1. Manuals
  2. Brands
  3. Cyclades Manuals
  4. Network Hardware
  5. AlterPath OnBoard
  6. Administrator's manual

Cyclades AlterPath OnBoard Administrator's Manual

Hide thumbs Also See for AlterPath OnBoard:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
Table Of Contents
461
Table of Contents

Advertisement

Quick Links

Download this manual See also: User Manual
AlterPath OnBoard
Administrator's Guide
Cyclades Corporation
3541 Gateway Boulevard
Fremont, CA 94538 USA
1.888.CYCLADES (292.5233)
1.510.771.6100
1.510.771.6200 (fax)
http://www.cyclades.com
Release Date: February 2006
Part Number: PAC0391

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the AlterPath OnBoard and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Cyclades AlterPath OnBoard

Summary of Contents for Cyclades AlterPath OnBoard

  • Page 1 AlterPath OnBoard Administrator’s Guide Cyclades Corporation 3541 Gateway Boulevard Fremont, CA 94538 USA 1.888.CYCLADES (292.5233) 1.510.771.6100 1.510.771.6200 (fax) http://www.cyclades.com Release Date: February 2006 Part Number: PAC0391...
  • Page 2 Information in this document is subject to change without notice. The following are registered or registration-pending trademarks of Cyclades Corporation in the United States and other countries: Cyclades and AlterPath. All trademarks, trade names, logos and service marks referenced herein, even when...
  • Page 3 Contents Before You Begin ..........xxix Audience ..................xxix Document Organization ..............xxx Related Documents ................ xxxii Typographic and Other Conventions ..........xxxiii Additional Resources ..............xxxv Chapter 1: Introduction ..........1 Overview of OnBoard Features for Administrators ......3 Understanding Authentication on the OnBoard ........
  • Page 4 Example and Demo Scripts and Application Notes ......62 Understanding Data Buffering on the OnBoard ......... 62 Understanding Firewall/Packet Filtering on the OnBoard ....63 Chains ..................... 64 Rules ....................64 Add Rule and Edit Rule Options ............ 65 AlterPath OnBoard Administrator’s Guide...
  • Page 5 Tasks for Administering Packet Filtering ........66 Understanding How Configuration Changes Are Handled ....67 Saving Configuration Changes ............68 Backing Up Configuration File Changes ........68 Restoring Backed Up Configuration Files ........69 Restoring Factory Default Configuration Files ......69 Configuring Files to Be Backed Up and Restored ......
  • Page 6 Configuring the Boot File Location ..........152 Specifying the Boot File Location ..........152 Local Boot Options ............... 153 Network Boot Options ..............154 Boot Fields and Menu Options ............. 155 Configuring an Alternate Help File Location ........156 AlterPath OnBoard Administrator’s Guide...
  • Page 7 Chapter 6: Web Manager “Config” Menu Options ..............159 Options Under “Config” ..............161 Configuring Devices ................ 163 Assigning a Device Type and Command Template ..... 165 Device Types ................165 Command Templates ..............165 Configuring Users and Groups ............169 Configuring Users ................
  • Page 8 Chapter 8: Web Manager “Info” and “Mgmt” Menu Options ............257 Options Under “Info” ............... 258 Viewing Status Information About Active Sessions ....259 Viewing System Information ............260 Viewing Information About Detected Devices ......263 viii AlterPath OnBoard Administrator’s Guide...
  • Page 9 Options Under “Mgmt” ..............265 Backing Up or Restoring Configuration Files ......266 Upgrading OnBoard Firmware (Operating System Kernel, Configuration Files, and Applications) ........267 Information Needed for Firmware Upgrades ......268 Configuration Backups Before Upgrading Firmware ....269 Special Considerations if the Last Boot Was a Network Boot . 271 Restarting the OnBoard ..............
  • Page 10 Device Type Differences .............. 312 Additional Reasons for Creating Custom Expect Scripts ..315 Assigning a Command Template to a New Device ...... 316 Command Templates ..............321 Issues Affecting the Configuration of RSA-Type Service Processors AlterPath OnBoard Administrator’s Guide...
  • Page 11 The onbdtemplate Utility .............. 325 OnBoard Expect Scripts ............... 329 Application Notes Related to Expect Scripts ........331 Example of Creating a Custom IPMI-Type Script ....... 332 SP/Device Expect Script Arguments ..........333 servername ................333 action ..................334 SP/Device Expect Script Exit Codes ..........335 Understanding Address Configuration for Connected Devices ..
  • Page 12 Saving an Image to a Flash PCMCIA Card ......383 Saving an Image into the Image2 area and Restoring the Factory Default Configuration..........383 Options for the restoreconf Command ..........384 Glossary ..............385 Index ............... 411 AlterPath OnBoard Administrator’s Guide...
  • Page 13 Figures Default File ........48 Figure 1-1: /etc/menu.ini Example: Onetime Password Option Added to Figure 1-2: menu.ini50 Recommended Device Configuration ......55 Figure 1-3: IP Addressing Example..........57 Figure 1-4: Web Manager Message When An Administrative Figure 2-1: User is Already Logged In .......... 75 Administrative User Options on the Web Manager ..
  • Page 14 Settings → Aux Port Screen ........127 Figure 5-2: Settings → AUX Port → Power Management ..128 Figure 5-3: Settings → AUX Port → Modem ......129 Figure 5-4: Settings → AUX Port → Modem ......130 Figure 5-5: AlterPath OnBoard Administrator’s Guide...
  • Page 15 Callback Number Field Under Settings → AUX Figure 5-6: Port → Modem............130 Settings → AUX Port → Modem ......131 Figure 5-7: Settings → IPDU Screen........... 132 Figure 5-8: Settings → IPDU Screen Without AUX Port Figure 5-9: Configuration ............132 Settings IPDU General Screen ........
  • Page 16 Config → Authentication: LDAP ......183 Figure 6-14: Config → Authentication: NIS ......... 185 Figure 6-15: Config → Authentication: Radius......186 Figure 6-16: Config → Authentication: SMB ....... 188 Figure 6-17: Config → Authentication: TACACS+ ...... 190 Figure 6-18: AlterPath OnBoard Administrator’s Guide...
  • Page 17 Default Config → Authentication Screen ....192 Figure 6-19: Default Config → Unit Authentication Screen With Figure 6-20: Menu Options............193 Default Config → Notifications Screen....194 Figure 6-21: Config → Notifications: SNMP Trap Add Dialog..195 Figure 6-22: Config → Notifications: Pager Add Dialog....197 Figure 6-23: Default Config →...
  • Page 18 Network → Private Subnets Screen......251 Figure 7-15: Network → Private Subnets: Add Subnet Dialog..252 Figure 7-16: Network → Private Subnets: Add Subnet Dialog..253 Figure 7-17: Network → Private Subnets: Virtual Network Figure 7-18: Configuration Fields ..........254 xviii AlterPath OnBoard Administrator’s Guide...
  • Page 19 “Info” Menu Options..........258 Figure 8-1: Info → Session Status Screen ........259 Figure 8-2: Info → System Information Screen ......260 Figure 8-3: Info → Detected Devices Screen ......263 Figure 8-4: “Mgmt” Options............265 Figure 8-5: Mgmt → Backup/Restore Screen......266 Figure 8-6: Mgmt →...
  • Page 20 Access → Devices Screen With Virtual IP Figure A-17: Addresses ..............362 Example 3: IPSec Connection Configuration for Figure A-18: Access to sub1 Private Subnet and “sp1” and “sp2” Devices..............363 Boot Partitions............373 Figure B-1: AlterPath OnBoard Administrator’s Guide...
  • Page 21 Tables Document Organization ..........xxx Table P-1: Related Documentation........... xxxii Table P-2: Typographic Conventions ........xxxiii Table P-3: Other Terms and Conventions........ xxxiv Table P-4: Security Features and Where Documented ....3 Table 1-1: Supported Authentication Types ........5 Table 1-2: Tasks for Configuring Authentication......
  • Page 22 Options Under “Config” ........... 161 Table 6-1: Default Command Templates........166 Table 6-2: User Configuration Settings........170 Table 6-3: Tasks for Authentication Configuration....178 Table 6-4: Fields for Configuring an SNMP Trap Notification . 195 Table 6-5: xxii AlterPath OnBoard Administrator’s Guide...
  • Page 23 Fields for Configuring a Pager Notification....198 Table 6-6: Fields for Configuring an Email Notification ... 199 Table 6-7: Fields for Configuring Sensor Alarms ...... 202 Table 6-8: Fields for Configuring Syslog Message Sensor Table 6-9: Alarms ............... 204 Fields for Configuring a SNMP Trap Sensor Table 6-10: Alarms ...............
  • Page 24 Table A-11: Examples for Creating IPSec and PPTP VPN Table A-12: Connections for Example 2........349 Information Defining a Virtual (DNAT) Network ..358 Table A-13: Options for the create_cf command ......382 Table B-1: xxiv AlterPath OnBoard Administrator’s Guide...
  • Page 25 To Configure a Private Subnet and Optional Virtual Network—Wizard 103 To Create and Authorize a User for Device Management—Wizard ..108 Chapter 4: Web Manager “Access” Menu Options ..............111 To Access the OnBoard’s Console ............115 To Download AlterPath PM IPDU Software From Cyclades ....119...
  • Page 26 To Configure a Radius Authentication Server......... 187 To Configure an SMB Authentication Server ......... 189 To Configure a TACACS+ Authentication Server........191 To Configure an Authentication Method for OnBoard Logins ....193 To Configure SNMP Trap Notifications..........196 xxvi AlterPath OnBoard Administrator’s Guide...
  • Page 27 To Configure a Private Subnet..............254 To Configure a Virtual Network.............. 255 Chapter 8: Web Manager “Info” and “Mgmt” Menu Options ............257 To Back Up Configuration Files.............. 267 To Restore Backed-up Configuration Files ..........267 To Download OnBoard Firmware From Cyclades........269 Procedures xxvii...
  • Page 28 To Replace a Boot Image From a Network Boot in U-Boot Monitor Mode ......................379 To Restore the OnBoard Configuration Files to the Last Saved Version 380 To Restore the OnBoard Configuration Files to the Factory Defaults ..381 xxviii AlterPath OnBoard Administrator’s Guide...

  • Page 29: Before You Begin

    Audience This manual is intended for system administrators of the OnBoard. The AlterPath OnBoard Administrator’s Guide is for administrators who are authorized to configure access to service processors and other devices connected to the OnBoard during installation. (For installation details, see the AlterPath OnBoard Installation Guide.)
  • Page 30 “Settings” top menu option. Describes and provides procedures for how 6: Web Manager “Config” Menu to use the Web Manager menu options that Options are available to administrative users under the “Config” top menu option. AlterPath OnBoard Administrator’s Guide...

  • Page 31: Menu Options

    Describes and provides procedures for B: Advanced Boot and Backup configuring the boot file location and Configuration Information managing configuration file changes. Defines terms used in Cyclades product Glossary documents. Provides a way to look up terms. In the Index...

  • Page 32: Related Documents

    Related Documents The following table lists the AlterPath OnBoard documents. As indicated, the QuickStart Guide is printed, and it is also included with the other AlterPath OnBoard documents in PDF format on the Documentation CD that is shipped with the product. The documents are also at http://www.cyclades.com/docs...
  • Page 33 Documentation CD shipped with the product, and they are also available at: http://www.cyclades.com/support/downloads.php under the product’s name. Updated versions of this document will be posted at the Cyclades website when Cyclades releases new versions of the software. See “Additional Resources” on page xxxv for information about free software upgrades.
  • Page 34 Shortcuts use the → Go to Configuration → KVM → Navigation shortcuts General → IP Users in Expert symbol to indicate how to navigate to Web Manager mode. forms or OSD screens. xxxiv AlterPath OnBoard Administrator’s Guide...

  • Page 35: Additional Resources

    Additional Resources The following sections describe how to get technical support, training, and software upgrades. Cyclades Technical Support Cyclades offers free technical support. To find out how to contact the support center in your region, go to: http://www.cyclades.com/support/ technical_support.php. Cyclades Technical Training To learn about Cyclades Technical Training Center and courses offered, visit http:www.cyclades.com/training, call 1-888-292-5233, or send an email to...
  • Page 36 AlterPath OnBoard Administrator’s Guide...

  • Page 37: Chapter 1: Introduction

    The AlterPath OnBoard User’s Guide is prerequisite reading for understanding the information and procedures in this chapter and in other chapters in this administrator’s guide.
  • Page 38 Tasks for Configuring IP Addresses Page 62 Example and Demo Scripts and Application Notes Page 62 Understanding Data Buffering on the OnBoard Page 62 Understanding Firewall/Packet Filtering on the OnBoard Page 63 Understanding How Configuration Changes Are Handled Page 67 AlterPath OnBoard Administrator’s Guide...

  • Page 39: Overview Of Onboard Features For Administrators

    OnBoard” on page 4 “Types of Users” and “Types of User Authorizations assigned to users and groups to Authorizations” in AlterPath OnBoard control access to connected devices User’s Guide Security profiles and other means for “Understanding Security Profiles” on...

  • Page 40: Understanding Authentication On The Onboard

    Note: This section discusses only the types of authentication used for controlling who can access the OnBoard and connected devices. Other authentication methods that are used by SNMP, PPTP, IPSec, or PPP are described in the related sections. AlterPath OnBoard Administrator’s Guide...

  • Page 41: Table 1-2: Supported Authentication Types

    Understanding Authentication on the OnBoard The following table lists the supported authentication methods and indicates which methods are available for the OnBoard and which are available for connected devices. All authentication methods (except “Local”) require an authentication server. When a table cell is blank, the authentication method is not supported.
  • Page 42 SMB/Local Uses local authentication if SMB authentication fails. Local/SMB Uses SMB authentication if local authentication fails. Uses Terminal Access Controller Access TACACS+ Control System (TACACS+) authentication. TACACS+ Down/Local Uses local authentication if TACACS+ server is down. AlterPath OnBoard Administrator’s Guide...
  • Page 43 Understanding Authentication on the OnBoard Table 1-2: Supported Authentication Types (Sheet 3 of 3) Type Description OnBoard Device TACACS+/Local Uses local authentication if TACACS+ authentication fails. Uses TACACS+ authentication if local Local/TACACS+ authentication fails. Note: If a remote authentication method (like RADIUS) is specified without a local fallback option (like RADIUS Down/Local), when an administrative user logs in through the Web Manager or through the OnBoard console, then authentication always falls back to local authentication if the authentication...

  • Page 44: Table 1-3: Tasks For Configuring Authentication

    “Configuring Devices” on page 163 authentication method to each device. Give users the login and password information they need for being authenticated on the devices. For examples of using cycli scripts to configure device authentication, see /libexec/example_scripts. AlterPath OnBoard Administrator’s Guide...

  • Page 45: Understanding User And Group Configuration Options

    Authorize the user to perform management actions on one or more connected devices. (For an overview, see “Management Features Available to Authorized Users and Groups” in the AlterPath OnBoard User’s Guide.) • Authorize the user to perform administrative actions on the OnBoard by assigning the user to the preconfigured admin group.

  • Page 46: Parameters For Configuring Users

    • Event log actions. • Device Console See “Management Features Available to Authorized Users • Power and Groups” in the AlterPath OnBoard User’s Guide.) • Service Processor Console • Native IP PPP/PPTP access Allow the user to use PPP or PPTP or both for contacting the OnBoard.

  • Page 47: Tasks For Configuring Users And Groups

    Understanding User and Group Configuration Options In addition, administrators can do the following: • Authorize users to manage outlets on optionally-connected AlterPath PM IPDUs • Modify the menu displayed for all users at console login Tasks for Configuring Users and Groups The following table lists the most-common tasks related to user and group configuration with links to where the tasks are documented Table 1-5: Tasks for Configuring Users and Groups.

  • Page 48: Understanding Security Profiles

    Table 1-6 describes the “Moderate” security profile. Table 1-6: Moderate Security Profile Services/ Features Enabled Services/Features Disabled Services/Features HTTP HTTPS SNMP v1 ICMP SNMP v2c IPSec SNMP v3 PPTP Telnet to OnBoard SSH v1 SSH v2 AlterPath OnBoard Administrator’s Guide...

  • Page 49: Table 1-7: Secured Security Profile Services/Features

    Understanding Security Profiles Table 1-6: Moderate Security Profile Services/ Features (Continued) Enabled Services/Features Disabled Services/Features Default authentication type to access devices set to Local Table 1-6 describes the “Secured” security profile Table 1-7: Secured Security Profile Services/Features Enabled Services/Features Disabled Services/Features HTTPS HTTP SSH v2...

  • Page 50: Table 1-9: Services And Other Functions In The "Custom Security Profile

    Table 1-9 describes the services and other functionality that the administrator can select in the “Custom” security profile. Table 1-9: Services and Other Functions in the “Custom” Security Profile (Sheet 1 of 3) Option ICMP IPSec PPTP SNMP (Enables all versions of SNMP) AlterPath OnBoard Administrator’s Guide...
  • Page 51 Understanding Security Profiles Table 1-9: Services and Other Functions in the “Custom” Security Profile (Sheet 2 of 3) Option SSH Options • Allow root login using SSH • SSH v1, SSH v2 (allow or disallow) • SSH Port (Assign an alternate port to SSH) HTTP &...
  • Page 52 • LDAP/Local • Local/LDAP • Radius • Radius Down / Local • Radius/Local • Local/Radius • SMB • SMB Down / Local • SMB/Local • Local/SMB • TACACS+ • TACACS+ Down / Local • TACACS+/Local • Local/TACACS+ AlterPath OnBoard Administrator’s Guide...

  • Page 53: Understanding Services On The Onboard

    Understanding Services on the OnBoard Understanding Services on the OnBoard A network service is available on the OnBoard if one of the two following conditions are true: • The security profile enables the service. • The administrator has enabled the service through the Web Manager, or by using cycli or regular UNIX commands.
  • Page 54 • The service processor supports the command • The user is authorized to use that command for that service processor (For details about the service processor management commands, see the AlterPath OnBoard User’s Guide.) AlterPath OnBoard Administrator’s Guide...

  • Page 55: Telnet On The Onboard

    Telnet on the OnBoard Telnet on the OnBoard By default, Telnet is configured as follows: • Users cannot use Telnet to connect to the OnBoard or through the OnBoard to connected devices. • The OnBoard uses Telnet to connect to devices on behalf of authorized users.

  • Page 56: Configuring Ssh Or Bidilink Instead Of Telnet For Onboard To Device Connections

    [root@OnBoard onboard]# cp bidi_login.exp soe_login.exp b. Open the new file for editing and edit the appropriate options. For example, to use TCP without telnet commands being intercepted, you would need to uncomment and modify the line that AlterPath OnBoard Administrator’s Guide...
  • Page 57 Telnet on the OnBoard defines the bidilink PORT. The following screen example shows the line to change. # spawn bidilink tcp-client::PORT This example shows the comment (#) sign removed and changes PORT to 3301. spawn bidilink tcp-client::3301 c. When you are done editing the appropriate options, save and quit the file.
  • Page 58 The authenticity of host 'SP (127.0.0.1)' can't be established. RSA key fingerprint is 5e:35:3d:0b:e8:3d:07:13:45:45:ad:6a:6f:2c:4c:aa. Are you sure you want to continue connecting (yes/no)? b. If the fingerprint matches that of the Service Processor, answer yes. c. Enter the password when prompted. AlterPath OnBoard Administrator’s Guide...

  • Page 59: Https On The Onboard

    HTTPS on the OnBoard HTTPS on the OnBoard For HTTPS (secure HTTP based on SSL) to work, an SSL certificate must be present on the OnBoard. To reduce the risks posed by weaknesses inherent in self-signed certificates, OnBoard administrators are strongly advised to replace the automatically-generated self-signed certificate with an SSL certificate from an official certificate authority (CA).
  • Page 60 /etc/httpd/conf/ssl.crt/server.crt files are listed in /etc/ config_files so they can be automatically saved in the flash memory whenever the saveconf command is run or the administrative user saves the configuration files using the “Save” button on the Mgmt → Backup/restore screen. AlterPath OnBoard Administrator’s Guide...

  • Page 61: Dhcp On The Onboard

    DHCP server on the same subnet, it falls back to using the default IP address. For more about using DHCP and the default IP address, see the AlterPath OnBoard Installation Guide. DHCP Server A DHCP server (dhcpd) is present but disabled on the OnBoard by default.

  • Page 62: Considerations When Deciding Whether To Use Dhcp To Configure Device Addresses

    Makes the appropriate configuration changes and specifies fixed addresses for all devices in the /etc/dhcpd.conf file. • Saves the configuration file changes in the firmware using the saveconf command. • Reboots or restarts the dhcpd service manually. AlterPath OnBoard Administrator’s Guide...

  • Page 63: To Configure Dhcp For Managing Ip Addresses Of Connected Devices

    86400; max-lease-time 172800; option broadcast-address 192.168.0.255; option routers 192.168.0.10; option subnet-mask 255.255.255.0; option domain-name-servers 192.168.0.11; option domain-name “cyclades.com.au”; host MySP { hardware ethernet 00:e0:4c:ec:12:26; fixed-address 192.168.0.211; # ############################################## 5. Configure a hostname and fixed address for each device by performing the following steps.
  • Page 64 IP address for each device. 6. Make other changes as appropriate for your environment, removing the comment (#) signs at the beginning of all edited lines. 7. Save and quit the file. AlterPath OnBoard Administrator’s Guide...
  • Page 65 DHCP on the OnBoard 8. Open the /etc/dhcpd.sh file for editing. # This file defines the dhcpd service configuration ENABLE=NO # Must be "NO" or "YES" (uppercase) DNAME=dhcpd # daemon name DPATH=/usr/sbin # daemon path ShellInit= # Performs any required initialization ConfigFiles=/etc/dhcpd.conf # configuration files...

  • Page 66: Snmp On The Onboard

    • The recommended method of access for clients which support only SNMP version 1 or 2c is through a VPN tunnel to the OnBoard. The OnBoard provides the authentication and encryption lacking in those protocol versions. AlterPath OnBoard Administrator’s Guide...

  • Page 67: Table 1-13: Tasks For Configuring Snmp

    SNMP on the OnBoard Caution! The snmpd running on OnBoard allows access to proxied data using the v1 and 2c protocols without the creation of a VPN tunnel, but the lack of security inherent in these protocols means this option should be used with caution if it is used at all.

  • Page 68: Vpn On The Onboard

    VPN on the OnBoard VPN on the OnBoard As described in the AlterPath OnBoard User’s Guide, for security reasons an authorized user must establish a trusted connection with the OnBoard before accessing certain management features that are available on connected service processors.

  • Page 69: Vpn Client System Requirements And Limitations

    VPN on the OnBoard VPN Client System Requirements and Limitations The following table describes the VPN client system requirements and limitations tor different platforms and VPN services. Table 1-14: VPN Client System Requirements and Limitations Platform PPTP IPSec Windows • Windows XP •...

  • Page 70: Configuring Vpn

    Before attempting to access the “Native IP” feature on the OnBoard, the user must start the VPN connection from the user’s computer. The OnBoard listens for the connection attempt from the IP addresses specified in its connection profiles and grants the access. AlterPath OnBoard Administrator’s Guide...

  • Page 71: Ipsec Vpn Connections

    VPN on the OnBoard IPSec VPN Connections For a user to access native IP functionality on a connected service processor, the user needs to create a VPN connection to the OnBoard; launching an IPSec VPN connection requires the user to have IPSec running on the computer being used to manage OnBoard-connected devices.
  • Page 72 OnBoard. Required if shared secret is selected as the authentication method Preshared key Required if RSA public keys is selected as the authentication RSA key method. The administrator generates an RSA key for the OnBoard AlterPath OnBoard Administrator’s Guide...
  • Page 73 VPN on the OnBoard The OnBoard administrator must do the following tasks: • Make sure that the IPSec service is enabled. • Configure an IPSec VPN connection profile on the OnBoard. • Give the user a copy of the parameters used to configure the IPSec connection profile on the OnBoard.

  • Page 74: Pptp Vpn Connections

    Configure a PPTP VPN connection profile with the following information obtained from the OnBoard administrator: • PPTP server address = OnBoard public IP address (203.1.2.3) • Username = OnBoard user name • Password = PPTP password • Make the PPTP VPN connection. AlterPath OnBoard Administrator’s Guide...

  • Page 75: Message Logging (With Syslog) On The Onboard

    Message Logging (With Syslog) on the OnBoard • Enter the ifconfig or ipconfig command on the command line of the user’s workstation to discover the IP address assigned to the OnBoard’s end of the PPTP link. • Enter the OnBoard’s PPTP-assigned address either in a browser or with ssh on the command line to access the OnBoard.

  • Page 76: Syslog Servers

    Specify sensor alarms to be sent as syslog “To Begin Configuring a Sensor Alarm” messages on page 202 Specify overcurrent alerts to be sent as syslog “To Enable Overcurrent Protection for an messages AlterPath PM IPDU” on page 135 AlterPath OnBoard Administrator’s Guide...

  • Page 77: Understanding Ethernet Ports On The Onboard

    Understanding Ethernet Ports on the OnBoard Understanding Ethernet Ports on the OnBoard The OnBoard’s two public Ethernet ports are used for connecting to the public (or management) network. The managed private side of the OnBoard (which is made up of 24 or 40 private Ethernet ports) is isolated from the public side to ensure security.

  • Page 78: Tasks For Configuring Ethernet Ports

    • “Configuring Network Interfaces—Wizard” on page 91 • “To Configure OnBoard Network Interfaces—Wizard” on • Primary only page 96 • Primary and secondary • “Configuring Network Interfaces” on page 233 • Failover • “Configuring Network Interfaces” on page 233 AlterPath OnBoard Administrator’s Guide...

  • Page 79: Understanding Modem Access Through The Onboards

    External modem • “To Connect an External Modem to an AUX Port” in the AlterPath OnBoard Installation Guide • “Configuring the AUX Port for a Modem” on page 129 PCMCIA modem card • “To Install a PCMCIA Card in the Front Card Slot” in the AlterPath OnBoard Installation Guide •...

  • Page 80: Table 1-20: Modem Configuration Field And Menu Definitions

    Web Manager or the cycli utility. Table 1-20: Modem Configuration Field and Menu Definitions (Sheet 1 of 3) Field or Menu Option Options Autodetect Modem Access Type Login 300 to 460800 Baud Rate none Flow Control hard soft both AlterPath OnBoard Administrator’s Guide...
  • Page 81 Understanding Modem Access Through the OnBoards Table 1-20: Modem Configuration Field and Menu Definitions (Sheet 2 of 3) Field or Menu Option Options The modem chat string is used to configure the modem Modem Initialization when it is turned on or when the communications software calls another modem.

  • Page 82: Understanding Power Management Options On The Onboard

    OnBoard Authorized users and OnBoard administrators can power off, power on, and reboot devices in two different ways. As described in the AlterPath OnBoard User’s Guide, the OnBoard provides the following two types of power management options for administrators and authorized users: •...

  • Page 83: Service Processor Power Management

    • Connect one or more AlterPath PM IPDUs • “Connecting One or More IPDUs to the to the AUX port AUX Port” in the AlterPath OnBoard Installation Guide • Configure the AUX port for IPDU power management •...

  • Page 84: Configuring The User's Console Login Menu

    Configuring the User’s Console Login Menu Configuring the User’s Console Login Menu As described under “Using SSH with the OnBoard” in the AlterPath OnBoard User’s Guide, regular users are configured with /usr/bin/rmenush as their default login shell. All users with rmenush as their login shell see the same menu whenever they log into the OnBoard’s console.
  • Page 85 Configuring the User’s Console Login Menu Caution! If changing the default menu, the administrator needs to ensure that any added programs do not introduce security vulnerabilities. The administrator needs to know the following about the behavior of rmenush before configuring any changes to the menu: •...

  • Page 86: New Menu Item Example

    # $Id: menu.ini,v 1.1 2005/06/23 21:37:07 scott Exp $ # Default menu for restricted shells [main] Access_Servers = /bin/onbdshell Change_Password = /usr/bin/passwd Onetime_Password_Menu = opie Submenu_1 = submenu1 [opie] opiepasswd = /usr/bin/opiepasswd opiepkey = /usr/bin/opiekey Figure 1-2: Example: Onetime Password Option Added to menu.ini AlterPath OnBoard Administrator’s Guide...

  • Page 87: Understanding Routing On The Onboard

    Understanding Routing on the OnBoard To Modify the Menu Displayed for Users at Console Login Caution! If adding programs to the menu, take care the commands do not allow the user to break out of the programs they call. 1. Open a console session and log into the OnBoard as root. 2.

  • Page 88: Tasks For Configuring Routes

    Web Manager or the utility. The alarms may be triggered cycli by the either of the following: • System daemons (such as messages from the cron daemon, crond) • Out of range sensor readings from sensors on service processors AlterPath OnBoard Administrator’s Guide...

  • Page 89: Understanding Device Configuration

    Understanding Device Configuration When system events are the triggers, notifications can be sent to an OnBoard administrator by one of the following methods: • SNMP trap • Pager • Email The OnBoard administrator can configure periodic checks of sensor readings from service processors.
  • Page 90 The service processors’ (SPs) dedicated Ethernet ports are connected to the OnBoard’s private Ethernet ports. • The servers’ Ethernet ports are connected to the production network. • The OnBoard’s primary Ethernet port (eth0) is connected to a management LAN and to the Internet. AlterPath OnBoard Administrator’s Guide...

  • Page 91: Preparing An Addressing Scheme

    SP Ethernet port eth0 (Primary Ethernet port) Private network AlterPath OnBoard Figure 1-3: Recommended Device Configuration Preparing an Addressing Scheme Before configuring any connected devices, the OnBoard administrator must plan and implement an IP addressing scheme that reflects the needs of the organization.
  • Page 92 IP address. The OnBoard’s private IP address or addresses are used by the following: • By devices when talking to the private Ethernet ports of the OnBoard • By users who make PPTP or IPSec VPN connections to enable native IP access AlterPath OnBoard Administrator’s Guide...

  • Page 93: Figure 1-4: Ip Addressing Example

    SP IP: 192.168.49.60 OnBoard side IP: OnBoard public IP: 203.1.2.3 192.168.49.254 AlterPath OnBoard Figure 1-4: IP Addressing Example See “Understanding Address Configuration for Connected Devices” on page 336 for the details needed for planning and implementing IP addresses. The referenced section describes the following topics that the administrator needs to understand: •...

  • Page 94: Parameters For Configuring Devices

    See the AlterPath OnBoard User’s Guide for the syntax for using ssh with a device’s name to perform device management functions on the server or other device.
  • Page 95 Understanding Device Configuration Table 1-24: Device Configuration Parameters (Continued) Parameter Description Command template A template that contains text commands that manage (where required for the communications between the user and the connected device and selected device type) performs device management actions. See “Command Templates”...
  • Page 96 OnBoard is at another level, or if the service processor is not listed in the release notes, the administrator needs to follow the instructions in Appendix A to configure support for the device AlterPath OnBoard Administrator’s Guide...

  • Page 97: Understanding Private Subnets On The Onboard

    Understanding Private Subnets on the OnBoard Understanding Private Subnets on the OnBoard Connected devices should be isolated (as recommended under “Understanding Device Configuration” on page 53) on a management network that is separate from the production network and from the public network.

  • Page 98: Tasks For Configuring Ip Addresses

    Application notes in /usr/share/docs/OnBoard/ Application_Notes with future updates to be posted at http:// www.cyclades.com/support/downloads.php under the product name “AlterPath OnBoard.” Understanding Data Buffering on the OnBoard Administrators can set up storage of data from device console sessions either in local files on the OnBoard’s resident flash memory, on the hard disk of an external server, or on a PCMCIA flash memory card.

  • Page 99: Understanding Firewall/Packet Filtering On The Onboard

    The administrator can configure data buffering and log file storage only by using the cycli utility. See the release notes for how to configure data buffering. You can download the release notes by going to http:// www.cyclades.com/downloads.php and searching for the product name “AlterPath OnBoard.” Understanding Firewall/Packet Filtering on the...

  • Page 100: Chains

    IP header, input and output interfaces, and protocol. • What to do when the packet characteristics match the rule The packet is handled according to the specified action (called a “Rule Target,” “Target Action” or “Policy”). AlterPath OnBoard Administrator’s Guide...

  • Page 101: Add Rule And Edit Rule Options

    Understanding Firewall/Packet Filtering on the OnBoard When a packet is filtered, its characteristics are compared against the rules one-by-one. All characteristics must match. Add Rule and Edit Rule Options When you add or edit a rule you can define any of the options described in the following table.

  • Page 102: Tasks For Administering Packet Filtering

    Add a new rule, edit or delete a customer- “Configuring Firewall Rules for OnBoard added rule Packet Filtering” on page 239 “To Add a New Packet Filtering (Firewall) Rule” on page 241 “To Edit an Administrator-added Packet Filtering (Firewall) Rule” on page 241 AlterPath OnBoard Administrator’s Guide...

  • Page 103: Understanding How Configuration Changes Are Handled

    Understanding How Configuration Changes Are Handled The OnBoard handles changes to configuration files and backups of configuration file changes differently from how other Cyclades AlterPath products handle them. The following bulleted items give an overview of how the OnBoard handles configuration changes: •...

  • Page 104: Saving Configuration Changes

    Table 1-28: Options for Saving Configuration File Changes Environment Action Web Manager While logged in as an administrative user, go to the Mgmt → Backup/restore screen and click the “Save” button. OnBoard Linux command line Enter the saveconf command AlterPath OnBoard Administrator’s Guide...

  • Page 105: Restoring Backed Up Configuration Files

    Understanding How Configuration Changes Are Handled Restoring Backed Up Configuration Files The administrator can restore backed-up changes to configuration files that have been stored in the configuration_files.gz file by performing the actions shown in the following table. Table 1-29: Options for Saving Configuration File Changes Environment Action Web Manager...

  • Page 106: Configuring Files To Be Backed Up And Restored

    /etc [root@OnBoard /] cd /etc Open the file for editing. config_files [root@OnBoard /] vi config_files Add the pathname of the new file to the list. /etc/ypbind.conf /etc/yp.conf /etc/localtime /etc/timezone /pathname/to/new/file Save and quit the file. AlterPath OnBoard Administrator’s Guide...

  • Page 107: Task For Restoring Configuration Files

    Understanding How Configuration Changes Are Handled Task for Restoring Configuration Files The following table provides links to where the tasks and options for restoring configuration files are described. To Restore the OnBoard Configuration Files to the Last Saved Version Page 380 To Restore the OnBoard Configuration Files to the Factory Defaults Page 381 Options for the create_cf Command...
  • Page 108 Understanding How Configuration Changes Are Handled AlterPath OnBoard Administrator’s Guide...

  • Page 109: Chapter 2: Web Manager Introduction

    Chapter 2 Web Manager Introduction This chapter provides an overview of the Web Manager features for the administrative user. The information is provided in the following sections. Logging Into the Web Manager Page 74 Features of Administrator’s Screens Page 77 Overview of Web Manager Menus Page 79 This chapter provides the procedures listed in the following table.

  • Page 110: Logging Into The Web Manager

    An optionally-added regular user whose account is in the “admin” group For more details about the differences between user types, see “Types of Users” in the AlterPath OnBoard User’s Guide. OnBoard administrative users, like regular users, can access the Web Manager from a browser using HTTP or HTTPS either over the Internet or through a dial-in or callback PPP connection.

  • Page 111: To Log Into The Web Manager

    A dialup connection over a phone line 1. Enter the IP address of the OnBoard in a supported browser. Refer to the AlterPath OnBoard User’s Guide for a list of supported browsers, if needed. The Web Manager login screen appears.

  • Page 112: To Disable Web Manager Timeouts

    4. Change the timeout value to the desired number of seconds. 5. Save and quit the file. 6. Either restart the OnBoard or enter killall cacpd on the command line, as shown in the following screen example. [root@onboard etc/cacpd]# killall cacpd AlterPath OnBoard Administrator’s Guide...

  • Page 113: Features Of Administrator's Screens

    Features of Administrator’s Screens Features of Administrator’s Screens The following figure shows features of the Web Manager that appear when an administrative user logs in. Mgmt tab Info tab Network tab Config tab Settings tab Access tab Wizard button Validate changes button Save and apply changes button Cancel changes button Help button...

  • Page 114: Table 2-1: Buttons That Display Only For Administrative Users

    The grayed out options and buttons become active only after the administrative user clicks either the “OK” or “Cancel” button. The administrative user may need to click other types of buttons to exit other types of dialogs. AlterPath OnBoard Administrator’s Guide...

  • Page 115: Overview Of Web Manager Menus

    Overview of Web Manager Menus Figure 2-3: Example Dialog: Devices Configuration—in Wizard Mode Overview of Web Manager Menus The following figure shows all the top and left menu options available to the administrative user. Access Settings Network Info Mgmt Config —...
  • Page 116 Overview of Web Manager Menus AlterPath OnBoard Administrator’s Guide...

  • Page 117: Chapter 3: Web Manager Wizard

    Chapter 3 Web Manager Wizard This chapter describes how an administrative user can use the Wizard to perform basic configuration. For an overview of all the Web Manager features and menu options that are available for administrative users, see Chapter 2, “Web Manager Introduction,”...

  • Page 118: Using The Wizard

    “Previous” and “Next” buttons brings up the previous and next screens in the series. If the administrative user clicks the “Cancel Wizard” button after making changes but before saving the changes, a dialog appears as shown in Figure 3- AlterPath OnBoard Administrator’s Guide...

  • Page 119: Figure 3-2: "Cancel Wizard" Button Dialog

    Using the Wizard Figure 3-2: “Cancel Wizard” Button Dialog The dialog shown in Figure 3-2 offers the following choices: • Press the “Cancel” button to return to the Wizard, where the administrative user can click the “Save and apply changes” button to save the changes before cancelling the Wizard again.

  • Page 120: Changing The Administrative User's Password—Wizard

    “Configuring Regular Users —Wizard” on page 107 Changing the Administrative User’s Password— Wizard Figure 3-4 shows the screen that appears when the “Administrator password” option is selected from the Wizard menu. Figure 3-4: Wizard “Configure Administrator Password” Screen AlterPath OnBoard Administrator’s Guide...

  • Page 121: Selecting A Security Profile—Wizard

    Selecting a Security Profile—Wizard Caution! If the default password “cyclades” is still in effect, changing the password now is essential to reduce the risk of intrusion. Leaving the password unchanged leaves a security breach that makes all connected equipment vulnerable.
  • Page 122 OnBoard. See “Understanding Security Profiles” on page 12 for important background information. The Moderate profile is the default option selected on the “Security level” menu. The features in the “Moderate” security profile are described in Table 1-6, “Moderate Security Profile Services/ Features,” on page 12. AlterPath OnBoard Administrator’s Guide...

  • Page 123: Figure 3-7: Security Profile Confirmation Screen

    Selecting a Security Profile—Wizard After the administrative user chooses a preconfigured security profile or creates a custom profile and clicks “OK,” the red “Unsaved changes” button blinks, and the Security Profile screen reappears showing the newly-selected security profile’s name. The following figure illustrates the screen after the security profile’s name is changed to “secured,”...

  • Page 124: Secured

    HTTPS when bringing up the Web Manager, because HTTP is disabled by the secured security profile. The features in the “Secured” security profile are described in Table 1-7, “Secured Security Profile Services/Features,” on page 13. AlterPath OnBoard Administrator’s Guide...

  • Page 125: Open

    Selecting a Security Profile—Wizard Open The following figure shows the lists of enabled and disabled features in the dialog for the “Open” security profile. Figure 3-9: Open Security Profile Dialog The features in the “Open” security profile are described in Table 1-8, “Open Security Profile Services/Features,”...

  • Page 126: Custom

    The administrative user can change the authentication type for each individual device while configuring it. AlterPath OnBoard Administrator’s Guide...

  • Page 127: Configuring Network Interfaces—Wizard

    Configuring Network Interfaces—Wizard To Select or Configure a Security Profile— Wizard 1. Log into the Web Manager as an administrative user. See “To Log Into the Web Manager” on page 75, if needed. 2. Click the “Wizard” button. Click the “Security profile” option in the left menu bar. 3.

  • Page 128: Table 3-2: Network Interfaces Configuration Values

    Clicking the “Next” button on the “Network Interfaces” screen brings up one of two screens, depending on whether failover is enabled or disabled. See “Configuring Failover” on page 94 and “Configuring Primary and Secondary Ethernet Ports” on page 94. AlterPath OnBoard Administrator’s Guide...

  • Page 129: Configuring Routes

    Configuring Network Interfaces—Wizard Table 3-3 describes the parameters that can be set on the failover configuration screen, and on the primary and secondary Ethernet configuration screens. Table 3-3: Ethernet Port Settings Settings Notes DHCP DHCP is enabled by default on the OnBoard’s interfaces.

  • Page 130: Configuring Failover

    Ethernet ports. The screen for configuring the secondary Ethernet port is identical to the screen for the primary Ethernet port except for the screen’s heading. The screen for configuring the primary Ethernet port is AlterPath OnBoard Administrator’s Guide...

  • Page 131: Figure 3-13: "Configure Primary Ethernet Connection" Screen

    Configuring Network Interfaces—Wizard shown in the following figure as it appears when the “Enable” checkbox is not checked. Figure 3-13:“Configure Primary Ethernet Connection” Screen Figure 3-14 shows the screen for configuring the primary Ethernet port as it appears when both the “Enable” and “DHCP” checkboxes are checked. Figure 3-14:“Configure Primary Ethernet Connection:”...

  • Page 132: Figure 3-15: "Configure Primary Ethernet Connection" Screen Static Ip

    5. Enter or modify the IP address for a primary DNS server into the “Primary DNS” field. 6. Enter or modify the IP address for a secondary DNS server in the “Secondary DNS” field. 7. Enable or disable failover by selecting the desired option from the “Failover” pull-down menu. AlterPath OnBoard Administrator’s Guide...
  • Page 133 Configuring Network Interfaces—Wizard 8. Click the “Next” button. • If failover is disabled, clicking the “Next” button brings up the first of two screens for configuring the primary and secondary Ethernet ports. Note: Connecting the secondary Ethernet port to a separate network and assigning a separate IP address is optional, so you can skip the screen for configuring the secondary Ethernet port, if desired.

  • Page 134: Configuring Private Subnets And Virtual Addresses—Wizard

    Private Subnets on the OnBoard” on page 61 for an introduction to the information needed for understanding what private subnet(s) you need to configure and what values to enter in the fields shown in Figure 3-17. See also Appendix , ‘Advanced Device Configuration” on page 309. AlterPath OnBoard Administrator’s Guide...

  • Page 135: Configuring Private Subnets

    Configuring Private Subnets and Virtual Addresses—Wizard On this screen, the administrative user can also configure a virtual network based on Destination Network Address Translation (DNAT). See the following sections for more details: • “Configuring Private Subnets” on page 99 • “Configuring a Virtual Network”...

  • Page 136: Figure 3-18: Network → Private Subnets: Add Subnet Dialog

    The example in Figure 3-18 shows a private subnet name of “net1,” an OnBoard side IP address of 192.168.0.254, and a subnet netmask of 255.255.255.0. The private subnet address derived from this configuration is 192.168.0.0. Figure 3-18:Network → Private Subnets: Add Subnet Dialog AlterPath OnBoard Administrator’s Guide...

  • Page 137: To Add A Private Subnet—Wizard

    Configuring Private Subnets and Virtual Addresses—Wizard Since the broadcast address in the example is 192.168.0.255 (by convention) and the OnBoard’s address is 192.168.0.254, the administrator can assign an IP address out of the remaining available IP addresses between 192.168.0.1 and 192.168.0.253 when configuring a connected device. Multiple private subnets may be needed if IP addresses are already assigned to connected devices’...

  • Page 138: Configuring A Virtual Network

    IP addresses Figure 3-16 shows the fields for configuring a virtual network with DNAT, which appear on the “Configure Subnets” Wizard screen. Figure 3-19:“Configure Subnets” Screen: Virtual Network (DNAT) Configuration AlterPath OnBoard Administrator’s Guide...

  • Page 139: Table 3-5: Fields On The Private Subnet Virtual Network Configuration Dialog

    Configuring Private Subnets and Virtual Addresses—Wizard The following table defines the information that must be supplied in the fields that define a virtual network: Table 3-5: Fields on the Private Subnet Virtual Network Configuration Dialog Field Description Address IP address to assign to the OnBoard from the virtual network. For example, if the virtual IP address of the network is 10.0.0.0, 10.0.0.254 would a valid IP address for the OnBoard that could be entered here.

  • Page 140: Configuring Devices—Wizard

    Clicking the “Add new device” button brings up the dialog shown in the following figure, which can be used to configure a new or previously-added device. The screen that appears when “Edit” is selected for a device has the same fields as the “Add new device” screen. AlterPath OnBoard Administrator’s Guide...

  • Page 141: Device Types

    Configuring Devices—Wizard Figure 3-21:“Add New Device” Dialog—Wizard Caution! All devices connected to the private Ethernet ports of the OnBoard must have a previously-configured private subnet name assigned. The Caution at the top of the dialog shown in Figure 3-21 is a reminder that if the default route is assigned, the device could only be accessed if it is connected to the public interface of the OnBoard, a highly unlikely scenario and not recommended.

  • Page 142: Command Templates

    RSA II type devices that support only power commands through rsa.limited.default their command line interface. • IPMI type devices. no template • Any type device for which only Native IP access is being configured. Also see “Command Templates” on page 321. AlterPath OnBoard Administrator’s Guide...

  • Page 143: Configuring Regular Users —Wizard

    Configuring Regular Users —Wizard Configuring Regular Users —Wizard Figure 3-16 shows the screen that appears when the “Add a regular user” option is selected from the Wizard menu. Figure 3-22:“Add a Regular User” Screen—Wizard Caution! The Caution at the top of the screen shown in Figure 3-22 is a reminder that the user added using this dialog and adding device management actions for the user gives the user the same device management authorizations on all configured devices.

  • Page 144: To Create And Authorize A User For Device Management—Wizard

    4. Enter a name in the “Username” field. 5. Enter identifying (GECOS-type) information in the “Full name” field. 6. Enter a password in the “Password” field. 7. Enter the password again in the “Retype password” field. AlterPath OnBoard Administrator’s Guide...
  • Page 145 Configuring Regular Users —Wizard 8. To authorize the user for device management actions on all configured devices, check or leave unchecked the checkboxes next to the name of every allowed action. 9. Select one of the options from the PPP/PPTP access menu. With any option other than “None”...
  • Page 146 Configuring Regular Users —Wizard AlterPath OnBoard Administrator’s Guide...

  • Page 147: Options

    Viewing IPDU Status and Managing IPDUs Page 116 Upgrading AlterPath PM IPDU Software Page 117 This chapter provides the procedures listed in the following table. To Download AlterPath PM IPDU Software From Cyclades Page 119 To Upgrade Software on a Connected IPDU Page 122...

  • Page 148: Access" Options Only For Administrative Users

    IPDU option. See the AlterPath OnBoard User’s Guide for information about the following options available to all types of users, which appear for the administrative user under “Access”:...

  • Page 149: Accessing The Onboard Console

    Accessing the OnBoard Console For the tasks only the administrative user can do under “Access,” see the following sections: • “Accessing the OnBoard Console” on page 113 • “Viewing IPDU Status and Managing IPDUs” on page 116 • “Upgrading AlterPath PM IPDU Software” on page 117 Accessing the OnBoard Console When an administrative user clicks the “OnBoard”...

  • Page 150: Figure 4-3: Onboard Console Login Dialog

    After an administrative user enters the correct password and is authenticated, then the administrative user can access the cycli utility to perform command line configuration, run the onbdshell utility to access devices, and run other commands that do not require root to succeed. AlterPath OnBoard Administrator’s Guide...

  • Page 151: To Access The Onboard's Console

    Accessing the OnBoard Console To Access the OnBoard’s Console 1. Bring up the Web Manager and log in as an administrative user. 2. Go to Access → OnBoard. • If this is the first time you accessed the console, MindTerm prompts you to ask if the IP address of the OnBoard should be saved as an alias in your home directory on your workstation.

  • Page 152: Viewing Ipdu Status And Managing Ipdus

    • “Managing IPDU Power” • “Viewing IPDU Information” For how administrative users can use the Outlets Manager tab to upgrade software on any connected AlterPath PM IPDUs, see “Upgrading AlterPath PM IPDU Software” on page 117. AlterPath OnBoard Administrator’s Guide...

  • Page 153: Upgrading Alterpath Pm Ipdu Software

    Upgrading AlterPath PM IPDU Software Upgrading AlterPath PM IPDU Software The following figure shows the screen layout that appears when an administrative user clicks the Software Upgrade tab under Access → IPDU. Figure 4-6: IPDU “Software Upgrade” Screen The table in the screen shown in Figure 4-6 displays information about a directly-connected AlterPath PM IPDU, which is called the “Master Unit,”...

  • Page 154: Figure 4-7: Upgrade Button On The Ipdu "Software Upgrade Screen

    Figure 4-8: IPDU Software Upgrade Dialog Pressing OK on the dialog shown in Figure 4-8 brings up the “Software Upgrade” screen, which displays the new software version for the selected IPDU. AlterPath OnBoard Administrator’s Guide...

  • Page 155: Figure 4-9: Ipdu "Software Upgrade" Screen With Upgraded Software

    To Download AlterPath PM IPDU Software From Cyclades An administrative user can use this procedure to download AlterPath PM software from the Cyclades ftp server. Note: Updated versions of related documents can also be found on the Cyclades website under Support Downloads/Documentation.
  • Page 156 2. Change to the /tmp directory into which the software needs to be downloaded. [admin@OnBoard admin]# cd /tmp 3. Enter the ftp command to access ftp.cyclades.com. [admin@OnBoard tmp]# ftp ftp.cyclades.com Connected to ftp.cyclades.com (64.186.161.16). 220 "Welcome to Cyclades FTP service."...
  • Page 157 As shown in the previous screen example, the directories are named for the software release numbers. The latest version in the example is V_1.8.0. If the latest version at the Cyclades site is more recent that the version installed on the IPDU, continue with this procedure to download the latest version.

  • Page 158: To Upgrade Software On A Connected Ipdu

    A more-recent version of the AlterPath PM software than the one shown on the “Software Upgrade” form on the OnBoard must be available from Cyclades, Corp. • The more-recent version of the AlterPath PM software has been downloaded and copied into the OnBoard’s /tmp directory with the AlterPath OnBoard Administrator’s Guide...
  • Page 159 Upgrading AlterPath PM IPDU Software filename pmfirmware. For the procedure, see “To Download AlterPath PM IPDU Software From Cyclades” on page 119. 1. Bring up the Web Manager and log in as an administrative user. 2. Go to Access → IPDU → Software Upgrade.
  • Page 160 Upgrading AlterPath PM IPDU Software AlterPath OnBoard Administrator’s Guide...

  • Page 161: Chapter 5: Web Manager "Settings" Menu Options

    Chapter 5 Web Manager “Settings” Menu Options This chapter describes the menu options available to administrative users under the “Settings” top menu option. For an overview of the Web Manager features that are available only for administrative users and for how to use the configuration wizard, see Chapter 2, “Web Manager Introduction,”...

  • Page 162: Options Under "Settings

    “Settings” and provides links to where the options are described. Table 5-1: Options Under Settings Option Where Described AUX port “Configuring the AUX Port for Modem or Power Management” on page 127. IPDU “Configuring IPDU Power Management” on page 132 AlterPath OnBoard Administrator’s Guide...

  • Page 163: Configuring The Aux Port For Modem Or Power Management

    AUX port: • One or more AlterPath PM IPDUs • An external modem For how to connect IPDUs and external modems, see the “Advanced Procedures” chapter in the AlterPath OnBoard Installation Guide. Web Manager "Settings" Menu Options...

  • Page 164: Configuring The Aux Port For Ipdu Power Management

    2. Go to Settings → AUX Port. 3. Make sure the “Power Management” option is selected from the “Profile” menu. 4. Optional: Enter a name for the connected AlterPath PM IPDU in the “Name” field. 5. Click “Save and apply changes.” AlterPath OnBoard Administrator’s Guide...

  • Page 165: Configuring The Aux Port For A Modem

    Configuring the AUX Port for Modem or Power Management Configuring the AUX Port for a Modem The following figure shows the screen that appears when the administrative user selects the Modem option from the “Profile” menu on the Settings → AUX port screen.

  • Page 166: Figure 5-5: Settings → Aux Port → Modem

    Figure 5-6: Callback Number Field Under Settings → AUX Port → Modem When the “Login” option is selected from the “Modem Access” pull-down menu, the fields shown in the following figure appear. AlterPath OnBoard Administrator’s Guide...

  • Page 167: Figure 5-7: Settings → Aux Port → Modem

    Configuring the AUX Port for Modem or Power Management Figure 5-7: Settings → AUX Port → Modem To Configure an AUX Port for Modem Access This procedure assumes that an external modem is connected to the AUX port of the OnBoard. The values to select or to enter for modem configuration are described in Table 1-20 on page 44.

  • Page 168: Configuring Ipdu Power Management

    IPDU(s). Selecting Settings → IPDU without first configuring the AUX port for power management displays the message shown in the following figure. Figure 5-9: Settings → IPDU Screen Without AUX Port Configuration AlterPath OnBoard Administrator’s Guide...

  • Page 169: Configuring Over Current Protection For An Ipdu

    Configuring IPDU Power Management Note: The first IPDU connected to the AUX port is called the Master Unit. An additional IPDU that is daisy-chained to the first IPDU is called a “Slave Unit.” The following table lists the tabs on the Settings → IPDU screen with links to the sections where they are described.

  • Page 170: Figure 5-11: Settings Ipdu General Screen

    Figure 5-11: Settings IPDU General Screen Clicking the Edit button in the entry for an IPDU brings up the screen shown in the following screen example. Figure 5-12:Edit Alarm Threshold for IPDU Dialog AlterPath OnBoard Administrator’s Guide...

  • Page 171: Ipdu

    Configuring IPDU Power Management The appropriate value to enter in the “Alarm Threshold” field varies from one AlterPath PM to the other. The value can be entered either as a number or as a number with a decimal point, for example, 10 amps or 14.5 amps. To Enable Overcurrent Protection for an AlterPath PM IPDU 1.

  • Page 172: Figure 5-13: Settings → Ipdu → Users Screen

    Users Manager form along with the numbers of the outlets the user is authorized to manage, as shown in the following figure. Figure 5-15:Settings → IPDU → Users With a User Added AlterPath OnBoard Administrator’s Guide...

  • Page 173: Configuring Names And Power Up Intervals For Outlets On A Connected Ipdu

    Configuring IPDU Power Management To Configure a User to Manage Power Outlets on a Connected IPDU This procedure assumes the following prerequisites: • An AlterPath PM IPDU is connected to the AUX port of the OnBoard. • The AUX port is configured for power management (as described in “To Configure an AUX Port for IPDU Power Management”...

  • Page 174: Figure 5-16: Settings → Ipdu → Outlets Screen

    2. Go to Settings → IPDU → Outlets. 3. To assign or change an outlet name, do the following steps. a. Click the “Edit” button in the outlet’s Name column. The outlet name dialog box appears. AlterPath OnBoard Administrator’s Guide...

  • Page 175: Configuring Pcmcia Cards

    Configuring PCMCIA Cards b. Enter a name in the “Outlet N name” field. c. Click OK. 4. To assign or change an outlet’s power-up interval, do the following steps. a. Click the “Edit” button in the outlet’s Interval column. The outlet power up interval dialog box appears. b.

  • Page 176: Inserting A Pcmcia Card

    Configuring PCMCIA Cards See the AlterPath OnBoard Installation Guide for a list of supported cards. Also check the release notes at the Cyclades website for additions to the list of supported cards. As shown in Figure 5-19, three buttons appear under the Action column in the PCMCIA table.

  • Page 177: Ejecting A Pcmcia Card

    Configuring PCMCIA Cards Figure 5-21:Example: PCMCIA Ethernet Card inserted in Slot 1 Ejecting a PCMCIA Card Clicking an “Eject” button brings up a screen like the one shown in the following figure. Figure 5-22:Eject PCMCIA Dialog Clicking OK ejects the card in preparation for physical ejection. Web Manager "Settings"...

  • Page 178: Configuring A Pcmcia Card

    PCMCIA card. 4. Insert a PCMCIA card into one of the slots on the front of the OnBoard. See the “Advanced Procedures” chapter in the AlterPath OnBoard Installation Guide for guidance about the order of insertion and other hardware-specific instructions, if needed.

  • Page 179: Configuring A Modem Pcmcia Card

    Configuring PCMCIA Cards Configuring a Compact Flash PCMCIA Card Page 148 To Configure a Compact Flash PCMCIA Card Page 149 Configuring a Modem PCMCIA Card When a modem card is inserted into the selected slot, clicking the “Configure” button on the Settings → PCMCIA screen brings up a dialog like the one shown in the following figure.

  • Page 180: Figure 5-24: Settings → Pcmcia → Configure Modem Callback

    If “Login” is selected from the “Modem Access Type” pull-down menu, the following fields and checkbox appear. Figure 5-25:Settings → PCMCIA → Configure Modem → Login If “PPP” is selected from the “Modem Access Type” pull-down menu, the following fields and checkboxes appear. AlterPath OnBoard Administrator’s Guide...

  • Page 181: Figure 5-26: Settings → Pcmcia → Configure Modem Ppp

    Configuring PCMCIA Cards Figure 5-26:Settings → PCMCIA → Configure Modem → PPP To Configure a Modem PCMCIA Card This procedure assumes that a PCMCIA modem card is inserted into a slot on the OnBoard and the steps under “To Begin Configuring a PCMCIA Card” on page 142 are complete.

  • Page 182: Configuring An Ethernet Pcmcia Card

    Configuring an Ethernet PCMCIA Card Clicking the “Configure” button on the Settings → PCMCIA screen brings up the dialog shown in the following figure when an Ethernet card is inserted in the selected slot and the DHCP checkbox is checked. AlterPath OnBoard Administrator’s Guide...

  • Page 183: Figure 5-27: Settings → Pcmcia → Configure Ethernet Dialog

    Configuring PCMCIA Cards Figure 5-27:Settings → PCMCIA → Configure Ethernet Dialog As shown in Figure 5-28, the dialog for configuring an Ethernet card displays additional fields for specifying the IP address, network mask, and gateway when the DHCP checkbox is not checked. Figure 5-28:Settings →...

  • Page 184: Configuring A Compact Flash Pcmcia Card

    Figure 5-30 shows the “Mount Compact Flash Card” checkbox unchecked Figure 5-29:Settings → PCMCIA → Configure Compact Flash Dialog: Mount Option Unchecked Figure 5-30 shows the “Mount Compact Flash Card” checkbox checked, and the “Auto” option selected from the “File System” pull-down menu. AlterPath OnBoard Administrator’s Guide...

  • Page 185: Figure 5-30: Settings → Pcmcia → Configure Compact Flash Dialog

    Configuring PCMCIA Cards Figure 5-30:Settings → PCMCIA → Configure Compact Flash Dialog The three options on the “File System” pull-down menu are listed here: • Auto • Vfat • Ext2 To Configure a Compact Flash PCMCIA Card This procedure assumes that a compact flash card is inserted into a PCMCIA slot on the OnBoard and the steps under “To Begin Configuring a PCMCIA Card”...

  • Page 186: Configuring System Date And Time

    The “Network Time Protocol” pull-down menu provides two options: • Disable • Enable, The “Timezone” pull-down menu lists world timezones based on GMT, as shown in the following figure. Figure 5-32:Settings → Date/time Screen: Timezone Pull-down AlterPath OnBoard Administrator’s Guide...

  • Page 187: Figure 5-33: Settings → Date/Time Screen With Ntp Fields

    Configuring System Date and Time When Enable is selected from the “Network Time Protocol” pull-down menu, the “NTP server IP” field appears. An administrative user needs to specify the IP address of an NTP server in the NTP server field, as shown in Figure 5-33. Figure 5-33:Settings →...

  • Page 188: Configuring The Boot File Location

    TFTP boot server on the network along with one or two boot images that reside on the OnBoard. Two options appear (“Network” and “Image1”), as shown in the following figure, if only one boot image is found on the OnBoard. AlterPath OnBoard Administrator’s Guide...

  • Page 189: Local Boot Options

    “Image1.” • The first time a new software version is downloaded and installed from Cyclades, the new image is stored as “Image2” in the flash memory and the configuration is changed so the OnBoard boots from “image 2.” • The second time a new software version is downloaded and installed, the latest image is stored as “Image 1,”...

  • Page 190: Network Boot Options

    A TFTP server must be available to the OnBoard on the network. • An upgraded OnBoard boot image file must be downloaded from Cyclades and must be available on the boot server. • The OnBoard must have a fixed IP address and you must know the address.

  • Page 191: Boot Fields And Menu Options

    Configuring the Boot File Location Boot Fields and Menu Options The fields and menu options for boot configuration are described in the following table. Table 5-4: Boot Configuration Fields and Options Field or Value Name Description A new IP address for the OnBoard. OnBoard IP address Whether the watchdog timer is active.

  • Page 192: Configuring An Alternate Help File Location

    Figure 5-37:Settings → Help Screen The Help button on the Web Manager looks for its help files in the location specified here. By default, the OnBoard help is located at the Cyclades web site at the specified URL: www.cyclades.com/online-help/onb/ v_1.0.0.

  • Page 193: To Specify A New Location For Onboard Help Files

    To Specify a New Location for OnBoard Help Files 1. Download the help files from www.cyclades.com/online-help/ onb/v_1.0.0 and install them on a publicly accessible web server. 2. Log into the Web Manager as admin, and go to Settings → Help.
  • Page 194 Configuring an Alternate Help File Location AlterPath OnBoard Administrator’s Guide...

  • Page 195: Options

    Chapter 6 Web Manager “Config” Menu Options This chapter describes the menu options available to administrative users under the “Config” top menu option. For an overview of all the Web Manager features and menu options that are available for administrative users, see Chapter 2, “Web Manager Introduction,”...
  • Page 196 To Configure SNMP for a Device Page 217 To Configure the Syslog Destination and Message Filtering Page 221 To Configure Event Logging for Connected Service Processors Page 223 To Select the OnBoard’s Security Profile Page 229 To Configure Services Page 230 AlterPath OnBoard Administrator’s Guide...

  • Page 197: Options Under "Config

    Options Under “Config” Options Under “Config” When an administrative user clicks the “Config” option in the top menu of the Web Manager, ten options appear in the left menu, as shown in the following figure. Figure 6-1: “Config” Menu Options The following table lists the options that appear when an administrative user clicks “Config”...
  • Page 198 Syslog “Configuring SNMP” on page 209 Event log backend “Configuring the Event Log Backend” on page 222 Security profile “Selecting or Configuring a Security Profile” on page 224 Services “Configuring the OnBoard’s Services” on page 229 AlterPath OnBoard Administrator’s Guide...

  • Page 199: Configuring Devices

    Configuring Devices Configuring Devices When an administrative user goes to Config → Devices, a screen appears like the one shown in the following figure. As shown, entries appear for any configured devices, and “Edit” and Delete” buttons appear next to each device’s entry.

  • Page 200: Figure 6-3: Fields In The "Add New Device" Or "Edit" Dialog

    Alphabetical sorting is not available through the Web Manager. An OnBoard administrator can configure the Web Manager to display device lists in alphabetical order using the cycli utility. See “To Sort the Device List Alphabetically” on page 168. AlterPath OnBoard Administrator’s Guide...

  • Page 201: Assigning A Device Type And Command Template

    Configuring Devices Assigning a Device Type and Command Template During configuration, each device must be assigned a device type and most devices must be assigned a command template. The OnBoard administrator should not assign a command template when the device is either of the following two types of devices: •...

  • Page 202: Table 6-2: Default Command Templates

    You know the username and password pair that are used for logging into the service processor or device. 1. Log into the Web Manager as an administrative user. 2. Go to Config → Devices. 3. Click the “Add new device” button. AlterPath OnBoard Administrator’s Guide...
  • Page 203 Configuring Devices 4. Enter a descriptive name for service processor or other type of connected device in the “Name” field. 5. Enter the username and password pair used for logging into the device in the “Login” and “Password” fields and retype the password in the “Retype password”...

  • Page 204: To Sort The Device List Alphabetically

    4. Save the changes. cli> commit 5. Exit from the cycli utility. cli> quit 6. Log out and bring up the Web Manager Config → Devices screen. The devices now display sorted alphabetically by name. AlterPath OnBoard Administrator’s Guide...

  • Page 205: Configuring Users And Groups

    Configuring Users and Groups Configuring Users and Groups When an administrative user goes to Config → Users and groups, a screen like the one shown in the following figure appears. Figure 6-4: Config → Users and Groups Screen The administrative user can use the “Config → Users and groups” screen for adding and configuring users and groups who can access devices through the OnBoard.

  • Page 206: Configuring Users

    Selecting the radio button next to • Normal User “Administrator” adds the user to the “admin” group, which makes the user an administrative user who can perform OnBoard configuration. Password Password used for accessing the OnBoard. Retype Password As stated. AlterPath OnBoard Administrator’s Guide...

  • Page 207: Figure 6-6: Add Or Edit A User's Device Access Dialog

    Configuring Users and Groups Table 6-3: User Configuration Settings (Continued) Settings Notes • Sensors • Power Check any of the checkboxes to • Event log • Service Processor Con- authorize the user to perform the • Device Con- sole selected device management actions sole •...

  • Page 208: Figure 6-7: Add New Device Or Edit Device Dialog

    On the dialog shown in Figure 6-7, the following device management actions are available to assign for the selected device to the selected user: • Sensors • Event log • Device console • Power • Service processor console • Native IP AlterPath OnBoard Administrator’s Guide...

  • Page 209: Configuring Groups

    Configuring Users and Groups Configuring Groups Clicking the “Add new group” button or clicking the “Edit” button for an existing group brings up a screen with the fields shown in the following figure. Figure 6-8: Add New Group or Edit Dialog Clicking the “Delete”...

  • Page 210: Figure 6-10: Add Or Edit A Group's Device Access Dialog

    To Create and Authorize a User for Device Management 1. Log into the Web Manager as an administrative user. See “To Log Into the Web Manager” on page 75, if needed. 2. Go to Config → Users and groups. AlterPath OnBoard Administrator’s Guide...

  • Page 211: To Modify A User's Account

    Configuring Users and Groups 3. To add a user, do the following steps. a. Click the “Add new user” button. b. Enter a username in the “User Name” field. c. Enter an identifying name and optional job description in the “Full Name”...
  • Page 212 Click OK. The “Edit username’s device access privileges” screen appears. 4. Click OK. 5. Click “Save and apply changes.” AlterPath OnBoard Administrator’s Guide...

  • Page 213: To Create And Authorize A Group For Device Management

    Configuring Users and Groups To Create and Authorize a Group for Device Management 1. Log into the Web Manager as an administrative user and go to Config → Users and groups. 2. Add a group by performing the following steps. a.

  • Page 214: Configuring Authentication

    Authentication Server” on page 190 Specify an authentication method for “Configuring an Authentication Method for OnBoard logins. the OnBoard” on page 192 Specify authentication for devices. “Configuring Devices” on page 163 “Selecting or Configuring a Security Profile” on page 224 AlterPath OnBoard Administrator’s Guide...

  • Page 215: Configuring Authentication Servers

    Configuring Authentication Configuring Authentication Servers The administrative user can use the Config → Authentication screen to configure all authentication servers to be used by the OnBoard or connected devices. When an administrative user goes to Config → Authentication, the screen shown in the following figure appears with the menu options shown for configuring authentication servers.

  • Page 216: Configuring A Kerberos Authentication Server

    KDC’s hdc.conf file. Therefore, it is essential for the time on the OnBoard to be synchronized with the time on the KDC. AlterPath OnBoard Administrator’s Guide...

  • Page 217: To Configure A Kerberos Authentication Server

    Configuring Authentication To Configure a Kerberos Authentication Server Perform this procedure to configure an authentication server when the OnBoard or any of its connected devices is to use the Kerberos authentication method or any of its variations (Kerberos, Local/Kerberos, Kerberos/Local, or Kerberos Down/Local).
  • Page 218 5. Enter the IP address of the Kerberos server in the “Kerberos Server IP address” field. 6. Enter the domain name of the Kerberos realm in the “Kerberos Realm Domain Name” field. 7. Click “Save and apply changes.” AlterPath OnBoard Administrator’s Guide...

  • Page 219: Configuring An Ldap Authentication Server

    Configuring Authentication Configuring an LDAP Authentication Server When an administrative user goes to Config → Authentication or Config → Unit Authentication and selects LDAP from the “Authentication Type” pull- down menu, the fields shown in the following figure appear. If an LDAP authentication server has not previously been configured, the fields are empty.

  • Page 220: To Configure An Ldap Authentication Server

    5. Replace the default domain name with the name of your LDAP domain. For example, for the LDAP domain name cyclades.com, the correct entry is: dc=cyclades,dc=com. 6. Click “Save and apply changes.”...

  • Page 221: Configuring A Nis Authentication Server

    Configuring Authentication Configuring a NIS Authentication Server When an administrative user goes to Config → Authentication and selects NIS from the “Authentication Type” pull-down menu, the fields shown in the following figure appear. Figure 6-15:Config → Authentication: NIS The administrative user must obtain the needed information about the NIS server from the server’s administrator and configure the server by filling in these fields that display when the NIS authentication type is selected: •...

  • Page 222: Configuring A Radius Authentication Server

    Configuring a Radius Authentication Server When an administrative user goes to Config → Authentication and selects Radius from the “Authentication Type” pull-down menu, the fields shown in the following figure appear. Figure 6-16:Config → Authentication: Radius AlterPath OnBoard Administrator’s Guide...

  • Page 223: To Configure A Radius Authentication Server

    Configuring Authentication The administrative user must obtain the needed information about the Radius server from the server’s administrator and configure the server by filling in these fields that display when the Radius authentication type is selected: • First Authentication Server •...

  • Page 224: Configuring An Smb Authentication Server

    The administrative user must obtain the needed information about the SMB server from the server’s administrator and configure the server by filling in these fields that display when the SMB authentication type is selected: • Domain • Primary Domain Controller • Secondary Domain Controller AlterPath OnBoard Administrator’s Guide...

  • Page 225: To Configure An Smb Authentication Server

    Configuring Authentication To Configure an SMB Authentication Server Perform this procedure to identify the authentication server when the OnBoard or any of the connected devices is to use the SMB authentication method or any of its variations (Local/SMB, SMB/Local, or SMB Down/ Local).

  • Page 226: Configuring A Tacacs+ Authentication Server

    TACACS+ authentication type is selected: • First Authentication Server • Second Authentication Server • First Accounting Server • Second Accounting Server • Secret • Enable Raccess Authorization • Timeout(s) • Retries AlterPath OnBoard Administrator’s Guide...

  • Page 227: To Configure A Tacacs+ Authentication Server

    Configuring Authentication To Configure a TACACS+ Authentication Server Perform this procedure to identify the authentication server when the OnBoard or any of the connected devices is to use the TACACS+ authentication method or any of its variations (Local/TACACS+, TACACS+/ Local, or TACACS+ Down/Local). Work with the TACACS+ server’s administrator to ensure that following types of accounts are set up on the TACACS server and that the administrators of the OnBoard and connected devices know the passwords assigned to the...

  • Page 228: Configuring An Authentication Method For The Onboard

    When an administrative user goes to Config → Unit Authentication, the screen shown in the following figure appears. The administrative user uses this screen to configure the authentication method that applies when anyone attempts to log into the OnBoard. Figure 6-19:Default Config → Authentication Screen AlterPath OnBoard Administrator’s Guide...

  • Page 229: Figure 6-20: Default Config → Unit Authentication Screen With Menu Options

    Configuring Authentication By default Local authentication is in effect, and no configuration is required. The following figure shows the authentication methods available for OnBoard logins. Figure 6-20:Default Config → Unit Authentication Screen With Menu Options When an authentication method is selected from the menu, additional configuration fields appear.

  • Page 230: Configuring Notifications

    To configure a notification, the administrative user clicks the “Add” button after selecting one of the notification methods from the menu. The screen that appears has different fields and menu options depending on which notification method was selected. AlterPath OnBoard Administrator’s Guide...

  • Page 231: Configuring Snmp Trap Notifications

    Configuring Notifications Configuring SNMP Trap Notifications The following figure shows the fields that appear when “SNMP trap” is selected and the “Add” button is clicked on the Config → Notifications screen. Figure 6-22:Config → Notifications: SNMP Trap Add Dialog If the Simple Network Management Protocol (SNMP) service is enabled on the OnBoard, the OnBoard administrator can use the dialog shown in Figure 6-22 to send notifications about significant events or traps to an SNMP management application, such as HP Openview, Novell NMS, IBM NetView,...

  • Page 232: To Configure Snmp Trap Notifications

    3. Check or leave unchecked the checkbox next to “Scan device console session for matches.” 4. Enter a name for the trigger in the “Name” field. 5. Enter an event to trigger the alarm in the “Alarm trigger” field. AlterPath OnBoard Administrator’s Guide...

  • Page 233: Configuring Pager Notifications

    Configuring Notifications 6. Enter an OID type number in the “OID Type value” field. 7. Select one of the trap designators from the “Trap number” pull-down menu. 8. Enter a community name in the “Community” field. 9. Enter an SNMP server IP address or DNS name in the “SNMP server” field.

  • Page 234: Table 6-6: Fields For Configuring A Pager Notification

    5. Enter an event to trigger the alarm in the “Alarm trigger” field. 6. Enter a pager or phone number in the “Pager/phone number” field. 7. Enter the desired text in the “Text” field. 8. Enter a username in the “SMS username” field. AlterPath OnBoard Administrator’s Guide...

  • Page 235: Configuring Email Notifications

    Configuring Notifications 9. Enter the IP address for an SMS server in the “SMS server” field. 10. Enter an SMS port in the “SMS port” field. 11. Click OK. 12. Click “Save and apply changes.” Configuring Email Notifications The following figure shows the fields that appear when the Email option is selected and the Add button is clicked.

  • Page 236: To Configure An Email Notification

    7. Enter a source email address in the “From” field. 8. Enter a subject that describes the alarm trigger in the “Subject” field. 9. Enter the desired text for the email message in the “Body” field. 10. Click OK. 11. Click “Save and apply changes.” AlterPath OnBoard Administrator’s Guide...

  • Page 237: Configuring Sensor Alarms

    Configuring Sensor Alarms Configuring Sensor Alarms When an administrative user goes to Config → Sensor alarms, the screen shown in the following figure appears. The administrative user can use this screen to configure the OnBoard to check sensor readings from service processors and to configure alarms to be sent if the sensor readings are not within certain specified values.

  • Page 238: Table 6-8: Fields For Configuring Sensor Alarms

    3. Specify the sensor to monitor in the “Sensor” field. 4. Select a condition to trigger the sensor alarm from the “Condition” pull- down menu. 5. When the condition is inside or outside a range, specify the range in the “Range” fields. AlterPath OnBoard Administrator’s Guide...

  • Page 239: Configuring A "Syslog Message" Sensor Alarm Action

    Configuring Sensor Alarms 6. Specify a polling interval and choose “minutes” or “hours” from the “Interval” pull-down menu. 7. Select the desired notification action from the “Action” pull-down menu. 8. Enter a comment, if desired, in the “Comment” field. 9. Go to the appropriate procedure from the following table, depending on which option is selected from the “Action”...

  • Page 240: Configuring The "Snmp Trap" Sensor Alarm Action

    Configuring the “SNMP Trap” Sensor Alarm Action The following figure shows the fields that appear when “SNMP trap” is selected on the “Action” menu on the Config → Sensor Alarms screen that is shown in Figure 6-26. AlterPath OnBoard Administrator’s Guide...

  • Page 241: Figure 6-28: Config → Sensor Alarms Snmp Trap Fields

    Configuring Sensor Alarms Figure 6-28:Config → Sensor Alarms SNMP Trap Fields The following table describes the fields in Figure 6-28. Table 6-10: Fields for Configuring a SNMP Trap Sensor Alarms Field or Menu Name Description • SNMP v1 Protocol • SNMP v2c •...

  • Page 242: To Configure An Snmp Trap Sensor Alarm Action

    Enter the username required for authentication in the “User” field. ii. Choose an authentication type from the “Authentication Type” pull-down menu. iii. Enter the authentication password in the “Password” field. iv. Select an encryption method from the “Encryption” pull-down menu. AlterPath OnBoard Administrator’s Guide...

  • Page 243: Configuring A "Pager" Sensor Alarm Action

    Configuring Sensor Alarms v. Enter the appropriate password for the encryption method in the “Crypt pass” field. d. Enter the IP address or DNS-resolvable name of the SNMP server in the “Server” field. e. Enter any desired text in the “Body” field. 4.

  • Page 244: Configuring An "Email" Sensor Alarm Action

    The following figure shows the fields that appear when “Email” is selected on the “Action” menu on the Config → Sensor Alarms screen that is shown in Figure 6-26. Figure 6-30:Config → Sensor Alarms Email Message Fields AlterPath OnBoard Administrator’s Guide...

  • Page 245: Configuring Snmp

    Configuring SNMP The following table describes the fields in Figure 6-27. Table 6-12: Fields for Configuring Email Sensor Alarms Field or Menu Name Notes From: Identifies the sender, for example root@OnBoard Designates who is to receive of the email Subject: Identifies the source of the message, for example: “Alarm: Sensor Error from rack1_dev2_ilo.”...

  • Page 246: Figure 6-31: Config → Snmp Configuration Screen

    The following table lists the tasks for configuring SNMP Table 6-13: Tasks for Configuring SNMP Task Where Documented Configure OnBoard contact “Configuring SNMP Information Settings” on page 211 and location information Configure SNMP for devices “Configuring SNMP for Devices” on page 212 AlterPath OnBoard Administrator’s Guide...

  • Page 247: Configuring Snmp Information Settings

    Configuring SNMP Configuring SNMP Information Settings Under the “OnBoard information settings” heading on the Config → SNMP screen shown in Figure 6-31, clicking the “Edit” button enables the administrative user to change the configured values. The “Edit” button brings up the screen shown in the following figure. Figure 6-32:Config →...

  • Page 248: Configuring Snmp For Devices

    Pressing the “SNMP Configure” button next to the name of a device brings up the screen like the one shown in the following figure. The administrative user can use this screen to define the SNMP protocol for a device and configure SNMP access. Figure 6-34:Device SNMP Settings Screen AlterPath OnBoard Administrator’s Guide...

  • Page 249: Configuring Device Snmp Settings

    Configuring SNMP Configuring Device SNMP Settings When the administrative user clicks the “Edit” button under the “Service Processor SNMP setting” heading shown in Figure 6-34, a screen appears like the one shown in the following figure when “v1” is selected from the “SNMP version”...
  • Page 250 Processor SNMP setting” heading shown in Figure 6-33, a screen appears like the one shown in the following figure when “v2” is selected from the “SNMP version” menu. Figure 6-37:Config → SNMP: Device SNMP Access Dialog With V3 Selected AlterPath OnBoard Administrator’s Guide...

  • Page 251: Configuring Snmp Access Settings

    Configuring SNMP Configuring SNMP Access Settings When the administrative user clicks the “Add Access” button under the “Service Processor SNMP setting” heading shown in Figure 6-34, a screen appears like the one shown in the following figure. Figure 6-38:Config → SNMP: Device SNMP Access Dialog With V1 Selected The fields on the screen shown in Figure 6-38 vary according to which SNMP protocol type is selected.

  • Page 252: Fields And Menu Items For Configuring Snmp For Devices

    By default, the public community cannot access SNMP information on the OnBoard. Fields for configuring SNMP v3 only: Username used for authentication User name • MD5 Auth method • SHA AlterPath OnBoard Administrator’s Guide...

  • Page 253: To Configure Snmp For A Device

    Configuring SNMP Table 6-14: Fields for Configuring SNMP (Continued) Field or Menu Name Description Password used for authentication Auth pass • DES Encryption • AES Password used for encryption Crypt pass To Configure SNMP for a Device 1. Log into the Web Manager as an administrative user. 2.
  • Page 254 “Security level.” e. Configure views as desired by performing the following steps. Click the “Edit views” button. The “Views configuration” screen appears. To add a view, click the “Add View” button. AlterPath OnBoard Administrator’s Guide...

  • Page 255: Configuring Logging Of System Messages (Syslogs)

    Configuring Logging of System Messages (Syslogs) The “SNMP view settings” dialog appears. iii. Enter the desired name in the “View name” field. iv. Fill out as many entries as desired with an OID and Mask, and select the desired “Include” and “Exclude” options from the pull- down menu on the left of each entry.

  • Page 256: Syslog Destination

    The bottom of the Config → Syslog screen has two sets of checkboxes for specifying which types of web log and system log messages are forwarded based on their severity level: • Emergency • Alert • Critical • Error • Warning, • Notice • Info • Debug AlterPath OnBoard Administrator’s Guide...

  • Page 257: To Configure The Syslog Destination And Message Filtering

    Configuring Logging of System Messages (Syslogs) To Configure the Syslog Destination and Message Filtering 1. Go to Config → Syslog. The Syslog screen displays. 2. Select a destination for the Syslog messages by doing one or more of the following steps as desired. a.

  • Page 258: Configuring The Event Log Backend

    Clicking the “Edit” button on the Event log backend screen brings a dialog like the one shown in the following screen example. Figure 6-43:Config → Event Log Backend: Edit Dialog AlterPath OnBoard Administrator’s Guide...

  • Page 259: To Configure Event Logging For Connected Service Processors

    Configuring the Event Log Backend To Configure Event Logging for Connected Service Processors 1. Log into the Web Manager as an administrative user. 2. Go to Config → Event log backend. The Event log backend profile screen displays. 3. Click the “Edit” button to edit event logging for a device. The “Edit OnBoard Event Log Settings for Device”...

  • Page 260: Selecting Or Configuring A Security Profile

    Clicking the “Proceed” button on the Security Profile Caution screen brings up the Security Profile configuration dialog shown in the following figure. AlterPath OnBoard Administrator’s Guide...
  • Page 261 Selecting or Configuring a Security Profile Figure 6-45:Config → Security Profile Dialog With the “Moderate” Profile Enabled An administrative user can use the Config → Security profile screen to select one of the default security profiles or configure a custom security profile for the OnBoard.

  • Page 262: Secured

    HTTPS when bringing up the Web Manager, because HTTP is disabled by the secured security profile. The features in the “Secured” security profile are described in Table 1-7, “Secured Security Profile Services/Features,” on page 13. AlterPath OnBoard Administrator’s Guide...

  • Page 263: Open

    Selecting or Configuring a Security Profile Open The following figure shows the lists of enabled and disabled features in the dialog for the “Open” security profile. Figure 6-47:“Open” Security Profile Dialog The features in the “Open” security profile are described in Table 1-8, “Open Security Profile Services/Features,”...

  • Page 264: Custom

    The administrative user can change the authentication type for each individual device while configuring it. AlterPath OnBoard Administrator’s Guide...

  • Page 265: Configuring The Onboard's Services

    Configuring the OnBoard’s Services To Select the OnBoard’s Security Profile 1. Log into the Web Manager as an administrative user. 2. Go to Config → Security profile. The Security profile screen displays. 3. Click the “Proceed” button. 4. Select a security profile from the “Security Level” pull-down menu. 5.

  • Page 266: To Configure Services

    The Services screen displays. 3. Click to check a checkbox next to each service you want to enable. 4. Click to leave unchecked any previously-enabled service that you want to disable. 5. Click “Save and apply changes.” AlterPath OnBoard Administrator’s Guide...

  • Page 267: Chapter 7: Web Manager "Network" Menu Options

    Chapter 7 Web Manager “Network” Menu Options This chapter describes the menu options available to administrative users under the “Network” top menu option. For an overview of all the Web Manager features and menu options that are available for administrative users, see Chapter 2, “Web Manager Introduction,”...

  • Page 268: Options Under "Network

    Options Under “Network” When an administrative user clicks the “Network” option in the top menu of the Web Manager, seven options appear in the left menu, as shown in the following figure. Figure 7-1: “Network” Menu Options AlterPath OnBoard Administrator’s Guide...

  • Page 269: Configuring Network Interfaces

    Configuring Network Interfaces The options that appear when an administrative user clicks “Network” are described in the sections listed below. Table 7-1: Options Under “Network” Option Where Described Host Settings “Configuring Network Interfaces” on page 233 Firewall “Configuring Firewall Rules for OnBoard Packet Filtering” on page 239 Host table “Configuring Hosts”...

  • Page 270: Table 7-2: Network Interfaces Configuration Values

    IP address for a primary DNS server on the same subnet as the OnBoard Secondary DNS server IP address for an optional secondary DNS server on the same subnet as the OnBoard Domain name Domain name used on the domain name server (DNS) AlterPath OnBoard Administrator’s Guide...

  • Page 271: Configuring Routes

    Configuring Network Interfaces Keep following two issues in mind when configuring public Ethernet ports: • When an interface is configured for DHCP and the DHCP server cannot be reached for any reason, the interface IP address falls back to the preconfigured default static IP address (192.168.160.10) unless an OnBoard administrator has assigned an IP address to the interface.

  • Page 272: Configuring Failover

    • If DHCP is disabled, configure each port for static IP addressing. The example in the following figure shows the fields that appear on the Network → Host Settings screen when both the primary and secondary AlterPath OnBoard Administrator’s Guide...

  • Page 273: To Configure Onboard Network Interfaces

    Configuring Network Interfaces Ethernet ports are enabled and DHCP is disabled. The fields shown in Figure 7-4 are for the following purposes: • Configuring basic network parameters and assigning a static IP address to the Ethernet port (s) • Configuring DNS Figure 7-4: Network →...
  • Page 274 Enter or modify the IP address for an optional secondary DNS server in the “Secondary DNS” field. c. Enter or modify an existing domainname in the “Domain name” field. 8. Click “Save and apply changes.” AlterPath OnBoard Administrator’s Guide...

  • Page 275: Configuring Firewall Rules For Onboard Packet Filtering

    Configuring Firewall Rules for OnBoard Packet Filtering Configuring Firewall Rules for OnBoard Packet Filtering When an administrative user clicks the “Firewall” option under “Network,” a screen appears like the one shown in the following figure. The administrative user can use this screen to configure packet filtering as described in this section.

  • Page 276: Adding A Rule

    “Add new NAT prerouting rule” button. Figure 7-6: Network → Firewall: Add Rule Dialog See Table 1-25, “Filter Options for Packet Filtering Rules,” on page 65 for definitions of the filter options on the dialog shown in Figure 7-6. AlterPath OnBoard Administrator’s Guide...

  • Page 277: To Add A New Packet Filtering (Firewall) Rule

    Configuring Firewall Rules for OnBoard Packet Filtering To Add a New Packet Filtering (Firewall) Rule 1. Log into the Web Manager as an administrative user. See “To Log Into the Web Manager” on page 75, if needed. 2. Go to Network → Firewall. 3.

  • Page 278: Configuring Hosts

    Figure 7-7: Network → Host Table Screen The administrative user can use the “Edit,” “Delete,” and “Add new host” buttons on the form to do the following: • Add a new host • Edit the host’s configuration • Delete host entries AlterPath OnBoard Administrator’s Guide...

  • Page 279: Figure 7-8: Network → Host Table: Add New Host Dialog

    Configuring Hosts The following figure shows the dialog that appears when the administrative user clicks the “Add new host” button on the screen shown in Figure 7-7. Figure 7-8: Network → Host Table: Add New Host Dialog When adding a host, the administrative user must enter the information in the top two bullets below: •...

  • Page 280: Configuring Static Routes

    Figure 7-10 shows the dialog that appears when the administrative user clicks the “Add new static route” button on the screen shown in Figure 7-9. Figure 7-10: Network → Add New Static Route Dialog AlterPath OnBoard Administrator’s Guide...

  • Page 281: Table 7-3: Fields And Menus For Configuring Static Routes

    Configuring Static Routes The following table describes the fields and menu options that appear when you select the “Edit” or “Add” buttons. Table 7-3: Fields and Menus for Configuring Static Routes Field or Menu Name Definition Enter the IP address of the destination host or specify a Network Address network in the form networkIPaddress/mask_length (also referred to as prefix/length).

  • Page 282: Configuring Vpn Connections

    An administrative user must configure VPN connections in order to enable authorized users to access native IP management features on an SP. See the AlterPath OnBoard User’s Guide for background information about how users create a VPN connection from their remote computers to enable access native IP features on an SP.

  • Page 283: Configuring Ipsec Vpn Connections

    Configuring VPN Connections Configuring IPSec VPN Connections Selecting “Add new connection” on the VPN connections screen under the IPSec heading brings up the screen shown in the following figure. Figure 7-12:IPSec VPN Connection Configuration Dialog The administrative user can define multiple IPSec VPN connections. To Configure IPSec VPN Make sure that the IPsec service is enabled.

  • Page 284: Configuring Pptp Vpn Connections

    To configure the addresses used for all PPTP VPN connections between users and the OnBoard, the administrative user needs to fill in the PPTP fields shown in the following figure from the Network → VPN Connections Screen. AlterPath OnBoard Administrator’s Guide...

  • Page 285: Figure 7-13: Pptp Vpn Connection Configuration Fields

    Configuring VPN Connections Figure 7-13:PPTP VPN Connection Configuration Fields The following table describes the fields for configuring a PPTP profile. Specify a pool of addresses in the form 10.0.0.100-110. Table 7-4: Fields for Configuring a PPTP Profile Field Purpose PPTP local address pool Assign an OnBoard IP address or range of addresses to be used whenever a user creates a PPTP VPN connection to the...

  • Page 286: Configuring An Address For System Emails

    3. Enter an email address for an administrator to receive email from the system in the “System email forwarding address.” 4. Enter the DNS name or IP address for an SMTP server. 5. Click the “Save and apply changes” button. AlterPath OnBoard Administrator’s Guide...

  • Page 287: Configuring Private Subnets And Virtual Networks

    Configuring Private Subnets and Virtual Networks Configuring Private Subnets and Virtual Networks The administrative user performs configuration on the Network → Private subnets screen after deciding which addressing scheme to use, as discussed here and in more detail in Appendix , ‘Advanced Device Configuration” on page 309.”...

  • Page 288: Figure 7-16: Network → Private Subnets: Add Subnet Dialog

    The OnBoard derives the range of addresses in the subnet from the OnBoard- side IP address and the subnet mask. The OnBoard uses the specified information to create a route to the subnet in the OnBoard’s routing table. AlterPath OnBoard Administrator’s Guide...

  • Page 289: Configuring A Virtual Network (Dnat)

    Configuring Private Subnets and Virtual Networks The example in Figure 7-17 shows a private subnet name of “net1,” an OnBoard side IP address of 192.168.0.254, and a subnet netmask of 255.255.255.0. Figure 7-17:Network → Private Subnets: Add Subnet Dialog The example in Figure 7-17 shows a private subnet name of “net1,” an OnBoard side IP address of 192.168.0.254, and a subnet netmask of 255.255.255.0.

  • Page 290: Table 7-6: Fields On The Private Subnet Virtual Network Configuration Dialog

    4. Enter an IP address for the OnBoard within the private subnet’s network address range in the “Onboard side IP address” field. 5. Enter a netmask for the private subnet in the “Subnet netmask” field. 6. Click OK. 7. Click “Save and apply changes.” AlterPath OnBoard Administrator’s Guide...

  • Page 291: To Configure A Virtual Network

    Configuring Private Subnets and Virtual Networks To Configure a Virtual Network 1. Log into the Web Manager as an administrative user. See “To Log Into the Web Manager” on page 75, if needed. 2. Under “Virtual Network (DNAT) configuration,” enter a virtual IP address to assign to the OnBoard from the virtual network’s address range in the “Address”...
  • Page 292 Configuring Private Subnets and Virtual Networks AlterPath OnBoard Administrator’s Guide...

  • Page 293: Chapter 8: Web Manager "Info" And "Mgmt Menu Options

    Chapter 8 Web Manager “Info” and “Mgmt” Menu Options This chapter describes the menu options available to administrative users under the “Info” and “Mgmt” top menu options. For an overview of all the Web Manager features and menu options that are available for administrative users, see Chapter 2, “Web Manager Introduction,”...

  • Page 294: Options Under "Info

    Table 8-1: Options Under Info Option Where Described Session status “Viewing Status Information About Active Sessions” on page 259 System “Viewing System Information” on page 260 Information Detected devices “Viewing Information About Detected Devices” on page 263 AlterPath OnBoard Administrator’s Guide...

  • Page 295: Viewing Status Information About Active Sessions

    Options Under “Info” Viewing Status Information About Active Sessions When an administrative user goes to Info → Session status, a screen appears like the one shown in the following figure. Figure 8-2: Info → Session Status Screen The following table lists the headings on the Info → Session status screen. Table 8-2: Information on the Info →...

  • Page 296: Viewing System Information

    Options Under “Info” Viewing System Information When an administrative user goes to Info → System information, a screen appears like the one shown in the following figure. Figure 8-3: Info → System Information Screen AlterPath OnBoard Administrator’s Guide...

  • Page 297: Table 8-3: Information On The System Information Screen

    Options Under “Info” The following table lists the types of information available on the system information screen. Table 8-3: Information on the System Information Screen Heading Listed Information Kernel Version System Information Date Up Time Power Supply State CPU Information Revision Bogomips Vendor...
  • Page 298 HighTotal HighFree LowTotal LowFree SwapTotal SwapFree Committed_AS VmallocTotal VmallocUsed VmallocChunk Socket 0 – Ident[ity] PCMCIA Information Socket 0 – Config Socket 0 – Status Socket 1 – Ident[ity] Socket 1 – Config Socket 1 – Status AlterPath OnBoard Administrator’s Guide...

  • Page 299: Viewing Information About Detected Devices

    Options Under “Info” Table 8-3: Information on the System Information Screen (Continued) Heading Listed Information Lists the partitions under the following headings RAM Disk Usage Viewing Information About Detected Devices When an administrative user goes to Info → Detected devices, a screen appears like the one shown in the following figure.
  • Page 300 IP address along with a DHCP hostname to devices that have DHCP clients enabled. The DHCP hostname displays here. The number of the OnBoard private port through which the device Port is being detected. AlterPath OnBoard Administrator’s Guide...

  • Page 301: Options Under "Mgmt

    Options Under “Mgmt” Options Under “Mgmt” Clicking the “Mgmt” (Management) option brings up the left menu options shown in the following screen example. Figure 8-5: “Mgmt” Options The following table describes the Menu Options under “Mgmt” and provides links to procedures. Table 8-5: Tasks Performed Under the Web Manager “Mgmt”...

  • Page 302: Backing Up Or Restoring Configuration Files

    Clicking the “Load” button overwrites the current state of the configuration files with the last backup copy that was made. See “Understanding How Configuration Changes Are Handled” on page 67, if needed, for more information. AlterPath OnBoard Administrator’s Guide...

  • Page 303: Upgrading Onboard Firmware (Operating System Kernel Configuration Files, And Applications)

    Options Under “Mgmt” To Back Up Configuration Files 1. Bring up the Web Manager and log in. See “To Log Into the Web Manager” on page 75, if needed. 2. Go to Mgmt → Backup/restore. 3. Click the “Save” button to back up the current state of the configuration files.

  • Page 304: Information Needed For Firmware Upgrades

    The address of the FTP server where the firmware is FTP site located. You can use any ftp server if you download the firmware onto it first. The Cyclades ftp site address is: ftp.cyclades.com. See “To Download OnBoard Firmware From Cyclades” on page 269 for how to download the firmware for upgrading from a local ftp server.

  • Page 305: Configuration Backups Before Upgrading Firmware

    To Download OnBoard Firmware From Cyclades An administrator can use this procedure to download OnBoard firmware from the Cyclades ftp server onto a local ftp server. After downloading the software onto the OnBoard by following this procedure, the administrative user needs to perform the procedure under “To Upgrade the OnBoard’s Operating System, Applications, and Configuration...
  • Page 306 As shown in the previous screen example, the directories are named for the software release numbers. The latest version in the example is V_1.1.0. If the latest version at the Cyclades site is more recent that the version installed on OnBoard, continue with this procedure to download the latest version.

  • Page 307: Special Considerations If The Last Boot Was A Network Boot

    Options Under “Mgmt” 7. Use the mget command to get the binary and md5 files (for example: zImage_onb_110.bin ftp> mget zImage_ 200 Switching to Binary mode. mget ZImage_onb_100.bin? y . . . mget zImage_onb_110.md5? y 8. After the download completes, end the ftp connection, and verify the presence of the files on zImage_onb_110.bin...

  • Page 308: Configuration Files

    See “To Log Into the Web Manager” on page 75, if needed. 2. Go to Mgmt → Firmware upgrade. 3. To upgrade using an image from an TFTP server, do the following steps. a. Go to the Settings → Boot Configuration screen. AlterPath OnBoard Administrator’s Guide...
  • Page 309 Options Under “Mgmt” b. Specify the location of an image that resides on a TFTP server. See “To Configure OnBoard Boot” on page 155 if needed. c. Go to Step 4. 4. If the OnBoard is currently running an image from RAMDISK after a network boot and you want to write the image into the flash memory, do the following steps.

  • Page 310: Restarting The Onboard

    To Restart the OnBoard 1. Log into the Web Manager as an administrative user. See “To Log Into the Web Manager” on page 75, if needed. 2. Go to Mgmt → Restart. 3. Click the “Restart” button. AlterPath OnBoard Administrator’s Guide...

  • Page 311: Chapter 9: Using The Cycli Utility

    Chapter 9 Using the cycli Utility This chapter describes the cycli configuration utility that is available for OnBoard administrators to use on the OnBoard’s command line. This chapter covers the topics shown in the following table. Accessing the Command Line Page 276 cycli Utility Overview Page 277...

  • Page 312: Accessing The Command Line

    Accessing the Command Line Accessing the Command Line As described in the AlterPath OnBoard User’s Guide, administrators can access the OnBoard command line in any of the following three ways. • By local logins through the console port Local OnBoard root users can access the command line by logging in through the console port using a terminal or computer running a terminal emulation program, as illustrated in the following figure.

  • Page 313: Cycli Utility Overview

    cycli Utility Overview cycli Utility Overview An administrator (root or admin) can configure the OnBoard using the cycli utility. Only one administrator (root or admin) can run the cycli utility at a time. While in the cycli utility, the administrator can escape to the shell and when finished can return to the cycli utility.

  • Page 314: Command Line Mode

    #!/usr/bin/cycli can he invoked at the top of a shell script if the script contains only cycli commands. • Any type of shell can be used to run cycli commands along with other commands. See “Entering a Command in Interactive Mode” on page 281. AlterPath OnBoard Administrator’s Guide...

  • Page 315: Cycli Options

    cycli Options cycli Options Administrators can invoke the cycli command with a number of different options shown in the following table. Table 9-1: cycli Utility Options Option Description When entered either in command line or in batch mode with commands that act on a single parameter, speeds up response time.

  • Page 316: Figure 9-1: Example Branch In The Cycli Parameter Tree

    You can use autocompletion with the set command to find out the accepted values. set network interface failover <Tab><Tab> cli> set to yes or no. Enables or disables the interface bond0. cli> AlterPath OnBoard Administrator’s Guide...

  • Page 317: Entering Values With Parameters

    cycli Parameters and Arguments Entering Values With Parameters Enter values that contain spaces within double quotes (“). To set a value that contains double quotes, precede the double quote within a double quote with a backslash (\), which is achieved by typing two backslashes. To add a user called “mozart”...

  • Page 318: Entering A Command In Batch Mode

    If you want to run a cycli command from the same script that is running other Linux commands, you could put the command in another type of shell script. The bash shell is shown in the following example:. #!/bin/bash /usr/bin/cycli -CF -- set network interface failover yes AlterPath OnBoard Administrator’s Guide...
  • Page 319 cycli Parameters and Arguments If you want to run multiple cycli commands from a script that is also running other Linux commands, you could add the multiple cycli commands as shown in the following example:. #!/bin/bash /usr/bin/cycli << EOF set network interface failover yes set network hostname frutabaga commit You could then make the script executable and execute it on the command...

  • Page 320: Autocompletion

    Pressing the Tab key once after partially-typing a parameter name automatically completes the parameter name, unless there is more than one parameter name beginning with the typed characters. If more than one parameter name begins with the typed characters, then Tab Tab displays them all. AlterPath OnBoard Administrator’s Guide...

  • Page 321: Example

    cycli Commands Example: cli> s<Tab> <Tab> shell show cli> se<TAB> cli> set n<TAB><TAB> network notifications ntp cli> set ne<TAB> cli> set network <TAB><TAB> hostname hosts interface resolv smtp st_routes cli> set network i<TAB> cli> set network interface eth0 <TAB><TAB> active address broadcast gateway method mtu netmask cli>...
  • Page 322 IP address. To specify a name or alias for a host you need to add the host first by adding its IP address, then you need to use the set command to specify its name and alias. AlterPath OnBoard Administrator’s Guide...

  • Page 323: Example

    cycli Commands Example: cli > set network hosts 192.168.160.11 name fruitbat ERR result=5 No such file or directory cli > get network hosts 192.168.160.11 name fruitbat ERR result=5 No such file or directory cli > add network hosts 192.168.160.11 cli > get network hosts 192.168.160.11 name alias cli >...

  • Page 324: Example

    Deletes the last parameter in the command line. Deleting certain parameters deletes associated parameters. For instance, if an IP address is deleted from the host list, other parameters associated with a host (name, alias) are also deleted. parameter(s) delete AlterPath OnBoard Administrator’s Guide...

  • Page 325: Example

    > get network hostname anchovy cli> show network resolv domain cyclades.com When get is entered with a partial parameter, all the subtrees display. In the output, if a value is assigned, the parameter preceding the value ends with a semicolon.

  • Page 326: Example

    1500 network interface eth2 active: no network smtp auth method network ipv4 icmp echo_ignore_all: 0 network ipv4 ip forward cli> AlterPath OnBoard Administrator’s Guide...

  • Page 327: Example

    cycli Commands If the system assigns default values, default values are shown next to the automatically added parameter name, as in the following example, which was entered on the OnBoard before any configuration has been done. Example: cli> get network interface eth0 network interface eth0 active: yes network interface eth0 method: dhcp network interface eth0 address: 192.168.160.10...

  • Page 328: Example

    Rename a parameter. Depending on the parameter, this may result in a whole subtree of parameters being moved. For instance, if an IP address in the host list is changed, all parameters associated with that host (name, alias) are moved under the new name. AlterPath OnBoard Administrator’s Guide...

  • Page 329: Example

    cycli Commands Example: cli> get network hosts 192.168.160.11 network hosts name: fruitbat alias cli> rename network hosts 192.168.160.11 192.168.160.222 cli> get network hosts 192.168.160.11 ERR No such file or directory cli> get network hosts 192.168.160.222 name fruitbat alias revert Discard changes and revert to previously committed state. Example: cli>...

  • Page 330: Example

    Escape to shell. This command is only available to root. Example: cli> shell [root@onboard root]# whoami root [root@onboard root]# logout cli> version Displays the current cycli version. Example: cli> version OnBoard CLI 2.0 (2005-06-16T13:47+1000) AlterPath OnBoard Administrator’s Guide...

  • Page 331: Summary Of How To Configure The Top Level Parameters

    Summary of How to Configure the Top Level Parameters Summary of How to Configure the Top Level Parameters The following table is a brief overview of how to configure the top level parameters. Typing any of the commands such as add or set then pressing twice displays all the top level parameters, as shown in the following screen example.
  • Page 332 Use the set command to configure the group members (set group groupname users username[,username2,...,usernameN) Use the set command to configure HTTP/ httpd HTTPS services (set httpd http Tab Tab shows the configuration parameters to set) AlterPath OnBoard Administrator’s Guide...
  • Page 333 Summary of How to Configure the Top Level Parameters Table 9-2: Top Level cycli Parameters With Set or Add Commands (Sheet 3 of 8) Parameter Command • Use the set command to configure an IPDU ipdu (set ipdu s1 <Tab><Tab> shows the configuration parameters to set) •...
  • Page 334 • Use the add command to add a static route to network st_routes the routing table (add network st_routes IP_address). • Use the set command to configure the static route (set network st_routes IP_address <Tab><Tab> shows the parameters to set) AlterPath OnBoard Administrator’s Guide...
  • Page 335 Summary of How to Configure the Top Level Parameters Table 9-2: Top Level cycli Parameters With Set or Add Commands (Sheet 5 of 8) Parameter Command • Use the add command to add a notification notifications (add notifications name). • Use the set command to configure the parameters (set notifications name <Tab><Tab>...
  • Page 336 Use the set pptpd command to configure pptpd PPTP (set pptpd <Tab><Tab> shows the parameters to set). Use the set profile command to select the profile security profile (set profile Tab Tab shows the parameters to set). AlterPath OnBoard Administrator’s Guide...
  • Page 337 Summary of How to Configure the Top Level Parameters Table 9-2: Top Level cycli Parameters With Set or Add Commands (Sheet 7 of 8) Parameter Command • Use the add sensoralarm command to sensoralarm configure a sensor alarm (add sensoralarm alarm_ID) •...
  • Page 338 (set web <Tab><Tab> shows the parameter to set). The default is http:// www.cyclades.com/online-help/onb/v_1.0.0/. 1. For this release, ethernetN and modemN are the only card types that are sup- ported. AlterPath OnBoard Administrator’s Guide...

  • Page 339: Chapter 10: Troubleshooting

    Chapter 10 Troubleshooting This chapter provides information related to troubleshooting the OnBoard. See the sections shown in the following table. Connection Methods for Troubleshooting Page 304 Recovering from root Authentication Failure Page 304 Restarting the Web Manager Page 306 Replacing a Boot Image for Troubleshooting Page 307 Using the create_cf Command When Troubleshooting Page 307...

  • Page 340: Connection Methods For Troubleshooting

    For example, to enable use of a PCMCIA modem card, the PCMCIA modem card must be installed as described in the AlterPath OnBoard Installation Guide and configured as described in c. Recovering from root Authentication Failure Use the following procedure if an attempt to login to the console as root brings up the following message.

  • Page 341: To Recover From Root Authentication Failure

    Recovering from root Authentication Failure To Recover from root Authentication Failure 1. Boot the OnBoard in the u-boot monitor mode. See “To Boot in U-Boot Monitor Mode” on page 377. The U-Boot as shown in the following screen example monitor prompt appears =>...

  • Page 342: Restarting The Web Manager

    [root@OnBoard root]# ps -fe | grep apache 10131 nobody 3864 S /usr/local/apache2/bin/httpd -k start If a line like the one shown in the previous screen example appears, the web application successfully restarted. AlterPath OnBoard Administrator’s Guide...

  • Page 343: Replacing A Boot Image For Troubleshooting

    Replacing a Boot Image for Troubleshooting Replacing a Boot Image for Troubleshooting Information in “Boot File Location Information” on page 372 in Appendix B, “Advanced Boot and Backup Configuration Information” gives an OnBoard administrator who has the root password enough background to be able to boot from an alternate image if the need arises and if the Web Manager is not available.
  • Page 344 Using the create_cf Command When Troubleshooting AlterPath OnBoard Administrator’s Guide...

  • Page 345: Appendix A: Advanced Device Configuration

    Appendix A Advanced Device Configuration This appendix provides detailed information needed to understand how to configure a new device. See the sections listed in the following table. OnBoard-specific Tasks for Configuring New Devices Page 310 Understanding How the OnBoard Manages Communications With Devices Page 311 Understanding Address Configuration for Connected Devices Page 336...

  • Page 346: Onboard-Specific Tasks For Configuring New Devices

    New Device” on page 316 • “Command Templates” on page 321 • “Issues Affecting the Configuration of RSA-Type Service Processors” on page • “The onbdtemplate Utility” on page 325 • “OnBoard Expect Scripts” on page 329 AlterPath OnBoard Administrator’s Guide...

  • Page 347: Understanding How The Onboard Manages Communications With Devices

    The OnBoard has been tested with specific models of devices and firmware levels that are listed in the release notes (at http://www.cyclades.com /support/downloads under the product name “AlterPath OnBoard”). Appendix A: Advanced Device Configuration...

  • Page 348: Device Type Differences

    Application_Notes/Service_Processor_Related directory provide additional information not provided here. Check for updated application notes at http://www.cyclades.com/support/ downloads.php under the product name “AlterPath OnBoard.” Device Type Differences The device type differences are summarized in the following table. Some of the device type differences that may need to be addressed by creating new templates or Expect scripts are described in the table.

  • Page 349: Table A-2: Device Type Differences

    Understanding How the OnBoard Manages Communications With Devices docs/OnBoard/Application_Notes/ Service_Processor_Related. Also see the Readme.txt file. Table A-2: Device Type Differences Protocol Device Type Differences DRAC III/XT is the only version tested and proven to work with the default DRAC DRAC Expect script and command template. Compatibility with DRAC II or IV service processors is not guaranteed.
  • Page 350 A custom Expect script can be created to provide support for RSA II service processors that do not work with the default rsa command templates.See the RSA_II.txt file in the application notes IBM subdirectory. AlterPath OnBoard Administrator’s Guide...

  • Page 351: Additional Reasons For Creating Custom Expect Scripts

    Understanding How the OnBoard Manages Communications With Devices Additional Reasons for Creating Custom Expect Scripts The following table lists some of the reasons an administrator might want to create a custom Expect script. Table A-3: Reasons for Customizing Expect Scripts Purpose Notes Change the device access...

  • Page 352: Assigning A Command Template To A New Device

    If a new template cannot be made to work, create a custom Expect script to handle the device’s requirements. See “To Find Out if An Existing Command Template Works With a New Device” for how to perform the above-listed steps. AlterPath OnBoard Administrator’s Guide...

  • Page 353: To Find Out If An Existing Command Template Works With A New Device

    Navigate to http://www.cyclades.com/support/ downloads and click on the product name “AlterPath OnBoard.” b. Scroll down to the section heading “Firmware,” then find and click the “Release Notes” link.

  • Page 354: To Use The Onbdtemplate Utility To Create A New Template

    Perform this procedure after “To Find Out if An Existing Command Template Works With a New Device” on page 317, if the default templates do not work for a new device. See “The onbdtemplate Utility” on page 325 for details about using the onbdtemplate utility, if needed. AlterPath OnBoard Administrator’s Guide...
  • Page 355 Understanding How the OnBoard Manages Communications With Devices 1. Log into the OnBoard’s console as an administrator and run the onbdtemplate utility. 2. Select New from the menu. 3. Enter a template name, such as rsa.new. The editor brings up a template for a new command template assigning it the name you specified.

  • Page 356: To Use The Onbdtemplate Utility To Test A Template

    See “The onbdtemplate Utility” on page 325 for details about using the onbdtemplate utility, if needed. 1. Log into the OnBoard’s console as an administrator and invoke the onbdtemplate utility. 2. Select Test from the menu. AlterPath OnBoard Administrator’s Guide...

  • Page 357: Command Templates

    Understanding How the OnBoard Manages Communications With Devices 3. At the prompt, confirm that you want to continue by entering “y.” A list of templates appears. 4. Select a template to test. A list of configured devices appears. 5. Select a device to test the template against. The editor runs the commands in the specified template and returns debugging information that you can record for making command changes in a new template.
  • Page 358 [rack1_dev1_ibm_rsa] type = rsa_II ip = 10.0.0.1 real_ip = 192.168.0.1 local_ip = 192.168.0.254 virtual_ip = 10.0.0.1 netmask = 255.255.255.0 authtype = local template = rsa.default description = IBM xSeries E306 in Fremont AlterPath OnBoard Administrator’s Guide...
  • Page 359 Understanding How the OnBoard Manages Communications With Devices [rack1_dev2_compaq_ilo] type = ilo ip = 10.0.0.2 real_ip = 192.168.0.2 local_ip = 192.168.0.254 virtual_ip = 10.0.0.2 netmask = 255.255.255.0 authtype = local template = ilo.default description = Compaq Proliant iLO 1.82 server [rack1_dev3_dell_drac] type = drac ip = 10.0.0.3...
  • Page 360 = 10.0.0.5 netmask = 255.255.255.0 authtype = local template = devconsole.default description = CISCO router Figure A-1: onboard_server.ini Device Entries With Templates Assigned Note that the device with IPMI_1.5 type does not have a template. AlterPath OnBoard Administrator’s Guide...

  • Page 361: The Onbdtemplate Utility

    Understanding How the OnBoard Manages Communications With Devices Issues Affecting the Configuration of RSA-Type Service Processors RSA I devices work differently from RSA II devices and recognize different commands. A RSA I type device may be made to work if the administrator copies the talk_rsa_I.exp file to a custom script named talk_custom_N.exp, modifies it as instructed in the script, and assigns the customN type to the RSA I type device.
  • Page 362 Selecting “View,” “Edit,” “Copy,” “Test,” or “Rename” from the Action menu brings up a menu of templates like the one shown in the following screen example Please select template to view: drac.default -rsa.default ilo.default rsa.limited.default devconsole.default Exit AlterPath OnBoard Administrator’s Guide...
  • Page 363 Understanding How the OnBoard Manages Communications With Devices If “Test” is selected, after the administrator selects a template, a list of devices that use the selected template appears, like the list shown in the following screen example Select Service Processor to test against: -rack1_ibm_e360_rsa_II rack2_ibm_e360_rsa_II After the administrator selects a template and a device to test, a list of...
  • Page 364 “New,” .default “Rename,” or “Copy” functions. AlterPath OnBoard Administrator’s Guide...

  • Page 365: Onboard Expect Scripts

    Understanding How the OnBoard Manages Communications With Devices OnBoard Expect Scripts The Expect scripts are located in the /libexec/onboard directory identified with the .exp suffix. The following table lists each of the defined device types with the name of the associated Expect script. Table A-5: Default Device Types and Corresponding Expect Scripts Device Type Expect Script...
  • Page 366 The format of a custom Expect script’s file name should be: talk_customN.exp. Up to a total of three custom Expect scripts are supported. They must use the names of the placeholder custom scripts. AlterPath OnBoard Administrator’s Guide...

  • Page 367: Application Notes Related To Expect Scripts

    Application Notes Related to Expect Scripts • *_login.exp scripts are special extension scripts that can be used to change how service processors are accessed from using telnet to another access method. • Script templates are named talk_generic.exp and talk_generic_ipmi.exp. • An example custom script (for the unsupported RSA I type), is named talk_rsa_I.exp.

  • Page 368: Example Of Creating A Custom Ipmi-Type Script

    Page 336 To Create a Custom IPMI Expect Script Page 333 Contact your Cyclades representative if you need additional support for creating a custom Expect script. Example of Creating a Custom IPMI-Type Script The OnBoard uses ipmitool commands to communicate with IPMI 1.5 type service processors.

  • Page 369: Sp/Device Expect Script Arguments

    Application Notes Related to Expect Scripts To Create a Custom IPMI Expect Script 1. Log into the OnBoard command line as root. 2. Go to the /libexec/onboard directory. 3. Copy the contents of talk_generic_ipmi.exp into the talk_custom1.exp file. 4. Follow the instructions in the file for how to get a list of ipmitools command options that you can use.

  • Page 370: Action

    Asks the service processor to reset its server Asks the service processor to retrieve the System Event Log and display the SEL contents on standard output clearsel Asks the service processor to clear the System Event Log AlterPath OnBoard Administrator’s Guide...

  • Page 371: Sp/Device Expect Script Exit Codes

    Application Notes Related to Expect Scripts spconsole The native command line of the service processor. Enters interactive pass- through mode. The script authenticates with the service processor, then connects the service processor output directly to its standard output and its standard input to the service processor input.

  • Page 372: Understanding Address Configuration For Connected Devices

    A private subnet must be created for each IP address range used by the connected • “Example 1: Private Subnet devices. Configuration” on page 342 • “Example 2: Two Private Subnets and VPN Configuration” on page 345 AlterPath OnBoard Administrator’s Guide...
  • Page 373 Understanding Address Configuration for Connected Devices Table A-9: Tasks for Creating Addresses to Assign to Connected Devices (Sheet 2 of 3) Task Where Described Private subnet(s) should use IP addresses • “Using Reserved IP Addresses for Private from one of the three IP address ranges IP Addressing”...

  • Page 374: Using Reserved Ip Addresses For Private Ip Addressing

    Table A-10: IP Address Ranges Reserved for Internal Network Addressing Address Range # of Networks/Class Network Sizes 192.168.0.0—192.168.255.255 256/Class C small (fewer than 200 hosts) 172.16.0.0—172.31.255.255 16/Class B mid-sized 10.0.0.0—10.255.255.255 1/Class A large AlterPath OnBoard Administrator’s Guide...

  • Page 375: Why Define Private Subnets

    IP address ending with 255 is the broadcast address, leaving 254 addresses to assign to devices (from 1-254). To specify a range of addresses on the AlterPath OnBoard supply the network address and a subnet mask, in either of these two formats: 192.168.0.0 and 255.255.255.0 or 192.168.0.0/24.

  • Page 376: Configuring A Private Subnet

    OnBoard. The OnBoard-side address must be used by users when creating a IPSec VPN connection to enable native IP access. The OnBoard uses the specified information to create a route to the private subnet. AlterPath OnBoard Administrator’s Guide...

  • Page 377: Routing Requirements For Native Ip Access

    “Example 2: Two Private Subnets and VPN Configuration” on page 345 Routing Requirements for Native IP Access As documented in the AlterPath OnBoard User’s Guide, users who are authorized for native IP access need to create a IPSec or PPTP VPN connection before gaining native IP access.

  • Page 378: Example 1: Private Subnet Configuration

    Figure A-2 shows a private subnet configuration example. Internet rack1_dev2_compaq_iIo SP IP: 192.168.49.61 rack1_dev1_ibm_rsaII SP IP: 192.168.49.60 Private subnet address: 192.168.49.0. subnet mask: 255.255.255.0 OnBoard side IP: OnBoard public IP: 203.1.2.3 192.168.49.254 AlterPath OnBoard Figure A-2: Example 1: Private Subnet AlterPath OnBoard Administrator’s Guide...

  • Page 379: Figure A-3: Private Subnet Configuration Example

    Understanding Address Configuration for Connected Devices In Figure A-2, two devices are connected to the OnBoard. The public Ethernet port on the OnBoard has a public IP address of 203.1.2.3. The administrator plans to assign the following: • Two private IP addresses within the 192.168.49.0 network range to the devices on the OnBoard’s private network: 192.168.49.60 and 192.168.49.61, •...

  • Page 380: Figure A-4: Example 1: Device Configuration Example

    OnBoard-side IP address and subnet mask from Figure A-3 are assigned to the priv0 interface. priv0:privnet Link encap:Ethernet HWaddr 00:60:2E:BB:AA:AA inet addr:192.168.49.254 Bcast:192.168.49.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Base address:0xe000 Figure A-5: ifconfig Output Showing a priv0 Private Subnet Alias AlterPath OnBoard Administrator’s Guide...

  • Page 381: Example 2: Two Private Subnets And Vpn Configuration

    Primary Ethernet port (eth0) IP: 203.1.2.3 Subnet mask:255.255.255.0 OnBoard side IP: 192.168.4.1 OnBoard side IP:192.168.1.1 AlterPath OnBoard Private subnet (sub1): 192.168.1.0 Subnet mask 255.255.255.0 Private subnet (sub2): 192.168.4.0 Subnet mask 255.255.252.0 Figure A-6: Example 2: Two Private Subnets Appendix A: Advanced Device Configuration...

  • Page 382: Two Private Subnets And User Configuration For Example 2

    The following figure shows the values entered on the Web Manager Network → Private subnet screen to implement the private subnets in this example. Figure A-7: Example 2: Values for Configuring Two Subnets on the Network → Private Subnet Screen AlterPath OnBoard Administrator’s Guide...

  • Page 383: Private Subnets

    Understanding Address Configuration for Connected Devices As shown in the example output from the ifconfig command on the OnBoard in the following figure, both private subnet names are assigned as aliases to the priv0 interface, and the OnBoard-side IP addresses and subnet masks from Figure A-7 are assigned to the each alias.: priv0:sub1 Link encap:Ethernet HWaddr 00:60:2E:BB:AA:AA...
  • Page 384 Config → Users and groups: Device Access dialog to authorize a user name “allSPs” for native IP access to all four devices in this example. Figure A-10:Example 2: Configuration for a User Account Authorized for Native IP Access to All Configured Devices AlterPath OnBoard Administrator’s Guide...

  • Page 385: Ipsec Vpn Configuration For Example 2

    Understanding Address Configuration for Connected Devices A VPN connection must exist before a user can access native IP management features on a device. The following table lists examples that show how the VPN connections can be created using IPSec or PPTP. For these examples, the IP address of the user’s workstation is 12.34.56.78.
  • Page 386 Network → VPN connections: IPSec Add new connection dialog for a connection named “connSub1,” with the values specified from the above list. Configuration of “connSub2” would be similar, with a different “Connection name” and “Left subnet values.” AlterPath OnBoard Administrator’s Guide...

  • Page 387: Devices

    Understanding Address Configuration for Connected Devices Figure A-11:Example 2: IPSec Connection Configuration for Access to sub1 Private Subnet and “sp1” and “sp2” Devices In addition, the OnBoard administrator must do the following to enable the IPSec client to access the subnets where the devices reside.: •...

  • Page 388: Pptp Vpn Configuration For Example 2

    Figure A-12 shows the following address pools: • PPTP local address pool: 192.168.2.1-10 • PPTP remote address pool: 192.168.3.1-10 1. A VPN connection must exist before a user can access native IP management features on a device. AlterPath OnBoard Administrator’s Guide...

  • Page 389: Figure A-13: Pptp User Configuration Example

    Understanding Address Configuration for Connected Devices Note: The address pools’ IP addresses can be assigned arbitrarily. Make sure that none of the addresses assigned here are being used elsewhere on your network. • Make sure the following are done for the user who needs the PPTP VPN access: •...
  • Page 390 • In this example, to communicate with “sp1” and “sp2,” a route would needed to “sub1,” which has the network IP address 192.168.1.0 as shown below: route add -net 192.168.1.0 mask 255.255.255.0 via 192.168.2.1 AlterPath OnBoard Administrator’s Guide...

  • Page 391: Enabling Native Ip And Accessing A Device's Native Features Using Real Ip Addresses For Example 2

    Understanding Address Configuration for Connected Devices • To communicate with “sp3” and “sp4,” a route would needed to “sub2,” which has the network IP address 192.168.4.0 as shown below: route add -net 192.168.4.0 mask 255.255.255.0 via 192.168.2.1 • Enable native IP and access the device’s native features. See “Enabling Native IP and Accessing a Device’s Native Features Using Real IP Addresses for Example 2”...
  • Page 392 • Invoking ssh with the spconsole command in the following format ssh -t allSPs:sp2@192.168.1.1 spconsole AlterPath OnBoard Administrator’s Guide...

  • Page 393: Why Define Virtual (Dnat) Addresses

    Understanding Address Configuration for Connected Devices • In the Web Manager on the OnBoard, clicking the “Service Processor Console” link on the Access Devices screen. • Bringing the management application up from the service processor’s command line. • The console of the server on which the service processor resides, in one of the following two ways:.

  • Page 394: Example 3: Virtual Network With Two Private Subnets And Vpn Configuration

    As stated elsewhere, users who have the following types of access to a device cannot be prevented from seeing the real IP address of the device: • Native IP • Device console • Service processor console AlterPath OnBoard Administrator’s Guide...

  • Page 395: Figure A-14: Example 3: Virtual Network Configuration

    Primary Ethernet port (eth0) IP: 203.1.2.3 Subnet mask:255.255.255.0 OnBoard side IP:192.168.4.1 OnBoard side IP:192.168.1.1 AlterPath OnBoard Private subnet (sub1): 192.168.1.0 Subnet mask 255.255.255.0 Private subnet (sub2): 192.168.4.0 Subnet mask 255.255.252.0 Virtual network address: 172.20.0.0 Subnet mask 255.255.0.0 Figure A-14:Example 3: Virtual Network Configuration...

  • Page 396: Virtual Network And Device Configuration For Example 3

    OnBoard, in this case: 172.20.0.1 • Netmask: 255.255.0.0 The following figure shows the desired values entered on the Web Manager Network → Private subnet: Add Subnet screen. Figure A-15:Example Values for Configuring Two Private Subnets With a Virtual Network AlterPath OnBoard Administrator’s Guide...

  • Page 397: Figure A-16: Example 1: Device Configuration Example

    Understanding Address Configuration for Connected Devices Finally, the administrator also must configure the devices that support virtual addressing with a virtual address from the 172.20.0.0 virtual network IP range. For example, the following figure shows the virtual IP address 172.20.0.2 assigned to the device “sp1” on the Web Manager Config Devices screen to implement the configuration shown in Figure A-14.

  • Page 398: Ipsec Vpn Configuration For Example 3

    The values used for enabling an IPSec VPN connection are the same as in “IPSec VPN Configuration for Example 2” on page 349, except the OnBoard administrator must configure the Left subnet: by entering 172.20.4.0/22 to configure the connection to the virtual network. AlterPath OnBoard Administrator’s Guide...

  • Page 399: Devices

    Understanding Address Configuration for Connected Devices The following screen example shows the configuration on the Web Manager Network → VPN connections: IPSec Add new connection dialog for a connection named “connVirt,” with the values specified from the previous paragraph. Figure A-18:Example 3: IPSec Connection Configuration for Access to sub1 Private Subnet and “sp1”...

  • Page 400: Pptp Vpn Configuration For Example 3

    IP address assigned to the OnBoard’s end of the PPTP VPN tunnel. • Enter the OnBoard’s PPTP-assigned address either in a browser or with ssh on the command line to access the OnBoard. In this example the address is 192.168.2.1. AlterPath OnBoard Administrator’s Guide...

  • Page 401: Enabling Native Ip And Accessing A Device's Native Features Using Virtual Network Addresses For Example 3

    Understanding Address Configuration for Connected Devices The next bulleted items shows how to create an appropriate route to the virtual network. • Create a static route to inform the workstation that the devices to be contacted are at the other end of the point-to-point link. In this example, to communicate with “sp1,”...
  • Page 402 In the Web Manager on the OnBoard, clicking the “Go to native web interface” link on the Access Devices screen. • On the user’s workstation, entering the virtual IP address of the device in a browser. AlterPath OnBoard Administrator’s Guide...
  • Page 403 Understanding Address Configuration for Connected Devices • On the user’s workstation, on the command line, entering the ssh command with the name/alias of the device along with the virtual IP address of the OnBoard. For example, see the following ssh command line entered by the user named “allSPs”...

  • Page 404: Options For Assigning Ip Addresses To Connected Devices

    “Configuring the DHCP Server” on page 26. Additional Network Address Configuration Examples Refer to PDF files about network address configuration in /usr/share/ docs/OnBoard/Application_Notes/Network: • NativeIP.pdf • VirtualIP.pdf • priv-to-pub.pdf AlterPath OnBoard Administrator’s Guide...
  • Page 405 Understanding Address Configuration for Connected Devices • ssh_tunnel.pdf • tftp.pdf Appendix A: Advanced Device Configuration...
  • Page 406 Understanding Address Configuration for Connected Devices AlterPath OnBoard Administrator’s Guide...

  • Page 407: Configuration Information

    Advanced Boot and Backup Configuration Information This chapter provides information related to configuring boot file locations and managing configuration file changes. Boot File Location Information Page 372 Downloading a New Software Version Page 375 Changing the Boot Image Page 375 Network Boot Options and Caveats Page 378 Options for the create_cf Command...

  • Page 408: Boot File Location Information

    • The first time you download and install a new software version from Cyclades, the new image is stored as “image 2” in another set of three identical partitions on the removable flash (hda2, hda6, and hda8), and the configuration is changed to boot the OnBoard from “image2.”...

  • Page 409: Figure B-1: Boot Partitions

    Boot File Location Information Refer to the following text and figure explaining partition numbers if needed for understanding some of the instructions in the rest of this chapter. As illustrated in the following figure, the first partition for each image contains the Linux kernel, the second partition contains the root-mounted filesystem (which is mounted read only), and the third partition (which is mounted read write) contains the configuration files.

  • Page 410: Downloading A New Software Version

    RAMDISK into the corresponding image partitions. If the flash is already partitioned, you can choose where the image is saved using the option --imageN. AlterPath OnBoard Administrator’s Guide...

  • Page 411: Changing The Boot Image

    Changing the Boot Image Changing the Boot Image If, for any reason, you want to change to another image from the current one, if you have access to the Web Manager, you can use the Config → Boot Configuration screen to select the other image, and then use the “Restart” button on the Mgmt →...

  • Page 412: Changing The Boot Image In U-Boot Monitor Mode

    To Boot from an Alternate Image in U-Boot Monitor Mode Page 377 To Boot from an Alternate Image Using cycli Page 375 Changing the Boot Image in U-Boot Monitor Mode Page 376 To Boot in Single User Mode from U-Boot Monitor Mode Page 378 AlterPath OnBoard Administrator’s Guide...

  • Page 413: To Boot In U-Boot Monitor Mode

    Changing the Boot Image To Boot in U-Boot Monitor Mode 1. Open a terminal connection to the console port, and log in as root. 2. Enter the reboot command. # reboot 3. During boot, when the “Hit any key to stop autoboot” prompt appears, press any key before the time elapses to stop the boot.

  • Page 414: Network Boot Options And Caveats

    Otherwise, the backed up configuration files from the /dev/hda3 backup partition are copied to the RAMDISK and used. Any configuration changes made after the last backup copy was made are lost unless the configuration files were backed up before the network boot and AlterPath OnBoard Administrator’s Guide...

  • Page 415: To Replace A Boot Image From A Network Boot In U-Boot Monitor Mode

    Network Boot Options and Caveats then restored afterwards (see “Backing Up Configuration File Changes” on page 68 and “Restoring Backed Up Configuration Files” on page 69). To Replace a Boot Image From a Network Boot in U-Boot Monitor Mode 1. Log in as root in U-boot monitor mode. If needed, see, “‘“To Boot in U-Boot Monitor Mode”...

  • Page 416: To Restore The Onboard Configuration Files To The Last Saved Version

    This procedure restores the configuration files to the state they were in when they were last backed up. 1. If you are logged into the Web Manager as an administrative user, click the “Load” button on the Web Manager Mgmt → Backup/restore screen. AlterPath OnBoard Administrator’s Guide...

  • Page 417: Options For The Create_Cf Command

    Options for the create_cf Command 2. If you are logged into the OnBoard console as root through the console port, via telnet or ssh, enter the restoreconf command. [root@OnBoard root]# restoreconf To Restore the OnBoard Configuration Files to the Factory Defaults Use one of the commands shown below while logged in as root through the console, via telnet, or via any ssh session to restore the configuration files to the state they were in when the OnBoard shipped.

  • Page 418: Table B-1: Options For The Create_Cf Command

    Does not format the compact flash. The sizes of partitions --dontformat hda1-3 and 5-8 are checked. If the partition sizes are not smaller than 2, 2, 5, 51, 51, 6, and 6 Mbytes respectively, the image is installed in the specified image area. AlterPath OnBoard Administrator’s Guide...

  • Page 419: Examples For Create_Cf Command Usage

    Options for the create_cf Command Table B-1: Options for the create_cf command (Continued) Option Description Creates/replaces imageN, when n=1 | 2. Use this option to --imageN replace only the specified image without erasing both images. Changes the currentimage environment variable to boot from the image.

  • Page 420: Options For The Restoreconf Command

    Restore from local file: restoreconf local <FILE> Restore from FTP server: restoreconf ftp <FILE> <FTP_SERVER> <USER> <PASSWORD> Restore from TFTP server: restoreconf tftp <FILE> <TFTP_SERVER> Restore from SSH server: restoreconf ssh <FILE> <SSH_SERVER> <USER> AlterPath OnBoard Administrator’s Guide...

  • Page 421: Glossary

    3DES encryption is one of the security features provided by Cyclades products to enable data center security policies. See also...
  • Page 422 An easy-to-remember, usually-short, usually-descriptive name used instead of a full name or IP address. For example, on some Cyclades products, port names contain numbers by default (as in Port_1) but the administrator can assign an alias (such as SunBladeFremont that describes which server is connected to the ports.

  • Page 423: Backup Configuration

    Cyclades products to enable data center security policies. A user who is customers to enforce their authorized to access a device or software function is referred to as an authorized user. See also authentication and...
  • Page 424 A standard for twisted-pair Ethernet cables defined by the Electronic Industries Association and Telecommunications Industry Association (commonly known as EIA/TIA).The support for CAT5 and later cabling (such as CAT5e) in many Cyclades products allows the use of existing cabling in the data center. AlterPath OnBoard Administrator’s Guide...
  • Page 425 Linux shell. Command line access is achieved through several different means. For one example, a remote administrator can use Telnet or SSH to access an AlterPath OnBoard and then can enter commands on the Linux shell's command line.
  • Page 426 CLI parameter tree Each version of the Cyclades CLI utility has a set of commands and parameters nested in the form of a tree. The CLI for the AlterPath OnBoard and other products use the Cyclades Application Configuration Protocol (CACP) daemon (cacpd). The cacpd uses the param.conf file, which defines a different CLI parameter tree for each product.
  • Page 427 PPP, along with a modem, and a telephone line, which is supported on many Cyclades products. After the administrator of the Cyclades product has connected a modem from the Cyclades product to a live telephone line and made the phone number available, a remote authorized user can use the phone number to dial into the Cyclades product and access connected devices.
  • Page 428 DNS (domain name service or system) A service that translates domain names (such as cyclades.com) to network IP addresses (192.168.00.0) and that translates host names (such as “onboard”) to host IP addresses (192.168.44.11). To enable the use of this service, administrators need to configure one or more DNS servers when configuring AlterPath devices.

  • Page 429: Event Log

    SSH usually encrypts data using 3DES or better algorithms. Encryption is one of the security features provided on Cyclades products to enable customers to authentication enforce their data center security policies. See also authorization.
  • Page 430 A script written using expect, a scripting language based on Tcl, the Tool Command Language. Can be written to perform automation and testing operations that are not possible with other scripting languages. Cyclades uses expect scripts in some of its AlterPath products, and users can customize some of the default expect scripts.
  • Page 431 HTTP (hypertext transfer protocol) Protocol defining the rules for communication between Web servers and browser across the Internet. HTTPS (secure HTTP over SSL) Protocol enabling the secure transmission of Web pages by encrypting data using SSL encryption. URLs that require an SSL connection start with https.
  • Page 432 IPDU (intelligent power distribution unit) A device with multiple power inlets into which IIT assets can be plugged for remote power management. Cyclades supports a family of AlterPath PM IPDUs that can be remotely managed when they are connected to AlterPath devices, such as the AlterPath KVM/net or AlterPath OnBoard.
  • Page 433 KVM analog switch A KVM switch that requires a local user connection before a user can gain access to any servers that are connected to the switch. Cyclades AlterPath KVM analog switches are one component of the out-of-band infrastructure. KVM over IP switch...

  • Page 434: Mac Address

    Cyclades AlterPath KVM analog switches are one component of the out-of- band infrastructure. LDAP (lightweight directory access protocol) A directory service protocol used for authentication. One of many standard authentication protocols supported on Cyclades devices. MAC address Also called the Ethernet address. A number that uniquely identifies a computer that has an Ethernet interface.
  • Page 435 Network address translation, an Internet standard that enables the use of one set of IP addresses for internal traffic and another set of IP addresses for traffic over the public network. The AlterPath OnBoard uses NAT to allow access to service processors and managed devices while not revealing their Ethernet addresses.
  • Page 436 Tests address heat release, surface temperature, fire AlterPath OnBoard Administrator’s Guide...
  • Page 437 The OID naming scheme is governed by the IETF, which grants authority for parts of the OID name space to individual organizations. Cyclades has the authority to assign OIDs that can be derived by branching downward from the node in the MIB name tree that starts at 1.3.6.1.4.1.4413.
  • Page 438 Allows administrators to remotely connect to disconnected IT assets and to quickly return them to normal operation. Cyclades AlterPath products are designed as building blocks for an OOBI, including AlterPath ACS console servers, AlterPath KVM and KVM over P...
  • Page 439 PPP (point to point protocol) A method that creates a connection between a remote computer and a Cyclades device and enables a remote user access using the Web Manager or the command line. Supports the use of the PAP, SPAP, CHAP, MS-CHAP, and EAP authentication methods.

  • Page 440: Security Features

    30 minutes of power to RSC in case of a power failure. secure rack management (See SRM) security features Cyclades products provide security features, including encryption, data authentication, and authorization, to enable customers to enforce their AlterPath OnBoard Administrator’s Guide...
  • Page 441 OnSite as admin and is in the /home/admin directory. Users tell the operating system to perform actions by typing commands in the shell, which interprets the commands and performs the specified actions. See also command line interface. The AlterPath OnBoard has two user shells: onbdshell and rmenush. Glossary...
  • Page 442 SNMP agent software send data from management information bases (MIBs) to the SNMP manager software. On certain Cyclades devices, administrators can enable SNMP to allow a remote administrator to manage the device and can configure the device to send alerts about events of interest. Before enabling SNMP, the administrator needs the following information: The contact person (administrator) of the AlterPath device;...
  • Page 443 Physically consolidates and logically secures the Ethernet connections between the AlterPath OnBoard and the connected service processors. By providing IP consolidation, SRM substantially lowers the cost and complexity of deploying service processors. SRM also lowers the security risks of using service...
  • Page 444 Unlike telnet, ftp, and the remsh programs, SSH encrypts everything it sends over the network. Many Cyclades products support SSH version 1 and SSH version 2. Since SSH1 and SSH2 are entirely different, incompatible protocols, it is...

  • Page 445: Virtual Media

    An operation started by an SNMP agent in response to an event of interest on a managed-object in a device, which sends an alert to the SNMP manager. The administrator of certain Cyclades device can configure which types of events generate trap messages and trap destinations. Also known as SNMP messages or as “PDUs”—protocol data units.
  • Page 446 AlterPath OnBoard Administrator’s Guide...

  • Page 447: Index

    51, 52, 53 configuring 46, 47 AUX ports ALERT syslog severity level alerts 46, 47 AlterPath PM IPDUs anonymous login, to access Cyclades’ ftp server backing up configuration files Apache web server backup partition 62, 313, 316, 317 application notes backups...
  • Page 448 68, 320 saveconf when changing the default rmenu.sh 11, 37, 318 49, 51 menu when creating a command template telnet using for troubleshooting when creating filtering rules certificate signing request, generating certification authorities chains, packet filtering AlterPath OnBoard Administrator’s Guide...
  • Page 449 PCMCIA card, saving the boot expect scripts image in customN device type configsource environment variable Cyclades configuration ftp server for downloading updated backup software 119, 269 to download firmware from configuration_files_gzfile cycli utility...
  • Page 450 /dev/hdc PCMCIA slot 1 device name disk space for storing data log files 99, 102, 311 DNAT /dev/hde PCMCIA slot 2 device name 234, 237, 238 DNS server devconsole.default command 106, 321 template device configuration unique tasks AlterPath OnBoard Administrator’s Guide...
  • Page 451 document /etc/menu.ini login shell configuration xxix audience file xxxiii /etc/onboard_templates.ini file xxxiii 320, 321 downloads organization eth0 xxxii related documentation eth1 234, 238 domain name Ethernet failover, configuring downloading Ethernet PCMCIA card AlterPath PM firmware configuration form xxxiii 53, 238 documents Ethernet ports firmware (software)
  • Page 452 Web Manager option to download from Cyclades host table configuration file backups before hosts upgrading adding new, Web Manager heading on the Cyclades downloads page configuring network interfaces xxxiv hot keys, conventions for image 12, 18, 74, 88 HTTP OnBoard...
  • Page 453 46, 47 power management login shell IPMI 1.5 rmenush devices 4, 8 logins IPMI 2.0 devices anonymous to ftp.cyclades.com IPMI type devices modem access type 165, 316 ipmitoolcommands recovering from root login failure 4, 17, 247 IPSec enabling to support VPN...
  • Page 454 SNMP on network supported devices and firmware levels address boot system events generating syslog saving image to flash memory messages configuration understanding authentication on configuring basic parameters, Web unique device configuration Manager requirements unique security features AlterPath OnBoard Administrator’s Guide...
  • Page 455 open security profile power management 312, 318, 325 openssl utility commands OpenSWAN configuring operating system, upgrading device organization, document on IBM servers using RSA II cards outlets, managing power on OUTPUT packet filtering chain power supply state 4, 10, 45, 74 overcurrent alerts configuring options modem access type...
  • Page 456 67, 69 factory default configuration files scripts, configuring backups for revision, CPU, information secondary Ethernet port rmenush login shell, configuring configuring, Web Manager 13, 88 root user secured security profile cannot log in AlterPath OnBoard Administrator’s Guide...
  • Page 457 AlterPath PM secured to download from Cyclades secured, services/features heading on the Cyclades downloads page selecting or configuring, Wizard selecting or customizing, Wizard OnBoard Web Manager Wizard configuration image destination 119, dialog to download from Cyclades...
  • Page 458 6, 33 TACACS+ authentication Terminal Access Controller Access Control talk_customN.exp Expect script System authentication talk_generic_ipmi.exp Expect script terminal emulator 272, 378, 379 TFTP boot server 313, 325 talk_rsa_I.exp Expect script trap notifications triggers, for notifications AlterPath OnBoard Administrator’s Guide...
  • Page 459 Unsaved changes light Windows 266, 267 upgrading OnBoard firmware support for IPSec and PPTP uptime information wireless PCMCIA card configuration screen username for Cyclades ftp site 81–109 users Wizard activity, capturing menu options configuring for power management 84, 107...
  • Page 460 AlterPath OnBoard Administrator’s Guide...

Table of Contents