Download
Share
Print this page
  1. Manuals
  2. Brands
  3. Opengear Manuals
  4. Server
  5. IM4000
  6. User manual

Opengear IM4000 User Manual

Hide thumbs Also See for IM4000:

Advertisement

Quick Links

Download this manual
USER MANUAL
IM4200 Infrastructure Manager
and
CM4000 Console Server
User Manual
Rev: 2.1
June 23, 2007
_____________________________________________________________________
Opengear IM4000 and CM4000 User Manual
Page 1 of 216

Advertisement

loading
Need help?

Need help?

Do you have a question about the IM4000 and is the answer not in the manual?

Questions and answers

Related Manuals for Opengear IM4000

Summary of Contents for Opengear IM4000

  • Page 1 USER MANUAL IM4200 Infrastructure Manager CM4000 Console Server User Manual Rev: 2.1 June 23, 2007 _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 1 of 216...
  • Page 2 SDTConnector PuTTY SSHTerm Set the IP address of other IM42xx network ports (IM4200 only) SERIAL PORT AND NETWORK HOST Configuring Serial Ports 4.1.1 Common Settings 4.1.2 Console Server Mode _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 2 of 216...
  • Page 3 Using SDTConnector to Telnet or SSH connect to devices that are serially attached to the gateway 95 Using SDT to IP connect to hosts that are serially attached to the gateway _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 3 of 216...
  • Page 4 Statistics 12.3 Support Reports 12.4 Syslog MANAGEMENT 13.1 Device Management 13.2 Port Log Management 13.3 Serial Port Terminal Management BASIC CONFIGURATION - LINUX COMMANDS 14.1 The Linux Command line _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 4 of 216...
  • Page 5 Generating non-interactive public/private keys for SSH (Windows) SSH tunneled serial bridging SDTConnector Public Key Authentication 15.7 Secure Sockets Layer (SSL) Support 15.8 HTTPS 15.9 Power Strip Control 15.10 IPMItool _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 5 of 216...
  • Page 6 A. Linux Commands B. Hardware Specification C. Safety and Certifications D. Connectivity and Serial I/O E. Hardware Test F. Terminology G. End User License Agreement H. Service and Warranty _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 6 of 216...
  • Page 7 Covers configuring serial ports and connected network hosts, and setting up User access 5. Failover and OoB dial-in Describes setting up the high availability access features of the gateway _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 7 of 216...
  • Page 8 (hosts). The Administrator also sets up Users and specifies the limits of their access and control authority _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 8 of 216...
  • Page 9 The Management Console is accessed through the IP Network or through a modem/ ISDN connection. The IM/CM4000 runs an embedded Linux operating system, and experienced Linux and UNIX users may prefer to undertake configuration at the command line. You can get _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 9 of 216...
  • Page 10 Bold text indicates text that you type, or the name of a screen object (e.g. a menu or button) on the Management Console. Italic text is also used to indicate a text command to be entered at the command line level. _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 10 of 216...
  • Page 11 Integral 48 VDC CM4148-48V CM4116 AC Universal Input CM4116-48V Integral 48 VDC External AC/DC adapter CM4008 CM4001 External AC/DC adapter The tables below show the components shipped with each model. _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 11 of 216...
  • Page 12 (or Part # 509002) Part # 440016 2 x Cable UTP Cat5 blue Part # 319000 Connector DB9F-RJ45S straight and 319001 and DB9F-RJ45S cross-over Part # 440001 IEC AC power cord _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 12 of 216...
  • Page 13 Part #539000 Quick Start Guide and CD-ROM Unpack your CM4008 kit and verify you have all the parts shown above, and that they all appear in good working order _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 13 of 216...
  • Page 14 IEC power inlets use conventional IEC AC power cords. Power cords for various regions are available, although the North American power cord is provided by default. There is a warning notice printed on the back of each unit: _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 14 of 216...
  • Page 15 DC power supply has an IEC AC power socket, which accepts a conventional IEC AC power cord. The power cord for North American is provided by default. The 5V DC _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 15 of 216...
  • Page 16 36 to 72 VDC. If the supply voltage is not in this range, the console server might not operate properly or might be damaged. _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 16 of 216...
  • Page 17 Insert the terminal block plug in the terminal block header on the rear panel of the CM41xx-48V: Network connection _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 17 of 216...
  • Page 18 IM/CM4000 serial port, confirm that the device does support the standard RS-232C (EIA-232). Opengear supplies an extensive range of cables and adapters that may be required to connect to the more popular servers and network appliances. These are overviewed in Appendix D (Connectivity and Serial I/O).
  • Page 19 LAN with an address of 192.168.0.1 the console server and the PC/workstation are on the same LAN segment, with no interposed router appliances _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 19 of 216...
  • Page 20 If it is not convenient to change the PC/workstation network address, you can use the ARP-Ping command as described in the Note below to reset the IM/CM4000 IP address: _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 20 of 216...
  • Page 21 Turn on the IM/CM4000 and wait for it to configure itself with the new IP address. The IM/CM4000 will start replying to the ping at this point Type arp –d to flush the ARP cache again _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 21 of 216...
  • Page 22 Enter the default administration username and administration password: Username: root Password: default Note IM/CM4000 gateways with firmware versions later than V2.2 are factory configured with HTTP disabled and HTTPS enabled appliances _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 22 of 216...
  • Page 23 So it is important that you enter and confirm a new password before giving the IM/CM4000 any access to, or control of, your computers and network appliances. _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 23 of 216...
  • Page 24 You now must enter an IP address for the principal Ethernet (LAN/Network1) port on the gateway; or specify that it is to automatically obtain an address from a DHCP server on the management network. _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 24 of 216...
  • Page 25 Configuration Method If you selected static you must manually enter the new IP Address, Subnet Mask, Default Gateway and DNS Server. This selection automatically turns off the DHCP client _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 25 of 216...
  • Page 26 IM42xx-2), set up the sites to be probed to trigger failover, and set up the failover ports. This is covered in Chapter 5. Otherwise leave Failover Interface at its default selection, None _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 26 of 216...
  • Page 27 HTTP and Telnet. The factory default for gateways pre firmware version 2.2 enabled HTTP, HTTPS, Telnet and SSH. The Administrator can simply disable any of the services, or enable others: _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 27 of 216...
  • Page 28 IM/CM4000 gateway is to be remotely administered over the Internet. Telnet This gives the Administrator telnet access to the system command line shell (Linux commands). While this may be suitable for a local direct connection _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 28 of 216...
  • Page 29 #2 on the gateway can be telnet accessed at IP Address:2002 and at IP Address:8002. The default base for SSH is 3000; for Raw TCP is 4000; and for RFC2217 it is 5000 Communications Software _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 29 of 216...
  • Page 30 Administrator (and User) client’s PC/workstation. SDTConnector Opengear recommends using the SDTConnector communications software tool for all communications with IM/CM4000 gateways, to ensure these communications are secure. Each IM/CM4000 is with an unlimited number of SDTConnector licenses to use with that gateway.
  • Page 31 ‘yes’ to continue.) Using the Telnet protocol is similarly simple - but you use the default port 23 _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 31 of 216...
  • Page 32 IM/CM4000 gateway Set the IP address of other IM42xx network ports (IM4200 only) The IM42xx-2 gateways ship with the second Ethernet port (Network 2) disabled by default. _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 32 of 216...
  • Page 33 If you wish to use Network 2 as the management LAN gateway for connecting to devices on your management network, you can now activate and configure this port: Select Network 2 on the System: IP menu and uncheck Disable _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 33 of 216...
  • Page 34 Enter the IP Address and Subnet Mask for this segment of the Management LAN (leaving the Gateway and DNS fields blank) _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 34 of 216...
  • Page 35 Authentication – covered in more detail in Chapter 9 Network Hosts – configuring access to local network connected computers or appliances (referred to as hosts) Trusted Networks Serial Port Redirection Client _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 35 of 216...
  • Page 36 Serial Bridge mode enables the transparent interconnection of two serial port devices over a network You can also configure the CM/IM4000 to support the remote syslog protocol on a per serial port basis. Refer Chapter 10 – Nagios Integration for details on configuring the serial port to be...
  • Page 37 Specify a label for the port Select the appropriate Baud Rate, Parity, Data Bits, Stop Bits and Flow Control for each port. (Note that the RS485 field is not relevant for IM/CM4000 gateways) _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 37 of 216...
  • Page 38 The Telnet communications are unencrypted so this protocol is generally recommended only for local connections. From Win2000/XP/ NT, you can run telnet from the command prompt (cmd.exe) _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 38 of 216...
  • Page 39 Linux platforms. Solaris platforms are also supported however they must have Firefox installed. For more general information on configuring and using SDTConnector refer to the SDTConnector User Manual on the IM/CM4000 CD (or online at ftp://ftp.opengear.com/manual/ _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 39 of 216...
  • Page 40 Port (3000 + serial port #) i.e. 3001-3048. Chapter 6 - Secure Tunneling has more information on using SDTConnector for SSH access to devices that are attached to the IM/CM4000 gateway serial ports. _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 40 of 216...
  • Page 41 For RAW TCP, the default port address is IP Address _ Port (4000 + serial port #) i.e. 4001 – 4048 RAW TCP also enables the serial port to be tunneled to a remote CM/IM4000 client gateway, so two serial port devices can be transparently interconnect over a network (see Chapter 4.1.6 –...
  • Page 42 Chapter 4.6 – Serial Port Redirection for details) RFC2217 also enables the serial port to be tunneled to a remote CM/IM4000 client gateway, so two serial port devices can be transparently interconnect over a network (see Chapter 4.1.6 –...
  • Page 43 Note Selecting Terminal Server mode will disable Port Manager for that serial port, so data is no longer logged for alerts etc. _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 43 of 216...
  • Page 44 You may secure the communications over the local Ethernet by enabling SSH however you will need to generate and upload keys (refer Chapter 14 – Advanced Configuration) _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 44 of 216...
  • Page 45 In addition to inbuilt logging and monitoring (which can be applied to serial-attached and network-attached management accesses, as covered in Chapter 7 - Alerts and Logging) the CM/IM4000 can also be configured to support the remote syslog protocol on a per serial port basis: Select the Syslog Facility/Priority fields to enable logging of traffic on the selected serial port to a syslog server;...
  • Page 46 New Users can then be classified as members of particular Groups. Select Serial & Network: Users & Groups to display the configured Groups and Users Click Add Group to add a new Group _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 46 of 216...
  • Page 47 User (e.g. contact details) in the Description field Nominate Accessible Hosts and Accessible Ports to specify which serial ports and which LAN connected hosts you wish the User to have access to _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 47 of 216...
  • Page 48 Select Serial & Network: Users & Groups and click Edit for the User to be modified Authentication Refer to Chapter 9.1 - Remote Authentication Configuration for authentication configuration details _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 48 of 216...
  • Page 49 _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 49 of 216...
  • Page 50 SDT to the Host. All other services (TCP/UDP ports) will be blocked. Select Nagios Enabled if the service on the Host is to be monitored _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 50 of 216...
  • Page 51 (Administrators and Users) must be located at, to have access to the IM/CM4000 serial ports. Select Serial & Network: Trusted Networks To add a new trusted network, select Add Rule _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 51 of 216...
  • Page 52 Administrator to the IM/CM4000 console server itself. To change the default settings for this access, you will to need to edit the IPtables rules as described in the Chapter 14 - Advanced. _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 52 of 216...
  • Page 53 Tactical Software provides a trial copy of its products http://www.tacticalsoftware.com/products/serialip.htm For Linux, AIX, HPUX, SCO, Solaris and UnixWare, Opengear has released an open source opengear-serial-client utility, which can be freely downloaded. This serial port redirector software is loaded in your desktop PC, and it allows you to use a serial device connected to the remote IM/CM4000 as if it were connected to your local serial port.
  • Page 54 Then set up the remote client dial-in software so it can establish a network connection from the Administrator’s client modem to the dial in modem on the IM/CM4000. _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 54 of 216...
  • Page 55 DB9 port. Also the second Ethernet port can be configured for broadband OoB access 5.1.1 Configure Dial-In PPP To enable dial-in PPP access on the IM/CM4000 console/modem port, or the IM4200 internal modem: _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 55 of 216...
  • Page 56 Again you can select any address for the Local IP Address but it must both be in the same network range as the Remote IP Address _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 56 of 216...
  • Page 57 PAP, the other main authentication protocol. MSCHAPv2 Microsoft Challenge Handshake Authentication Protocol (MSCHAP) is authentication for PPP connections between a computer using a Microsoft Windows operating system and a network access server. _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 57 of 216...
  • Page 58 On the Internet Connection screen select Connect using a dial-up modem and click Next Enter a Connection Name (any name you choose) and the dial-up Phone number that will connect thru to the IM/CM4000 modem _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 58 of 216...
  • Page 59 This configures the scripts ifup/ifdown to start and stop a PPP connection Using the Gnome control panel configuration tool WVDIAL and the Redhat "Dialup configuration tool" GUI dial program X-isp. Download/Installation/Configuration _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 59 of 216...
  • Page 60 User Manual included on the IM/CM4000 CD. OoB broadband access (IM4200 only) IM4000 gateways have a second Ethernet (Network 2) port that can be configured for alternate and OoB (out-of-band) broadband access. With two active broadband access paths to the IM4200, in the event you are unable to access through the primary management network (Network 1) you can still access it through the alternate broadband path (e.g.
  • Page 61 Failover Interface to be used when a fault has been detected with Network 1 (eth0) Specify the Probe Addresses of two sites (the Primary and Secondary) that the IM/CM4000 is to ping to determine if Network 1 (eth0) is still operational _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 61 of 216...
  • Page 62 Network 1, in the event Network 1 becomes unavailable for any reason. And when Network 1 becomes available again, it takes over the work again. Dial-Out Failover (IM4200 only) _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 62 of 216...
  • Page 63 IM4000 gateways can be configured so a dial-out PPP connection is automatically set up in the event of a disruption in the principal management network: When configuring the principal network connection in System: IP, specify Internal Modem (or the Dial Serial DB9 if you are using an external modem on the Console...
  • Page 64 /etc/mgetty.config files as described in the Chapter 13 - Advanced. Check the Enable Dial-Out Access box and enter the access details for the remote PPP server to be called _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 64 of 216...
  • Page 65 SECURE TUNNELING Introduction Each Opengear gateway has an SDT Tunneling server embedded, so the one gateway can be used to securely manage all the systems and network devices in the data center - using text-based console tools (such as serial port SSH/telnet, SoL) or graphical desktop tools (VNC, RDP, HTTPS, HTTP, X11, DRAC, iLO etc).
  • Page 66 Using SDTConnector to Telnet or SSH connect to devices that are serially attached to the gateway(Section 6.6) Using SDT to IP connect to hosts that are serially attached to the gateway (Section 6.7) _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 66 of 216...
  • Page 67 Network Hosts menu as detailed in Network Hosts (Chapter 4.4). Only these permitted services will be forwarded through by SDT to the host. All other services (TCP/UDP ports) will be blocked. _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 67 of 216...
  • Page 68 Administrator can first set up Groups with group access permissions, then Users can be classified as members of particular Groups. Establish SDT SSH connection between Client PC and IM/CM4000 gateway _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 68 of 216...
  • Page 69 Client PC and the IM/CM4000 e.g. the following shows the SDT SSH port being forwarded on a Cisco/Links WAG54G DSL gateway so it points to port 22 on the IM/CM4000 that is located at 192.168.1.33 _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 69 of 216...
  • Page 70 Client section in Chapter 5) Once you have a dial-in PPP connection established, you then can set up the secure SSH tunnel from the remote Client PC to the IM/CM4000. _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 70 of 216...
  • Page 71 User 6.2.3 Choosing an SSH client To set up the secure SSH tunnel from the Client PC to the IM/CM4000, you must install and launch SSH client software on the Client PC. Opengear supplies and recommends you use the SDTConnector client software that is supplied with the gateway.
  • Page 72 SDTConnector is preconfigured with a range of services and clients preconfigured (e.g. VNC, RDP, HTTP, HTTPS, IPMI1.5/2.0, SSH , Telnet, Dell RAC/ OpenManage/ SOLProxy) _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 72 of 216...
  • Page 73 6.2.5 Create the SSH tunnel using PuTTY client The steps below show the establishment of an SSH connection and then forwarding the RDP port over this SSH connection - using the PuTTY client software: _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 73 of 216...
  • Page 74 Destination as <SDT Host IP address/DNS Name>:3389 e.g. if the SDT Host IP Address you specified when setting up the SDT Hosts on the IM/CM4000 was accounts.myco.intranet.com, then specify the Destination as accounts.myco.intranet.com:3389 _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 74 of 216...
  • Page 75 XX is the SDT enabled serial port number e.g. if port 4 is on the IM/CM4000 is to carry the RDP traffic then specify port04:3389 Note http://www.jfitz.com/tips/putty_config.html has useful examples on configuring PuTTY for SSH tunneling _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 75 of 216...
  • Page 76 To set up the secure SSH tunnel from the Client (Viewer) PC to the IM/CM4000 for VNC follow the steps above, however when configuring the VNC port redirection specify port 5900 (rather than port 3389 as was used for RDP) e.g. if using PuTTY: _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 76 of 216...
  • Page 77 CM4000 the SDT port 22. So sometimes it may be prudent to tunnel VNC through SSH even when the Viewer PC and the CM4000 are both on the same local network. _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 77 of 216...
  • Page 78 To set up the secure SSH tunnel for a HTTP browser connection from the client PC, follow the steps above. However when configuring the port redirection, specify port 80 (rather than port 3389 as was used for RDP) e.g. if using PuTTY: _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 78 of 216...
  • Page 79 Microsoft’s Remote Desktop Protocol (RDP) enables the system manager to securely access and manage remote Windows computers – to reconfigure applications and user profiles, upgrade the server’s operating system, reboot the machine etc. Opengear’s Secure Tunneling uses SSH tunneling, so this RDP traffic is securely transferred through an authenticated and encrypted tunnel.
  • Page 80 Open System in the Control Panel and click the Remote tab Check Allow users to connect remotely to this computer Click Select Remote Users _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 80 of 216...
  • Page 81 If you need to set up new users for Remote Desktop access, open User Accounts in the Control Panel and proceed through the steps to nominate the new user’s name, password and account type (Administrator or Limited) _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 81 of 216...
  • Page 82 To do this connection you simply enable the Remote Desktop Connection on the remote client PC then point it to the SDT Secure Tunnel port in the IM/CM4000: A. On a Windows client PC: _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 82 of 216...
  • Page 83 256 colors). In Local Resources specify the peripherals on the remote Windows computer that are to be controlled (printer, serial port etc) _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 83 of 216...
  • Page 84 Windows platforms to remotely connect to a computer running Windows XP Professional or Windows 2003 Server B. On a Linux or UNIX client PC: Launch the open source rdesktop client: _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 84 of 216...
  • Page 85 You can use GUI front end tools like the GNOME Terminal Services Client tsclient to configure and launch the rdesktop client. (Using tsclient also enables you to store multiple configurations of rdesktop for connection to many servers) _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 85 of 216...
  • Page 86 UNIX based platforms with the X Window System and can be downloaded from http://www.rdesktop.org/ C. On a Macintosh client: Download Microsoft's free Remote Desktop Connection client for Mac OS X http://www.microsoft.com/mac/otherproducts/otherproducts.aspx?pid=remotedes ktopclient _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 86 of 216...
  • Page 87 UltraVNC runs under Windows operating systems (95, 98, Me, NT4, 2000, XP, 2003) Download UltraVNC from Sourceforge's UltraVNC file list _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 87 of 216...
  • Page 88 Server software: Configuring the UltraVNC Server Refer is equally straightforward (though you should refer to http://doc.uvnc.com for more detailed Server (and Viewer) instructions) B. For Linux servers (and clients): _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 88 of 216...
  • Page 89 Mac OS X machine. OSXvnc is supported by Redstone Software D. Most other operating systems (Solaris, HPUX, PalmOS etc) either come with VNC bundled, or have third party VNC software that you can download. _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 89 of 216...
  • Page 90 Internet, or a dial-in connection, or private network connection), enter locahost (or 127.0.0.1) as the IP VNC Server IP address; and the source port you entered when setting SSH tunneling /port forwarding (in Section 6.2.6) e.g. :1234 _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 90 of 216...
  • Page 91 79xx on the IM/CM4000 is tunneled thru to port 5900 on the PPP connection on serial Port xx) e.g. for a Windows Viewer PC using UltraVNC connecting to a VNC Server which is attached to Port 1 on a IM/CM4000 located 192.168.0.1 _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 91 of 216...
  • Page 92 Secure remote access of a home network using SSH, Remote Desktop and VNC for the home user http://theillustratednetwork.mvps.org/RemoteDesktop/SSH- RDP-VNC/RemoteDesktopVNCandSSH.html Taking your desktop virtual with VNC, Red Hat magazine http://www.redhat.com/magazine/006apr05/features/vnc/ http://www.redhat.com/magazine/007may05/features/vnc/ Wikipedia general background on VNC http://en.wikipedia.org/wiki/VNC _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 92 of 216...
  • Page 93 Chapter 3.1), select this newly added Gateway and click the Host icon to create a host. Alternatively, select File -> New Host Enter 127.0.0.1 as the Host Address and give some details in Descriptive Name/Notes. Click OK _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 93 of 216...
  • Page 94 Network Click Add Host and in the IP Address/DNS Name field enter 127.0.0.1 (this is the Opengear's network loopback address) and enter Loopback in Description Remove all entries under Permitted Services except for those that will be used in accessing the Management Console (80/http or 443/https) or the command line...
  • Page 95 Services tab. Click Add Enter "Serial Port 2" in Service Name. Click Add Select Telnet client as the Client. Enter 2002 in TCP Port. Click OK, then Close and Close again _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 95 of 216...
  • Page 96 Telnet (or SSH) and scroll to the bottom and click Apply Select Network Hosts from Serial & Network and click Add Host In the IP Address/DNS Name field enter 127.0.0.1 (this is the Opengear's network loopback address) and enter Loopback in Description Remove all entries under Permitted Services and select TCP and enter 200n in Port.
  • Page 97 Users the required access privileges. Select Users & Groups from Serial & Network. Click Add User. Enter a Username, Description and Password/Confirm. Select 127.0.0.1 from Accessible Host(s) and select Port 2 from Accessible Port(s). Click Apply. _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 97 of 216...
  • Page 98 IM/CM4000. Both Windows 2003 and Windows XP Professional allow you to create a simple dial in service which can be used for the Remote Desktop/VNC/HTTP/X connection to the IM/CM4000: _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 98 of 216...
  • Page 99 Open Network Connections in Control Panel and click the New Connection Wizard Select Set up an advanced connection and click Next On the Advanced Connection Options screen select Accept Incoming Connections and click Next _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 99 of 216...
  • Page 100 The COM port on the Windows computer should be configured to its maximum baud rate. Click Next On the Incoming VPN Connection Options screen select Do not allow virtual private connections and click Next _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 100 of 216...
  • Page 101 On the Network Connection screen select TCP/IP and click Properties Select Specify TCP/IP addresses on the Incoming TCP/IP Properties screen select TCP/IP. Nominate a From: and a To: TCP/IP address and click Next _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 101 of 216...
  • Page 102 2 on the CM4000, you would have set up a Windows user named port02 When the PPP connection has been set up, a network icon will appear in the Windows task bar _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 102 of 216...
  • Page 103 Make New Connection. Note you may need to first set up connection over the COM port using Connect directly to another computer before proceeding to Set up an advanced connection _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 103 of 216...
  • Page 104 On the SDT Settings menu select SDT Mode (which will enable port forwarding and SSH tunneling) and enter a Username and User Password. Note When you enable SDT, this will override all other Configuration protocols on that port _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 104 of 216...
  • Page 105 Users who can have access to these ports (or reconfigure User profiles) by selecting Serial & Network :User & Groups menu tag - as described earlier in Chapter 4 Configuring Serial Ports _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 105 of 216...
  • Page 106 You may optionally enter an Sender email address which will appear as the from address in all sent email from this IM/CM4000 Click Apply to activate SMTP _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 106 of 216...
  • Page 107 To set up SNMP alert destination: Select Alerts & Logging: SNMP and specify the SNMP management destination server and protocols, and configure access security. Click Apply to activate SNMP _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 107 of 216...
  • Page 108 IM4200 flash. To specify which serial ports are to have activities recorded and to what level data is to be logged: _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 108 of 216...
  • Page 109 (in addition to the Logs which are transmitted for remote/USB flash storage). To view the local cache of logged serial port data select Manage: Port Logs Network TCP or UDP Port Logging (IM4200 only) _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 109 of 216...
  • Page 110 User connections to serial ports and Hosts can also be a trigger event. When triggered, an Alert message is then emailed to a nominated email address, or an SNMP server is notified. _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 110 of 216...
  • Page 111 Hosts are to be monitored for this alert trigger Nominate the email address for the Email Recipient who will be notified of the alert, and/or activate SNMP notification for this event _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 111 of 216...
  • Page 112 Signal Type or Pattern trigger condition that will send a new alert. You can configure a selection of different Alert types and any number of specific Alert triggers for each serial port Click Apply _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 112 of 216...
  • Page 113 Connect the power strip to the selected serial port on the IM/CM4000 gateway _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 113 of 216...
  • Page 114 /on. Whereas with browser access individual outlets power can be power cycled and power on can be scheduled etc. Enter the Username and Password for accessing the Power Device Click Apply _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 114 of 216...
  • Page 115 IPMI service processors and BMCs. The Administrator can configure these IPMI devices, so both Users and Administrators can use the Management Console to remotely cycle power and reboot, even when the operating system is unresponsive. _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 115 of 216...
  • Page 116 (refer Alerts and Logging Chapter 7) Click Apply Configuring browser controlled Power Strips The Administrator can configure network attached power strips, so both Users and Administrators can control them directly using the Management Console. _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 116 of 216...
  • Page 117 Then initiate the desired Action to be taken by selecting the appropriate icon: Power ON Power OFF Power Cycle Power Status You will only be presented with icons for those operations that are supported by the Target you have selected _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 117 of 216...
  • Page 118 The Administrator can use the Management Console to set up remote authentication for all User connections to ports on the IM/CM4000. The remote authentication database is then used to verify the username and password received from Users. To enable remote authentication: _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 118 of 216...
  • Page 119 (the TACACS+ daemon) to provide authentication, authorization, and accounting services independently. Each service can be tied into its own database to take advantage of other services available _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 119 of 216...
  • Page 120 - pam_ldap (http://www.padl.com/OSS/pam_ldap.html) Further modules can be added as required. For further information on configuring remote RADIUS, TACACS+ or LDAP servers can be found at the following sites: RADIUS _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 120 of 216...
  • Page 121 If you selected HTTPS Server in Network: Services then this will enable you, the Administrator, to establish a secure browser connection to the IM/CM4000 Management Console. To securely access the Management Console from a network connected PC or workstation, you must: _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 121 of 216...
  • Page 122 These warnings do not affect the encryption protection you have against eavesdroppers. Note More detailed information on issuing certificates and configuring HTTPS can be found in Chapter 13 - Advanced _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 122 of 216...
  • Page 123 This chapter overviews Nagios then describes: activating and configuring Nagios distributed monitoring using the IM/CM4000 configuration of Nagios and plug-in operation, and various scenarios where distributed monitoring can be of value _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 123 of 216...
  • Page 124 Each of the Serial Ports and each of the Hosts on the IM/CM4000 which are to be monitored must have Nagios enabled Lastly the upstream Nagios monitoring host must be configured 10.2.1 To enable Nagios on the IM/CM4000 _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 124 of 216...
  • Page 125 10.2.2 To enable NSCA monitoring on the IM/CM4000 NSCA is an add-on that allows you to send passive check results from the remote IM/CM4000 to the Nagios daemon running on the monitoring server. To enable NCSA: _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 125 of 216...
  • Page 126 Select System: Nagios and check NCSA Enabled Configure encryption, secret and check intervals Refer the sample Nagios configuration section below for examples of configuring specific NCSA checks 10.2.3 To enable NRPE monitoring on the IM/CM4000 _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 126 of 216...
  • Page 127 Select Serial&Network: Serial Port and click Edit on the port to be monitored Select Enable Nagios, specify the name of the device on the upstream server and determine which checks will actually be run on this port _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 127 of 216...
  • Page 128 Now Nagios at the upstream monitoring host has been configured and individual serial ports and network host connections on the CM/IM4000 configured for Nagios monitoring, each check will be executed once over the period of the check interval, with the result sent to the upstream server.
  • Page 129 $USER1$/check_nrpe -H 192.168.254.147 -p 5666 -c check_serial_$HOSTNAME$ define service { service_description Serial Status host_name server generic-service check_command check_serial_status define service { service_description serial-signals-server host_name server generic-service check_command check_serial_status active_checks_enabled passive_checks_enabled _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 129 of 216...
  • Page 130 Port Log service_description NRPE Daemon execution_failure_criteria w,u,c ; Ping define command{ command_name check_ping_via_opengear command_line $USER1$/check_nrpe -H 192.168.254.147 -p 5666 -c host_ping_$HOSTNAME$ _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 130 of 216...
  • Page 131 $USER1$/check_nrpe -H 192.168.254.147 -p 5666 -c host_$HOSTNAME$_$ARG1$_$ARG2$ define service { service_description SSH Port host_name server generic-service check_command check_conn_via_opengear!tcp!22 define service { service_description host-port-tcp-22-server ; host-port-<protocol>-<port>-<host> host_name server generic-service check_command check_conn_via_opengear!tcp!22 active_checks_enabled passive_checks_enabled define servicedependency{ _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 131 of 216...
  • Page 132 These two checks are specific to Opengear: check_serial_signals is used to monitor the handshaking lines on the serial ports check_port_log is used to monitor the data logged for a serial port.
  • Page 133 NSCA checks are also batched. So in the previous example the two checks per minute will be sent through in a single transaction. 10.4 Usage scenarios Below are a number of distributed monitoring Nagios scenarios: _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 133 of 216...
  • Page 134 IM4216-25 provides secured, audited, and easily managed access to the management network. Further, each of the Ethernet ports is isolated from the others, meaning each managed device is unable to interfere with other managed devices, including sniffing data. _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 134 of 216...
  • Page 135 It can also be configured to service NRPE commands to perform checks on demand. In this situation, the IM/CM4000 will perform checks based on both serial and network access. _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 135 of 216...
  • Page 136 In this scenario the IM/CM4000 allows dial-in access for the Nagios server. Periodically, the Nagios server will establish a connection to the IM/CM4000 gateway, execute any NRPE commands, before dropping the connection. _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 136 of 216...
  • Page 137 Setting the permitted Services by which to access the gateway (Chapter 3.4) Setting up OoB Dial-in (Chapter 5) 11.1 System Administration and Reset The Administrator can reboot or reset the gateway to default settings. _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 137 of 216...
  • Page 138 Your IM/CM4000 will not allow you to upgrade to the same or an earlier version. The Firmware version is displayed in the header of each page _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 138 of 216...
  • Page 139 To then up-load the firmware image file to your IM/CM4000, select System: Firmware Specify the address and name of the downloaded Firmware Upgrade File, or Browse the local subnet and locate the downloaded file _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 139 of 216...
  • Page 140 Features like Syslog and NFS logging, use the system time for time- stamping log entries, while certificate generation depends on a correct Timestamp to check the validity period of the certificate. _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 140 of 216...
  • Page 141 You must now also specify your local time zone so the system clock can show local time (and not UTP): Set your appropriate region/locality in the Time Zone selection box and click Apply _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 141 of 216...
  • Page 142 The Administrator can see which Users have access privileges with which ports: Select the Status: Port Access The Administrator can also see the current status as to Users who have active sessions on those ports: Select the Status: Active Users _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 142 of 216...
  • Page 143 The Statistics report provides a snapshot of the data traffic and other activities and operations of your gateway. 12.3 Support Reports The Support Report provides useful status information that will assist the Opengear technical support team to solve any problems you may experience with your IM/CM4000.
  • Page 144 Select Status: Syslog Remote System Logging The syslog record can be redirected to a remote Syslog Server: Enter the remote Syslog Server address and port details and click Apply _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 144 of 216...
  • Page 145 Specify the Match Pattern that is to be searched for (e.g. the search for Mount is shown below) and click Apply. The Syslog will then be represented with only those entries that actually include the specified pattern _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 145 of 216...
  • Page 146 To display all the connected Serial devices, Network Hosts and Power devices: Select Manage: Devices. By then selecting the Serial/ Network/ Power item, the display will be reduced to such devices only _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 146 of 216...
  • Page 147 IM/CM4000 serial ports using the in-built terminal. This virtual terminal access is provided by running jcterm (a java vt100 terminal client) from the browser and connecting to the serial port using SSH. _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 147 of 216...
  • Page 148 TCP Port address for the serial port to be accessed. By default 3001 is selected (i.e. Port 1). To access Port 4 for example, this must be changed to 3004 Enter the Password for the Username _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 148 of 216...
  • Page 149 The IM/CM4000 runs a standard Linux kernel so it is also possible to configure the gateway using other standard Linux and Busybox commands and applications (ifconfig, gettyd, stty etc.) However doing this will not guarantee these changes are permanent. _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 149 of 216...
  • Page 150 WARNING This chapter is not intended to teach you Linux. We assume you already have a certain level of understanding before you execute Linux kernel level commands. _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 150 of 216...
  • Page 151 The config tool is designed to perform multiple actions from one command if need be, so if necessary options can be chained together. Options -a –run-all Run all registered configurators. This performs every configuration synchronization action pushing all changes to the live system _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 151 of 216...
  • Page 152 The following commands must be issued: # /bin/config –-set=config.system.name=og.mydomain.com # /bin/config –-set=config.system.password=secret # /bin/config –-set=config.system.smtp.server=192.168.0.124 # /bin/config –-set=config.system.smtp.sender=og@mydomain.com The following command will synchronize the live system with the new configuration. # /bin/config –-run=systemsettings _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 152 of 216...
  • Page 153 # /bin/hwclock --set --date=092216452005.05 Where the format is MMDDhhmm[[CC]YY][.ss] Then the following command will save this new hardware clock time as the system time: # /bin/hwclock –hctosys Network Time Protocol _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 153 of 216...
  • Page 154 Please note that supported interface modes are 'dhcp' and 'static'. Static To set static configuration on the LAN interface with the following attributes: IP Address: 192.168.1.100 Network Mask: 255.255.255.0 Default Gateway: 192.168.1.1 Primary DNS: 192.168.1.254 _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 154 of 216...
  • Page 155 You would need to issue the following commands from the command line to set system configuration: # /bin/config –-set=config.console.ppp.localip=172.24.1.1 # /bin/config –-set=config.console.ppp.remoteip=172.24.1.2 # /bin/config –-set=config.console.ppp.auth=MSCHAPv2 # /bin/config –-set=config.console.ppp.enabled=on # /bin/config –-set=config.console.speed=115200 # /bin/config –-set=config.console.flow=Hardware # /bin/config –-set=config.console.initstring=ATQ0V1H0 _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 155 of 216...
  • Page 156 You would need to issue the following commands from the command line to set system configuration: # /bin/config –-set=config.services.http.enabled=on # /bin/config –-del=config.services.https.enabled # /bin/config –-del=config.services.telnet.enabled # /bin/config –-set=config.services.ssh.enabled=on # /bin/config –-del=config.services.snmp.enabled _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 156 of 216...
  • Page 157 Supported parity values are 'None', 'Odd', 'Even', 'Mark' and 'Space'. Supported data-bits values are '8', '7', '6' and '5'. Supported stop-bits values are '1', '1.5' and '2'. Supported flow-control values are 'Hardware', 'Software' and 'None'. _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 157 of 216...
  • Page 158 So your new User will be the existing total plus 1 so if the previous command gave you 0 then you start with user number 1, if you already have 1 user your new user will be number 2 etc. _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 158 of 216...
  • Page 159 If you want to restrict access to serial port 5 to computers from a single C class network 192.168.5.0, you need to issue the following commands (assuming you have a previous rule in place): # /bin/config –-set=config.portaccess.rule2.address=192.168.5.0 # /bin/config –- set=config.portaccess.rule2.netmask=255.255.255.0 # /bin/config –-set=”config.portaccess.rule2.description=foo _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 159 of 216...
  • Page 160 Note that supported remote storage server types are 'None', 'cifs', 'nfs' and 'syslog'. Supported port logging levels are '0', '1' and '2'. Alert Configuration You can add an email alert to the system from the command line by following these instructions: _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 160 of 216...
  • Page 161 To setup the list of tcp ports for a host, you use the config command: # config -s config.sdt.hosts.host3.tcpports.tcport1 = 23 # config -s config.sdt.hosts.host3.tcpports.tcport2 = 5900 # config -s config.sdt.hosts.host3.tcpports.tcport3 = 3389 The above assumes the config below: # vi /etc/config/config.xml ~ _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 161 of 216...
  • Page 162 </users> </host1> <total>3</total> <host2> <address>accounts.intranet.myco.com</address> <description>Accounts server</description> <users> <total>1</total> <user1>JohnWhite</user1> </users> </host2> <host3> <address>192.168.254.191</address> <description>Tonys Win2000 Box</description> <users> <total>1</total> <user1>JohnWhite</user1> </users> <tcpports><tcpport1>23</tcpport1></tcpports> </host3> </hosts> </sdt> </config> _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 162 of 216...
  • Page 163 Chapter 15 Advanced Configuration ADVANCED CONFIGURATION Introduction This chapter documents Opengear’s portmanager application for gateway serial port management and gives examples of its use: Portmanager documentation Scripts and alerts Raw data access to the ports and modems This chapter also describes details how to perform advanced and custom management...
  • Page 164 Set RTS to 1 run the command: # pmshell --rts=1 Show all signa # pmshell –signals DSR=1 DTR=1 CTS=1 RTS=1 DCD=0 Read a line of text from the serial port: # pmshell –getline _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 164 of 216...
  • Page 165 The above output indicates that a user named “user1” is actively connected to ports 1 and 2, while “user2” is connected to both ports 1 and 8. Portmanager Daemon _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 165 of 216...
  • Page 166 When an alert occurs on a port: When an alert occurs on a port, the portmanager will attempt to execute /etc/config/scripts/portXX.alert (where XX is the port number, e.g. 08) _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 166 of 216...
  • Page 167 "Permission denied for Super User" exit 1 if [ -z "$LABEL" ]; then echo "Welcome $USER, you are connected to Port $PORT" else echo "Welcome $USER, you are connected to Port $PORT ($LABEL)" _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 167 of 216...
  • Page 168 If you are not using a modem on the DB9 console port and instead wish to connect to it directly via a Null Modem cable you may want to enable verbose mode allowing _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 168 of 216...
  • Page 169 HTTP, SNMP etc. e) Rules are added which explicitly allow traffic network traffic access to serial ports over enabled protocols e.g. Telnet, SSH and raw TCP. Customizing the IP-Filter: etc/config/filter-custom _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 169 of 216...
  • Page 170 HOWTO page. A list of useful web locations has been compiled for your convenience below: Netfilter Homepage http://netfilter.org Netfilter/iptables Tutorials http://netfilter.org/documentation/index.html#documentation- tutorials _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 170 of 216...
  • Page 171 The configuration file itself is commented extensively and good documentation is available at the net-snmp website http://www.net-snmp.org, specifically: Man Page: http://www.net-snmp.org/docs/man/snmpd.conf.html FAQ: http://www.net-snmp.org/docs/FAQ.html Net-SNMPD Tutorial: http://www.net-snmp.org/tutorial/tutorial-5/demon/snmpd.html 15.6 Secure Shell (SSH) Support _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 171 of 216...
  • Page 172 This section describes how to generate and configure SSH keys using Linux. Generating Keys The following commands can be issued on a Linux host to produce a DSA public/private key pair: _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 172 of 216...
  • Page 173 More documentation on OpenSSH can be found at: http://openssh.org/portable.html http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1 http://www.openbsd.org/cgi-bin/man.cgi?query=sshd For Opengear gateways with firmware post V2.2.3, the keys can be simply uploaded through the web interface, on the System: Administration page: _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual...
  • Page 174 Generating non-interactive public/private keys for SSH (Windows) This section describes how to generate and configure SSH keys using Windows. First create a new user from the Opengear Management Console on Opengear gateway (the following example users a user called "testuser") making sure it is a member of the "users"...
  • Page 175 "Public key for pasting into OpenSSH authorized_keys file" section of the PuTTY Key Generator, and paste the key data to the "authorized_keys" file. Make sure there is only one line of text in this file. _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 175 of 216...
  • Page 176 (Makes sure public key authentication is enabled) Test the Public Key by logging in as "testuser" Test the Public Key by logging in as "testuser" to the client Opengear device and typing (you should not need to enter anything): # ssh -o StrictHostKeyChecking=no <server-ip>...
  • Page 177 The first step in setting up ssh tunnels is to generate keys. Ideally, you will use a separate, secure, machine to generate and store all keys to be used on the Opengear devices. However, if this is not ideal to your situation, keys may be generated on the Opengear boxes themselves.
  • Page 178 Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/user/keys/control_room Your public key has been saved in /home/user/keys/control_room.pub. The key fingerprint is: 28:aa:29:38:ba:40:f4:11:5e:3f:d4:fa:e5:36:14:d6 user@server _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 178 of 216...
  • Page 179 Opengear devices will have no way to supply it as runtime. Authorized Keys If the Opengear device selected to be the server will only have one client device, then the authorized_keys file is simply a copy of the public key for that device. If one or more devices will be clients of the server, then the authorized_keys file will contain a copy of all of the public keys.
  • Page 180 ‘http’ in order to have secure browser access to the GUI management console across insecure networks. More documentation on OpenSSL is available from: http://www.openssl.org/docs/apps/openssl.html http://www.openssl.org/docs/HOWTO/certificates.txt _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 180 of 216...
  • Page 181 You will be prompted to enter a lot of information. Most of it doesn't matter, but the "Common Name" should be the domain name of your computer (e.g. test.opengear.com). When you have entered everything, the certificate will be created in a file called ssl_cert.pem.
  • Page 182 Save the file and signal inetd of the configuration change. kill -HUP `cat /var/run/inetd.pid` The HTTPS server should be accessible from a web client at a URL similar to this: https://<common name of unit> _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 182 of 216...
  • Page 183 Management Console as described in Chapter 8. pmpower The pmpower command is a high level tool for manipulating remote preconfigured power devices connected to the Opengear gateway either via a serial or network connection. Example: To turn outlet 4 of the power device connected to serial port 2 on: # pmpower -l port02 -o 4 on To turn an IPMI device off located at IP address 192.168.1.100 (where username is...
  • Page 184 <outlet port="port-id-1">Display Port 1 in menu</outlet> <outlet port="port-id-2">Display Port 2 in menu</outlet> <on>script to turn power on</on> <off>script to power off</off> <cycle>script to cycle power</cycle> <status>script to write power status to /var/run/power-status</status> _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 184 of 216...
  • Page 185 The script can be anything that can be executed within the shell. All of the existing scripts in /etc/powerstrips.xml use the pmchat utility. pmchat works just like the standard unix "chat" program, only it ensures interoperation with the port manager. _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 185 of 216...
  • Page 186 [-U <username>] [-A <authtype>] [-L <privlvl>] [-a|-E|-P|-f <password>] [-o <oemtype>] <command> ipmitool [-c|-h|-v|-V] -I lanplus -H <hostname> [-p <port>] [-U <username>] [-L <privlvl>] [-a|-E|-P|-f <password>] [-o <oemtype>] [-C <ciphersuite>] <command> _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 186 of 216...
  • Page 187 Force session privilege level. Can be CALLBACK, USER, OPERATOR, ADMIN. Default is ADMIN. -m <local_address> Set the local IPMB address. The default is 0x20 and there should be no need to change it for normal operation. -o <oemtype> _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 187 of 216...
  • Page 188 For IPMI v1.5, the maximum password length is 16 characters. Passwords longer than 16 characters will be truncated. For IPMI v2.0, the maximum password length is 20 characters; longer passwords are truncated. _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 188 of 216...
  • Page 189 Chassis Commands: status, power, identify, policy, restart_cause, poh, bootdev ipmitool chassis power help chassis power Commands: status, on, off, cycle, reset, diag, soft You will find more details on ipmitools at http://ipmitool.sourceforge.net/manpage.html _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 189 of 216...
  • Page 190 TACACS+ and LDAP). Many components of the IM/CM4000 software are licensed under the GNU General Public License (version 2), which Opengear supports. You may obtain a copy of the GNU General Public License at http://www.fsf.org/copyleft/gpl.html. Opengear will provide source code for any of the components of the Software licensed under the GNU General Public License upon request.
  • Page 191 Manager) are proprietary to Opengear, however the code will be provided to customers, under NDA. Also inbuilt in the IM/CM4000 is a Port Manager application and Configuration tools as described in Chapters 11 and 12. These both are proprietary to Opengear, but open to customers (as above). _____________________________________________________________________...
  • Page 192 _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 192 of 216...
  • Page 193 CM4001: 16MB SDRAM 8MB Flash Serial Connectors IM4216-2: 16 RJ-45 RS-232 serial ports IM4248-2: 48 RJ-45 RS-232 serial ports CM4116: 16 RJ-45 RS-232 serial ports CM4148: 48 RJ-45 RS-232 serial ports _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 193 of 216...
  • Page 194 Serial Baud Rates RJ45 ports - 2400 to 230,400bps) DB9 port - 2400 to 115,200 bps Ethernet Connectors IM42xx-2 Two RJ-45 10/100Base-T Ethernet ports CM41xx One RJ-45 10/100Base-T Ethernet ports _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 194 of 216...
  • Page 195 Do not remove the metal covers. There are no operator serviceable components inside. Opening or removing the cover may expose you to dangerous voltage which may cause fire or electric shock. Refer all service to Opengear qualified personnel To avoid electric shock the power cord protective grounding conductor must be connected through to ground.
  • Page 196 IM/CM4000. In an endeavor to create some move to standardization, Opengear products all use the same RJ45 pinout convention as adopted by Avocent and Equinox. Serial Port Pinout...
  • Page 197 9 pin DB9 8 pin RJ45 Connectors included in IM/CM4000 The CM4008/4116/4148 and IM4216/48 all ship with a “cross-over” and a “straight” RJ45-DB9 connector for connecting to other vendor’s products: _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 197 of 216...
  • Page 198 Part # 319001 Other available connectors and adapters Opengear also supplies a range of cables and adapters that will enable you to easily connect to the more popular servers and network appliances. More detailed information can be found online at http://www.opengear.com/cabling.html...
  • Page 199 DB25F to RJ45 crossover DCE Adapter - IM/CM4000 to Cisco 7200 AUX 440016 5ft Cat5 RJ-45 to RJ-45 cables Extension cables 449016 RJ-45 Plug to RJ-45 Jack Adapter for Cisco console _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 199 of 216...
  • Page 200 Wire RTS to CTS (1 to 8) Wire DSR to DCD to DTR (2 to 3 to 7) Wire RXD to TXD (4 to 5) The RJ-45 Serial Modular Jack pinout is: _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 200 of 216...
  • Page 201 The username is ‘root’ and the password is ‘default’. You should now see the command line prompt which is a hash (#) For CM4008: _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 201 of 216...
  • Page 202 This will test port 1 through 8 and will repeat indefinitely. The test can be terminated by pressing Ctrl C. A successful test must have ‘L’ active in each column. _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 202 of 216...
  • Page 203 (DTR set but not sensed) (RTS set but not sensed) This will test port 1 through 9.To test ports 10 through 16 on the CM4116 you need to type - _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 203 of 216...
  • Page 204 For ports 40 through 48, type in – loopback –e eth0 /dev/port4[0-8] The test will repeat indefinitely. The test can be terminated by pressing Ctrl C. A successful test must have ‘L’ active in each column. _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 204 of 216...
  • Page 205 IM/CM4000. CHAP Challenge-Handshake Authentication Protocol (CHAP) is used to verify a user's name and password for PPP Internet connections. It is more secure _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 205 of 216...
  • Page 206 Key lifetimes The length of time before keys are renegotiated Local Area Network LDAP The Lightweight Directory Access Protocol (LDAP) is based on the X.500 _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 206 of 216...
  • Page 207 Whilst most common, PAP is the least secure of the authentication options. Point-to-Point Protocol. A networking protocol for establishing simple links between two peers. _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 207 of 216...
  • Page 208 There is a draft RFC detailing this protocol. TCP/IP Transmission Control Protocol/Internet Protocol. The basic protocol for Internet communication. TCP/IP address Fundamental Internet addressing method that uses the form _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 208 of 216...
  • Page 209 Wide Area Network WINS Windows Internet Naming Service that manages the association of workstation names and locations with IP addresses For further technology definitions refer: http://linux-documentation.com/en/documentation/linux-dictionary/index.html http://en.wikipedia.org/ _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 209 of 216...
  • Page 210 Software, you agree to be bound by the terms of this EULA. If you do not agree to the terms of this EULA, Opengear is not willing to license the Software to you. In such event, do not use or install the Software. If you have purchased the Software, promptly return the Software and all accompanying materials with proof of purchase for a refund.
  • Page 211 Should you have any questions concerning this EULA, or if you desire to contact Opengear for any reason, please contact the Opengear representative serving your company.
  • Page 212 Proof of date of purchase will be required. Any updates to the Software provided by Opengear (which may be provided by Opengear at its sole discretion) shall be governed by the terms of this EULA. In the event the product fails to perform as warranted, Opengear’s sole obligation shall be, at Opengear’s discretion, to refund the purchase price paid by you for the Software on...
  • Page 213 STANDARD WARRANTY Opengear, Inc., its parent, affiliates and subsidiaries, (collectively, "Opengear") warrant your Opengear product to be in good working order and to be free from defects in workmanship and material (except in those cases where the materials are supplied by...
  • Page 214 Opengear's standard warranty includes free access to Opengear's Knowledge Base as well as any application notes, white papers and other on-line resources that may become available from time to time. Opengear reserves the right to discontinue all support for products that are no longer covered by warranty. LIMITATION OF LIABILITY No action, regardless of form, arising from this warranty may be brought by either party more than two (2) years after the cause of action has occurred.
  • Page 215 _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 215 of 216...
  • Page 216 _____________________________________________________________________ Opengear IM4000 and CM4000 User Manual Page 216 of 216...

This manual is also suitable for:

Cm4000