Page 3
ACS v6000 Installation/Administration/User Guide Avocent, the Avocent logo, The Power of Being There, DSView and Cyclades are trademarks or registered trademarks of Avocent Corporation or its affiliates in the U.S. and other countries. Microsoft and Internet Explorer are registered trademarks of Microsoft Corporation in the United States and/or other countries.
T A B L E O F C O N T E N T S Introduction Features and Benefits Access options Web Manager IPv4 and IPv6 support Flexible users and groups Security Authentication VPN based on IPSec with NAT traversal Packet filtering SNMP Data logging, notifications, alarms and data buffering...
Page 5
ACS v6000 Installation/Administration/User Guide Settings Devices IPv4 and IPv6 static routes Hosts Firewall IPSec(VPN) SNMP Configuration Ports Serial ports CAS Profile Authentication Appliance authentication Authentication servers Users Accounts and User Groups Local accounts User groups Event Notifications Event List Event Destinations...
Introduction The Avocent ACS v6000 virtual advanced console server serves as a single point for access and administration of connected virtual machines. Virtual console servers support secure remote data center management and out-of-band management of IT assets from any location worldwide.
ACS v6000 Installation/Administration/User Guide Web Manager Users and administrators can perform most tasks through the web manager (accessed with HTTP ® ® or HTTPS). The web manager runs in the Microsoft Internet Explorer 6.0 and 7.0 internet ® ® browser, and the Mozilla...
Chapter 1: Introduction administrator can assign to custom user groups. For more information, see Users Accounts and User Groups on page 38. Security Security profiles determine which network services are enabled on the virtual console server. Administrators can either allow all users to access enabled ports or allow the configuration of group authorizations to restrict access.
ACS v6000 Installation/Administration/User Guide Data logging, notifications, alarms and data buffering An administrator can set up data logging, notifications and alarms to alert administrators of problems with email, SMS, SNMP trap or DSView 3 software notifications. An administrator can also store buffered data locally, remotely or with DSView 3 software. Messages about the virtual console server and connected servers or devices can also be sent to syslog servers.
Network adaptor • Access to the ACS v6000 virtual console server ISO file An ACS v6000 virtual console server can be installed from an ISO file. The installation procedure is a two-stage process: creating the virtual machine and installing the virtual console server onto the virtual machine.
Page 11
It is necessary create and configure the virtual serial ports used by the virtual server. The serial port created on the virtual server will be connected to one of the serial ports created on the ACS v6000 virtual console server. To add a virtual serial port to the virtual machine to be used as console: 1.
7. Enable use of the Virtual Serial Port Concentrator and enter the location in the vSPC URI field. The syntax of this field is where <ACS v6000> telnet://<ACS v6000>:<vSPC port> is the IP address or hostname of the virtual console server and <vSPC port> is the vSPC port configured in the virtual console server to listen for connections.
Page 13
ACS v6000 Installation/Administration/User Guide To use Telnet to connect to a device through a serial port: For this procedure, you need the username configured to access the serial port, the port name (for example, 14-35-60-p-1), device name (for example, ttyS1), TCP port alias (for example, 7001) or IP port alias (for example, 100.0.0.100) and the hostname of the virtual console server...
Page 14
Chapter 2: Installation -or- ssh -l username:TCP_Port_Alias [hostname | IP_address] -or- ssh -l username IP_Port_Alias To close an SSH session: At the beginning of a line, enter the hotkey defined for the SSH client followed by a period. The default is .
Accessing a Virtual Console Server via the Web Manager Once you’ve connected your ACS v6000 virtual console server to a network, you can access the virtual console server via the web manager. The web manager provides direct access to the virtual console server via a graphical user interface instead of a command-based interface.
ACS v6000 Installation/Administration/User Guide Figure 3.1: Administrator Web Manager Screen Table 3.1: Web Manager Screen Areas Number Description Top option bar. The name of the appliance and of the logged in user appear on the left side. Refresh, Print, Logout and Help buttons appear on the right.
Page 18
Chapter 3: Accessing a Virtual Console Server via the Web Manager CAS Profile and set the Security Profile, Network, Users Settings and add licenses using the Wizard. By default, the first time an administrator accesses the virtual console server through the Web Manager, the Wizard will be displayed.
Page 19
ACS v6000 Installation/Administration/User Guide 3. If desired, uncheck the box(es) to disable Bootp Configuration Retrieval and/or Live Configuration Retrieval. 4. If you are not using DSView 3 software to manage the appliance, uncheck the Allow Appliance to be Managed by DSView box.
Chapter 3: Accessing a Virtual Console Server via the Web Manager 5. Click Next to configure users or click on the Network, Security, License or Users link to open the appropriate screen. To configure users and change the default user passwords: WARNING: For security reasons, it is recommended you change the default password for both root and admin users.
ACS v6000 Installation/Administration/User Guide is authorized to access. 2. Select Serial Viewer from the Action column. A Java applet viewer appears. In a gray area at the top of the viewer, the Connected to message shows the IP address of the virtual console server followed by the default port number or alias.
Page 22
Chapter 3: Accessing a Virtual Console Server via the Web Manager • Allow all users to access enabled ports or allow the configuration of group authorizations to restrict access • Enable or disable BootP Configuration Retrieval and/or Live Configuration Retrieval •...
ACS v6000 Installation/Administration/User Guide Date and Time The virtual console server provides two options for setting the date and time. It can retrieve the date and time from a network time protocol (NTP) server or you can set the date and time manually so that the virtual console server’s internal clock is used to provide time and date...
To delete an association, check the box next to the association(s) you want to delete and then click Delete. To resync all associations, click Resync. NOTE: Changes in the vSPC port configuration or in the ACS v6000 virtual console server's IP address may require the association to be resynced.
Page 25
ACS v6000 Installation/Administration/User Guide 2. Use the Search Filter to find all Virtual Machines that have serial ports available for association and that also have the search string filter. Click Next. 3. In the Virtual Machine ID field, select the virtual server you want to associate.
The password will be encrypted and stored in the appliance. The virtual console server will be registered in the vCenter as ACS v6000 and it will not show up in any list of available virtual machines for association.
ACS v6000 Installation/Administration/User Guide Settings Click Network - Settings to make changes to the configured network settings. Devices An administrator can select, enable and configure the IP addresses assigned to the network interfaces and view the MAC address. To configure a network device: 1.
Chapter 3: Accessing a Virtual Console Server via the Web Manager 4. Enter the IP address of the gateway in the Gateway field. 5. Enter the number of hops to the destination in the Metric field, then click Save. Hosts An administrator can configure a table of host names, IP addresses and host aliases for the local network.
Page 29
ACS v6000 Installation/Administration/User Guide If LOG is selected from the Target pull-down menu, the administrator can configure a Log Level, a Log Prefix and whether the TCP sequence, TCP options and IP options are logged in the Log Options Section.
Chapter 3: Accessing a Virtual Console Server via the Web Manager NOTE: Spaces are not allowed in the chain name. 6. Add one or more rules to complete the chain configuration. To change the policy for a default chain: NOTE: User-defined chains cannot be edited. To rename a user-added chain, delete it and create a new one. 1.
Page 31
ACS v6000 Installation/Administration/User Guide Use the Add button to add a VPN connection or click on an existing connection name to edit one already in the list. Click the Delete button to delete an existing connection. If NAT settings need to be changed, click the Configure NAT button.
An administrator can configure SNMP, which is needed if notifications are to be sent to an SNMP management application. NOTE: The Avocent ACS v6000 Enterprise MIB text file is available in the appliance at: /usr/local/mibs/ACSv6000- MIB.asn. The Avocent ACS v6000 Enterprise TRAP MIB text file is available in the appliance at: /usr/local/mibs/ACSv6000-TRAP-MIB.asn.
ACS v6000 Installation/Administration/User Guide 6. If the required SNMP version is v1 or v2, click the Version v1, v2 button, then enter the source (valid entry is the subnet address). -or- If the required SNMP version is v1 or v2 using an IPv6 network, click the Version v1,v2 for IPv6 network button, then enter the source (valid entry is the subnet address).
Page 34
Chapter 3: Accessing a Virtual Console Server via the Web Manager d. Enter the text session and power session hotkeys in the appropriate fields. Enter the TCP port alias in the appropriate field. Enter the IPv4 or IPv6 alias and its interface in the appropriate field. g.
Page 35
ACS v6000 Installation/Administration/User Guide Parameter Description The target name will be discovered and will be associated with this Enable Auto Discovery serial port. If it fails, the Port Name will be used. Default: Disabled. The protocol that will be used to access the serial port/target. SSH - Authorized users can use SSH to connect to the console of a connected device.
Page 36
Chapter 3: Accessing a Virtual Console Server via the Web Manager Parameter Description Interval in seconds used by DTR Mode Off Interval in milliseconds. DTR Off Interval Default: 100. Enables the suppression of the LF character after the CR character. Line Feed Suppression Default: Disabled.
ACS v6000 Installation/Administration/User Guide To copy/clone the configuration of one port to other ports: 1. Select Ports - Serial Ports. 2. Click the checkbox for the serial port you want to clone. 3. Click the Clone button. 4. Enter the serial port(s) to be configured in the Copy Configuration To field and click Save.
Page 38
Chapter 3: Accessing a Virtual Console Server via the Web Manager The match strings are regular expressions where “%H” is a placeholder for the target name you want to detect, such as: “ \\(.*\\)(%H)\\(.*\\)” or just “xxx%Hyyy”. The first one will extract target name from things such as: nanana(myTarget): à...
Page 39
ACS v6000 Installation/Administration/User Guide To delete an auto input and output string, select the checkbox next to the string you want to delete. Click Delete, then click Save. Pool of CAS ports An administrator can create a pool of serial ports where each serial port in the pool shares a pool name, TCP Port Alias, IPv4 Alias and IPv6 Alias.
Chapter 3: Accessing a Virtual Console Server via the Web Manager Table 3.6: Pool of CAS Ports Parameters Parameter Description Pool Name The name of the pool. The pool name is mandatory and should follow hostname guidelines, not exceed 64 characters and start with a letter. TCP Port The TCP Port Alias where the pool responds.
ACS v6000 Installation/Administration/User Guide authentication method that is configured for the virtual console server or the ports is used for authentication of any user who attempts to log in through Telnet, SSH or the web manager. Appliance authentication The virtual console server authenticates for the virtual console server and the ports, either in groups or individually.
Page 42
Chapter 3: Accessing a Virtual Console Server via the Web Manager 4. Enter your secret word or passphrase in the Secret field (applies to both first and second authentication and accounting servers), then re-enter the secret word or passphrase in the Confirm Secret field.
ACS v6000 Installation/Administration/User Guide 6. Enter your Database Password, then re-type the database password in the Confirm Password field. 7. Enter your desired Login Attributes. 8. Click Save. To configure a Kerberos authentication server: 1. Select Authentication - Authentication Servers - Kerberos.
Chapter 3: Accessing a Virtual Console Server via the Web Manager Local accounts The admin and root are equivalent users but named differently to address users familiar with either Avocent or Cyclades™ appliances. Regular users can be granted permissions by administrators at any time.
ACS v6000 Installation/Administration/User Guide • Warning Days: Enter the number of days that a warning is issued to the user prior to expiration. Entering will cause the warning to be issued on the expiration day. A negative value or no value means that no warning will be issued.
Page 46
Chapter 3: Accessing a Virtual Console Server via the Web Manager configure ports and add users. NOTE: The only configuration allowed for the admin group is adding or deleting members. To view admin Appliance Access Rights: 1. Click Users - Authorization - Groups. The Group Names screen is displayed, showing the three default user groups along with any groups that have been created.
Page 47
ACS v6000 Installation/Administration/User Guide appliance-admin group Members of the appliance-admin group have access restricted to tasks for managing only the appliance. Appliance-admin user group members have no access to the serial ports, and share all of the appliance access rights as admin except for Configure User Accounts and Shell Access, which are permanently disabled for this group.
Page 48
Chapter 3: Accessing a Virtual Console Server via the Web Manager 4. Move users from the Available Users box on the left to the box on the right by double- clicking on the username, or by selecting the name and clicking the Add button. You can remove any names from the box on the right by double-clicking on the name or by selecting the name and clicking the Remove button.
Page 49
ACS v6000 Installation/Administration/User Guide Command Description Displays local IPv6 assigned to the serial port -u <name> Username to be used in the target session Escape character used to close the target session. Default -e <[^]char> Ctrl-X value: Sorted lists ports and exit Read-Only mode <portname>...
Page 50
Chapter 3: Accessing a Virtual Console Server via the Web Manager To configure a group in a TACACS+ authentication server: 1. On the server, add raccess service to the user configuration. 2. Define which group(s) the user belongs to in the raccess service following this syntax: group_name = <Group1>[,<Group2,...,GroupN>];...
ACS v6000 Installation/Administration/User Guide During the authentication phase, the console server will receive the attribute FramedFIlterID from the RADIUS server. The user regina belongs to authorization group RADIUS_1 and RADIUS_2. and the user special belongs to authorization group admin. To configure group an LDAP authentication server: On the LDAP server, edit the info attribute for the user and add the following syntax.
Chapter 3: Accessing a Virtual Console Server via the Web Manager 3. Select Remote Server - IPv4 to enable syslog messages to be sent to one or more remote IPv4 syslog servers, and enter the IPv4 Address or Hostname. Separate multiple server addresses by commas.
ACS v6000 Installation/Administration/User Guide 4. To configure data buffer storage on a syslog server in the Syslog Data Buffering Settings section; select a facility number from the drop-down menu: Log Local 0, Log Local 1, Log Local 2, Log Local 3, Log Local 4 or Log Local 5.
Chapter 3: Accessing a Virtual Console Server via the Web Manager Table 3.8: Monitoring Screens Screen Name Definition Shows Ethernet ports and PC card Device Name, Status (enabled/disabled), Network - Devices IPv4 Address, IPv4 Mask and IPv6 Address. Network - IPv4 Routing Table Shows Destination, Gateway, Genmask, Flags, Metric, Ref, Use and lface.
Page 55
ACS v6000 Installation/Administration/User Guide Figure 3.3: Web Manager Regular User Screen Table 3.9: Web Manager Regular Users Screen Functional Areas Number Description Top option bar. The name of the virtual console server and the name of the logged in user appears on the left side and Refresh, Print, Logout and Help buttons appear on the right.
A P P E N D I C E S Appendix A: BootP Configuration Retrieval The BootP Configuration Retrieval option allows the entire unit configuration to be retrieved over BootP/TFTP during boot and during DHCP renewal. There are two ways to push a configuration during a DHCP request/renewal. The configuration can be sent as file created by the Save Configuration appliance system tool, or it can be sent as a CLI script to be executed under the command line scripting interface.
Appendices Appendix B: Technical Support Our Technical Support staff is ready to assist you with any installation or operational issues you encounter with your Avocent product. If an issue should develop, follow the steps below for the fastest possible service. To resolve an issue: 1.
Page 58
For Technical Support: www.avocent.com/support 590-1034-501B...