MergePoint™ 5224/5240 Installer and Administrator Guide For Technical Support: www.avocent.com/support Avocent Corporation 4991 Corporate Drive Huntsville, Alabama 35805-6201 USA Tel: +1 256 430 4000 Fax: +1 256 430 4031 Avocent Asia Pacific Singapore Branch Office 100 Tras Street, #15-01 Amara Corporate Tower Singapore 079027 Tel: +656 227 3773 Fax: +656 223 9155 Avocent International Ltd.
USA Notification Warning: Changes or modifications to this unit not expressly approved by the party responsible for compliance could void the user’s authority to operate the equipment. Note: This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment.
MergePoint™ 5224/5240 Service Processor Manager Installer and Administrator Guide Avocent, the Avocent logo, The Power of Being There, Cyclades, MergePoint and DSView are trademarks or registered trademarks of Avocent Corporation or its affiliates. All other marks are the property of their respective owners. © 2007 Avocent Corporation. All rights reserved.
Instructions This symbol is intended to alert the user to the presence of important operating and maintenance (servicing) instructions in the literature accompanying the appliance. Dangerous Voltage This symbol is intended to alert the user to the presence of uninsulated dangerous voltage within the product’s enclosure that may be of sufficient magnitude to constitute a risk of electric shock to persons. Power On This symbol indicates the principal on/off switch is in the on position.
iii T A B L E O F C ON T E N T S Table of Contents List of Figures ................................................................................................................. ix List of Tables ................................................................................................................... xi Chapter 1: Installation Introduction ............................................................................... 1 MergePoint 5224/5240 SP Manager Connectors...............................
iv MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide Security Profiles............................................................................................................................... 25 Services ............................................................................................................................................ 27 Telnet on the MergePoint 5224/5240 SP Manager .........................................................................
Table of Contents v Configuring virtual networks (DNAT)...................................................................................... 52 Tasks for configuring IP addresses .......................................................................................... 52 Data Buffering on the MergePoint 5224/5240 SP Manager ........................................................... 52 Firewall/Packet Filtering on the MergePoint 5224/5240 SP Manager .......................................... 53 Chains .
vi MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide Network boot options................................................................................................................ 76 Configuring Outbound Email .......................................................................................................... 77 Configuring an Alternate Help File Location..................................................................................
Table of Contents vii Configuring VPN Connections ...................................................................................................... 104 Configuring Private Subnets and Virtual Networks ...................................................................... 106 Viewing Status Information about Active Sessions........................................................................ 107 Viewing System Information .............................................................................
viii MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide Batch mode ............................................................................................................................. 144 cli Options...................................................................................................................................... 144 cli Parameters and Arguments ......................................................................................................
ix LIST OF FIGU RES List of Figures Figure 1.1: SP Manager Front With PCMCIA Card Slots and Two AC Power Inlets ..................... 1 Figure 1.2: SP Manager Rear With Ethernet, AUX and Console Ports ........................................... 2 Figure 1.3: LEDs for Public and Private Ethernet Ports, AUX and Console Ports (Rear).............. 3 Figure 2.1: Basic Installation Connections Illustrated ..................................................................... 7 Figure 2.
x MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide
xi LIST OF TABLES List of Tables Table 1.1: MergePoint 5224/5240 SP Manager Models ................................................................... 1 Table 1.2: Ports on the Rear.............................................................................................................. 2 Table 1.3: LED Descriptions ............................................................................................................. 3 Table 2.1: Methods for Enabling Web Manager Access .........................
xii MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide Table 5.4: Fields for Configuring an Email Notification ................................................................ 93 Table 5.5: Fields for Configuring Pager Sensor Alarms................................................................. 95 Table 5.6: Fields for Configuring Email Sensor Alarms................................................................. 96 Table 5.
1 CHAPTER Installation Introduction 1 This chapter describes the available models, the private and public Ethernet ports, LEDs, power connectors and all other connectors on the MergePoint™ 5224/5240 service processor (SP) manager and provides additional prerequisite information useful throughout this guide.
2 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide Table 1.1: MergePoint 5224/5240 SP Manager Models (Continued) Model Power Supplies Power Type Private Ethernet Ports MergePoint 5240 DAC 2 AC 40 MergePoint 5224 DDC 2 DC 24 MergePoint 5240 DDC 2 DC 40 Figure 1.2 illustrates the rear of a MergePoint 5240 SP manager model with 40 private 10/100 Ethernet ports. Figure 1.2 also shows the two public Ethernet ports and other standard ports on the rear of all models.
Chapter 1: Installation Introduction 3 LEDs On the rear of the SP manager, two LEDs on each port provide status information about the ports. A C B D E F MERGEPOINT TM 5240 G H Figure 1.3: LEDs for Public and Private Ethernet Ports, AUX and Console Ports (Rear) Table 1.3: LED Descriptions Label Label Function Color/Status A and C (the left LED on all Ethernet ports) ACT Monitor Ethernet activity • • OFF – Indicates no activity. Green – Blinks for any activity.
4 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide Modem Types and Options Modems can be connected to the MergePoint 5224/5240 SP manager in one of the two following ways: • An external modem can be connected to the AUX port on the back • A PC modem card can be inserted into a PCMCIA slot on the front Power Management Unit Options Cyclades® Power Management (PM) Intelligent Power Distribution Units (IPDUs) can be connected to the AUX port on a MergePoint 5224/5240 SP ma
Chapter 1: Installation Introduction 5 • Connect products that have dual power supplies to two separate power sources, for example, one commercial circuit and one uninterruptible power supply (UPS). The power sources must be independent of each other and must be controlled by separate circuit breakers. • For products that have AC power supplies, ensure that the voltage and frequency of the power source match the voltage and frequency on the label on the equipment.
6 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide
7 CHAPTER 2 Basic Installation Procedures This chapter describes basic installation of the MergePoint 5224/5240 SP manager, including how to assign it an IP address needed for remote configuration or for access to connected target devices. Figure 2.1 illustrates one possible configuration for a 40 port model with one power supply. Power Source Internet Ethernet Remote User Dedicated Ethernet Port on an SP or Other Device MERGEPOINT TM 5240 Console User Figure 2.
8 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide CAUTION: Before you start installation, make sure you review and follow the safety precautions listed in Safety Precautions and Other Requirements on page 4. For how to perform optional advanced procedures (connecting PC cards, IPDUs and external modems), see Chapter 3.
Chapter 2: Basic Installation Procedures 9 To rack mount the SP manager: 1. 2. Attach the right bracket to the right side and the left bracket to the left side. a. For each bracket, insert four screws through the bracket’s holes into the appropriate holes at either the front or rear. b. Use a Phillips screwdriver to tighten the screws. Use the appropriate mounting hardware to mount the SP manager to the rails.
10 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide Connecting Devices The 24 or 40 Ethernet ports on the left side of the rear of the MergePoint 5224/5240 SP manager are for private connections to SPs or other devices. CAUTION: To comply with FCC and CE certification requirements, use shielded cables when connecting devices to the private Ethernet ports. To prepare to connect devices: 1. Make sure all configuration is complete on devices to be connected. 2.
Chapter 2: Basic Installation Procedures 11 To connect DC power terminal blocks to a DC power source and power up: 1. Make sure the SP manager’s power switch(es) are off. 2. Perform the following steps twice to wire both terminal blocks to independent power sources. a. Loosen the hex screw labeled RTN, attach the red wire (positive) from the DC power supply to the screw and tighten the screw again. b.
12 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide -48vdc +25% - 36% 6a RTN -48vdc Green Ground Wire Ground Figure 2.4: Wiring the DC Power Terminal to Ground 3. Power up the SP manager.
Chapter 2: Basic Installation Procedures 13 Table 2.1: Methods for Enabling Web Manager Access (Continued) Method Considerations Where Described Use the default IP address 192.168.160.10 to bring up a Web Manager to set a fixed IP address. You must temporarily change the network portion of the IP address of a computer on the same subnetwork to be able to use the default IP address in launching the Web Manager.
14 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide To configure basic network parameters using a terminal: 1. Using either a terminal or a terminal emulation program installed on a computer that is connected to the SP manager, start a session with the following console port settings: Serial Speed: 9600 bps, Parity: None, Flow Control: None, Data Length: 8 bits, Stop Bits: 1 and ANSI emulation. 2.
Chapter 2: Basic Installation Procedures 1. Use the SP manager’s dynamically assigned IP address in a browser to bring up the Web Manager. 2. Finish configuring target devices, users, and other SP manager parameters using the Web Manager. 3. Make sure that the root user changes the password by logging into the SP manager console. See To change root’s password: on page 15.
16 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide root@172.26.31.222’s password: cyclades 3. Enter the passwd command, and enter and confirm a new password when prompted. [root@MergePoint5224 /root]# passwd Selecting a Security Profile, Adding Users and Configuring Target Devices Using the Web Manager For the configuration tasks the administrator must perform, see Chapter 4. These tasks include selecting a security profile, adding users and configuring target devices.
17 CHAPTER Advanced Installation Topics and Tasks 3 Installing PC Cards in the Front Card Slots Two PC cards of different types can be installed in any order. Two PC cards of the same type, however, must be installed with the card in slot 1 configured first, followed by the card in slot 2.
18 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide 1. Eject the card. 2. If only one slot is currently in use, insert and configure the new card. -or- If both slots are in use, press the buttons next to both slots on the front of the SP manager. Then insert and configure the new card. Connecting an External Modem to the AUX Port An external modem can be connected to the AUX port on the back of the SP manager and then connected to the telephone network.
Chapter 3: Advanced Installation Topics and Tasks 19 Connecting One or More IPDUs to the AUX Port You can daisy-chain any combination of Cyclades PM IPDUs to the AUX port with up to a total of 128 outlets. This procedure requires the following cables: • A straight-through RJ-45 to RJ-45 CAT 5 or greater cable for connecting the IPDU to the SP manager and another cable for each IPDU to be daisy-chained NOTE: Do not plug the SP manager into an IPDU that is connected to the SP manager’s AUX port.
20 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide
21 CHAPTER 4 Administration Introduction An administrator configures the MergePoint 5224/5240 SP manager after installation to set up user authorizations and authentication, and to control access to target devices. An administrator also performs maintenance activities such as upgrading the firmware. DSView 3 management software, which provides a single interface for controlling multiple appliances, may be purchased separately and installed on a DSView 3 management software server.
22 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide MergePoint 5224/5240 SP Manager Authentication Options The administrator can configure many common authentication methods for logins to the SP manager or to target devices. By default, all logins to the SP manager and target devices use Local authentication. See the authentication-related considerations in the following bulleted list.
Chapter 4: Administration Introduction 23 Table 4.1: Supported Authentication Types (Continued) Type (name in cli) Description SP Manager Target Device Kerberos Down/Local Uses local authentication if Kerberos server is down. X X Kerberos/Local Uses local authentication if Kerberos authentication fails. X X Local/Kerberos Uses Kerberos authentication if local authentication fails.
24 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide Table 4.1: Supported Authentication Types (Continued) Type (name in cli) Description SP Manager Target Device RADIUS/Local Uses local authentication if RADIUS authentication fails. X X Local/RADIUS Uses RADIUS authentication if local authentication fails. X X SMB (smb) Uses user/password configured on the SMB authentication server (for Microsoft Windows NT/2000/2003 Domain).
Chapter 4: Administration Introduction 25 The root user must perform the initial configuration manually (not through the Web Manager) as described in Chapter 5. User and Group Configuration On the MergePoint 5224/5240 SP manager, two user accounts, a normal UNIX user and an SP manager-specific user account (called an spmanager user) are needed to give a user access to the SP manager and to authorize the user for access to management functions on target devices.
26 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide • Which services are turned on • Whether a default authentication is specified for all subsequently configured target devices • Whether authorizations are checked (bypassing authorizations is not available in any of the default security profiles, but it can be selected in a custom security profile) The administrative user defines the security profile during initial configuration.
Chapter 4: Administration Introduction 27 Any default authentication type specified in a custom security profile is selected by default whenever a new target device is configured in the Web Manager. The specified authentication type is also assigned by default to any new target device configured using the cli utility. The administrative user is always able to change the authentication type for each individual target device.
28 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide Telnet on the MergePoint 5224/5240 SP Manager Telnet is not encrypted, so the SP manager controls its use to protect communications. By default, the Telnet service is disabled, while a Telnet client is used for proxied communications between users on the public network and target devices on the private network side of the SP manager.
Chapter 4: Administration Introduction 29 DHCP server A DHCP server (dhcpd) is present but disabled on the SP manager by default. The administrator may want to enable the DHCP server to provide fixed IP addresses for connected target devices that are running DHCP client software.
30 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide authentication and encryption lacking in those protocol versions. The SNMP management application can then be used to for SNMP management of the target device. When versions 1 or 2c agents are used to obtain native management access to a target device, no SNMP configuration is needed. Support is implemented entirely through the VPN connection limited by iptables rules that restrict access to particular target devices.
Chapter 4: Administration Introduction 31 Before enabling SNMP, depending on the version of SNMP in use, the administrator will need some or all of the information in the following table. Table 4.5: Values for Configuring SNMP Values Description SysContact Email address of the SP manager administrator SysLocation Location of the SP manager OID Object Identifier. A unique indentifier for each object in an SNMP MIB.
32 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide Table 4.5: Values for Configuring SNMP (Continued) Values Description Encryption • • Crypt pass Optional password used for encryption. Must be either empty or at least eight characters. If used, an authentication password is required.
Chapter 4: Administration Introduction 33 See Chapter 4 for the tasks related to administering SNMP on the SP manager. VPN on the MergePoint 5224/5240 SP Manager As described in the MergePoint 5224/5240 Service Processor Manager User Guide, native IP access to native management features on connected devices is available only after the authorized user has establish a trusted connection.
34 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide Table 4.8 lists the VPN client system requirements and limitations. Table 4.8: VPN Client System Requirements and Limitations IPSec Platform PPTP Windows • Windows XP • Windows 2000 • Windows NT • Windows ME • Windows 98 • Windows 95 with DUN1.
Chapter 4: Administration Introduction 35 Table 4.9: IPSec VPN Configuration Information for Administrators and Users (Continued) Value Name Description Authentication protocol • • Authentication method • RSA public keys • Shared secret Boot action • • • • AH ESP Ignore Add Start Add and route Remote (Right) ID @workstation_name IP address IP address of the user’s workstation. Next hop Leave blank if the user’s workstation and the SP manager are able to exchange packets.
36 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide The administrator must perform the following tasks on the MergePoint 5224/5240 SP manager: • Make sure that the IPSec service is enabled. • Configure an IPSec VPN connection profile. • Give the user the parameters used to configure the IPSec connection profile. One way to do this is to email the user a copy of the relevant portions of SP manager’s ipsec.conf file.
Chapter 4: Administration Introduction 37 The user must perform the following tasks to enable PPTP on the user’s workstation: Make sure the workstation can access the SP manager by entering the SP manager’s public IP address in a browser to try to bring up the Web Manager. • If a network or host route is needed, create a route to the private subnet where the target device resides or to the real or virtual IP address of the target device. • Make sure a PPTP client is running on the user’s workstation.
38 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide DirectCommand on the MergePoint 5224/5240 SP Manager As described in the MergePoint 5224/5240 Service Processor Manager User Guide, DirectCommand allows authorized users to access native management features on connected SPs without requiring a VPN tunnel to be created. An administrator can assign the DirectCommand authorization to users through the Web Manager, the cli utility or DSView 3 software.
Chapter 4: Administration Introduction 39 Syslog servers Syslog servers run on operating systems that support system logging services, usually UNIX-based servers with the syslogd configured. Tasks for configuring syslog messages See Chapter 4 for the tasks related to configuring syslog messages and destinations through the Web Manager. See Chapter 7 for how to use cli to configure syslogging.
40 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide For example, when failover is set, the ifconfig command lists bond0 along with eth0 and eth1 as shown in the following screen example. Note that the HWaddress [MAC address] and inet addr [IP address] are identical for bond0, eth0 and eth1. [root@ONB /]# ifconfig bond0Link encap:Ethernet inet addr:172.20.0.131 HWaddr 00:60:2E:00:4F:97 Bcast:172.20.255.255 Mask:255.255.0.
Chapter 4: Administration Introduction 41 Table 4.12 shows the values to use when configuring Ethernet ports. Table 4.12: Ethernet Port Settings Settings Notes DHCP DHCP is enabled by default on the SP manager’s interfaces. If DHCP is enabled, the SP manager looks for a DHCP server on the same network. If a DHCP server cannot be located, the SP manager falls back to using the default IP address described below.
42 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide Table 4.13 shows the configuration options that apply whether a modem or phone card is being configured through the Web Manager or the cli utility. Table 4.
Chapter 4: Administration Introduction 43 Power Management Options Authorized users and administrators can power down, power up and reboot devices using either IPDU or SP power management after administrators perform the needed configuration using either the Web Manager or the cli utility. • IPDU power management requires that one or more IPDUs are connected to the AUX port and that an administrator has configured the AUX port and authorized users for IPDU power management.
44 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide Notifications can be configured to be sent to an administrator by one of the following methods: • SNMP trap • Pager • Email syslog-ng allows administrators to set up additional alarm triggers to filter messages based on the messages’ facility, level or contents. Alarm triggers must be specified in the following format: function(‘one_or_more_criteria_connected_by_operators’); Supported operators are and, or and not.
Chapter 4: Administration Introduction 45 The following table shows the fields for configuring sensor alarms. Table 4.14: Values for Configuring Sensor Alarms Values Description Device Choose from a list of all target device. Sensor The literal string for the sensor (which can be obtained from the sensor logs from the target device), for example, Sys Fan 1. Condition • • • Range Applies to the INSIDE and OUTSIDE conditions. The low and high thresholds can be any numeric value, including floats.
46 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide Internet Production Network Server Ethernet Port SP Ethernet Port Server Ethernet Port SP Ethernet Port Private Network eth0 (Primary Ethernet Port) MergePoint 5224/5240 SP Manager Figure 4.1: Recommended Target Device Configuration Preparing an addressing scheme Before configuring any target devices, the administrator must plan and implement an IP addressing scheme that reflects the needs of the organization.
Chapter 4: Administration Introduction 47 Internet SP IP: 192.168.49.61 SP IP: 1 92.168.49.60 Appliance-side IP: 192.168.49.254 Public IP: 203.1.2.3 MergePoint 5224/5240 SP Manager Figure 4.2: IP Addressing Example See Address configuration for target devices on page 180 for the details needed for planning and implementing IP addresses. Parameters for configuring target devices The administrator configures connected target devices by assigning parameters described in the following table.
48 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide Table 4.15: Target Device Configuration Parameters (Continued) Parameter Description Login name and password Obtained from the server’s or device’s administrator. Can be different from the username and password pair that the user enters to access the SP manager. Target device group If an administrator has configured one or more target device groups, the target device can be assigned to a target device group.
Chapter 4: Administration Introduction 49 Table 4.15: Target Device Configuration Parameters (Continued) Parameter Description Description A description that helps identify the target device, such as IBM xSeries 306 RSA II. Authentication type The authentication method to be used whenever a user accesses the target device. Can be different from the authentication method used for the SP manager, unless SSH tunneling is used to create a secure path for users who are authorized for native IP access.
50 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide Table 4.16: Values for Configuring Target Device Types (Continued) Parameters Values Notes Command template • none • drac.default • rsa.default • ilo.default • rsa.limited.defaul • alom.default • ipmi_2.0.default, • devconsole.default Target device of the following types do not need a command template: • IPMI-type devices (IPMI devices are managed using ipmitool commands).
Chapter 4: Administration Introduction 51 After configuring a private subnet, the administrator then assigns to each target device the following two address-related parameters: • The name of the private subnet • An address within the private subnet’s address range to be used by the target device when communicating with the SP manager When a target device is not assigned a private subnet, the SP manager attempts to contact the target device using the default route and fails in the attempt, because devi
52 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide Configuring virtual networks (DNAT) The administrator should define a virtual network based on Destination Network Address Translation (DNAT) in the following cases: • When multiple non-contiguous private subnets must be supported by a single network route (or, in the case of IPSec, a single tunnel) on the client for VPN or native IP access.
Chapter 4: Administration Introduction 53 Firewall/Packet Filtering on the MergePoint 5224/5240 SP Manager Packet filtering on the SP manager is controlled by chains and rules that are configured in iptables. For more details about predefined chains and rules, see Chains on page 53 and Rules on page 54.
54 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide Rules Each chain can have one or more rules that define the following: • The packet characteristics being filtered. The packet is checked for characteristics defined in the rule, for example, a specific IP header, input and output interfaces and protocol. • What to do when the packet characteristics match the rule. The packet is handled according to the specified action (called a Rule Target, Target Action or Policy).
Chapter 4: Administration Introduction 55 Any of the options in Table 4.19 can be given the inverted flag, so that the target action is performed on packets that do not match any of the specified criteria. For example, if only the two following criteria are specified - DROP is the target action, and Inverted is specified for a specific source IP address - any packets arriving from any other IP address will be dropped.
56 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide
57 CHAPTER 5 Using the Web Manager Two types of administrative users can access all the Web Manager functions: • An administrator who knows the password for the admin account, which is configured by default • An optionally added administrative user (a regular user whose account is in the admin group) Administrative users, like regular users, can access the Web Manager from a browser using HTTP or HTTPS either over the Internet or through a dial-in or callback PPP connection.
58 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide Features of Administrative Users’ Screens Callouts in the following figure indicate unique features of the Web Manager that appear only when an administrative user logs in. Mgmt Tab Info Tab Network Tab Config Tab Settings Tab Access Tab Wizard Button Validate this Page Button Save and Apply Changes Button Cancel Changes Button Help Button No Unsaved Changes LED Figure 5.
Chapter 5: Using the Web Manager 59 The Wizard button brings up the configuration wizard, as described in Web Manager Wizard on page 60. The Validate this Page button allows the administrative user to try the configuration changes on a page without saving them. The Save and Apply Changes button saves the changes into the configuration files. The Cancel Changes button leaves the configuration files unchanged and the No Unsaved Changes LED stops blinking.
60 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide Web Manager Wizard Clicking the Wizard button brings up a window with a list of options in the left menu for performing basic configuration of the SP manager. Figure 5.3: MergePoint 5224/5240 SP Manager Configuration Wizard Screen After the Next button is clicked on the last screen of the Wizard, the screen shown in Figure 5.4 appears.
Chapter 5: Using the Web Manager 61 Changing the Administrative User’s Password in the Wizard The Administrator password option on the Wizard menu brings up a window for changing the password of the currently logged in administrative user. CAUTION: If the default password cyclades is still in effect, changing the password now is essential to reduce the risk of intrusion. Leaving the password unchanged leaves a security breach that makes all connected equipment vulnerable.
62 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide 6. Click OK. The security profile confirmation screen appears. 7. Click Save and apply changes. 8. Click Next, if desired, to go to the next Wizard screen. Configuring Network Interfaces in the Wizard By selecting the Network interfaces option from the Wizard menu, the administrative user can configure network interfaces and Ethernet ports.
Chapter 5: Using the Web Manager 63 To configure the network interfaces (Wizard): 1. Click the Wizard button. 2. Select the Network interfaces option in the left menu bar. 3. Modify the name in the Host name field, if desired. 4. Enter or modify an existing DNS domainname in the Domain name field. 5. Enter or modify the IP address for a primary DNS server into the Primary DNS field. 6. Enter or modify the IP address for a secondary DNS server in the Secondary DNS field. 7.
64 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide Subnets and Virtual DNAT Networks on the MergePoint 5224/5240 SP Manager on page 50 and in more detail in Target Device Configuration on page 169. At least one subnet is needed to enable devices that are connected to the SP manager’s private Ethernet ports to communicate on the Internet via the SP manager’s public IP address. Any number of private subnets may be configured.
Chapter 5: Using the Web Manager 65 To configure a private subnet and optional virtual network (Wizard): 1. Click the Wizard button. 2. Select the Subnets left menu option. 3. Under Virtual Network (DNAT) configuration, enter the IP address within the virtual network’s network address range in the Address field. 4. Enter a netmask in the Netmask field. 5. Click Save and apply changes. 6. Click Next, if desired, to go to the next Wizard screen.
66 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide 5. Enter the username and password pair used for logging into the device in the Login and Password fields and retype the password to verify. 6. If target device groups have been configured, select the device group from the Target device group pull-down menu. NOTE: For how to add a target device group, see To configure device groups: on page 83. 7. Select the target device type from the Type pull-down menu. 8.
Chapter 5: Using the Web Manager 8. 9. 67 If you selected any PPP/PPTP option other than None, perform the following steps: a. Enter a password in the PPP/PPTP password field. b. Retype the password in the Retype password field. Click Save and apply changes. 10. Click Next to go to the Confirm Changes screen. 11. Click Next to save all changes made in the Wizard and to return to the Web Manager.
68 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide Upgrading IPDU Software Upgrading IPDU software is a two-stage process requiring the following two actions: • An updated version of the IPDU software must be downloaded to the SP manager’s /tmp directory. • The administrative user must select the Software Upgrade tab under the Access - IPDU menu option and configure the upgrade.
Chapter 5: Using the Web Manager 6. 69 Change directories to the directory with the highest (latest) version number. ftp> cd V_1.9.0 7. Use the get command to get the binary file (for example: PM_190.BIN) and enter pmfirmware as the destination filename. ftp> get (remote-file) PM_190.BIN (local-file) pmfirmware 8. After the download completes, end the ftp connection and verify the presence of the pmfirmware file in the /tmp directory. ftp> bye [admin@MergePoint5224 tmp] $ ls ... pmfirmware 9.
70 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide To configure the AUX port for IPDU power management: This procedure assumes that a Cyclades PM IPDU is connected to the AUX port. 1. Select the Settings - AUX Port menu option. 2. Make sure the Power Management option is selected from the Profile menu. 3. (Optional) Enter a name for the connected IPDU in the Name field. 4. Click Save and apply changes. 5. Go to Configuring IPDU Power Management on page 70.
Chapter 5: Using the Web Manager 71 Configuring Over Current Protection for an IPDU When an administrative user selects the Settings - IPDU - General tab, a screen appears for setting overcurrent protection, so that if an overcurrent state occurs, an alarm notification is sent by means of a syslog message to the console or a buzzer or both. Cyclades PM IPDUs that are directly connected to the AUX port are called Master Units; daisy-chained IPDUs are called Slave Units.
72 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide 3. Enter one or more comma-separated usernames in the Username field. 4. Enter one or more comma-separated outlets to manage in the Outlets field. 5. Click OK. 6. Click Save and apply changes.
Chapter 5: Using the Web Manager 73 6. Select the desired the card type to configure from the pull-down menu.The card configuration dialog appears. 7. Perform the configuration for the type of card selected. The following procedures assume that a PC card of the selected card type is inserted into a slot on the SP manager and that the steps under To begin configuring a PC card: are complete. NOTE: Configuration of OTP authentication through the Web Manager is only supported for modem or GSM cards.
74 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide 3. To define basic network parameters that enable the use of a static IP address, perform the following steps: a. Enter an IP address in the IP Address field. b. Enter a netmask in the Network Mask field. c. Enter the IP address for a gateway host or enter none in the Gateway field. 4. Click OK. 5. Click Save and apply changes. To configure a wireless LAN PC card: 1.
Chapter 5: Using the Web Manager 2. Select a timezone from the Timezone pull-down menu. 3. To enable the SP manager to get its time from an NTP server, perform the following steps: 4. a. Select Enable from the Network Time Protocol pull-down menu. b. Enter the IP address of the NTP server in the NTP server IP field. 75 To manually define the date and time, perform the following steps: a. Enter the month, day and year in the Month, Day and Year fields. b.
76 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide • Image1:image_filename • Image2:image_filename The word image is followed by the number, followed by a colon (:), followed by the name of the file, including the version number. The menu item has the following format: image1:zvmppconb.vversion_number The entry for the first release of the software, which is installed in the image1 area, is: image1:zvmppconb.
Chapter 5: Using the Web Manager 77 Table 5.1: Boot Configuration Fields and Options Field or Value Name Description Console speed An alternative console speed from 1200 to 115200.
78 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide To configure a recipient for system email: 1. Select the Settings - Outbound email menu option. The Outbound email configuration screen appears. 2. Enter the email address in the System email forwarding address field. 3. Enter the DNS name or the IP address for the SMTP server. 4. Click Save and apply changes.
Chapter 5: Using the Web Manager 79 The software opens the index.html file, which contains links to the help files for the installer and administrator and the user. 6. Click Save and apply changes. Configuring Target Devices By selecting the Config - Target Devices menu option, the administrative user can configure target devices connected to the SP manager and configure data buffering. Target devices are defined using the values described in Table 4.15 on page 47.
80 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide To add a target device: 1. Select the Config - Target devices menu option. 2. Click the Add new target device button. 3. Enter a descriptive name for a service processor or other type of target device in the Name field. 4. Enter the username and password pair used for logging into the device in the Login and Password fields and retype the password to verify. 5.
Chapter 5: Using the Web Manager 81 CAUTION: For SSH tunneling between the SP manager and a target device to work, the SP manager’s authentication method must match the authentication method assigned to the target device. If the Configure target device templates button is clicked, a MindTerm session starts on the SP manager console, and it brings up the sptemplate utility. See To use the sptemplate utility to create a new template: on page 178.
82 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide d. Check the checkbox next to each device management action you wish to authorize the user to be able to perform on the selected target device. e. Click OK. The Edit username’s device access privileges screen appears. 4. Click OK. 5. Click Save and apply changes. To modify a user’s account: 1. Select the Config - Users and groups menu option. 2.
Chapter 5: Using the Web Manager c. 83 Enter one or more members in the Members field. Separate usernames with commas and no spaces. d. 3. Click OK. The Edit device access privileges screen appears. Assign device access to a group by performing the following steps. a. Click the Device Access button on the line with the group name. b. Click the Add new device button. The Adding access to a new device for screen appears. c.
84 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide When the administrative user configures an authentication server on this page, the server is available to perform authentication checking for logins to the following: • Any target devices that are configured to use that authentication method. See Configuring Target Devices on page 79 for how devices are assigned an authentication method.
Chapter 5: Using the Web Manager 85 NOTE: Kerberos authentication depends on time synchronization. Time and date synchronization is most easily achieved by setting both the SP manager and the Kerberos server to use the same NTP server. a. Follow the procedure under Configuring System Date and Time on page 74 to set the timezone, date and time. b. Work with the authentication server’s administrator to synchronize the time and date between the SP manager and the server. 3.
86 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide • An account for admin or other administrative user. • If LDAP authentication is specified for the SP manager, accounts for all users who need to log into the SP manager. • If LDAP authentication is specified for devices, accounts for users who need access to the target devices.
Chapter 5: Using the Web Manager • 87 If NIS authentication is specified for devices, accounts for users who need access to the target devices To configure a NIS authentication server: 1. Select the Config - Authentication menu option. 2. Select NIS from the Authentication Type pull-down menu. The NIS fields display. 3. Enter the NIS domain name in the NIS Domain Name field. 4. Enter the IP address of the NIS server in the NIS Server IP field. 5. Click Save and apply changes.
88 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide 2. Select Radius from the Authentication Type pull-down menu. 3. Enter the IP address of the first or only authentication server in the First Authentication Server field. 4. Enter the IP address of a second authentication server (if available) in the Second Authentication Server field. 5. Enter the secret in the Secret field. 6. Enter one or more time-out values in the Timeout field. 7.
Chapter 5: Using the Web Manager 89 Configuring a TACACS+ authentication server By selecting the Config - Authentication menu option and selecting TACACS+ from the Authentication Type pull-down menu, the administrative user can configure a TACACS+ authentication server. Configure a TACACS+ authentication server when the SP manager or any of the target devices is to use the TACACS+ authentication method or any of its variations (Local/ TACACS+, TACACS+/Local or TACACS+ Down/Local).
90 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide 10. Enter a number of retries in the Retries field. 11. Click Save and apply changes. Configuring an Authentication Method for the MergePoint 5224/ 5240 SP Manager By selecting the Config - Unit Authentication menu option, the administrative user can configure the authentication method that applies when anyone attempts to log into the MergePoint 5224/5240 SP manager.
Chapter 5: Using the Web Manager 91 Configuring SNMP trap notifications If the Simple Network Management Protocol (SNMP) service is enabled on the SP manager, the administrative user can use the SNMP Trap Add dialog to send notifications about significant events to an SNMP management application, such as HP Openview, Novell NMS, IBM NetView or Sun Net Manager.
92 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide Configuring pager notifications The administrative user can use the Pager Add dialog to configure an alarm trigger and a pager notification to be sent if the specified alarm trigger occurs. For pager notifications, the administrative user must configure the values in Table 5.3, in addition to the values in Table 5.2 on page 90. Table 5.
Chapter 5: Using the Web Manager 93 Configuring email notifications The administrative user can use the Email Add dialog to configure an alarm trigger and an email notification to be sent if the specified alarm trigger occurs. For email notifications, the administrative user must configure the values in Table 5.4 in addition to the values in Table 5.2 on page 90. Table 5.
94 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide 3. Select a target device from the Device pull-down menu. 4. Specify the sensor to monitor in the Sensor field. 5. Select a condition to trigger the sensor alarm from the Condition pull-down menu. 6. When the condition selected in step 5 is inside or outside a range, specify the range in the Range fields. 7. Specify a polling interval and choose minutes or hours from the Interval pull-down menu. 8.
Chapter 5: Using the Web Manager 95 d. If Auth or Auth & Crypt are selected, enter the authentication password in the Auth password field. e. If Auth & Crypt is selected, select an encryption method from the Encryption pull-down menu. f. If Auth & Crypt is selected, enter the appropriate password for the encryption method in the Crypt pass field. g. Enter the IP address or DNS-resolvable name of the SNMP manager in the Server field. h. Enter any desired text in the Body field. 8. Click OK. 9.
96 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide Configuring an email sensor alarm action By selecting the Config - Sensor alarms menu option and selecting Email, the administrative user can configure email notifications. Table 5.6: Fields for Configuring Email Sensor Alarms Field or Menu Name Notes From: Identifies the sender, for example root@MergePoint5224. To: Designates who is to receive the email.
Chapter 5: Using the Web Manager 3. Accept or change the text in the Contact field. 4. Accept or change the location in the Location field. 5. Click OK. 6. Click Save and apply changes. 97 To begin configuring SNMP for a device: 1. Log into the Web Manager as an administrative user. 2. Select the Config - SNMP menu option and the Access tab. 3. Click the Configure button next to the name of the device to configure. The Target Device Device SNMP settings window appears.
98 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide 3. Select a version from the SNMP version pull-down menu. 4. If the v3 version is selected in step 3, go to To configure users with SNMP v3: on page 98. If either the v1 or v2c version is selected in step 3, perform the following steps: a. Enter a community name in the Community field. b. Select a Source radio button, either Default or Use IP. c. If Use IP is selected, enter a source IP address. d.
Chapter 5: Using the Web Manager 2. Select a read view and write view from the Auth menus under the Read view and Write view columns. 3. Select a read view and write view from the Auth & crypt menus under the Read view and Write view columns. 4. Click OK. 5. Click OK. 6. Click Save and apply changes. 99 To configure SNMP trap forwarding: 1. Select the Config - SNMP menu option. 2. Click the Add trap button under the Trap forward configuration heading. 3.
100 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide Configuring the Event Log Backend By selecting the Config - Event log backend menu option, the administrative user can configure event logging for connected service processors. To configure system event logging for connected SPs: 1. Select the Config - Event log backend menu option. The Event log backend profile screen appears. 2. Click the Edit button to edit event logging for a device.
Chapter 5: Using the Web Manager 101 4. If you select the Custom profile, make sure the checkboxes are checked next to services and features you want to be enabled and make sure the checkboxes are clear next to services and features you want to be disabled. 5. Click OK. The security profile confirmation screen appears. 6. Click Save and apply changes. To configure services: 1. Select the Config - Services menu option.
102 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide 2. Modify the name in the Host name field, if desired. 3. Enable or disable failover by selecting the desired option from the Failover pull-down menu. 4. Enable DHCP, if desired, by making sure the DHCP checkbox is checked. 5. If DHCP is not enabled, configure a static IP address for an Ethernet port by performing the following steps. a. Disable DHCP by making sure the DHCP checkbox is not checked. b.
Chapter 5: Using the Web Manager 2. Click the Add new rule button underneath the entry for the chain to which you wish to add a rule. 3. Configure one or more of the following filtering options, as desired. 103 a. Select a protocol from the Protocol pull-down menu. b. Specify a source IP and subnet mask in the form: hostIPaddress or networkIPaddress/NN. c. Specify a destination IP and subnet mask in the form: hostIPaddress or networkIPaddress/NN. d.
104 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide 3. Enter a hostname in the Name field. 4. (Optional) Enter an alias for the host. 5. Click OK. 6. Click Save and apply changes. Configuring Static Routes By selecting the Network - Static routes menu option, the administrative user can either manually add a static route or to edit or delete existing static routes. Table 5.
Chapter 5: Using the Web Manager 105 By selecting the Network - VPN connections menu option, the administrative user can perform the following tasks on the SP manager: • Configure one or more IPSec VP connections. • Configure a single PPTP VPN connection with a pool of IP addresses. Table 4.10 on page 37 describes the fields for configuring a PPTP profile. Specify a pool of addresses in the form 10.0.0.100-110. To configure IPSec VPN: 1. Select the Network - VPN connections menu option. 2.
106 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide 5. Make sure that users who are authorized for native IP are also authorized for PPTP connections. Configuring Private Subnets and Virtual Networks By selecting the Network - Private subnets menu option, the administrative user can configure private subnets and optional virtual (DNAT) networks, based on a predefined addressing scheme.
Chapter 5: Using the Web Manager 107 Viewing Status Information about Active Sessions By selecting the Info - Active Sessions menu option, the administrative user can view the status of active sessions. Viewing System Information By selecting the Info - System information menu option, the administrative user can view information about the system (such as kernel version, date and up time) and about the CPU.
108 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide Clicking the Load button overwrites the current state of the configuration files with the last backup copy that was made. To back up configuration files: 1. Select the Mgmt - Backup/restore menu option. 2. Click the Save button to back up the current state of the configuration files. 3. Click Save and apply changes. To restore backed-up configuration files: 1. Select the Mgmt - Backup/restore menu option. 2.
Chapter 5: Using the Web Manager 109 For more details about how images are stored in the SP manager and about configuration file backups, see Appendix D. Special considerations for upgrading the firmware from a network boot To upgrade using an image obtained from a network boot, boot the SP manager from a TFTP server before starting the upgrade procedure. Figure 5.5 shows the message that appears when the SP manager is running an image obtained from a network boot. Figure 5.
110 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide e. Enter the pathname of the software image file on the ftp server in the Image file field. 5. Click the Upgrade Now button. 6. When the download completes, select the Mgmt - Restart menu option and restart the SP manager. Restarting the MergePoint 5224/5240 SP Manager By selecting the Mgmt - Restart menu option, the administrative user can reboot (restart) the SP manager.
111 CHAPTER 6 Administration Tasks Not Performed in the Web Manager This section lists the configuration and maintenance tasks that are performed by an administrator (either the root user, the admin user, or a member of the admin group) either on the Linux command line, using the cli utility or in the U-Boot monitor mode. Configuring Storage of Buffered Data If data buffering is enabled, console output from managed devices is sent to the syslog daemon but is not stored.
112 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide To store buffered data in a single file: 1. Log into the appliance’s console as root. 2. Add the following entries to the syslog-ng.conf file. The example entries configure data buffer storage in an NFS-mounted /mnt/nfs_server/log/ device.log file. source src_dev_log { unix-stream("/dev/log"); }; filter f_device { program("conserver");}; destination d_device { file("/mnt/nfs_server/log/device.
Chapter 6: Administration Tasks Not Performed in the Web Manager 113 'LOGDIR=/mnt/pc_compact_flash_card/log' 6. Remove the following line. llset('conserver', "server/$server/logfile", "/dev/null"), 7. Ensure the following line is still present or enter it in place of the deleted line above: llset('conserver', "server/$server/logfile", "$server.log"), NOTE: This example configuration stores the buffered data in separate files according to each device’s alias.
114 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide Figure 6.1: MindTerm Basic Tunnels Setup Dialog Box Specifying the Location for the OTP Databases As configured on the SP manager, OTP expects its user databases to reside in /mnt/opie/etc. The SP manager’s resident Flash memory does not provide a directory for the OTP databases. Administrator must mount a device on /mnt/opie. You may use a compact Flash PC card or an NFS-mounted directory.
Chapter 6: Administration Tasks Not Performed in the Web Manager 115 To configure a NFS-mounted directory for OTP database storage: 1. Make sure a directory (for example /home/opie), has been created on the NFS server and is shared (exported) via NFS. 2. Log into the console as root. 3. Enable the RPC service using the cli utility. [root@MergePoint5224 /]# cli -CF set service rpc enable yes 4. Mount the directory from the NFS server. The following screen example uses nfs_server.avocent.
116 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide 1. Change to the /etc/pam.d directory. [root@MergePoint5224 /]# cd /etc/pam.d 2. To specify OTP for logins to the console or through telnet, change the target of the symbolic link login to otp or otplocal. CAUTION: If OTP is chosen, users (even root) may be locked out if not configured properly.
Chapter 6: Administration Tasks Not Performed in the Web Manager • The opiepasswd command • The opiekey command to generate OTP passwords 117 The requirement for local logins through the console port is enforced for regular users because running the commands through a dial-in or other unsecure connection may expose the user passwords, pass phrases and OTP passwords. The root user can execute these commands without the -c option while logged in over ssh because ssh provides a secure path.
118 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide NOTE: Adding users through the Web Manager adds them as normal UNIX users and as spmanager users without requiring a separate step. cli> add spmanager user joe OK c. If you are using cli, commit the changes. cli> commit OK cli> exit [root@MergePoint5224 /]# 3. Enter the opiepasswd command to register the user.
Chapter 6: Administration Tasks Not Performed in the Web Manager 119 Replacing the Self-Signed Certificate With an SSL Certificate for HTTPS As described in HTTPS on the MergePoint 5224/5240 SP Manager on page 28, an administrator must replace the automatically generated self signed certificate with an SSL certificate from an official certificate authority.
120 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide [root@MergePoint5224 /] cat private.key-/etc/httpd/conf/ssl.key/ server.key 5. Copy the certificate into /etc/httpd/conf/ssl.crt/server.crt. The following screen example uses cert.crt as the name of the certificate file from the CA. Substitute the correct name for your file. [root@MergePoint5224 /] cat cert.cert-/etc/httpd/conf/ssl.crt/ server.crt NOTE: By default, the /etc/httpd/conf/ssl.key/server.
Chapter 6: Administration Tasks Not Performed in the Web Manager 121 option routers 192.168.0.10; option subnet-mask 255.255.255.0; option domain-name-servers 192.168.0.11; option domain-name “cyclades.com.au”; host MySP { hardware ethernet 00:e0:4c:ec:12:26; fixed-address 192.168.0.211; } # 5. ############################################## Configure a hostname and fixed address for each device by performing the following steps. a.
122 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide # if it's hup term will be used to stop the daemon # daemon command line parameters DPARM="-q priv0" DSTOP= 9. Change the definition ENABLE=NO to ENABLE=YES. ENABLE=YES # Must be "NO" or "YES"(uppercase) 10. Save and quit the file. 11. Save the configuration file changes by entering the saveconf command. 12. Start dhcpd by either restarting the SP manager or restarting dhcpd.
Chapter 6: Administration Tasks Not Performed in the Web Manager 123 The following example sets the access type of modem PC card modem0 to ppp. cli> set cards modem0 autoppp OK 5. Set or accept the default speed. The default speed is 9600. The following example sets the external modem speed to 4800. cli> set auxport modem speed 4800 OK The following example sets the speed of modem PC card modem0 to 4800. cli> set cards modem0 speed 4800 OK 6. Set or accept the default flow control (data-flow).
124 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide a. Enable authentication as a requirement for PPP connections, if desired, by using the auth parameter followed by yes. The following example enables authentication for an external modem. cli> set auxport modem ppp auth yes OK The following example enables authentication for modem PC card modem0. cli> set cards modem0 ppp auth yes OK b. Accept the default local IP address or set another by using the iplocal parameter.
Chapter 6: Administration Tasks Not Performed in the Web Manager 125 The following example sets the MTU to 1200 for modem PC card modem0. cli> set cards modem0 ppp mtu 1200 OK 10. Accept the default maximum receive unit or set another value by using the mru parameter. The following example sets the MRU to 1200 for an external modem. cli> set auxport modem ppp mru 1200 OK The following example sets the MRU to 1200 for modem PC card modem0. cli> set cards modem0 ppp mru 1200 OK 11.
126 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide Configuring the Users’ Console Login Menu Regular users are configured with /usr/bin/rmenush as their default login shell. All users with rmenush as their login shell see the same menu whenever they log into the console. The SP manager administrator can configure the rmenush menu to display other options including links to additional submenus or commands by modifying the /etc/menu.ini file.
Chapter 6: Administration Tasks Not Performed in the Web Manager 127 The following example shows a new menu option with a command defined along with a link to a new subnet identified with the newsubmenu keyword. [main] Access_Servers = /bin/spshell Change_Password = /usr/bin/passwd New_Menu_Option = command_pathname_and_options New_Submenu = newsubmenu b. Add a definition for a submenu using the defined keyword.
128 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide 6. Add a network route, if desired, by entering the network address after the add network st_routes command in the form 1.2.3.4/24. cli> add network st_routes networkIP/24 OK 7. For both host and network routes, use the set network st_routes command to assign the route to an interface or to a gateway and optionally assign it a metric, by performing the following steps. a.
Chapter 6: Administration Tasks Not Performed in the Web Manager 129 When changes made by the administrator using the cli utility are not saved (committed) and the administrator enters the quit command, the utility displays the prompts shown in the following screen example. cli> quit You have made changes but haven't committed them yet. To commit the changes, use the "commit" command. To revert all changes and quit without committing, use "quit!". To save configuration changes: 1.
130 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide 2. If you are logged into the console as root, enter the restoreconf command. [[root@MergePoint5224 /root]# restoreconf Restoring Factory Default Configuration Files A root user can restore the factory default configuration files from the factory_default_files.
Chapter 6: Administration Tasks Not Performed in the Web Manager 131 Changing Web Manager Time-outs The root user can log into the console as root and manually specify a time-out value for Web Manager sessions. The expiration of a Web Manager session after a period of inactivity may be configured using the cli utility along with either or both of two time-out-related parameters that have different effects. Their values can be set to any number of seconds up to 2e31. Table 6.
132 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide 3. If desired, set the browser_timeout value. cli> set web browser_timeout 4. If desired, set the session_timeout value. cli> set web session_timeout 5. Save the changes. cli> commit 6. Exit from the cli utility. cli> quit Changing the Sort Order of Device Listings The names of devices are listed in the Web Manager and by spshell in the order in which they were configured.
Chapter 6: Administration Tasks Not Performed in the Web Manager 133 Configuring Groups for Use with Authentication Servers This information applies when an authentication method that relies on an authentication server is configured either for the SP manager or for a target device. If the administrator of an authentication server configures users as members of groups as described in this section, the users do not need to have accounts configured on the SP manager.
134 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide 9. Click OK in the Add/Remove Snap-in... window. To configure Active Directory schema: 1. In the server’s console window, double-click Active Directory Schema. The paths Classes and Attributes appear. 2. Double-click Attributes and confirm that the info attribute is present. 3. Double-click Classes, locate the class Users and right-click to select Properties. 4. Select the Attributes tab and click Add. 5.
Chapter 6: Administration Tasks Not Performed in the Web Manager 135 To configure groups using the info attribute on an LDAP authentication server: 1. On the server, add the info attribute into the objectclass posixAccount in the /etc/ldap/schema/ nis.schema file. objectclass (1.3.6.1.1.2.
136 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide SYNTAX 1.3.6.1.4.1.1466.115.121.1.12) # Standard object classes from RFC2256 # RFC 2377 objectclass ( 1.3.6.1.1.3.1 NAME 'uidObject' DESC 'RFC2377: uid object' SUP top AUXILIARY MUST ( uid $ memberof) ) 2. On the server, configure the group(s) assigned to each user with one entry for each group, either in a user definition file in the /etc/openldap directory, as shown in the following example, or on the command line.
Chapter 6: Administration Tasks Not Performed in the Web Manager 137 where: auth1: The first RADIUS authentication server. acct1: The first RADIUS accounting server. server: The RADIUS server address. port: Optional. The default port name is radius and is looked up through /etc/services. secret: The shared password required for communication between the SP manager and the RADIUS server. retries: The number of times each RADIUS server is tried before another is contacted.
138 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide # For proper security, this file SHOULD have permissions 0600, # that is readable by root, and NO ONE else. If anyone other than # root can read this file, then they can spoof responses from the server! # # There are 3 fields per line in this file. There may be multiple # lines. Blank lines or lines beginning with '#' are treated as # comments, and are ignored.
Chapter 6: Administration Tasks Not Performed in the Web Manager 139 The following screen example shows entries that define the RADIUS authentication server and the accounting server to be the same server with the same IP address, sets the secret to cyclades, the time-out to 5 seconds and the number of retries to 5. auth1 172.20.0.2 cyclades 5 5 acct1 172.20.0.2 cyclades 5 5 NOTE: Always configure both parameters auth1 and acct1. 10. Save and quit the file.
140 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide NOTE: These additions can be made through a GUI. The example shows the configuration if a GUI is not available. ########################################################### # Group Definitions ########################################################### group = group_name { ... } 2.
Chapter 6: Administration Tasks Not Performed in the Web Manager 141 • timeout: The time-out (in seconds) for a TACACS+ authentication query to be answered. • retries: Defines the number of times a TACACS+ server is tried before another is contacted. The first server authhost1 is tried for the specified number of times, before the second authhost2, if configured, is contacted and tried for the specified number of times.
142 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide
143 CHAPTER 7 Using the cli Utility cli Utility Overview An administrator can configure the SP manager using the cli utility. Only one administrator can be logged into the SP manager at a time. While in the cli utility, an administrator can escape to the shell and when finished can return to the cli utility.
144 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide When invoked without commands, cli enters interactive mode; see Interactive mode. When the cli utility is invoked with the -f option or is invoked from a script, the commands are executed in batch mode from the specified file or script. Interactive mode Entered by invoking cli on the command line.
Chapter 7: Using the cli Utility 145 Table 7.1: cli Utility Options Option Description -- Signals the end of options and start of cli commands. If any are specified, cli goes into command line or batch mode. cli Parameters and Arguments The CLI configuration options are organized in a hierarchy called a parameter tree. You can use the get, show and list commands to show parameters. You can also use the get command to show the values of individual parameters at the end of a branch.
146 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide You can use autocompletion with the set command to find out the accepted values. cli> set network interface failover set to yes or no. Enables or disables the interface bond0. cli> Entering values with parameters Enter values that contain spaces within double quotes (“).
Chapter 7: Using the cli Utility 147 Example cli shell script Start the script by entering #!/usr/bin/cli with the -CF options. #!/usr/bin/cli -CF set network interface failover yes You could then make the script executable and execute it on the command line, as shown in the following example. [root@MergePoint5224 /]# chmod 777 scriptname1 [root@MergePoint5224 /]# .
148 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide Example plain text file You can put one or more commands in a plain text file without invoking any shell as shown in the following screen example. set network interface failover yes And then you can invoke the cli command with the -f option to execute the command(s) from the file, as shown in the following example.
Chapter 7: Using the cli Utility 149 Examples cli> s set shell show cli> se cli> set n network notifications ntp cli> set ne cli> set network hostname hosts interface resolv smtp st_routes cli> set network i cli> set network interface eth0 active address broadcast gateway method mtu netmask cli> set network interface eth0 ac cli> set network interface eth0 active enable or disable eth0 with yes or no cli> set network interface eth0 active <
150 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide The add command is used instead of set when multiple parameters of the same type can exist. For example, add network hosts IP address makes an entry for a host with the specified IP address in the hosts list. In that case, add is used because multiple hosts can exist. In contrast, the set command (as in: set network interface eth0 ) is used to specify the IP address for the eth0 Ethernet interface.
Chapter 7: Using the cli Utility 151 Parameters that can be added The following table shows the parameters that can be added using the add command. Table 7.3 on page 158 shows additional parameters and values that must be set for each parameter after the parameter is added.
152 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide Table 7.2: Parameters That Work With the cli add Command (Continued) Parameter Level 1 Parameter Level 2 What It Configures [Syntax] snmpd rwcommunity | rocommunity Adds a read-write community [rwcommunity] or a read-only community [rwcommunity]. {add snmpd ] rwuser | rouser Adds a read-write user [rwuser] or a read-only user [rouser].
Chapter 7: Using the cli Utility 153 Synopsis cd [parameter(s)] Examples cli> cd network network> get hostname dingo network> set hostname kookaburra OK network> cd interface eth0 network interface eth0> set active netmask address alias broadcast gateway method mtu ip address for interface eth0 netmask for interface eth0 network interface eth0> set address 192.168.160.10 netmask \ 255.255.255.0 OK network interface eth0> cd .. network interface> cd eth1 network interface eth1> set address 192.168.
154 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide Synopsis delete parameter(s) Some parameters cannot be deleted. Parameters that can be added can be deleted. Examples cli> get network hosts 192.168.160.11 network hosts 192.168.160.11 name fruitbat alias fbat cli> delete network hosts 192.168.160.11 OK cli> set network hosts 192.168.160.11 name: fruitbat ERR result=5 No such file or directory cli> get network hosts 192.168.160.
Chapter 7: Using the cli Utility 155 If the system assigns default values, default values are shown next to the automatically added parameter name, as in the following example, which was entered on the SP manager before any configuration has been done. cli> get network interface eth0 network interface eth0 active: yes network interface eth0 method: dhcp network interface eth0 address: 192.168.160.10 ...
156 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide To commit the changes, use the “commit” command. To revert all changes and quit without committing, use “quit!”. cli> commit cli> quit quit! Quit the cli utility, discarding any uncommitted changes. rename Rename a parameter. Depending on the parameter, this may result in a whole subtree of parameters being moved.
Chapter 7: Using the cli Utility 157 cli> get network hostname dingo set Set the value(s) of the last parameter. When multiple parameters are specified in one command, either all are set successfully or none of the values are changed. The set command is used to set an existing value, in contrast to add command which is used to add something to the parameter tree.
158 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide Synopsis version Examples cli> version MergePoint5224 CLI 2.0 (2005-06-16T13:47+1000) Summary of How to Configure the Top Level Parameters This section provides a brief overview of how to configure the top level parameters. Table 7.
Chapter 7: Using the cli Utility 159 Table 7.3: Setting Top Level cli Parameters (Continued) Parameter Command cards Use the set command to configure PC cards (set cards Tab Tab shows the cardtypes; set cards Tab Tab shows the configuration parameters to set). dhcpd Not supported.
160 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide Table 7.3: Setting Top Level cli Parameters (Continued) Parameter Command iptables [filter | nat] NOTE: By default, a set of chains is defined with hidden rules: For NAT, the predefined chains are: PREROUTING, POSTROUTING, OUTPUT. For filter, the predefined chains are: INPUT, OUTPUT, FORWARD. For background information, see Firewall/Packet Filtering on the MergePoint 5224/5240 SP Manager on page 53 and Table 4.
Chapter 7: Using the cli Utility 161 Table 7.3: Setting Top Level cli Parameters (Continued) Parameter Command network smtp Use the set command to configure email notifications to be sent to root (set network smtp Tab Tab lists the parameters to configure). network st_routes After using the add command to add a static route to the routing table, use the set command to configure the static route (set network st_routes Tab Tab shows the parameters to set).
162 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide Table 7.3: Setting Top Level cli Parameters (Continued) Parameter Command snmpd [access | com2sec | group | user | view] After using the add snmpd command to add access, com2sec, group, user and view, use the set snmpd command to configure the parameters (set snmpd Tab Tab shows the parameters to set).
Chapter 7: Using the cli Utility 163 Table 7.3: Setting Top Level cli Parameters (Continued) Parameter Command sshd protocol Use the set sshd protocol command to set the SSHD protocol version to either 1 or 2 or both (1,2 or 2,1). Default is 2,1.
164 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide Table 7.3: Setting Top Level cli Parameters (Continued) Parameter Command web help-prefix Use the set web help-prefix command to specify a user-accessible web server location where the help files have been downloaded), so the Web Manager can locate the help files when a user clicks the help button. The default help-prefix is http://www.cyclades.com/ online-help.
165 APP ENDICE S Appendices Appendix A: Troubleshooting Port Mapping Fails When Using DirectCommand This section describes some considerations that may apply if port mapping fails when a user attempts DirectCommand access to a target device. If DirectCommand is invoked by an unprivileged user (such as a regular user on a UNIX-based system), DirectCommand may not be able to open privileged TCP ports (numbered below 1024).
166 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide computer with a terminal emulation program connected to the console port. All procedures in this appendix assume a login by the root user. Login failure If no one can log into the SP manager, you can perform the following procedure to reset the root or admin user’s password.
Appendices 7. 167 Reconfigure authentication as desired. Web manager stops responding If the Web Manager stops responding you can perform the following procedure to restart the Apache web server. To restart the Web Manager: 1. Enter the http -k start command as shown in the following screen example. [root@MergePoint5224 root]# /usr/local/apache2/bin/httpd -k start 2. Enter the ps command with the -ef option and look for a line with apache, as shown in the following screen example.
168 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide Appendix B: Technical Specifications Table B.
Appendices 169 Appendix C: Target Device Configuration This appendix provides details about target device configuration requirements that are unique to the MergePoint 5224/5240 SP manager. During target device configuration, the administrator must assign parameters described in Table 4.16 on page 49 to each target device.
170 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide Defining families To create a new device family, the administrator can create a customized Expect script by copying, renaming and modifying one of the default Expect scripts. The administrator should set the file permissions to allow reading and execution by all users and writing by members of the admin group. The format of a custom Expect script’s file name should be: talk_customN.exp.
Appendices 171 servername The servername is the alias configured for the server or device on the SP manager, for example, rsa_us. The script retrieves service processor/device specific information, such as the IP address, from the entry for the specified service processor/device, using the llconf program. action The action specifies the action for the script to take. The actions are listed below. Not all service processor/device types implement all of the listed actions.
172 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide devconsole Enters a console (also known as Device Console) session on a server whose service processor supports console access to the server or enters a console session on a server or other device that supports device console access through its Ethernet port. NOTE: ssh must be invoked with the -t option when this mode is used. log_sensors Retrieves sensor data in a standard format.
Appendices 173 Command templates Table C.3 lists the default command templates and describes the types of target devices to which they apply. Table C.3: Default Command Templates Template Type of Target Device alom.default Sun ALOM type target devices devconsole.default Target devices that support access to their consoles. drac.default DRAC III/XT type target devices. ilo.default iLO type target devices. ipmi_2.0.default Not used. rsa.default Some RSA II type target devices. rsa.limited.
174 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide Using the sptemplate utility An administrator (root or an administrative user) can use the sptemplate utility to test the default command templates when configuring a target device and to create a customized command template if needed.
Appendices 175 Selecting View, Edit, Copy, Test or Rename from the Action menu brings up a menu of templates like the one shown in the following screen example. Please select template to view: drac.default -rsa.default ilo.default rsa.limited.default alom.default ipmi_2.0.default devconsole.default none Exit If Test is selected, after the administrator selects a template, a list of target devices that use the selected template appears, like the list shown in the following screen example.
176 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide After the administrator selects a template and a target device to test, a list of commands to test displays like the one shown in the following screen example. Select a test to perform: -Login and Native Command Interface Console Access Power On Power Status Power Cycle Reset Power Off System Event Log Clear Event Log Retrieve Sensors Test All Exit Not all listed commands are supported on every type of target device.
Appendices 177 enter the same username/password pair that was entered to access the SP manager (root/ root_password.) to perform the test. Each set of commands may be tested in any order after the login test is performed. Errors are generated if a command is entered out of logical order; for example, if the Reset command is issued for a server that is not powered on. After any test you can return to the editor to make changes.
178 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide You cannot change templates whose name ends with the .default suffix. sptemplate warns about this restriction if you try to edit or rename these templates, and it requests confirmation before allowing you to create a new template with a .default suffix through the New, Rename or Copy functions. To find out if an existing command template works with a new target device: 1.
Appendices a. 179 Modify the prompts and commands as needed, using the syntax supported on the target device. Sensors may not be supported. If any command is not supported, leave it commented out in the template. CAUTION: You must specify the escape sequence used by the device’s console. It is captured by the SP manager and it is used to log the user out of the SP console whenever the user logs out of the device console, preventing unauthorized access to the SP console. 4. Save and quit the file. 5.
180 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide Address configuration for target devices Table C.4 lists related topics the administrator must understand when planning and implementing the private IP addresses and provides links to where they are documented. Table C.4: Tasks for Creating Addresses to Assign to Target Devices Task Where Described Private IP addresses must be defined by the creation of at least one private subnet.
Appendices 181 Table C.4: Tasks for Creating Addresses to Assign to Target Devices (Continued) Task Where Described Any user who needs native IP access to the SP manager must create a named VPN connection profile, then to create a VPN tunnel to the SP manager before enabling native IP. The requirements for creating the VPN tunnel and the IP addresses to use vary depending on whether IPSec or PPTP is being used.
182 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide Why define private subnets? At least one private subnet must be defined on the SP manager for the following purposes: • To define a private address for the SP manager and target devices to use when communicating.
Appendices 183 The administrator must define either an IP address or addresses for priv0 by defining private subnet(s). When multiple private subnets exist, their IP addresses are assigned to aliases of priv0, such as priv0:sub1 and priv0:sub2. Configuring a private subnet An administrator configures a private subnet by performing the following: • Defining a range of IP addresses which administrators can assign to target devices that are connected to the private ports.
184 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide Routing requirements for native IP access As documented in the MergePoint 5224/5240 Service Processor Manager User Guide, users who are authorized for native IP access need to create a IPSec or PPTP VPN connection before gaining native IP access.
Appendices 185 In Figure C.1, two devices are connected to the SP manager. The public Ethernet port has a public IP address of 203.1.2.3. The administrator plans to assign the following: • Two private IP addresses within the 192.168.49.0 network range to the devices on the SP manager’s private network: 192.168.49.60 and 192.168.49.61 • A third private IP address within the same range to the SP manager: 192.168.49.
186 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide Internet sp3 sp1 SP IP: 192.168.1.2 SP IP: 192.168.4.21 sp4 sp2 SP IP: 192.168.1.3 Appliance Side IP: 192.168.1.1 SP IP: 192.168.4.22 Appliance Side IP: 192.168.4.1 Primary Ethernet Port (eth0) IP: 203.1.2.3 Subnet Mask:255.255.255.0 MergePoint 5224/5240 SP Manager Private Subnet (sub1): 192.168.1.0 Subnet Mask 255.255.255.0 Private Subnet (sub2): 192.168.4.0 Subnet Mask 255.255.252.0 Figure C.
Appendices • 187 Subnet mask: 255.255.255.0 The above values define a range between 197.168.1.0 and 192.168.1.255 = 256 addresses, of which 254 are usable. • Private subnet sub2 • Appliance side IP address: 192.168.4.1 • Subnet mask: 255.255.252.0 The above values define a range between 197.168.4.0 and 192.168.7.255 = 1054 addresses, of which 1022 are usable.
188 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide IPSec VPN configuration for example 2 After the private subnets, target device and user account configuration in Two private subnets and user configuration for example 2 on page 186 is completed, a VPN connection must be created. This example shows the configuration steps that must be performed by the administrator and by a user on a remote workstation for enabling two IPSec VPN connections.
Appendices 189 The administrator can send a copy of the relevant portions of the ipsec.conf file after the changes are saved and applied in the Web Manager for the user to insert into the ipsec.conf file on the user’s workstation. The authorized user must perform the following to actions enable the IPSec client running on the user’s workstation to bring up the VPN tunnel to access the subnets where the target devices reside and then to access the native IP features on the target devices.
190 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide NOTE: The user can be configured for PPTP alone or for both PPP/PPTP. • The user’s workstation is running PPTP client software. • The user has the PPTP password if it is different from the password that authenticates the user for access to the SP manager. The authorized user must perform the following configuration: • Make sure the user’s workstation can exchange packets with the SP manager.
Appendices 191 Enabling native IP and accessing a target device’s native features using real IP addresses for example 2 After creating the VPN tunnel as described in IPSec VPN configuration for example 2 on page 188 or PPTP VPN configuration for example 2 on page 189, the user uses the appliance side IP address configured for the appropriate private subnet to access the SP manager and then enables native IP access to the desired target device.
192 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide • If the management application resides on the user's workstation, the user brings up the management application from the workstation. • If the management application resides on the SP, and is an executable that can be invoked on the command line, the user accesses the SP’s console first in one of the following two ways: • The user enters ssh with the spconsole command.
Appendices 193 Example 3: Virtual network with two private subnets and VPN configuration This example adds to the configuration of two private subnets with four target devices by configuring a virtual network, which has the following benefits: • It simplifies routing for PPTP VPN users.
194 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide Internet sp3 sp1 IP: 192.168.1.2 => Virtual IP 172.20.0.2 IP: 192.168.4.21 => Virtual IP 172.20.0.4 sp4 sp2 IP: 192.168.1.3 => Virtual IP 172.20.0.3 IP: 192.168.4.22 => Virtual IP 172.20.0.2 Primary Ethernet Port (eth0) IP: 203.1.2.3 Subnet Mask:255.255.255.0 Appliance Side IP: 192.168.4.1 Appliance Side IP: 192.168.1.1 MergePoint 5224/5240 SP Manager Private Subnet (sub1): 192.168.1.0 Subnet Mask 255.255.255.
Appendices • 195 The target device named sp4 with IP 192.168.4.22 does not work with virtual network (DNAT) addressing, so it cannot be contacted using a virtual IP address. Therefore, the administrator does not assign sp4 a virtual IP. To make it possible to assign the virtual addresses shown in Figure C.
196 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide If the SP manager’s administrator sends the relevant portions of the ipsec.conf file from the appliance’s IPSec configuration, use it to replace the same section in the workstation’s ipsec.conf file. • Bring up the IPSec VPN tunnel. For accessing sp1, sp2 or sp3, the user can use the connVirt connection profile. For accessing sp4, the user uses the connSub2 connection profile.
Appendices 197 Enabling native IP and accessing a target device’s native features using virtual network addresses for example 3 After creating the VPN tunnel as described in IPSec VPN configuration for example 3 on page 195 or PPTP VPN configuration for example 3 on page 196, the user enables native IP and accesses a target device’s native features.
198 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide • In the Web Manager on the SP manager, the user selects the Go to native web interface link on the Access Target Devices screen. • On the user’s workstation, the user enters the virtual IP address of the target device in a browser. • On the user’s workstation, the user enters the ssh command on the command line with the name/alias of the target device along with the virtual IP address of the SP manager.
Appendices 199 Configuration of a target device’s static IP address would be done using whatever means are available (such as an SP’s console port, the server’s firmware setup, or software running on the server). • If target devices are running DHCP client software, then the administrator can assign the desired fixed IP address to the target device’s MAC address in the dhcp.conf file, as described in Configuring the DHCP Server on page 120.
200 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide Appendix D: Advanced Boot and Backup Configuration Boot file location How the MergePoint 5224/5240 SP manager boots is introduced at a high level in Configuring Boot Characteristics on page 75 in the section on configuring boot in the Web Manager.
Appendices Image1 Image2 /dev/hda1 /dev/hda5 /dev/hda7 Kernel /dev/hda2 /dev/hda6 /dev/hda8 Kernel /dev/hda3 Configuration Files Backup 201 Root Filesystem Configuration Files Root Filesystem Configuration Files Figure D.1: Boot Partitions The previous figure also shows a configuration backup partition (/dev/hda3 in removable Flash). This partition is mounted as /mnt/hda3.
202 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide Changing the boot image If you want to change to another image from the current one, and if you have access to the Web Manager, you can use the Config - Boot Configuration screen to select the other image and then use the Restart button on the Mgmt - Restart screen to boot the SP manager from the new location.
Appendices 203 Changing the boot image in U-Boot monitor mode You can access U-Boot monitor mode in one of the following two ways: • During boot, when the Hit any key to stop autoboot prompt appears, pressing any key before the timer expires brings the SP manager to U-Boot monitor mode. • If boot fails, the SP manager automatically enters U-Boot monitor mode. The U-Boot hw_boot command boots from either the first or second image according to the value of the currentimage environment variable.
204 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide The single-user prompt appears, as shown in the following example. [root@(none) /]# U-Boot network boot options and caveats When a network boot is performed with the U-boot net_boot command, the SP manager boots from the specified image on the TFTP server. The image uses the RAM as the root file system.
Appendices 3. 205 Check that the environment variables are set properly with the printenv command. => printenv ipaddr=192.168.45.29 serverip=192.168.45.127 bootfile=fl2222222.bin 4. Enter the save command. => save 5. Enter the net_boot command. => net_boot 6. Log in as root after boot completes. 7. Unmount /dev/hda3. [root@MergePoint5224 /]# umount /dev/hda3 8. Run the create_cf command with the --doformat option.
206 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide Table D.1 provides more information about the create_cf command options, which you can view from the Linux command line by entering the name of the command. Table D.1: Options for the create_cf Command Option Description none Not recommended. Checks if a boot image is already on the target device.
Appendices 4. Enter the reboot command to restart the unit. [root@MergePoint5224 /]# reboot To save a boot image into the Image2 area and restore the factory default configuration: 1. Perform a network boot. 2. Unmount the resident removable Flash memory. 3. Enter the following create_cf command line to save the image from RAM and restore the factory default configuration. The example shows saving the image into the image2 area. [root@MergePoint5224 /]# create_cf --factory_default --image2 4.
208 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide Appendix E: Technical Support Our Technical Support staff is ready to assist you with any installation or operating issues you encounter with your Avocent product. If an issue should develop, follow the steps below for the fastest possible service. To resolve an issue: 1. Check the pertinent section of this manual to see if the issue can be resolved by following the procedures outlined. 2. Check our web site at www.
209 INDE X Index Numerics 1U device 1 alias hostname cli parameter example 150 A cli parameter, automatic deletion of 153 Active Directory schema, configuring 134 configuring for DHCP 121 adding rules for IP filtering chains 54 parameter, automatic creation of 150 addressing scheme for device using cli utility 160 introduction 46 addressing scheme for devices planning 63 administrative users target device 47, 113 configuring in cli utility 150 ALOM 48, 170 anonymous logins to Cyclades’ ftp serv
210 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide partition locations 201 authentication servers (Continued) problems, troubleshooting 205 NIS 87 RADIUS 87 replacing 167, 200 SMB 88 saving to compact Flash PC card 206 TACACS+ 89 troubleshooting problems with 167 authorized users 33 brackets, mounting 8 accessing devices through the SP manager 21 broadcast IP address 41, 102 and Expect scripts 169 browser 15 bypassing authorizations per custom security prof
Index Cautions (Continued) enabling data buffering 52 Kerberos time/date synchronization requirements 84 exit command 154, 155 network boot image 205 quit command 155 OTP 116 quit! command 156 private subnet requirements for devices 65, 79 rename command 156 risks from not changing administrator’s passwords 61 revert command 156 safety precautions 8 shielded cable requirements for compliance with FCC and CE requirements, 168 using snmpd without a VPN tunnel 30 when changing or deleting private
212 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide commands (Continued) console cli parameter 163 restoreconf 130 console port 12, 13, 14, 15 saveconf 129, 179 sptemplate utility LEDs 3 create_cf command 205 introduction 174 options 206 testing a template 179 using to replace a corrupted image 204 using to create a new template 178 when to use 173 using when troubleshooting 167 CRIT syslog severity level 38 ssh 36, 178 crond daemon 43 telnet 178 currentimag
Index dedicated Ethernet ports 45 compared to Native IP 33 default route 43, 62 troubleshooting 165 specifying 102 directcommand 38 when private subnets are not configured 64, 106 directcommand cli parameter 163 defaults configuration files 207 restoring 130 directcommand_only 48 DNAT 63 DNS data buffering, configuring 52 configuring in Web Manager 102 IP addresses name 12 using to access the Web Manager 15 do_create_cf_ext2 script 114 packet filtering chains 53 domain name 102 SP manager
214 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide /etc/mgetty.login.config file 115 /etc/pam.d/login file 115 /etc/pam.d/otp file 115 /etc/pam.d/otplocal file 115 F factory default configuration files how stored and restored 55 restoring /etc/pam.
Index Flash memory PC card 206 saving the boot image on 206 iLO device family 170 devices, default command template for 173 SP manager, unusable, recovering from 204 ilo.
216 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide logins IPSec authentication methods 22 anonymous to ftp.cyclades.
Index modems access type menu options 42 network interfaces configuring 101 external 41 a default route 43, 62 initialization string 42 Wizard 62, 65 introduction 41–42 network route 43 tasks for configuring 41 network services 27 types 4 NIS authentication server used for troubleshooting 165 mounting configuring 86, 87, 88, 89, 91, 92, 93 Notes brackets 8 /usr/sbin/ directory mounting 111 SP manager 9 accessing an SP’s console to find command syntax 178 MS-CHAPv2 34 217 MTU 41, 102 ad
218 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide using the default IP address 15 Notes (Continued) effects of selecting a default authentication type 26 virtual network addresses unsupported 192, 194 handling unsupported sensors in command templates 179 Web Manager support for OTP authentication.
Index P ping command 178 packet filtering introduction 53–55 planning device IP addresses 63 positive wire to DC power 11 on the SP manager 53 power cli parameter 163 overview 53 power cords 10 rules 54 power management pager notifications 44 commands 169, 178 partitions daisy-chaining Cyclades PM IPDUs 4, 19 checking partition size with create_cf 206 power on 169 rebuilding 206 power sources 11 reformatting with create_cf 205 power switches 10, 11 passwd command 14 passwords administra
220 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide PSK (preshared key) 34 public key SSL 119 SSL certificate request 119 public network 21, 39 web server, when Web Manager stops responding 167 restoration configuring for added files 130 tasks for configuration files 129 restoreconf command Q factory_default option 130 Quick Start Guide 8 options 207 restoring R backed up configuration files 55 rackmounting 8, 9 RADIUS authentication method factory default configu
Index S 221 alarms configuring 43, 44, 93 safety precautions 8 save and apply changes button 129 using the cli utility 129 Save button on the Mgmt-Backup/restore screen 129 events generating syslog messages 38 sensors cli parameter 163 servers authentication, configuring LDAP 86 NIS 87 saveconf command backing up configuration changes 129 RADIUS 87 run as prerequisite to restoring backed up configuration files 129 SMB 88 saving a newly configured template 179 saving configuration file changes proc
222 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide software subnets configuring in Wizard 63 downloading for IPSec VPN connections 35 Cyclades PM IPDUs 68 for the SP manager 108, 109 image switch 9, 10 syslog saving from RAM to Flash using create_cf 206 introduction 38–39 message filtering levels 38 upgrading message logging with 38 retaining configuration file changes 55 message notifications 44 spmanager cli parameter 163 servers 38, 39 spmanager user 25 S
Index network boots and 204 target devices (Continued) console access through dedicated Ethernet ports 45 network failure 165 default authentication method 26 Web Manager stops responding 167 understanding boot for 200 defining families 170 tunnel 33 management 21 type management actions 47 name 47 types 48 device 48 types of target devices 48 target devices groups, assigning to devices 48 U tasks U-Boot for basic configuration, Wizard 60 introduction 200 for configuring monitor mode 204
224 MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide VPN (Contineud) web server Apache 119 IPSec 122 replacing autogenerated SSL certificate in 119 PPTP 36 web server restart 119 W Windows WARNING syslog severity level 38 Active Directory server, configuring for group authorizations 133 Web Manager accessing for configuration 14 Administration Pack, installing 133 enabling access 12 and PPTP VPN connections 36 not displaying OTP authentication 116 support for
USA Notification Warning: Changes or modifications to this unit not expressly approved by the party responsible for compliance could void the user’s authority to operate the equipment. Note: This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment.
MergePoint™ 5224/5240 Installer and Administrator Guide For Technical Support: www.avocent.com/support Avocent Corporation 4991 Corporate Drive Huntsville, Alabama 35805-6201 USA Tel: +1 256 430 4000 Fax: +1 256 430 4031 Avocent Asia Pacific Singapore Branch Office 100 Tras Street, #15-01 Amara Corporate Tower Singapore 079027 Tel: +656 227 3773 Fax: +656 223 9155 Avocent International Ltd.