Page 2 This page intentionally left blank.
Page 3: Copyright And Trademark Information
Raritan, Inc. © Copyright 2007 Raritan, CommandCenter, RaritanConsole, Dominion, and the Raritan company logo are trademarks or registered trademarks of Raritan, Inc. All rights reserved. Java is a registered trademark of Sun Microsystems, Inc. Internet Explorer is a registered trademark of Microsoft Corporation.
Page 4: Safety Guidelines
Safety Guidelines To avoid potentially fatal shock hazard and possible damage to Raritan equipment: • Do not use a 2-wire power cord in any product configuration. • Test AC outlets at your computer and monitor for proper polarity and grounding.
Page 5: Table Of Contents
Chapter 2: Installation ......................5 Pre-Installation ......................5 Client Configuration ...........................5 Hardware Installation ....................6 Physical Installation of Dominion SX for Initial Configuration.............6 LED State ............................6 Initial Configuration Using the Graphical User Interface (GUI) ............7 Initial Configuration Using the Command Line Interface..............9 Chapter 3: Initial Software Configuration ..............11...
Page 6 Port Configuration ..................... 32 Direct Port Access..................... 34 Anonymous Port Access ................... 35 Raritan Serial Console ....................35 Raritan Serial Client Requirements for Java ............. 36 Java Runtime Environment (JRE)....................36 Java Applets and Memory Considerations ..................36 Raritan Serial Client Interface ................... 38 Emulator ............................39...
Page 7 SSH Access from a UNIX Workstation ....................94 Telnet Connection to the Dominion SX ..............95 Enabling Telnet..........................95 Telnet Access from a Windows PC....................95 Local Port Connection to the Dominion SX ............... 96 Port Settings ............................96 Connection ............................96 To Change the Local Port Parameters: ...................96 Login .........................
Page 8 SX U OMINION UIDE Remote Services ...........................105 LDAP Configuration Menu ......................106 RADIUS Command........................107 TACACSPLUS Command ......................107 Configuring Events ....................107 Configuring Log....................... 107 Cleareventlog Command .......................108 Eventlogfile Command........................108 Eventsyslog Command........................108 nfsget Command ...........................109 nfssetkey Command ........................109 Portlog Command..........................110 Sendeventlog Command .......................111 Vieweventlog Command........................111 Configuring Modem ....................
Page 9 Case 8. Accessing Port Access on DSX via RSC........... 165 Case 9. Port Configuration..................165 Case 10. CLI / SSH Connection to SX Port ............166 Appendix A: Specifications ...................167 Dominion SX Models and Specifications ..............167 Requirements......................169 Browser Requirements – Supported ............... 169 Connectivity......................170 Dominion SX Serial RJ-45 Pinouts .................
Page 10 Install Client Certificate into Internet Explorer ................184 Appendix D: Server Configuration ................187 Microsoft IAS RADIUS Server................. 187 Configure the Dominion SX to Use an IAS RADIUS Server ............187 Create an IAS Policy........................188 Cisco ACS RADIUS Server..................189 Configure the Dominion SX to use a Cisco ACS Server..............189 Configure the Cisco ACS Server ....................189...
Page 11 Figure 7 Restricted Service Agreement Screen ................... 8 Figure 8 Change Password Screen ......................8 Figure 9 Dominion SX Port Access Screen for Operators/ Observers ............11 Figure 10 Dominion SX Port Access Screen for Administrators..............11 Figure 11 Setup Screen ..........................11 Figure 12 Date / Time Configuration Screen....................
Page 12 SX U viii OMINION UIDE Figure 63 Standalone RSC Login Screen ....................56 Figure 64 Standalone RSC Connected to Port Window................57 Figure 67 Security Settings Screen......................59 Figure 68 Login Settings Screen........................ 60 Figure 69 Kerberos Settings ........................61 Figure 70 Certificate Signing Request .......................
Page 13 IGURES Figure 118 New Phone Entry Display ...................... 196 Figure 119 Dial-Up Security Display ......................197 Figure 120 Windows 2000 Network and Dial-Up Connections..............197 Figure 122 Network Connection Type...................... 198 Figure 123 Device Selection ........................198 Figure 124 Phone Number to Dial......................199 Figure 125 Connection Availability......................
Page 14 SX U OMINION UIDE Tables Table 1 Factory Default Network Settings....................5 Table 2 Java Runtime Parameters......................37 Table 3 Commands Common to All CLI Levels ..................99 Table 4 Available CLI Commands......................101 Table 5 Configuration: Authentication Commands: ldap ................105 Table 6 LDAP Command .........................
Page 15 Table 73 Dominion SX Requirements ...................... 169 Table 74 Browser Requirements......................169 Table 75 Connectivity ..........................170 Table 76 Dominion SX RJ-45 Serial Pinouts and Signals ................ 171 Table 77 DB9F Nulling Serial Adapter Pinouts ..................171 Table 78 DB9M Nulling Serial Adapter Pinouts..................172 Table 79 DB25F Nulling Serial Adapter Pinouts ..................
Page 16: Preface
UIDE Preface The Dominion SX User Guide provides the information needed to install, set up and configure, access devices such as routers, servers, switches, VPNs, and power strips, manage users and security, and maintain and diagnose the Dominion SX secure console server.
Page 17: Notices
REFACE XIII CRONYM EANING Virtual Private Network Notices Important: cautionary information that warns of possible affects on the users, corruption risks, and actions that may affect warranty and service coverage. Note: general information that is supplemental to the text.
Page 18 This page intentionally left blank.
Page 19: Chapter 1: Introduction
Web browser. Dominion SX is a fully configured stand-alone product in a standard 1U high 19” rack mount chassis. Figure 1 Dominion SX16 Unit...
Page 20: Product Features
• Optional Modem Connectivity: For emergency remote access if the network has failed. • Target Device Connectivity: Simplified RJ45-based CAT 5 cable scheme; serial port adapters are available from Raritan. • Local Access for “crash-cart” applications. Simplified User Experience •...
Page 21: Package Contents
Package Contents Each Dominion SX ships with the following: • (1) Dominion SX unit with mounting kit (Rack-mount kit is optional on some units) • (1) Raritan Dominion SX User Guide CD-ROM, which contains the installation and operations information for the Dominion SX •...
Page 22 SX U OMINION UIDE This page intentionally left blank.
Page 23: Chapter 2: Installation
• Using Ethernet (with an installation computer). This section describes the steps necessary to configure Dominion SX for use on a local area network (LAN). The following table describes the factory default network settings that come with the Dominion SX. After units are connected to the network, these factory default settings allow you to configure the Dominion SX for normal use.
Page 24: Hardware Installation
Language Interface (CLI) as described in the following sections. LED State On the front panel of the Dominion SX unit, there exists a LED indicator right next to the model name label. The LED indicator will blink blue in the following three cases: Ethernet packets are received or transmitted.
Page 25: Initial Configuration Using The Graphical User Interface (Gui)
3. Type ping 192.168.0.192. Go to step 4 if you receive a successful reply from the Dominion SX unit. If an error occurs, verify that the default IP address is entered correctly and that a route to that IP address exists.
Page 26 The login screen appears after you finish viewing the security alerts and the Certification Information screen. Figure 4 DSX Login Screen 7. Log in with the default username admin and password raritan. Use all lowercase letters. A Restricted Service Agreement Screen appears: Figure 5 Restricted Service Agreement Screen Note: Once you click Accept after login, the Dominion SX prompts you to change the default password.
Page 27: Initial Configuration Using The Command Line Interface
3. Type ping 192.168.0.192. Go to step 4 if you receive a successful reply from the Dominion SX unit. If an error occurs, verify that the default IP address is entered correctly and that a route to that IP address exists.
Page 28: User Configuration
4. Type yes to reboot the Dominion SX. 5. You can now remove the serial cable. 6. Reconnect from the installation computer browser to the Dominion SX using the new IP address and password and proceed. User Configuration 1.
Page 29: Chapter 3: Initial Software Configuration
Chapter 3: Initial Software Configuration After the hardware installation, perform the initial software configuration. Do this by logging onto the Dominion SX from either a browser or through a Command Line Interface (See Chapter 12: Command Line Interface for CLI information.) Dominion SX Initial Software Configuration 1.
Page 30: Date / Time Configuration
SX U OMINION UIDE Important: After you complete each configuration task, you must return to the Setup tab to perform the next configuration task. Date / Time Configuration 1. Click the Date / Time in the Configuration section of the Setup Screen. The Date / Time Configuration screen appears.
Page 31: Network Configuration
Type 5000 or another port number in the Discovery Port field. 7. Click OK. Dominion SX displays either a confirmation or error screen. 1. Click OK when the confirmation window appears. After the confirmation screen, Dominion SX automatically disconnects to update the configuration then restarts.
Page 32: Deployment
SX U OMINION UIDE Deployment 1. You can remotely access the Dominion SX through a: LAN connection or a modem connection (optional). 2. The Dominion SX can access target devices only through a serial connection. LAN Connection After the initial software configuration phase, configure the DSX unit for operation on the LAN.
Page 33: Chapter 4: Network Settings And Services
4: N HAPTER ETWORK ETTINGS AND ERVICES Chapter 4: Network Settings and Services This chapter explains how to configure the basic network settings for the DSX, and how to configure the various access protocols (SSH, telnet, etc.) It also explains how to configure the DSX for modem access, and how to enable IP forwarding and create static routes.
Page 34: Change The Discovery Ports
SX U OMINION UIDE Change the Discovery Ports The DSX has two discovery ports: • TCP 5000 Common Socket Connection (CSC) discovery • UDP 5000 Command Center (CC) discovery If either of these ports is used by another application, you can change the discovery port number in the DSX in the appropriate field and click OK.
Page 35: To Change Any Of These Network Service Settings
4: N HAPTER ETWORK ETTINGS AND ERVICES To change any of these network service settings: Click the Setup tab, and then click Services. The Network Service Settings screen appears. Figure 13 Network Service Settings Make any necessary changes to the appropriate fields. Click OK.
Page 36: Configuring Modem Access
SX U OMINION UIDE Configuring Modem Access You can access the DSX via a modem. To set this up: Click the Setup tab, and then click Modem. The Modem Settings screen appears. Figure 14 Modem Settings Screen Click the checkbox labeled Enable Modem to enable modem access. Type the IP addresses of the Point-to-Point (PPP) server in the PPP Server IP field.
Page 37: Add A New Static Route
4: N HAPTER ETWORK ETTINGS AND ERVICES Add a New Static Route To add a new Static Route: 1. Click the Setup tab, and then click Static Routes. The Static Routes screen appears. It consists of an Enable IP Forwarding panel and a Static Routes List. Figure 16 Static Routes List 2.
Page 38: Delete A Static Route
SX U OMINION UIDE Delete a Static Route To delete a static route: Click the Setup tab, and then click Static Routes. The Static Routes screen appears. It consists of an Enable IP Forwarding panel and a Static Routes List. Go the Static Routes List and click the checkbox next to the route you want to delete.
Page 39: Chapter 5: User Profiles And Groups
5: U HAPTER ROFILES AND ROUPS Chapter 5: User Profiles and Groups This chapter explains how to create and manage user profiles and user groups. Managing User Profiles User profiles serve two purposes: • To provide users with a username and password to log into the DSX •...
Page 40 SX U OMINION UIDE Click Add New User. The New User screen appears. Figure 19 New User Screen Type a login name in the Username field. This is the name the user enters to log into the DSX. This field is required. •...
Page 41: Modify A User Profile
5: U HAPTER ROFILES AND ROUPS Tip: If the user group you want has not yet been created, you can create it and then return to the user profile and select it. For now, keep the default. Decide whether or not to activate this profile immediately. By default, the Active checkbox is selected.
Page 42: Display A List Of User Groups
SX U OMINION UIDE Display a List of User Groups To display a list of existing user groups, click the User Management tab, and then click User Group List. The Group List screen appears (Figure 20). Figure 20 Group List Screen The Group List screen shows every user group created to date, and for each one gives the group’s name and class.
Page 43: Modify A User Group
5: U HAPTER ROFILES AND ROUPS • Observer Users associated with the Observer class have read-only access to the console window, and cannot change any system configuration parameters except their own password. Select the ports that the users associated with this group are permitted to access. You can select all ports, or you can select any combination of individual ports.
Page 44 SX U OMINION UIDE...
Page 45: Chapter 6: Remote Authentication
6: R HAPTER EMOTE UTHENTICATION Chapter 6: Remote Authentication This chapter explains how to configure RADIUS, LDAP, and TACACS+ authentication. Tip: If you are setting up remote authentication, it is a good idea to still keep local authentication enabled. When an authentication request reaches the DSX, it looks to authenticate the user remotely first, and then looks to authenticate the user locally.
Page 46: Configuring Ldap
In other words, it is the domain name. This is where the search starts for the user name. The user name is created in this domain (for example, Search: dc=raritan, dc=com) to process LDAP authentication queries from Dominion SX.
Page 47: Configuring Tacacs
6: R HAPTER EMOTE UTHENTICATION If you are using a modem to connect to the LDAP server, type a dialback string in the Dialback Query String field. If you have a backup LDAP server, enter the same information in the Secondary LDAP fields.
Page 48: Ominion Sx User Uide
SX U OMINION UIDE...
Page 49: Chapter 7: Port Configuration And Port Access Application
Port configuration allows Administrators to define the serial/console port settings in order to communicate with remote target devices. Note: You can access the Raritan Serial Console (RSC) from the Port screen. See the Raritan Serial Console section of this chapter for RSC information.
Page 50: Port Configuration
SX U OMINION UIDE Port Configuration To configure one or more ports: Click the Setup tab, and then click Port Configuration. The Port Configuration screen appears. Figure 26 Port Configuration Screen Select the port(s) you want to configure. You can select one port or several ports, so long as the port configurations are all the same.
Page 51 Select the Flow Control from the Flow Control drop-down menu. In the Detect field, indicate whether you want the Dominion SX to detect or not detect the physical connection to the target. The default is Not detect. Change by selecting Detect Physical Connection to the Target from the drop-down menu in the Detect field.
Page 52: Direct Port Access
Select Control from the drop-down menu in the Escape Mode field. • Type the Escape Character. The default for the Dominion SX is ] (closed bracket ). Select the terminal emulation type from the drop-down menu in the Emulation field. The choices are: •...
Page 53: Anonymous Port Access
Select Observer from the drop-down menu in the Class field. 7. Select the ports for which you want anonymous port access in the Port Access field. 8. Click OK. Important: The Dominion SX unit must be rebooted to apply new direct port access settings. Raritan Serial Console Use the following steps to launch the Raritan Serial Client (RSC).
Page 54: Raritan Serial Client Requirements For Java
UIDE Raritan Serial Client Requirements for Java The Raritan Serial Client (RSC) requires a minimum 1 GHz PC with 512 MB RAM. Java must be installed to access targets (managed devices) before you can use the RSC. Java Runtime Environment (JRE) The RSC will function with JRE version 1.4.2_05 or later (except for JRE version 1.5.0_02) .
Page 55: Table 2 Java Runtime Parameters
7: P HAPTER ONFIGURATION AND CCESS PPLICATION Table 2 Java Runtime Parameters ESCRIPTION ALUES YNTAX EFAULT OMMENTS Sets the initial size -Xms<Size> 2097152 (2MB) in bytes of the Java heap. • flag increases the -server default size to 32M. • The values must be a multiple of, and greater than, 1024 bytes (1KB).
Page 56: Raritan Serial Client Interface
With some versions of Java on Windows, the screen opens in front of the Port Screen. Minimize the Port Access screen to access the Raritan Serial Console screen. The RSC contains drop-down menus that provide the user with the ability to: •...
Page 57: Emulator
IMPORTANT: You must change the default user Idle Timeout setting on the Dominion SX GUI before you begin using the RSC or it will timeout in 10 minutes and display a host termination message. See the Security chapter of the Dominion SX User Guide for changing the Idle Timeout setting.
Page 58 SX U OMINION UIDE Note: If the RSC Idletimeout expires, the Dominion SX Idletimeout period begins. Settings Note: Terminal emulation settings are set with the port by an Administrator using the Setup->Port Configuration menu. 1. On the Emulator menu, click Settings. The Settings screen displays the General tab with the default settings.
Page 59: Display Settings
7: P HAPTER ONFIGURATION AND CCESS PPLICATION Display Settings 1. Return to the Emulator menu, select Settings and then click the Display tab. Figure 35 Display Settings Window 2. Click Default to accept the Default settings. Then click Ok to close the Display Settings window;...
Page 60 SX U OMINION UIDE 6. Click on the GUI Font Properties tab and accept the default of Monospaced or choose a font from the GUI Font Properties scrolling list. Figure 36 Display Settings: GUI Font Properties 7. Choose the following from their drop-down menus: •...
Page 61 Only Administrators and Operators can get write access. The user with Write Access can send commands to the target device. Write Access can be transferred among users working in the Raritan Serial Client via the Get Write Access command. To enable Write Access, click Get Write Access on the Emulator menu.
Page 62 A check mark appears in the Write Access column after the name of the User who has Write Access to the console. 2. Click Close to close the Connected Users window. Exit 1. Click Exit on the Emulator menu to close the Raritan Serial Console. The Exit Confirmation screen appears. 2. Click Yes.
Page 63: Edit
- Position the cursor where you want to paste the text and click in that location to make it active. - Press CTRL and tap the V key to paste. The text copy limit in Raritan Serial Client is 9999 lines.
Page 64: Tools
SX U OMINION UIDE Tools 1. Click on the Tools drop-down menu to display a list of topics. Figure 39 Tools Menu...
Page 65: Start Logging
7: P HAPTER ONFIGURATION AND CCESS PPLICATION Start Logging The Start Logging function allows you to collect raw console data from the target device and save it to a file in your computer. When you start the RSC, the Logging indicator on the status bar indicates whether logging is on or off.
Page 66: Chat
SX U OMINION UIDE Send Keystroke 1. On the Tools menu, click Send Keystroke. A Send Keystroke screen appears: Figure 41 Send Keystroke 2. Enter the keystroke combinations that you want and select a Key Code name from the drop- down menu.
Page 67: Help
3. Click Send or press ENTER to send the message. 4. Click Clear to delete the typed text, or click Close to exit and close the Message window. Help Help Topics include on-line assistance for operating the Raritan Serial Console, and release information about Raritan Serial Console. Help Topics To Access Help Topics: 1.
Page 68: Standalone Raritan Serial Console Installation
Web site: http://www.raritan.com/support The standalone Raritan Serial Client (RSC) is used to make direct connections to the target without going through the Dominion SX GUI application. The user specifies the Dominion SX address and the port number (target) and then is connected.
Page 69: Setting Windows Os Variables
7: P HAPTER ONFIGURATION AND CCESS PPLICATION • Ensure that Java can be started from the command line. To do this, environment variables must be configured. Make a note of the exact path where Java was installed. (The path information will be used later.) Setting Windows OS Variables Open the Start menu, and then open the Control Panel and choose System.
Page 70 SX U OMINION UIDE Click OK. Figure Windows OS: New System Variable Select the PATH variable and click Edit. Add %JAVA_HOME%\bin to the end of the current Variable value. Ensure a semicolon (;) separates the new value from the last value in the string.
Page 71 7: P HAPTER ONFIGURATION AND CCESS PPLICATION Click OK. Figure Windows OS: Edit System Variable Select the CLASSPATH variable and click Edit. Ensure the CLASSPATH Variable value is configured properly; that is, its value must have a period(.) in it. If, for any reason, there is no CLASSPATH variable defined, create one. Figure Windows OS: CLASSPATH Variable...
Page 72: Setting Linux Os Variables
SX U OMINION UIDE Setting Linux OS Variables If you want to set Java for this user only, open and edit .profile file located in the /home/Username folder. If you want to set Java for all users, open .profile file in your /etc folder Find the line where you set your PATH Example: export PATH=$PATH:/home/username/somefolder Before that line you must set your JAVA_HOME and then modify your PATH to include it.
Page 73: Installing Standalone Rsc For Windows
7: P HAPTER ONFIGURATION AND CCESS PPLICATION Installing Standalone RSC for Windows You must have administrative privileges to install RSC. Log on to a Windows machine. Download, or copy from a known location, the RSC-installer.jar installation file. Double-click on the executable file to start the installer program. The splash screen appears. Click Next.
Page 74: Launching Rsc On Windows Systems
Click Next. The installation finished screen appears. Click Done. Launching RSC on Windows Systems Double-click on the shortcut or use Start Programs to launch the standalone RSC. The Raritan Serial Console Login connection properties window appears. Figure 51 Standalone RSC Login Screen...
Page 75: Installing Rsc For Sun Solaris
ONFIGURATION AND CCESS PPLICATION Enter the Dominion SX IP address, account information, and the desired target (port). Click Start. The RSC opens with a connection to the port. Figure 52 Standalone RSC Connected to Port Window Note: In case of unrecognized characters or blurry screens that might appear in RSC window due to localization support, please try changing the font to Courier New.
Page 76: Launching Rsc On Sun Solaris
SX U OMINION UIDE The Set Installation Path screen appears. a) Select the directory where you want to install RSC and click Next. b) Click Browse to navigate to a non-default directory. c) Click Next when the installation is complete. d) Click Next again.
Page 77: Chapter 8: Security
Encryption of port data log sent to a remote nfs server. • Security profile • “Man in the Middle” The Security function provides the Dominion SX administrator with the following tools: • Specify login authentication and handling parameters. • Kerberos settings.
Page 78: Login Settings
SX U OMINION UIDE Login Settings Click Login Settings on the Security Settings screen to access the Login Settings screen, which contains the Local Authentication, Login Handling, and Strong Password Settings panels.. Figure 54 Login Settings Screen Local Authentication Go to the Local Authentication panel and click the Enable Local Authentication checkbox. The system displays these defaults in the following fields: •...
Page 79: Strong Password Settings
8: S HAPTER ECURITY Strong Password Settings To enable strong passwords, go to the Strong Password panel and select the requirements for a strong password. This includes maximum and minimum length and special character requirements. Configure Kerberos Figure Kerberos Settings Click Enable Kerberos.
Page 80: Generate A Certificate Signing Request
SX U OMINION UIDE Generate a Certificate Signing Request To generate a Certificate Signing Request (CSR): Click the Security tab, and then click Certificate. The Certificate screen appears. Figure 56 Certificate Signing Request Click the checkbox labeled Generate a Certificate Signing Request. Click on the drop-down menu in the Bits field.
Page 81: Install A User Key
8: S HAPTER ECURITY Install a User Key To install a user key on the DSX: Click the Security tab, and then click Certificate. The Certificate screen appears. Figure 57 Install User Key Click the checkbox labeled Install User Key. Type the following information in the corresponding fields: •...
Page 82: Ssl Client Certificate
SX U OMINION UIDE Click the checkbox labeled Install User Certificate. Type the following information in the corresponding fields: • The IP address of the host with the certificate • A login and password on the host • The path and name of the file containing the certificate Click OK.
Page 83 8: S HAPTER ECURITY Figure 59 SSL Client Certificate Screen...
Page 84: Enabling Client Certificate Authentication
SX U OMINION UIDE Enabling Client Certificate Authentication: To enable Client Certificate Authentication: Click Enable SSL Client Certification. 2. Click OK to enable the Client Certificate authentication. Installing a New Trusted Certificate Authority To install a new trusted Certificate Authority (CA) to the DSX, the CA certificate must be on an accessible FTP server.
Page 85: Viewing A Certificate Revocation List
2. Click OK to retrieve the list of CRLs. Banner Dominion SX optionally supports a customizable (maximum 5000 words, 8 words per row) welcome banner that is displayed after login. The banner identifies where the user has logged into. In addition, there is the ability to add a consent banner that forces the user to accept the stated conditions prior to advancing into operation of the console server.
Page 86: Security Profiles
SX U OMINION UIDE Security Profiles The DSX provides three security profiles that you can use. They simplify the assigning of permissions to users and groups by defining basic permissions that automatically apply to all users. About Security Profiles The three security profiles are: Standard ─...
Page 87 8: S HAPTER ECURITY Click the Edit Custom Profile link. The Edit Custom Security Profile screen appears. Figure 62 Edit Custom Security Profile Screen Check one or all of the following fields. • Telnet Access • Strong Password Required • Single Login Per User •...
Page 88: Firewall
SX U OMINION UIDE Firewall The DSX provides a firewall function to provide protection for the IP network and to control access between the internal router and the LAN 1, LAN 2 and the dial modem interfaces. Enable the Firewall To enable the firewall: Click the Security tab, and then click Firewall.
Page 89: Chapter 9: Logging
Enable System Logging This feature sends event log messages to a remote Syslog server. The messages from the Dominion SX unit are sent to the LOCAL0 channel of the Syslog server for more efficient parsing. To set this feature up: Go to the System Logging panel and click the Enable System Logging checkbox.
Page 90: Enable Port Logging
SX U OMINION UIDE Click OK. Enable Port Logging You need to configure port logging after you have enabled NFS logging (see “Configuring NFS Logging” below). This feature enables port data to be logged to a Network File System (NFS) server. This allows you to save and access the log files over a network.
Page 91 9: L HAPTER OGGING Mon Nov 06-2006 13:46:20 -------- admin connected to port-------- Mon Nov 06-2006 13:46:21 -------- admin got write access -------- Password: Authentication failure. Username: admin Password: Authentication successful. ---------------------------------------------------------------------- Welcome to the DominionSX. [Model: SX32] UnitName:sx181 FirmwareVersion:3.0.1.5.1 Serial:WAOF300029 IP Address:192.168.51.181 UserIdletimeout:5min...
Page 92: Configure Input Port Logging
SX U OMINION UIDE Configure Input Port Logging To enable input port logging: Go to the Input Port Logging panel and click the Enable Input Port Logging checkbox. (To turn this feature off, clear this checkbox.) Figure 68 Input Port Logging Panel Type a directory for input in the In Directory field.
Page 93: Configuring Smtp Logging
9: L HAPTER OGGING Configuring SMTP Logging To configure SMTP logging, click the Setup tab, and then click Events. The SMTP Logging screen appears. This screen contains and SMTP Settings panel and a New SMTP Event panel. Enable SMTP Logging To enable SMTP logging: Go to the SMTP Settings panel and click the Enable SMTP Server checkbox to enable SMTP logging.
Page 94: Test The Smtp Logging
Type the email address to send the event in the Destination field. Click OK. Test the SMTP Logging It is important that the SMTP server information be accurate so that the Dominion SX unit can send messages using that SMTP server. To verify that the information is correct and working: Send a test email by selecting an event such as: event.amp.notice.port connection.
Page 95 9: L HAPTER OGGING Note: The NFS server must have the exported directory with write permission for the port logging to work. To configure NFS Logging: Click the Setup tab, and then click NFS. The NFS Settings screen appears. Figure 72 NFS Settings Screen Click the Enable NFS checkbox to enable NFS logging.
Page 96: Configuring Snmp Logging
SX U OMINION UIDE Configuring SNMP Logging The DSX supports Simple Network Management Protocol (SNMP) traps and logging. Enable SNMP Logging To enable SNMP logging: Click the Setup tab, and then click SNMP. The SNMP screen appears. Go to the SNMP Setting panel and click the Enable SNMP checkbox to enable the SNMP feature.
Page 97: Chapter 10: Maintenance
10: M HAPTER AINTENANCE Chapter 10: Maintenance The Dominion SX maintenance features presented in this chapter allow the administrator perform the following tasks: • Manage event logs. • View configuration report. • Backup and restore the SX unit settings. •...
Page 98: Send The Event Log
SX U OMINION UIDE Send the Event Log To send the contents of the event log to a remote FTP server: Click the Maintenance tab, and then click Send Event Log. The Send Event Log screen appears. Figure 76 Send Event Log Screen Enter the IP address of the FTP server in the IP address field.
Page 99: Backing Up And Restoring The Dsx
10: M HAPTER AINTENANCE Backing Up and Restoring the DSX When you back up the DSX, the system makes a copy of the DSX configuration (without network settings) and writes the copy to an FTP server. The file can be recovered using a Restore operation, if necessary.
Page 100: Restoring The Dsx
SX U OMINION UIDE Restoring the DSX Restoring the DSX retrieves a copy of the DSX configuration from the FTP server where it has been backed up and writes the file to the DSX. To perform a restore operation Click the Maintenance tab, and then click Restore. The Restore screen appears. Figure 78 Restore Screen In the IP Address field, type the IP address of the source FTP server system from which the restore data will be retrieved.
Page 101: Display The Current Firmware Version
Obtain a user account (Optional) if “anonymous” access to the FTP server is not supported. The Firmware Upgrade feature allows you to upgrade the Dominion SX unit's firmware to a newer version. These upgrades preserve user-defined settings. You do not need to re-configure the unit after the upgrade is complete.
Page 102: Display A Firmware Upgrade History
SX U OMINION UIDE To perform the upgrade: Click the Maintenance tab, and then click Firmware Upgrade. The Firmware Upgrade screen appears. Figure 80 Firmware Upgrade Screen Type the IP Address of the FTP server in the IP Address field. Type your login name in the Login field.
Page 103: Performing A Factory Reset On The Dsx
10: M HAPTER AINTENANCE Performing a Factory Reset on the DSX Performing a factory Reset returns the DSX unit to its default factory settings. Be very careful when doing this, because it will erase all the data and settings on the DSX unit and return it to the state in which it was originally shipped.
Page 104 SX U OMINION UIDE...
Page 105: Chapter 11: Diagnostics
11: D HAPTER IAGNOSTICS Chapter 11: Diagnostics The Diagnostics function provides the administrator with the tools to test the network and monitor processes. Select the Diagnostics tab to display the Diagnostics screen. It provides links to Network Infrastructure Tools and Administrator Tools. Figure 82 Diagnostics Screen Network Infrastructure Tools Network infrastructure tools allow you to view the status of the active network interfaces and...
Page 106: Network Statistics
SX U OMINION UIDE Network Statistics Click Network Statistics on the Diagnostics screen. The system displays network statistics. Figure 84 Network Statistics By default, all statistics are shown. To show specific statistics, select an entry from the drop- down menu in the Options field. Your choices are: o Route o Interfaces o Groups...
Page 107: Ping Host
11: D HAPTER IAGNOSTICS Ping Host Click Ping Host on the Diagnostics screen. The Ping Host screen appears. Figure 85 Ping Host Type the IP address of the host to be pinged in the IP Address field. Click Ping. The screen displays the results of the ping. Trace Route to Host Figure 86 Trace Route to Host Click Trace Route to Host on the Diagnostics screen.
Page 108: Administrator Tools ─ Process Status
SX U OMINION UIDE Administrator Tools ─ Process Status Click Process Status in the Diagnostics Screen. The screen displays the results of your request. Figure 87 Process Status Click Refresh to update the information.
Page 109: Chapter 12: Command Line Interface
The Dominion SX allows an Administrator or User to access, control, and manage multiple serial devices. You can use the Command Line Interface (CLI) to configure the Dominion SX or to connect to target devices. The RS-232 interface may operate at all standard rates from 1200 bps to 115200 bps.
Page 110 SX U OMINION UIDE CLI Command Overview – Part 1 configuration authentication network events services ethernetfailover ldap interface encryption delete ldaps http smtp ipforwarding getservercert https name removeservercert logout ports cleareventlog viewservercert route eventlogfile primaryldap routeadd secondaryldap eventsyslog telnet routedelete nfsgetkey snmp radius...
Page 111 CLI Command Overview – Part 2 show Connect Diagnostics history Maintenance Security (port sub-menu, reached (available in all menus) using escape key sequence) banner ipmi backup ifconfig banner cleareventlog netstat ipmidiscover ftpgetbanner clearhistory factoryreset ipmitool certificate close userlist firmware client gethistory listports traceroute...
Page 112: Accessing The Dominion Sx Using Cli
SSH Connection to the Dominion SX The SSHv2 Server is configured to run on the Dominion SX by default. Use any SSH client that supports SSHv2 to connect to it. Note: For security reasons, SSH V1 connections are not supported by the DSX.
Page 113: Telnet Connection To The Dominion Sx
12: C HAPTER OMMAND NTERFACE Telnet Connection to the Dominion SX Due to the lack of security, username, password and all traffic is in clear-text on the wire, Telnet access is disabled by default. Enabling Telnet If you wish to use Telnet to access the DSX, first access the DSX from the CLI or a browser.
Page 114: Local Port Connection To The Dominion Sx
Local Port Connection to the Dominion SX The local port of the Dominion SX must be connected to the COM port of a computer system, a terminal, or some other serial capable device using a null modem cable with DB-9F null on both ends.
Page 115 12: C HAPTER OMMAND NTERFACE The welcome message displays. You are now logged in as an Administrator. login as: admin Password: Authentication successful ----------------------------------------------------------------- Welcome to the DominionSX [Model: SX4] UnitName:DominionSX FirmwareVersion:3.0.0.5.1 Serial:WACEA00008 IP Address:192.168.51.194 UserIdletimeout:99min ----------------------------------------------------------------- Port Port Port Port Name Name - Port1 [U]...
Page 116: Navigation Of The Cli
SX U OMINION UIDE Navigation of the CLI Before using the CLI, it is important to understand CLI navigation and syntax; additionally, there are combinations of keystrokes that simplify CLI use. Completion of Command The CLI supports the completion of partially entered commands. After entering the first few characters of an entry, hit the Tab key;...
Page 117: Common Commands For All Command Line Interface Levels
RSC Version: 1.0.0.1.16 Initial Configuration Dominion SX units come from the factory with default factory settings When you first power up and connect to the unit, you must set the following basic parameters so the device can be accessed securely from the network: 1.
Page 118: Setting Parameters
The Dominion SX now has the basic configuration and can be accessed remotely via SSH, GUI or locally using the local serial port. Next, the administrator needs to configure the users and...
Page 119: Cli Prompts
12: C HAPTER OMMAND NTERFACE CLI Prompts The Command Line Interface prompt indicates the current command level. The root portion of the prompt is the login name; admin is the root portion in the following command: admin > Config > Port > CLI Commands Table 4 lists and describes all available CLI commands.
Page 120: Security Issues
See Appendix C for details on SSL Certificates. Enabling Firewall Protection Dominion SX provides a firewall function to provide protection for the IP network and to control access between the internal router and the LAN 1, LAN 2 and the dial modem interfaces.
Page 121: Configuring Users And Groups
NTERFACE Configuring Logging and Alerts As part of the security capabilities of the Dominion SX, facilities are provided to log data and to provide alerts based on activities between the users, Dominion SX and the target device. These facilities provide an audit trail allowing the authority responsible to review what has happened in the system and determine who implemented what action and when.
Page 122: Set Escape Sequence
UIDE Set Escape Sequence To set the Escape sequence, ensure that the default Escape sequence set on the Dominion SX server does not conflict with a key sequence required by either the Access Client or the host operating system. The Escape key sequence is user-configurable. Console sub-mode should be displayed when the default escape key sequence ^] (programmable) is pressed.
Page 123: Remote Services
Local databases for AA are maintained in an encrypted format to prevent unauthorized access. Remote Services For remote services, Dominion SX supports LDAP, Active Directory, TACACS+ and Kerberos. The Dominion SX server also supports an additional level of security services that further enhance protection of the console server. These services are: •...
Page 124: Ldap Configuration Menu
SX. When configuring the Radius server, the Filter-ID format for the users on the server should have the following format “raritan:G{GroupOnSX}:D{DialbackNumber}“. When configuring the TACACS+ server, the user-group format for the user on the server should contain the name of a group configured on the DSX.
Page 125: Radius Command
> Config > events > add admin > Config > events > smtp Configuring Log Configuration log command provides the administrator with the following commands to manage the logging features of the Dominion SX server: • cleareventlog • eventlogfile •...
Page 126: Cleareventlog Command
SX U OMINION UIDE Cleareventlog Command The cleareventlog command clears the contents of the local event log. The syntax of the cleareventlog command is: cleareventlog Cleareventlog Command Example admin > Config > Log > cleareventlog Eventlogfile Command The eventlogfile command controls and configures the logging of events to the local log. The syntax of the eventlogfile command is: eventlogfile [enable <true|false>] [size value] [style <wrap|flat>] The eventlogfile command options are described in Table 8.
Page 127: Nfsget Command
The nfssetkey command sets the type of encryption and the key. NFS is notoriously insecure. It can be accessed easily and the data misused. With Dominion SX, the administrator has the ability to encrypt the data stored on the NFS server. Consequently, if the data were to be accessed inappropriately, it would be of no use to anyone without the encryption key used to encrypt.
Page 128: Portlog Command
SX U OMINION UIDE Portlog Command The portlog command enables and configures the logging of port data. The syntax of the portlog command is: portlog [enable <true|false>] [prefix name] [size value] [timestamp interval] [update interval] [inputlog <true|false>] [indir name] [outdir name] [encrypt <true|false>] The portlog command options are described in Table 12.
Page 129: Sendeventlog Command
12: C HAPTER OMMAND NTERFACE Sendeventlog Command The sendeventlog command sends the local logfile to a remote FTP server. The syntax of the sendeventlog command is: sendeventlog [ip ipaddress] [login login] [password password] [path pathname] [file filename] The sendeventlog command options are described in Table 13. Table 13 Sendeventlog Command OMMAND PTION...
Page 130 SX U OMINION UIDE Modem Menu Command Examples admin > Config > modem > dialin enable true serverip 10.0.13.211 clientip 10.0.13.212 admin > Config > modem > dialback enable true admin > Config> Modem > show modem Modem Settings: Dialin Enabled: 1 Server IP : 10.0.13.211 Client IP : 10.0.13.212 Dialback : Enabled...
Page 131 NTERFACE On the Remote Radius Server, the user’s configuration should contain the following line: Filter-Id = "raritan:G{<local user group>}:D{<number for dialback>}" Dialback with remote LDAP user. (OpenLdap v.2 & v.3) Dialin and Dialback should be enabled on the device used for modem communication. Primary...
Page 132: Configuring Network
<enable|disable> <interval> Interface Command The interface command is used to configure the Dominion SX network interface. When the command is accepted, the unit will automatically reboot and drop the connection. You must then reconnect using the new IP address and the username admin and password newp/w entered in the resetting factory default password section.
Page 133: Ipforwarding Command
12: C HAPTER OMMAND NTERFACE Interface Command Example The following command enables the interface number 1, sets the IP address, mask, and gateway addresses, and sets the mode to auto detect. admin > Config > Network > interface enable true if lan1 ip 192.16.151.12 mask 255.255.255 gw 192.168.51.12 mode auto IPForwarding Command The ipforwarding command is used to configure the ability to forward between two networks.
Page 134: Route Command
SX U OMINION UIDE Ports Command Example The following command : admin > Config > Network > ports Route Command The route command is used to view the kernel routing table. The syntax of the command is: route <> The command options are described in Table 20. Table 20 Route Command OMMAND PTION...
Page 135: Configuring Nfs
12: C HAPTER OMMAND NTERFACE Routedelete Command Example The following command remove a route from the route table: admin > Config > Network > routedelete Configuring NFS The nfs command enables all keystrokes echoed from the target device to be logged to a remote NFS server located within the network.
Page 136: Configuring Ports
SX U OMINION UIDE Configuring Ports Ports Configuration Menu Target serial ports are configured from the CLI using the ports menu. In addition to the description of the physical nature of the ports, other services may also be defined. Those services are: •...
Page 137 12: C HAPTER OMMAND NTERFACE Command Example admin > ports config port 1 name ld1 bps 115000 parity odd flowcontrol hw detect true escapemode none emulation VT100 The following command displays the current settings for port 1: admin > Config > Port > config port 1 Port number 1: Name: Port1 BPS: 115200...
Page 138: Ports Keywordadd Command
The command options are described in Table 26. Table 26 Port Keyworddelete Command OMMAND PTION ESCRIPTION Command Example admin > ports > keywordadd Configuring Services The following commands provide the ability to configure the Dominion SX server services: • • Encryption • HTTP • HTTPS •...
Page 139: Dpa Command
12: C HAPTER OMMAND NTERFACE dpa Command The permitted TCP Port Range is 1024-65535. When run without the mode parameter, the system displays the current dpa type. The general syntax of the dpa command is: dpa [mode <Normal|IP|TCPPort>] The syntax for accessing a port directly using tcp port# is:: –l sx_user –p...
Page 140 SX U OMINION UIDE Starting DPA for port 1 Authentication successful. Escape Sequence is: Control-] You are now master for the port. Enabling unauthorizedportaccess to a set of ports assigned to 'Anonymous' group. Unauthorized port access is only available for configured DPA methods. Use the following command: admin >...
Page 141: Encryption Command
12: C HAPTER OMMAND NTERFACE Authentication successful. Escape Sequence is: Control-] You are now master for the port. Encryption Command The encryption command sets the type of encryption for HTTPS. Note: The factory default value of this protocol is SSL. The syntax of the encryption command is: encryption [prot <TLS|SSL>] The encryption command options are described in Table 28.
Page 142: Https Command
You can log out at any command level. LPA Command The lpa command is used to display and set the local port access configuration. Dominion SX units have one or two local ports, depending on the model. ( Insert reference to App B for the...
Page 143: Ssh Command
12: C HAPTER OMMAND NTERFACE SSH Command The syntax of the ssh command is: ssh [enable <true|false>] [port value] The ssh command options are described in Table 31. Table 31 SSH Command OMMAND PTION ESCRIPTION Enable or disable SSH access. enable <true|false>...
Page 144: Configuring Snmp
Configuring SNMP The Dominion SX server supports sending SNMP alerts to a predefined SNMP server. The Raritan SNMP MIB may be obtained from the FAQs in the support section of the Raritan web site. (http://www.raritan.com/_downloads/SX-MIB.txt). The following commands configure the SNMP features: •...
Page 145: Snmp Command
[tz] option. Command Example The following example sets the Dominion SX date and time to 12-Jul-06, 09:22:33 AM, in time zone 21. admin > Config > Time > clock tz 21 datetime 2006-07-12 09:22:33...
Page 146: Ntp Command
SX U OMINION UIDE NTP Command The ntp command lets the administrator determine if a Network Time Protocol (NTP) server should be used to synchronize the SX clock to a reference. The syntax of the command is: ntp [enable <true|false>] [primaryntpip] [secondaryntpip] The command options are described in Table 36.
Page 147: Addgroup Command
12: C HAPTER OMMAND NTERFACE Addgroup Command The addgroup command creates a group with common permissions. The syntax of the addgroup command is: addgroup [name groupname] [class <op|ob>] [ports <number|range|*>] The addgroup command options are described in Table 38. Table 38 Addgroup Command OMMAND PTION ESCRIPTION...
Page 148: Deletegroup Command
SX U OMINION UIDE Deletegroup Command The deletegroup command deletes an existing group. The syntax of the deletegroup command is: deletegroup [name groupname] The deletegroup command options are described in Table 40. Table 40 Deletegroup Command OMMAND PTION ESCRIPTION Group name name groupname Command Example admin >...
Page 149: Edituser Command
12: C HAPTER OMMAND NTERFACE Edituser Command The edituser command is used to manage information about a specified user. The syntax of the edituser command is: edituser [user loginname] [fullname user's-fullname] [group name] [dialback phonenumber] [password password] [info user- information] [active <true|false>] The edituser command options are described in Table 43.
Page 150: Connect Commands
SX U OMINION UIDE Connect Commands The connect commands provide a means to access ports and their history.. Table 44 Connect Commands OMMAND ESCRIPTION Connect to a port. The port sub-menu, reached using escape key sequence. connect clearhistory Clear history buffer for this port. Close this target connection.
Page 151: Ipmidiscover
12: C HAPTER OMMAND NTERFACE IPMIDISCOVER The ipmidiscover tool is user to discover Intelligent Platform Management Interface (IPMI) servers in the network. • The IP address range can be set using startIP and endIP. • Only users belonging to the Administrator group are able to configure the support of IPMI.
Page 152: Ipmitool
SX U OMINION UIDE IPMITOOL This command lets you manage the IPMI functions of a remote system. These functions include printing FRU information, LAN configuration, sensor readings, and remote chassis power control. The ipmitool command controls IPMI-enabled devices. The user name to access the IPMI device is ADMIN, password ADMIN.
Page 153 12: C HAPTER OMMAND NTERFACE raw – Send a RAW IPMI request and print response <command> i2c – Send an I2C Master Write-Read command and print response lan – Configure LAN Channels chassis – Get chassis status and set power state power –...
Page 154: Listports Command
B – Busy • D – Down • U – Up Maintenance Commands The maintenance commands are used by administrators to perform maintenance related tasks on the Dominion SX firmware. The following commands are system commands: • backup • cleareventlog • factoryreset •...
Page 155: Backup Command
NTERFACE Backup Command The backup command makes a copy of the Dominion SX configuration and writes the backup onto an ftp server. The current SX device configuration is saved to the computer with the IP set in the command parameters in an encrypted format. All device settings are stored in the file EXCEPT network settings.
Page 156: Firmware Command
SX U OMINION UIDE Command Example admin > Maintenance > factoryreset Network Settings: Name: DominionSX Domain : raritan.com CSC Port: 5000 Discover Port: 5000 IP: 192.168.0.192 Net Mask : 255.255.255.0 Gateway : 192.168.0.192 Failover : true Do you wish to commit these settings (no/yes) (default: no) Firmware Command The firmware command provides the versions of the firmware.
Page 157: Reboot Command
Do you want to proceed with the reboot? (no/yes) (default: no) Restore Command The restore command retrieves a copy of the Dominion SX system from a system and writes the file to the Dominion SX server. The syntax of the restore command is: restore [ip IP] <login LOGIN>...
Page 158: Sendeventlog Command
SX U OMINION UIDE Sendeventlog Command The sendeventlog command sends the local logfile to a remote FTP server. The syntax of the sendeventlog command is: sendeventlog [ip ipaddress] [login login] [password password] [path pathname] [file filename] The sendeventlog command options are described in Table 53 Table 53 Sendeventlog Command OMMAND PTION...
Page 159: Upgradehistory Command
> Config > Log > vieweventlog Security Commands Dominion SX controls the ability to hack into the system by using random logins. The following security command menus provide access to the commands needed to configure the Dominion SX security features: •...
Page 160: Banner Command
FTP server IP address login login FTP Server login name password password FTP Server password path pathname server path banner file banner.txt. for example,/ftphome/banner.txt Command Example admin > Security > Banner> ftpgetbanner ip 72.236.162.171 login raritan password acy path /ftphome/banner.txt...
Page 161: Certificate Command Menu
12: C HAPTER OMMAND NTERFACE Certificate Command Menu The certificate command menu provides the client and server commands to create and manage security certificates. The syntax of the certificate command is: certificate <> Note: For a description of how to enable LDAP over SSL with a third-party certification authority, refer to http://support.microsoft.com/default.aspx?scid=kb;en-us;321051.
Page 162: Firewall Command
SX U OMINION UIDE Firewall Command The firewall command provides control for the turning on or off the firewall. The syntax of the firewall command is: firewall [enable <true|false>] The firewall command options are described in the following table. Table 59 Firewall Command OMMAND PTION ESCRIPTION...
Page 163 12: C HAPTER OMMAND NTERFACE Save the IP Tables. -save --state NEW <enter rule to trigger here> -t filter iptables Command Examples Iptables can be configured in a plethora of ways that is outside the scope of this document. The examples below show some simple configuration options created with iptables.
Page 164: Kerberos Command
SX U OMINION UIDE Clear the iptables rules To clear the iptables rules. admin > Security >firewall >iptables --flush Save the configured settings To save the iptables rules into the local database. admin > Security >firewall >iptables-save Execute this command once you have configured all the settings. Kerberos Command The kerberos command menu provides access to the commands used to configure the Kerberos network authentication protocol.
Page 165: Loginsettings Commands
Success kadmin: addprinc host/dsx-182.domain.com@REALM kadmin: addprinc HTTP/dsx-182.raritan.com@RARITAN.COM Loginsettings Commands The loginsettings command menu provides access to the commands used to configure the systemwide login settings. The loginsettings commands are listed in the table below. Table 62 Loginsettings Commands OMMAND ESCRIPTION idletimeout Set systemwide idletimeout.
Page 166: Inactiveloginexpiry Command
SX U OMINION UIDE idletimeout [number value] time idletimeout Command Example admin > Security > LoginSettings > idletimeout time 99 Inactiveloginexpiry Command The inactiveloginexpiry command sets the number of days before an account will expire due to inactivity. The syntax of the inactiveloginexpiry command is: inactiveloginexpiry [days value] The inactiveloginexpiry command options are described in Table 63.
Page 167: Singleloginperuser Command
> Security > LoginSettings > singleloginperuser enable true Strongpassword Command The Dominion SX server supports both standard and strong passwords. • Standard passwords have no rules associated with them; that is, they can be in any format and will not expire.
Page 168: Unauthorizedportaccess Command
SX U OMINION UIDE Table 67 Strongpassword Command OMMAND PTION ESCRIPTION StrongPasswordRulesEnable true/false PWUppercaseRequired true/false PWLowercaseRequired true/false PWNumberRequired true/false PWSymbolRequired true/false PasswordValidityPeriod Number of days before expiration PasswordHistoryDepth Number Passwords until repeat allowed MinPasswordLength Minimum password length MaxPasswordLength Maximum password length Strongpassword Command Example The following example sets the Strong Password rules in effect: •...
Page 169: Securityprofiles Commands
Enable and select a Security Profile. Profiledata Command The profiledata command is used to modify or view a security profile. The Dominion SX provides the ability to define security profiles which simplify the assigning of permissions to users and groups. There are three types of profiles: •...
Page 170 SX U OMINION UIDE...
Page 171: Chapter 13: Intelligent Platform Management Interface
13: I HAPTER NTELLIGENT LATFORM ANAGEMENT NTERFACE Chapter 13: Intelligent Platform Management Interface The Intelligent Platform Management Interface (IPMI lets you manage the IPMI functions of a remote system. The following topics are covered in this chapter: • Discover IPMI Devices •...
Page 172: Ipmi Configuration
SX U OMINION UIDE IPMI Configuration IPMI configuration lets you manage the IPMI functions of a remote system. These functions include printing FRU information, LAN configuration, sensor readings, and remote chassis power control. Click on the IPMI Configuration section of the IPMI screen to get IPMI configuration information.
Page 173 13: I HAPTER NTELLIGENT LATFORM ANAGEMENT NTERFACE Interfaces: open Linux OpenIPMI Interface [default] Intel IMB Interface IPMI v1.5 LAN Interface Commands: Send a RAW IPMI request and print response Send an I2C Master Write-Read command and print response Configure LAN Channels chassis Get chassis status and set power state power...
Page 174 SX U OMINION UIDE...
Page 175: Chapter 14: Power Control
14: P HAPTER OWER ONTROL Chapter 14: Power Control Power Control lets you manage the power functions. The following topics are covered in this chapter: • Power Control • Associations Power Control • Power Strip Power Control • Power Strip Status Port Power Associations You can associate one or more outlets on a powerstrip connected to the DSX to specific DSX ports.
Page 176: Delete A Port Power Association
SX U OMINION UIDE Delete a Port Power Association To delete a port power association: Click the Setup tab, and then click Port Power Association List. Click Add. The Port Power Association screen appears. Select the association in the Outlet Association list. Click Delete.
Page 177: Power Association Groups
14: P HAPTER OWER ONTROL Power Association Groups To create a power associations group: Click the Setup tab, and then click Power Association Groups List. Click Add. The Power Association Groups screen appears. Figure 95 Power Association Group Screen Type a name and description in the Group Name and Description fields. Select the number of outlets from the drop-down menu in the Number of Outlets field.
Page 178: Associations Power Control
SX U OMINION UIDE Associations Power Control Click Associations Power Control on the Power Control menu to access the tool to manage power control associations. Figure 97 Associations Power Control Note: When executing power on/off operation, about ~5 seconds are added to the configured sequential interval, resulting in an operational delay time (minimum amount of time to operate).
Page 179: Power Strip Power Control
14: P HAPTER OWER ONTROL Power Strip Power Control Click Power Strip Power Control on the Power Control menu to access the tool to manage power strips. Figure 98 Power Strip Power Control...
Page 180: Power Strip Status
SX U OMINION UIDE Power Strip Status Click Power Strip Status on the Power Control menu to check power strip status. Figure 99 Power Strip Status...
Page 181: Chapter 15: Top-10 Use Cases
(http://www.raritan.com/support/firmwareupgrades and look for SX under Dominion Family) 3. Download the new SX firmware stored as UpgradePack from Raritan support website to an FTP server (for example, a FileZilla server), assuming that FTP server has an IP address of 192.168.51.204. Extract the zip file to a folder under FTP root directory, for example: \home\downloads\firmware\UpgradePack_2.5.6_3.1.0.5.2\Pack1of1.
Page 182: Case 4. Configuring Ldap
Case 6. Performing Factory Reset on DSX Purpose: To set DSX configuration back to factory defaults through GUI. Log in SX via a web browser with your login username and password, such as (admin/raritan).
Page 183: Case 7. Managing User Profiles On Dsx
Select the Port Access Tab, and click on the port name you wish to access, e.g. Port 1. Select YES to proceed through security warning(s). The Raritan Serial Console (RSC) will be launched in a separate window – press enter key to “wake up” session.
Page 184: Case 10. Cli / Ssh Connection To Sx Port
Enter the admin username and password: login as: admin The password prompt appears. Enter the default password: raritan The console will display all the ports on SX unit with port numbers. Enter a port number at the prompt, for example: admin>...
Page 185: Appendix A: Specifications
DB9 and DB25 Nulling Serial Adapter Pinouts • DSX Terminal ports Dominion SX Models and Specifications The following table lists the Dominion SX models by the number of ports (4 – 48) in the unit. Table 71 Dominion SX Specifications ODEL ORTS...
Page 186: Table 72 Dominion Sx Dimensions And Weight
SX U OMINION UIDE The following table lists the Dominion SX models, their dimensions, and weight. Table 72 Dominion SX Dimensions and Weight MODEL DIMENSIONS WEIGHT (W) x (D) x (H) DSX4 11.41"x 10.7"x 1.75"; 290x 270 x 44mm 4.61 lbs; 2.08kg DSXB-4-M 11.41"x 10.7"x 1.75";...
Page 187: Requirements
A: S PPENDIX PECIFICATIONS Requirements The following table lists the requirements for the DSX. Table 73 Dominion SX Requirements EQUIREMENTS ESCRIPTION Power 110/220V auto-switching: 50-60 Hz or -36 to -72V DC for DC-powered models Operating Temperature 32° to 104° F (0° to 40° C)
Page 188: Connectivity
SX U OMINION UIDE Connectivity The following table lists the necessary Dominion SX hardware (adapters and/or cables) for connecting the DSX to common Vendor/Model combinations. Table 75 Connectivity VENDOR DEVICE CONSOLE SERIAL CONNECTION CONNECTOR Checkpoint Firewall DB9M ASCSDB9F adapter and a CAT 5...
Page 189: Dominion Sx Serial Rj-45 Pinouts
PECIFICATIONS Dominion SX Serial RJ-45 Pinouts To provide maximum port density and to enable simple UTP (Category 5) cabling, Dominion SX provides its serial connections via compact RJ-45 ports. However, no widely adopted industry- standard exists for sending serial data over RJ-45 connections.
Page 190: Db9M Nulling Serial Adapter Pinouts
6, 8 Dominion SX Terminal Ports All Dominion SX models, except the DSX16 and DSX32, have the same pinouts on the two DB9M serial ports. This applies to models with two serial ports. All dual-LAN (dual-power) models have one RJ-45 serial port. The DSX16 and DSX32 models have only one external...
Page 191: Table 81 Dominion Sx Terminal Port Pinouts-First Port
GUI and the CLI using the lpa command through SSH or Telnet, if it is enabled. The telnet server on the Dominion SX unit is disabled by default. Models with two terminal ports support an external modem on only the port with the RI signal.
Page 192: Dominion Sx16 And Sx32 Terminal Ports
SX U OMINION UIDE Dominion SX16 and SX32 Terminal Ports A modem should not be connected to the DSX16 and DSX32 terminal port because the Ring Indicator (RI) signal is not present. These models have a built-in modem that can be enabled or disabled.
Page 193: Appendix B: System Defaults
B: S PPENDIX YSTEM EFAULTS Appendix B: System Defaults This appendix contains the system defaults and directions for port access. Table 84 Dominion SX System Defaults EFAULT IP Address 192.168.0.192 Subnet Mask 255.255.255.0 CSC Port Address (TCP) 5000 Port address for CC...
Page 194: Table 85 Initiating Port Access
SX U OMINION UIDE Use the following information for initiating port access: Table 85 Initiating Port Access INITIATE PORT ACCESS ORTS EPT OPEN OR DIRECTIONS USING LOSED HTTP Ports 80, 443 and 5000 must be Both kept open in the firewall for the unit to operate.
Page 195: Appendix C: Certificates
CA store. The Dominion SX certificates can be added into a browser as Trusted CA. Default SX Certificate Authority Settings The Server Certificate generated in the Dominion SX unit must be installed in the browser in order for the browser to trust the Server Certificate.
Page 196 SX U OMINION UIDE Install the Dominion SX Server Certificate section that follows.
Page 197: Install The Dominion Sx Server Certificate In Internet Explorer
By installing the Dominion SX Server certificate in IE, you can prevent the Security Alert window from appearing whenever you access the Dominion SX Unit. This step will have to be performed for each SX unit that you wish to access.
Page 198: Remove An Accepted Certificate In Internet Explorer
By installing the Dominion SX Server certificate in Netscape, you can prevent the Security Alert window from appearing whenever you access the Dominion SX Unit. This step will have to be performed for each SX unit that you wish to access from each client’s browser.
Page 199: Accept A Certificate (Session-Based)
ERTIFICATES Accept a Certificate (Session-Based) On initially connecting to a Dominion SX unit will be presented with a certificate warning screen. This certificate by default will be signed by the local SX unit's CA as described above and you will have to accept this certificate to continue. To eliminate the appearance of this window for this Dominion SX unit permanently, you must install the server certificate in your browser.
Page 200: Install A Third-Party Root Certificate
Note: Some CAs will provide the root certificate code in text format rather than providing a downloadable root certificate. If this occurs, select the root certificate code, copy it, and follow the steps outlined in the section Install the Raritan Root Certificate, then follow the steps outlined below.
Page 201: Installing A Third-Party Root Certificate To Netscape Navigator
In order to have a third party CA certificate (e.g. Verisign) installed on the SX rather than the internal CA on the Dominion SX signing the certificate, a Certificate Signing Request (CSR) must be generated by the SX to be signed. The third party CA will take this CSR and generate a Certificate and this certificate must be installed onto the SX with the third party’s CA's public key...
Page 202: Install Client Root Certificate Into The Sx
SX U OMINION UIDE Select the Install User Key radio button. Insert the ftp parameters to retrieve the CA Public key file. Click OK. The SX will show “User Key Installed” at top of pane. Select the Install User Certificate radio button. Fill in the ftp parameters to retrieve the CA signed Certificate.
Page 203 C: C PPENDIX ERTIFICATES...
Page 204 SX U OMINION UIDE...
Page 205: Appendix D: Server Configuration
Dominion SX to use an IAS server. Configure the Dominion SX to Use an IAS RADIUS Server The tasks to set up the Dominion SX unit to use an IAS RADIUIS server are: • Configure a Primary Radius Server (and optional secondary Radius server) •...
Page 206: Create An Ias Policy
The following section describes the steps to create a policy to allow Radius users to access the Dominion SX. The example in this section requires two conditions, the client source IP address of the Dominion SX and the UserID is a member of the SX User Group: •...
Page 207: Cisco Acs Radius Server
You can define port access and user class (operator or observer). This user group will be used later as a value to the Filter-Id attribute on the Cisco Radius Server. The Dominion SX comes with factory default group Admin that will be used as an example in this section; however, any local group can be used as value to the Filter-Id attribute on the Cisco ACS Server.
Page 208 Note: If there is more then one Radius user requiring the same authorization on the Dominion SX, the Filter-Id attribute and its value can be defined at the group level on the Cisco ACS as long as these users belong to the same group.
Page 209: Tacacs+ Server Configuration
The Dominion SX unit has the capability to use Terminal Access Controller Access-Control System Plus (TACACS+) for authentication services. The Dominion SX requires a new service to be added and two argument-value pairs to be returned by the server. The new service is called dominionsx. The valid authorization parameter is user-group.
Page 210 SX U OMINION UIDE 2. Select Interface Configuration. Figure 101 Cisco ACS Interface Configuration 3. Select TACACS+ (Cisco IOS). 4. Add dominionsx service under the heading New Services. Figure 102 TACACS+ Properties...
Page 211: Active Directory
Note: The value for the user-group attribute is case sensitive so ensure that it matches exactly the same as the local group name on Dominion SX unit. Figure 41 TACACS+ Settings Active Directory See the following Microsoft URL for information about active directory.
Page 212 SX U OMINION UIDE...
Page 213: Appendix E: Modem Configuration
Configuring Microsoft Windows Dial-Up Networking for use with Dominion SX allows configuration of a PC to reside on the same (Define?)PPP network as the Dominion SX. After the dial-up connection is established, connecting to a Dominion SX is achieved by pointing the web browser to the PPP Server IP.
Page 214 Entry name: Name of the Dominion SX connection o Phone number: Phone number of the line attached to the Dominion SX unit o Dial using: Modem being used to connect to Dominion SX; if there is no entry here, there is no modem installed in your workstation 4.
Page 215: Windows 2000 Dial-Up Networking Configuration
E: M PPENDIX ODEM ONFIGURATION 6. Click OK to return to the main Dial screen. Figure 105 Dial-Up Security Display 7. Click Dial. See the Windows NT Users Guide if you receive any error message. Windows 2000 Dial-Up Networking Configuration 1.
Page 216 4. Click the Dial-up to private network radio button and click Next. Figure 107 Network Connection Type 5. Select the check box before the modem that you want to use to connect to the Dominion SX unit and then click Next.
Page 217 E: M PPENDIX ODEM ONFIGURATION 8. Click Next. Figure 109 Phone Number to Dial Connection Availability Screen appears. 1. Click on the Only for myself radio button in the Connection Availability screen. 2. Click Next. Figure 110 Connection Availability The Network Connection has been created 3.
Page 218: Windows Xp Dial-Up Networking Configuration
SX U OMINION UIDE Windows XP Dial-Up Networking Configuration 1. Select Start → Programs → Accessories → Communications → New Connection Wizard. 2. Click Next and follow the steps in the New Connection Wizard to create custom dialup network profiles. 3.
Page 219 E: M PPENDIX ODEM ONFIGURATION 5. Click on the radio button before Connect using a dial-up modem and click Next. Figure 113 Internet Connection 6. Type a name to identify this particular connection in the ISP Name field and click Next. Figure 114 Connection Name...
Page 220 SX U OMINION UIDE 7. Type the phone number of this connection in the Phone number field and click Next. Figure 115 Phone Number to Dial 8. Type your ISP information; type the User name and Password in the appropriate fields, and retype the password to confirm it.
Page 221: Appendix F: Troubleshooting
• Should the ping succeed, consult the following topics. DNS Error/Server When attempting to connect to the Dominion SX URL using Unreachable Microsoft IE, a web page may appear indicating a DNS error and reading that the server is unreachable.
Page 222: Firewall
Login Failure Firewalls must be configured to allow connections using the Dominion SX configurable port network parameter (Default 51000). If the firewall does not allow these connections, the applet indicates that the login has failed.
Page 223: Login
F: T PPENDIX ROUBLESHOOTING Login Table 88 Troubleshooting Login ROBLEM OLUTION Login Failure To provide additional security, the unit login screen expires after three minutes. Therefore, all login attempts after this time period will fail. Reload the browser to reset this timer. Hold down the SHIFT key and click Reload in your browser.
Page 224: Upgrade
SX U OMINION UIDE Upgrade Table 90 Troubleshooting Upgrade ROBLEM OLUTION FTP - Server Unreachable If FTP server specified in the upgrade panel is unreachable or incorrect, the upgrade process halts until a response is received from the FTP server or until a timeout occurs. Wait and allow the FTP Server Unreachable message to appear.
Page 225 F: T PPENDIX ROUBLESHOOTING 255-60-2000-00...
Page 226 Raritan Australia Offices Raritan Melbourne Asia Pacific Headquarters Raritan Deutschland GmbH Level 2, 448 St Kilda Rd., Raritan Asia Pacific, Inc. Lichtstraße 2 Melbourne, VIC3004 5F, 121 , Lane 235 , Pao-Chiao Road, D-45127 Essen, Germany Australia Hsin Tien 231, Tel.

Raritan Dominion SX User Manual

Table of Contents

Table of Contents

Chapter 1: Introduction

Chapter 2: Installation

Chapter 3: Initial Software Configuration

Chapter 4: Network Settings and Services

Chapter 5: User Profiles and Groups

Chapter 6: Remote Authentication

Chapter 7: Port Configuration and Port Access Application

Chapter 8: Security

Chapter 9: Logging

Chapter 10: Maintenance

Chapter 11: Diagnostics

Chapter 12: Command Line Interface

Chapter 13: Intelligent Platform Management Interface

Chapter 14: Power Control

Chapter 15: Top-10 Use Cases

Appendix A: Specifications

Appendix B: System Defaults

Appendix C: Certificates

Appendix D: Server Configuration

Appendix E: Modem Configuration

Appendix F: Troubleshooting

Quick Links

User Guide

Chapters

Troubleshooting

Need help?

Questions and answers

Related Manuals for Raritan Dominion SX

Summary of Contents for Raritan Dominion SX