Table of Contents
Advertisement
Advertisement
Table of Contents
Troubleshooting
Subscribe to Our Youtube Channel
Related Manuals for Cyclades AlterPath ACS
Summary of Contents for Cyclades AlterPath ACS
- Page 1 AlterPath ™ Command Reference Guide Software Version 2.6.0 Cyclades Corporation 3541 Gateway Boulevard Fremont, CA 94538 USA 1.888.CYCLADES (292.5233) 1.510.771.6100 1.510.771.6200 (fax) http://www.cyclades.com Release Date: November 2005 Part Number: PAC0193 v.02...
- Page 2 © 2005 Cyclades Corporation, all rights reserved Information in this document is subject to change without notice. The following are registered or registration-pending trademarks of Cyclades Corporation in the United States and other countries: Cyclades and AlterPath. All trademarks, trade names, logos and service marks referenced herein, even when not specifically marked as such, belong to their respective companies and are not to be considered unprotected by law.
-
Page 3: Table Of Contents
Table of Contents ................Preface Purpose ............1 Audience and User Levels . - Page 4 To Enable a Serial Port [vi method] ....... 22 Chapter 2 - Device Access Accessing Serial Ports .
- Page 5 Configuring an LDAP server on Linux ......71 Configuring the AlterPath ACS side ....... 73 Active Directory .
- Page 6 Configuring a RADIUS authentication server ......78 Configuring the authorization on ACS to access the serial ports [CLI] ..79 Configuring an LDAP authentication server.
- Page 7 VI mode ........... . 110 CLI Method - DNS and Domain Name .
- Page 8 "Road Warrior" configuration........135 Necessary Information .
- Page 9 How Syslog Messages are generated ........178 Generated Syslog Messages .
- Page 10 Power Management Configuration ........217 Prerequisites for Power Management .
- Page 11 Removing the configuration from a Ethernet PCMCIA device ..255 CLI Method - Ethernet PCMCIA ....... . 255 Wireless LAN PC Cards .
- Page 12 To configure a menu shell ........314 Using the CLI interface to configure common parameters.
- Page 13 Basic File Manipulation ........351 The vi Editor .
- Page 14 Cable #4: Cyclades RJ-45 to Cyclades RJ-45, straight-through ... . . 383 Cable #5: Cyclades/Sun Netra Cable ....... . . 383 Adapters .
- Page 15 OpenSSH............392 OpenSSL .
- Page 16 xvi | Table of Contents...
-
Page 17: Preface
Local and Wide Area Networking. UNIX and Linux users will find the configuration process very familiar. It is not necessary to be a UNIX expert, to get the AlterPath ACS up and running. There are two audiences or user levels for this manual: New Users These are users new to Linux and/or UNIX with a primarily PC/Microsoft background. -
Page 18: Power Users
Power Users These are UNIX/Linux experts who will use this manual mostly for reference. Power Users can choose between configuring the AlterPath ACS via Web browser, vi, or CLI. The AlterPath ACS is based on an embedded Linux operating system. Configurations are done using the vi text editor or the Command Line Interface (CLI). -
Page 19: How To Use The Cli (Command Line Interface)
1.3 How to use the CLI (Command Line Interface) Throughout the manual a number of features can be configured using the CLI interface instead of the vi editor. The CLI, or Command Line Interface tool is preferred by many network and system administrators since it allows for automation of configuration through scripting and provides a simple way to document and record a systems configuration. -
Page 20: Interactive Mode
4. Specifying a parameter to be changed. For example: cli> network hostsettings hostsettings> dhcp yes Interactive Mode The CLI has some features in order to easy its use. All of them are described in the lines below: 1. AutoComplete of keywords using the tab key. 2. -
Page 21: Cli Arguments And Its Meanings
You see: hostsettings> domain cyclades.com 5. Special Keywords These words are global and can be used in any state. For these special keywords to work, they must be entered first before the rest of the keywords for that state, or they must be the only word in the command line. -
Page 22: List Of Cli Keywords
as the “root” or “admin” has a choice to abort the session or close the other user’s session. If there are cron jobs running through automated scripts, a “root” or “admin” user login can cause the automated cron jobs to fail. Make sure that the users with administrative privileges are aware of this. -
Page 23: Cli Keywords
Table 1.1: CLI Keywords administration backupconfig To restore/save configurations from/to a FTP server or a storage device. sessions manage sessions kill - End a session to a specific serial port. list - Display the list of current serial port connections. upgradefw To upgrade the firmware Provide a domain name or the IP... - Page 24 Table 1.1: CLI Keywords pcmcia To configure supported PCMCIA cards. snmp To configure SNMP server. stroutes To setup routes manually for data routing to other subnets. syslog To setup a syslog server for logging system messages. To setup a VPN connection. physicalports To configure serial ports individually or collectively.
-
Page 25: How To Use This Guide
This guide is organized into the following sections: • Basic Network Configuration describes the basic configuration procedures to make the AlterPath ACS operational and available on the network. It includes configuring the network parameters, logging in and selecting a security profile. • Device Access contains the ways to access the serial ports, depending on the protocol you configured for that serial port. -
Page 26: Conventions And Symbols
1.5 Conventions and Symbols This section explains the significance of each of the various fonts, formatting, and icons that appear throughout this guide. Fonts This guide uses a regular text font for most of the body text and Courier for data that you would input, such as a command line instruction, or data that you would receive back, such as an error message. -
Page 27: Brackets And Hyphens (Dashes)
Brackets and Hyphens (dashes) The brackets ([])indicate that the parameter inside them is optional, meaning that the command will be accepted if the parameter is not defined. When the text inside the brackets starts with a dash (-) and/or indicates a list of characters, the parameter can be one of the letters listed within the brackets. -
Page 28: Cautionary And Instructional Information
where <outlet list>'s format is: [<outlet number>|<outlet start>-<outlet end>][,<outlet number>|<outlet start>-<outlet end>]... Cautionary and Instructional Information Note boxes contain instructional or cautionary information that the reader especially needs to bear in mind. There are three levels of information: WARNING: A very important type of tip or warning. Do not ignore this information. An important tip that should be read. - Page 29 This page has been left intentionally blank. | 13...
- Page 30 14 | Preface...
-
Page 31: Basic Network Configuration
................This chapter describes the procedures for setting up the basic network configuration to make AlterPath ACS available on the network. In addition, it provides procedures to login, change the default password, and setup the security profile. Configuring network setting using the vi method or the CLI method are described in... -
Page 32: Networking Settings
This following section describes how to configure the network parameters using the wiz command, vi, or CLI where applicable. The instructions assume that you are installing a new AlterPath ACS in your network, or you are restarting an existing unit from factory default parameters. -
Page 33: Use The Wiz Command To Configure Network Parameters
2. That you SELECT A SECURITY PROFILE to complete the INITIAL SETUP. Security is dependent on Policy and is Configurable to fit in environments with varying levels of Security. Cyclades provides three pre- set Security Levels: SECURED, MODERATE and OPEN, and in addition, the ability to set a CUSTOM Security Profile. - Page 34 W I Z A R D** ********************************************** Current configuration: Hostname: CAS DHCP: disabled System IP: 192.168.48.11 Domain name: cyclades.com Primary DNS Server: 192.168.44.21 Second DNS Server: # Gateway IP: 192.168.48.1 Network Mask: 255.255.252.0 Set to defaults? (y/n) [n]: Set to defaults? (y/n) [n]: Step 2 - At the prompt, enter n to change the defaults.
- Page 35 Are all these parameters correct? (y/n)[n]: y Do you want to activate your configurations now? (y/n)[y]: y Do you want to save your configuration to Flash? (y/n)[n]: y Step 11 - To confirm the configuration, enter the ifconfig command. AlterPath ACS Command Reference Guide...
-
Page 36: Selecting A Security Profile
Basic Network Configuration 1.2 Selecting A Security Profile A security profile must be selected before proceeding further with configuration of ACS. For detailed information on security profiles see ACS Installation, Administration, and User Guide. To Select a Security Profile Select a pre-defined Security Profile, or define a Custom profile for specific services. The available profiles are: •... - Page 37 22 root_access: yes snmp: no .[web] http: yes https: yes http_port: 80 https_port: 443 http2https: yes rpc: no ipsec: no icmp: yes .[ports] ssh2sport: yes telnet2sport: yes raw2sport: yes auth2sport: no bidirect: yes AlterPath ACS Command Reference Guide...
-
Page 38: Enabling Serial Ports
Basic Network Configuration 1.3 Enabling Serial Ports From the factory ACS is configured with all serial ports disabled. To Enable a Serial Port [vi method] Step 1 - From the terminal window navigate to the portslave directory to edit the pslave.conf file. -
Page 39: Chapter 2 Device Access
Chapter 2 Device Access Chapter 2 - Device Access ................This chapter will introduce all the possible ways to access the serial ports of the ACS. From this point is considered that the unit is properly configured using one of the possible profiles (CAS or TS). -
Page 40: Accessing Serial Ports
Device Access 2.1 Accessing Serial Ports There are four ways to access serial ports, depending on the protocol you configured for that serial port: setting all.protocol to socket_server for Telnet access, setting it to socket_ssh for SSH access, or setting it to socket_server_ssh both. An administrator can access the serial port by statically addressing it (using TCP port number, alias name, or IP address) or by accessing the next free serial port available from an existent pool (by using the pool's TCP port number, alias or IP address). -
Page 41: Opening And Closing An Ssh Session To A Serial Port
Serial Console Server Connection Menu for your Master Terminal Server 1 ttyS1 2 ttyS2 3 ttyS3 4 ttyS4 5 ttyS5 6 ttyS6 7 ttyS7 8 ttyS8 Type 'q' to quit, a valid option[1-8], or anything else to refresh: AlterPath ACS Command Reference Guide... -
Page 42: Calling Ts_Menu With Arguments
Device Access Calling ts_menu with arguments Apart from calling ts_menu with no arguments (which directs the user to the traditional ts_menu interface) this application can be used with the following command line arguments: ts_menu [-u<user>] [-l[c]] [-ro] [-s] [-auth] [<console port>] The meaning of each argument is: •... -
Page 43: How To Close The Session From Ts_Menu (From The Console Of Your Unit)
"."(dot). To close an SSH session the escape character followed by a “.” must be entered at the beginning of a line. CLI Mode - ts_menu You can call ts_menu from the CLI interface. AlterPath ACS Command Reference Guide... - Page 44 Device Access Step 1 - Open the CLI interface by issuing the command: # CLI Step 2 - Call the menu. To call the ts_menu, access the following menu: cli> applications connect [Enter] A screen similar to the following appears: Serial Console Server Connection Menu for your Master Terminal Server 1 PM 2 ttyS3...
-
Page 45: Data Buffering
(all.dont_show_DBmenu or sxx.dont_show_DBmenu must be 2), cleared, and data transmission is resumed. Linear buffering is impossible if flow control is set to none. Default is cir. AlterPath ACS Command Reference Guide... -
Page 46: How To Configure
Device Access How to Configure VI mode - Parameters Involved and Passed Values To configure Data Buffering, follow the steps bellow: Step 1 - Open the /etc/portslave/pslave.conf file. All parameters related to Data Buffering are in the pslave.conf file. Change the desired parameters according to the table below: Parameter Description... - Page 47 The file /etc/syslog-ng/syslog-ng.conf should be set accordingly for the syslog-ng to take some action. For more information about it consult “Syslog-ng” on page 161. Table 2.1: Data buffering parameters in /etc/portslave/pslave.conf file AlterPath ACS Command Reference Guide...
-
Page 48: Cli Method - Data Buffering
Device Access Parameter Description all.syslog_sess This parameter determines whether syslog is generated when a user is connected to the port or not. Originally, syslog is always generated whether the user is connected to the port or not. Now, ACS administrators have the option to NOT have syslog generate messages when there is a user connected to a port. - Page 49 Step 4 - Save the configuration. cli> config savetoflash Step 5 - Exiting the CLI mode. To exit the CLI mode and return to ACS’s shell, type the following command: cli> quit AlterPath ACS Command Reference Guide...
-
Page 50: Menu Shell
Device Access 2.3 Menu Shell This application allows you to customize the menu presented to users when they connect to the ACS from a dumb terminal. The menu can be set up to allow users to connect to different servers; thereby, making it quick and easy for users to connect to the those servers on the LAN. -
Page 51: Setting Up The Menu Shell
To configure which ports will prompt the menu shell and if it will require authentication to gain access to it, follow the steps bellow: Step 1 - If no authentication is required to gain access to the menu. AlterPath ACS Command Reference Guide... -
Page 52: Cli Method - Terminal Profile Menu
Device Access Configure the following parameters in /etc/portslave/pslave.conf for the ports that will use this menu shell. s<x>.protocol telnet conf.telnet /bin/menush s<x>.authtype none Where <x> is the port number being configured. Step 2 - If authentication is required to gain access to the menu The users default shell must be modified to run the /bin/menush. - Page 53 Step 3 - Activate the configuration. cli>config runconfig Step 4 - Save the configuration. cli> config savetoflash Step 5 - Exiting the CLI mode. To exit the CLI mode and return to ACS’s shell, type the following command: cli> quit AlterPath ACS Command Reference Guide...
-
Page 54: Clustering Using Ethernet Interface
Device Access 2.4 Clustering using Ethernet Interface Clustering is available for the ACS with firmware versions 2.1.0 and up. It allows the stringing of Terminal Servers so that one Master ACS can be used to access all ACS‘s on a LAN. The Master ACS can manage up to 1024 serial ports, so that the following can be clustered: An example with one Master and two Slave is shown in the following figure: Figure 2.1 - An example using the Clustering feature... - Page 55 An alias for this port. (This is an optional server_on_slave1_ parameter). serial_s1 s33.ipno This parameter must be created in the Master 0.0.0.0 ACS file for every Slave port, unless configured using all.ipno. Table 2.2: Master configuration (where it differs from the CAS standard) AlterPath ACS Command Reference Guide...
- Page 56 Device Access Examples/ Valid Parameter Description Values s34.tty See s33.tty. 20.20.20.2:7034 s34.alias An alias for this port. server_on_slave1_ serial_s2 s34.ipno See s33.ipno. 0.0.0.0 s35.tty See s33.tty. 20.20.20.2:7035 s35.alias An alias for this port. server_on_slave1_ serial_s3 s35.ipno See s33.ipno. 0.0.0.0 etc. for s36-s64 s65.tty The format of this parameter is 20.20.20.3:7301...
- Page 57 # saveconf Step 5 - Accessing the ports. To access ports from the remote management workstation, use Telnet with the secondary IP address. To access the first port of the Master ACS: # telnet 209.81.55.110 7001 AlterPath ACS Command Reference Guide...
- Page 58 Device Access To access the first port of the Slave1 ACS: # telnet 209.81.55.110 7033 To access the first port of the Slave2 ACS: # telnet 209.81.55.110 7301 SSH can also be used from the remote management workstation. To access the third port of Slave 2: # ssh -l <username>:Server_on_slave2_serial_s3 209.81.55.110 To access the fifth port of Slave 2: # ssh -l <username>:7305 209.81.55.110...
-
Page 59: Clustering Using Nat (Enhanced)
The Master ACS box will issue a series of iptables commands to populate the nat table with the necessary rules to perform NAT translation for remote ports. Two chains will be created: • post_nat_cluster (to change the source IP address) • pre_nat_cluster (to change the destination IP address) AlterPath ACS Command Reference Guide... -
Page 60: Examples
Device Access The ACS administrator must enable clustering via NAT in pslave.conf (conf.nat_clustering_ip <clustering_ip>). # iptables -D PREROUTING -t nat -p tcp -j pre_nat_cluster # iptables -D POSTROUTING -t nat -p tcp -j post_nat_cluster # iptables -t nat -F post_nat_cluster # iptables -t nat -F pre_nat_cluster # iptables -t nat -X pre_nat_cluster # iptables -t nat -X post_nat_cluster... - Page 61 # ssh -l <username2>:<server2> <slave1_ip> If the parameter <master_port> defines the local IP address assigned to the serial port, the command can be simplified: # ssh -l <username1> -p 7101 <master_ip> # ssh -l <username2> -p 7102 <master_ip> AlterPath ACS Command Reference Guide...
-
Page 62: General Configuration
Device Access And it will have respectively the same result as the commands below issued from a local workstation: # ssh -l <username1> <slave1_port1_ip> # ssh -l <username2> <slave2_port1_ip> In the old clustering implementation <username?> and <server?> must be valid in NOTE: the Master box. -
Page 63: Master Box Configuration
7001+ s[1-32].tty ttyS[1-32] #Remote CAS serial ports, slave-1 (32 socket_ssh ports). This kind of #configuration can be used for ssh only; just one entry is necessary. File Description 2.2: Master box: /etc/portslave/pslave.conf AlterPath ACS Command Reference Guide... -
Page 64: Slave-1 Box Configuration
Device Access s33.tty 192.168.170.2 s33.socket_port 7000 s65.protocol socket_server s66.protocol socket_server s96.protocol socket_server # Remote CAS serial ports, slave-2 (32 socket_server ports) s65.tty 192.168.170.3:7101 s66.tty 192.168.170.3:7102 ..s96.tty 192.168.170.3:7132 s65.socket_port 8001 s66.socket_port 8002 s96.socket_port 8032 # Remote CAS serial ports, slave-3 (32 socket_ssh ports) s97.tty 192.168.170.101 s98.tty 192.168.170.102 s99.tty 192.168.170.103... -
Page 65: Slave-2 Box Configuration
File Description 2.4: Slave2 box: /etc/portslave/pslave.conf Slave-3 box Configuration All mentioned instructions must be made in the /etc/portslave/pslave.conf file of the third Slave box: #Slave-3 box Configuration # Primary ethernet IP address File Description 2.5: Slave2 box: /etc/portslave/pslave.conf AlterPath ACS Command Reference Guide... -
Page 66: Example Of Starting Cas Session Commands
Device Access conf.eth_ip 192.168.170.4 conf.eth_mask 255.255.255.0 conf.eth_mtu 1500 # Local CAS serial ports (32 socket_ssh ports) all.protocol socket_ssh all.authtype local all.ipno 192.168.170.101+ s[1-32].tty ttyS[1-32] File Description 2.5: Slave2 box: /etc/portslave/pslave.conf Example of starting CAS session commands The alias, socket_port, or tty must be provided to select which serial port is to be connected to in the Slave box 1. - Page 67 <n.n.n.n> Where n.n.n.n is the IP address of the configured virtual port. Step 7 - Exiting the CLI mode. To exit the CLI mode and return to ACS’s shell, type the following command: cli> quit AlterPath ACS Command Reference Guide...
- Page 68 Device Access...
-
Page 69: Chapter 3 - Authentication
Chapter 3 Authentication Chapter 3 - Authentication ................This chapter presents the procedures for assigning and configuring the authentication service(s) that the ACS, system or any of its components and devices will be using. Authentication is the process by which the system, or more specifically, an authentication service such as Kerberos, Ldap or Tacacs, verifies the identity of users (to verify who they claim to be) as well as to confirm receipt of communication to authorized recipients. -
Page 70: Authentication Parameters In /Etc/Portslave/Pslave.conf
Authentication Parameter Description all.authtype Type of authentication used. There are several authentication type options: • None (no authentication) This option is invalid when the serial port is configured for Power Management. The system defaults to “Local” if no authentication type is selected. •... - Page 71 “Downlocal" equivalent would be configured in the /etc/nsswitch.conf file, not in the /etc/portslave/pslave.conf file. Note that this parameter controls the authentication required by the AlterPath ACS. The authentication required by the device to which the user is connecting is controlled separately. Table 3.1: Authentication parameters in /etc/portslave/pslave.conf...
-
Page 72: Authentication Servers And File Path
Authentication 3. Insert the users in the file /etc/ppp/chap-secrets. 4. Insert the file /etc/ppp/chap-secrets in the file /etc/config_files. 5. Execute the saveconf command. Step 2 - Configuring an authentication server. The parameters for each type of authentication server is stored in its own configuration file on ACS. -
Page 73: Cli Method - Authentication
To configure user access to the serial ports Step 1 - Open the CLI interface by issuing the command: # CLI Step 2 - Navigate to the following path. cli>config security This menu lets you execute the following actions: AlterPath ACS Command Reference Guide... -
Page 74: To Configure Authentication Type For Device Console Access
- To delete an existing user, it is necessary to inform the user you want to delete by specifying the <username> parameter. Example: security>deluser username cyclades • loadkey - This options allows you to get the user’s public key via scp. The user must be enrolled in the local database of the unit. -
Page 75: To Configure An Authentication Server
Step 4 - Configure an authentication server. #config security authentication <server option> <ip address> To activating the configuration. cli> config runconfig To save the configuration. cli> config savetoflash To exit the CLI mode. cli> quit AlterPath ACS Command Reference Guide... -
Page 76: Access Control Via Radius Attribute Nas-Port-Id
Authentication Access Control via Radius Attribute NAS-Port-id This feature provides an additional way to control the access to serial ports other than the one based in usernames or groups. The authentication type must be Radius for this feature to function. The Radius server administrator must configure the user (in the radius server database) with one NAS-PORT-id attribute for each serial port that the user is allowed to access. -
Page 77: Nis Client Configuration
Change the /etc/nsswitch.conf file ("System Databases and Name service Switch "configuration file) to include the NIS in the lookup order of the databases. Step 4 - Configure the parameter "<all/sxx>.authype" as "local". How to Test the Configuration To test the configuration do the following: AlterPath ACS Command Reference Guide... -
Page 78: Nsswitch.conf File Format
Authentication Step 1 - Start up the following command: # /usr/sbin/ypbind Step 2 - Display the NIS server name. Display the name of NIS server by running the following command: # /usr/bin/ypwhich Step 3 - Display the “all users” entry. Displays the all users' entry in the NIS database by running the following command: # /usr/bin/ypcat -t passwd.byname... -
Page 79: Examples
6. You wish to authenticate the user first using NIS. If the user was not found or the NIS server is down, then use the local database: passwd: nis [UNAVAIL=continue TRYAGAIN=continue] files shadow: nis [UNAVAIL=continue TRYAGAIN=continue] files group: nis [UNAVAIL=continue TRYAGAIN=continue] files AlterPath ACS Command Reference Guide... -
Page 80: Kerberos Authentication
Authentication 3.2 Kerberos Authentication Kerberos is a computer network authentication protocol designed for use on insecure networks, based on the key distribution model. It allows individuals communicating over a network to prove their identity to each other while also preventing eavesdropping or replay attacks, and provides for detection of modification and the prevention of unauthorized reading Kerberos Server Authentication with Tickets support... -
Page 81: Acs Configuration
This will prompt a Kerberos server menu. To extract the configured hosts run the following commands in the kadmin menu: kadmin: ktadd host/acs48-2.cyclades.com kadmin: q To list all configured hosts in the Kerberos server, run the command: AlterPath ACS Command Reference Guide... -
Page 82: Test The Configuration
Step 1 - The client must have a kerberized SSH and configure the /etc/ssh/ssh_config file, according to the example below: GSSAPIAuthentication yes GSSAPICleanupCreds yes Step 2 - The client must have the same krb5.conf file present in the Kerberos server. # scp root@kerberos-server.cyclades.com:/etc/krb5.conf /etc/krb5.conf... -
Page 83: Kerberos Server Authentication
Step 6 - Connecting via RLOGIN to the ACS itself, with forwardable tickets (to connect to the ACS ports using ts_menu): # rlogin -l john acs48-2.cyclades.com -F Then run ts_menu to access the desired serial port. Step 7 - Connecting via Telnet to the ACS itself with forwardable tickets (to connect to the ACS ports using ts_menu): telnet -l john acs48-2.cyclades.com -F... - Page 84 # vi /etc/krb5.conf Basically, all the changes needed in this file are related to the network domain. Substitute all listed parameters that are configured with “cyclades.com” with the correspondent domain of your network. Below is an example of the file: [logging] default = FILE:/var/log/krb5libs.log...
- Page 85 0.15s /bin/sh /usr/bin CAS users : 1 USER FROM LOGIN@ PID/Command cyclades ttyS1 192.168.0.143:1503 01:02pm 512/-RW_srv ttyS The last line of the command response shows the user “cyclades” accessing the first serial port of the ACS unit. AlterPath ACS Command Reference Guide...
- Page 86 Authentication Step 5 - Saving changes. To save the configuration, run the command: # saveconf...
-
Page 87: Ldap Authentication
# CA.pl -newca <-- answer questions, you MUST fill in "commonName" # CA.pl -newreq <-- repeat # CA.pl -signreq # mv newreq.pem ldapkey.pem # chmod 0600 ldapkey.pem # mv newcert.pem ldapcert.pem Step 4 - Edit slapd.conf. The basic configuration to make it work is: AlterPath ACS Command Reference Guide... - Page 88 To start the server run the command: # /usr/local/libexec/slapd -h "ldap:/// ldaps:///" This will allow the LDAP server accept both secured mode and non-secure mode. Step 6 - Add entries. Example: ldapadd -x -D "cn=admin,dc=cyclades,dc=com,dc=br" -w bitadmin dn: uid=helio,dc=cyclades,dc=com,dc=br objectClass: person objectClass: uidobject uid: helio...
-
Page 89: Configuring The Alterpath Acs Side
Step 2 - Configure the /etc/ldap.conf file. Edit the following parameters: host 200.246.93.95 <== LDAP server IP address or name base dc=cyclades,dc=com,dc=br <== distinguished name of the search base uri ldaps://200.246.93.95 <== to use secure LDAP File Description 3.3: /etc/ldap.conf configuration Step 3 - Activating and saving the changes made. -
Page 90: What Needs To Be Set In The /Etc/Ldap.conf
# The Distinguished name (In our active directory, the format was set # to Cycladescorporation.local) base dc=CycladesCorporation,dc=local # Here you can insert any user you had created, or the administrator # user. binddn cn=Administrator,cn=Users,dc=Cyclades,dc=local # Password for that user bindpw test123 # PAM login attribute pam_login_attribute sAMAccountName # Update Active Directory password, by creating Unicode password and # updating unicodePwd attribute. -
Page 91: Configuring Authorization With A Tacacs+ Server [Vi]
= 172.32.20.10/ttyS6 port5 = LAB1/ttyS7 port6 = Knuth/ttyS16 Table 3-4: Parameters for Specifying User Authorization on a TACACS+ Server Parameter Description Example Value Defines the username as specified on the ACS. tomj user = <username> AlterPath ACS Command Reference Guide... - Page 92 Authentication Table 3-4: Parameters for Specifying User Authorization on a TACACS+ Server Parameter Description Example Value Optional to specify additional information about "Tom Jones" name = user. <"optional This parameter must include quotes. description"> The maximum number of characters allowed is 256. Adding more than 256 characters stops the server from restarting and produces a "FAILED"...
-
Page 93: Group Authorization
This is the shared secret (password) necessary for communication between the ACS and the TacacsPlus servers. encrypt: The default is 1 which means encryption is enabled. To disable encryption change the value to 0. AlterPath ACS Command Reference Guide... -
Page 94: Configuring The Authorization On Acs To Access The Serial Ports [Cli]
Authentication service: The service that should be enabled. The default is ppp. If you are enabling another service, for example, “raccess” authorization on the TacacsPlus server, then it should be mentioned in this field on ACS. protocol: The default is lcp (line control protocol). Specify another paramter if required. timeout: This is the timeout (in seconds) for a TacacsPlus authentication query to be answered. -
Page 95: Configuring The Authorization On Acs To Access The Serial Ports [Cli]
Configuring the authorization on ACS to access the serial ports [CLI] In CLI mode, enter the following string: cli > config physicalports <serial port number> access users/groups <list of users or group names separated by commas> AlterPath ACS Command Reference Guide... - Page 96 Authentication Save the configuration to flash 2. cli > config > savetoflash...
-
Page 97: Linux-Pam
Linux-PAM configuration file. The management functions are performed by modules specified in the configuration file. Following is a figure that describes the overall organization of Linux-PAM: AlterPath ACS Command Reference Guide... -
Page 98: The Linux-Pam Configuration Directory
Authentication Figure 3.1 - Data flow diagram of Linux-PAM The left of the figure represents the application: Application X. Such an application interfaces with the Linux-PAM library and knows none of the specifics of its configured authentication method. The Linux-PAM library (in the center) consults the contents of the PAM configuration file and loads the modules that are appropriate for Application X. -
Page 99: Configuration File Syntax
Second, the module can grant group membership, independently of the /etc/groups, or other privileges through its credential-granting properties. Table 3.5: /etc/pam.d/ tokens description AlterPath ACS Command Reference Guide... - Page 100 Authentication Token Description • Module-type (cont.) Account - This module performs non-authentication-based account management. It is typically used to restrict or permit access to a service based on the time of day, currently available system resources (maximum number of users) or perhaps the location of the applicant user—‘root’...
-
Page 101: Module Path
/lib/security. Currently, the ACS has the following modules available: Module Name Description pam_access Provides logdaemon style login access control. pam_deny Deny access to all users. Table 3.7: Available PAM modules in the ACS AlterPath ACS Command Reference Guide... - Page 102 Authentication Module Name Description pam_env This module allows the (un)setting of environment variables. The use of previously set environment variables as well as PAM_ITEMs such as PAM_RHOST is supported. pam_filter This module was written to offer a plug-in alternative to programs like ttysnoop.
- Page 103 # switch library and the LDAP PAM module. # Your LDAP server. Must be resolvable without using # LDAP. host 127.0.0.1 # The distinguished name of the search base. base dc=padl,dc=com Table 3.7: Available PAM modules in the ACS AlterPath ACS Command Reference Guide...
-
Page 104: Arguments
Authentication Arguments The arguments are a list of tokens that are passed to the module when it is invoked. They are much like arguments to a typical Linux shell command. Generally, valid arguments are optional and are specific to any given module. Invalid arguments are ignored by a module, however, when encountering an invalid argument, the module is required to write an error to syslog(3). - Page 105 (erring on the side of caution) to make the authentication process fail. A corresponding error is written to the system log files with a call to syslog(3). Table 3.8: List of valid arguments to PAM AlterPath ACS Command Reference Guide...
-
Page 106: Shadow Passwords
The default /etc/passwd file has the user “root” with password “tslinux”. You should change the password for user “root” as soon as possible. The AlterPath ACS has support for Shadow Passwords, which enhances the security of the system authentication files. -
Page 107: Certificate For Http Security
The other requested information can be skipped. The certificate signing request (CSR) generated by the command above contains some personal (or corporate) information and its public key. Step 2 - Submit CSR to the CA. AlterPath ACS Command Reference Guide... - Page 108 Authentication The next step is to submit the CSR and some personal data to the CA. This service can be requested by accessing the CA Web site and is not free. There is a list of CAs at the following URL pki-page.org The request will be analyzed by the CA, for policy approval and to be signed.
-
Page 109: User Configured Digital Certificate
= "This is just a TEST certificate. nsCertType = server, sslCA Step 2 - Remove the files /etc/ca/*.pem Step 3 - Execute the following script. # /bin/firstkssl.sh Step 4 - Reboot ACS or restart theWeb Manager. AlterPath ACS Command Reference Guide... -
Page 110: Certificate On Ssh
Authentication 3.9 X.509 Certificate on SSH The OpenSSH software included with ACS has support for X.509 certificates. The administrator must activate and configure the SSH to use X.509. In order to implement authentication of SSH sessions through exchange of X.509 certificates, the following configuration is required. -
Page 111: Cli Mode
Step 1 - Run the following “ssh_act_x509” script [root@CAS root]# ssh_act_x509 The following message appears: For X509 authentication, first you need to be sure that you had upload the CA certificate, the HostKey and added the proper Authorized Key. AlterPath ACS Command Reference Guide... -
Page 112: To Connect To Acs Using Ssh X.509 Certificate
Authentication Step 2 - Enter the required information at each prompt. AuthorizedKeysFile[/etc/ssh/authorized_keys]: CACertificateFile[/etc/ssh/ca/ca-bundle.crt]: HostKey[/etc/ssh/ssh_host_key]: Do you want disable Password Authentication and accept only Certificates?(y/n) Step 3 - Check the configuration in /etc/ssh/sshd_config file. To connect to ACS using SSH X.509 certificate Step 1 - Edit /etc/ssh/sshd_config file. - Page 113 Authentication Step 4 - Configure the serial ports for “socket_ssh” protocol and assign the IP address of the connected device. AlterPath ACS Command Reference Guide...
- Page 114 Authentication...
-
Page 115: Chapter 4 - Network
Chapter 4 Network Chapter 4 - Network ................4.1 Introduction This chapter will show important configuration settings regarding the network configuration or any feature related to it. The contents of this chapter is briefly presented below: • Basic Network Settings •... -
Page 116: Cli Method - Hostname
Network CLI Method - Hostname Step 1 - Open the CLI interface by issuing the command: # CLI Step 2 - Set the hostname, where <string> is the desired hostname. cli> config network hostsettings hostname <string> Step 3 - Activate the configuration. cli>... - Page 117 While still in the DOS window, type the following and then press Enter: # telnet <IP assigned to the ACS by DHCP or you> 7001 An example would be: # telnet 192.168.160.10 7001 AlterPath ACS Command Reference Guide...
-
Page 118: Cli Method - Ip Address
Network If everything is configured correctly, a Telnet session should open on the server connected to port 1. If not, check the configuration, follow the above steps again, and check Appendix C - Software Upgrade and Troubleshooting. Step 6 - Save the changes. Execute the following command to save the configuration: # saveconf CLI Method - IP address... -
Page 119: Dhcp Client
DHCP. The unit goes out from the factory with DHCP enabled (conf.dhcp_client 2): Step 1 - Set the global parameter conf.dhcp_client to 2. Step 2 - Comment all other parameters related to the Ethernet Interface (conf.eth_ip, etc.). AlterPath ACS Command Reference Guide... - Page 120 Network Step 3 - Add the following lines to the file /etc/config_files (from factory file already present in /etc/config_files): /etc/network/dhcpcd_cmd /etc/dhcpcd-eth0.save File Description 4.3: /etc/config_files Step 4 - Add the option “-x” to the factory default content of the file /etc/network/dhcpcd_cmd: /sbin/dhcpcd -l 3600 -x -c /sbin/handle_dhcp File Description 4.4: /etc/network/dhcpcd_cmd...
-
Page 121: Files Related To Dhcp
Step 2 - Activate/Deactivate DHCP in the unit. cli> config network hostsettings dhcp <option> Where possible values for <option> are: yes to activate DHCP or no to deactivate Step 3 - Activate the configuration. cli> config runconfig AlterPath ACS Command Reference Guide... - Page 122 Network Step 4 - Save the configuration. cli> config savetoflash Step 5 - Exiting the CLI mode. To exit the CLI mode and return to ACS’s shell, type the following command: cli> quit...
-
Page 123: Routes And Default Gateway
The next lines will show how to configure the default gateway of the ACS . VI mode To add routes it is necessary to edit the /etc/network/st_routes file using the following syntax: route [add|del] [-net|-host] target [netmask] mask [gw] gateway [metric] metric AlterPath ACS Command Reference Guide... -
Page 124: Cli Method - Routes
Network The below example will set the default gateway to the IP address 192.168.0.1. To configure it follow these steps: Step 1 - Open the /etc/network/st_routes file using the VI editor. To do this, run the command: # vi /etc/network/st_routes Step 2 - Inserting the default route. - Page 125 Network Step 4 - Save the configuration. cli> config savetoflash Step 5 - Exiting the CLI mode. To exit the CLI mode and return to ACS’s shell, type the following command: cli> quit AlterPath ACS Command Reference Guide...
-
Page 126: Dns Server And Domain Name
To save all changes made, run the command: # saveconf CLI Method - DNS and Domain Name The example below will set up cyclades.com as domain name and 192.168.0.2 as DNS server of the ACS . Step 1 - Open the CLI interface by issuing the command: # CLI Step 2 - Configuring cyclades.com as domain name. - Page 127 Step 5 - Save the configuration. cli> config savetoflash Step 6 - Exiting the CLI mode. To exit the CLI mode and return to ACS’s shell, type the following command: cli> quit AlterPath ACS Command Reference Guide...
-
Page 128: Bonding
Network 4.6 Bonding The ACS provides failover Ethernet bonding using a PCMCIA card as a second Ethernet port. Bonding enables redundancy for the Ethernet devices, using the standard Ethernet interface as the primary mode of access and one PCMCIA card as a secondary mode of access. -
Page 129: Cli Method - Bonding
Network CLI Method - Bonding The example below will set up cyclades.com as domain name and 192.168.0.2 as DNS server of the ACS . Step 1 - Open the CLI interface by issuing the command: # CLI Step 2 - Enter the bonding menu. - Page 130 Network A display similar to the following example appears: bonding>show [bonding] enabled: no miimon: 100 updelay: 200 File Description 4.7: Bonding Default Configuration Step 7 - Activate the configuration. cli> config runconfig Step 8 - Save the configuration. cli> config savetoflash The failover is enabled.
- Page 131 “NOARP”. The interface which has the “NOARP” status - eth1 in the above case - is the failover. eth0 is sending and receiving packets, eth1 is in active and standby mode. AlterPath ACS Command Reference Guide...
- Page 132 Network If you have IP Filtering rules set before bonding is activated, the interface IMPORTANT: reference in the firewall IP filtering will be eth0. You need to change the interface to bond0 in order to reference the bonded interface. For example, There is a rule to drop the SSH packets to access the ACS box with no Bonding: [root@CAS /]# iptables -A INPUT -p tcp –dport 22 -i eth0 -j REJECT If you activate Bonding you need to change the rule to reference the bonded interface:...
-
Page 133: Hosts
Step 1 - Open the CLI interface by issuing the command: # CLI Step 2 - Adding a host named test with IP address 192.168.0.111. cli> config network hosttable add hostip 192.168.0.111 name test You can repeat this step as many times as necessary. AlterPath ACS Command Reference Guide... - Page 134 Network Step 3 - Activate the configuration. cli> config runconfig Step 4 - Save the configuration. cli> config savetoflash Step 5 - Exiting the CLI mode. To exit the CLI mode and return to ACS ’s shell, type the following command: cli>...
-
Page 135: Tcp Keepalive
# of interval from each other). echo 20 > /proc/sys/net/ipv4/tcp_keepalive_time echo 6 > /proc/sys/net/ipv4/tcp_keepalive_probes File Description 4.9: /bin/init_proc_fs CLI Method - TCP Keep Alive Step 1 - .Open the CLI interface by issuing the command: # CLI AlterPath ACS Command Reference Guide... - Page 136 Network Step 2 - Configuring the pool interval (ms). The command below will set a 50 ms pool interval. cli>config physicalports all other tcpkeepalive 50 Step 3 - Activate the configuration. cli> config runconfig Step 4 - Save the configuration. cli>...
-
Page 137: Filters And Network Address Translation
The built-in chains will be called according to the type of packet. User-defined chains will be called when a rule which is matched by the packet points to the chain. Each table has a particular set of built-in chains: AlterPath ACS Command Reference Guide... -
Page 138: Rule
Network for the filter table: • INPUT - For packets coming into the box itself. • FORWARD - For packets being routed through the box. • OUTPUT - For locally-generated packets. for the nat table: • PREROUTING - For altering packets as soon as they come in. •... -
Page 139: Command
If there are, you must delete or replace the referring rules before the chain can be deleted. If no argument is given, it will attempt to delete every non-built-in chain in the table. Table 4.3: iptables commands options AlterPath ACS Command Reference Guide... -
Page 140: Rule Specification
Network Command Description -P --policy Set the policy for the chain to the given target. Only non-user-defined chains can have policies, and neither built-in nor user-defined chains can be policy targets. -E --rename-chain Rename the user-specified chain to the user-supplied name. This is cosmetic, and has no effect on the structure of the table. - Page 141 - -set-counters PKTS BYTES This enables the administrater to initialize the packet and byte counters of a rule (during INSERT, APPEND, REPLACE operations). Table 4.4: iptables rules specifications AlterPath ACS Command Reference Guide...
-
Page 142: Match Extensions
Network Parameter Description - -verbose Verbose output. This option makes the list command show the interface address, the rule options (if any), and the TOS masks. The packet and byte counters are also listed, with the suffix 'K', 'M' or 'G' for 1000, 1,000,000 and 1,000,000,000 multipliers respectively (but see the -x flag to change this). -
Page 143: Tcp Extensions
It is equivalent to - -tcp-flags SYN,RST,ACK SYN. If the "!" flag precedes the "- -syn," the sense of the option is inverted. --tcp-option [!] number Match if TCP option set. Table 4.5: TCP extensions AlterPath ACS Command Reference Guide... -
Page 144: Udp Extensions
Network UDP Extensions These extensions are loaded if the protocol udp is specified or “-m udp” is specified. It provides the following options: UDP extension Description --source-port [!] [port[:port]] Source port or port range specification. See the description of the - -source-port option of the TCP extension for details. -
Page 145: Target Extensions
Log TCP sequence numbers. This is a security risk if the log is readable by users. --log-tcp-options Log options from the TCP packet header. --log-ip-options Log options from the IP packet header. Table 4.9: LOG extensions AlterPath ACS Command Reference Guide... -
Page 146: Reject (Filter Table Only)
Network REJECT (filter table only) This is used to send back an error packet in response to the matched packet: otherwise it is equivalent to DROP. This target is only valid in the INPUT, FORWARD and OUTPUT chains, and user-defined chains which are only called from those chains. Several options control the nature of the error packet returned: LOG extension Description... -
Page 147: Dnat (Nat Table Only)
This specifies a range of source ports to use, overriding the default SNAT source port-selection heuristics (see above). This is only valid if the rule also specifies -p tcp or -p udp). Table 4.13: Masquerade target AlterPath ACS Command Reference Guide... -
Page 148: Redirect (Nat Table Only)
Network REDIRECT (NAT table only) This target is only valid in the nat table, in the PREROUTING and OUTPUT chains, and user-defined chains which are only called from those chains. It alters the destination IP address to send the packet to the machine itself (locally-generated packets are mapped to the 127.0.0.1 address). -
Page 149: Vpn Configuration
Console Server and this gateway. The gateway machine and the Console Server encrypt packets entering the untrusted net and decrypt packets leaving it, creating a secure tunnel through it. AlterPath ACS Command Reference Guide... -
Page 150: Road Warriors
Network Road Warriors The prototypical Road Warrior is a traveler connecting to the Console Server from a laptop machine. For purposes of this document: • Anyone with a dynamic IP address is a Road Warrior. • Any machine doing IPsec processing is a gateway. Think of the single-user Road Warrior machine as a gateway with a degenerate subnet (one machine: itself) behind it. -
Page 151: Road Warrior" Configuration
Server. This information should be provided in a convenient format, ready for insertion in the warrior's ipsec.conf file. For example: # left=1.2.3.4 leftid=@acs.example.com leftrsasigkey=0s1LgR7/oUM... The Console Server administrator typically needs to generate this only once. The same file can be given to all warriors. AlterPath ACS Command Reference Guide... -
Page 152: Setup On The "Road Warrior" Machine
Network Setup on the "Road Warrior" machine Simply add a connection description us-to-Console Server, with the left and right information you gathered above to the ipsec.conf file of the warrior system. This might look like: # pre-configured link to Console Server conn us-to-acs # information obtained from Console Server admin left=1.2.3.4 # Console Server IP address... -
Page 153: Setup On The Acs
File Description 4.2: ACS ipsec.conf file IMPORTANT! The connection name line: "conn gate-xy" must start on the FIRST column of the line. All other lines after that line must be indented by 1 TAB. This is MANDATORY. AlterPath ACS Command Reference Guide... -
Page 154: Vpn Configuration
Network VPN configuration Often it may be useful to have explicitly configured IPsec tunnels between the Console Server and a gateway of an office with a fixed IP address (in this case every machine on the office network would have a secure connection with the Console Server), or between the Console Server and the Console Server administrator machine, which must, in this case, have a fixed IP address. -
Page 155: Authentication Keys
To extract the public part in a suitable format you can use the ipsec_showhostkey command. For VPN or Road Warrior applications, use one of the following: If your ACS is the left side of the tunnel: # /usr/local/sbin/ipsec showhostkey --left AlterPath ACS Command Reference Guide... -
Page 156: Ipsec Management
Network If your ACS is the right side of the tunnel: # /usr/local/sbin/ipsec showhostkey --right These two produce the key formatted for insertion in an ipsec.conf file. Public keys need not be protected as fanatically as private keys. They are intended to be made public; the system is designed to work even if an enemy knows all the public keys used. -
Page 157: Adding And Removing A Connection
106 "test" #5: STATE_MAIN_I2: sent MI2, expecting MR2 108 "test" #5: STATE_MAIN_I3: sent MI3, expecting MR3 004 "test" #5: STATE_MAIN_I4: ISAKMP SA established 112 "test" #6: STATE_QUICK_I1: initiate 004 "test" #6: STATE_QUICK_I2: sent QI2, IPsec SA established AlterPath ACS Command Reference Guide... -
Page 158: Ipsec Whack
Network IPsec whack The ipsec whack command show the status of the connections. [root@acs_cas root]# ipsec whack --status 000 interface ipsec0/eth0 64.186.161.96 000 "test": 64.186.161.96[@micro]...64.186.161.128[@ACS ] 000 "test": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0 000 "test": policy: RSASIG+ENCRYPT+TUNNEL+PFS; interface: eth0; routed 000 "test": newest ISAKMP SA: #5;... - Page 159 Numeric values are specified to be either an integer (a sequence of digits) or a decimal number (sequence of digits optionally followed by . and another sequence of digits). There is currently one parameter which is available in any type of section: also AlterPath ACS Command Reference Guide...
-
Page 160: Conn Sections
Network The value is a section name; the parameters of that section are appended to this section, as if they had been written as part of it. The specified section must exist, must follow the current one, and must have the same section type. (Nesting is permitted, and there may be more than one also in a single section, although it is forbidden to append the same section more than once.) This allows, for example, keeping the encryption keys for a connection in a separate file from the rest of the description, by using both an also... - Page 161 AH protocol, acceptable values are esp (the default) and ah. • authby: How the two security gateways should authenticate each other. Acceptable values are secret for shared secrets (the default) and rsasig for RSA digital signatures. AlterPath ACS Command Reference Guide...
- Page 162 Network • leftid and rightid: How the left and right participant should be identified for authentication. Defaults to left. Can be an IP address or a fully-qualified domain name preceded by @ (which is used as a literal string and not resolved). •...
-
Page 163: Config Section
(can be empty, a name, or a quoted list of names separated by white space); see ipsec_auto for details. Default is none. If the special value %search is used, all connections with auto=add, auto=route, or auto=start are loaded. AlterPath ACS Command Reference Guide... -
Page 164: Cli Method - Vpn Configuration
Network • plutostart: Which connections (by name) to attempt to negotiate at startup (can be empty, a name, or a quoted list of names separated by white space). Any such names which do not appear in plutoload are implicitly added to it. Default is none. If the special value %search is used, all connections with auto=route or auto=start are routed, and all connections with auto=start are started. -
Page 165: Vpn Parameters
How each parameter works and their respective descriptions can be found just above in the section Conn parameters: General. Step 3 - Activate the configuration. cli> config runconfig Step 4 - Save the configuration. cli> config savetoflash Step 5 - Connection management. AlterPath ACS Command Reference Guide... - Page 166 Network After configuring the VPN connection you will have to manage the VPN connections in the prompt shell. The CLI does not provide management utilities. Find more information on “IPsec Management” on page 140. Step 6 - Exiting the CLI mode. To exit the CLI mode and return to ACS’s shell, type the following command: cli>...
-
Page 167: Chapter 5 - Administration
Chapter 5 Administration Chapter 5 - Administration ................The objective of this chapter is showing any task related to the administration of the unit. This includes the following topics: • SNMP • CronD • Dual Power Management • Syslog-ng • Generating Alarms (Syslog-ng) •... - Page 168 Administration communities cyclades and public, you need add the following lines in / etc/snmp/snmpd.conf: # cyclades is read-write community rwcommunity cyclades # public is a read-only community rocommunity public File Description 5.1: part of the /etc/snmp/snmpd.conf file To use SNMP version 3 (username/password), perform the following steps: 1.
-
Page 169: Configuration
Information about net-snmp packet 5. Private Cyclades Vendor MIB (enterprises.2925) • ACS remote Management Object Tree (cyclades.4). This MIB permits you to get informations about the product, to read/write some configuration items and to do some administration com- mands. (For more details see the cyclades.mib file.) Configuration This section describe how to configure the SNMP using the vi editor. - Page 170 Administration 1. To define the public community, insert the following line in the /etc/ snmp/snmp.conf file. This is a read-only access to the MIB (Management Information Base) values. rocommunity public <“default”, hostname, or network/mask> .1 2. Save the configuration changes in the snmp.conf file. [root@CAS root]# saveconf 3.
-
Page 171: Cli Method - Snmp
Considering that the targeted ACS has the IP address 192.168.0.1 and the Linux machine from where the commands will be issued is 192.168.0.200, run the following commands: For SNMP v1/v2 # snmpwalk -v 2c -c test1 192.168.0.1 .1 AlterPath ACS Command Reference Guide... - Page 172 Administration For SNMP v3 # snmpwalk -v 3 -u john -l authpriv -a MD5 -A john1234 -x DES -X john1234 192.168.0.1 .1 a. Save the configuration. cli> config savetoflash a. Exiting the CLI mode. To exit the CLI mode and return to ACS’s shell, type the following command: cli>...
-
Page 173: Crond
(/etc/tst_cron.src). The /etc/crontab_files file can point to any desired file that calls the scripts to be run. The ACS has example file for it (/etc/tst_cron.src). The AlterPath ACS Command Reference Guide... - Page 174 Administration file that is pointed out in the /etc/crontab_files file must follow this structure: PATH=/usr/bin:/bin SHELL=/bin/sh HOME=/ 0-59 * * * * /etc/tst_cron.sh File Description 5.3: /etc/tst_cron.src This file is called /etc/tst_cron.src, but it could have any other name, since it follows the above structure.
- Page 175 Save the changes. Execute the following command in to save the configuration: # saveconf a. Activate changes. To activate the changes it is necessary to reboot the ACS by issuing the command: # reboot AlterPath ACS Command Reference Guide...
-
Page 176: Dual Power Management
Administration 5.3 Dual Power Management The ACS comes with two power supplies which it can self-monitor. If either of them fails, two actions are performed: sounding a buzzer and generating a syslog message. This automanagement can be disabled (no actions are taken) or enabled (default), any time by issuing the commands: # signal_ras buzzer off # signal_ras buzzer on To disable the buzzer in boot time, edit the shell script /bin/ex_wdt_led.sh... -
Page 177: Syslog-Ng
Example value: 0. • all.syslog_buffering - When nonzero, the contents of the data buffer are sent to the syslog-ng every time a quantity of data equal to this parameter is collected. The syslog message is sent AlterPath ACS Command Reference Guide... -
Page 178: The Syslog Functions
Administration to syslog-ng with NOTICE level and LOCAL[0+conf.DB_facility] facility. The Syslog Functions This section shows the characteristics of the syslog-ng that is implemented for all members of the ACS family. It is divided into three parts: 1. Syslog-ng and its Configuration 2. - Page 179 - Each source-driver may take parameters. Some of them are required, some of them are optional. The following source-drivers are available: Table 5-2: “Source Drivers” parameters (Syslog-ng configuration) Option Description internal() Messages are generated internally in syslog-ng. AlterPath ACS Command Reference Guide...
-
Page 180: Some Examples Of Defining Sources
Administration Table 5-2: “Source Drivers” parameters (Syslog-ng configuration) Option Description unix-stream They open the given AF_UNIX socket, and start listening (filename for messages. [options]) Options: owner(name), group(name), perm(mask) are equal global options unix-dgram (filename keep-alive(yes/no) - Selects whether to keep connections [options]) opened when syslog-ng is restarted. - Page 181 The following internal functions are available: Table 5-3: “Filters” parameters (Syslog-ng configuration) Option Description facility Selects messages based on their facility code. (<facility code>) level(<level Selects messages based on their priority. code>) or prior- (<level code>) AlterPath ACS Command Reference Guide...
-
Page 182: Some Examples Of Defining Filters
Administration Table 5-3: “Filters” parameters (Syslog-ng configuration) Option Description pro- Tries to match the <string> to the program name field of gram(<string>) the log message. host(<string>) Tries to match the <string> to the hostname field of the log message. match(<string> Tries to match the <string>... - Page 183 - Has to uniquely identify this given destination. • destination driver - Is a method of outputting a given message. • params - Each destination-driver may take parameters. Some of them required, some of them are optional. AlterPath ACS Command Reference Guide...
- Page 184 Administration The following destination drivers are available: Table 5-4: “Destination Drivers” parameters (Syslog-ng configuration) Option Description file This is one of the most important destination drivers in (file- syslog-ng. It allows you to output log messages to the name[options]) named file. The destination filename may include mac- ros (by prefixing the macro name with a '$' sign) which gets expanded when the message is written.
-
Page 185: Destination Drivers" Parameters (Syslog-Ng Configuration)
- Syslog-ng writes the “string” in the file. You can use the MACROS in the string. unix-stream(file- This driver sends messages to a UNIX socket in either name) and unix- SOCKET_STREAM or SOCK_DGRAM mode. dgram(filename) AlterPath ACS Command Reference Guide... -
Page 186: Some Examples Of Defining Actions
Administration Table 5-4: “Destination Drivers” parameters (Syslog-ng configuration) Option Description udp("<ip This driver sends messages to another host (ip address/ address>" port) using either UDP or TCP protocol. port(number);) tcp("<ip address>" port(number);) program(<pro- This driver fork()'s executes the given program with the gram name and arguments and sends messages down to the stdin of the arguments>) - Page 187 ACS and the message that was received from the source: destination d_pager { pipe(‘/dev/cyc_alarm’ template(‘sendsms -d 123 -m \’$FULLDATE $HOST $MSG\’ 10.0.0.1’)); File Description 5.5: To send a pager phone example 3) To send snmptrap. AlterPath ACS Command Reference Guide...
- Page 188 Administration destination <ident> {pipe(‘/dev/cyc_alarm’ template(‘snmptrap <pars>’)); where ident : uniquely identify this destination • pars : -v 1 • <snmptrapd IP address> • -c public : community • \"\" : enterprise-oid • \"\" : agent/hostname • <trap number> : 2-Link Down, 3-Link Up, 4-Authentication Failure •...
-
Page 189: Examples Connecting Sources, Filters And Actions
Fx - Identifier of the filters defined before. • Dx - Identifier of the actions/destinations defined before. Examples connecting sources, filters and actions: 1) To send all messages received from local syslog clients to console: AlterPath ACS Command Reference Guide... -
Page 190: Syslog-Ng Configuration To Use With Syslog Buffering Feature
Administration log { source(sysl); destination(d_console);}; 2) To send only messages with level alert and received from local syslog clients to all logged root user: log { source(sysl); filter(f_alert); destination(d_userroot); }; 3) To write all messages with levels info, notice, or warning and received from syslog clients (local and remote) to /var/log/messages file: log { source(sysl);... -
Page 191: Syslog-Ng Configuration To Use With Multiple Remote Syslog Servers
Syslog servers This configuration example is used with multiple remote syslog servers. VI Method 1. Configure pslave.conf parameters. In the pslave.conf file the facility parameter is configured as: conf.facility 1 File Description 5.13: portslave.conf “facility” configuration AlterPath ACS Command Reference Guide... -
Page 192: Cli Method - Syslog
Administration a. Add lines to /etc/syslog-ng/syslog-ng.conf file. # local syslog clients source src { unix-stream("/dev/log"); }; # remote server 1 - IP address 10.0.0.1 port default destination d_udp1 { udp("10.0.0.1"); }; # remote server 2 - IP address 10.0.0.2 port 1999 destination d_udp2 { udp("10.0.0.2"... - Page 193 Activate the configuration. cli> config runconfig a. Save the configuration. cli> config savetoflash a. Exit the CLI mode. To exit the CLI mode and return to ACS ’s shell, issue the command: cli> quit AlterPath ACS Command Reference Guide...
-
Page 194: How Syslog Messages Are Generated
Administration 5.5 How Syslog Messages are generated The ACS can generate syslog messages, which enable system administrators to monitor changes in the box. When certain actions/ conditions are met through the web interface as well as through CLI or commands which users enter from a shell prompt, the system generates and sends messages to the syslog-ng file. - Page 195 System rebooted by admin [xyz] [hostname] [ip address] alert PORT DCD Port <serial port number> DCD went high alert PORT DCD Port <serial port number> DCD went low debug AUTH User [%s] login failed. Group 'admin' does not exist AlterPath ACS Command Reference Guide...
-
Page 196: Dcd On/Off Syslog Messages
Administration Table 5-5: ACS Syslog Messages Format Level Text debug AUTH User [%s] login failed. Maximum number of connected users reached notice [PMD]-Serial PMD has started on this port. The chain has X Port p IPDUs and W outlets. notice DAEMON Web server started on port xx notice... -
Page 197: Examples
{ source(src_dev_log); filter(f_info, f_named); destination(console); Generating messages and sending them to console when any user login attempt fails. filter f_info { level(alert); }; filter f_named { match("AUTH"); }; destination console { usertty("root"); }; log { source(src_dev_log); filter(f_info, f_named); destination(console); AlterPath ACS Command Reference Guide... - Page 198 Administration Generating messages and sending them to console if the DCD signal changes its state. filter f_dcdchg { level(alert) and match("PORT DCD") }; destination console { usertty("root"); }; log { source(s_kernel); filter(f_dcdchg); destination(console); };...
-
Page 199: Generating Alarms (Syslog-Ng)
(each of them) is sent to the listed destinations). Use this statement: log { source(S1); source(S2); ... filter(F1);filter(F2);... destination(D1); Destination(D2);... For more information about sources, destinations and filters, please refer to the Syslog-ng section. This AlterPath ACS Command Reference Guide... -
Page 200: Method - Configuration To Use With Alarm Feature
Administration VI method - Configuration to use with Alarm Feature This configuration example is used for the alarm feature. 1. Configure the /etc/portslave/pslave.conf file parameter. In the /etc/portslave/pslave.conf file the parameters of the alarm feature are configured as: all.alarm 1 conf.DB_facility 2 a. - Page 201 -t z@none.com -f a@none.com -s \"ALARM\" \\ -m \"$FULLDATE $HOST $MSG\" -h 10.0.0.2")); destination d_pager { pipe("/dev/cyc_alarm" template("sendsms -d 123 -m \"$FULLDATE $HOST $MSG\" 10.0.0.1")); log { source(sysl); filter(f_root); destination(d_mail1); destination(d_pager); }; File Description 5.19: part of the /etc/syslog-ng/syslog-ng.conf file AlterPath ACS Command Reference Guide...
-
Page 202: Cli Method - Alarm Notification
Administration Example 6 - Send messages with facility kernel and received from syslog cli- ents (local and remote) to remote syslogd. Insert the lines below at the END of the file syslog-ng.conf file, keeping all lines above commented. source sysl {unix-stream("/dev/log");}; source s_udp { udp(ip(<ip client>) port(<udp port>));... - Page 203 The above commands configure the from/to fields, SMTP server/port and the subject/body of the e-mail message. a. Activate the configuration. cli> config runconfig a. Save the configuration. cli> config savetoflash a. Exit the CLI mode. AlterPath ACS Command Reference Guide...
- Page 204 Administration To exit the CLI mode and return to ACS ’s shell, issue the command: cli> quit...
-
Page 205: Terminal Appearance
If a match is found, the string configured in auto_answer_output is sent back to the server. To repre- sent the ESC character as part of this string, use the con- trol character, ^[. AlterPath ACS Command Reference Guide... -
Page 206: Cli Method - Banner
Administration Table 5-6: pslave.conf parameters for Terminal Appearance configuration Parameter Description all.auto_answer_out This parameter is used in conjunction with the previous parameter, auto_answer_input. If configured, and if there is no session established to the port, this parameter is sent back to the server when there is a match between the incoming data and auto_answer_input. -
Page 207: Centralized Management
Figure 5.21 - Example of Centralized Management VI Method - Involved parameters and passed values The abbreviated /etc/portslave/pslave.conf and /etc/hostname files in each unit, for the above example are: AlterPath ACS Command Reference Guide... - Page 208 Administration Unit 1 configuration: For the /etc/hostname file in unit 1: unit1 File Description 5.22: Unit 1 /etc/hostname file For the /etc/portslave/plsave.conf file in unit 1: conf.eth_ip 10.0.0.1 conf.eth_mask 255.0.0.0 conf.include /etc/portslave/TScommon.conf File Description 5.23: Unit 1 /etc/portslave/portslave.conf file configuration Unit 2 configuration: For the /etc/hostname file in unit 2: unit2...
- Page 209 When this file is included, unit1 would read only the information between conf.host_config unit1 and conf.host_config unit2. Unit2 would use only the information between conf.host_config unit2 and conf.host_config unit3 and unit3 would use information after conf.host_config unit3 and before conf.host_config end. AlterPath ACS Command Reference Guide...
-
Page 210: Steps For Using Centralized Configuration
Administration Steps for using Centralized Configuration 1. Create and save the /etc/portslave/pslave.conf and /etc/hostname files in each ACS . a. Create, save, and download the common configuration. Create and save the common configuration file on the server, then download it (probably using scp) to each unit. -
Page 211: Date, Time And Timezone
Configuring date and time using CLI automatically disables any previously configured NTP server. To configure date/time using the CLI: 1. Open the CLI interface by issuing the command: # CLI 2. Configuring the date. The date format must follow this syntax: mm/dd/yyyy, where: AlterPath ACS Command Reference Guide... -
Page 212: Setting Local Timezone
Administration • mm - Month • dd - Day • yyyy - Year The following example configures the date, December, 31st 2005. cli> config administration date/time date 12/31/2005 3. Setting the time. The time format must follow this syntax: hh:mm:ss, where: •... - Page 213 A message verifies your selection. For example if you choose 8, the system displays the following message: Your choice was: GMT+4 to save your changes. saveconf Note: Setting your system timezone creates a new file called , which /etc/localtime erases the old /etc/TIMEZONE AlterPath ACS Command Reference Guide...
-
Page 214: Configuring Using Cli
Administration Configuring Using CLI You can configure your local timezone using the CLI utility. 1. Enter the following command to enter the CLI mode. #CLI 2. At the cli> prompt enter the following command. #cli>config>administration>timezone <value> Note: You can enter the value if known, otherwise, press tab to see the list of possible values. -
Page 215: Ntp (Network Time Protocol)
-r -> Replay analysis code based on stdin. • -s -> Clock set (if count is not defined this sets count to 1). a. Activate and save the changes made. To activate the configuration, issue the following command: # daemon.sh NTP restart AlterPath ACS Command Reference Guide... -
Page 216: Cli Method - Ntp
Administration To save the changes, run the command: # saveconf CLI Method - NTP To configure an NTP server using the CLI follow the steps below: 1. Open the CLI interface by issuing the command: # CLI a. Set the IP address of the NTP server. cli>... -
Page 217: Session Sniffing
PID/username, and s/he will be able to select one session typing its PID, or “all” to kill all the sessions. If the administrator kills all the regular sessions, his session initiates as a regular session automatically. AlterPath ACS Command Reference Guide... -
Page 218: Method - Involved Parameters And Passed Values
Administration Option 5 - Quit will close the current session and the TCP connection. Only for the administrator users: Typing all.escape_char or sN.escape_char from the sniff session or “send message mode” will make the ACS show the previous menu. The first regular sessions will not be allowed to return to the menu. -
Page 219: Cli Method - Session Sniffing
- This parameter determines which users can receive privilegeusers the sniff menu. • - Determines what other users connected to the very sniffmode same port can see of the session of the first connected user AlterPath ACS Command Reference Guide... - Page 220 Administration (main session). Valid values are: in - shows data written to the port; out - shows data received from the port; in/out - shows both streams; off - disables sniffing. a. Activate the configuration. cli> config runconfig a. Save the configuration. cli>...
-
Page 221: Saveconf And Restoreconf
PCMCIA storage device, read the configuration from the internal flash •local <remote Path and filename> - Read the configuration from the local file <remote Path and filename>. AlterPath ACS Command Reference Guide... -
Page 222: Cli Method - Save/Restore Configuration
Administration •ftp <remote Path and filename> <IP address of the FTP server> <username> <password> - Read the configuration from the remote FTP server •sd - Read the configuration from the PCMCIA storage device (Compact Flash or IDE) and if the REPLACE flag is set, copy the file to the internal flash of the ACS. -
Page 223: Start And Stop Services
1. Without parameters in the command line, it will check the configuration files of the service and restart or stop it if needed. 2. It will perform the requested action (stop/restart) in the list of services given in the command line regardless any configuration changes. AlterPath ACS Command Reference Guide... - Page 224 Administration The command daemon.sh help will display a list of services available. Currently the following services are handled by daemon.sh. The first column is the service ID, the second is the name of the shell script file. /etc/daemon.d/ypbind.conf /etc/daemon.d/portmap.conf /etc/daemon.d/cy_buffering.sh /etc/daemon.d/inetd.sh /etc/daemon.d/syslog.sh /etc/daemon.d/sshd.sh...
-
Page 225: How To Configure Them
# must be "sig" or "cmd" DSIG=kill # signal to stop/restart the daemon (lowercase) # if it's hup term will be used to stop the daemon # daemon command line parameters DPARM="setup --start" DSTOP="setup --stop" File Description 5.30: /etc/daemon.d/ipsec.sh file AlterPath ACS Command Reference Guide... -
Page 226: Security Profiles
Administration 5.14 Security Profiles A Security Profile consists of a set of parameters that can be set to control access to the ACS. The ACS offers three pre-defined security profiles, Secured, Moderate, Open, and an option to configure a Custom profile. A fifth option, Default sets the parameters to the same as Moderate. -
Page 227: Cli Method - Selecting A Pre-Defined Security Profile
Enter the Security Profile menu: cli> config security profile a. Type one of the pre-defined Security Profiles and press Enter: profile> secured moderate open default a. To view the details of the selected profile, type the command: profile> show AlterPath ACS Command Reference Guide... -
Page 228: Cli Method - Configuring A Custom Profile
Administration A window similar to following appears showing the details of the profile: profile>show [profile] [open]: custom [moderate]: custom [secured]: custom .[custom] ftp: no telnet: yes ..[ssh] sshv1: yes sshv2: yes sshd_port: 22 root_access: no snmp: yes ..[web] http: yes https: yes http_port: 80 https_port: 443... - Page 229 To enable or disable a parameter issue the following command: custom> [parameter] <option> Where possible values for <option> are yes to enable and no to disable the parameter. To see the Custom profile configuration, type the command “show”. custom> show AlterPath ACS Command Reference Guide...
- Page 230 Administration A window similar to the following appears showing the details of the profile: custom>show [custom] ftp: no telnet: yes .[ssh] sshv1: yes sshv2: yes sshd_port: 22 root_access: no snmp: yes .[web] http: yes https: yes http_port: 80 https_port: 443 http2https: no rpc: yes ipsec: no...
- Page 231 <portnumber> https <portnumber> To see the web configuration type the command “show”. ssh> show Note: web>show Note: [web] Note: http: yes Note: https: yes Note: http_port: 80 Note: https_port: 443 Note: http2https: no AlterPath ACS Command Reference Guide...
- Page 232 Administration a. Configure Access to Serial Ports. Change the directory from custom> to ports>. The following parameters are available under the ports> menu: • auth2sport - Authentication to Access Serial Ports • ssh2sport - SSH to Serial Ports • raw2sport - Raw Connection to Serial Ports •...
-
Page 233: Chapter 6 - Alterpath Pm Integration
The ACS administrator can control all outlets or can assign outlets to individual users or groups of users. Figure 6.1 shows a typical setup for the AlterPath PM and the AlterPath ACS. The AlterPath PM's serial console is connected to port YY of the Console Server, the server's serial console is connected to port XX of the Console Server, and the server's power plug is connected to power outlet ZZ on the AlterPath PM. -
Page 234: Prerequisites For Power Management
Figure 6.1 - Configuration diagram shows a typical setup for the AlterPath PM and the AlterPath ACS. The AlterPath PM's serial console is connected to port YY of the Console Server, the server's serial console is connected to port XX of the Console Server, and the server's power plug is connected to power outlet ZZ on the AlterPath PM. -
Page 235: Method - Involved Parameters And Passed Values
1. Parameters to the port YY where the AlterPath PM is connected: • sYY.protocol: New protocol Integrated Power Distribution Unit. For example: ipdu. • sYY.pmtype: The IPDU manufacturer. For example: cyclades. • sYY.pmusers: The user access list. For example: jane:1,2;john:3,4. The format of this field is: [<username>:<outlet list>][;<username>:<outlet list>...] where <outlet list>'s format is:... -
Page 236: Cli Method - Ipdu Configuration
1 general pmsessions ssh The command above restricted the access to the IPDU port, only for users that connect to the AlterPath ACS via SSH. Valid values for the pmsessions parameter are: ssh, telnet, ssh_telnet and none. Step 4 - Configure from which ports of the ACS, commands to the configured IPDU port will be allowed to be issued. - Page 237 Step 8 - Activating the configuration. Return to the main menu by running the command: enable> return powermanagement> return config> Then, run the command: config > runconfig Step 9 - Saving the configuration. config > savetoflash AlterPath ACS Command Reference Guide...
-
Page 238: How To Change The Ipdu Password
Power Management with AlterPath™ PM Integration Step 10 - Managing the IPDU unit. To manage the outlets of the IPDU issue the command: cli>applications pm 1 Where “1” is the port number where the IPDU is connected in the ACS. You’ll be prompted with the pm command menu. - Page 239 Save the new pm.* file and activate the new configuration by entering the following command. [root@CAS root]# saveconf Step 7 - Change the connection protocol for the serial port back to the original IPDU. AlterPath ACS Command Reference Guide...
- Page 240 Power Management with AlterPath™ PM Integration a) Edit /etc/portslave/pslave.conf file as follows: s1.protocol ipdu b) Save the pslave.conf file and enter the following command to activate the new configuration. [root@CAS root]# runconf Step 8 - Restart the pmd process for the new configuration file to take effect. pmd is a Linux daemon process to control the communication between ACS and a) Execute the ps command to note the current pmd process [root@CAS root]# ps -fe|grep pmd...
-
Page 241: Accessing The Alterpath Pm Regular Menu From The Console Session
These outlets can be on the same or on Multi-outlet different IPDUs. device See “Manage Devices Plugged into Multiple Outlets” on page 229 for more details. Shows help text explaining each option. Info AlterPath ACS Command Reference Guide... -
Page 242: Using The Power Management Utility
Power Management with AlterPath™ PM Integration 2. Issuing the pmCommand Use: pmCommand <serial port number> <command> <arguments> where, <serial port number> is the serial port number configured as IPDU <command> <arguments> are the PM command and its arguments. See the list of commands in Table 6.2. Using the Power Management Utility You can use the Power Management Utility to control IPDUs and individual outlets. -
Page 243: Power Management Individual Ipdus Menu
Turns an outlet On. Prompts you to enter the outlet number. Turns an outlet Off. Prompts you to enter the outlet number. Turns an outlet Off and On again, recycles the power. The Cycle system prompts you to enter an outlet number. AlterPath ACS Command Reference Guide... - Page 244 Power Management with AlterPath™ PM Integration Command Description Locks an outlet in On or Off state to avoid accidental changes. Lock Unlock the selected outlets. Unlock Provides an overall status of the selected outlet. Status Set the time interval (in seconds) that the system waits Power Up between turning on the currently-selected outlet and the Interval...
-
Page 245: Manage Devices Plugged Into Multiple Outlets
Takes the user back to the first menu. Return Powers on all the outlets belonging to this multi- outlet device. Powers off all the outlets belonging to this multi- outlet device. Turns the outlets off and back on. Cycle AlterPath ACS Command Reference Guide... - Page 246 Power Management with AlterPath™ PM Integration Table 6-3: Menu Options for Multi-Outlet Control PM Utility Command Description Locks all the outlets belonging to the multi-outlet device so that no command can be executed on Lock them, except an unlock command. Unlocks all the outlets belonging to this multi-outlet Unlock device.
-
Page 247: To Manage Multiple Ipdus From The Command Line
1. Exit 2. individual ipdus 3. multi-outlet device 4.Info Please choose an option: To control power on multi-outlet devices, Enter the number 3. . 1. Exit 2. individual ipdus 3. multi-outlet device 4.Info Please choose an option: 3 AlterPath ACS Command Reference Guide... -
Page 248: To Manage Power Through The Console
Power Management with AlterPath™ PM Integration The power management utility displays as shown in the following screen example. ----------------------------------------------------------- Cyclades Power Management Menu -----------------------------------------------------------1. Return 4. Cycle 6. Unlock 8. Show 2. On 5. Lock 7. Status 9. Info 3. Off Please choose an option: Step 1 - Enter the number that corresponds to the desired option (“On,”... - Page 249 Provides a brief description of the menu Help items. Displays the current username. Who Am I Turns an outlet On. Prompts you to enter the outlet number. Table 6.4: AlterPath PM regular user menu options AlterPath ACS Command Reference Guide...
- Page 250 Power Management with AlterPath™ PM Integration Option Description Turns an outlet Off. Prompts you to enter the outlet number. Turns an outlet Off and On again, recycles the Cycle power. The system prompts you to enter an outlet number. Locks an outlet in On or Off state to avoid Lock accidental changes.
- Page 251 2. Help 7. Lock 12. Current 3. Who Am I 8. Unlock 13. Temperature 4. On 9. Status 14. Version 5. Off 10. Power Up Interval Please choose an option: Menu Description 6.2: Outlet Status AlterPath ACS Command Reference Guide...
- Page 252 Type '6' and wait for the answer. For example: Please choose an option: 6 Outlet name or outlet number(? for help, m for main menu): 1 1: Outlet turned off. 1: Outlet turned on. ------------------------------------------------------------------- Cyclades Power Management Menu PowerPort: PM ------------------------------------------------------------------- 1. Return 6. Cycle 11. Name 2.
- Page 253 The user can exit from the PM session and return to the Console Session in three ways: 1.Type the hot-key again, any time. 2.If the session is waiting for a menu option, type the option 1 - Exit. AlterPath ACS Command Reference Guide...
-
Page 254: Power Management For Authorized Users (Firmware Version Prior To 2.2.0)
Changing the group of an already existing user It is also possible to change the group of an already existing user. In this example we will change the groups of the already existing users: “cyclades” and “test”. To do that follow the steps below: Step 1 - Open the file /etc/group. - Page 255 Power Management with AlterPath™ PM Integration Step 3 - Save the configuration. To save the changes done, run the command: # saveconf AlterPath ACS Command Reference Guide...
-
Page 256: Pm Command
Power Management with AlterPath™ PM Integration pm command The pm command provides a menu that can be reached by typing the following command, from the prompt. - Page 257 Save ----------------------- Save the current configuration in flash Syslog --------------------- Set/read the syslog Alarm ---------------------- Set/read the alarm status Menu Description 6.5: pm command options Some of these options require the outlet number (On, Off, Cycle, Lock, Unlock, Status), AlterPath ACS Command Reference Guide...
-
Page 258: Turning The Outlet Off
The user can enter one or more outlets (separated by commas or dashes), or “all,” to apply the option to all the outlets. Following are examples of some things which can be done through this command. Turning the outlet off ---------------------------------------------------------------------- Cyclades Power Management Menu PowerPort: pm10 ---------------------------------------------------------------------- 1. Exit 9. Status 17. -
Page 259: Locking The Outlets
8. Unlock 16. Current Protection Please choose an option: Outlet name or outlet number(? for help, m for main menu): 1-3 1: Outlet locked. 2: Outlet locked. 3: Outlet locked. Menu Description 6.7: Locking the outlet AlterPath ACS Command Reference Guide... -
Page 260: Retrieving The Status Of The Outlets
Power Management with AlterPath™ PM Integration Retrieving the status of the outlets Cyclades Power Management Menu PowerPort: pm10 --------------------------------------------------------------------- 1. Exit 9. Status 17. Factory Default 2. Help 10. Power Up Interval 18. Reboot 3. Who Am I 11. Name 19. -
Page 261: Pmcommand Command
-------------------Unlock outlets • status --------------------Display state of the outlets • interval ------------------ Set/read the power up interval • name -------------------- Name an outlet • current ------------------ Set/Read/Reset the current • temperature ------------- Set/Read/Reset the temperature AlterPath ACS Command Reference Guide... -
Page 262: Cycling All The Outlets
5: Outlet turned off. 4: Outlet turned on. 5: Outlet turned on. Unlocking the outlets 1, 5 and 8 [Cyclades - Power Management Prompt]# unlock 1, 5, 8 1: Outlet unlocked. 5: Outlet unlocked. 8: Outlet unlocked. Retrieving the status of all outlets... -
Page 263: Turning The Outlet Off
Power Management with AlterPath™ PM Integration Turning the outlet off [Cyclades - Power Management Prompt]# off 2 2: Outlet turned off. AlterPath ACS Command Reference Guide... -
Page 264: Acs Firmware Upgrade
The first step of the upgrade process will be the download of the new firmware. Cyclades provides a directory on its FTP site where it is possible to check for new firmware and download them to the ACS. It is recommended to download the new firmware to the /tmp directory because files in this directory are deleted during the boot process. - Page 265 If the AlterPath PM unit is not configured with the default password, it will be IMPORTANT! necessary to inform it to the ACS by editing the /etc/pm.cyclades file and changing the parameter admPasswd with the correct password. The pmfwupgrade application will try to stop all the process that are using the serial port.
-
Page 266: Snmp Proxy
Power Management with AlterPath™ PM Integration 6.3 SNMP Proxy The SNMP Proxy for Power management feature allows the Cyclades ACS console servers to proxy SNMP requests to the Cyclades Intelligent Power Distribution Units. This allows SNMP clients to query and control the remote IPDU using standard set and get commands. -
Page 267: Examples
This feature allows the user do these following SNMP requests: 1) Get the number of ACS/TS serial ports that has PM connected to: # snmpget -m all -v 2c -t 4 -c cyclades 10.10.0.1 .cyNumberOfPM <enter> enterprises.cyclades.cyACSMgmt.cyPM.cyNumberOfPM.0 = 2 2) Get the number of outlets of the PM connected to serial port 16: # snmpget -m all -v 2c -t 4 -c cyclades 10.10.0.1 .cyPMNumberOutlets.16 <enter>... - Page 268 Power Management with AlterPath™ PM Integration...
-
Page 269: Chapter 7 - Pcmcia Cards Integration
Ethernet, modem (V.90, GSM, CDMA, and ISDN) and wireless LAN. 7.1 Supported Cards For a list of the supported PCMCIA cards, refer to the AlterPath ACS web site at http://www.cyclades.com/products/3/alterpath_acs, or go to www.cyclades.com > Products > IT Infrastructure Management > AlterPath ACS > Click here for a list of supported PCMCIA cards. -
Page 270: Pcmcia Network Devices Configuration
PCMCIA Cards Integration 7.2 PCMCIA Network devices configuration Ethernet PC cards The onboard Ethernet device has the eth0 name. The first PCMCIA Ethernet card or wireless LAN card detected will receive the eth1 name, the second card will be eth2. cardmgr will read the network settings from the /etc/network/interfaces and assign an IP to eth1. -
Page 271: Removing The Configuration From A Ethernet Pcmcia Device
# cardctl eject # cardctl insert Step 5 - Exiting the CLI mode. To exit the CLI mode and return to ACS’s shell, type the following command: cli> quit AlterPath ACS Command Reference Guide... -
Page 272: Wireless Lan Pc Cards
PCMCIA Cards Integration Wireless LAN PC Cards First do the appropriate PCMCIA network configuration. Additionally, the configuration of the wireless driver is done in the following file: /etc/pcmcia/wireless.opts For instance, to configure the network name as MyPrivateNet, and the WEP encryption key as secu1, the following settings could be added to the default “*,*,*,*)"... -
Page 273: Removing The Configuration From A Wireless Pcmcia Device
“test1” as key. cli>config network pcmcia 2 wireless encrypt yes key s:test1 Check the note about WEP keys on page 256. IMPORTANT: Step 4 - Activating the configuration. AlterPath ACS Command Reference Guide... - Page 274 PCMCIA Cards Integration cli>config runconfig Step 5 - Save the configuration. cli>config savetoflash Step 6 - Exiting the CLI mode. To exit the CLI mode and return to ACS’s shell, type the following command: cli> quit...
-
Page 275: Modem Pc Cards
Uncomment the line that assigns the local and remote IPs in /etc/ppp/options.ttyS33 (or whatever is the tty name in your system). For instance, you may want to assign 192.168.0.1 for local ip, and 192.168.0.2 for the remote ip. Step 6 - Save /etc/ppp/options.ttyS33 in flash. AlterPath ACS Command Reference Guide... -
Page 276: Establishing A Callback With Your Modem Pc Card
PCMCIA Cards Integration Step 7 - Create an entry in /etc/config_files. It should have the name of the file you created, so that the new file can be saved to the flash. For instance, you will have to add a line with /etc/ppp/options.ttyS33 in /etc/config_files. - Page 277 Step 4 - If you plan to login through PPP follow steps 4 - 9 in the section above on Modem PC Cards. Step 5 - Create users. Step A: Create a new user with the command adduser myUserName. AlterPath ACS Command Reference Guide...
- Page 278 PCMCIA Cards Integration This will create an entry in /etc/passwd that resembles this: myUserName:$1$/3Qc1pGe$./h3hzkaJQJ/:503:503:Embedix User,,,:/home/myUserName:/bin/sh Step B: If you want to limit myUserName to getting ONLY PPP access and NOT shell access to the server, edit the entry for myUserName in /etc/passwd. Do this by replacing /bin/sh with a pathname to a script that you will be creating later.
-
Page 279: Cli Method - Modem Pcmcia
Log in through ppp: Click on Done on the Terminal Window. CLI Method - Modem PCMCIA To configure a modem PCMCIA card using the CLI, follow the steps: Step 1 - Open the CLI interface by issuing the command: # CLI AlterPath ACS Command Reference Guide... - Page 280 PCMCIA Cards Integration Step 2 - Enabling the PCMCIA modem and configuring it. The line below configures a PCMCIA modem placed on slot 2 with local IP address 10.0.0.1 and remote IP address 10.0.0.2 cli>config network pcmcia 2 modem ppp yes localip 10.0.0.1 remoteip 10.0.0.2 Step 3 - Enabling callback (OPTIONAL STEP).
-
Page 281: Gsm Card Configuration
Depending the way you wish to use the GSM card, some parameters do not need to be configured. Here we will explain all configurable parameters: PIN NUMBER: The command below will configure 1010 as PIN number: cli>config network pcmcia 2 gsm pin 1010 AlterPath ACS Command Reference Guide... - Page 282 PCMCIA Cards Integration LOCALIP/REMOTEIP: Just configure it if you want to establish a PPP connection. The first command below defines the unit’s local IP address and the second one the other side IP address. cli>config network pcmcia 2 gsm localip cli>config network pcmcia 2 gsm remoteip ENABLECALLBACK: Configure it if you want to call back another GSM modem.
-
Page 283: Cdma Card Configuration
57600 data-only y init-chat "" \d\d\d+++\d\d\dATZ OK AT$QCVAD=4 OK Where xx is the serial port number that will be assigned to the CDMA card. Step 2 - In /etc/pcmcia/serial.opts, add this entry: AlterPath ACS Command Reference Guide... -
Page 284: Cli Method
PCMCIA Cards Integration *,0,*) INFO="Modem Slot 1 Setup" LINK="/dev/modem" INITCHAT="- \d\d\d+++\d\d\datz OK" INITTAB="/sbin/mgetty" start_fn () { return; } stop_fn () { return; } NO_CHECK=n NO_FUSER=n Step 3 - If configuring a local and remote IP, modify local_IP:remote_IP entry in /etc/ppp/options.ttyXX file. Step 4 - To enable the call back feature, add the following entry to /etc/mgetty/login.config PSEUDO_CB_NAME - - /sbin/callback -S PHONE (PSEUDO_CB_NAME=cbuser) - Page 285 Step 3 - Activate the configuration. cli>config runconfig Step 4 - Save the configuration. cli>config savetoflash Step 5 - Exiting the CLI mode. To exit the CLI mode and return to the ACS’s shell, type the following command: cli> quit AlterPath ACS Command Reference Guide...
-
Page 286: Isdn Pc Cards
PCMCIA Cards Integration ISDN PC Cards You can establish synchronous PPP connections with ISDN cards. The ipppd is the daemon that handles the synchronous PPP connections. VI Method How to configure dial in. Step 1 - Create a user. Create a user in /etc/ppp/pap-secrets or in /etc/ppp/chap-secrets, depending if you want PAP or CHAP authentication. -
Page 287: Establishing A Callback With Your Isdn Pc Card
The steps to allow callback are divided into two parts. Part One is the configuration for the ACS (ACS Setup) as callback server. Part Two is the configuration of a Windows 2000 Professional computer as callback client. ACS setup (Callback Server). AlterPath ACS Command Reference Guide... - Page 288 PCMCIA Cards Integration Step 1 - Change the parameters in /etc/pcmcia/isdn.opts to fit your environment. Step 2 - Set the callback number in DIALOUT_REMOTENUMBER: DIALOUT_REMOTENUMBER="8358662" # Remote phone that you want to dial to Step 3 - If your isdn line supports caller id, it is recommended that you also configure the DIALIN_REMOTENUMBER and enable secure calls.
-
Page 289: Establishing A Callback With Your Isdn Pc Card (2Nd Way)
The steps described here will work when the remote side is a UNIX machine, not Windows. The callback call will happen after the PPP authentication is successful. ACS Setup (Callback Server). Step 1 - Change the parameters in /etc/pcmcia/isdn.opts file to fit your environment. AlterPath ACS Command Reference Guide... - Page 290 PCMCIA Cards Integration Step A - Set the callback number in DIALOUT_REMOTENUMBER. DIALOUT_REMOTENUMBER="8358662" # Remote phone that you want to dial to Step B - Configure the DIALIN_REMOTENUMBER. If your ISDN line supports caller id, it is recommended that you also configure the DIALIN_REMOTENUMBER and enable secure calls.
-
Page 291: Cli Method - Isdn Pcmcia
ENABLECALLBACK: Configure it if you want to call back another ISDN modem. cli>config network pcmcia 2 isdn enablecallback yes callbacknum 55552244 Step 3 - Activating the configuration. cli>config runconfig Step 4 - Save the configuration. cli>config savetoflash AlterPath ACS Command Reference Guide... - Page 292 PCMCIA Cards Integration Step 5 - Exiting the CLI mode. To exit the CLI mode and return to ACS’s shell, type the following command: cli>quit...
-
Page 293: Media Cards
In addition, an utility to create or partition the CF has been added. For this, the program sfdisk will be used. sfdisk can be easily used for scripting, so it can be called from the prompt shell. To check an ext2 or vfat filesystem, the utility fsck has been added. AlterPath ACS Command Reference Guide... -
Page 294: Method - Configuration
PCMCIA Cards Integration # fsck -t <ftype> /dev/<hdxx> When the card is inserted, cardmgr loads the ide-cs module, which depends on ide- mod.o. This in turn loads ide-probe-mod.o, which recognizes the CF as a disk, and ide- disk.o will be loaded. From this point on, the partitions (usually one) can be mounted using mount. -
Page 295: Cli Method - Media Cards Pcmcia
Correct operation of the ACS is not guaranteed if eject is not executed. CLI Method - Media Cards PCMCIA Mounting PCMCIA storage devices using the CLI is extremely simple. Just follow the steps below: AlterPath ACS Command Reference Guide... -
Page 296: How To Save/Load Configuration To/From Cf/Ide
PCMCIA Cards Integration Step 1 - Open the CLI interface by issuing the command: # CLI Step 2 - Enabling the Compact Flash or mini hard drive. Supposing that the PCMCIA card is placed on slot 1 of the unit, run the command: cli>config network pcmcia 1 cflash enable yes To enable data buffering on this device run the command:... -
Page 297: Cli Method: Backupconfig
• replace: the configuration is copied to the internal flash and is used as the config file. CLI Method: backupconfig To save/restore the configuration to/from a PCMCIA media card follow the steps below: AlterPath ACS Command Reference Guide... -
Page 298: Generic Dial-Out
PCMCIA Cards Integration Step 1 - Open the CLI interface by issuing the command: # CLI Step 2 - Saving the configuration to a Storage Device: cli> administration backupconfig saveto sd [default] [replace] Step 3 - Restoring the configuration from a Storage Device: cli>... -
Page 299: Configuring The Generic-Dial.conf
0 connect '/usr/local/sbin/chat -v -t3 -f /etc/chatscripts/wireless' Configuring the generic-dial.conf The file "/etc/generic-dial.conf" contains sections that corresponds to instances of generic-dial applications. For example, AlterPath ACS Command Reference Guide... -
Page 300: Configuring Generic Dial-Out
PCMCIA Cards Integration # begin <application-type> [instanceID] #..#..# end <application-type> Where [instanceID] is an optional string to identify a particular instance, and <application type> corresponds to specific application(s) built over the infrastructure. Within each application the parameters needed to create the objects for that specific instance is inserted. - Page 301 Step 3 - Configure the PPP options (pppd) in /etc/ppp/peers/<name> Where <name> is the same as the <filename> variable specified in the outPort.pppcall <filename> parameter in /etc/generic- dial.conf. The following example shows the /etc/ppp/peers/wirelss file. AlterPath ACS Command Reference Guide...
- Page 302 PCMCIA Cards Integration In this example note that the “connect” script initiates the connection. The file “wireless” executes using the “chat” automated modem communication scrip with the parameters -v (verbose mode), -t (timeout), and -f (read the chat script from the /etc/chatscripts/wireless file).
- Page 303 Edit the parameters in the /etc/network/st_routes file. b) Activate the new routes by issuing the following command: #> runconf c) Save the new configuration to flash. #> saveconf d) Check the routes by issuing the following command. #> route -n AlterPath ACS Command Reference Guide...
- Page 304 PCMCIA Cards Integration...
-
Page 305: Chapter 8 - Profile Configuration
Chapter 8 Profile Configuration Chapter 8 - Profile Configuration ................This chapter begins with a table containing parameters common to all profiles, followed by tables with parameters specific to a certain profile. You can find samples of the pslave configuration files (pslave.conf, .cas, .ts, and .ras) in the /etc/portslave directory. Then all possible profiles (CAS, TS and RAS) and the necessary parameters that need to be configured in the /etc/portslave/pslave.conf file. - Page 306 Profile Configuration Parameter Description Factory Configuration conf.dhcp_client It defines the dhcp client operation mode. Valid values: 0 - DHCP disabled 1 - DHCP active 2 - DHCP active and the unit saves the last IP assigned by the DHCP server in flash. conf.eth_ip_alias Secondary IP address for the Ethernet interface (needed for clustering feature).
-
Page 307: Etc/Portslave/Pslave.conf Common Parameters
Notice that these are common users, not administrators. Note: This parameter is inactive by default. To activate, uncomment the parameter and set the desired value. Table 8.1: /etc/portslave/pslave.conf common parameters AlterPath ACS Command Reference Guide... - Page 308 Profile Configuration Parameter Description Factory Configuration all.issue This text determines the format of the login banner that See Description column is issued when a connection is made to the ACS . \n represents a new line and \r represents a carriage return. Expansion characters can be used here.
- Page 309 Do not map carriage-return to a newline character on input. all.sttyCmd -igncr -onlcr opost -icrnl Note: This parameter is inactive by default. To activate, uncomment the parameter and set the desired value. Table 8.1: /etc/portslave/pslave.conf common parameters AlterPath ACS Command Reference Guide...
- Page 310 Profile Configuration Parameter Description Factory Configuration all.utmpfrom It allow the administrator to customize the field "%g:%P.%3.%4" "FROM" in the login records (utmp file). It is displayed in the "w" command. The default value is "%g:%P.%3.%4" %g : process id %P : Protocol %3 : Third nibble of remote IP %J : Remote IP Note: In the pslave.conf file there is a list of all...
- Page 311 TTY. It is only valid if TTY protocol is socket_ssh, socket_server, or socket_server_ssh. all.break_interval This parameter defines the break duration in milliseconds. It is valid if TTY protocol is socket_ssh,socket_server, socket_server_ssh, or ssh-2 (client). Table 8.1: /etc/portslave/pslave.conf common parameters AlterPath ACS Command Reference Guide...
- Page 312 Profile Configuration Parameter Description Factory Configuration all.flow This sets the flow control to hardware, software, or none none. Table 8.1: /etc/portslave/pslave.conf common parameters...
-
Page 313: Acs1 Only
Then, enable it by running the command: daemon.sh restart NET • PPP over leased lines (only authentication PAP/CHAP): “ppp_only” • PPP with terminal post dialing (Auto detect PPP): “ppp” Table 8.1: /etc/portslave/pslave.conf common parameters AlterPath ACS Command Reference Guide... - Page 314 Profile Configuration Parameter Description Factory Configuration all.web_WinEMS Defines whether or not management of Windows Emergency Management Service is allowed from the Web. Note: This parameter is inactive by default. To activate, uncomment the parameter and set the desired value. all.xml_monitor A non-zero value activates XML monitoring.
-
Page 315: Pslave.conf Cas (Console Access Server) Parameters
The file /etc/syslog-ng/syslog-ng.conf contains a mapping between the facility number and the action (see more Section 5.4, “Syslog-ng,” on page 161). Table 8.2: CAS specific parameters for the pslave.conf AlterPath ACS Command Reference Guide... -
Page 316: Profile Configuration
Profile Configuration Parameter Description Factory Configuration conf.nat_clustering_ip IP address of any ACS interface (master box). It is a public IP address (e.g. Ethernet's interface IP address) and it is the one that must be used to connect the slave's serial ports. You can use the same value assigned to the Ethernet's IP address as that of the master box in the chain. - Page 317 If this parameter is commented out, then no checking and matching occurs. Note: This parameter is inactive by default. To activate, uncomment the parameter and set the desired value. Table 8.2: CAS specific parameters for the pslave.conf AlterPath ACS Command Reference Guide...
- Page 318 Profile Configuration Parameter Description Factory Configuration all.auto_answer_output This parameter works in conjunction with null all.auto_answer_input. It allows you to configure a string that is sent back to the remote server whenever the incoming data remote server matches with all.auto_answer_input. This parameter works only when there is no session to the port.
- Page 319 This file can be viewed using the normal Unix tools (cat, vi, more, etc.). Size is in bytes not kilobytes. See Data Buffering for details. Table 8.2: CAS specific parameters for the pslave.conf AlterPath ACS Command Reference Guide...
- Page 320 Profile Configuration Parameter Description Factory Configuration all.DB_mode When configured as cir for circular format, the buffer works like a revolving file at all times. The file is overwritten whenever the limit of the buffer size (as configured in all.data_buffering or s<n>.data_buffering) is reached.
- Page 321 The syslog-ng.conf file should be set accordingly, for the syslog-ng to take some action (please see Section 5.4, “Syslog-ng,” on page 161 for the syslog-ng configuration file). Table 8.2: CAS specific parameters for the pslave.conf AlterPath ACS Command Reference Guide...
- Page 322 Profile Configuration Parameter Description Factory Configuration all.billing_records Billing file size configuration. A non-zero value defines the maximum number of billing records within a billing file. Zero stops billing recording. The billing files are located at /var/run/DB and are named cycXXXXX-YYMMDD.hhmmss.txt (e.g., cycTS100-030122.153611.txt.
- Page 323 Default value is '^z'. Note: This parameter is inactive by default. To activate, uncomment the parameter and set the desired value. Table 8.2: CAS specific parameters for the pslave.conf AlterPath ACS Command Reference Guide...
- Page 324 Profile Configuration Parameter Description Factory Configuration all.tx_interval Valid for protocols socket_server and raw_data. Defines the delay (in milliseconds) before transmission to the Ethernet of data received through a serial port. If not configured, 100ms is assumed. If set to zero or a value above 1000, no buffering will take place.
-
Page 325: Pslave.conf Ts (Terminal Server) Parameters
This is useful if the Radius authentication server is down. all.host The IP address of the host to which the terminals will 192.168.160.8 connect. Table 8.3: TS specific parameters for the pslave.conf file AlterPath ACS Command Reference Guide... - Page 326 Profile Configuration Parameter Description Factory Configuration all.term This parameter defines the terminal type assumed vt100 when performing rlogin or Telnet to other hosts. all.userauto Username used when connected to a UNIX server null from the user’s serial terminal. Note: This parameter is inactive by default. To activate, uncomment the parameter and set the desired value.
-
Page 327: Pslave.conf Dial-In Parameters
Framed; attribute Framed_Protocol(7): PPP; attribute Callback_Number(19): the dial number (example: 50903300). Note: This parameter is inactive by default. To activate, uncomment the parameter and set the desired value. Table 8.4: Dial-in specific parameters for the pslave.conf AlterPath ACS Command Reference Guide... -
Page 328: Pslave.conf Bidirectional Telnet Parameters
Profile Configuration Parameter Description Factory Configuration all.pppopt all.pppopt PPP options when user has null already been authenticated. Note: This parameter is inactive by default. To activate, uncomment the parameter and set the desired value. all.protocol For the Dial-in configuration, the available protocols are ppp, ppp_only, slip, and cslip. -
Page 329: To Configure Bidirectional Telnet
Step 2 - Activate bidirectional Telnet cli> config physicalports <'all' or range/list[1-4]> general protocol <protocolname> Step 3 - To specify a login timeout cli> config physicalports <'all' or range/list[1-4]> access logintimeout <login timeout in seconds> AlterPath ACS Command Reference Guide... -
Page 330: To Configure A Menu Shell
Profile Configuration Step 4 - Save the configuration. cli> config savetoflash Step 5 - Exit the CLI mode. To exit the CLI mode and return to ACS’s shell, type the following command: cli> quit To configure a menu shell Enter the following command at the prompt. [root@CAS /]# menush_cfg The following configuration utility is displayed allowing you to configure a menu shell for the user. -
Page 331: Other State Parameters
- To configure socket port number. Four digit values are valid for this parameter. Eg.: 7001. • terminaltype - The terminal type when using a TS profile for connecting to a host system. • winems - Enables/Disables windows EMS. AlterPath ACS Command Reference Guide... -
Page 332: Examples For Configuration Testing
Profile Configuration 8.2 Examples for configuration testing The following three examples are just given to test a configuration. The steps should be followed after configuring the ACS . Console Access Server With the ACS set up as a CAS you can access a server connected to the ACS through the server’s serial console port from a workstation on the LAN or WAN. - Page 333 Step 4 - Confirm routing. Also make sure that the computer is configured to route console data to its serial console port (Console Redirection). Telnet to the server connected to port 1. AlterPath ACS Command Reference Guide...
-
Page 334: Terminal Server
It is possible to access the serial ports from Microsoft stations using some off-the- shelf packages. Although Cyclades is not liable for those packages, successful tests were done using at least one of them. From the application’s viewpoint running on a Microsoft station, the remote serial port works like a regular COM port. -
Page 335: Terminal Server Diagram
Step 5 - Log onto server with new username and password. From a terminal connected to the ACS , try to login to the server using the username and password configured in step one. AlterPath ACS Command Reference Guide... -
Page 336: Dial-In Access
ACS to allow a modem user to access the LAN. Radius authentication is used in this example and ppp is chosen as the protocol on the serial (dial-up) lines. Cyclades recommends that a maximum of two ports be configured for this option. Figure 8.4 - Ports configured for dial-in access After configuring the serial ports as described in this Chapter, the following step-by-step check list can be used to test the configuration. - Page 337 IP address from the remote access server (the ACS in this case) and to use PAP authentication. Step 7 - Activate changes. Now continue on “Activate the changes.” on page 101 through “Save the changes.” on page 102 listed in Chapter 4, “Network”. AlterPath ACS Command Reference Guide...
- Page 338 Profile Configuration...
-
Page 339: Chapter 9 - Additional Features And Applications
Chapter 9 Additional Features and Chapter 9 - Additional Features and Applications ................Applications This chapter covers special features or applications that does not fit into any of the previous chapters. The following features will be shown in this chapter: •... - Page 340 Additional Features and Applications • OFF - Disables output to a remote computer. Removes the /redirect switch from the specified line_number and the redirect=comX setting from the [boot loader] section. • ON - Enables remote output for the specified line_number. Adds a /redirect switch to the specified line_number and a redirect=comX setting to the [boot loader] section.
- Page 341 Windows Server 2003. Table 9.1: machine info tag A sample encoding of this tag follows: <?xml> <machine-info> <name>NTHEAD-800I-1</name> <guid>00000000-0000-0000-0000-000000000000</guid> <processor-architecture>x86</processor-architecture> <os-version>5.2</os-version> <os-build-number>3735</os-build-number> <os-product>Windows Server 2003 Enterprise Edition</os-product> <os-service-pack>None</os-service-pack> </machine-info> File Description 9.1: Machine info sample tag AlterPath ACS Command Reference Guide...
- Page 342 Additional Features and Applications The console environment provided by the serial port is called Special Administration Console (SAC). In the SAC command line, each time we enter the “cmd” command we create a channel. A channel is the “Command Prompt” environment, where you can enter the Command Prompt commands (dir, cd, edit, del, copy, etc).
- Page 343 Is the type of data being emitted on the active channel. Currently, there are two types of data supported: 1) Raw for the 3 GUI-Mode Setup channels 2) VT-UTF8 for the SAC and CMD channels Table 9.2: Elements in the <channel-switch> tag AlterPath ACS Command Reference Guide...
- Page 344 Additional Features and Applications A sample encoding of the SAC channel tag follows: <channel-switch> <name>SAC</name> <description>Special Administration Console</description> <type>VT-UTF8</type> <guid>1aee4cc0-cff3-11d6-9a3d-806e6f6e6963</guid> <application-type>63d02270-8aa4-11d5-bccf-806d6172696f</application-type> </channel-switch> File Description 9.2: SAC channel tag example A sample encoding of the CMD channel tag follows: <channel-switch> <name>Cmd0001</name> <description>Command Prompt</description>...
-
Page 345: How To Configure
<os-product>Windows Server 2003 Enterprise Edition</os-product> <os-service-pack>None</os-service-pack> </machine-info> </INSTANCE> </BP> File Description 9.5: Break Point tag example How to Configure Some parameters need to be configured in the /etc/portslave/pslave.conf to configure this feature. To enable it, follow the instructions below. AlterPath ACS Command Reference Guide... -
Page 346: Mode - Parameters Involved And Passed Values
Additional Features and Applications VI mode - Parameters Involved and Passed Values There is a new parameter in /etc/portslave/pslave.conf to monitor for xml data. For instance, for ttyS1 we could configure: s1.xml_monitor When the xml_monitor is set, cy_buffering will search for xml packets coming from the serial port. - Page 347 4410-8045- 0’s GUID string is used. 80c04f4c4c20 $<processor-architecture> Processor architecture. It can be either x86 or IA64. $<os-version> Windows version. $<os-build-number> Numeric string that identifies a 3763 successive Windows Build. Table 9.5: f_windows_boot available macros AlterPath ACS Command Reference Guide...
- Page 348 So we just have to create the following entry in syslog-ng.conf: destination win2003mail { pipe("/dev/cyc_alarm" template("sendmail -t administrator@cyclades.com -f acs -s \"\ Server $<name> crashed\" -m \'\ Break Point: $<INSTANCE CLASSNAME=>...
-
Page 349: Server Commands
Display the current time and date (24 hour clock used). mm/dd/yyyy hh:mm Set the current time and date (24 hour clock used). Tlist. crashdump Crash the system. Crash dump must be enabled. restart Restart the system immediately. Table 9.6: Server Commands AlterPath ACS Command Reference Guide... - Page 350 Additional Features and Applications Command Set Description shutdown Shut down the system immediately. Table 9.6: Server Commands...
-
Page 351: Ipmi Configuration
You can configure IPMI using the following methods: • ipmitool – IPMI Configuration • CLI – IPMI [CLI] IPMI [ipmitool] Utility for controlling IPMI-enabled devices. Name ipmitool Usage ipmitool [-hvV] -I interface -H hostname [-L privlvl] [-A authType] [-P password] <expression> AlterPath ACS Command Reference Guide... - Page 352 Additional Features and Applications Options Use the following options to configure IPMI. Table 9-7: Options for ipmitool Option Description Valid Values Get basic usage help from the command line. Increase verbose output level. This option may be specified multiple times to increase the level of debug output.
- Page 353 You can configure IPMI using the ipmi keyword and the following attributes in CLI mode: 1.0 config – enter into configuration state 1.1 ipmi – configure IPMI devices 1.1.1 add <alias> – add a IPMI device serverIP serverIP <n.n.n.n> – IP address of the device AlterPath ACS Command Reference Guide...
- Page 354 Additional Features and Applications authType <authentication options: md2, md5, none, password> – authentication type privilege <user or operator or admin> – user access level username <string> – user name used to access the device password <string> – password used to access the device 1.1.2 edit <alias>...
-
Page 355: Line Printer Daemon
:lp=/dev/ttyS2: \ :lf=/var/log/lpd.log: File Description 9.7: /etc/printcap file Step 3 - Enable the printer daemon. Edit the file /etc/lpd.sh and change the option ENABLE to YES Step 4 - Allow clients to use the service. AlterPath ACS Command Reference Guide... - Page 356 Additional Features and Applications Edit the file /etc/hosts.lpd and include the hosts name that you allow to user the ACS printers. (The lpd needs to translate the IP address of the request message to the host name, NOTE: check your resolv.conf file). Step 5 - Restart the processes, use the command "runconf"...
-
Page 357: Cas Port Pool
The configuration for this feature is made directly in the /etc/portslave/pslave.conf file. Don’t forget to activate and save the configuration by issuing the commands runconf and saveconf respectively. VI method Following is an example of serial port pool configuration: AlterPath ACS Command Reference Guide... - Page 358 Additional Features and Applications # Serial port pool: pool-1 s1.tty ttyS1 s1.protocol socket_server s1.socket_port 7001 // TCP port # for specific allocation s1.pool_socket_port 3000 // TCP port # for the pool s1.ipno 10.0.0.1 // IP address for specific allocation s1.pool_ipno 10.1.0.1 // IP address for the pool s1.alias serial-1 // alias for specific allocation s1.pool_alias pool-1 // alias for the pool s2.tty ttyS2...
- Page 359 Alternately, you can access ttyS1 through pool (if it's free) using TCP port 3000, IP 10.1.0.1 or alias pool-1. If it is not free ttyS2 will be automatically allocated. Additionally, if ttyS2 is not free, the connection will be dropped. AlterPath ACS Command Reference Guide...
-
Page 360: Billing
Additional Features and Applications 9.5 Billing All ACS family of products can be used as an intermediate buffer to collect serial data (like billing tickets from a PBX), making them available for a posterior file transfer. Different ports can have simultaneous "billing sessions". General Feature Description ACS reads the serial port and saves the information to Ramdisk files, which is limited to the maximum number of records per file. -
Page 361: How It Works
100 Kb, the serial interface deactivates “RTS” signal on the RS-232. “RTS” is reactivated once the disk free space is greater than 120 Kb. AlterPath ACS Command Reference Guide... -
Page 362: Billing Wizard
Additional Features and Applications Billing Wizard This feature improves the billing application by using a script and automating the upload of the billing records files from the ACS to a remote server using FTP or SSH. How to Configure The config_billing.sh script is used to configure a serial port for billing protocol, and configure upload scripts using FTP or SSH. - Page 363 The key must be stored on the server with the appropriate configuration. Step 2 - Execute saveconf Step 3 - Restart ACS to activate the options related to billing upload. AlterPath ACS Command Reference Guide...
- Page 364 Additional Features and Applications...
-
Page 365: Appendix A - New User Background Information
Appendix A - New User Background Information ................Information This appendix has the objective to introduce new users with commands, file structure, processes, programs and other features used by the AlterPath ACS operating system. This appendix includes the following sections: • User and Passwords •... -
Page 366: Who Is Logged In And What They Are Doing
# addgroup wheel In file /etc/group there should be a line with at least the following: wheel::zzz: Step 2 - Belong to the group wheel. An administrator with root access would edit /etc/group file and insert the username at the end of the wheel line. For example, for user steve, the administrator would edit the line in file/etc/group: wheel::zzz: to add "steve"... -
Page 367: Basic File Manipulation
• /lib - Contains shared libraries. • /proc - Contains process information. • /mnt - Contains information about mounted disks. • /opt - Location where packages not supplied with the operating system are stored. • /tmp - Location where temporary files are stored. •... -
Page 368: The Vi Editor
Shortcuts: . (one dot) Represents the current directory. .. (two dots) Represents one directory above the current directory (i.e. one directory closer to the base directory). A.5 The vi Editor To edit a file using the vi editor, type: vi file_name Vi is a three-state line editor: it has a command mode, a line mode and an editing mode. -
Page 369: The Routing Table
Having arrived at the location where text should be changed, use these commands to modify the text (note commands “i” and “o” will move you into edit mode and everything typed will be taken literally until you press the <ESC> key to return to the command mode). -
Page 370: Secure Shell Session
IP 10.0.0.1 or socket port 7001. The various ways to access the server connected to the port are: ssh -t cyclades:ttyS1@acs16 ssh -t cyclades:7001@acs16 ssh -t cyclades:10.0.0.1@acs16 ssh -t cyclades:file_server@acs16 ssh -t -l cyclades:10.0.0.1 acs16 ssh -t -l cyclades:7001 acs16 354 | Appendix A - New User Background Information... -
Page 371: The Session Channel Break Extension
For OpenSSH clients, version 4.1p1 or later SSHv2 is the default. In that case, the -1 flag is used for SSHv1. # ssh -t cyclades:7001@acs16 # ssh -t -2 cyclades:7001@acs16 # ssh -t cyclades:7001@acs16 (openssh 4.1p1 or later - ACS version 2.1.0 or later -> SSHv2 will be used) # ssh -t -1 cyclades:7001@acs16 (OpenSSH 4.1p1 or later - ACS version 2.1.0 or later ->... -
Page 372: How It Works In Ssh Client
The serial driver accepts the parameter break interval in the break command. If the SSHv2, then the server accepts and treats the "break request" sent by the client. The "break request" defines the break-length in milliseconds. The server sends a break command with the break-length to the serial driver to perform the break in the serial port. -
Page 373: The Process Table
2 - You can get the kernel's attention by sending a BREAK signal. <ENTER> + ~break The Result will be: SysRq : HELP : loglevel0-8 reBoot Crash tErm kIll saK showMem Nice powerOff showPc unRaw Sync showTasks Unmount or if you type for example, <ENTER>... -
Page 374: Ts Menu Script
Below is an example on how TS Menu can be used: # ts_menu Master and Slaves Console Server Connection Menu 1 TSJen800 2 test.Cyclades.com 3 az84.Cyclades.com 4 64.186.190.85 5 az85.Cyclades.com Type 'q' to quit, a valid option [1-5], or anything else to refresh: By selecting 1 in this example, the user will access the local serial ports on that ACS. - Page 375 Serial Console Server Connection Menu for your Master Terminal Server 1 ttyS1 2 ttyS2 3 s3alias Type 'q' to quit, 'b' to return to previous menu, a valid option[1-3], or anything else to refresh: Options 1 to 3 in this case are serial ports configured to work as a CAS profile. Serial port 3 is presented as an alias name (s3alias).
- Page 376 360 | Appendix A - New User Background Information...
-
Page 377: Appendix B - Upgrades And Troubleshooting
Users should upgrade the ACS whenever there is a bug fix or new features that they would like to have. Below are the six files added by Cyclades to the standard Linux files in the /mnt/flash directory when an upgrade is needed. They are: •... - Page 378 ftp> open server ftp> user admin ftp> Password: adminpw ftp> cd /tftpboot ftp> bin ftp> get zImage.134 zImage ftp> quit The destination file name in the /mnt/flash directory must be zImage. Example NOTE: (hostname = server; directory = /tftpboot; username= admin; password = adminpw; firmware filename on that server = zImage.134).
-
Page 379: Cli Method - Firmware Upgrade
CLI Method - Firmware Upgrade To upgrade the ACS firmware follow the steps below: Step 1 - Open the CLI interface by issuing the command: # CLI Step 2 - Upgrading the firmware. All you need to know to upgrade the ACS’s firmware is the remote IP address of the FTP server and the path of the image file in the remote server. -
Page 380: Troubleshooting
B.2 Troubleshooting Flash Memory Loss If the contents of flash memory are lost after an upgrade, please follow the instructions below to restore your system: Step 1 - Turn the ACS OFF, then back ON. Step 2 - Using the console, wait for the self test messages. If you get no boot messages, verify that you have the correct setting, otherwise press “s”... -
Page 381: Hardware Test
ACS or the changes will be lost. If a file is created (or a filename altered), its name must be added to this file before executing saveconf and rebooting. Cyclades Technical Support is always ready to help with any configuration IMPORTANT! problems. Before calling, execute the command # cat /proc/version and note the Linux version and ACS version written to the screen. -
Page 382: Port Test
Step 1 - signal_ras stop. Step 2 - Perform all hardware tests needed. Step 3 - signal_ras start. Port Test Either a cross cable or a loop-back connector is necessary for this test. Their pinout diagrams are supplied in Appendix C - Cabling and Hardware Information. -
Page 383: Port Conversation
Port Conversation This test sends and receives data on the selected port. One way to run this test is to place a loop-back connector on the port to be tested and begin. Enter the number of the port and a baud rate (9600 is a typical value). Type some letters, and if the letters appear on the screen, the port is working. -
Page 384: Single User Mode
Single User Mode The ACS has a single user mode used when: • The name or password of the user with root privileges is lost or forgotten, • After an upgrade or downgrade which leaves the ACS unstable, • After a configuration change which leaves the ACS inoperative or unstable. Type the word “... -
Page 385: Using A Different Speed For The Serial Console
WARNING: this will erase all of your current configuration and restore the system's factory default configuration. This action is irreversible and the ACS must be rebooted to apply that. Enter y or N at the following prompt. Are you sure you wish to continue? (y/N) If you entered ‘y’, type reboot at the following prompt. -
Page 386: Setting The Maximum Number Of Bytes Received By The Interface
(all bytes will be processed at any rate). An optimum rate determined by Cyclades during the testing process was 50000. Notice that, though bigger values won't cause harm (will only make the system more sensible to storms), smaller values can cause the feature be triggered by the normal equipment traffic. - Page 387 The following screen appears: Current configuration MAC address assigned to Ethernet [00:60:2e:00:16:b9] IP address assigned to Ethernet interface [192.168.160.10] Watchdog timer ((A)ctive or (I)nactive) [A] Firmware boot from ((F)lash or (N)etwork) [F] Boot type ((B)ootp,(T)ftp or Bot(H)) [T] Boot File Name [zvmppcts.bin] Server's IP address [192.168.160.1] Console speed [9600] (P)erform or (S)kip Flash test [P]...
-
Page 388: Leds
B.3 LEDs CPU LEDs Normally the CPU status LED should blink consistently one second on, one second off. If this is not the case, an error has been detected during the boot. The blink pattern can be interpreted via the following table: Event CPU LED Morse code Normal Operation... -
Page 389: Console Connector
Console Connector • CP - CPU activity. It flashes at roughly 1 second intervals. • P1 - Power supply #1 ON. • P2 - Power supply #2 ON. Serial Connector • LK - DTR. It's software-controlled. • DT - Data transmitted to or received from the serial line. It's hardware-controlled. Administration parameters in the CLI interface Some of the procedures described above can be configured using the CLI interface. - Page 390 Session Management: To manage sessions, access: cli>administration sessions This menu lets you do following: • kill - To cancel a connection to the serial port <n> • list - Lists the current sessions Backup Configuration: It is possible to save/restore configurations to/from a FTP server.
-
Page 391: Appendix C - Cabling And Hardware Information
C.1 General Hardware Specifications The power consumption and heat dissipation, environmental conditions and physical specifications of the ACS are listed below. Cyclades AlterPath ACS Products Power Consumption and Heat Dissipation Input = 120Vac Input = 230 Vac Heat Exchange... - Page 392 Environmental Information ACS1 ACS4 ACS8 ACS16 ACS32 ACS48 Operating 50F to 122F 50F to 112F 50F to 112F 50F to 112F 50F to 112F 50F to 112F Temperature (10ºC to (10ºC to (10ºC to (10ºC to (10ºC to (10ºC to 50ºC) 44ºC) 44ºC)
-
Page 393: The Rs-232 Standard
The RS-232 Standard RS-232C, EIA RS-232, or simply RS-232 refer to a standard defined by the Electronic Industries Association in 1969 for serial communication. More than 30 years later, more applications have been found for this standard than its creators could have imagined. Almost all electronic devices nowadays have serial communication ports. - Page 394 • If the speed is 38.4 kbps or higher, cables should be shorter than 10 meters (30 feet) • If your application is outside the above limits (high speed, long distances), you will need better quality (low impedance, low-capacitance) cables. Successful RS-232 data transmission depends on many variables that are specific to each environment.
-
Page 395: Connectors
“female.” RS-232 Name/Function DB-25 pins DB-9 pins RJ-45 pins Signal (Input/Output) (Standard) (Standard) (Cyclades) Chassis Safety Ground Shell Shell Transmit Data (O) Receive Data (I) Data Terminal Ready (O) Data Set Ready (I) Data Carrier Detect (I) -
Page 396: Straight-Through Vs. Crossover Cables
First, look up the proper cable for your application in the table below. Next, purchase standard off-the-shelf cables from a computer store or cable vendor. For custom cables, refer to the cable diagrams to build your own cables or order them from Cyclades or a cable vendor. - Page 397 Most of the diagrams in this document show the “complete” version of the crossover cables, with support for modem control signals and hardware flow control. Applications that do not require such features have just to configure NO hardware flow control and NO DCD detection on their side.
-
Page 398: Cable Packages
C.3 Cable Packages Cable #1: Cyclades RJ-45 to DB-25 Male, straight-through Application: This cable connects Cyclades products (serial ports) to modems and other DCE RS-232 devices. It is included in both Cable Package #1 and #2. Figure C.7 - Cable 1 - Cyclades RJ-45 to DB-25 Male, straight-through... -
Page 399: Cable #4: Cyclades Rj-45 To Cyclades Rj-45, Straight-Through
This Adapter attaches to a Cat 3 or Cat 5 network cable. It is usually used in console management applications to connect Cyclades products to a Sun Netra server or to a Cisco product. This cable is included in Cable Package #2. -
Page 400: Adapters
Figure C.10 - Cable 4 - Cyclades RJ-45 to Cyclades RJ-45, straight-through Adapters The following four adapters are included in the product box. A general diagram is provided below and then a detailed description is included for each adapter. Loop-Back Connector for Hardware Test The use of the following DB-25 connector is explained in the Troubleshooting chapter. -
Page 401: Cyclades\Sun Netra Adapter
This Adapter attaches to a Cat 3 or Cat 5 network cable. It is usually used in console management applications to connect Cyclades products to a Sun Netra server or to a Cisco product. At one end of the adapter is the black CAT.5e Inline Coupler box with a female RJ-45 terminus, from which a 3-inch-long black Sun Netra-labeled cord extends, terminating in an RJ-45 male connector. -
Page 402: Female To Db-9 Female Adapter
Figure C.14 - RJ-45 Female to DB-25 Female Adapter RJ-45 Female to DB-9 Female Adapter The following adapter may be necessary. This is included in Cable Package #1. Figure C.15 - RJ-45 Female to DB-9 Female Adapter 386 | Appendix C - Cabling and Hardware Information... -
Page 403: Acs1-Only Cabling Information
C.4 ACS1-only Cabling Information ACS1 Connectors RS-485 Signal Name/Function Terminal Block pins Chassis Not in use TXA- Transmit Data - (A) TXB+ Transmit Data + (B) RXA- Receive Data - (A) Receive Data + (B) Chassis Not in use Table C.16: RS-485 Pinout for the ACS1 - Connector pin assignment ACS1-only Cabling Information The RS-485 Standard The RS-485 is another standard for serial communication and is available only in the... -
Page 404: Cable #1: Terminal Block To Terminal Block, Crossover Half Duplex
Cable #1: Terminal Block to Terminal Block, crossover half duplex Application: It connects the ACS1 (serial port) to DTE RS-485 devices with half duplex communication. Figure C.17 - Cable 1 for the ACS1 - Terminal Block to Terminal Block, crossover half duplex Cable #2: Terminal Block to Terminal Block, crossover full duplex Application: It connects the ACS1(serial port) to DTE RS-485 devices with full duplex... - Page 405 Cable #3: DB-9 Female to DB-25 Female, crossover This cable connects the ACS1to console ports, terminals, printers and other DTE RS-232 devices. You will essentially have the cable shown in this picture: Figure C.19 - Cable 3 for the ACS1 - DB-9 Female to DB-25 Female, crossover | 389 ACS1-only Cabling Information...
- Page 406 This page has been left intentionally blank. 390 | Appendix C - Cabling and Hardware Information...
-
Page 407: Appendix D Copyrights
The list below contains the packets and applications used in the Cyclades AlterPath ACS and a reference to their maintainers. The copyrights notices required in some packets are placed in the /COPYRIGHTS directory of the Cyclades AlterPath ACS . -
Page 408: Gnu
The GNU project http://www.gnu.org HardHat Linux MontaVista Software - HardHat version 2.1 http://www.montavista.com IPSec The Linux Openswan IPsec version 2.3.0 http://www.openswan.org IPtables Netfilter IPtables version 1.2.2. Extracted from the HardHat Linux distribution. http://www.netfilter.org Linux Kernel Linux Kernel version 2.2.17 2.4.18. Extracted from the HardHat Linux distribution http://www.kernel.org Net-SNMP SourceForge Net-SNMP project version 5.2.1.2... -
Page 409: Openssl
OpenSSL OpenSSL Project version 0.9.8 http://www.openssl.org COPYRIGHT: This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. (http://www.openssl.org/) COPYRIGHT: This product includes cryptographic software written by Eric Young (eay@cryptsoft.com) Linux PAM version 0.75 http://www.kernel.org/pub/linux/libs/pam/ Portslave SourceForge Portslave project version 2000.12.25. -
Page 410: Webs
WEBS GoAhead WEBS version 2.1 (modified) http://goahead.com/webserver/webserver.htm Copyright (c) 20xx GoAhead Software, Inc. All Rights Reserved ZLIB zlib version 1.2.3 http://www.gzip.org/zlib/ 394 | Appendix D - Copyrights... -
Page 411: Glossary
Glossary Glossary ................Authentication Authentication is the process of identifying an individual, usually based on a username and password. In security systems, authentication is distinct from authorization, which is the process of giving individuals access to system objects based on their identity. Authentication merely ensures that the individual is who he or she claims to be, but says nothing about the access rights of the individual. -
Page 412: Ip Packet Filtering
IP packet filtering This is a set of facilities in network equipment that allows the filtering of data packets based on source/destination addresses, protocol, TCP port number and other parameters. Packet filtering is one of the main functions of a firewall. KVM Switch (KVM) Keyboard-Video-Mouse Switches connect to the KVM ports of many computers and allow the network manager to access them from a single KVM station. -
Page 413: Risc
RISC Reduced Instruction Set Computer. This describes a computer processor architecture that uses a reduced set of instructions (and achieves performance by executing those instructions very fast.) Most UNIX servers (Sun Sparc, HP, IBM RS6000, Compaq Alpha) were designed with a processor using a RISC architecture. The Intel ® x86 architecture. -
Page 414: Telnet
Telnet Telnet is the standard set of protocols for terminal emulation between computers over a TCP/IP connection. It is a terminal emulation program for TCP/IP networks such as the Internet. The Telnet program runs on your computer and connects your PC to a server on the network. - Page 415 List of Tables ................1. CLI Keywords ..........7 2.
- Page 416 26. DNAT target ..........131 27.
- Page 417 55. vi file modification commands ....... . 353 56. vi line mode commands ........353 57.
- Page 418 402 | List of Tables...
- Page 419 15. Loop-Back Connector ........384 16. Cyclades\Sun Netra Adapter ....... . . 385 17.
- Page 420 404 | List of Figures...
Need help?
Do you have a question about the AlterPath ACS and is the answer not in the manual?
Questions and answers