User’s Guide Digi CM 90000301-88_G
Digi International Inc. 2005. All rights reserved. Digi, Digi International, the Digi logo, Digi CM, the Making Device Networking Easy logo, Digi One, and RealPort are trademarks or registered trademarks of Digi International, Inc. in the United States and other countries worldwide. All other trademarks are the property of their respective owners. Microsoft Windows Server 2003 is a trademark of Microsoft Corporation.
Contents Chapter 1 Introduction Digi CM™ Model Support.....................................................................................13 Feature Overview .................................................................................................13 Feature Summary.................................................................................................13 User Groups .........................................................................................................
Adding a Wireless LAN Card................................................................................33 Adding a Serial Modem ........................................................................................34 Chapter 4 System Status and Port Logging Introduction...........................................................................................................37 System Status & Log............................................................................................
Configuring Port Event Handling ..........................................................................65 Config Alerts for Automatic Device Recognition (ADR)........................................67 Chapter 7 User Administration Administering Users .............................................................................................69 Required Privileges ...................................................................................... 69 Procedure .......................................
Virtual KVM Protocols ................................................................................ 101 Using Virtual KVM with Remote Desktop Protocol.............................................102 Configuring ................................................................................................. 102 Connecting to a system through Virtual KVM using Remote Desktop Protocol 104 Using Virtual KVM with VNC Protocol ................................................................105 Configuring ...
Configuring Port Clustering ................................................................................140 Assigning Master Clustering Mode ............................................................. 140 Configure Slaves to Join a Cluster ............................................................. 140 Advanced Clustering Configuration ............................................................ 141 Accessing the Cluster Ports .......................................................................
Network IP Filtering ............................................................................................167 Port IP Filtering...................................................................................................168 Sniff Sessions.....................................................................................................168 Viewing A Sniff Session ............................................................................. 169 Field Descriptions for Sniff Sessions ............
Environmental Considerations and Cautions ............................................. 194 Safety Instructions ...................................................................................... 194 Emissions ...........................................................................................................195 Immunity.............................................................................................................195 Solaris Ready .....................................................
Introduction Chapter 1 Introduction Digi CM™ Model Support This manual offers information on theDigi CM 8-port, 16-port, 32-port, and 48port models. Feature Overview With the Digi CM unit, administrators can securely monitor and control servers, routers, switches, and other network devices from anywhere on the corporate TCP/IP network, over the Internet, or through dial-up modem connections, even when the server is unavailable through the network.
Feature Summary Category Management Feature • • • • • • • • • Data Capture Port Access PC Card Support Command line WEB --HTTP/HTTPS SNMP Custom applications Port Triggers and Alerts Multi level menus Advanced Device Discover Protocol (ADDP) for locating the device on the network Integrated power management and control Automatic Device Recognition • • Local port logging External logging (syslog, NFS, secure NFS, PC card) • • • • • Telnet/SSH with custom menu Reverse Telnet/SSH HTTP/HTTPS Raw TCP
Introduction User Groups The Digi CM unit comes with 4 built-in user groups, pre-defined by roles or access levels. The following table lists the 4 user groups, their access rights, and default user names. The Digi CM unit supports access lists for user privileges. These lists can contain multiple users and port rights. If e.g. you have multiple people responsible for the Sun Servers in your company and you want to give them identical access rights you can create a "Sun-admin" access list.
Ways to Configure the Digi CM Web Interface The Digi CM web interface features HTTPS for secure access. The web interface provides an easy way to configure the Digi CM unit. The root user and system administrator can configure all features through the web. Port administrators can configure ports, including port clustering, but cannot modify system settings. No other users can use the web interface for configuration.
Introduction can access this menu. Command Line Interface The command line interface can be accessed from a Telnet or SSH session or from the console port. The root user always has access to this interface. The system administrator can be granted read-only permission as well. No other users can access the command line interface.
Web Interface Access Menu The P (Power) column allows you to control power of the attached devices, if a Remote Power Management unit is attached and you have appropriate rights. The M (Manage) column offers web based management for Windows Server 2003, Remote Power Management units or Rackable Systems Management Card. The “# of User” column shows how many users are actually connected to the port and the username of the read/write user.
Introduction The web interface can also be configured to call a local Telnet or SSH application, see "Configuring Host Mode" on page 54. Port Access Menu The Port Access Menu provides access to ports. It is accessible to all users through the web interface, Telnet and SSH sessions, and remote modem access. The information that follows shows you how to access this menu. Access Type Permissions Web interface Any user can use this method. Telnet/SSH Any user can use this method.
Direct Port Access Here is a screenshot of the Port access menu. Direct Port Access You can connect directly to a properly configured port through a Telnet or SSH session. Configuration requirements include setting the Host Mode to Console Server Mode and the Protocol to either Telnet or SSH. Ports, by default are set to Console Server Mode and Telnet.
Introduction Port Escape Menu Port escape is the ability to escape from a port without disconnecting. Port escape is available in main sessions as well as sniff sessions. Every connection method accommodates port escape. You configure the escape sequence per port. Follow the procedure to configure the port escape sequence. 1. Serial Port > Configuration > Select the port number or All. 2. Host mode configuration > Port escape sequence - enter a letter for the Port escape sequence. The default is z.
Port Escape Menu 4. Enter the letter of the port escape sequence. The following table describes the fields and the operations for the port escape feature. You will only see the fields allowed for your permissions.
Introduction Escape Sequence Ctrl+ x Note: Description of Action close current connection to port Occurrence closes the current connection By entering the port escape sequence twice, it is directly transmitted (once) to the connected device. If the escape sequence is entered twice within 1/2 second, the menu will not opened. SNMP An SNMP MIB to configure the Digi CM unit is available to be downloaded from support.digi.com.
Locator Light 3. Click Save & apply. For more details about Automatic Device Recognition please refer to 5chapter 4, Configuring Ports. Port 3 shows a real world example of a detected device. Automatic Device Recognition also monitors each of the configured serial ports. This allows you to receive an e-mail or SNMP trap if there is a change in the expected response from the device connected to the serial port. If the device goes down or is disconnected for any reason, you are notified.
Getting Started Getting Started Chapter 2 Introduction This chapter covers basic configuration topics. Included is information on assigning IP settings, enabling secure access with the web interface, accessing the unit through SSH, and adding or removing users. Note: Initial setup is described in the Quick Start Guide included with the product packaging. A copy of this document is also available online at http://cm.digi.com.
Assigning IP Settings from the Console Port 9. Enter the number to exit and apply changes. Changes are saved and applied immediately. There is no need to reboot.
Getting Started Configuring for SSH Accessing the Digi CM unit's command line via SSH is enabled by default (TCP port 22). Options The Port Access Menu and individual ports can be configured for SSH. The the Digi CM unit supports Blowfish and 3DES encryption methods for SSH. Configuring the Port Access Menu for SSH 1. Access the web interface. 2. Log in as root, admin, or a member of the port administration group. The default password for root is dbps, and the default password for admin is admin. 3.
Configuring for SSH 5. Click Save & apply. Configuring a Port for SSH 1. Access the web interface. 2. Log in as root, admin, or a member of the port administration group. The default password for root is dbps, and the default password for admin is admin. 3. Under Serial port > Configuration. 4. Select All or one individual port you want to configure for SSH. 5. Click Host mode configuration. 6. Specify SSH as the Protocol as shown in the following screenshot. 7. Click Save & apply.
Getting Started Adding, Editing, and Removing Users The root user and system administrator can add, remove, or edit users from the web interface. Procedure 1. Access the web interface. 2. Log in as root or admin. The default password for root is dbps, and the default password for admin is admin. 3. Under the System administration heading click Users administration. 4. Select Add, Edit, Remove or click the username to edit a user. • Add: Assign a user name, user group, password, and shell.
Adding, Editing, and Removing Users the Digi CM unit.
Installing and Configuring PC Cards Chapter 3 Installing and Configuring PC Cards Introduction This chapter includes information on adding and configuring PC cards for the Digi CM unit. PC card devices that can be added to the the Digi CM unit include a serial modem, compact-flash card, wireless LAN card, and a network LAN card. Compatible PC Cards All compact-flash cards work with the Digi CM unit, but not all serial modem, wireless LAN, or regular LAN cards do.
Adding a Network Card Always select the Stop card service button and Save & apply before removing the PC card. 4. Click Configure the detected card. The following fields appear on the configuration page. — ATA/IDE Fixed Disk Card configuration Total data size to be used - Enter the amount of memory you want to assign to the compact-flash card for configuration files. Delete all files in ATA/IDE Fixed Disk Card - Select the Delete button to clear the compact-flash card of all files.
Installing and Configuring PC Cards Note: The card is automatically discovered and a configuration menu is displayed. 4. Enter the appropriate parameters in the configuration menu. 5. Click Save & apply. Note: If DHCP is active the IP address will appear after the configuration is saved and applied. Adding a Wireless LAN Card To install and configure a wireless LAN card on the Digi CM unit, do the following. 1. Insert the card into the PC slot. 2. Access the web interface. 3.
Adding a Serial Modem for wireless LANs using encryption to protect data transfers. If you are unsure of the settings for the wireless card, see your network administrator. SSID - Set Service Identifier and is the name of the wireless LAN network Use WEP key - Enable or disable the WEP key WEP mode - Encrypted or unencrypted WEP key length - The options are 40 or 128 bits if the WEP key is enabled WEP key string - Refer to the wireless network administrator for the wireless encryption key string 6.
Installing and Configuring PC Cards 3. Click Configure the detected card. 4. Edit any appropriate parameters and Click Save & apply.
System Status and Port Logging System Status and Port Logging Chapter 4 Introduction The Digi CM unit provides four options for saving system and port logs: • A syslog server • An NFS server • A compact-flash card • The Digi CM unit’s memory When memory is selected as the storage location, log files are saved to volatile memory, meaning files are lost when the power is turned off.
Enabling Log Storage Location IP Information IP mode - Disable Method for setting IP address either Static, DHCP, PPPoE, or IP expiration - When the IP address will expire IP address - Actual IP address Subnet mask - Address of the Subnet mask Gateway - Address of the Gateway Receive/Transmit errors - Number of errors from receiving or transmitting Primary DNS - IP address of the primary DNS Secondary DNS - IP address of the secondary DNS Enabling Log Storage Location Enable NFS Server You can save log
System Status and Port Logging 3. Choose Enabled. 4. Enter the IP address of the primary and secondary (if applicable) NFS server and the mounting path of each. 5. Click Save & apply. Alert for NFS Server Disconnect You can also set up an email alert and/or an SNMP trap configuration for an NFS server disconnect. To configure this feature, use this procedure. 1. Farther down the NFS Configuration screen, at the Email alert configuration, select Enable. 2.
Enabling Log Storage Location Enable SYSLOG Server To enable the Digi CM unit for system or port logging on a syslog server: 1. Access the web interface. 2. Under the Network heading, click SYSLOG server configuration. 3. Choose Enable. 4. Enter the IP address of the primary and secondary (if applicable) syslog server, and select the syslog facility from the drop down menu. 5. Click Save & apply.
System Status and Port Logging Total Flash Card Size 64 128 256 Digi CM System Log Port Log (per port) 8 9.2 6.2M 16 9.2 3.1M 32 9.2 1.53M 48 9.2 1.02M 8 18.4 12.3M 16 18.4 6.2M 32 18.4 3.1M 48 18.4 2.0M 8 36.8 24.6M 16 36.8 12.3M 32 36.8 6.2M 48 36.8 4.1M Total Memory Used 58M 118M 236M Enable the Digi CM Unit’s Memory The Digi CM unit’s memory is already enabled for port logging and needs to be configured only for system or port logging.
Configuring System Logging 4. From the System log storage location, choose the location from the drop down menu. The choices are dependent on what you have enabled and/or installed. The Digi CM unit’s memory choice is always available.
System Status and Port Logging 6. Enter the contact email address. 7. Click Save & apply. Viewing System Logs The system logs can be viewed from the web interface on the System logging page or from the location where they have been saved. The following table lists the file locations of the system logs.
Configure Port Logging Show last 10 lines of a log upon connect -Show previous last 10 lines of log when connecting to this port Strip the ^M from SYSLOG -For logging to a SYSLOG server, strip out all ^M Automatic backup on mounting This parameter defines the action taken if a NGFS partition of a CF card is mounted or re-mounted. • Enable: rename the existing log file by adding a -xx with xx being a incrmented number. • Disable: keep writing to the existing log file.
System Status and Port Logging Port Logfile Log Storage File Location Digi memory /tmp/port#data Compact-flash card /mnt/flash/port#data Syslog server must be viewed from the syslog server NFS server /mnt/nfs/port#data To view the port logs on the NFS server for port number 5, enter the following command: more /mnt/nfs/port5data Partial logfiles can also be viewed on the web interface by going to Serial port > Configuration > select a port you want to view > Port logging.
Configuring Ports Chapter 5 Configuring Ports Introduction This chapter provides information on configuring serial ports. Key port configuration attributes include whether or not the port is enabled or disabled, the host mode, which defines a type of communication between the port and a remote host, the protocol, authentication, user access restrictions, and serial communication attributes. It also covers remote port support.
RealPort Support and allows applications to talk to devices across a network as though the devices were directly attached to the host. In actuality, the devices are connected to a Digi device server or terminal server somewhere on the network. RealPort is unique among COM port re-directors because it is the only implementation that allows multiple connections to multiple ports over a single TCP/IP connection. Other implementations require a separate TCP/IP connection for each serial port.
Configuring Ports Resetting Ports The Digi CM unit allows you to restart all processes associated with a port and to disconnect all sessions. To reset an individual port: 1. Click Serial port > Configuration > Port number. 2. Click Reset this port: Reset. Reset Individual Port Settings Individual ports can be reverted to factory defaults. 1. Click Serial port > Configuration > Port number. 2. Click Set this port as factory default: Set.
Configuring Automatic Device Recognition Automatic detection - Enable or disable automatic detection of devices Use detected port title - Enable if you want the Digi CM unit to automatically use the results of the detection mechanism to populate the port title. Disable if you want the default port title. If you choose Disable, you can still use the alarm feature. Port title - Manually entered or automatically populated title of the port.
Configuring Ports \x1b\x20test\x0D test \x1B\x20\x74\x65\x73\x74\x0d test Detected OS - Displays the result of the Active or Passive detection process. Device detection method - If Active is selected a probe string is periodically sent to the device and the response is analyzed. If Passive is selected, the port logging is parsed to determine the device name and the OS. Detection initiation - Active only if automatic detection is Enabled.
Host Mode Configuration Host Mode Configuration The Digi CM unit provides four modes of communication between serial devices and remote hosts. Console server, terminal server, dial-in modem, and dial-in terminal server. These are described in the following sections. Console Server Mode Configuring a serial port as a console server creates a TCP socket on the Digi CM unit that listens for a Telnet or SSH client connection.
Configuring Ports Terminal Server Mode In terminal server mode, the Digi CM unit’s serial port is configured to wait for data from the device connected to the port. If data is detected, the Digi CM unit starts a TCP session as a Telnet or SSH client to a pre-defined server. The server must be defined by you before the port can be configured for a Telnet or SSH client. This mode is used when you want to access servers on the network from a serial terminal.
Configuring Host Mode Dial-In Terminal Server Dial-in terminal server mode is a combination of the terminal server mode and the dial-in modem mode. In the dial-in terminal server mode, the Digi CM unit assumes the serial port is connected to an external modem and is waiting for a dial-in connection from a remote site. When you dial-in using terminal applications, the Digi CM unit accepts the connection as a Telnet or SSH client to a pre-defined server.
Configuring Ports Listening TCP port - This is the TCP port you will specify when connecting directly to the port using Telnet or SSH. Protocol - The options are SSH, RawTCP, and Telnet. Inactivity timeout - In seconds, the time set for inactivity to trigger an action. Setting the timeout to 0 (zero) means no timeout. Enable/Disable port escape sequence - Allows the port escape sequence to function. Port escape sequence - The key combination to initiate port escape.
Supported Protocols Supported Protocols In configuring a serial port, you have three protocol options. The three protocols available are: RawTCP, SSH, and Telnet. Choose SSH as the the Digi CM unit supports three protocol when logging in from an SSH client program to access a port. Choose protocol options: RawTCP when connecting directly to a TCP socket. Choose Telnet when SSH, Raw TCP, and Telnet. logging in from a Telnet client program and accessing the ports.
Configuring Ports in the buffer. The Digi CM unit transfers data when the buffer is full using the TCP/IP protocol. However, if it is not full, the Digi CM unit will also transfer data dependent on the timeout value selected. Specialty Use of Port -When Data is Processed in Chunks Some applications are written to process only chunks of data rather than continuous streams of data.
Remote Ports Enable/Disable delimiter --Allows deliminator to function. Delimiter - Define the sequence that should be received before forwarding the data to the application Delimiter option - with delimiters - sends the delimiter as part of the data to the application without delimiters - remove the delimiter before sending the data to the application Inter character time-out timeout - In msec (1-10000) If no delimiter is detected the data is delivered after this timeout has elapsed.
Configuring Ports Also use the port access menu or a custom menu to simplify navigation Web Access Click Serial ports > Connection > Port number. Remote ports are sorted below the physical serial ports as V1... Telnet Telnet to the IP and the port number (the specific port number is defined on the ’Host mode configuration’ page. telnet 143.191.3.9 7051 SSH to the port number SSH to the IP and the port number (the specific port number is defined on the ’Host mode configuration’ page).
Alerts and Notifications Alerts and Notifications Chapter 6 Introduction The Digi CM unit can be configured for system alerts and notifications. It sends email messages when the number of system log messages reaches a certain value or when an alarm message is detected in the serial port data. The Digi CM unit uses SMTP (Simple Mail Transfer Protocol) for sending the notifications. To use SMTP, the system administrator must configure a valid SMTP server for sending the emails.
Configuring SMTP Alerts Configuring SMTP Alerts Most SMTP servers check the sender’s email address with the host domain name to verify the address as authentic. Consequently, when assigning an email address for the device email address, any arbitrary username with the registered hostname may be used. An example is username@company.com. To configure the Digi CM unit for SMTP alerts, the following parameters are required: SMTP server - Use either the hostname or the IP address.
Alerts and Notifications Protocol TRAP Function Notifies a system administrator of a significant event Traps There are additional traps that can be set at the port level. The following table shows where the trap is under Serial port > Configuration on the web interface, trap name, configure options, and the trap functions. The MIBs for login traps can be found at http://ftp.digi.
Managing the SNMP Protocol EnableLinkUpTrap. - Determines whether the SNMP agent generates a trap each time the network connection comes up. EnableLoginTrap - Determines whether the SNMP agent generates a trap for each login. Note: Trap values override all other configuration information, meaning all other authentication failure traps can be disabled with this setting. 4.
Alerts and Notifications Configuring Port Event Handling Once an SMTP or SNMP server has been configured, it can be used to send port-related alerts and notifications. The following describes how to configure a port for port event handling. 1. Access the web interface. 2. Choose Serial port > Configuration. 3. Choose a port to configure and then Port logging. 4. Select Enable. 5. Choose Save & apply. 6. Choose Port event handling. The following page appears.
Configuring Port Event Handling 7. Select an action and enter the keyword for the port event handling. 8. Enable Email notification. Note: It is assumed that SMTP is configured first. If not, see "Configuring SMTP Alerts" on page 62. 9. Enter the title of the Email (subject line). 10. Enable or Disable Case sensitive. 11. Enter the Email recipient’s address. 12. Enable SNMP trap notification. 13. Enter the title of the trap. 14.
Alerts and Notifications Config Alerts for Automatic Device Recognition (ADR) Before configuring the alerts for Automatic Device Recognition, be sure you have configured the port for ADR as described in "Configuring Automatic Device Recognition" on page 49. 1. Access the web interface. 2. Under the Serial Port heading, Click Configuration. 3. Choose All or an Individual port > Alert Configuration. 4. Follow the Email Alert steps to configure the email alert or follow the SMTP Notification to configure SMTP.
Config Alerts for Automatic Device Recognition (ADR) 68 Chapter 6
User Administration User Administration Chapter 7 Administering Users Required Privileges Only root and admin can administer users. The root user has unlimited administration privileges. Admin can view and change all attributes except those that belong to the root user. There are several ways to manage users. A user can be added, edited, or removed. Multiple users can be managed in Groups or Access lists.
Administering Users To... Do the Following... Edit a user 1. Click on the username. 2. Fill in the attribute fields. See the table that follows for information on attribute fields. 3. Click Submit. Remove a user 1. Check the box that corresponds to the user you want to remove. 2. Click Remove. 3. Choose OK at the prompt. Create an Access list 1. Under System administration, click Access List. 2. Enter the name of the Access List and click Add. 3. Click on the access list name to add users 4.
User Administration After an access list has been added to the system, port rights can be associated with it. See chapter 8. User Fields Field Chapter 7 Description User name Name for the user, which must be between 3 and 29 characters and cannot include colons (:), less than or greater than signs (< >), ampersand (&), spaces, or quotation marks. The at sign @ and period . are acceptable. The username on the Digi CM unit is case sensitive. Select group Group to which the user is assigned.
Configuring Security and Authentication f Chapter 8 Configuring Security and Authentication Introduction The Digi CM unit provides four methods for controlling access to the network and the devices on the network: • Restricting or permitting IP filtering This method allows or prevents users with specific IP addresses from accessing devices or serial ports on the network. IP filtering can be permitted or restricted for all ports globally or per port.
Configuring Network IP Filtering The next scenario shows that access to the device connected to the Digi CM is allowed only on the .1 subnet. The device at 192.168.1.108 can access the device connected to the Digi CM because it is in the range allowed by the IP Filter rule. Filter IP: 192.168.1.0 Filter Mask: 255.255.255.0 192.168.1.108 192.168.5.10 serial 192.168.5.10 192.168.1.
Configuring Security and Authentication Option - Determines that the rule will be applied to the IP address/Mask specified or its inverse; that is, the rule will be applied to all except those specified. Normal: applied to the hosts that are included Invert: applied to the hosts that are excluded IP address/Mask - Specifies the host range by entering base host IP address followed by “/” and subnet mask.
Configuring Network IP Filtering Be aware that you must apply the changes to make them active. This screen shows five established IP rules. This table describes the rules. Rule Description #1 Defines SSH access to the Digi CM unit (port 22). • The Normal option specifies that the rule applies to all addresses listed. • The rule says to Accept traffic from these addresses for Port 22. #2 Defines Telnet access to the Digi CM unit (port23).
Configuring Security and Authentication Configuring User Access Control Another method for controlling access to the serial ports on the Digi CM unit is the User Access Control configuration. You can set up this configuration either globally (using the All Ports option) or per port. It is not necessary to have users added to the system to assign rights. However, for the permissions or restrictions to be enforced, the username must match exactly.
Configuring User Access Control • Adding a user to an established group (Access list) with preconfigured rights to a port. If you check <>, all users, whether they are configured locally or are using a remote authentication (such as LDAP or Kerberos), have access to this port. If you do not check <>, no users are allowed to access this port unless they are individually listed.
Configuring Security and Authentication Configure User Access Privileges To configure user access privileges: 1. Select Serial Port Configuration > All Ports (or Port #) 2. Click User access mode 3. Enter the users and their privileges, and click Add user. Restrict a User’s Privileges To restrict user access: 1. Under Port configuration > User access control 2. Enter privileges for <>. 3. Enter restricted user’s name (Here it is Jeff). 4. Enter the privileges this user has.
Configuring User Access Control Note: The usernames and passwords on the Digi CM unit are case-sensitive. Notice <> has access to Port, Monitor, and Power, while Jeff has access to only Monitor, with no Port or Power access. Change the Privileges of an Access List 1. On the same screen shown in the previous procedure, select an access list from the drop-down box. 2. Click the Add access button, and then click and the Save & apply button.
Configuring Security and Authentication Type of Users Access Types How to Permit or Restrict Only specific users have access "Permitted Users" Access type is unchecked for Everyone (meaning All other users) does not have access By listing specific users and checking the access types (Permitting them access) All users have access except for a few "Restricted Users" Everyone has access to everything by checking the access types.
Security Profile Sniff session display mode • • • server output - View all data to a serial port from a remote connection user input - View all data from a serial port to a remote connection both - See all data transmitted or received through a serial port Display data direction arrows • Enable/Disable - Displays arrows to indicate the direction of data to or from the server. When the second user accesses the port, the global "Port escape menu" is displayed. See "Port Escape Menu" on page 21.
Configuring Security and Authentication • • • • • • SSHv1 SSHv1 (Secure Shell Version 1). SSHv1 uses server and host keys to authenticate systems. This service is disabled by default. HTTP Enables/disables access to the Digi CM using the Web interface. By default, HTTP is redirected to HTTPS. HTTPS Enables/disables access to the Digi CM using the Web interface. This service is enabled by default.
Authentication Authentication The Digi CM unit supports multiple methods of user authentication, including local, TACACS+, RADIUS, RADIUS Down-Local, LDAP, Kerberos, and Custom PAM. The authentication protocol you use depends on your environment. 4. Access granted Server 1. Connection request 2. Query User ID PC 3.
Configuring Security and Authentication 4. From the drop-down menu, choose an authentication method. A configuration screen for the authentication method you choose is displayed. This figure displays the options for setting up a RADIUS server as the primary authentication server and Local authentication if the primary authentication method fails. Note: Remote authentication to Port access menu can be obtained from Serial port > Configuration > Port access Menu 5. Fill in the applicable fields. 6.
Configuring Authentication for the Web Server When your password is approved by the authentication server, the Digi CM unit uses the local permission rights to provide access privileges for you to ports and the configuration. LDAP Authentication The Digi CM unit supports authenticating against an LDAP-based database, including LDAP systems running on Linux servers as well as Microsoft Active Directory together with the LDAP gateway ADAM (Active Directory Application Mode).
Configuring Security and Authentication 5. To keep this file permanently copy it to /usr2 and add a line to /usr2/rc.user. Cp /usr2/custom /etc/pam.d/ Example of an rc.user file: #!/bin/bash # # rc.
Custom and Default Menus Custom and Default Menus Chapter 9 Introduction The Digi CM unit has several default menus for easy configuration and access by different users. Depending on access privileges, the menus available are the Web Interface, Configuration Menu, and Port Access Menu. A Custom Menu feature for creating menus is also available through the web interface.
Making Custom Menus 3. Enter the User name and User group from the drop down menu.Select Custom menu from the drop down menu for the Shell program. 4. Click Add to add the user. 5. Continue to add users as needed. Note: You do not need to Save to flash or Apply changes to add users. Creating Menu Names To make a custom menu, do the following: 1. Access the web interface. 2. Custom Menu > Configuration. 3. Enter the Menu Name to assign and click the Add Menu button. The menu is added. 4.
Custom and Default Menus Adding Menu Items Once you have defined a menu name and added users, you can then add menu items. To add menu items, do the following: 1. Custom Menu > Configuration > Menu Name hyperlink for the menu you want to configure. 2. Choose Menu Items > Add Item. The following screen appears. 3. Fill in the desired parameters. The parameters are: Key - Assign any letter or number except a value already used by another menu item. Label - Assign a label or name for the menu item.
Default Menu 4. Choose Apply. 5. Repeat this procedure to add more menu items. Note: To add or configure submenus, select the Submenus hyperlink on the Menu Configuration page. Assigning Users to a Menu Once a menu has been created, users can be assigned to the menu by doing the following: 1. Access the web interface. 2. Configuration > Custom Menu > Menu Users. A list of available users is displayed. 3. Choose a menu for a user by selecting a menu from the drop down Assigned Menu list. 4.
Custom and Default Menus There are multiple ways to access the PortAccess menu: • Assigned IP address (see "Configuring Host Mode" on page 54) • TCP/IP port 7000 • TCP/IP port 22 or 23 if the “Shell program” is set to “port access menu” for this specific user (see chapter "Administering Users" on page 69) • By calling “portaccessmenu” from the command line The PortAccess menu allows simple access to each port.
Microsoft SAC Support Microsoft SAC Support Chapter 10 About the Digi CM Unit’s Support for Microsoft Windows Server 2003 The Digi CM unit provides a browser-based user interface to Microsoft’s textbased Special Administration Console (SAC), an integral part of Windows Server 2003 Emergency Management Services (EMS). Both the English and Japanese versions of SAC are now supported.
Setup Overview Setup Overview Setup for the Digi CM unit SAC support is a three-step process: 1. Set up the Windows Server 2003 for SAC support. To do this, ensure that the COM port used for console traffic is properly set up. This includes designating a COM port for console communication and setting the port speed (baud) appropriately. For further information please refer to Setting Up the Windows Server 2003 Port below. 2. Cable the console port on the Windows Server 2003 to the Digi CM unit’s port.
Microsoft SAC Support 6. Set other fields as appropriate. 7. Click Save & apply. 8. Configure serial port communication settings, by doing the following: a. Choose Serial port parameters from the menu. b. Adjust settings as required. This includes ensuring that the Baud rate matches the setting on the Windows Server 2003 serial port and Flow control is set to None. Ignore the DTR behavior field. c. Click Save & apply.
Accessing the Windows Server 2003 Console Port from the Digi CM Unit’s GUI Accessing the Windows Server 2003 Console Port from the Digi CM Unit’s GUI To access the Windows Server 2003 console port, do the following: 1. Access the web interface. 2. Choose Serial port > Connection. A screen similar to the following appears. 3. Click on the title of the port to which the Windows Server 2003 console port is connected.
Microsoft SAC Support Field Chapter 10 Description Connect Connects to the SAC console port via the command line interface. Restart Reboots the Microsoft Server 2003. Shutdown Shuts down the Microsoft Server 2003. Caution! This switches off the server and you can no longer access it remotely. Performance Provides access to Microsoft Server 2003 status information. Process Provides access to the process list, which allows you to view and kill active processes.
Configuring Virtual KVM Configuring Virtual KVM Chapter 11 Introduction The Digi CM provides a method for gaining access to the graphical interface of a system using the network. Using this method, Virtual KVM, you specify a connection method and IP address to use to reach the system. Supported methods include: • Microsoft Remote Desktop Protocol • VNC • XManager for X Window System • A user-defined option An Example Configuration This diagram shows the Digi CM managing a Linux SuSE 9.
Using Virtual KVM with Remote Desktop Protocol The rest of this chapter describes how to set up Virtual KVM with each of the supported methods and connect to a system through Virtual KVM. Using Virtual KVM with Remote Desktop Protocol This section describes how to: • Configure Virtual KVM with Remote Desktop Protocol • Connect to a system through Virtual KVM using Remote Desktop Protocol Configuring To set up Virtual KVM with Remote Desktop protocol, follow this procedure: 1.
Configuring Virtual KVM A window similar to this one opens, showing the serial port number and title: 4. Click Virtual KVM configuration. This window opens: 5. From the drop-down list next to Virtual KVM configuration, select Enable. Then, from the Client program drop-down list, select Windows remote desktop connection. 6. If you are not using IP automatic detection, enter the IP address. 7. Click the Save & Apply button.
Using Virtual KVM with Remote Desktop Protocol Connecting to a system through Virtual KVM using Remote Desktop Protocol When you connect through the Connection window, and a Virtual KVM connection is configured, you now see: • The terminal monitor button, which connects to the raw ASCII SAC console • A mouse button (next to the monitor icon), which connects to the Virtual KVM graphical interface • The manage button, which connects to the SAC GUI screen To connect through Virtual KVM using Remote Desktop,
Configuring Virtual KVM The application starts and you see a message that the connection succeeded: This login screen opens: 3. Enter your user name and password, and then click OK. If the application does not start, check to make sure that the application is in the search path on your server. See "Installing Programs for Virtual KVM" on page 113.
Using Virtual KVM with VNC Protocol This window opens: 3. Double-click the port you want to configure. A window similar to this one opens, showing the serial port number and title: 4. Select the Virtual KVM tab.
Configuring Virtual KVM This window opens: 5. From the Virtual KVM connection drop-down list, select Enable. Then, from the Client program drop-down list, choose the VNC Client program. 6. Adjust the VNC socket/screen number, if necessary (the default is 1). 7. Click on the Save & Apply button.
Using Virtual KVM with VNC Protocol To connect through Virtual KVM using VNC: 1. Click on the mouse button. 2. Click OK in each of the three Java confirmation request windows. The applet first checks whether the optional Virtual KVM Assistant is installed on the system: • If the applet is installed, it starts Virtual KVM Assistant to manage the connection. • If the applet is not installed, the attempt to launch the Virtual KVM assistant fails, and the applet tries to launch the connection directly.
Configuring Virtual KVM Using Virtual KVM with X Window System Protocol and XManager Software This section describes how to: • Configure Virtual KVM with X Window System Protocol and XManager Software • Connect to a system through Virtual KVM with X Window System Protocol and XManager Software Configuring To set up Virtual KVM with X Window System Protocol and XManager Software, follow this procedure. 1. Access the Digi CM Web interface and log in. 2. Choose Serial Port > Configuration.
Using Virtual KVM with X Window System Protocol and XManager Software A window similar to this one opens, showing the serial port number and title: 4. Choose Virtual KVM configuration. This window opens: 5. From the Virtual KVM connection drop-down list, select Enable. Then, from the Client program drop-down list, choose the Xmanager program. 6. Click Save and Apply.
Configuring Virtual KVM To connect through Virtual KVM using X Window System Protocol and XManager Software: 1. Click on the mouse icon. 2. Click OK for each of the three Java requests in pop-up windows. The applet first checks to see if the optional Virtual KVM Assistant is installed on the system: • If the applet is installed, it starts Virtual KVM Assistant to manage the connection.
Virtual KVM Assistant The Virtual KVM VNC Connection comes up: 3. Enter your user name and password, and click OK. If the application does not start, check to make sure that the application is in the search path on your server. See "Installing Programs for Virtual KVM" on page 113. Virtual KVM Assistant Digi provides an optional tool, Virtual KVM Assistant, that can be loaded on a Windows or Linux system.
Configuring Virtual KVM Serial Console Console Log Power Control To switch between multiple connections, choose the item from the dropdown list. To view the console logs, connect to the serial console, or cycle the power, use the buttons on the dashboard. User Client PC platforms Supported • Windows XP/2000/NT • Linux Users need to download the program to use it. The Digi CM java applet automatically detects the program if it is present and in your path.
Installing Programs for Virtual KVM Desktop Client program is standard in major Linux distributions and is available as an open source package that can be installed if it’s not already present. Make sure the Remote Desktop Client is in your user path on your Linux/Unix server. Usage Notes You can perform applications management and most diagnostics from the standard Remote Desktop connection.
Configuring Virtual KVM Linux: vncviewer from the VNC client software package for your distribution. Make sure that vncviewer is installed into a folder in your standard Windows or Linux/Unix path. On Windows systems, as a secondary option, you can copy the vncviewer.exe file to your c:\windows directory. Usage Notes Follow the distribution-specific instructions for enabling VNC support on your Unix or Linux Server.
Rackable Systems Management Card Chapter 12 Rackable Systems Management Card Introduction Rackable Systems manufactures a management card that is built into some of their servers. It interfaces between the Digi CM unit and the server’s serial port. In normal mode, it allows transparent communication between the Digi CM unit and the server. After detecting an escape sequence, it allows you to control functions from the server independently of the main processor.
Set up DTR behavior 3. Click Save & apply. High when open Assign a Port Name: 1. Choose port title from the menu. 2. Enter a port title. 3. Click Save & apply. Accessing the Rackable Systems Management Card from the Digi CM Unit’s User Interface 1. Access the Digi CM unit’s web interface. 2. Under the Serial Port heading choose Connection. A screen similar to the following appears. 3. Click on the icon in the M (Manage) column or on the title of the port to which the Rackable Server is connected.
Rackable Systems Management Card 4. Use the Digi CM unit’s user interface to perform Rackable Systems Management Card functions. The following describes attributes of the user interface controls. . Field Description Control Power status The first column shows the current state. Three buttons are available to initiate an action to either, power on, power off or restart the server. Dependant on the current status Power on or Power off is disabled.
Set up Field Description Show saved LCD message upon startup The first columns shows the current status: Yes or No. This parameter defines which message is displayed upon startup of the server, either the saved message or the standard: “Rackable Systems Phantom Vx.xx”. Contrast Set a contrast for the LCD panel. The default is 50, the range is 0 – 100. Phantom Properties 120 Temperature Indicates current temperature inside the Rackable Systems Server.
Configuring Remote Dial-In Access Chapter 13 Configuring Remote Dial-In Access Introduction The Digi CM unit supports dial-in connections from remote sites for out-ofband access. In this configuration, the Digi CM unit has serial ports configured for external modems and waits for dial-in connections from remote sites. If you dial-in using a terminal application, the Digi CM unit accepts the connection and displays a menu of available serials ports.
Configuring for Dial-In Modem Access sets the modem to quiet mode, echo off, and Auto Answer on two rings. The modem init string is used for initializing an external modem attached to the Digi CM unit’s serial port. See your modem user manual for more information. Callback - For security reasons, the callback feature can be activated. If callback is enabled, the Digi CM unit does not accept any incoming calls.
Configuring Remote Dial-In Access After the system has booted, the interval has elapsed, and the modem is not in use, the specified dial number is called. The modem trains and receives a login prompt from the other side (normally another Digi CM unit). If the login-in prompt (login:) is detected the line is disconnected again and the modem test is considered successful. Two ports can call each other using this modem test procedure. Please be aware that the tests will fail if the other modem is in use.
Adding a PC Modem and Version can be used, or specified separately. The Trap MIB can be downloaded from support.digi.com (select your product and go to Diagnostics, Utilities and MIBs). 6. Click Save & apply. Adding a PC Modem A PC card slot is provided on the front panel of the Digi CM unit. The graphic below has an arrow indicating the PC card slot. PC card slot Digi CM 32 shown To install and configure the PC modem on the Digi CM unit, do the following. 1. Insert the card into the PC slot. 2.
Configuring Remote Dial-In Access connected to when you access the port. Destination port -´ The TCP port that will be used when the port you accessed is automatically connected to a system on the network. Protocol - The protocol that will be used to establish the connection to Destination IP: port. The options are SSH, RawTCP, and Telnet. Inactivity timeout - The timeout length ranges from 1 to 3600 seconds; 0 is unlimited timeout. Modem init string - Use the default string or enter your own string. 6.
Power Controller Chapter 14 Power Controller Introduction The Power Controller feature allows the administrators of the Digi CM unit to use console management to control power functions. Power control consists of three basic functions: on, off, and reboot (power cycle). There are two typical scenarios when using a power controller. The simplest scenario is a non-serial device connected to a power controller (for example, an environmental sensor controller or a tape backup device).
Installing Power Controller The following illustration shows a Sun server configured through a serial port connection on the Digi CM 32. Installing Power Controller To connect the Digi RPM power controller to the Digi CM unit use the straightthru cable provided with the Digi RPM unit. Plug one side into the “Console” port of the Digi RPM unit and the other into any port of the Digi CM unit. If you plan to connect multiple power controllers, set up all of them as described before proceeding.
Power Controller Add the Power Controller 1. Log in to the Digi CM unit (username root, password dbps). 2. Click Power Controller > Configuration. 3. Select the port number of the serial port you want have connected to the power controller(s), the manufacturer of the power controller, and the number of units to be cascaded (1 means that one unit will be connected (no cascading)).
Setting Alarms and Thresholds Setting Alarms and Thresholds Power Controller allows administrators to set an alert via E-mail notification or an SNMP trap when environmental conditions exceed specifications. 1. Under Power Controller click Alarms & thresholds. 2. Enter the appropriate parameters. Select the condition(s) for an alert and enter the information for the alert (E-mail or SNMP trap or select both).
Power Controller Outlet Configuration The following procedure allows you to setup the power supplied to your device from the power controller. 1. From Power controller, click Outlets. 2. Click the outlet number to configure. 3. Select the serial port number that controls the device connected to the Digi CM unit (if any). If the port number has a title, it will appear.
User Access for Power Controller Note: The screen above shows that serial port one on the Digi CM unit is connected to a Sun Server that is supplied power from outlets 1 and 2 on the power controller. In the example above, Gilligan has access to the power outlets. 7. To select the parameters for the User Access Control, click the User Access link. You may grant specific users permission to access an outlet or restrict access for specific users from an outlet.
Power Controller 6. Under Everyone uncheck the Access type and click Save to flash. 7. Enter the user that will have access and check the Access type. Note: Port is access to the port. Monitor is access to sniff. Power is access to the power management. 8. Click Save to flash. Repeat steps 7 and 8 for additional users. 9. Click Save & apply after all users have been entered. Note: The screen above shows outlets 1 & 2 control power to the Sun Server configured on port 1 of the Digi CM unit.
Power Controller Management Note: Port is access to the port. Monitor is access to sniff. Power is access to the power management. 8. Click Save to flash and repeat steps 7 and 8 for additional users. 9. When all users have been added Click Save & apply. Note: Gilligan does not have access to Outlet # 4. Power Controller Management The Power Controller Management option allows you to change outlet settings or get a quick update of the power controller status. 1. Under Power Control click Management.
Power Controller 2. Click either the Port # or the power controller title. The Power controller statistics screen appears to show the Alarm threshold, Current temp, Circuit breaker condition, RMS voltage, RMS current, and Max current detected. The Clear button will reset the Max current detected to 0.0 amps. From this screen click Outlets. 3. Select the outlet number that you would like to manage.
Cascading Multiple Digi RPM Units Cascading Multiple Digi RPM Units The Digi RPM power controllers can be cascaded when used with the Digi CM unit. The DIP switches on the front panel of the Digi RPM allow configuring unique identities (ID) to the Digi RPMs so they can be identified. In a cascaded environment each unit has to be configured to a unique ID. To cascade the Digi RPM units, connect a serial port of the Digi CM unit to the Console Port of the first Digi RPM unit using a straight-thru cable.
Power Controller Chapter 14 137
Port Clustering Port Clustering Chapter 15 Introduction Port clustering is the ability to manage many serial ports on one or multiple slave devices from one master device using a single IP address. For instance, the Digi CM unit can manage up to 16 slave devices or a maximum 816 serial ports with one Master device. Ports can be configured either collectively or individually depending on user preference.
Configuring Port Clustering Configuring Port Clustering Assigning Master Clustering Mode To assign a Digi CM unit as the master cluster device, do the following: 1. Access the Digi CM unit through the web interface. This Digi CM unit needs to be the unit you want as the Master. 2. Under the Clustering heading, choose Configuration. 3. Choose Master from the drop down menu. Subsequent units will be configured in Slave mode by default. 4. Choose Save & apply.
Port Clustering Select the appropriate settings then click Save and apply. Advanced Clustering Configuration To refine a cluster environment, use the following parameters for advanced configuration of a cluster. To access the Advanced menu follow the proceedure listed below. 1. Select Clustering > Configuration > Master >Save & apply. 2. Select the port number > Enable > Save & apply. 3. Select Advanced from the Clustering >Master mode. This shows whether the port is enabled or disabled.
Configuring Port Clustering Slave authentication mode - To specify if your database is controlled by the master unit, or locally by the slaves themselves. Update Master on Changes -Automatically updates port name changes, port settings, and user permission settings to the master unit. Generally, Update Master on changes should be yes. Connect to slave unit to change configuration - A quick access method to connect to the slave.
Port Clustering Accessing the Cluster Ports You can connect to the slave port using the web, Telnet or SSH client. You can access the port access menu or custom menu of each slave device or connect directly to each slave port. — Web Access 1. Click Clustering > Connection > Port number. 2. Log in to the port 3. Enter the port escape sequence (listed on page) — Telnet 1. Telnet to the IP and the port number of the device. telnet 143.191.3.9 7101 2. Login and enter your password root dbps 3.
Configuring Port Clustering 3. Enter the port escape sequence (listed on the page) Depending on your access rights you can sniff (read only) or monitor (read/ write), or manage power of the ports.
System Administration System Administration Chapter 16 Introduction This chapter describes how to perform tasks performed either by root or the system administrator. These tasks fall under the general heading of system administration and include firmware upgrades, saving configurations, resetting the unit to defaults, and disaster recovery procedures. Upgrading the Firmware Web Interface The web interface allows you to download the latest firmware version to the Digi CM unit.
Configuration Management Configuration Management Configuration management allows you to save all or parts of your configuration. You can also establish the time frame to save the configuration either periodically or 10 minutes after the latest changes. The Digi CM unit saves all configurations when the Save & apply button is used or the Apply changes link is used. These configurations are saved to the loca lDigi CM unit in /tmp/cnf directory by default.
System Administration • Backup interval The periodic hourly interval to back up the configuration files. • Recipient’s email address The email address to send the configuration file. To setup the automatic backup option follow the procedure. 1. Select Periodic or 10 minutes after latest change from the drop down menu. 2. Select the location to save the file. 3. Select Yes or No to encrypt and enter the file name. 4. Enter the number of hours for the backup interval (if periodic) 5.
Automatically Upgrading the Digi CM Unit’s Firmware or Configuration using TFTP 2. Set “Automatic firmware and configuration upgrade at boot time” to Enable. 3. Set “Use DHCP option for remote server and hash file” to Yes. 4. Click Save & apply. The next time the Digi CM unit reboots, it will analyze the hash file and upgrade the firmware, configuration, or other files if required.
System Administration After the firmware was upgraded the Digi CM unit boots again. Syntax for action 2: configuration upgrade ,, . specifying the path and the filename of the configuration file on the TFTP server . specifying the product name especially the port count e.g. DigiCM48, DigiCM32, DigiCM16 or DigiCM8 This allows you to have one hash file for different models. .
Resetting Factory Defaults Resetting Factory Defaults There are two ways to reset the unit to the factory defaults. The quickest and simplest method is to push and hold the hardware factory default reset button until the Ready light on the front panel goes out. The reset button is located on the back panel of the unit next to the Ethernet port. The arrow points to the reset button’s location. Factory reset button Digi CM 32 shown The alternative method to reset the unit is through the web interface.
System Administration • • Serial Port IP Address: 192.168.1.101Serial Port TCP Port Number: 7001- Setting Date and Time The Digi CM unit provides two options for keeping system time. The first is by using an NTP server and the other is through an internal battery backup. To configure the Digi CM unit for date and time, do the following: 1. Access the web interface. 2. System administration > Date and time. 3.
Configuring a Host Name 2. System administration > Device name. 3. Enter the name you want to assign the Digi CM unit. 4. Choose Save & apply.
Command Line Interface Command Line Interface Chapter 17 Introduction The Digi CM unit runs the embedded Hard Hat Linux operating system. The command line interface for configuration purposes is accessible only by the root user. The system administrator has read only privileges from the command line. By default the root user is connected to the CLI (command line interface) when accessing the Digi CM unit through Telnet or SSH.
Important File Locations Shell and Shell Utilities sh ash bash echo sed env false grep more which pwd File and Disk Utilities ls cp mv rm mkdir rmdir ln mknod chmod touch sync gunzip gzip zcat tar dd df du find cat vi tail mkdosfs mke2fs e2fsck fsck mount umount scp System Utilities date free hostname sleep stty uname reset insmod rmmod lsmod modprobe kill killall ps half shutdown poweroff reboot telnet init useradd userdel usermod whoami who
Command Line Interface Config Files All config files are in /tmp/cnf and /tmp/cnf subdirectories. The following table lists the filenames and a brief description. File Name Chapter 17 Description active_detect Active auto detection of serial devices chap-secrets Chap authentication information when using “PPPoE” client.pem Web certificate ./cluster/cluster.conf Cluster “Master” port information ./cluster/unit#.conf Cluster “Slave” port information .cnfversion Version of current configuration.
Example Scripts File Name Description system.cnf Basic network config information (IP, gateway, etc.) timezone Time zone configuration ./.usracctl Directory containing user access control information version Firmware version User Storage Space The Digi CM unit comes with 1 megabyte of user storage space. This storage space can be used to store custom scripts. The location is /usr2. Custom scripts such as simple commands, are simply dropped into /usr2.
Command Line Interface 2. After editing /etc/services copy it to /usr2 cp /etc/services /usr2 3. Edit /usr2/rc.user and add the following line just above "exit 0": cp -a /usr2/services /etc/services 4. Reboot reboot Note: If you factory default the unit, the '/usr2/rc.user' script file is moved to '/usr2/ rc.user.old#' and the default rc.user file will be restored.
User Administration Additional binaries or applications can be added to /usr2 such as: • crontab • netstat • fuser To download these utilities go to: http://ftp.digi.com/support/utilities/digicm/ User Administration Add, edit or delete users with the Digi CM unit’s command line interface. • • • 158 Add user Example: useradd -d /tmp [-g groupid] [-s shellprogram] [username] groupid = Options are: Sys admin, Port admin, or Standard User.
Command Line Interface Locator LED Script The Find Me LED on the Digi CM 48 can be deactivated and reactivated with the following file and command. Note: All other Digi CM units have the locator feature without a Find Me LED. To identify another Digi CM unit, all the LEDs blink when the feature is activated.
Configuration Menu Chapter 18 Configuration Menu Introduction to the Configuration Menu The configuration menu presents the same functionality in configuring the Digi CM unit as does the web interface, excluding the creation of custom menus. The configuration menu is navigated by using the number representing the menu item and the ESC key to return to earlier menus. Telnet to the Digi CM unit, log in (username root, password dbps) and enter configmenu to start any configuration.
Configuring SSH selected. Sometimes only one menu item is presented; however, that single menu item has two or more options that have to be configured. Configuring SSH 1. Choose Serial Port Configuration and then an individual port number or 0 (zero) for all ports. The Save changes option 2. Choose Host mode configuration > Protocol > SSH. saves changes to flash memory only. Choose Exit and apply changes when you have made all your changes. 162 3. Use the ESC key to return to the main configuration menu.
Configuration Menu Adding, Editing, and Removing Users 1. Choose System administration > User administration and then choose an operation to perform (Add, Remove, or Edit) 2. Configure the user as required. 3. Use the ESC key to return to the main configuration menu. 4. Choose Exit and apply changes. Adding and Configuring a PC Card To add a modem card, compact-flash card, wireless LAN card, or a network card to the Digi CM unit using the configuration menu, do the following: 1.
Port Parameters 2. Choose Serial Port Configuration > an individual port number or 0 (zero) for all ports > Host Mode Configuration. 3. Enter the desired parameters for each menu item. 4. Use the ESC key when all parameters are entered to return to the main menu. 5. Choose Save changes. Port Parameters 1. Access the configuration menu. 2. Choose Serial Port Configuration > an individual port number or 0 (zero) for all ports. 3. Enter the desired parameters for each menu item. 4.
Configuration Menu You can access this menu through a Telnet or SSH session using the IP address of the Digi CM unit followed by the port number 7000 as in the following example: telnet 192.168.100.200 7000 By default root is connected to the command line interface and the preceding option allows the root user access to the port access menu. System Logging System logging is a two part process. First, the device being used to record the system logs must be configured.
Configuring SNMP 3. Disable or enable the server. 4. Use the ESC key when all parameters are entered to return to the main menu. 5. Choose Save changes. Configure System Logging 1. Access the configuration menu. 2. Choose System Status & log > System logging. 3. Enter the desired parameters for the menu items. 4. Use the ESC key when all parameters are entered to return to the main menu. 5. Choose Save changes. Configuring SNMP To configure SNMP from the configuration menu, do the following: 1.
Configuration Menu 1. Access the configuration menu. 2. Choose Network configuration > SMTP configuration. 3. Enter the desired parameters for the menu items. 4. Use the ESC key when all parameters are entered to return to the main menu. 5. Choose Save changes. Network IP Filtering To configure the Digi CM unit for Network IP filtering, do the following: 1. Access the configuration menu. 2. Choose Network configuration > IP filtering. s 3.
Port IP Filtering 4. Use the ESC key to return to the main menu. 5. Choose Save changes. Port IP Filtering To configure the Digi CM unit for Port IP filtering, do the following: 1. Access the configuration menu. 2. Choose Serial port configuration. 3. Choose an individual port number or 0 (zero) for all ports > IP filtering. 4. Choose a menu item and enter the desired parameters for the menu items. 5. Use the ESC key when all parameters are entered to return to the main menu. 6. Choose Save changes.
Configuration Menu 6. Choose a menu item and enter the desired parameters. 7. Use the ESC key when all parameters are entered to return to the main menu. 8. Choose Save changes. For information on entering a sniff session, see the next section, "Viewing A Sniff Session" on page 169. Viewing A Sniff Session A sniff user enters a sniff session by starting a Telnet session on a specified port. In the following example, a sniff user telnets to port 7 of the Digi CM unit.
Sniff Sessions displayed with your permitted options. The first user (with port access rights) to login to the port is in the main session. The next user (with port access rights) to enter the port will be given the option to take over the main session. This user is given the option to take over the main session by either terminating the first user or switching the first user to sniff (read only).
Configuration Menu Escape Sequence Ctrl+ x Description of Action close current connection to port Occurrence closes the sniff session connection Authentication 1. 2. 3. 4. Access the configuration menu. Choose Serial port configuration. Choose an individual port number or 0 (zero) for all ports > Authentication. Choose Authentication type. 5. Use the ESC key to return to the main menu. 6. Choose Save changes.
Upload Server Certificate or SHI will not display this menu) 2. Copy your own server.pem file to /tmp/cnf/ using scp. Please don't forget to run saveconf command in CLI if you want to keep this change permanently. You can use your own certificate for your Digi CM unit after replacing the original server.pem on /tmp/cnf/ with your server.pem. The following procedure is to import an SSL certificate for the HTTPS interface. OpenSSL(SSLeay) Simple CA Usage - Install Openssl 1.
Configuration Menu 5. Write new private key to './demoCA/private/./cakey.pem' 6. Enter PEM pass phrase: ; CA Password (Enter passsword and remember this) Verify password - Enter PEM pass phrase: ; CA Password ----- Note: The following information will be incorporated into your certificate. You will enter text for a field call Distinguished Name or a DN. Although there are many fields, some can be left blank, use a default, or enter ’.’ and the field will be left blank.
Upload Server Certificate You will enter text for a field call Distinguished Name or a DN. You may enter a default or ’.’ to leave the field blank.
Configuration Menu Subject: C=US, ST=Minnesota, L=Minneapolis, O=Digi International, CN=Digi CM Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) .... -----BEGIN CERTIFICATE----.... -----END CERTIFICATE----Signed certificate is in newcert.pem 4. Verify signed certificate(newcert.pem) is generated. # ls demoCA key.pem newcert.pem newreq.pem req.pem Make Certificate for the Digi CM Unit 1. Removing headings in newcert.pem file # cd /work/openssl-0.9.
Dial-in Terminal Server Access To configure a serial port for a dial-in modem, do the following: 1. Access the configuration menu. 2. Choose Serial Port Configuration. 3. Choose an individual port number and then Host Mode Configuration. 4. Select Host mode and then Dial-in modem. 5. Use the ESC key to return to the main menu. 6. Choose Save changes. Dial-in Terminal Server Access Individual serial ports on the Digi CM unit can be configured for a dial-in terminal server access.
Configuration Menu 4. Choose Dial-in Terminal Server and configure the other configuration parameters. 5. Use the ESC key to return to the main menu. 6. Choose Save changes. Clustering By default clustered slave devices are configured using the Telnet protocol and port parameters of the following: bps=9600, data bits=8, parity=none, stop bits=1, flow control=none. When the master device autoconfigures a slave device, it simply imports the information from the slave unit.
Firmware Upgrade 7. Select the port number to configure or 0 for all ports. 8. Select Enable configuration 9. Select Auto Configuration 10. Choose Exit and apply changes. Firmware Upgrade Before upgrading firmware from the configuration menu you should have: • Downloaded the firmware to a system on the same subnet • Set up a terminal emulation program that supports Zmodem transfer protocol To upgrade the firmware with the configuration menu, do the following: 1. Access the configuration menu. 2.
Configuration Menu Restoring Factory Defaults You have two choices to restore the unit to its factory defaults. The options are restoring all factory defaults or restoring all factory defaults except IP settings. To restore your unit to the factory defaults, do the following: 1. Access the configuration menu. 2. Choose System administration. 3. Select Configuration import. 4. Select Location 5. Select Factory Default. The system will restore factory defaults, and the unit will automatically reboot.
Accessing the Boot Loader Program testing module that detects and tests hardware components on the unit. To access the Boot Loader program, do the following: 1. Connect the Ethernet cable from the console port on the rear panel of the Digi CM unit to a serial port on a workstation. Use the Ethernet cable packaged with the Digi CM unit and attach the DB-9 adapter. The arrow in the following graphic points to the Console Port. Console Port back of Digi CM 32 shown 2.
Use the ESC key to return to an earlier menu screen. 5. Choose Firmware upgrade by entering 3. The following screen appears. 6. Enter the information for the first menu items. • Protocol: The choices are BOOTP or TFTP • IP address assigned: Enter the IP address of the Digi CM unit • Server’s IP address: The IP address of the BOOTP or TFTP server • Firmware File Name: The filename for the firmware Note: Use the ESC key to back up to earlier menu screens. 7. Choose Start firmware upgrade.
Hardware Information Hardware Information Chapter 19 Introduction This chapter provides information on Digi CM hardware. Among the topics covered are the hardware specifications, LED descriptions, pinouts for the Ethernet cable, pinouts for the cable adapters, and rack mounting specifications.
Hardware Specifications Digi CM 16 and Digi CM 32 AC Powered Value Attribute DC Powered Value Operating temperature 40°F to 120°F (5°C to 50°C) 40°F to 120°F (5°C to 50°C) Storage temperature -20°F to 140°F (-29°C to 60°C) -20°F to 140°F (-29°C to 60°C) Humidity 10% to 90% non-condensing 10% to 90% non-condensing Power supply Internal, 100 -240VAC, 50/60 Hz, 1.2A (max) Internal, 36 - 72 Vdc, 1.2A (max) Power consumption 0.
Hardware Information LED Indicators Use the LED indicators to confirm your attachment to the network and that the Digi CM unit is able to send and receive data.
Cable Adapters Cable Adapters The Digi CM unit comes with four cable adapters. The following illustrations show cable adapter pin outs. Additional adapters can be purchased from Digi in quantities of 8.
Hardware Information DB-9 Female Console Adapter (Digi 8-pack reorder P/N 76000671) Pin #1 Pin #5 Pin #1 Pin #6 Pin #8 DB-9 Female to RJ-45 Pin Assignments RJ-45 Chapter 19 Signal 1 CTS 2 DSR 5 DCD 3 DB-9F Signal Connected to 7 RTS Connected to 4 DTR RxD Connected to 3 TxD 4 GND Connected to 5 GND 6 TxD Connected to 2 RxD 7 DTR Connected to 1 DCD 6 DSR 8 RTS Connected to 8 CTS 187
Cable Adapters DB-25 Female Console Adapter (Digi 8-pack reorder P/N 76000673) Pin #1 Pin#13 Pin#25 DB-25 Female to RJ-45 Pin Assignments 188 RJ-45 Signal DB-25M Signal 1 CTS Connected to 4 RTS 2 DSR 5 DCD Connected to 20 DTR 3 RxD Connected to 2 TxD 4 GND Connected to 7 GND 6 TxD Connected to 3 RxD 7 DTR Connected to 6 DCD 8 DSR 8 RTS Connected to 5 CTS Chapter 19
Hardware Information DB-25 Male Modem Adapter (Digi 8-pack reorder P/N 76000670) Pin #13 Pin #1 Pin #25 DB-25 Male Modem to RJ-45 Pin Assignment RJ-45 Chapter 19 Signal DB-25M Signal 1 CTS Connected to 5 CTS 2 DSR Connected to 6 DSR 3 RxD Connected to 3 RxD 4 GND Connected to 7 GND 5 DCD Connected to 8 DCD 6 TxD Connected to 2 TxD 7 DTR Connected to 20 DTR 8 RTS Connected to 4 RTS 189
Ethernet Pinouts DB-9 Male Modem Adapter (Digi 8-pack reorder P/N 76000702) (Available but not included) Pin #5 Pin #1 Pin #1 Pin #8 Pin #6 DB-9 Male Modem to RJ-45 Pin Assignment RJ-45 Signal DB-9M Signal 1 CTS Connected to 8 CTS 2 DSR Connected to 6 DSR 3 RxD Connected to 2 RxD 4 GND Connected to 5 GND 5 DCD Connected to 1 DCD 6 TxD Connected to 3 TxD 7 DTR Connected to 4 DTR 8 RTS Connected to 7 RTS Ethernet Pinouts The Digi CM unit uses a standard Ethernet
Hardware Information Rack Mounting Installation Rack shown in illustration is not included with the Digi CM unit. 1. Attach enclosed bracket ears to rack as shown in illustration. 2. Follow safety precautions when placing the Digi CM unit on the rack. Rack Mounting Safety Precautions • • • • • • • • Chapter 19 Distribute weight evenly in the rack to avoid overloading. Ensure proper ventilation with at least 12 inches (30 centimeters) of clearance on all sides.
Rack Mounting Installation • • • 192 Locate the DC supply source within the same premises as the equipment. Route away and secure all DC input wiring from sharp edges to prevent chaffing as well as provide strain relief. Provide a readily accessible disconnect device and protective device a fixed wiring for a DC power supply suitable for the specified rated voltage and current. Disconnect and protective devices to be rated 2A Amps maximum.
Certifications Certifications Chapter 20 Safety • • • US: UL1950 Canada: CSA 22.2 No. 60950 Europe: EN60950 (CB Scheme Report) Working Inside the Digi CM Unit NOTICE: Do not attempt to service the Digi CM unit yourself, except when following the instructions from Technical Support personnel. In such a case, first perform the following actions: • Turn off the Digi CM unit.
Safety Environmental Considerations and Cautions The following is a list of environmental considerations that will ensure safe and efficient operation of the Digi CM unit: • Do not position the Digi CM unit near high-powered radio transmitters or electrical equipment, such as electrical motors or air conditioners. Interference from electrical equipment can cause intermittent failures. • Avoid exceeding the maximum cabling distances discussed in the online cable guide.
Certifications • • • • • grounding prong from the cable. If you have to use an extension cable, use a 3-wire cable with properly grounded plugs. To help protect the Digi CM unit from transients in electrical power, use a surge suppressor, line conditioner, or a continuous-protected (a power supply that cannot be interrupted) power supply. Be sure that nothing rests on the Digi CM unit cables and that the cables are not located where they can be stepped on or tripped over.
Index 3DES 27 A accessing a port web interface 17 ADDP (Advanced Device Discover Protocol) 16 administration See system administration alerts and notifications for Power Controller 130 port event handling 65 SMTP alerts 62 SNMP information 62 traps 63 apply all ports settings 51 applyconf 153 assigning IP settings 25 authentication 84 configuration menu 171 configuring 84 local 84 automatic device recognition 23 configuring 49 B Blowfish 27 Boot Loader program 179 accessing 180 boot sequence 154 C cabl
F N factory defaults reset button 150 resetting 150 restoring (configuration menu) 179 values 150 firmware automatically upgrading 147 upgrade (configuration menu) 178 upgrading 145 network card adding 32 NTP server 151 H hardware specifications 183 hardware test menu 180 host mode configuring (configuration menu) 163 host name configuration 151 HyperTerminal 25 I immunity certifications 195 inter-character timeout 56 IP filtering configuring network 73 examples 76 network (configuration menu) 167 po
serial modem adding 34 serial port parameters 56 serial port pinouts 185 SMTP alerts 62 configuring 166 sniff session configuration menu 168 viewing 169 SNMP 62 configuring 63, 166 configuring (configuration menu) 166 managing the SNMP protocol 64 Solaris Ready 195 SSH 20 accessing a port 27 configuring (configuration menu) 162 encryption methods 27 SYSLOG server enabling 40 system administration configuration management 146 firmware upgrades 145 host name configuration 151 resetting factory defaults 150 us
PN:(1P) 90000301-88 G