Page 1 LES1208A-R2 LES1308A LES1408A LES1508A LES1216A-R2 LES1316A LES1416A LES1516A LES1232A LES1332A LES1432A LES1532A LES1248A-R2 LES1348A LES1448A LES1548A Value-Line and Advanced Console Servers User’s Manual Securely manage data center and network equipment from anywhere in the world. Order toll-free in the U.S.: Call 877-877-BBOX (outside U.S. call 724-746-5500)
Page 2 Value-Line and Advanced Console Servers Manual Trademarks Used in this Manual Black Box and the Double Diamond logo are registered trademarks of BB Technologies, Inc. Cisco is a registered trademark of Cisco Technology, Inc. Mac is a registered trademark of Apple Computers, Inc.
Page 3 Value-Line and Advanced Console Servers Manual Federal Communications Commission and Industry Canada Radio Frequency Interference Statements This equipment generates, uses, and can radiate radio-frequency energy, and if not installed and used properly, that is, in strict accordance with the manufacturer’s instructions, may cause inter ference to radio communication. It has been tested and found to comply with the limits for a Class A computing device in accordance with the specifications in Subpart B of Part 15 of FCC rules, which are designed to provide reasonable protection against such interference when the equipment is operated in a commercial environment.
Page 4: Instrucciones De Seguridad
FCC and IC RFI Statements Instrucciones de Seguridad (Normas Oficiales Mexicanas Electrical Safety Statement) 1. Todas las instrucciones de seguridad y operación deberán ser leídas antes de que el aparato eléctrico sea operado. 2. Las instrucciones de seguridad y operación deberán ser guardadas para referencia futura. 3.
Page 5: Table Of Contents
Kit components LES1508A Console Server ..................... 18 2.1.2 Kit components LES1308A-–LES1348A and LES1408A -–LES1448A Advanced Console Servers ... 18 2.1.3 Kit components LES1208A-R2, LES1216A-R2, LES1232A and LES1248A-R2 Advanced Console Servers ............................19 2.1.4 Kit components LES1516A–LES1548A Console Servers ................20 2.2 Power connection ..............................
Page 6 Table of Contents 4.1.7 Syslog ..............................60 4.1.8 NMEA Streaming ............................ 61 4.1.9 Cisco USB console connection ........................ 61 4.2 Add/ Edit Users ..............................62 4.3 Authentication ..............................65 4.4 Network Hosts ..............................65 4.5 Trusted Networks ..............................66 4.6 Serial Port Cascading ............................68 4.6.1 Automatically generate and upload SSH keys ..................68 4.6.2...
Page 7 Table of Contents 5.6.3 Verifying the Cellular Connection ......................109 5.6.4 Cellular Modem Watchdog ........................110 5.6.5 Dual SIM Failover ...........................110 5.7 Cellular Operation ...............................112 5.7.1 OOB Access Setup ..........................113 5.7.2 Cellular Failover Setup ..........................114 5.7.3 Cellular Routing .............................115 5.7.4 Cellular CSD Dial-In Setup ........................115 5.8 Firewall and Forwarding ............................116 5.8.1 Configuring network forwarding and IP masquerading .................117...
Page 8 Table of Contents 7.2.8 Custom Check ............................163 7.2.9 SMS Command ............................. 164 7.2.10 Log In/Out Check ..........................165 7.2.11 Network Interface Event ........................165 7.2.12 Routed Data Usage Check ........................166 7.3 Trigger Actions ..............................167 7.3.1 Send Email ............................168 7.3.2 Send SMS .............................
Page 9 Table of Contents 9.1.5 RADIUS/TACACS User Configuration ....................201 9.1.6 Group support with remote authentication ..................201 9.1.7 Remote groups with RADIUS authentication ..................202 9.1.8 Remote groups with LDAP authentication .................... 202 9.1.9 Remote groups with TACACS+ authentication ..................204 9.1.10 Idle timeout ............................204 9.1.11...
Page 10 Table of Contents 13.4 Power Management ............................ 242 14. Configuration from the Command Line ........................243 14.1 Accessing config from the command line ....................243 14.2 Serial Port configuration ..........................246 14.3 Adding and removing Users ........................249 14.4 Adding and removing User Groups ......................250 14.5 Authentication .............................
Page 11 Table of Contents 15.6.3 Installing the SSH Public/Private Keys (Clustering) .................286 15.6.4 Installing SSH Public Key Authentication (Linux) ...................286 15.6.5 Generating public/private keys for SSH (Windows) ................288 15.6.6 Fingerprinting............................290 15.6.7 SSH tunneled serial bridging .........................290 15.6.8 SDT Connector Public Key Authentication .................... 293 15.7 Secure Sockets Layer (SSL) Support ........................
Page 12: Overview
Chapter 1 Overview INTRODUCTION This M anual This U ser’s M anual w alks y ou t hrough i nstalling a nd c onfiguring y our B lack B ox C onsole S erver (LES1508A, ...
Page 13 11. S ystem M anagement Covers a ccess t o a nd c onfiguration o f s ervices t hat w ill r un o n t he console ...
Page 14 A User can also use the Management Console, but has limited menu access to control select devices, review t heir l ogs a nd a ccess t hem u sing t he b uilt-‐in j ava t erminal o r c ontrol p ower t o t hem. The console server runs an embedded Linux operating system, and experienced Linux® and UNIX® users ...
Page 15 October 2 011 2.0 Release f or V 2.8 f irmware a nd l ater December 2 012 3.0 ...
Page 16 Copyright ©Black B ox C orporation 2 015. A ll R ights R eserved. Information i n t his d ocument i s s ubject t o c hange w ithout n otice a nd d oes n ot r epresent a c ommitment on ...
Page 17: Installation
Chapter 2 Installation INSTALLATION Installation This c hapter d escribes h ow t o i nstall t he c onsole s erver h ardware a nd c onnect i t t o c ontrolled d evices. ...
Page 18: Kit Components Les1508A Console Server
 If y ou a re i nstalling t he c onsole s erver i n a r ack, y ou w ill n eed t o a ttach t he r ack m ounting brackets ...
Page 19: Kit Components Les1208A-R2, Les1216A-R2, Les1232A And Les1248A-R2 Advanced Console Servers
DB9F-‐RJ45S s traight a nd D B9F-‐RJ45S c ross-‐over c onnectors USB micro-AB adapter cable Antenna with 10 foot extension cable Dual I EC A C p ower c ords ...
Page 20: Kit Components Les1516A-Les1548A Console Servers
2.1.4 Kit c omponents L ES1516A, L ES1532A a nd L ES1548A C onsole S ervers LES1516A, L ES1532A o r L ES1548A C onsole S erver ...
Page 21: Power Connection
Power c onnection 2.2.1 LES1508A p ower The L ES1508A i ncludes a n e xternal D C p ower s upply u nit. T his u nit a ccepts a n A C i nput v oltage b etween 100 and 250 VAC with a frequency of 50 Hz or 60 Hz. The DC power supply comes with a selection of ...
Page 22: Network Connection
regions a re a vailable. C all B lack B ox T echnical S upport f or d etails a t 7 24-‐746-‐5500. ( The N orth A merican power ...
Page 23: Usb Port Connection
2.5 USB P ort c onnection The LES1208A-R2, LES1216A-R2, LES1232A and LES1248A-R2 console servers each also have one USB 1.1 port on the front face and two additional USB 2.0 ports at the rear face (adjacent to modem jack).
Page 24: Antenna And Sim
2.6 Antenna a nd S IM The LES1408A, LES1416A, LES1432A and LES1448A console servers also have an internal CDMA cellular modem requiring an external antenna connection. The LES1308A, LES1316A, LES1332A and LES1348A console servers have an internal GSM cellular modem that requires a SIM card and an external antenna.
Page 25: System Configuration
Chapter 3 Initial System Configuration SYSTEM C ONFIGURATION System C onfiguration This c hapter p rovides s tep-‐by-‐step i nstructions f or t he c onsole s erver’s i nitial c onfiguration, a nd f or connecting ...
Page 26: Browser Connection
Subnet m ask: 2 55.255.255.0 If y ou w ant t o r etain y our e xisting I P s ettings f or t his n etwork c onnection, c lick A dvanced ...
Page 27  You w ill b e p rompted t o l og i n. E nter t he d efault administration u sername a nd a dministration password: ...
Page 28: Administrator Password
After completing each of the above steps, you can return to the configuration list by clicking in the top left c orner o f t he s creen o n t he B lack B ox l ogo. ...
Page 29: Set Up New Administrator
Note There are no restrictions on the characters that can be used in the Password. It can contain up to 254 characters. However, only the first eight System Password characters are used to make the password hash.  Click A pply. S ince y ou h ave c hanged t he p assword y ou w ill b e p rompted t o l og i n a gain. T his time, ...
Page 30: Network Ip Address
3.3 Network I P a ddress The n ext s tep i s t o e nter a n I P a ddress f or t he p rincipal E thernet ( LAN/Network/Network1) p ort o n t he console ...
Page 31: Ipv6 Configuration
 You may also enter a secondary address or comma-separated list of addresses in CIDR notation, e.g. 192.168.1.1/24 as an IP Alias. Note If you changed the console server IP address, you may need to reconfigure your PC/workstation so it has an IP address that is in the same network range as this new address. ...
Page 32 Upon r egistering w ith t he D DNS s ervice p rovider, y ou w ill s elect a u sername a nd p assword, a s well ...
Page 33: Services And Service Access
3.4 Services a nd S ervice a ccess The Administrator can access and configure the console server (and connected devices) using a range of access protocols/services. For each such access: the particular service must first be configured and enabled to run on the console server. then access through the firewall must be enabled for each network connection.
Page 34 be managed over any public network (e.g. the Internet). This ensures the Administrator has secure browser access to all the menus on the console server. It also allows appropriately configured Users secure browser access to selected Manage menus. For information on certificate and user client software configuration, refer to Chapter 9 - Authentication.
Page 35 The default TCP/IP base port address for telnet access is 2000, and the range for telnet is IP Address: Port (2000 + serial port #) i.e. 2001 – 2048. So if the Administrator were to set 8000 as a secondary base for telnet then serial port #2 on the console server can be telnet accessed at IP Address:2002 and at IP Address:8002.
Page 36  This will display the services currently enabled for the console server’s network interfaces. Depending on the particular console server model the interfaces displayed may include: Network interface (for the principal Ethernet connection). Management LAN / OOB Failover (second Ethernet connections). Dialout/Cellular (V90 and 3G modem).
Page 37: Brute Force Protection
The Respond to ICMP echos (i.e. ping) service access options can be configured at this stage. This allows the console server to respond to incoming ICMP echo requests. Ping is enabled by default, but, for security reasons, this service should generally be disabled post initial configuration. You can also configure to allow serial port devices to be accessed from nominated network interfaces ...
Page 38: Communications Software
3.5 Communications S oftware You h ave c onfigured a ccess p rotocols f or t he A dministrator c lient t o u se w hen c onnecting t o t he c onsole server. ...
Page 39: Sshterm
to be installed onto your system. PuTTY (the Telnet and SSH client itself) can be downloaded from http://www.tucows.com/preview/195286.html To u se P uTTY f or a n S SH t erminal s ession f rom a ...
Page 40: Enable The Management Lan
3.6.1 Enable t he M anagement L AN The console servers provide a firewall, router, and DHCP server. You need to connect an external LAN switch t o N etwork 2 t o a ttach h osts t o t his m anagement L AN. ...
Page 41: Configure The Dhcp Server
 Note You can configure the second Ethernet port as either a gateway port or as an OOB/Failover port (but not both). Make sure you did not allocate Network 2 as the Failover Interface when you configured the principal Network connection on the System: IP menu. The ...
Page 42  Enter t he G ateway a ddress t hat y ou w ant t o i ssue t o t he D HCP c lients. I f y ou l eave t his f ield blank, ...
Page 43: Select Failover Or Broadband Oob
The D HCP s erver a lso s upports p re-‐assigning I P a ddresses t o b e a llocated o nly t o s pecific M AC a ddresses and ...
Page 44 Management L AN -‐ a n a lternate b roadband E thernet c onnection ( which w ould b e t he Network2 p ort o n t he L ES1508A, L ES1516A, L ES1532A, L ES1548A, L ES1408A, L ES1416A, LES1432A, ...
Page 45: Aggregating The Network Ports
3.6.4 Aggregating t he n etwork p orts By default, you can only access the console server's Management LAN network ports using SSH tunneling/port ...
Page 46  Un-tick the Disable box. WAP configuration:  Configure the IP Settings for the Wireless Network. Generally, if the device is being used as a Wireless AP, a static address is set here in the IP Settings. In this example, 192.168.10.1 is used. Set the IP address, and the netmask (in this case, 255.255.255.0 to give 254 unique network addresses in subnet), but do not fill in the Gateway, Primary DNS, and Secondary DNS.
Page 47 Network Channel: Select the network channel. 6 is most commonly used, so it is best to do a site survey and pick another channel if the unit is being deployed into an office environment. Hardware Mode: The unit supports 802.11b, g and single band 802.11n. In most cases, selection 802.11b/g/n will provide for the best interoperability with other hardware.
Page 48  Note The Wireless screen on the Status: Statistics page shows the list of clients that are connected to the WAP.   Wireless Client configuration:  Select Wireless Client in the Wireless Settings section - which will make the Wireless Client Settings section visible.
Page 49: Static Routes
Note: The Wireless screen in Status: Statistics will display all the locally accessible wireless LANs (with SSID and Encryption/Authentication settings). You can also use this screen to confirm you have successfully connected to the selected access point - refer to Chapter 12. 3.6.6 ...
Page 50 may be useful for remotely accessing various subnets at a remote site when being accessed using the cellular out of band connection. To add to the static route to the route table of the system:  Select the Route Settings tab on the System: IP General Settings menu. ...
Page 51: Serial Port And Network Host
Chapter 4 Serial Port and Network Host SERIAL PORT AND NETWORK HOST Introduction The Black Box console server enables access and control of serially attached devices and network attached devices (hosts). The Administrator must configure access privileges for each of these devices, ...
Page 52: Common Settings
Console Server Mode is the default and this enables general access to serial console port on the serially a ttached d evices. Device Mode sets the serial port up to communicate with an intelligent serial controlled PDU, UPS, ...
Page 53: Console Server Mode
Specify a l abel f or t he p ort.  Select the appropriate Baud Rate, Parity, Data Bits, Stop Bits, and Flow Control for each port.  (Note: T he R S-‐485/RS-‐422 o ption i s n ot r elevant f or c onsole s ervers.) Before proceeding with further serial port configuration, connect the ports to the serial devices ...
Page 54 Logging L evel This s pecifies t he l evel o f i nformation t o b e l ogged a nd m onitored ( referto C hapter 7 — Alerts ...
Page 55 If the remote communications are tunneled with SDT Connector, then you can use Telnet to securely a ccess t hese a ttached d evices ( refer t o t he N ote b elow). ...
Page 56 PuTTY can be downloaded at http://www.tucows.com/preview/195286.html SSH We recommend that you use SSH as the protocol where the User or Administrator connects to t he c onsole s erver ( or c onnects t hrough t he c onsole s erver t o t he a ttached s erial c onsoles) over ...
Page 57 For a U ser n amed “ fred” t o a ccess s erial p ort 2 , w hen s etting u p t he S SHTerm o r t he P uTTY SSH ...
Page 58: Sdt Mode
connects a s t he c urrently a uthenticated M anagement C onsole u ser a nd d oes n ot r e-‐ authenticate. S ee s ection 1 3.3 f or m ore d etails. Authenticate ...
Page 59: Device (Rpc, Ups, Emd) Mode
For c onfiguration d etails, r efer t o C hapter 6 —Using S DT C onnector t o T elnet o r S SH c onnect t o d evices that ...
Page 60: Serial Bridging Mode
4.1.6 Serial B ridging M ode With serial bridging, the serial data on a nominated serial port on one console server is encapsulated into ...
Page 61: Nmea Streaming
For e xample, i f t he c omputer a ttached t o s erial p ort 3 s hould n ever s end a nything o ut o n i ts s erial console ...
Page 62: Add/ Edit Users
4.2 Add/ E dit U sers The Administrator uses this menu selection to set up, edit, and delete users, and to define the access ...
Page 63 2. Membership of the user group provides the user with limited access to the console server and connected Hosts and serial devices. These Users can access only the Management section of the Management Console menu and they have no command line access to the console server.
Page 64  Click A dd U ser t o a dd a n ew u ser.  Add a U sername a nd a c onfirmed P assword f or e ach n ew u ser. Y ou m ay a lso i nclude information ...
Page 65: Authentication
 Click A pply. T he n ew u ser c an n ow a ccess t he N etwork D evices, P orts, a nd R PC O utlets y ou nominated ...
Page 66: Trusted Networks
 Selecting S erial & N etwork: N etwork H osts p resents a ll t he n etwork c onnected H osts t hat h ave been ...
Page 67  Select S erial & N etwork: T rusted N etworks.  To a dd a n ew t rusted n etwork, s elect A dd R ule. ...
Page 68: Serial Port Cascading
Note The above Trusted Networks will limit Users and Administrators access to the console serial ports. They do not restrict access to the console server itself or to attached hosts. To change the default settings for this access, you will to need to edit the IPtables rules as described in Chapter 15—Advanced Configurstion.
Page 69: Manually Generate And Upload Ssh Keys
Next, y ou m ust s elect w hether t o g enerate k eys u sing R SA a nd/or D SA ( if u nsure, s elect o nly R SA). Generating ...
Page 70 Next, y ou m ust r egister t he P ublic K ey a s a n A uthorized K ey o n t he S lave. I n a c ase t hat h as o nly o ne Master ...
Page 71: Configure The Slaves And Their Serial Ports
Once t he S SH c onnection h as b een e stablished, t he s ystem a sks y ou t o a ccept t he k ey. A nswer y es a nd the ...
Page 72: Managing The Slaves
Once y ou h ave a dded a ll t he S lave c onsole s ervers, y ou c an a ssign a nd a ccess t he S lave s erial p orts a nd the ...
Page 73: Managed Devices
This serial port redirector software is loaded in your desktop PC, and it allows you to use a serial device that’s c onnected t o t he r emote c onsole s erver a s i f i t w ere c onnected t o y our l ocal s erial p ort. ...
Page 74  Select t he c onnection t ype f or t he n ew c onnection ( Serial, N etwork H ost, U PS, o r R PC) a nd t hen select ...
Page 75: Ipsec Vpn
Note To set up a new serially connected RPC UPS or EMD device, configure the serial port, designate it as a Device, then enter a Name and Description for that device in the Serial & Network: RPC Connections (or UPS Connections or Environmental). When applied, this will automatically create a corresponding new Managed Device with the same Name /Description as the RPC/UPS Host (refer to Chapter 8—Power and Environment).
Page 76: Enable The Vpn Gateway
interconnecting with other IPsec VPN gateways, and road warrior IPsec software, refer to http://wiki.openswan.org 4.9.1 Enable t he V PN g ateway  Select IPsec VPN on the Serial & Networks menu.  Click Add and complete the Add IPsec Tunnel screen. ...
Page 77: Openvpn
 If the VPN gateway is serving as a VPN gateway to a local subnet (e.g. the console server has a Management LAN configured), enter the private subnet details in Left Subnet. Use the CIDR notation (where the IP address number is followed by a slash and the number of ‘one’ bits in the binary notation of the netmask).
Page 78: Configure As Server Or Client
 Enter any descriptive name you wish to identify the OpenVPN Tunnel you are adding, for example, NorthStOutlet-VPN.  Select the Device Driver to be used, either Tun-IP or Tap-Ethernet. The TUN (network tunnel) and TAP (network tap) drivers are virtual network drivers that support IP tunneling and Ethernet tunneling, respectively.
Page 79: Windows Openvpn Client And Server Set Up
If Server has been selected, enter the IP Pool Network address and the IP Pool Network mask for the IP Pool. The network defined by the IP Pool Network address/mask is used to provide the addresses for connecting clients.  Click Apply to save changes. ...
Page 80 When the OpenVPN software is started, the C:\Program Files\OpenVPN\config folder will be scanned for “.opvn” files. This folder will be rechecked for new configuration files whenever the OpenVPN GUI icon is right-clicked. So once OpenVPN is installed, a configuration file will need to be created: ...
Page 81 5 = helps with debugging connection problems 9 = extremely verbose, excellent for troubleshooting dev tun Select ‘dev tun’ to create a routed IP tunnel or ‘dev tap’ to create an dev tap Ethernet tunnel. The client and server must use the same settings. remote <host>...
Page 82  The log file will be displayed as the connection is established.  Once established, the OpenVPN icon will display a message notifying of the successful connection and assigned IP. This information, as well as the time the connection was established, is available anytime by scrolling over the OpenVPN icon.
Page 83: Pptp Vpn
4.11 PPTP V PN The L ES1508A, L ES1408A, L ES1416A, L ES1432A, L ES1448A, L ES1308A, L ES1316A, L ES1332A, L ES1348A, LES1208A-‐R2, L ES1216A-‐R2, L ES1232 a nd L ES1248A-‐R2 c onsole s ervers i nclude a PPTP (Point-to-Point Tunneling Protocol) server.
Page 84  Select the Enable check box to enable the PPTP Server.  Select the Minimum Authentication Required. Access is denied to remote users attempting to connect using an authentication scheme weaker than the selected scheme. The schemes are described below, from strongest to weakest. •...
Page 85: Add A Pptp User
 Enable Verbose Logging to assist in debugging connection problems  Click Apply Settings. 4.11.2 Add a PPTP user  Select Users & Groups on the Serial & Networks menu and complete the fields as covered in section 4.2.  Ensure the pptpd Group has been checked, to allow access to the PPTP VPN server. Note - users in this group will have their password stored in clear text.
Page 86: Call Home
Note: To connect remote VPN clients to the local network, you need to know the user name and password for the PPTP account you added, as well as the Internet IP address of the console server. If your ISP has not allocated you a static IP address, consider using a dynamic DNS service.
Page 87: Set Up Call Home Candidate
Note VCMS maintains public key authenticated SSH connections to each of its Managed Console Servers. These connections are used for monitoring, commanding and accessing the Managed Console Servers and the Managed Devices connected to the Managed Console Server. To manage Local Console Servers, or console servers that are reachable from the VCMS, the SSH connections are initiated by VCMS.
Page 88: Accept Call Home Candidate As Managed Console Server On Vcms
  Once the candidate has been accepted on the VCMS (as outlined in the next section) an SSH tunnel to the console server is then redirected back across the Call Home connection. The console server has now become a Managed Console Server and the VCMS can connect to and monitor it through this tunnel.
Page 89: Calling Home To A Generic Central Ssh Server
The Local Console Servers drop-down list lists all the console servers that are on the same subnet as the CMS and are not currently being monitored. The Remote Console Servers drop-down list in the Detected Console Servers section lists all the console servers that have established a Call Home connection, and are not currently being monitored (i.e.
Page 90: Ip Passthrough
By selecting Listening Server, you may create a Remote port forward from the Server to this unit, or a Local port forward from this unit to the Server:  Specify a Listening Port to forward from; leave this field blank to allocate an unused port. Enter the Target Server and Target Port that will be the recipient of forwarded connections. ...
Page 91: Ip Passthrough Certification
 For the other interfaces, configure as you would normally on the local network.  For both interfaces, leave Gateway blank.  Configure the Black Box modem in Always On Out-of-band mode  For a cellular connection, click System: Dial: Internal Cellular Modem.
Page 92: Service Interrupts
4.13.4 Service Intercepts These allow the console server to continue to provide services for e.g. out-of-band management when in IP Passthrough mode. Connections to the modem address on the specified intercept port(s) will be handled by the Console server, rather than being passed through to the downstream router. ...
Page 93: Firewall, Failover And Oob Dial-In
Internal Modem Port tab under System -> Dial (as well as the Serial DB9 Port tab) The LES1208A-R2, LES1216A-R2, LES1232A, and LES1248A-R2 need to have an external modem attached via a serial cable to their DB9 port. This port is marked Local and is located on the back of the units.
Page 94: Configure Dial-In Ppp
5.2.1 Configure D ial-‐In P PP To e nable d ial-‐in P PP a ccess o n t he m odem  Select t he S ystem: D ial m enu o ption a nd t he p ort t o b e c onfigured ( Serial D B9 P ort o r I nternal Modem ...
Page 95  You must select the Authentication Type to apply to the dial-‐in connection. The console server uses authentication to challenge Administrators who dial-‐in to the console server. (For dial-‐in access, ...
Page 96: Using Sdt Connector Client
5.2.2 Using S DT C onnector c lient Administrators c an u se t heir S DT C onnector c lient t o s et u p s ecure O oB d ial-‐in a ccess t o a ll t heir r emote console ...
Page 97: Set Up Earlier Windows Clients
5.2.4 Set u p e arlier W indows c lients  For W indows 2 000, t he P PP c lient s et u p p rocedure i s t he s ame a s a bove, e xcept y ou g et t o t he Dial-‐Up ...
Page 98 Override DNS is available for PPP Devices such as modems. Override DNS allows the use of alternate DNS servers from those provided by your ISP. For example, an alternative DNS may be required for OpenDNS used for content filtering.  To enable Override DNS, check the Override returned DNS Servers box. Enter the IP of the DNS servers into the spaces provided.
Page 99: Failover Dialout
5.3.2 Failover dial-out The advanced console servers can be configured so a dial-out PPP connection is automatically set up if the principal management network is disrupted. Note: Only SSH access is enabled on the failover connection. However in firmware versions later than 3.0.2, HTTPS access is also enabled.
Page 100: Oob Broadband Access
Note: By default, the advanced console server supports automatic failure-recovery back to the original state prior to failover (V3.1.0 firmware and later). The advanced console server continually pings probe addresses whilst in original and failover states. The original state will automatically be set as a priority and reestablished following three successful pings of the probe addresses during failover.
Page 101: Broadband Ethernet Failover
 On t he S ystem: I P m enu s elect N etwork 2 a nd c onfigure t he I P A ddress, S ubnet M ask, Gateway, ...
Page 102 When configuring the principal network connection, specify Network 2 (eth1) as the Failover  Interface t o u se w hen a f ault i s d etected w ith N etwork 1 ( eth0). ...
Page 103 In t his m ode, N etwork 2 ( eth1) i s a vailable a s t he t ransparent b ack-‐up p ort t o N etwork 1 ( eth0) f or accessing ...
Page 104: Cellular Modem Connection
5.6 Cellular M odem C onnection The L ES1508A, L ES1516A, L ES1532A, L ES1548A, L ES1308A, LES1316A, LES1332A, LES1348A, LES1408A, LES1416A, LES1432A, and LES1448A console servers support internal cellular modems. These modems first need to be installed (as described below in 5.6.1, 5.6.2 or 5.6.3) and then set up to validate they can connect to the carrier network (as described below in 5.6.4 and 5.6.5).
Page 105 _____________________________________________________________________ Page 105 724-746-5500 | blackbox.com...
Page 106 Note: Your 3G carrier may have provided you with details for configuring the connection including APN (Access Point Name), Pin Code (optional PIN code, which may be required to unlock the SIM card), Phone Number (the sequence to dial to establish the connection, defaults to *99***1#), Username / Password (optional) and Dial string (optional AT commands).
Page 107: Connecting To A Cdma Ev-Do Carrier Network
 Check Apply and a radio connection will be established with your cellular carrier. 5.6.2 Connecting to a CDMA EV-DO carrier network The LES1408A, LES1416A, LES1432A, and LES1448A models have an internal CDMA modem. Both will connect to the Verizon network in North America. After creating an account with the CDMA carrier some carriers require an additional step to provision the Internal Cellular Modem, referred to as Provisioning.
Page 108  Click Activate to initiate the OTASP call. The process is successful if no errors are displayed and you no longer see the CDMA Modem Activation form. ( If OTASP is unsuccessful you can consult the System Logs for clues to what went wrong at Status: Syslog). ...
Page 109: Verifying The Cellular Connection
console server as both the MDN and MSID with no spaces or hyphens e.g. “5551231234” for “555-123-1234”  Click Activate. If no errors occur you will see the new values entered into the NAM Profile at the Cellular page on Status: Statistics. ...
Page 110: Cellular Modem Watchdog
 With the cellular modem connection on, you can also see the connection status from the LEDs on top of the unit. 5.6.4 Cellular modem watchdog When you select Enable Dial-Out on the System: Dial menu, you will be given the option to configure a cellar modem watchdog service (with firmware V3.5.2u13 and later).
Page 111  Specify how the device will Failback from the failover SIM to the Primary SIM. There are two options: The 'On Disconnect' failback option will failback to the Primary SIM only after the connection on the failover SIM has failed its ping test. The 'On Timeout' failback option will failback to the Primary SIM after the connection on the failover SIM has been up for the timeout period.
Page 112: Cellular Operation
Note: Dual SIM failover still applies to the cell modem interface when the cell modem itself is used as the console server's failover interface. Be aware that when the console server is failing over to the cell modem interface and the primary SIM fails, total time to fail over to the cell modem and then for the cell modem to failover to its secondary SIM can take several minutes - be patient.
Page 113: Oob Access Setup
5.7.1 OOB access set up In this mode, the dial-out connection to the carrier cellular network is always on, awaiting any incoming traffic. By default, the only traffic enabled are incoming SSH access to the console server and its serial ports, and incoming HTTPS access to the console server.
Page 114: Cellular Failover Setup
5.7.2 Cellular failover setup In this mode, a dial-out cellular connection is only established if the main network is disrupted. The cellular connection normally remains idle - in a low power state - and is only activated if a ping fails. This standby mode can suit remote sites with expensive power or very high cellular traffic costs.
Page 115: Cellular Routing
The Operational Status will change as the cellular modem finds a channel and connects to the network. The Failover & Out-of-Band screen will display information relating to a configured Failover/OOB interface and the status of that connection. The IP Address of the Failover / OOB interface will be presented in the Failover &...
Page 116: Firewall And Forwarding
5.8 Firewall & F orwarding The c onsole s erver h as r outing, N AT, p acket f iltering, a nd p ort f orwarding s upport o n a ll p hysical a nd virtual ...
Page 117: Configuring Network Forwarding And Ip Masquerading
This e nables t he c onsole s erver t o f unction a s a n I nternet o r e xternal n etwork g ateway: Network ...
Page 118 Note: N etwork f orwarding a llows t he n etwork p ackets o n o ne n etwork i nterface ( i.e. L AN1/ e th0) t o b e forwarded ...
Page 119: Configuring Client Devices
 Select F orwarding & M asquerading p anel o n t he S ystem: F irewall m enu.  Check E nable I P M asquerading ( SNAT) o n t he n etwork i nterfaces w here m asquerading i s b e enabled. ...
Page 120: Port Forwarding
 Set t he D NS s erver a ddress(es) t o b e t he s ame a s u sed o n t he e xternal n etwork, i .e., i f t he console ...
Page 121: Firewall Rules
Output A ddress: T he t arget o f t he p ort f orward. T his i s a n a ddress o n t he i nternal n etwork where ...
Page 122  Click N ew F irewall R ule.  Fill i n t he f ollowing f ields: N ame: Name t he r ule. T his n ame s hould d escribe t he p olicy t he f irewall r ule i s being ...
Page 123 P rotocol: T CP D irection: E gress ...
Page 124: Secure Ssh Tunneling And Sdt Connector
Chapter 6 Secure SSH Tunneling & SDT Connector SECURE SSH TUNNELING AND SDT CONNECTOR Introduction Each B lack B ox c onsole s erver h as a n e mbedded S SH s erver a nd u ses S SH t unneling s o r emote u sers c an securely connect through the console server to Managed Devices—using text-‐based console tools (such ...
Page 125: Configuring For Ssh Tunneling To Hosts
Using S DT C onnector t o T elnet o r S SH c onnect t o d evices t hat a re s erially a ttached t o t he ...
Page 126: Sdt Connector Installation
6.2.1 SDT C onnector i nstallation  The S DT C onnector s et u p p rogram ( SDTConnector S etup-‐1.n.exe o r s dtcon-‐1.n.tar.gz) i s included ...
Page 127: Configuring A New Console Server Gateway In The Sdt Connector Client
configure c lients t o r un o n t he P C t hat w ill u se t he s ervice t o c onnect t o t he h osts a nd s erial p ort d evices (refer ...
Page 128: Auto-Configure Sdt Connector Client With The User's Access Privileges
 Or, e nter a D escriptive N ame t o d isplay i nstead o f t he I P o r D NS a ddress, a nd a ny N otes o r a Description ...
Page 129: Make An Sdt Connection Through The Gateway To A Host
configure a ccess t o n etwork c onnected H osts t hat t he u ser i s a uthorized t o a ccess  and s et u p ( for e ach o f t hese H osts) t he s ervices ( for e xample, H TTPS, I PMI2.0) a nd the ...
Page 130: Manually Adding Hosts To The Sdt Connector Gateway
Note The SDT Connector client can be configured with unlimited number of Gateways (that is, console servers). You can configure each Gateway to port forward to an unlimited number of locally networked Hosts. There is no limit on the number of SDT Connector clients that can be configured to access the one Gateway.
Page 131: Manually Adding New Services To The New Hosts
6.2.6 Manually a dding n ew s ervices t o t he n ew h osts To e xtend t he r ange o f s ervices t hat y ou c an u se w hen a ccessing h osts w ith S DT C onnector: ...
Page 132 An e xample i s t he D ell R AC s ervice. T he f irst r edirection i s f or t he H TTPS c onnection t o t he R AC s erver— it ...
Page 133: Adding A Client Program To Be Started For The New Service
Note SDT Connector can also tunnel UDP services. SDT Connector tunnels the UDP traffic through the TCP SSH redirection, so it is a “tunnel within a tunnel.” Enter the UDP port where the service is running on the host. This will also be the local UDP port that SDT Connector binds as the local endpoint of the tunnel.
Page 134  Enter a N ame f or t he c lient. E nter t he P ath t o t he e xecutable f ile f or t he c lient ( or c lick B rowse to ...
Page 135: Dial In Configuration
 Click O K. 6.2.8 Dial i n c onfiguration If the client PC is dialing into Local/Console port on the console server, you will need to set up a dial-‐in PPP ...
Page 136: Sdt Connector - Telnet Or Ssh Connect To Serially Attached Devices
 Browse to the console server and select Network Hosts from Serial & Network, click Add Host, and in the IP Address/DNS Name field enter 127.0.0.1 (this is the Black Box network loopback address). Then, enter Loopback in Description.
Page 137  Assuming y ou h ave a lready s et u p t he t arget c onsole s erver a s a g ateway i n y our S DT C onnector client ...
Page 138: Using Sdt Connector For Out-Of-Band Connection To The Gateway
Description, a nd P assword/Confirm. S elect 1 27.0.0.1 f rom A ccessible H ost(s) a nd s elect P ort 2 from A ccessible P ort(s). C lick A pply. ...
Page 139 where n etwork_connection i s t he n ame o f t he n etwork c onnection a s d isplayed i n C ontrol Panel -‐ > N etwork C onnections, l ogin i s t he d ial-‐in u sername, a nd p assword i s t he d ial-‐in password ...
Page 140: Importing (And Exporting) Preferences
Importing ( and e xporting) p references To e nable t he d istribution o f p re-‐configured c lient c onfig f iles, S DT C onnector h as a n E xport/Import facility: ...
Page 141: Setting Up Sdt For Remote Desktop Access
public k ey a uthentication. E ssentially, w hat y ou a re u sing i s S SH o ver S SH, a nd t he t wo S SH c onnections are ...
Page 142: Configure The Remote Desktop Connection Client
 To s et t he u ser(s) w ho c an r emotely a ccess t he s ystem w ith R DP, c lick A dd o n t he R emote Desktop ...
Page 143  In t he C omputer f ield, e nter t he a ppropriate I P A ddress a nd P ort N umber: Where t here i s a d irect l ocal o r e nterprise V PN c onnection, e nter t he I P A ddress o f t he ...
Page 144  Click C onnect. Note The Remote Desktop Connection software is pre-installed with Windows XP, Vista and Server 2003/2008. For earlier Windows PCs, you need to download the RDP client:  Go to the Microsoft Download Center site http://www.microsoft.com/downloads/details.aspx?familyid=80111F21-D48D-426E-96C2- 08AA2BD23A49&displaylang=en and click the Download button This software package will install the client portion of Remote Desktop on Windows 95, Windows...
Page 145 Note The rdesktop client is supplied with Red Hat 9.0: rpm -ivh rdesktop-1.2.0-1.i386.rpm  For Red Hat 8.0 or other distributions of Linux; download source, untar, configure, make, make, then install. rdesktop currently runs on most UNIX based platforms with the X Window System and can be downloaded from http://www.rdesktop.org/ ...
Page 146: Sdt Ssh Tunnel For Vnc
SDT S SH T unnel f or V NC With SDT and Virtual Network Computing (VNC), Users and Administrators can securely access and control Windows 98/NT/2000/XP/2003, Linux, Macintosh, Solaris, and UNIX computers. There’s a range ...
Page 147: Install, Configure And Connect The Vnc Viewer
 To s et u p a p ersistent V NC s erver o n R ed H at E nterprise L inux 4 : Set ...
Page 148  To establish the VNC connection, first configure the VNC Viewer, entering the VNC Server IP address. A. When t he V iewer P C i s c onnected t o t he c onsole s erver t hru a n S SH t unnel ( over t he p ublic I nternet, or a dial-‐in connection, or private network connection), enter localhost (or 127.0.0.1) as the IP VNC ...
Page 149: Using Sdt To Ip Connect To Hosts That Are Serially Attached To The Gateway
Note For general background reading on Remote Desktop and VNC access we recommend the following:  The Microsoft Remote Desktop How-To.  http://www.microsoft.com/windowsxp/using/mobility/getstarted/remoteintro.mspx The Illustrated Network Remote Desktop help page.  http://theillustratednetwork.mvps.org/RemoteDesktop/RemoteDesktopSetupandTroubleshooting.ht  What is Remote Desktop in Windows XP and Windows Server 2003? by Daniel Petri. http://www.petri.co.il/what's_remote_desktop.htm ...
Page 150 B. For Windows XP and 2003 computers, follow the steps below to set up an advanced network connection between the Windows computer, through its COM port to the console server. Both Windows ...
Page 151  Specify w hich U sers w ill b e a llowed t o u se t his c onnection. T his s hould b e t he s ame U sers w ho were ...
Page 152 Or, you can set the advanced connection and access on the Windows computer to use the console server defaults:  Specify 10.233.111.254 as the From: address.  Select Allow calling computer to specify its own address. Also, you could use the console server default username and password when you set up the new Remote Desktop User and gave this User permission to use the advance connection to access the Windows computer: The console server default Username is portXX where XX is the serial port number on the...
Page 153: Set Up Sdt Serial Ports On Console Server
C. For earlier version Windows computers, follow the steps in Section B. To get to the Make New Connection b utton: For ...
Page 154: Set Up Sdt Connector To Ssh Port Forward Over The Console Server Serial Port
6.10.3 Set u p S DT C onnector t o S SH p ort f orward o ver t he c onsole s erver S erial P ort In ...
Page 155  In t he S ession m enu, e nter t he I P a ddress o f t he c onsole s erver i n t he H ost N ame o r I P a ddress field. ...
Page 156 If y our d estination c omputer i s s erially c onnected t o t he c onsole s erver, s et t he D estination ...
Page 157 I f y ou a re c onnecting a s a n A dministrator ( in t he “ admin” g roup), t hen y ou c an c onnect t o ...
Page 158: Alerts And Logging
Chapter 7 Alerts and Logging ALERTS AND LOGGING Introduction This chapter describes and logging features of the console the automated response, alert generation, server. The new Auto-Response facility (in firmware V3.5.1 and later) extends the basic Alert facility available in earlier firmware revisions.
Page 159 To configure a new Auto-Response:  Select New Auto-Response in the Configured Auto-Response field. You will be presented with a new Auto-Response Settings menu.  Enter a unique Name for the new Auto-Response.  Specify the Reset Timeout for the time in seconds after resolution to delay before this Auto- Response can be triggered again.
Page 160: Check Conditions
Check Conditions To configure the condition that will trigger the Auto-Response:  Click on the Check Condition type (e.g. Environmental, UPS Status or ICMP ping) to be configured as the trigger for this new Auto-Response in the Auto-Response Settings menu 7.2.1 UPS / Power Supply To use the properties of any attached UPS as the trigger event:...
Page 161: Serial Login/Logout
7.2.3 Serial Login/Logout To monitor serial ports and check for login/logout or pattern matches for Auto-Response triggers events:  Click on Serial Login/Logout as the Check Condition. Then in the Serial Login/Logout Check menu, select Trigger on Login (to trigger when any user logs into the serial port) or Trigger on Logout and specify Serial Port to perform check on, and/or ...
Page 162: Sms Command
 Click on Custom Check as the Check Condition.  Create an executable trigger check script file e.g. /etc/config/test.sh #!/bin/sh logger "A test script" logger Argument1 = $1 logger Argument2 = $2 logger Argument3 = $3 logger Argument4 = $4 if [ -f /etc/config/customscript.0 ];...
Page 163: Custom Check
7.2.8 Custom Check This check allows users to run a nominated custom script with nominated arguments whose return value is used as an Auto-Response trigger event:  Click on Custom Check as the Check Condition.  Create an executable trigger check script file e.g. /etc/config/test.sh #!/bin/sh logger "A test script"...
Page 164: Sms Command
Note: The SMS command trigger condition can only be set if there is an internal or external USB cellular modem detected. 7.2.9 SMS Command An incoming SMS command from a nominated caller can trigger an Auto-Response:  Click on SMS Command as the Check Condition. ...
Page 165: Log In/Out Check
Note: The SMS command trigger condition can only be set if there is an internal cellular modem detected 7.2.10 Log In/Out Check To configure Web Log In/Out as the trigger event:  Click on the Web UI Authentication as the Check Condition. Check Trigger on Login (Logout) to trigger when a user logs into (or out of) the Web UI.
Page 166: Routed Data Usage Check
Select the Interface (Ethernet /Failover OOB Interface or Modem or VPN) to monitor. Check what type of network interface Event to trigger on (interface Down, Starting, Up or Stopping). Note: This check is not resolvable so Resolve actions will not be run. ...
Page 167: Trigger Actions
 The console server’s incoming Interface to monitor.  An optional Source MAC/IP Address, to monitor traffic from a specific host (e.g. the downstream router).  A Data Limit threshold; the Auto-Response will trigger when this is hit in the specified Time Period.
Page 168: Send Email
Note: A message text can be sent with Email, SMS, and Nagios actions. This configurable message can include selected values: $AR_TRIGGER_VAL = the trigger value for the check e.g. for UPS Status, it could be onbatt or battlow $AR_VAL = the value returned by the check e.g. for ups status, it could be online/onbatt/battlow $AR_CHECK_DEV = the device name of the device being checked e.g.
Page 169: Resolve Actions
 Click Save New Action. Note: To notify the central Nagios server of Alerts, NSCA must be enabled under System: Nagios and Nagios must be enabled for each applicable host or port. Resolve Actions Actions can also be scheduled to be taken a trigger condition has been resolved: ...
Page 170: Send Sms Alerts
 In t he S MTP S erver f ield, e nter t he o utgoing m ail S erver’s I P a ddress.  If t his m ail s erver u ses a S ecure C onnection, s pecify i ts t ype. ...
Page 171  Select a S ecure C onnection ( if a pplicable) a nd s pecify t he S MTP p ort t o b e u sed ( if o ther t han the ...
Page 172: Send Snmp Trap Alerts
Note The option to directly send SMS alerts via the cellular modem was included in the Management GUI in V3.4. Advanced console servers already had the gateway software (SMS Server Tools 3) embedded, but you this could only be accessed from the command line to send SMS messages. ...
Page 173: Send Nagios Alerts
All console servers have the snmptrap daemon to send traps/notifications to remote SNMP servers on defined trigger events as detailed above. LES1408A, LES1416A, LES1432A, LES1448A, LES1308A, LES1316A, LES1332A, LES1348A, LES1208A-R2, LES1216A-R2, LES1232 and LES1248A-R2 console servers also embed the net-snmpd daemon. It accepts SNMP requests from remote SNMP management servers and provides information on network interface, running processes, etc.
Page 174: Serial Port Logging
 Select the Alerts & Logging: Port Log menu option and specify the Server Type to be used, and the details to enable log server access. From the Manage: Devices menu the Administrator can view serial, network, and power device logs stored in the console reserve memory (or flash USB).
Page 175: Network Tcp And Udp Port Logging
Level 4 Logs all data transferred to the port and all changes in hardware flow control status and all User connection events.  Click Apply. Note A cache of the most recent 8K of logged data per serial port is maintained locally (in addition to the Logs which are transmitted for remote/USB flash storage).
Page 176: Power And Environmental Management
Chapter 8 Power & Environmental Management POWER & ENVIRONMENTAL MANAGEMENT Introduction Black Box console servers manage embedded software that you can use to manage connected Power Distribution ...
Page 177  Select t he S erial & N etwork: R PC C onnections m enu. T his w ill d isplay a ll t he R PC c onnections that ...
Page 178  Select t he a ppropriate R PC T ype f or t he P DU ( or I PMI) b eing c onnected:  If y ou a re c onnecting t o t he R PC v ia t he n etwork, y ou w ill b e p resented w ith t he I PMI protocol ...
Page 179: Rpc Access Privileges And Alerts
i n t he s elected R PC T ype o r w ill q uery t he R PC i tself f or t his i nformation. Note The Black Box console servers support most popular network and serial PDUs. If your PDU is not on the default list, then you can add support directly (as covered in Chapter 14—Advanced Configurations) or add the PDU support to either the Network UPS Tools or PowerMan open source projects.
Page 180: Rpc Status
Turn O FF Cycle Status You w ill o nly b e p resented w ith i cons f or t hose o perations t hat a re s upported b y t he T arget y ou have ...
Page 181: Managed Ups Connections
8 .2.1 Managed U PS c onnections A M anaged U PS i s a U PS t hat i s d irectly c onnected a s a M anaged D evice t o t he c onsole s erver. Y ou c an connect ...
Page 182  For s erial U PSes a ttach t he U PS t o t he s elected s erial p ort o n t he c onsole s erver. F rom t he S erial and ...
Page 183  Select i f t he U PS w ill b e C onnected V ia U SB, o ver a p re-‐configured s erial p ort, o r v ia SNMP/HTTP/HTTPS ...
Page 184: Remote Ups Management
Note : These login credentials are not related to the Users and access privileges you configured in Serial & Networks: Users & Groups.  If y ou h ave m ultiple U PSes a nd r equire t hem t o b e s hut d own i n a s pecific o rder, s pecify t he Shutdown ...
Page 185: Controlling Ups Powered Computers
 Enter t he N ame o f t he p articular r emote U PS t hat y ou w ant t o r emotely m onitor. T his n ame must ...
Page 186: Ups Alerts
on b attery. I n c ontrast, m ore c ritical s ervers m ay n ot b e s hut d own u ntil a l ow b attery w arning i s received). ...
Page 187: Overview Of Network Ups Tools (Nut)
 Click o n a ny p articular A ll D ata f or a ny U PS S ystem i n t he t able f or m ore s tatus a nd configuration ...
Page 188 NUT i s b uilt o n a n etworked m odel w ith a l ayered s cheme o f d rivers, s erver, a nd c lients: The ...
Page 189: Environmental Monitoring
The l atest r elease o f N UT ( 2.4) a lso c ontrols P DU s ystems. I t c an d o t his e ither n atively u sing ...
Page 190: Connecting The Emd And Its Sensors
8 .3.1 Connecting t he E MD a nd i ts s ensors The E nvironmental M onitor D evice ( EMD) c onnects t o a ny s erial p ort o n t he c onsole s erver v ia a special ...
Page 191 Note L ES1108A, You can attach two external sensors onto the terminals on EMDs that are connected to LES1116A, L ES1132 a nd L ES1148A c onsole servers. LES1508A, LES1516A, LES1532A, LES1548A, LES1408A, LES1416A, LES1432A, LES1448A, LES1308A, LES1316A, LES1332A, LES1208A-‐R2, ...
Page 192: Environmental Alerts
 Check L og S tatus a nd s pecify t he L og R ate ( minutes b etween s amples) i f y ou w ant t o l og t he status ...
Page 193: Digital I/O Output Configuration
The I/O ports are configured via the I/O port page which is found under the system menu. Each port can be configured with a default direction and state.  Select the System: I/O Ports menu. 8.4.1 Digital I/O Output Configuration Each of the two digital I/O ports (DIO1 and DIO2) can be configured as an Input or Output port.
Page 194: Digital I/O Input Configuration
For example, to set pin 1 to a low output, type: ioc -p 1 -d 0 -v 0 To pulse one of these outputs, use a script like the following: ioc -p 1 -d 0 -v 1 sleep 1 ioc -p 1 -d 0 -v 0 This will set the output high for 1 second, then return it to low (assuming the initial state is low).
Page 195 OG-STATUS-MIB::ogDioStatusType.4 = INTEGER: highVoltageOutput(1) OG-STATUS-MIB::ogDioStatusDirection.1 = INTEGER: input(1) OG-STATUS-MIB::ogDioStatusDirection.2 = INTEGER: input(1) OG-STATUS-MIB::ogDioStatusDirection.3 = INTEGER: input(1) OG-STATUS-MIB::ogDioStatusDirection.4 = INTEGER: input(1) OG-STATUS-MIB::ogDioStatusState.1 = INTEGER: low(0) OG-STATUS-MIB::ogDioStatusState.2 = INTEGER: high(1) OG-STATUS-MIB::ogDioStatusState.3 = INTEGER: high(1) OG-STATUS-MIB::ogDioStatusState.4 = INTEGER: high(1) OG-STATUS-MIB::ogDioStatusCounter.1 = Counter64: 0 OG-STATUS-MIB::ogDioStatusCounter.2 = Counter64: 0 OG-STATUS-MIB::ogDioStatusCounter.3 = Counter64: 0 OG-STATUS-MIB::ogDioStatusCounter.4 = Counter64: 0...
Page 196: Authentication
Chapter 9 Authentication AUTHENTICATION Introduction The console server is a dedicated Linux computer with a myriad of popular and proven Linux software modules for networking, secure access (OpenSSH), and communications (OpenSSL), and sophisticated user ...
Page 197: Local Authentication
You c an c onfigure t he c onsole s erver t o t he d efault ( Local) o r u sing a n a lternate a uthentication m ethod (TACACS, ...
Page 198: Radius Authentication
 In a ddition t o m ultiple r emote s ervers, y ou c an a lso e nter s eparate l ists o f A uthentication/ Authorization ...
Page 199: Ldap Authentication
 Enter t he S erver A ddress ( IP o r h ost n ame) o f t he r emote A uthentication/ A uthorization s erver. Multiple ...
Page 200  Enter t he S erver A ddress ( IP o r h ost n ame) o f t he r emote A uthentication s erver. M ultiple remote ...
Page 201: Radius/Tacacs User Configuration
9.1.5 RADIUS/TACACS U ser C onfiguration Users m ay b e a dded t o t he l ocal c onsole s erver a ppliance. I f t hey a re n ot a dded a nd t hey l og i n v ia remote ...
Page 202: Remote Groups With Radius Authentication
 Select Serial & Network: Authentication.  Select the relevant Authentication Method.  Check the Use Remote Groups button. 9.1.7 Remote g roups w ith R ADIUS a uthentication  Enter the RADIUS Authentication and Authorization Server Address and Server Password. ...
Page 203 For example, in an existing Active Directory setup, a group of users may be part of the “UPS Admin” and “Router Admin” groups. On the console server, these users will be required to have access to a group “Router_Admin”, with access to port 1 (connected to the router), and another group “UPS_Admin”, with access to port 2 (connected to the UPS).
Page 204: Remote Groups With Tacacs+ Authentication
9.1.9 Remote groups with TACACS+ authentication When using TACACS+ authentication, there are two ways to grant a remotely authenticated user privileges. The first is to set the priv-lvl and port attributes of the raccess service to 12; this is discussed further in section 9.2 of this document.
Page 205: Authentication Testing
Note: Kerberos is very sensitive to time differences between the Key Distribution Center (KDC) authentication server and the client device. Make sure that NTP is enabled, and the time zone is set correctly on the console server. When authenticating against Active Directory, the Kerberos Realm will be the domain name, and the Master KDC will be the address of the primary domain controller.
Page 206 TACACS+ -‐ p am_tacplus (http://echelon.pl/pubs/pam_tacplus.html) LDAP -‐ p am_ldap ...
Page 207: Ssl Certificate
If t here i s a lready a F ramed-‐Filter-‐Id, s imply a dd t he l ist o f g roup_names a fter t he e xisting entries, ...
Page 208  Select S ystem: S SL C ertificate a nd f ill o ut t he f ields a s e xplained b elow: Common name: This is the network name of the console server once it is installed in the network ...
Page 209 Key length: This is the length of the generated key in bits. 1024 Bits are supposed to be sufficient for most cases. Longer keys may result in slower response time of the console server ...
Page 210: Nagios Integration
Chapter 10 Nagios Integration NAGIOS INTEGRATION Introduction Nagios i s a p owerful, h ighly e xtensible o pen s ource t ool f or m onitoring n etwork h osts a nd s ervices. T he core ...
Page 211: Nagios Overview
10.1 N agios o verview Nagios p rovides c entral m onitoring o f t he h osts a nd s ervices i n y our d istributed n etwork. N agios i s f reely downloadable, ...
Page 212: Set Up Central Nagios Server
Distributed c onsole s ervers  Black B ox c onsole s ervers.  Serial a nd n etwork h osts a re a ttached t o e ach c onsole s erver. ...
Page 213: Set Up Distributed Console Servers
10.2.2 Set u p d istributed c onsole s ervers This s ection p rovides a b rief w alkthrough o n c onfiguring a s ingle c onsole s erver t o m onitor t he s tatus o f o ne a ttached network ...
Page 214  Remove a ll P ermitted S ervices. T his s erver w ill b e a ccessible u sing T erminal S ervices, s o c heck T CP, P ort 3 389 and ...
Page 215: Configuring Nagios Distributed Monitoring
 Select U sers & G roups f rom t he S erial & N etwork m enu.  Click A dd U ser.  In U sername, e nter: s dtnagiosuser, t hen e nter a nd c onfirm a P assword. ...
Page 216: Enable Nrpe Monitoring
10.3.2 Enable N RPE m onitoring Enabling N RPE a llows y ou t o e xecute p lug-‐ins ( such a s c heck_tcp a nd c heck_ping) o n t he r emote C onsole s erver t o monitor ...
Page 217: Configure Selected Ports For Nagios Monitoring
10.3.4 Configure S elected S erial P orts f or N agios M onitoring The i ndividual S erial P orts c onnected t o t he c onsole s erver t o b e m onitored m ust b e c onfigured f or N agios c hecks. R efer to ...
Page 218: Advanced Distributed Monitoring Configuration
10.4 Advanced d istributed m onitoring c onfiguration 10.4.1 Sample N agios c onfiguration An e xample c onfiguration f or N agios i s l isted b elow. I t s hows h ow t o s et u p a r emote C onsole s erver t o m onitor a s ingle host, ...
Page 219 define s ervice { service_description Serial S tatus host_name server use generic-‐service check_command check_serial_status } define s ervice { ...
Page 220 name Black B ox_nrpe_daemon_dep host_name Black B ox dependent_host_name server dependent_service_description Port L og service_description ...
Page 221: Basic Nagios Plug-Ins
use generic-‐service check_command check_conn_via_Black B ox!tcp!22 } define s ervice { service_description host-‐port-‐tcp-‐22-‐server ; h ost-‐port-‐<protocol>-‐<port>-‐<host> ...
Page 222: Number Of Supported Devices
check_jabber check_ldap check_load check_mrtg check_mrtgtraf check_nagios check_nntp check_nntps check_nt check_ntp check_nwstat check_overcr check_ping check_pop check_procs check_real check_simap check_smtp check_snmp check_spop check_ssh ...
Page 223: Distributed Monitoring Usage Scenarios
Time No 3DES SSH t unnel encryption NSCA f or s ingle c heck ~ ½ s econd ~ ½ s econd ~ ...
Page 224 Remote s ite In t his s cenario, c onfigure t he c onsole s erver N RPE s erver o r N SCA c lient t o a ctively c heck c onfigured s ervices a nd upload ...
Page 225 Remote s ite w ith n o n etwork a ccess In t his s cenario t he c onsole s erver a llows d ial-‐in a ccess f or t he N agios s erver. P eriodically, t he N agios s erver w ill establish ...
Page 226: System Management
Chapter 11 System Management SYSTEM MANAGEMENT Introduction This c hapter d escribes h ow t he A dministrator c an p erform a r ange o f g eneral c onsole s erver s ystem a dministration a nd configuration ...
Page 227: Upgrade Firmware
 Pushing t he E rase b utton o n t he r ear p anel t wice. A b all-‐point p en o r b ent p aper c lip i s a s uitable t ool f or t his procedure. ...
Page 228: Configuration Backup
 Select t he S ystem: D ate & T ime m enu o ption.  Manually s et t he Y ear, M onth, D ay, H our, a nd M inute u sing t he D ate a nd T ime s election b oxes, t hen c lick S et Time. ...
Page 229 With a ll c onsole s ervers, y ou c an s ave t he b ackup f ile r emotely o n y our P C a nd y ou c an r estore c onfigurations f rom remote ...
Page 230: Delayed Configuration Commit
 The L ocal C onfiguration B ackup m enu w ill d isplay a ll t he c onfiguration b ackup f iles y ou h ave s tored o nto t he USB ...
Page 231 changes t o a s pecific d evice. F or e xample, c hanges t o a uthentication m ethods o r u ser a ccounts m ay b e g rouped a nd r un once ...
Page 232: Fips Mode
Advanced Console Servers (LES1408A, LES1416A, LES1432A, LES1448A, LES1308A, LES1316A, LES1332A, LES1348A, LES1208A-R2, LES1216A-R2, LES1232A, LES1248A-R2) use an embedded OpenSSL cryptographic module that has been validated to meet the FIPS 140-2 standards and has received Certificate #1051 When ...
Page 233: Status Reports
Chapter 12 Status Reports STATUS REPORTS Introduction This c hapter d escribes t he d ashboard f eature a nd t he s tatus r eports t hat a re a vailable: Port ...
Page 234: Support Reports
 Select S tatus: S tatistics.  You c an f ind d etailed s tatistics r eports b y s electing t he v arious s ubmenus. ...
Page 235: Dashboard
 Enter t he r emote S yslog S erver A ddress a nd S yslog S erver P ort d etails a nd c lick A pply. The ...
Page 236  Click N ext. Note: You can configure a custom dashboard for any admin user or for the admin group, or you can reconfigure the default dashboard. The Status:Dashboard screen is the first screen displayed when admin users (other than root) log into the console manager.
Page 237 Note: The Alerts widget is a new screen that shows the current alerts status. When an alert gets triggered, a corresponding .XML file is created in /var/run/alerts/. The dashboard scans all these files and displays a summary status in the alerts widget.
Page 238: Creating Custom Widgets For The Dashboard
12.5.2 C reating c ustom w idgets f or t he D ashboard T o r un a c ustom s cript i nside a d ashboard w idget: Create ...
Page 239: Management
Chapter 13 Management MANAGEMENT Introduction The c onsole s erver h as a s mall n umber o f M anage r eports a nd t ools t hat a re a vailable t o b oth A dministrators a nd U sers: Access ...
Page 240: Port And Host Logs
13.2 Port a nd H ost L ogs Administrators a nd U sers c an v iew l ogs o f d ata t ransfers t o c onnected d evices. ...
Page 241: Sdt Connector Access
13.3.1.2 Web Terminal to Serial Device To enable the Web Terminal service for each serial port you want to access:  Select Serial & Network: Serial Port and click Edit. Ensure the serial port is in Console Server Mode.  Check Web Terminal and click Apply. Administrator and Users can communicate directly with serial port attached devices from their browser: ...
Page 242: Power Management
13.4 Power M anagement Administrators a nd U sers c an a ccess a nd m anage t he c onnected p ower d evices. ...
Page 243: Configuration From The Command Line
Chapter 14 Command Line Configuration CONFIGURATION F ROM T HE C OMMAND L INE Introduction For those who prefer to configure their console server at the Linux command line level (rather than use a browser and the Management Console), this chapter describes how to use command line access and the config tool to manage the ...
Page 244 This chapter is not intended to teach you Linux. We assume you already have a certain level of understanding before you execute Linux kernel level commands. The c onfig t ool Syntax config [ -‐ ahv ] [ -‐ d i d ] [ -‐ g i d ] [ -‐ p p ath ] [ -‐ r c onfigurator ] [ -‐ s i d=value ] [ -‐ P i d ] Description ...
Page 245 -‐e -‐ -‐export=file Save a ctive c onfiguration t o f ile. -‐ i -‐ -‐import=file Load ...
Page 246: Serial Port Configuration
Note: The config command does not verify whether the nodes edited/added by the user are valid. This means that any node may be added to the tree. If a user runs the following command: # /bin/config -s config.fruit.apple=sweet The configurator will not complain, but this command is useless. When the configurators are run (to turn the config.xml file into live config) they will simply ignore this <fruit>...
Page 247 Console s erver m ode The c ommand t o s et t he p ort i n p ortmanager m ode: # c onfig -‐ s c onfig.ports.port5.mode=portmanager To ...
Page 248 Terminal s erver m ode Enable a T TY l ogin f or a l ocal t erminal a ttached t o s erial p ort 5 : # ...
Page 249: Adding And Removing Users
14.3 Adding a nd r emoving U sers First, d etermine t he t otal n umber o f e xisting U sers ( if y ou h ave n o e xisting U sers y ou c an a ssume t his i s 0 ): # ...
Page 250: Adding And Removing User Groups
# c onfig -‐ s c onfig.sdt.hosts.host5.users.total=2 ( total n umber o f u sers h aving a ccess t o h ost) To edit any of the user element values, use the same approach as when adding user elements, that is, use the “-‐s” parameter. ...
Page 251: Authentication
The f ollowing c ommand w ill s ynchronize t he l ive s ystem w ith t he n ew c onfiguration: # c onfig -‐ a 14.5 ...
Page 252 # c onfig -‐ g c onfig.sdt.hosts.total Assume t his v alue i s e qual t o 3 . I f y ou a dd a nother h ost, m ake s ure y ou i ncrement t he t otal n umber o f h osts f rom 3 t o 4 : # ...
Page 253: Trusted Networks
To g et t he c urrent n umber o f m anaged d evices: # c onfig -‐ g c onfig.devices.total Assuming w e a lready h ave o ne m anaged d evice, o ur n ew d evice w ill b e d evice 2 . I ssue t he f ollowing c ommands: # ...
Page 254: Ups Connections
# c onfig -‐ s c onfig.cascade.slaves.slave1.ports=16 T he t otal n umber o f s laves m ust a lso b e i ncremented. I f t his i s t he f irst s lave y ou’re a dding, t ype: # ...
Page 255: Rpc Connections
The five commands below will add the UPS to Managed devices. Assuming there are already two managed devices configured: # c onfig -‐ s " config.devices.device3.connections.connection1.name=My U PS" # ...
Page 256: Environmental
# c onfig -‐ s c onfig.ports.port2.power.type=APC 7 900 # c onfig -‐ s c onfig.ports.port2.power.name=MyRPC # c onfig -‐ s " config.ports.port2.power.description=RPC i n r oom 5 " # ...
Page 257: Managed Devices
Make s ure y ou u se t he t otal + 1 f or t he n ew d evice b elow: # c onfig -‐ s c onfig. d evices.device5.connections.connection1.name=Envi4 # ...
Page 258: Alerts
Assume t he r emote l og s erver n eeds a u sername ' name1' a nd p assword ' secret': # c onfig -‐ s c onfig.eventlog.server.username=name1 # ...
Page 259 Pattern M atch A lert To t rigger a n a lert i f t he r egular e xpression ' .*0.0% i d' i s f ound i n s erial p ort 1 0's c haracter s tream. # ...
Page 260: Smtp & Sms
# c onfig -‐ s c onfig.alerts.alert2.enviro.low.critical=50 # c onfig -‐ s c onfig.alerts.alert2.enviro.low.warning=70 # c onfig -‐ s c onfig.alerts.alert2.rpc1=RPCInRoom20 # c onfig -‐ s c onfig.alerts.alert2.sensor=load # ...
Page 261: Snmp
# c onfig -‐ s c onfig.system.smtp.password2=secret # c onfig -‐ s c onfig.system.smtp.subject2=SMTP a lerts The f ollowing c ommand w ill s ynchronize t he l ive s ystem w ith t he n ew c onfiguration: # ...
Page 262: Date And Time Settings
# c onfig -‐ s c onfig.interfaces.wan.dns2=192.168.0.2 # c onfig -‐ s c onfig.interfaces.wan.mode=static # c onfig -‐ s c onfig.interfaces.wan.media=[ A uto | 1 00baseTx-‐FD | 1 00baseTx-‐HD | 1 0baseT-‐HD ] 1 0baseT-‐FD To ...
Page 263: Dial-In Settings
# c onfig -‐ r t ime 14.20 Dial-‐in s ettings To e nable d ial-‐in a ccess o n t he D B9 s erial p ort f rom t he c ommand l ine w ith t he f ollowing a ttributes: Local ...
Page 264: Services
IP p ool 1 s tart a ddress 192.168.0.20 IP p ool 1 e nd a ddress 192.168.0.100 Reserved I P a ddress ...
Page 265: Nagios
# c onfig -‐ a 14.23 NAGIOS To c onfigure N AGIOS w ith t he f ollowing s ettings: NAGIOS h ost n ame ...
Page 266: Advanced Configuration
Chapter 15 Advanced Configuration ADVANCED CONFIGURATION Introduction Black B ox c onsole s ervers r un t he e mbedded L inux o perating s ystem. S o A dministrator c lass u sers c an c onfigure t he console ...
Page 267: Running Custom Scripts When Alerts Are Triggered
Another s cenario w ould b e t o c all a nother c ustom s cript f rom t he / etc/config/rc.local f ile, m aking s ure t hat y our c ustom script ...
Page 268: Example Script - Power Cycling On Pattern Match
15.1.3 Example s cript -‐ P ower C ycling o n P attern M atch For e xample, w e h ave a n R PC ( PDU) c onnected t o p ort 1 o n a c onsole s erver a nd a lso h ave a t elecommunications d evice connected ...
Page 269 This c reates a n o bvious c omplication b ecause t his s cript d oes N OT c heck f or a ny o ther d ependencies t hat t he n ode being ...
Page 270 cp / etc/config/config.xml / etc/config/config.bak echo " backup o f / etc/config/config.xml s aved i n / etc/config/config.bak" if [ -‐ z $ NUMBER ] # t est w hether a s ingular n ode i s b eing \ #deleted ...
Page 271: Power Cycle Any Device When A Ping Request Fails
-‐e ' s/ / =/'`" done let C OUNTER++ done # d eleting l ast u ser ...
Page 272: Running Custom Scripts When A Configurator Is Invoked
The p ing-‐detect s cript The a bove i s j ust o ne e xample o f u sing t he p ing-‐detect s cript. T he i dea o f t he s cript i s t o r un a ny n umber o f c ommands when ...
Page 273: Backing-Up The Configuration And Restoring Using A Local Usb Stick
The s olution i s t o c reate a c ustom s cript t hat r uns a fter e ach c onfigurator r uns. A fter e ach c onfigurator r uns, i t w ill c heck whether ...
Page 274: Backing-Up The Configuration Off-Box
To l oad a ny o ther c onfig f ile: # / etc/scripts/backup-‐usb l oad { filename} The / etc/scripts/backup-‐usb s cript c an b e e xecuted d irectly w ith v arious C OMMANDS o r c alled f rom o ther c ustom s cripts you ...
Page 275: Advanced Portmanager
15.2 A dvanced P ortmanager Black B ox’s p ortmanger p rogram m anages t he c onsole s erver s erial p orts. I t r outes n etwork c onnection t o s erial p orts, checks ...
Page 276: External Scripts And Alerts
user1 user2 Port 2 : user1 Port 8 : user2 T he a bove o utput i ndicates t hat a u ser n amed “ user1” i s a ctively c onnected t o p orts 1 a nd 2 , w hile “ user2” i s c onnected to ...
Page 277: Raw Access To Serial Ports
echo " Welcome t o p ort $ PORT $ USER" < / etc/config/pmshell-‐start.sh> The r eturn v alue f rom t he s cript c ontrols w hether t he u ser i s a ccepted o r n ot, i f 0 i s r eturned ( or n othing i s d one o n exit ...
Page 278: Ip Filtering
Modem i nitialization s trings: To o verride t he s tandard m odem i nitialization s tring e ither u se t he M anagement C onsole ( refer C hapter 5 ) o r t he command ...
Page 279: Snmp Status Reporting
iptables – -‐append I NPUT \ –-‐match s tate – -‐state E STABLISHED,RELATED – -‐jump A CCEPT # E xplicitly a ccept a ny c onnections f rom c omputers o n # ...
Page 280: Check Firewall Rules
15.5.2 Check firewall rules  Select System: Services and ensure the SNMP daemon box has been checked for the interface required. This will allow SNMP requests through the firewall for the specified interface. 15.5.3 Enable SNMP Service The console server supports different versions of SNMP including SNMPv1, SNMPv2c and SNMPv3. SNMP, although an industry standard, brings with it a variety of security concerns.
Page 281 The Engine ID is used to localize the SNMPv3 user. It will be automatically generated from a Network Interface (eth0) hardware address, if left blank, or must be entered as a hex value e.g. 0x01020304. Specify the Security Level: noauth No authentication or encryption is required.
Page 282  Setup serial ports and devices as per operational requirements such as UPS, RPC/PDU and EMD  Copy the mibs from /etc/snmp/mibs on the Black Box product to a local directory using scp or Winscp. For example: scp root@im4004:/etc/snmp/mibs/*  Using the snmpwalk and snmpget commands, the status information can be retrieved from any console server.
Page 283 Authentication Password Privacy Protocol – DES or AES Privacy Password A mib browser may be used to explore the Black Box enterprise MIB structure. For example, the ogStatus tree is shown below: 15.5.4 Adding multiple remote SNMP managers You can add multiple SNMP servers for alert traps add the first and second SNMP servers using the Management Console (refer Chapter 7) or the command line config tool.
Page 284 Log in to the console server’s command line shell as root or an admin user. Refer back to the Management Console UI or user documentation for descriptions of each field. To set the SNMP Manager Address field: config –set="config.system.snmp.address3=w.x.y.z" .. replacing w.x.y.z with the IP address or DNS name. To set the Manager Trap Port field config --set=”config.system.snmp.trapport3=162”...
Page 285: Secure Shell (Ssh) Public Key Authentication
15.6 Secure S hell ( SSH) P ublic K ey A uthentication This s ection c overs h ow t o g enerate p ublic a nd p rivate k eys i n a L inux a nd W indows e nvironment a nd c onfigure S SH f or public ...
Page 286: Installing The Ssh Public/Private Keys (Clustering)
Create a n ew d irectory t o s tore y our g enerated k eys. Y ou c an a lso n ame t he f iles a fter t he d evice t hey w ill b e u sed f or. For ...
Page 287 root@192.168.0.1:/etc/config/users/fred/.ssh/authorized_keys The a uthorized_keys f ile o n t he c onsole s erver n eeds t o b e o wned b y " fred", s o l ogin t o t he M anagement C onsole a s root ...
Page 288: Generating Public/Private Keys For Ssh (Windows)
More d ocumentation o n O penSSH c an b e f ound a t: http://openssh.org/portable.html http://www.openbsd.org/cgi-‐bin/man.cgi?query=ssh&sektion=1 http://www o penbsd.org/cgi-‐bin/man.cgi?query=sshd. 15.6.5 Generating p ublic/private k eys f or S SH ( Windows) This ...
Page 289 Execute t he P UTTYGEN.EXE p rogram. Select t he d esired k ey t ype S SH2 D SA ( you m ay u se R SA o r D SA) w ithin t he P arameters s ection. It ...
Page 290: Fingerprinting
#!/bin/sh ssh -‐ L9001:127.0.0.1:4001 -‐ N -‐ o S trictHostKeyChecking=no t estuser@<server-‐ip> & This w ill r un t he t unnel r edirecting l ocal p ort 9 001 t o t he s erver p ort 4 001. 15.6.6 ...
Page 291 As d etailed i n C hapter 4 , t he S erver c onsole s erver i s s etup i n C onsole s erver m ode w ith e ither R AW o r R FC2217 e nabled and ...
Page 292 To g enerate t he k eys u sing O penBSD's O penSSH s uite, w e u se t he s sh-‐keygen p rogram: $ s sh-‐keygen -‐ t [ rsa|dsa] Generating ...
Page 293: Sdt Connector Public Key Authentication
For e xample, a ssume w e a lready h ave o ne s erver, c alled b ridge_server, a nd t wo s ets o f k eys, f or t he c ontrol_room a nd the ...
Page 294: Https
OpenSSL is based on the excellent SSLeay library developed by Eric A. Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an Apache-‐style licence, which basically means that you are free to get and use it for commercial and non-‐commercial purposes subject to some simple license conditions. In the console server, OpenSSL is used primarily in ...
Page 295: Launching The Https Server
or u sing P SCP: pscp -‐ scp s sl_key.pem r oot@<address o f u nit>:/etc/config/ pscp -‐ scp s sl_cert.pem r oot@<address o f u nit>:/etc/config/ PuTTY ...
Page 296 -‐f, -‐ -‐flash Turn b eacon O N f or t argets ( if i mplemented b y R PC). -‐u, -‐ -‐unflash Turn ...
Page 297: The Pmpower Tool
15.9.2 The p mpower t ool The p mpower u tility i s a h igh l evel t ool f or m anipulating r emote p reconfigured p ower d evices c onnected t o t he c onsole server ...
Page 298: Ipmitool
<powerstrip> <id>Name o r I D o f t he d evice s upport</id> <outlet p ort="port-‐id-‐1">Display P ort 1 i n m enu</outlet> ...
Page 299 [ -‐L < privlvl>] [ -‐a|-‐E|-‐P|-‐f < password>] ...
Page 300 -‐o < oemtype> Select O EM t ype t o s upport. T his u sually i nvolves m inor h acks i n p lace i n t he c ode t o w ork a round q uirks i n various ...
Page 301: Custom Development Kit (Cdk)
c hassis G et c hassis s tatus a nd s et p ower s tate ...
Page 302: Scripts For Managing Slaves
The C DK e ssentially p rovides a s napshot o f t he B lack B ox b uild p rocess ( taken a fter t he p rograms h ave b een c ompiled and ...
Page 303: Multicast
Devices can be connected with serial port, infrared or USB. 15.14 Multicast By default, all Black Box console servers come with Multicasting enabled. Multicasting provides Black Box products with the ability to simultaneously transmit information from a single device to a select group of hosts.
Page 304: Zero Touch Provisioning
Create an OPG backup of the templated golden master appliance. Restore this configuration to each target devices via the CLI, web UI or using a USB thumb drive. Login via the CLI to complete configuration using setup-wizard. (Optional) On Lighthouse, use enrollment-wizard to automatically place appliances under management. This may be local/routable appliances, or remote appliances that have automatically Call Home using callhome-wizard.
Page 305: How It Works
1. Generate an X.509 certificate for the client. Place it and its private key file onto a USB flash drive (concatenated as a single file, client.pem). 2. Set up a HTTPS server that restricts access to the .opg or .xml file for HTTPS onnections providing the client certificate.
Page 306 Substring Replaced by Example ${model} the full model name, in lowercase acm5504-5-g-w-i ${class} the firmware hardware class ACM550x ${version} the firmware version number 3.15.1 The resulting URL must end in .opg or .xml (an optional ?query-string is permitted). It is doesn't, then it is skipped and the next URL is tried.
Page 307: Appendix A: Linux Commands & Source Code
Appendix A Linux Commands & Source Code The console server platform is a dedicated Linux computer, optimized to provide m onitoring and secure access to serial and n etwork c onsoles o f c ritical s erver s ystems a nd t heir s upporting p ower a nd n etworking i nfrastructure. Black Box console servers are built on the 2.4 uCLinux kernel as developed by the uCLinux project. This is GPL code and ...
Page 308 gen-‐keys SSH k ey g eneration p rogram getopt * Parses c ommand o ptions gettyd Getty d aemon grep * Print l ines m atching a p attern gunzip ...
Page 309 ping6 IPv6 p ing pkill Sends a s ignal t o p rocess(es) s elected b y r egex p attern pmchat Black B ox c ommand s imilar t o t he s tandard c hat c ommand ( via p ortmanager) pmdeny ...
Page 310 tar * The t ar a rchiving u tility tc Show t raffic c ontrol s ettings tcpdump Dump t raffic o n a n etwork telnetd ...
Page 311 Network U PS T ools ( NUT) p rovides r eliable m onitoring o f U PS a nd P DU h ardware a nd e nsure s afe s hutdowns o f •...
Page 312 hash [-r] [-p pathname] [name ...] until COMMANDS; do COMMANDS; done help [-s] [pattern ...] variables - Some variable names an wait history [-c] [-d offset] [n] or hi if COMMANDS; then COMMANDS; [ elif while COMMANDS; do COMMANDS; jobs [-lnprs] [jobspec ...] or job kill [-s done { COMMANDS ;...
Page 313: Appendix B: Hardware Specification
Appendix B Hardware Specifications FEATURE VALUE Dimensions LES1408A/16A/32A/48A, L ES1308A/16A/32A/48A, LES1208A-‐R2/16A-‐R2/32A/48A-‐R2: 1 7 x 1 2 x 1 .75 i n ...
Page 314: Appendix C: Safety & Certifications
Appendix C Safety & Certifications Please t ake c are t o f ollow t he s afety p recautions b elow w hen i nstalling a nd o perating t he c onsole s erver: ...
Page 315: Appendix D: Connectivity, Tcp Ports & Serial I/O
Serial Port Pinout Black Box console servers come with one to forty eight serial connectors (notated SERIAL or SERIAL PORTS) for the RS-232 serial ports:...
Page 316 RJ-45 or DB25 M to RJ-45 adapters with standard UTP Cat 5 cable. To connect the LOCAL console ports to modems (for out of band access) use the adapter with standard UTP Cat 5 cable. Each Black Box console server is supplied with UTP Cat 5 cables. _____________________________________________________________________ Page 316 724-746-5500 | blackbox.com...
Page 317 RS-232 Standard Pinouts The RS-232 pinout standards for the DB9 (and DB25) connectors are tabled below: DB25 SIGNAL DEFINITION Protective Ground Transmitted Data Received Data Request To Send Clear To Send Data Set Ready Signal Ground Received Line Signal Detector Reserved for data set testing Reserved for data set testing Unassigned...
Page 318 Connectors included in console server The LES1508A, LES1516A, LES1532A, LES1548A have the Cisco pinout by default and ship with “cross-over”/“straight” RJ-45-DB9 connectors: DB9F-RJ45S straight connector DB9F-RJ45S cross- over connector Part # LES1516A-9FT The LES1200/LES1300/LES1400 all have the Console server Classic pinout and ship with a “cross-over” and a “straight” RJ45-DB9 connector for connecting to other vendor’s products: DB9F-RJ45S straight connector...
Page 319 DB9F-RJ45S cross- over connector _____________________________________________________________________ Page 319 724-746-5500 | blackbox.com...
Page 320 TCP/UDP Port Numbers Port numbers are divided into three ranges: Well Known Ports, Registered Ports and Dynamic and/or Private Ports. Well Known Ports are those from 0 through 1023. Registered Ports are those from 1024 through 49151. Dynamic and/or Private Ports are those from 49152 through 65535. Well Known Ports are assigned by IANA, and on most systems, can only be used by system processes or by programs executed by privileged users.
Page 321 Serial Port Pinouts –LES1508A Each serial RJ-45 ports on these models can be software selected to be RS-232, RS-422 or RS-485. • For RS232 they have the Cisco pinout Signal Direction RS422 Signal Description Input Receive Data • For RS-422 mode it’s 4-wire full duplex transmit Receive Data on TX+/TX- pair, receive on RX+/RX- pair with Input...
Page 322 Serial Port Pinouts –LES1101A-R2 The LES1101A-R2 has one DB9 serial port that can selected to be an RS232, RS485 or RS422 port. By default the LES1101A-R2 is configured in RS232 mode (with a vertical jumper in place on the left hand SEL pins). To set the port in RS-422 or RS-485 mode you must remove the SEL jumper and then configure the Signaling Protocol using the Management Console.
Page 323 RS-422 uses a full duplex transmit on TX+ (Transmit Data +) / TX- (Transmit Data -) pair, receive on RX+ (Receive Data +) / RX- (Receive Data –) pair. RS-485 uses half duplex over single pair. For RS-485 which is a 2-wire bus that drives D+ and D- from a native 4-wire interface you need to loop 3-6 and 2-7 on the DB-9.
Page 324: Appendix E: Terminology
Appendix E Terminology TERM MEANING Third-generation cellular technology. The standards that determine 3G call for greater bandwidth and higher speeds for cellular networks The Advanced Encryption Standard (AES) is a new block cipher standard to replace DES, developed by NIST, the US National Institute of Standards and Technology.
Page 325 Domain Name System that allocates Internet domain names and translates them into IP addresses. A domain name is a meaningful and easy to remember name for an IP address. Dial Up Networking Encryption The technique for converting a readable message (plaintext) into apparently random material (ciphertext) which cannot be read if intercepted.
Page 326 Network File System is a protocol that allows file sharing across a network. Users can view, store, and update files on a remote computer. Network Time Protocol (NTP) used to synchronize clock times in a network of computers OUT OF BAND Out-of-Band (OOB) management is any management done over channels and interfaces that are separate from those used for user/customer data.
Page 327 TCP/IP Transmission Control Protocol/Internet Protocol. The basic protocol for Internet communication. TCP/IP address Fundamental Internet addressing method that uses the form nnn.nnn.nnn.nnn. Telnet Telnet is a terminal protocol that provides an easy-to-use method of creating terminal connections to a network. User Datagram Protocol Coordinated Universal Time.
Page 328 Software, you agree to be bound by the terms of this EULA. If you do not agree to the terms of this EULA, Black Box is not willing to license the Software to you. In such event, do not use or install the Software.
Page 329 Black Box or its authorized retailer. Proof of date of purchase will be required. Any updates to the Software provided by Black Box (which may be provided by Black Box at its sole discretion) shall be governed by the terms of this EULA.
Page 330 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. The names of the authors may not be used to endorse or promote products derived from this software without specific prior written permission.
Page 331 b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License.
Page 332 6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License.
Page 333 OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Page 334 About Black Box Black Box Network Services is your source for an extensive range of networking and infrastructure products. You’ll find everything from cabinets and racks and power and surge protection products to media converters and Ethernet switches all supported by free, live 24/7 Tech support available in 60 seconds or less.

This manual is also suitable for:

Les1316a Les1416a Les1308a Les1516a Les1408a Les1232a ... Show all

Black Box LES1208A-R2 User Manual

1 Overview

2 Installation

3 System Configuration

4 Serial Port and Network Host

5 FIREWALL, FAILOVER and Oob DIAL-IN

6 Secure SSH Tunneling and SDT Connector

7 Alerts and Logging

8 Power and Environmental Management

9 Authentication

10 Nagios Integration

11 System Management

12 Status Reports

13 Management

14 Configuration from the Command Line

15 Advanced Configuration

Quick Links

Related Manuals for Black Box LES1208A-R2

Summary of Contents for Black Box LES1208A-R2