuring The Sensors
Chapter 8: Power, Environmental & Digital I/O Screw the bare wires on any smoke detector, water detector, vibration sensor, open-door sensor or general purpose open/close status sensors into the SENSOR or DIO terminals on the green connector block When configured as Inputs, the SENSOR and DIO ports are notionally attached to the internal EMD. So go to the Serial &... - Page 187 Click Apply. This will also create a new Managed Device (with the same name) For the ACM5000-E select the Serial & Network: Environmental menu and check Enabled. You will then need set any temperature offsets and label the sensors as described above...
-
Page 188: Environmental Alerts
Chapter 8: Power, Environmental & Digital I/O 8.3.4 Environmental alerts You can now set temperature, humidity and probe status alerts using Alerts & Logging: Alerts (refer Chapter 7) 8.3.5 Environmental status You can monitor the current status of all any configured external EMDs and their sensors, and any internal or directly attached sensors ... -
Page 189: Digital I/O Ports
User Manual Digital I/O Ports The ACM5004-2-I, ACM5508-2-I and ACM5504-5-G-I models have four digital interface ports which present on a green connector block on the side of the unit: DIO1 and DIO2 are two TTL level digital I/O ports (5V max @ 20mA) ... -
Page 190: Digital I/O Input Configuration
Chapter 8: Power, Environmental & Digital I/O pin_val pin electrical value in output mode (0 = low 1 = high) reset pins to all inputs and low displays the pin directions and current values load pin configuration from configlity For example, to set pin 1 to a low output, type: ioc -p 1 -d 0 -v 0 To pulse one of these outputs, use a script like the following: ioc -p 1 -d 0 -v 1... -
Page 192: Authentication
Chapter 9: Authentication AUTHENTICATION The console server platform is a dedicated Linux computer, and it embodies a myriad of popular and proven Linux software modules for networking, secure access (OpenSSH) and communications (OpenSSL) and sophisticated user authentication (PAM, RADIUS, TACACS+, Kerberos and LDAP). ... -
Page 193: Radius Authentication
User Manual Select Serial and Network: Authentication and check TACAS or LocalTACACS or TACACSLocal or TACACSDownLocal Enter the Server Address (IP or host name) of the remote Authentication/Authorization server. Multiple remote servers may be specified in a comma separated list. Each server is tried in succession. ... -
Page 194: Ldap Authentication
Chapter 9: Authentication Enter the Server Address (IP or host name) of the remote Authentication/ Authorization server. Multiple remote servers may be specified in a comma separated list. Each server is tried in succession In addition to multiple remote servers you can also enter for separate lists of Authentication/Authorization servers and Accounting servers. -
Page 195: Radius/Tacacs User Configuration
Users may be added to the local console server appliance. If they are not added and they log in via remote AAA, a user will be added for them. This user will not show up in the Opengear configurators unless they are specifically added, at which point they are transformed into a completely local user. -
Page 196: Group Support With Remote Authentication
Chapter 9: Authentication If a local user logs in, they may be authenticated/ authorized from the remote AAA server, depending on the chosen priority of the remote AAA. A local user's authorization is the union of local and remote privileges. Example 1: User Tim is locally added, and has access to ports 1 and 2. -
Page 197: Remote Groups With Radius Authentication
User Manual 9.1.7 Remote groups with RADIUS authentication Enter the RADIUS Authentication and Authorization Server Address and Server Password Click Apply. Edit the Radius user’s file to include group information and restart the Radius server When using RADIUS authentication, group names are provided to the console server using the Framed-Filter-Id attribute. -
Page 198: Remote Groups With Ldap Authentication
Chapter 9: Authentication Cleartext-Password := ”FraTom70” TomFraser Framed-Filter-Id=”:group_name=admin:” Cleartext-Password := ”JonAma83” AmandaJones Cleartext-Password := ”WhiFre62” FredWhite Framed-Filter-Id=”:group_name=testgroup1,users:” Cleartext-Password := ”LonJan57” JanetLong Framed-Filter-Id=”:group_name=admin:” Additional local groups such as testgroup1 can be added via Users & Groups: Serial & Network 9.1.8 Remote groups with LDAP authentication Unlike RADIUS, LDAP has built in support for group provisioning, which makes setting up remote groups easier. - Page 199 User Manual Currently, the only LDAP directory service that supports group provisioning is Microsoft Active Directory. Support is planned for OpenLDAP at a later time. To enable group information to be used with an LDAP server: Complete the fields for standard LDAP authentication including LDAP Server Address, Server Password, LDAP Base DN, LDAP Bind DN and LDAP User Name Attribute ...
-
Page 200: Idle Timeout
Chapter 9: Authentication 9.1.9 Idle timeout You can specify amount of time in minutes the console server waits before it terminates an idle ssh, pmshell or web connection. Select Serial and Network: Authentication Web Management Session Timeout specifies the browser console session idle timeout in minutes. The default setting is 20 minutes ... -
Page 201: Authentication Testing
User Manual Note: Kerberos is very sensitive to time differences between the Key Distribution Center (KDC) authentication server and the client device. Please make sure that NTP is enabled, and the time zone is set correctly on the console server. When authenticating against Active Directory, the Kerberos Realm will be the domain name, and the Master KDC will be the address of the primary domain controller. -
Page 202: Ssl Certificate
When a user attempts to log in, but does not already have an account on the console server, a new user account will be created. This account will have no rights, and no password set. They will not appear in the Opengear configuration tools. - Page 203 User Manual Activate your preferred browser and enter https:// IP address. Your browser may respond with a message that verifies the security certificate is valid but notes that it is not necessarily verified by a certifying authority. To proceed you need to click yes if you are using Internet Explorer or select accept this certificate permanently (or temporarily) if you are using Mozilla Firefox.
- Page 204 Chapter 9: Authentication Organizational Unit This field is used for specifying to which department within an organization the console server belongs Organization The name of the organization to which the console server belongs Locality/City The city where the organization is located State/Province The state or province where the organization is located Country The country where the organization is located.
-
Page 206: Nagios Integration
Nagios forms the core of many leading commercial system management solutions such as GroundWork: http://www.groundworkopensource.com Nagios does take some time to install and configure – solutions such as GroundWork and Opengear SDT Nagios are aimed at simplifying this process. Once Nagios is up and running however, it provides an outstanding network monitoring system. -
Page 207: Central Management And Setting Up Sdt For Nagios
User Manual 10.2 Central management and setting up SDT for Nagios The Opengear Nagios solution has three parts: the Central Nagios server, Distributed Opengear console servers and the SDT for Nagios software. Central Nagios server A vanilla Nagios 2.x or 3.x installation (typically on a Linux server) generally running on a blade, PC, virtual machine, etc. -
Page 208: Set Up Central Nagios Server
Each distributed console server must be running firmware 2.4.1 or later. Refer to Chapter 11 for details on upgrading Opengear firmware. This section provides a brief walkthrough on configuring a single Opengear console server to monitor the status one attached network host (a Windows IIS server running HTTP and HTTPS services) and one serially attached device (the console port of a network router), and to send alerts back to the Nagios server when an Administrator connects to the router or IIS server. - Page 209 Enter the Host Name and the Nagios Host Address (i.e. IP address) that the central Nagios server will use to contact the distributed Opengear console server Enter the IP address that the distributed Opengear console server will use to contact the central Nagios server in Nagios Server Address ...
-
Page 210: Set Up Sdt For Nagios On The Central Nagios Server
Opengear console servers. After the distributed configuration has been imported, the wizard will ask if you want to apply the Opengear SDT Nagios UI theme. This is not required, and simply changes the look and feel of the Nagios UI to that pictured below. -
Page 211: Set Up The Clients
UI running on the central Nagios server. This web UI links to SDT Connector to enable point and click access through the distributed Opengear console servers to attached hosts and serial ports, and the Opengear unit itself. Detailed setup and configuration instructions for SDT Connector are contained elsewhere in this manual, but here are the basic steps you need to follow. -
Page 212: Configuring Nagios Distributed Monitoring
Connect via SDT SDT Connector launches and starts up a Terminal Services session to the IIS Server, securely tunneled through the distributed Opengear server. Likewise, locate the row for the router’s serial console port, and the service check beginning with check_serial,... -
Page 213: Enable Nagios On The Console Server
Each of the Serial Ports and each of the Hosts connected to the console server which are to be monitored must have Nagios enabled and any specific Nagios checks configured Lastly the central/upstream Nagios monitoring host must be configured 10.3.1 Enable Nagios on the console server ... -
Page 214: Enable Nrpe Monitoring
Chapter 10: Nagios Integration 10.3.2 Enable NRPE monitoring Enabling NRPE allows you to execute plug-ins (such as check_tcp and check_ping) on the remote Console server to monitor serial or network attached remote servers. This will offload CPU load from the upstream Nagios monitoring machine which is especially valuable if you are monitoring hundreds or thousands of hosts. -
Page 215: Configure Selected Serial Ports For Nagios Monitoring
Select System: Nagios and check NSCA Enabled Select the Encryption to be used from the drop down menu, then enter a Secret password and specify a check Interval Refer the sample Nagios configuration section below for some examples of configuring specific NSCA checks 10.3.4 Configure selected Serial Ports for Nagios monitoring The individual Serial Ports connected to the console server to be monitored must be configured for Nagios checks. -
Page 216: Configure Selected Network Hosts For Nagios Monitoring
Chapter 10: Nagios Integration 10.3.5 Configure selected Network Hosts for Nagios monitoring The individual Network Hosts connected to the console server to be monitored must also be configured for Nagios checks: Select Serial&Network: Network Port and click Edit on the Network Host to be monitored ... -
Page 217: Configure The Upstream Nagios Monitoring Host
In practice, these would be combined into a single check which used NSCA as a primary method, falling back to NRPE if a check was late – for details see the Nagios documentation (http://www.nagios.org/docs/) on Service and Host Freshness Checks ; Host definitions ; Opengear Console server define host{ generic-host host_name... - Page 218 ; NRPE daemon on gateway define command { command_name check_nrpe_daemon command_line $USER1$/check_nrpe -H 192.168.254.147 -p 5666 define service { service_description NRPE Daemon host_name opengear generic-service check_command check_nrpe_daemon ; Serial Status define command { command_name check_serial_status command_line $USER1$/check_nrpe -H 192.168.254.147 -p 5666 -c check_serial_$HOSTNAME$...
- Page 219 0 passive_checks_enabled define servicedependency{ name opengear_nrpe_daemon_dep host_name opengear dependent_host_name server dependent_service_description Port Log service_description NRPE Daemon execution_failure_criteria w,u,c ; Ping define command{ command_name check_ping_via_opengear command_line $USER1$/check_nrpe -H 192.168.254.147 -p 5666 -c host_ping_$HOSTNAME$...
-
Page 220: Basic Nagios Plug-Ins
Each console server is preconfigured with two checks that are specific to Opengear: check_serial_signals is used to monitor the handshaking lines on the serial ports check_port_log is used to monitor the data logged for a serial port. - Page 221 These plug-ins from the Nagios plug-ins package can be downloaded from ftp.opengear.com. There also are bash scripts which can be downloaded and run (primarily check_log.sh). To configure additional checks the downloaded plug-in program must be saved in the tftp addins directory on the USB flash and the downloaded text plug-in file saved in /etc/config ...
-
Page 222: Number Of Supported Devices
If the plug-in in a Perl script, it must be rewritten as the console server does not support Perl at this point. However, if you do require Perl support, please make a feature request to support@opengear.com Individual compiled programs may be generated using gcc for ARM. Again contact support@opengear.com for details 10.4.4 Number of supported devices... -
Page 223: Distributed Monitoring Usage Scenarios
The results were from running tests 5 times in succession with no timeouts on any runs. However there are a number of ways to increase the number of checks you can do: Usually when using NRPE checks, an individual request will need to set up and tear down an SSL connection. This overhead can be avoided by setting up an SSH session to the console server and tunneling the NRPE port. - Page 224 Chapter 10: Nagios Integration Remote site with restrictive firewall In this scenario the role of the console server will vary. One aspect may be to upload check results through NSCA. Another may be to provide an SSH tunnel to allow the Nagios server to run NRPE commands. Remote site with no network access In this scenario the console server allows dial-in access for the Nagios server.
-
Page 226: System Management
Chapter 11: System Management SYSTEM MANAGEMENT This chapter describes how the Administrator can perform a range of general console server system administration and configuration tasks such as: Applying Soft and Hard Resets to the gateway Re-flashing the Firmware ... -
Page 227: Upgrade Firmware
The Firmware version is displayed in the header of each page Alternately selecting Status: Support Report reports the Firmware Version To upgrade, you first must download the latest firmware image from ftp://ftp.opengear.com or http://opengear.com/firmware/: ... -
Page 228: Configure Date And Time
Chapter 11: System Management Click Apply and the console server appliance will undertake a soft reboot and commence upgrading the firmware. This process will take several minutes After the firmware upgrade has completed, click here to return to the Management Console. Your console server will have retained all its pre-upgrade configuration information 11.3 Configure Date and Time It is recommended that you set the local Date and Time in the console server as soon as it is configured. -
Page 229: Configuration Backup
With Version 3.2.0 firmware the Time Zone can also be set to UCT (Coordinated Universal Time) which replaced Greenwich Mean Time as the World standard for time in 1986: 11.4 Configuration Backup It is recommended that you back up the console server configuration whenever you make significant changes (such as adding new Users or Managed Devices) or before performing a firmware upgrade. - Page 230 Chapter 11: System Management To restore a remote backup: Click Browse in the Remote Configuration Backup menu and select the Backup File you wish to restore Click Restore and click OK. This will overwrite all the current configuration settings in your console server Alternately with some console servers you can save the backup file locally onto the USB storage.
-
Page 231: Delayed Configuration Commit
Erase 11.5 Delayed Configuration Commit The Delayed Config Commit mode is available on all ACM5500, ACM5000, IM4004-5 and IM4200 family of advanced console servers with Firmware V3.2 and later. This mode allows the grouping or queuing of configuration changes and the simultaneous application of these changes to a specific device. -
Page 232: Fips Mode
The Commit Config button will no longer be displayed in the top right-hand corner of the screen and configurations will no longer be queued. 11.6 FIPS Mode The ACM5500, ACM5000, IM4004-5 and IM4200 family of advanced console server families all use an embedded cryptographic module that has been validated to meet the FIPS 140-2 standards. Note The US National Institute of Standards and Technology (NIST) publishes the FIPS (Federal Information Processing Standard) series of standards. - Page 233 Opengear advance console servers use an embedded OpenSSL cryptographic module that has been validated to meet the FIPS 140-2 standards and has received Certificate #1051 When configured in FIPs mode all SSH, HTTPS and SDT Connector access to all services on the advanced console servers will use the embedded FIPS compliant cryptographic module.
-
Page 234: Status Reports
Chapter 12: Status Reports STATUS REPORTS This chapter describes the dashboard feature and the status reports that are available: Port Access and Active Users Statistics Support Reports Syslog Dashboard Other status reports that are covered elsewhere include: ... -
Page 235: Support Reports
12.3 Support Reports The Support Report provides useful status information that will assist the Opengear technical support team to solve any problems you may experience with your console server. If you do experience a problem and have to contact support, ensure you include the Support Report with your email support request. -
Page 236: Syslog
Chapter 12: Status Reports Select Status: Support Report and you will be presented with a status snapshot Save the file as a text file and attach it to your support email 12.4 Syslog The Linux System Logger in the console server maintains a record of all system messages and errors: ... -
Page 237: Configuring The Dashboard
12.5.1 Configuring the Dashboard Only users who are members of the admin group (and the root user) can configure and access the dashboard. To configure a custom dashboard: Select System: Configure Dashboard and select the user (or group) you are configuring this custom dashboard layout for Note: You can configure a custom dashboard for any admin user or for the admin group or you can reconfigure the default dashboard... -
Page 238: Creating Custom Widgets For The Dashboard
Chapter 12: Status Reports Click Apply Note: The Alerts widget is a new screen that shows the current alerts status. When an alert gets triggered, a corresponding .XML file is created in /var/run/alerts/. The dashboard scans all these files and displays a summary status in the alerts widget. - Page 239 Create a file called "widget-<name>.sh" in the folder /etc/config/scripts/ where <name> can be anything. You can have as many custom dashboard files as you want. Inside this file you can put any code you wish. When configuring the dashboard, choose "widget-<name>.sh" in the dropdown list.
-
Page 240: Management
Chapter 13: Management MANAGEMENT The console server has a small number of Manage reports and tools that are available to both Administrators and Users: Access and control authorized devices View serial port logs and host logs for those devices ... -
Page 241: Web Terminal
Terminal connects to the command line or serial device using the same protocol that is being used to browse to the Opengear Management Console, i.e. if you are browsing using an https:// URL (this is the default), the Web Terminal connects using HTTPS. -
Page 242: Sdt Connector Access
Chapter 13: Management Administrator and Users can communicate directly with serial port attached devices from their browser: Select the Serial tab on the Manage: Devices menu Under the Action column, click the Web Terminal icon to display the Web Terminal, connected directly to the attached serial device Note The Web Terminal feature was introduced in firmware V3.3. -
Page 243: Power Management
Note SDT Connector must be installed on the computer you are browsing from and the console server must be added as a gateway - as detailed in Chapter 6 13.4 Power Management Administrators and Users can access and manage the connected power devices. ... -
Page 244: Configuration From The Command Line
However without care these configurations may not withstand a power-cycle- reset or reconfigure. So Opengear provides a number of custom command line utilities and scripts to make it simple to configure the console server and ensure the changes are stored in the console server's flash memory etc. - Page 245 The config tool is designed to perform multiple actions from one command if need be, so if necessary options can be chained together. The config tool allows manipulation and querying of the system configuration from the command line. Using config the new configuration can be activated by running the relevant configurator which performs the action necessary to make the configuration changes live.
-
Page 246: Serial Port Configuration
Command Line Configuration Chapter 14: alerts ipconfig auth nagios cascade power console serialconfig dhcp services dialin slave eventlog systemsettings hosts time ipaccess users There are three ways to delete a config element value. The simplest way is use the delete-node script detailed later in Chapter 15. - Page 247 # config -s config.ports.port5.protocol=RS232 # config -s config.ports.port5.flowcontrol=None The following command will synchronize the live system with the new configuration: # config -r serialconfig Note: Supported serial port baud-rates are ‘50’, ‘75’, ‘110’, ‘134’, ‘150’, ‘200’, ‘300’, ‘600’, ‘1200’, ‘1800’, ‘2400’, ‘4800’, ‘9600’, '19200', '38400', '57600', '115200', and '230400'. Supported parity values are 'None', 'Odd', 'Even', 'Mark' and 'Space'.
- Page 248 Command Line Configuration Chapter 14: SDT mode To enable access over SSH to a host connected to serial port 5: # config -s config.ports.port5.mode=sdt # config -s config.ports.port5.sdt.ssh=on To configure a username and password when accessing this port with Username = user1 and Password = secret: # config -s config.ports.port#.sdt.username=user1 # config -s config.ports.port#.sdt.password=secret Terminal server mode...
-
Page 249: Adding And Removing Users
emergency debug critical alert 14.1.2 Adding and removing Users Firstly, determine the total number of existing Users (if you have no existing Users you can assume this is 0): # config -g config.users.total This command should display config.users.total 1. Note that if you see config.users.total this means you have 0 Users configured. -
Page 250: Adding And Removing User Groups
Command Line Configuration Chapter 14: # config -s config.sdt.hosts.host5.users.total=2 (total number of users having access to host) To edit any of the user element values, use the same approach as when adding user elements i.e. use the '-s' parameter. If any of the config elements do not exist, they will automatically be created. To delete the user called John, use the delete-node script: # ./delete-node config.users.user2 The following command will synchronize the live system with the new configuration:... -
Page 251: Authentication
14.1.4 Authentication To change the type of authentication for the console server: # config -s config.auth.type='authtype' 'authtype' can be: Local LocalTACACS TACACS TACACSLocal TACACSDownLocal LocalRADIUS RADIUS RADIUSLocal RADIUSDownLocal LocalLDAP LDAP LDAPLocal LDAPDownLocal To configure TACACS authentication: # config -s config.auth.tacacs.auth_server='comma separated list' (list of remote authentiction and authorization servers.) # config -s config.auth.tacacs.acct_server='comma separated list' (list of remote accounting servers. - Page 252 Command Line Configuration Chapter 14: Add power device host To add a UPS/RPC network host with the following details: IP address/ DNS name 192.168.2.5 Host name remoteUPS Description UPSroom3 Type Allowed services ssh port 22 and https port 443 Log level for services Issue the commands below: # config -s config.sdt.hosts.host4.address=192.168.2.5 # config -s config.sdt.hosts.host4.name=remoteUPS...
-
Page 253: Trusted Networks
# config -s config.devices.total=2 The following command will synchronize the live system with the new configuration: # config -hosts 14.1.6 Trusted Networks You can further restrict remote access to serial ports based on the source IP address. To configure this via the command line you need to do the following: Determine the total number of existing trusted network rules (if you have no existing rules) you can assume this is 0 # config -g config.portaccess.total... -
Page 254: Ups Connections
Command Line Configuration Chapter 14: 14.1.8 UPS Connections Managed UPSes Before adding a managed UPS, make sure that at least 1 port has been configured to run in 'device mode', and that the device is set to 'ups'. To add a managed UPS with the following values: Connected via Port 1 UPS name... -
Page 255: Rpc Connections
To add a remote UPS with the following details (assuming this is our first remote UPS): UPS name oldUPS Description UPS in room 2 Address 192.168.50.50 Log status Disabled Log rate 240 seconds Run shutdown script Enabled # config -s config.ups.remotes.remote1.name=oldUPS # config -s "config.ups.remotes.remote1.description=UPS in room 2"... -
Page 256: Environmental
Command Line Configuration Chapter 14: # config -s config.devices.total=3 The following command will synchronize the live system with the new configuration: # config -a 14.1.10 Environmental To configure an environmental monitor with the following details: Monitor name Envi4 Monitor Description Monitor in room 5 Temperature offset Humidity offset... -
Page 257: Port Log
Assume the remote log server needs a username 'name1' and password 'secret': # config -s config.eventlog.server.username=name1 # config -s config.eventlog.server.password=secret To set the remote path as '/opengear/logs' to save logged data: # config -s config.eventlog.server.path=/opengear/logs # config -s config.eventlog.server.type=[none | syslog | nfs | cifs | usb] If the server type is set to usb, none of the other values need to be set. - Page 258 Command Line Configuration Chapter 14: Assume this is our second alert, and we want to send alert emails to john@opengear.com and sms's to peter@opengear.com: # config -s config.alerts.alert2.description=MySecondAlert # config -s config.alerts.alert2.email=john@opengear.com # config -s config.alerts.alert2.email2=peter@opengear.com To use NAGIOS to notify of this alert # config -s config.alerts.alert2.nsca.enabled=on...
- Page 259 # config -s config.alerts.alert2.enviro.high.critical='critical value' # config -s config.alerts.alert2.enviro.high.warning='warning value' # config -s config.alerts.alert2.enviro.hysteresis='value' # config -s config.alerts.alert2.enviro.low.critical='critical value' # config -s config.alerts.alert2.enviro.low.warning='warning value' # config -s config.alerts.alert2.enviro1='Enviro sensor name' # config -s config.alerts.alert2.outlet#='RPCname'.outlet# 'alert2.outlet#' increments sequentially with each added outlet. The second 'outlet#' refers to the specific RPC power outlets.
-
Page 260: Smtp & Sms
Server password secret Subject line SMTP alerts # config -s config.system.smtp.server=mail.opengear.com # config -s config.system.smtp.encryption=SSL (can also be TLS or None ) # config -s config.system.smtp.sender=John@opengear.com # config -s config.system.smtp.username=john # config -s config.system.smtp.password=secret # config -s config.system.smtp.subject=SMTP alerts To set-up an SMTP SMS server with the same details as above: # config -s config.system.smtp.server2=mail.opengear.com... -
Page 261: Administration
14.1.16 Administration To change the administration settings to: System Name og.mydomain.com System Password (root account) secret Description Device in office 2 # config -s config.system.name=og.mydomain.com # config -P config.system.password (will prompt user for a password) # config -s "config.system.location=Device in office 2" NOTE: The -P parameter will prompt the user for a password, and encrypt it. -
Page 262: Date & Time Settings
Command Line Configuration Chapter 14: # /bin/config –-run=ipconfig The following command will synchronize the live system with the new configuration: # config -r ipconfig 14.1.18 Date & Time settings To enable NTP using a server at pool.ntp.org issue the following commands: # config -s config.ntp.enabled=on # config -s config.ntp.server=pool.ntp.org Alternatively, you can manually change the clock settings:... -
Page 263: Dhcp Server
# config -s config.console.ppp.callback.phone1=0800223665 # config -s config.console.ppp.username=user1 # config -s config.console.ppp.password=secret To make the dialed connection the default route: # config -s config.console.ppp.defaultroute=on Please note that supported authentication types are 'None', 'PAP', 'CHAP' and 'MSCHAPv2'. Supported serial port baud-rates are '9600', '19200', '38400', '57600', '115200', and '230400'. Supported parity values are 'None', 'Odd', 'Even', 'Mark' and 'Space'. -
Page 264: Services
Command Line Configuration Chapter 14: 14.1.21 Services You can manually enable or disable network servers from the command line. For example if you wanted to guarantee the following server configuration: HTTP Server Enabled HTTPS Server Disabled Telnet Server Disabled SSH Server Enabled SNMP Server Disabled... - Page 265 # config -s config.system.nagios.nrpe.enabled=on # config -s config.system.nagios.nrpe.port=5600 # config -s config.system.nagios.user=user1 # config -s config.system.nagios.nrpe.group=group1 # config -s config.system.nagios.nrpe.cmdargs=on To configure NSCA with the following settings: NSCA encryption BLOWFISH (can be: [ None | XOR | DES | TRPLEDES | CAST-256 | BLOWFISH | TWOFISH | RIJNDAEL-256 | SERPENT | GOST ] NSCA password secret...
-
Page 266: Advanced Configuration
Chapter 16: ADVANCED CONFIGURATION Opengear console servers run the embedded Linux operating system. So Administrator class users can configure the console server and monitor and manage attached serial console and host devices from the command line using Linux commands and the config utility (as described in Chapter 14). -
Page 267: Example Script - Power Cycling On Pattern Match
For a connection alert (when a user connects or disconnects from a port or network host): /etc/scripts/portmanager- user-alert (for port connections) or /etc/scripts/sdt-user-alert (for host connections) For a signal alert (when a signal on a port changes state): /etc/scripts/portmanager-signal-alert For a pattern match alert (when a specific regular expression is found in the serial ports character stream): /etc/scripts/portmanager-pattern-alert For a UPS status alert (when the UPS power status changes between on line, on battery, and low battery): /etc/scripts/ups-status-alert... -
Page 268: Example Script - Multiple Email Notifications On Each Alert
KCS Client Configuration Chapter 16: # pmpower -l port01 -o 3 cycle (The RPC is on serial port 1. The telecom device is powered by RPC outlet 3) We can now append this command to our custom script. This will guarantee that our telecom device will be power cycled every time the console reads the "EMERGENCY"... - Page 269 echo "Wrong input format" echo "Usage: delnode {full '.' delimited node path}" exit 2 # testing if node exists TEMP=`config -g config | grep "$1"` if [ -z "$TEMP" ] then echo "Node $1 not found" exit 0 # LASTFIELD is the last field in the node path e.g. "user1" # ROOTNODE is the upper level of the node e.g.
-
Page 270: Power Cycle Any Device Upon A Ping Request Failure
KCS Client Configuration Chapter 16: elif [ $NUMBER -lt $TOTAL ] # more than one item exists then # Modify the users list so user numbers are sequential # by shifting the users into the gap one at a time... echo "Deleting $1"... - Page 271 Below is an example using ping-detect to power cycle an RPC (PDU) outlet whenever a specific host fails to respond to a ping request. The ping-detect is run from /etc/config/rc.local to make sure that the monitoring starts whenever the system boots.
-
Page 272: Running Custom Scripts When A Configurator Is Invoked
KCS Client Configuration Chapter 16: "$@" sleep 2s done 15.1.7 Running custom scripts when a configurator is invoked A configurator is responsible for reading the values in /etc/config/config.xml and making the appropriate changes live. Some changes made by the configurators are part of the Linux configuration itself such as user passwords or ipconfig. Currently there are nineteen configurators each one responsible for a specific group of config e.g. -
Page 273: Backing-Up The Configuration Off-Box
# /etc/scripts/backup-usb save config-20May To check if the backup was saved correctly: # /etc/scripts/backup-usb list If this command does not display "* config-20May" then there was an error saving the configuration. The set-default command takes an input file as an argument and renames it to "default.opg". This default configuration remains stored on the USB disk. -
Page 274: Advanced Portmanager
KCS Client Configuration Chapter 16: 15.2 Advanced Portmanager Opengear’s portmanger program manages the console server serial ports. It routes network connection to serial ports, checks permissions, and monitors and logs all the data flowing to/from the ports. 15.2.1 Portmanager commands... -
Page 275: External Scripts And Alerts
user2 Port 2: user1 Port 8: user2 The above output indicates that a user named “user1” is actively connected to ports 1 and 2, while “user2” is connected to both ports 1 and 8 portmanager daemon There is normally no need to stop and restart the daemon. To restart the daemon normally, just run the command: # portmanager Supported command line options are: Force portmanager to run in the foreground:... -
Page 276: Raw Access To Serial Ports
KCS Client Configuration Chapter 16: Here is a more complex script which reads from configuration to display the port label if available and denies access to the root user: </etc/config/pmshell-start.sh> #!/bin/sh PORT="$1" USER="$2" LABEL=$(config -g config.ports.port$PORT.label | cut -f2- -d' ') if [ "$USER"... -
Page 277: Ip- Filtering
If at some point in the future you chose to connect a modem for dial-in out-of-band access the procedure can be reversed with the following commands. # /bin/config --del=config.console.debug # /bin/config --run=console # reboot 15.4 IP- Filtering The console server uses the iptables utility to provide a stateful firewall of LAN traffic. By default rules are automatically inserted to allow access to enabled services, and serial port access via enabled protocols. -
Page 278: Retrieving Status Information Using Snmp
UPS alert status The MIBs in your console server are located in /etc/snmp/mibs. You also can view the current MIBs online at http://opengear.com/download/snmp/and they include: OG-STATUS-MIB This new MIB contains serial and connected device status information (for snmpstatusd & snmpalertd) -
Page 279: Enable Snmp Service
15.5.3 Enable SNMP Service The console server supports different versions of SNMP including SNMPv1, SNMPv2c and SNMPv3. SNMP, although an industry standard, brings with it a variety of security concerns. For example, SNMPv1 and SNMPv2c offer no inherent privacy, while SNMPv3 is susceptible to man-in-the-middle attacks. Recent IETF developments suggests tunnelling SNMP over widely accepted technologies such as SSH (Secure Shell) or TLS (Transport Layer Security) rather than relying on a less mature security systems such as SNMPv3's USM (User-based Security Model). - Page 280 Opengear and will be used in response to requests for the SNMPv2-MIB::sysLocation.0 of the device. The Contact field refers to the person responsible for the Opengear such as the System Administrator and will be used in response to requests as follows: SNMPv2-MIB::sysContact.0.
- Page 281 Setup serial ports and devices as per operational requirements such as UPS, RPC/PDU and EMD Copy the mibs from /etc/snmp/mibs on the Opengear product to a local directory using scp or Winscp. For example: scp root@im4004:/etc/snmp/mibs/* Using the snmpwalk and snmpget commands, the status information can be retrieved from any console server.
- Page 282 KCS Client Configuration Chapter 16: snmpget -Oa -v1 -M .:/usr/share/snmp/mibs -c public im4004 OG-STATUSMIB:: ogSerialPortStatusSpeed.2 noauth snmpwalk -Oa –v3 –l noAuthNoPriv –u readonlyusername -M .:/usr/share/snmp/mibs im4004 OG-STATUS- MIB::ogStatus auth snmpwalk -Oa –v3 –l authNoPriv –u readonlyusername –a SHA –A “authpassword” -M .:/usr/share/snmp/mibs im4004 OG-STATUS-MIB::ogStatus priv snmpwalk -Oa –v3 –l authNoPriv –u readonlyusername –a SHA –A “authpassword”...
- Page 283 Authentication Protocol – SHA or MD5 Authentication Password Privacy Protocol – DES or AES Privacy Password A mib browser may be used to explore the Opengear enterprise MIB structure. For example, the ogStatus tree is shown below: Console Server & Router User Manual...
-
Page 284: Etc/Config/Snmpd.conf
SNMP Service is enabled through the Web Based Management Console this configuration file will be overidden and you will lose any customization. Changing standard system information such as system contact, name and location can be achieved by editing /etc/config/snmpd.conf file and locating the following lines: sysdescr "opengear" syscontact root <root@localhost>(configure /etc/default/snmpd.conf) sysname Not defined (edit /etc/default/snmpd.conf) syslocation Not defined (edit /etc/default/snmpd.conf) -
Page 285: Adding Multiple Remote Snmp Managers
15.5.5 Adding multiple remote SNMP managers You can add multiple SNMP servers for alert traps add the first and second SNMP servers using the Management Console (refer Chapter 7) or the command line config tool. Further SNMP servers must be added manually using config. Log in to the console server’s command line shell as root or an admin user. -
Page 286: Secure Shell (Ssh) Public Key Authentication
Tatu Ylonen's sample implementation with all patent-encumbered algorithms removed (to external libraries), all known security bugs fixed, new features reintroduced and many other clean-ups. http://www.openssh.com/ The only changes in the Opengear SSH implementation are: PAM support... -
Page 287: Installing The Ssh Public/Private Keys (Clustering)
The key fingerprint is: 28:aa:29:38:ba:40:f4:11:5e:3f:d4:fa:e5:36:14:d6 user@server You must ensure there is no password associated with the keys. If there is a password, then the Opengear devices will have no way to supply it as runtime. Full documentation for the ssh-keygen command can be found at http://www.openbsd.org/cgi-bin/man.cgi?query=ssh- keygen 15.6.3 Installing the SSH Public/Private Keys (Clustering) - Page 288 AAAAB3NzaC1yc2Efg4+tGHlAAA== name@client1 If the Opengear device selected to be the server will only have one client device, then the authorized_keys file is simply a copy of the public key for that device. If one or more devices will be clients of the server, then the authorized_keys file will contain a copy of all of the public keys.
-
Page 289: Generating Public/Private Keys For Ssh (Windows)
15.6.5 Generating public/private keys for SSH (Windows) This section describes how to generate and configure SSH keys using Windows. First create a new user from the Opengear Management (the following example uses a user called "testuser") making sure it is a member of the "users" group. -
Page 290: Fingerprinting
Test the Public Key by logging in as "testuser" Test the Public Key by logging in as "testuser" to the client Opengear device and typing (you should not need to enter anything): # ssh -o StrictHostKeyChecking=no <server-ip>... -
Page 291: Ssh Tunneled Serial Bridging
To receive the fingerprint from the remote server, log in to the client as the required user (usually root) and establish a connection to the remote host: # ssh remhost The authenticity of host 'remhost (192.168.0.1)' can't be established. RSA key fingerprint is 8d:11:e0:7e:8a:6f:ad:f1:94:0f:93:fc:7c:e6:ef:56. Are you sure you want to continue connecting (yes/no)? At this stage, answer yes to accept the key. - Page 292 KCS Client Configuration Chapter 16: Next you will need to set up SSH keys for each end of the tunnel and upload these keys to the Server and Client console servers. Client Keys: The first step in setting up ssh tunnels is to generate keys. Ideally, you will use a separate, secure, machine to generate and store all keys to be used on the console servers.
-
Page 293: Sdt Connector Public Key Authentication
Your public key has been saved in /home/user/.ssh/id_[rsa|dsa].pub. The key fingerprint is: 28:aa:29:38:ba:40:f4:11:5e:3f:d4:fa:e5:36:14:d6 user@server It is advisable to create a new directory to store your generated keys. It is also possible to name the files after the device they will be used for. For example: $ mkdir keys $ ssh-keygen -t rsa Generating public/private rsa key pair. -
Page 294: Secure Sockets Layer (Ssl) Support
KCS Client Configuration Chapter 16: SDT Connector will now use public key authentication when SSH connecting through the console server. You may have to restart SDT Connector to shut down any existing tunnels that were established using password authentication. If you have a host behind the console server that you connect to by clicking the SSH button in SDT Connector, you can also configure it for public key authentication. -
Page 295: Installing The Key And Certificate
You will be prompted to enter a lot of information. Most of it doesn't matter, but the "Common Name" should be the domain name of your computer (e.g. test.opengear.com). When you have entered everything, the certificate will be created in a file called ssl_cert.pem. - Page 296 KCS Client Configuration Chapter 16: powerman [-option] [targets] pm [-option] [targets] Options -1, --on Power ON targets. -0, --off Power OFF targets. -c, --cycle Power cycle targets. -r, --reset Assert hardware reset for targets (if implemented by RPC). -f, --flash Turn beacon ON for targets (if implemented by RPC).
-
Page 297: The Pmpower Tool
The PDU UPS and IPMI power devices are variously controlled using the open source PowerMan, IPMItool or Network UPS Tools and Opengear’s pmpower utility arches over these tools so the devices can be controlled through the one command line: pmpower [-?h] [-l device | -r host] [-o outlet] [-u username] [-p password] action -?/-h This help message. -
Page 298: Ipmitool
KCS Client Configuration Chapter 16: <cycle>script to cycle power</cycle> <status>script to write power status to /var/run/power-status</status> <speed>baud rate</speed> <charsize>character size</charsize> <stop>stop bits</stop> <parity>parity setting</parity> </powerstrip> The id appears on the web page in the list of available devices types to configure. The outlets describe targets that the scripts can control. - Page 299 DESCRIPTION This program lets you manage Intelligent Platform Management Interface (IPMI) functions of either the local system, via a kernel device driver, or a remote system, using IPMI V1.5 and IPMI v2.0. These functions include printing FRU information, LAN configuration, sensor readings, and remote chassis power control. IPMI management of a local system interface requires a compatible IPMI kernel driver to be installed and configured.
- Page 300 KCS Client Configuration Chapter 16: platform information. To reduce vulnerability it is strongly advised that the IPMI LAN interface only be enabled in 'trusted' environments where system security is not an issue or where there is a dedicated secure 'management network' or access has been provided through an console server.
-
Page 301: Custom Development Kit (Cdk)
As detailed in this manual customers can copy scripts, binaries and configuration files directly to the console server. Opengear also freely provides a development kit which allows changes to be made to the software in console server firmware image. The customer can use the CDK to: ... -
Page 302: Sms Server Tools
For more information refer http://smstools3.kekekasvi.com or the online Opengear faq.html 15.14 Multicast By default, all Opengear console servers come with Multicasting enabled. Multicasting provides Opengear products with the ability to simultaneously transmit information from a single device to a select group of hosts. -
Page 304: Appendix A: Linux Commands & Source Code
Opengear console servers are built on the 2.6 uCLinux kernel as developed by the uCLinux project (except for SD4001/4002 and CM4008 which have less flash and use 2.4 uCLinux kernel). This is GPL code and source can be found at http://cvs.uclinux.org. - Page 305 Send ICMP ECHO_REQUEST packets to network hosts ping6 IPv6 ping pkill Sends a signal to process(es) selected by regex pattern pmchat Opengear command similar to the standard chat command (via portmanager) pmdeny pminetd Console Server & Router User Manual...
- Page 306 Linux Commands & Source Code pmloggerd Opengear command similar to the standard tip or cu but all serial port access is directed via the pmshell portmanager. pmusers Opengear command to query portmanager for active user sessions portmanager Opengear command that handles all serial port access...
- Page 307 There were a number of Opengear tools listed above that make it simple to configure the console server and ensure the changes are stored in the console server's flash memory etc. These commands are covered in the previous chapters and include: ...
- Page 308 Linux Commands & Source Code Note: The software included in each Opengear console server contains copyrighted software that is licensed under the GPL (refer Appendix F for a copy of the GPL license). You may obtain the latest snapshot source code package...
- Page 309 function NAME { COMMANDS ; } or unset [-f] [-v] [name ...] until COMMANDS; do COMMANDS; getopts optstring name [arg] done hash [-r] [-p pathname] [name ...] variables - Some variable names an help [-s] [pattern ...] wait [n] history [-c] [-d offset] [n] or hi while COMMANDS;...
-
Page 310: Appendix B: Hardware Specification
Hardware Specification APPENDIX B: Hardware Specification FEATURE VALUE Dimensions ACM5002/3/4(-2) (-M/W/G): 4.1x3.4x1.1 in (10.3 x 8.7 x 2.8 cm) ACM5504/8-2/5(-M/G/I): 6.5 x 4 x 1.4 in (16.6 x 10.2 x 2.8 cm) IM4208/16/32/48: 17 x 12 x 1.75 in (43.2 x 31.3. x 4.5 cm) IM4216-34: 17 x 12 x 1.75 in (43.2 x 31.3. - Page 311 CM4148: 48 RJ-45 RS-232 serial ports * CM4008: 8 RJ-45 RS-232 serial ports * SD4002/CM4001: 2 DB-9 RS-232 serial port SD4001: 1 DB-9 selectable RS-232/422/485 serial port * models also have 1 DB-9 RS-232 console/ modem serial port Serial Baud Rates RJ45 ports - 50 to 230,400bps DB9 port - 2400 to 115,200 bps Ethernet Connectors...
-
Page 312: Appendix C: Safety & Certifications
Please take care to follow the safety precautions below when installing and operating the console server: Do not remove the metal covers. There are no operator serviceable components inside. Opening or removing the cover may expose you to dangerous voltage which may cause fire or electric shock. Refer all service to Opengear qualified personnel To avoid electric shock the power cord protective grounding conductor must be connected through to ground. -
Page 314: Appendix D: Connectivity, Tcp Ports & Serial I/O
Serial Port Pinout Opengear's console servers come with one to forty eight serial connectors (notated SERIAL or SERIAL PORTS) for the RS232 serial ports: The SD4001 and SD4002/CM4001 models have DB9 serial port connectors. - Page 315 To connect the LOCAL console ports to modems (for out of band access) use the 319004 adaptor with standard UTP Cat 5 cable. Each Opengear console server is supplied with UTP Cat 5 cables. Console Server & Router User Manual...
- Page 316 Connectivity, TCP Ports & Serial I/O RS232 Standard Pinouts The RS232 pinout standards for the DB9 (and DB25) connectors are tabled below: DB25 SIGNAL DEFINITION Protective Ground Transmitted Data Received Data Request To Send Clear To Send Data Set Ready Signal Ground Received Line Signal Detector Reserved for data set testing...
- Page 317 Connectors included in console server The ACM5000 and ACM5500 families and the IM4208/16/32/48-02 and IM4216-34-02 have the Cisco pinout and ship with “cross-over”/ “straight” RJ45-DB9 connectors: DB9F-RJ45S straight connector Part # 319014 DB9F-RJ45S cross- over connector Part # 319015 The CM4008/4116/4148, IM4208/16/48 (Classic) and IM4004-5 all have the Opengear Classic pinout and ship with a “cross-over”...
- Page 318 Part # 319001 Other available connectors and adapters Opengear also supplies a range of cables and adapters that will enable you to easily connect to the more popular servers and network appliances. More detailed information can be found online at http://www.opengear.com/cabling.html...
- Page 319 For console servers with Cisco pinouts: 319014 DB9F to RJ45 straight Console server with Cisco pinout to IP Power and other serial device 319015 DB9F to RJ45 DCE Adapter - Console server with Cisco pinout to to X86 and other crossover 319016 DB9M to RJ45 straight DTE Adapter - Console server with Cisco pinout to Netscreen and Dell...
- Page 320 Connectivity, TCP Ports & Serial I/O Serial Port Pinouts –ACM5004-2-I, ACM5504-5-G-I and ACM5508-2-I Each serial RJ-45 ports on these models can be software selected to be RS-232, RS-422 or RS-485. Signal Direction RS422 Signal Description For RS232 they have the Cisco pinout Input Receive Data ...
- Page 321 Serial Port Pinouts –SD4001 The SD4001 has one DB9 serial port that can selected to be an RS232, RS485 or RS422 port. By default the SD4001 is configured in RS232 mode (with a vertical jumper in place on the left hand SEL pins). To set the port in RS422 or RS485 mode you must remove the SEL jumper and then configure the Signaling Protocol using the Management Console.
- Page 322 Connectivity, TCP Ports & Serial I/O RS-422 uses a full duplex transmit on TX+ (Transmit Data +) / TX- (Transmit Data -) pair, receive on RX+ (Receive Data +) / RX- (Receive Data –) pair. RS-485 uses half duplex over single pair. For RS-485 which is a 2-wire bus that drives D+ and D- from a native 4-wire interface you need to loop 3-6 and 2-7 on the DB-9.
-
Page 324: Appendix E: Terminology
Terminology APPENDIX E: TERMINOLOGY TERM MEANING Access Point Name (APN) is used by carriers to identify an IP packet data network that a mobile data user wants to communicate with and the type of wireless service Authentication Authentication is the technique by which a process verifies that its communication partner is who it is supposed to be and not an imposter. - Page 325 Gateway A machine that provides a route (or pathway) to the outside world. A network device that allows more than one computer to be connected as a LAN, usually using UTP cabling. Internet A worldwide system of computer networks - a public, cooperative, and self-sustaining network of networks accessible to hundreds of millions of people worldwide.
- Page 326 Terminology Point-to-Point Protocol. A networking protocol for establishing simple links between two peers. RADIUS The Remote Authentication Dial-In User Service (RADIUS) protocol was developed by Livingston Enterprises as an access server authentication and accounting protocol. The RADIUS server can support a variety of methods to authenticate a user.
- Page 327 network. Virtual Private Network (VPN) a network that uses a public telecommunication infrastructure and Internet, to provide remote offices or individual users with secure access to their organization's network Wide Area Network WINS Windows Internet Naming Service (WINS) that manages the association of workstation names and locations with IP addresses Console Server &...
-
Page 328: Appendix F: End User License Agreements
(“Software”). By installing, copying, downloading, accessing, or otherwise using the Software, you agree to be bound by the terms of this EULA. If you do not agree to the terms of this EULA, Opengear is not willing to license the Software to you. - Page 329 Opengear or its authorized retailer. Proof of date of purchase will be required. Any updates to the Software provided by Opengear (which may be provided by Opengear at its sole discretion) shall be governed by the terms of this EULA. In the event the product fails to perform as warranted, Opengear’s sole obligation shall be, at Opengear’s discretion, to refund the purchase price paid...
- Page 330 License Agreement GNU GENERAL PUBLIC LICENSE Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc. 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0.
- Page 331 a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange;...
- Page 332 END OF TERMS AND CONDITIONS Wireless Driver License The Opengear firmware includes 802.11 driver code which is used in various console server models. This code is: Copyright (c) 2007, Ralink Technology Corporation All rights reserved. Redistribution and use in binary form, without modification, are permitted provided that the following conditions are met:...
- Page 333 AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH...
-
Page 334: Appendix G: Service & Standard Warranty
Purchaser) under normal and proper use and service for the period of four (4) years from the date of original purchase from an Authorized Opengear reseller. In the event that this product fails to meet this warranty within the... - Page 335 Opengear, the Purchaser shall not be entitled to receive any incidental damages as that term is defined in Section 2-715 of the Uniform Commercial Code. Opengear waives the benefit of any rule that disclaimer of warranty shall be construed against Opengear and agrees that such disclaimers herein shall be construed liberally in favor of Opengear.
Need help?
Do you have a question about the ACM5000 and is the answer not in the manual?
Questions and answers