Digi Passport User’s Guide 90000767_D
Digi International Inc. 2011. All rights reserved. Digi, Digi International, the Digi logo, Digi Passport, Digi One, and RealPort are trademarks or registered trademarks of Digi International, Inc. in the United States and other countries worldwide. All other trademarks are the property of their respective owners. This product contains software licensed under the GNU Public License version 2 and other open source licenses. For information on these licenses, go to: http://www.gnu.org/copyleft/gpl.
Contents Chapter 1 Introduction Digi Passport™ Model Support ............................................................................11 Feature Overview .................................................................................................11 Feature Summary.................................................................................................12 Discovering and Configuring the Digi Passport unit .............................................
Add a User ................................................................................................... 36 Edit a User .................................................................................................... 38 Remove a User ............................................................................................ 39 Unlock a User Account ................................................................................. 39 Add an Access List and Add Users to It ..........................
Supported SNMP Traps .....................................................................................109 Setting Additional Traps at the Port Level ..........................................................110 Configure SNMP v1 or v2...................................................................................111 Manage SNMP configuration .............................................................................113 SNMPv3 Configuration ...........................................................
Connect to ports ......................................................................................... 162 Change password ...................................................................................... 162 Display and connect to slave units ............................................................. 162 To search via port title ................................................................................ 162 Port display for Digi Passport 48 only ............................................
Configure for Dial-In Terminal Server Access ....................................................191 Chapter 14 Power Controller About the Power Controller Feature...................................................................192 Install Power Controller ......................................................................................193 Configure Power Controller ................................................................................
Clustering push configuration.............................................................................236 Chapter 16 Configuration Menu Interface About the Configuration Menu............................................................................239 Access the Configuration Menu .........................................................................239 Navigating in the Configuration Menu ................................................................239 Saving Changes ..........................
Chapter 17 Command Line Interface Back Up All Configuration Files Before Using Commands.................................276 Linux Commands ...............................................................................................277 Commands for Saving and Applying Changes ........................................... 277 Commands for accessing and configuring Passport unit and serial ports .. 277 Dual Network Options .......................................................................................
Chapter 19 Specifications and Certifications Hardware Specifications.....................................................................................299 Digi Passport 4 Models .............................................................................. 299 Digi Passport 8/16/32/48 Models ............................................................... 300 LED Indicators....................................................................................................301 Serial Port Cabling ...........
Digi Passport™ Model Support Introduction Chapter 1 Digi Passport™ Model Support This manual offers information on the Digi Passport 4-port, 8-port, 16-port, 32-port, and 48-port models. Feature Overview With the Digi Passport unit, administrators can securely monitor and control servers, routers, switches, and other network devices from anywhere on the corporate TCP/IP network, over the Internet, or through dial-up modem connections even when the server is unavailable through the network.
Feature Summary Feature Summary Feature Category Network and Security Authentication and Certifications Console Access Methods Feature • IP v4/v6 dual stack • • • • • RealPort® and Encrypted RealPort support SSH v2 server and client TLS/SSL IP Filtering Central access to security parameters via the Security Profile including network, port, and password securities.
Feature Summary Feature Category Digi Passport Self-Management Capabilities Feature • • • • • Advanced Digi Discovery Protocol (ADDP) for locating the the Digi Passport unit unit on the network Find Me locator light Telnet/SSH Command line interface Web interface--HTTP/HTTPS SNMPv3 management interface Secure Clustering: Single IP address for multiple Digi Passport devices TFTP firmware with automated capability and configuration update upon boot Custom applications Perl programming and scripting USB Exp
Discovering and Configuring the Digi Passport unit Discovering and Configuring the Digi Passport unit See the Quick Start Guide that came with the the Digi Passport unit to connect the hardware and configure an IP address for the unit. Alternatively, insert the Software and Documentation CD in your computer’s CD drive, and select the Digi Device Discovery program. This program uses the Digi-proprietary Advanced Digi Discovery Protocol (ADDP) to discover all devices on a network.
Configuration User Interface Options for Digi Passport Configuration User Interface Options for Digi Passport There are several interface options for configuring the Digi Passport unit: using the web interface, configuration menu, command line interface, or Simple Network Management Protocol (SNMP). Web Interface The Digi Passport web interface provides an easy way to configure the Digi Passport unit. The root user and system administrator can configure all features through the web.
Configuration User Interface Options for Digi Passport Configuration Menu The root user and system administrator have full access to the configuration menu from a Telnet or SSH session or a serial connection through the console port. Functionality is similar to the web interface, with the exception of custom menus, which can be created only from the web interface. The configuration menu is presented by entering the command configmenu.
Configuration User Interface Options for Digi Passport Command Line Interface The command line interface can be accessed from a Telnet or SSH session or from the console port. The root user always has access to this interface, and the admin user can be granted read-only permission. SNMP An SNMP MIB to configure the Digi Passport unit is available on the Passport CD and can be downloaded from support.digi.com. To allow use of this MIB, SNMP configuration must be enabled in the security profile.
Users and User Groups Users and User Groups Root and Admin Usernames and Passwords The Digi Passport unit comes with two default users; root and system admin. The user names of the the Digi Passport unit are case sensitive. User Name Default Password root dbps admin admin Adding Port Administrators and Users The system administrator and root user can add port administrators and additional users easily with the web interface by choosing System administration > User administration > Add user.
Options for Accessing the Digi Passport Ports Options for Accessing the Digi Passport Ports There are multiple ways to access the native serial ports on the Digi Passport unit: • Web Interface • Port Access Menu • Direct Port Access • Custom Menus Web Interface Access Menu The web interface menu provides easy and convenient access to ports. All users can access the menu by entering the the Digi Passport unit IP address or host name in a web browser’s address bar.
Options for Accessing the Digi Passport Ports 3. Select a port. A Java applet or Telnet window opens with a login prompt. The web interface can also be configured to call a local Telnet or SSH application, see "Host Mode Configuration" on page 71.
Options for Accessing the Digi Passport Ports Port Access Menu Access Type Permissions Procedure Web interface Any user can use this method. 1. Access the web interface 2. Select Serial port > Connection > Port access menu connection 3. Log in Telnet/SSH Any user can use this method. 1. Telnet to the Digi Passport unit specifying its IP address and port 7000. (7000 is the default socket port for access menu) Example: telnet 192.168.15.7 7000 2.
Options for Accessing the Digi Passport Ports Direct Port Access Connect directly to a properly configured port through a Telnet or SSH session. Configuration requirements include setting the Host Mode to Console Server Mode and the Protocol to either Telnet or SSH. Ports, by default are set to Console Server Mode and Telnet. Use the following information to make a Telnet or SSH connection to a port. The example assumes that the Listening TCP port is 7003, the default for port 3.
Options for Accessing the Digi Passport Ports Port Escape Menu Port escape is the ability to escape from a port without disconnecting. In port escape mode, a menu of options is displayed, for example, to power the connected device on or off, send messages to port users, or close the current connection to the port. Port escape is available in main sessions as well as sniff sessions. Every connection method accommodates port escape. Configure the escape sequence per port.
Automatic Device Recognition Automatic Device Recognition The Automatic Device Recognition feature allows the Digi Passport unit to automatically detect and recognize attached devices. The Digi Passport unit sends a set of automatic detection criteria, including sets of serial parameters and a probe string (default is < Enter >), and analyzes the response. If Use detected port title is enabled, the Digi Passport unit displays the detected OS, device, and port number in the format: CISCO.Router.port3 Sun.
Assign IP Settings from the Console Port Getting Started Chapter 2 This chapter covers basic configuration topics, including assigning IP settings, accessing and navigating in the web interface, enabling secure access with the web interface, accessing the unit through SSH, and user administration: adding, editing, or removing users, managing user accounts, and creating access lists. Initial setup is described in the Quick Start Guide included with the product packaging.
Assign IP Settings from the Console Port 5. Enter the number 1 for Network Configuration. 6. Enter the number 1 to select the port for IP configuration 7. Enter 1 for IPv4. 8. Enter the appropriate parameters for the IP settings. 9. From the menu, enter a to apply, and enter x to exit. Changes are saved and applied immediately. There is no need to reboot.
Access the Web interface Access the Web interface There are two ways to access the web interface. • Using Digi’s device discovery tool, ADDP (Advanced Digi Discovery Protocol). This device discovery tool is used to find and launch the web configuration and management interface. ADDP will work whether or not the unit has an address assigned, and whether or not there is a DHCP server on the network, it only requires that the ADDP software is running on a computer on the same LAN segment as the Digi Passport.
Saving and Applying Changes in the Web interface Saving and Applying Changes in the Web interface In the web interface, there are two ways save and apply configuration changes. • To save and apply changes immediately, click the Save & apply button. • To save multiple changes, but apply changes once, click the Save to flash button. Changes are immediately saved, but they do not take effect until clicking Apply changes. The Apply changes link is located on the left navigation menu.
Serial Port Connection Page: Manage and Control Connections Serial Port Connection Page: Manage and Control Connections Upon login, a page showing the systems that can be managed and controlled is displayed. . The Serial port connection page displays status of all ports at a glance.
Serial Port Connection Page: Manage and Control Connections Warnings and Alerts on the Serial Port Connection Page If the power to a unit is turned off, the power warning status is indicated on the main screen. If an event alert has been triggered, then the Alert Icon will appear. Capabilities from the Serial Port Connection Page Systems can be powered on and off, a console to the serial console can be launched, and a freeKVM session can be initiated to the server.
Configure Access to Digi Passport via SSH Configure Access to Digi Passport via SSH Access to the Digi Passport unit's command line via SSH is enabled by default (TCP port 22). The Port Access Menu and individual ports can be configured for SSH. The Digi Passport unit supports Blowfish and 3DES encryption methods for SSH. Configure the Port Access Menu for SSH 1. Enter the IP address of the Digi Passport unit into the address bar of the browser to access the web interface. 2.
Configure Access to Digi Passport via SSH Configure a Port for SSH 1. Enter the IP address of the Digi Passport unit into the address bar of the browser to access the web interface. 2. Log in as root, admin, or a member of the port administration group. The default password for root is dbps, and the default password for admin is admin. 3. Under Serial port > Configuration. 4. Select All ports or an individual port to configure for SSH. 5. Click Host mode configuration. 6. For Protocol, select SSH. 7.
Configure Access to Digi Passport via PPP Configure Access to Digi Passport via PPP The Digi Passport unit can be configured to support access to it via dial-in Point-to-Point (PPP) connections. PPP can be configured from a variety of interfaces, including the Digi Passport unit’s web interface, Windows XP, or a Linux client. Configure PPP from the Passport Web Interface 1. Select Network > PPP configuration >Basic PPP settings.
Configure Access to Digi Passport via PPP Configure PPP from the Windows XP Interface 1. Select Start > Control Panel > Network Connections. The Network Connections window is opened. 2. Select File > New connection to launch the New connection Wizard. 3. Select Connect to the network at my workplace and click Next. 4. Select Dial-up connection and click Next. 5. Enter Connection name and click Next. 6. Enter Phone number and click Next. 7.
Configure Access to Digi Passport via PPP Configure PPP from a Linux Client 1. From the command line of a Linux client on a Redhat 9 machine, run the kppp utility: # kppp 2. 3. 4. 5. On the KPPP window, click Setup. On the Accounts tab of the KPPP Configuration window, click New. On the Create New Account window, select Dialog Setup. On the Dial tab of the New Account window, enter the desired name in the Connection name field. Click Add. 6. Enter the phone number of internal modem and click OK. 7.
User Administration User Administration Required Privileges for User Administration Only root and admin users can administer other users. The root user has unlimited administration privileges. The admin user can view and change all attributes except those that belong to the root user. There are several ways to manage users. A user can be added, edited, or removed. Multiple users can be managed in Groups or Access lists.
User Administration User attributes User attribute Chapter 2 Description User name Name for the user. Rules for user names include: • User names are case-sensitive. • Must be between 3 and 29 characters. • Cannot include colons (:), less than or greater than signs (< >), ampersand (&), spaces, or quotation marks. • The at sign @ and period. are acceptable. Select group The group to which the user is assigned. Groups include Root, System Admin, Port Admin and User.
User Administration Edit a User 1. Enter the IP address of the Digi Passport unit in the address bar of a web browser to access the web interface. 2. Log in as root or admin. The default password for root is dbps; for admin, admin. 3. Under System administration, select User administration. The User administration page is displayed: 4. Click on the username. The Edit user page is displayed, showing the user attributes: 5. Change the user attribute fields as needed.
User Administration Remove a User 1. Enter the IP address of the Digi Passport unit in the address bar of a web browser to access the web interface. 2. Log in as root or admin. The default password for root is dbps; for admin, admin. 3. Under System administration, select User administration. The User administration page is displayed: 4. Select the checkbox next to the user to be removed. 5. Click Remove. 6. Click OK at the prompt.
User Administration Add an Access List and Add Users to It Access lists are used to add rights to a single user or to multiple users at the same time. In addition, multiple users can be grouped and assigned one, some, or all these rights: • Port access rights • Port monitor rights • Power management rights to an access list To add an access list: 1. Enter the IP address of the Digi Passport unit in the address bar of a web browser to access the web interface. 2. Log in as root or admin.
User Administration 6. Add the users to the access list. Add one user at a time to the access list by entering the name into the User name edit-box and clicking Add. Add users that are not locally configured on the Digi Passport unit, but use a centralized authentication method such as RADIUS, LDAP etc. Important: Take care when entering user names in the access list, as the spelling of user names is not verified against the local user database.
Compatible PC Cards Install and Configure PC Cards Chapter 3 This chapter includes information on adding and configuring PC cards for the Digi Passport 8, 16, 32, and 48 port units. PC card devices that can be added to the the Digi Passport unit include a serial modem, compact-flash card, wireless LAN card, and a network LAN card. Compatible PC Cards All compact-flash, and most simple serial modem cards should work with the Digi Passport, but not all LAN, wireless LAN, or combo cards will.
Add a Compact-flash Card Add a Compact-flash Card A PC card slot is located on the front panel of the Digi Passport unit. The arrow in the following graphic indicates the PC card slot. Important: Before removing a PC card, always click the Stop card service button, then Save & apply. PC card slot Digi Passport 32 shown To install and configure the compact-flash card on the Digi Passport unit: 1. Insert the card into the PC card slot. 2.
Add a Network Card Add a Network Card To install and configure a network card on the Digi Passport unit, do the following. 1. Insert the card into the PC slot. 2. Enter the IP address of the Digi Passport unit in the address bar of a web browser to access the web interface. 3. Under the PC card heading, click Configuration. The card is automatically discovered and a configuration menu is displayed. 4. Enter the appropriate parameters in the configuration menu. 5. Click Save & apply.
Add a Wireless LAN Card Add a Wireless LAN Card To install and configure a wireless LAN card on the Digi Passport unit, do the following. 1. Insert the card into the PC slot. 2. Enter the IP address of the Digi Passport unit in the address bar of a web browser to access the web interface. 3. Under the PC card heading, click Configuration. The card is automatically discovered and a configuration menu is displayed. 4. Click Configure the detected card. 5.
Add a Serial Modem Add a Serial Modem The modem must first be inserted and installed before it can be used. To configure the modem do the following: 1. Enter the IP address of the Digi Passport unit in the address bar of a web browser to access the web interface. 2. From the menu, select Configuration under the PC card heading. The card is automatically discovered and a configuration menu is displayed. 3. Click Configure the detected card. 4. Edit any appropriate parameters and click Save & apply.
Available options for system status an port logs Chapter 4 System Status and Port Logging This chapter describes the system status and port logs available for the Digi Passport.
System Status & Log System Status & Log For basic system information, click System status & log. System status information includes: System Information • Model No.: Identification of Digi device. • • • • • • • Serial No.: Serial number of product. F/W Rev.: Revision number of firmware. B/L Ver.: Bootloader version. MAC address: MAC address of Digi device. Uptime: Amount of time since last reboot. Current time: Time based on time set for Digi device.
Enable Log Storage Location Enable Log Storage Location Enable NFS Server Log data can be saved to an NFS server, but the NFS server must be configured with read and write privileges. To use an NFS server, specify the NFS server’s IP address and its mounting path. Encrypted NFS is using a SSH connection to tunnel all data. To enable the NFS server for port or system logging, do the following: 1. Enter the IP address of the Digi Passport unit in the address bar of a web browser to access the web interface.
Enable Log Storage Location 3. Set or change the NFS Configuration parameters as needed: • NFS service: Enabled or disabled. • Primary NFS server name: IP address of NFS server or DNS name. • Mounting path on primary NFS server: Directory to primary NFS server. • Primary NFS timeout: Interval in seconds before timeout (5-3600). • Primary NFS mount retrying interval: Interval in second between attempts to connect (5-3600).
Enable Log Storage Location Set Up Alert for NFS Server Disconnect When the NFS server disconnects, an alert in the form of an email message and/or an SNMP trap can be sent. To configure an alert, follow these steps. 1. On the NFS Configuration screen, at the Email alert configuration, select Enable. 2. Enter the Title of email and the Recipient's email address. 3. For an SNMP trap configuration, select Enable NFS disconnection trap. 4.
Enable Log Storage Location Enable Syslog Server To enable the Digi Passport unit for system or port logging on a syslog server: 1. Enter the IP address of the Digi Passport unit in the address bar of a web browser to access the web interface. 2. Under the Systems status & log heading, click SYSLOG-NG Configuration. 3. Enter the IP address of the primary and secondary (if applicable) syslog server, and select the syslog facility from the pulldown menu. 4. Click Save & apply.
Enable Log Storage Location Enable a Compact-flash Card The compact-flash card must be installed and configured on the Digi Passport unit before it can be used for system logging or storing the Digi Passport unit’s configuration information. When storing log files to an external flash card, the size of the available storage is dependent on both the size of the card and the port count of the Digi Passport unit used. The maximum settings for log file sizes are listed in the following table.
Enable Log Storage Location File Size and Memory Use for System and Port Logs The Digi Passport unit’s memory is already enabled for port logging. It only needs to be configured to accommodate the system and port log files. When storing log files to the Digi Passport unit’s local memory, a total of 3.5M is available. The amount of memory per serial port is dependent on the port count of the Digi Passport unit used. The log file sizes shown in the following table are maximum settings.
Configure System Logging Configure System Logging To configure the Digi Passport unit for system logging: 1. Enter the IP address of the Digi Passport unit in the address bar of a web browser to access the web interface. 2. Select System status & log > System logging. The system logging settings are displayed: 3. Enter system log settings: • System log storage location: Select the desired location for the system log. The choices depend on what is enabled and/or installed.
View System Logs View System Logs The system logs can be viewed from the web interface on the System logging page or from the location where they have been saved. The following table lists the file locations of the system logs.
Configure Port Logging Configure Port Logging If a serial port is configured for console server mode, the port logging feature can be enabled. Port logging saves serial data to the memory of the Digi Passport unit, a compact-flash card, a syslog server, or an NFS server. If the memory is used for port logging, all data is cleared when the system’s power is turned off. Alarm keywords can be defined for each serial port, for sending email alerts or SNMP traps to enable unattended serial data monitoring.
Configure Port Logging • Logging direction: Specifies what should be logged. Server: Server output only. User: User output only. Both Server and User with/without arrows: Server and user output with/without directional arrows. Default is Server output. Security note: During logging, user output passwords are saved into the log file. • Port log to SYSLOG server: Enable to store port logs to a SYSLOG server.
View Port Logs View Port Logs Port logs can be viewed from the web interface on the Port logging page or from the location where they have been saved. The following table lists the file locations of the system logs.
Configure Ports Chapter 5 This chapter shows how to configure serial ports, both physical serial ports and remote ports, which are any type of ports that can be accessed using Telnet, SSH, or Raw TCP protocol, including support for the ALOM, ILOM, iLO, IPMI, DRAC, and SMASH protocols. It presents a quick-start method for configuring all serial ports quickly. It then reviews basic and advanced serial port settings, which can be modified from the factory default settings as needed.
Configure Physical Serial Ports Configure Physical Serial Ports There are several ways to configure physical serial ports: • Using a quick-start procedure that applies a set of configuration settings to all serial ports, and configures the Automatic Device Recognition (ADR) feature, shown on page 62. • Setting basic configuration settings for individual serial ports. See "Basic Port Configuration Settings" on page 68. • Setting advanced configuration settings for selected serial ports as needed.
Configure Physical Serial Ports Quick-Start Procedure Configure Ports with Automatic Device Recognition (Optional) This procedure is the fastest way to configure Automatic Device Recognition (ADR) for physical serial ports. It results in ports being configured identically, starting from and retaining factory defaults for most settings, and adjusting the most common parameters to fit the requirements of typical installations.
Configure Physical Serial Ports 2. Before connecting any serial devices to the Digi Passport unit, configure the automatic detection feature. Automatic detection allows the Digi Passport unit to automatically detect and recognize attached devices. The Digi Passport unit sends a set of automatic detection criteria, including sets of serial parameters and a probe string (default is < Enter >), and analyzes the response. On the Configuration page, click Port automatic detection configuration.
Configure Physical Serial Ports Apply All Ports Settings As another aid in configuring serial ports, the Digi Passport unit supports managing all ports simultaneously. This feature is referred to as Apply all ports settings. If configuration changes are made to a port and Apply all ports settings is enabled, the changes are automatically applied to all ports. Ports can also be excluded from this Apply all ports settings feature.
Configure Physical Serial Ports 7. Click Save to flash and continue with other configurations, or click Save & apply.
Configure Physical Serial Ports About Basic and Advanced Serial Port Settings Besides using the quick-start procedure that applies to all serial ports, serial port settings can be modified from their factory defaults. The Digi Passport unit has two levels of serial port configuration settings: • Basic configuration: Basic serial port settings needed for all ports. • Advanced configuration: The complete set of serial port settings.
Configure Physical Serial Ports Recommended sequence for configuring port settings If using the Basic and Advanced configuration settings to configure serial ports, the sequence is: 1. In the Web interface for the the Digi Passport unit, go to Serial Port > Configuration. 2. Before connecting any serial devices to the Digi Passport unit, configure the Automatic Detection feature. On the Configuration page, click Port automatic detection configuration.
Configure Physical Serial Ports Basic Port Configuration Settings On the Ports configuration page (selected by serial port > Configuration), selecting any port number in the No. column displays the Basic configuration page.
Configure Physical Serial Ports The Basic configuration page sets the essential parameters required to access the device attached to the corresponding serial port, including: • Enabling or disabling the serial port • Enabling or disabling use of RealPort for the serial port • Host mode, or the mode of communication between serial devices and remote hosts • • • The listening TCP port, or network port Protocol Enabling or disabling Automatic Detection of devices for the specific port • Port title • Serial po
Configure Physical Serial Ports RealPort Support The Digi-supplied RealPort driver provides a logical connection from a host computer to the physical serial port on the Digi Passport, regardless of where it is located on the network. The software is installed directly on the host and allows applications to talk to devices across a network as though the devices were directly attached to the host, while actually the devices are connected to a Digi device server or terminal server somewhere on the network.
Configure Physical Serial Ports Host Mode Configuration The Digi Passport unit provides several modes of communication between serial devices and remote hosts: Console server, terminal server, dial-in modem, dial-in terminal server, and Point-to-Point Protocol (PPP) mode. On the Basic configuration page, for the Host mode setting, select from a set of predefined modes of communication between serial devices and remote hosts.
Configure Physical Serial Ports Terminal Server Mode In terminal server mode, the Digi Passport unit’s serial port is configured to wait for data from the device connected to the port. If data is detected, the Digi Passport unit starts a TCP session as a Telnet or SSH client to a predefined server. The server must be defined before the port can be configured for a Telnet or SSH client. This mode is used to access servers on the network from a serial terminal.
Configure Physical Serial Ports Dial-In Modem Mode In dial-in modem mode, the Digi Passport unit assumes an external modem is attached to the serial port and is waiting for a dial-in connection from a remote site. When a user dials in using a terminal application, the Digi Passport unit accepts the connection and displays the appropriate prompt or menu.
Configure Physical Serial Ports Dial-In Terminal Server Mode Dial-in terminal server mode is a combination of terminal server mode and dial-in modem mode. In this mode, the Digi Passport unit assumes the serial port is connected to an external modem and is waiting for a dial-in connection from a remote site. When dialing in using terminal applications, the Digi Passport unit accepts the connection as a Telnet or SSH client to a pre-defined server.
Configure Physical Serial Ports PPP Mode PPP (Point to Point Protocol) host mode configures the Digi Passport unit to support dial-in PPP connections to it. Listening TCP Port The listening TCP port is the TCP network port specified when connecting directly to the port using Telnet or SSH.
Configure Physical Serial Ports Protocol setting The Protocol setting configures the communication protocol used over the serial port. There are three protocol options: RawTCP, SSH, and Telnet. • Select SSH when logging in from an SSH client program to access a port. • Select RawTCP when connecting directly to a TCP socket. • Select Telnet when logging in from a Telnet client program and accessing the ports. To select the correct protocol, use the Host mode configuration page in the web interface.
Configure Physical Serial Ports Configure Automatic Detection Automatic detection and its role in Automatic Device Recognition The Automatic Device Recognition feature allows the Digi Passport unit to automatically detect and recognize attached devices and the serial parameters for the devices. The port configuration settings for automatic detection are used to determine the baud rate and other serial characteristics for the serial port, based on a user-defined list.
Configure Physical Serial Ports Automatic detection state: Off, Active, Passive The automatic detection state for all or individual ports can be set to one of three states: Off, Active, or Passive. The automatic detection state is set by the Basic serial port configuration setting Automatic detection: The three automatic detection states have these effects: • Off: Automatic detection is not on. The Digi Passport will not attempt to determine what is attached to the serial port.
Configure Physical Serial Ports Port logging and passive automatic detection In Passive automatic detection, the Port logging option setting for the port or ports is enabled automatically, because passive automatic detection is done through the port log file. For the port logging feature to create and log to the proper port log file, ensure that the serial port parameters are set correctly.
Configure Physical Serial Ports Automatic detection rules Automatic detection rules control how automatic detection is performed on serial ports, such as how long to wait before performing the original probe, how long to wait until the next probe, whether to start the probe at a particular time, and whether to use any detected values such as port title and serial port parameters. Automatic detection rules can be applied to all or selected serial ports, and there are default rules.
Configure Physical Serial Ports When automatic detection for connected devices begins In factory default mode, if automatic detection is set to Active, the Digi Passport unit waits 5 minutes (the Initial delay setting), then probes the ports for which automatic detection is enabled using the specified port automatic detection list. After that, it waits an interval before performing the next probe.
Configure Physical Serial Ports Configure automatic detection 1. Add the appropriate Port automatic detection list by navigating to Serial port > Port automatic detection configuration > Port automatic detection list. By factory default, there are no Port automatic detection lists defined as shown below: 2. Add as many sets of serial parameters to the port automatic detection list as needed, including baud rate, data bit, parity bit, stop bit, probe string, and wait time.
Configure Physical Serial Ports 3. Set the Automatic Detection state (Off, Active, or Passive) for all or selected ports. In the serial ports view (Serial Port > Configuration), click All or port number. Change the Automatic Detection setting from Off to Active. There are several other automatic detection parameters on the page.
Configure Physical Serial Ports 5. Start automatic detection on one or all ports. • If the Device detection method was set to Active, automatic detection is performed with the output messages of device. The Digi Passport unit performs serial parameter detection using the settings in the port automatic detection list. • If the Device detection method was set to Passive, automatic detection is performed using the port log. Important: Passive detection first detects parameters using the port log.
Configure Physical Serial Ports freeKVM Configuration freeKVM configuration is a link to the settings for configuring the freeKVM feature. See "Configure and Use freeKVM" on page 168 for more information. Authentication Authentication is a link to the settings for configuring any user authentication desired or required for users accessing ports. See "Configure Authentication Methods for Port Access" on page 151 for more information.
Configure Physical Serial Ports Port Access Menu Configuration The Port Access Menu provides a menu-driven command-line interface for Digi Passport users to access equipment through a standardized interface without using the Web interface. It is one of several alternative mechanisms available. Other alternatives include custom menus and direct access to the port via IP address or socket number. For more details about custom menus, see "Custom and Default Menus" on page 157.
Configure Physical Serial Ports Port Group Configuration: Applying Commands to Multiple Ports As a convenience feature, port groups can be created to apply commands to multiple ports. Instead of issuing commands to individual serial ports, the commands can be sent to all ports in a group simultaneously through the port escape menu. This can be useful for example when performing a mass upgrade or emergency mass shutdown to multiple systems.
Configure Physical Serial Ports Create a port group To create a port group: 1. On the serial port Configuration page, click the Port group configuration link. The Port group configuration settings are displayed. 2. In the Group name field, enter a name for the port group. 3. For the Login on each port setting, select whether a login should be performed on each port in the group.
Configure Physical Serial Ports 6. A list of serial ports is displayed. Select the serial ports to add to the port group. If Login on each port is enabled, then a login will be performed for all selected ports.
Configure Physical Serial Ports 7. After port groups are defined, ports can be assigned to groups on the Port management page. Click the Port management link. In the Group setting, select the appropriate group from the pull-down menu.
Configure Physical Serial Ports Manage port groups from the Port Menu Once a port group is created and ports added to it, the Port Escape Menu displays an additional command, g. (See "Port Escape Menu" on page 23 for more details on accessing and using the Port Escape Menu.
Configure Physical Serial Ports Advanced Port Configuration Settings To display and configure more detailed serial port settings, click the Advanced configuration link.
Configure Physical Serial Ports Advanced Automatic Detection Settings The advanced automatic detection settings allow configuring the rules and execution of the automatic detection feature in more detail than on the Basic settings. Note: If any settings on this page are changed from their default values for Active or Passive automatic detection, the next time you navigate to the Basic configuration page, the Automatic detection setting will have changed to Custom.
Configure Physical Serial Ports • Use detected freeKVM: If enabled, the Digi Passport unit detects the IP address of the server connected to the serial port automatically and sets parameters related with freeKVM configuration, such as the IP address and client program. If the connected console is MS SAC, the IP address is detected through the MS SAC console directly. If the connected console is not MS SAC, the IP address is detected through the DNS server using the detected hostname. The default is Enable.
Configure Physical Serial Ports Chapter 5 Configure Ports 95
Configure Physical Serial Ports Including special characters in probe strings To include special characters in the probe string, such as carriage returns, line feeds, and escape characters, specify them as hexadecimal values.
Configure Physical Serial Ports Advanced Host Mode Settings Advanced Host mode configuration settings allow for viewing and modifying the configuration settings that define the communication between serial devices and remote hosts in use with the Digi Passport unit in more detail than the Basic configuration settings. Advanced host mode configuration settings include: • Host mode: Console server mode, terminal server mode, dial-in modem mode, and dial-in terminal server mode.
Configure Physical Serial Ports freeKVM Configuration freeKVM configuration is a link to the settings for configuring the freeKVM feature. See "Configure and Use freeKVM" on page 168 for more information. Advanced Serial Port Parameters Serial port parameters is a link to the serial parameters for a port. When attaching a serial device to the Digi Passport unit’s serial port, the serial port parameters must match. The serial ports by default are enabled, allowing full access to the port.
Configure Physical Serial Ports Special Use of Serial Port when Data is Processed in Chunks Some applications are written to process only chunks of data rather than continuous streams of data. The Digi Passport unit supports chunking, or holding back data from the serial device to the application on the network until it detects a delimiter - at which point it sends the data to the application. To configure a port for this mode: 1. Open a web connection to the Digi Passport unit. 2.
Configure Physical Serial Ports Remote port parameters If remote ports are defined and a remote port is selected, Remote port parameters is a link to the settings for configuring remote ports. See "Configure Remote Ports" on page 102 for descriptions of these settings. Port Logging Port logging is a link to the settings for configuring writing of port event data to a log file. See "Configure Port Logging" on page 57.
Reset Ports Reset Ports The Digi Passport unit allows restarting all processes associated with a port and to disconnect all sessions. To reset an individual port: 1. Click Serial port > Configuration > port number. 2. For Reset this port, click Reset. Reset Individual Port Settings Individual ports can be reverted to factory defaults. 1. Click Serial port > Configuration > Port number. 2. Click Set this port as factory default: Set.
Configure Remote Ports Configure Remote Ports The Digi Passport unit supports RemotePorts™. RemotePorts are any type of port that can be accessed using Telnet, SSH, or Raw TCP protocols, or through service processors (for detailed information on configuring service processors, see "Service Processors" on page 120). This type of remote-port access includes connections to Digi PortServer Terminal Servers, Sun ALOM ports, and iLo, DRAC, and IPMI management ports.
Configure Remote Ports Add and Configure a Remote Port To configure a remote port: 1. Access the Digi Passport unit’s web interface 2. Under the Serial Port heading, click Configuration. 3. On the Ports configuration page, go to the Port title and Listening TCP port settings at the bottom of the page, as shown below. Enter the Port title and the Listening TCP port to use, and click Add.
Configure Remote Ports 4. The serial port Basic configuration page is displayed, with several additional parameters for configuring remote ports. Enter the remote port settings: • Remote port destination IP: The IP address of the remote device. • Remote port destination port (0-65535): The port number on the remote device. • Remote port protocol: The communications protocol used to communicate with the remote device: Telnet, SSH, or RawTCP.
Configure Remote Ports The remote port will now be displayed in the list of ports on the Ports configuration page, under the heading Remote port configuration. For example: Advanced Remote Port Parameters When remote ports are defined and selected, the Advanced port configuration settings has a link, Remote port parameters. Parameters include: • Destination IP address: The IP address of the remote device. • Destination port (0-65535): The port number on the remote device.
Configure Remote Ports Access a Remote Port To connect to a remote port using the web, Telnet or SSH client, use the port access menu or a custom menu to simplify navigation. • Web Access: Click Serial ports > Connection > port number. Remote ports are sorted below the physical serial ports as the next available port number. • Telnet to the IP and the port number. The specific port number is defined on the ’Host mode configuration’ page. For example: telnet 143.191.3.
About Alerts and Notifications Alerts and Notifications Chapter 6 About Alerts and Notifications The Digi Passport unit can be configured for system alerts and notifications. It sends email messages when the number of system log messages reaches a certain value or when an alarm message is detected in the serial port data. The Digi Passport unit uses SMTP (Simple Mail Transfer Protocol) for sending the notifications.
Configure SMTP Alerts Configure SMTP Alerts Most SMTP servers check the sender’s email address with the host domain name to verify the address as authentic. Consequently, when assigning an email address for the device email address, any arbitrary username with the registered hostname may be used. An example is username@company.com. To configure SMTP alerts on the Digi Passport unit, do the following: 1.
Supported SNMP Traps Supported SNMP Traps The Digi Passport unit supports SNMP authentication, power on, and link up traps. Applications such as an NMS (Network Management System) or an SNMP browser can exchange information with the Digi Passport unit and control actions to the unit. The protocol functions defined for SNMP includes GET, SET, GET-Next, GET-Bulk, and TRAP. Below are the definitions of the protocol functions found in SNMP.
Setting Additional Traps at the Port Level Setting Additional Traps at the Port Level Additional traps can be set at the port level. The table shows where the trap is located in the serial port configuration settings in the web interface (in Serial port > Configuration), the trap name, and the trap functions. Trap Location Trap Name Function Port access menu Port login trap Notify about any login action to the port access menu (succeed and fail).
Configure SNMP v1 or v2 Configure SNMP v1 or v2 To configure the Digi Passport unit for SNMP do the following: 1. Access the Digi Passport unit’s web interface. 2. Select Network > SNMP configuration. 3. In the MIB-II system objects section, enter MIB-II information as needed and enable authentication traps by selecting Yes under EnableAuthenTrap. Enable other SNMP traps as needed.
Configure SNMP v1 or v2 5. Enter Trap receiver settings. • IP Address: The IP address of the device receiving the trap alerts. • Community: The options are public or private; this value must match the string used in the SNMP software. • Version: The SNMP version, either version 1 or version 2c. 6. Click Save & apply.
Manage SNMP configuration Manage SNMP configuration The Digi Passport unit’s SNMP configuration can be managed using an NMS or SNMP browser. However, before the NMS or SNMP browser can access the data, the Access control settings must list the IP address of the host from which the browser is executed. See the preceding graphic for details. SNMPv3 Configuration SNMPv3 allows for authentication and encryption thus making it more secure than SNMPv1 or SNMPv2.
Manage SNMP configuration 3. Select 1. The Access control settings (SNMP V3) - 1 page is displayed: Enter settings: • User name: enter the user name that has been set up for SNMPv3 access in the SNMP browser software. • Security level: This setting should match the security level that is configured in the SNMPv3 software. • Authentication protocol: This setting should match the security level that is configured in the SNMPv3 software.
Manage SNMP configuration 4. Open the main SNMP configuration page again. It should look something like this. 5. Configure the Trap receiver settings. From the list, select number 1. The trap receiver settings are displayed.
Manage SNMP configuration 6. Select the Trap receiver enable/disable checkbox, then select v3 from the Version menu. The Trap receiver settings -1 page is displayed: Enter settings: • IP address: Enter the IP address of the Trap receiver. • User name: Fill in the User name; this value is the same user from the SNMPv3 software. • Select the Security level. Additional security level settings are displayed, shown below.
Configure Port Event Handling Configure Port Event Handling Once an SMTP or SNMP server has been configured, it can be used to send port-related alerts and notifications. To configure a port for port event handling, follow these steps. This procedure assumes that SMTP is configured first. If not, see "Configure SMTP Alerts" on page 108. 1. Enter the IP address of the Digi Passport unit in the address bar of a web browser to access the web interface. 2. Select Serial port > Configuration. 3.
Configure Port Event Handling 7. Select Port event handling. The port event handling settings are displayed. • • • Select an action and enter the keyword for the port event handling. The keyword is any text string that will trigger an alert when it traverses the serial port. Enable Email notification. Enter the title of the Email (subject line). • • • • • Enable or Disable Case sensitive. Enter the Email recipient’s address. Enable SNMP trap notification. Enter the title of the trap.
Configure Alerts for Automatic Device Recognition (ADR) Configure Alerts for Automatic Device Recognition (ADR) Before configuring the alerts for Automatic Device Recognition (ADR), make sure the sure the port for ADR has been configured, as described in "Configure Automatic Detection" on page 77. 1. Enter the IP address of the Digi Passport unit in the address bar of a web browser to access the web interface. 2. Under the Serial Port heading, Click Configuration. 3.
Configuring a Service Processor Service Processors Chapter 7 Digi Passport provides support for various service processors, such as Intelligent Platform Management Interface (IPMI), Integrated Lights Out (iLO), Systems Management Architecture for Server Hardware Command Line Protocol (SMASH CLP), and Dell Remote Access Controller (DRAC). Service processors are configured through the remote port. This chapter describes configuring and using service processors.
Configuring a Service Processor 2. On the Host mode configuration page, use the Service processor setting to select the service processor. Available options are NONE, IPMI, iLO, and DRAC.
Intelligent Platform Management Interface (IPMI) Intelligent Platform Management Interface (IPMI) Intelligent Platform Management Interface (IPMI) is a specification for the equipment that monitors the physical environment and condition of a computer hardware server. The specification is intended to cover the regulation of temperature, voltage and power, and to ensure the proper operation of the firmware. IPMI works with hardware servers regardless of the operating platform or other software they may run.
Intelligent Platform Management Interface (IPMI) 3. Select Remote port parameters from the main configuration page. The remote port settings are displayed. • Destination IP: The address of the server to monitor. Generally, this is the address assigned to the BMC (Baseboard Management Controller). • Destination port. Normally, 623 is the port used for IPMI, but this may vary on individual servers. • Protocol: Select the protocol. RMCP+ is the protocol used for SOL. • OEM type: Set to None in most cases.
Intelligent Platform Management Interface (IPMI) 4. From the main configuration page, select IPMI Configuration. The IPMI configuration settings are displayed. • • • • • Chapter 7 Destination IP: The address of the server to monitor. Generally, this is the address assigned to the BMC (Baseboard Management Controller). For a remote port, this value is supplied from the “Remote port parameters”. Destination port: normally, 623 is the port used for IPMI, but this value may vary on individual servers.
Intelligent Platform Management Interface (IPMI) Connect to a Server via IPMI 1. To connect to a server via the IPMI GUI, select the serial port connection page. 2. Select the serial port configured for IPMI. This menu is displayed: 3. Select IPMI GUI Access. This connect to the server via IPMI. This page is displayed: 4. From this page, select the BMC statistics to monitor, power-cycle the server, or make an SOL connection to the server’s console port.
Intelligent Platform Management Interface (IPMI) 5. Select the information to monitor from the pulldown menu. For example, if BMC hardware information is selected, this page is displayed. The information displayed varies between server manufacturers.
Intelligent Platform Management Interface (IPMI) 6. To make an SOL connection to the servers console port, click the Connect button. The resulting window is displayed. The example shown below is a console connection to a Windows 2003 servers SAC port.
SMASH CLP SMASH CLP Systems Management Architecture for Server Hardware Command Line Protocol (SMASH CLP) is a command/response specification transmitted and received over a text message-based transport protocol. It was developed and released by DMTF (Distributed Management Task Force). SMASH CLP addresses the end user requirement for a common command line syntax, allowing systems offered by different vendors to be managed in similar ways. Digi Passport supports SMASH CLP for iLO2 and DRAC5.
Integrated Lights Out (iLO, iLO2) Configure iLO and SMASH CLP on a Remote Port To configure iLO including SOL (Serial Over LAN) and SMASH CLP on a remote port, follow these steps. 1. In the Web interface, select Serial port configuration and select the port to configure for iLO. 2. From the menu, select Advanced configuration. 3. In the next screen displayed, select Host mode configuration. 4. From the pulldown menu for Service processor, select iLO. Click Save to flash. 5. Click Remote port parameters.
Integrated Lights Out (iLO, iLO2) Enter the remote port parameters as follows: • Destination IP: The IP address of the server to monitor. Generally, this is the IP address assigned to the iLO management channel. • Destination port: Normally 22 for SSH or 23 for Telnet; the actual port may vary on individual servers. • Protocol: The Protocol to be used on the port normally this would be SSH, but Telnet or RawTCP can be used if it is enabled on the server. • SMASH: Select to Enable or Disable.
Integrated Lights Out (iLO, iLO2) 6. The Service processor configuration settings are displayed at the bottom of the Serial port configuration page. Select Service processor configuration. The Service processor configuration settings are displayed. Enter the Service processor configuration settings: • Destination IP address: This is the IP of the iLO server. • Destination port: The port used for HTTPS on the iLO server, normally 443. • User name: This is a user configured on the server with access to iLO.
Integrated Lights Out (iLO, iLO2) Access iLO Port or SMASH-CLP Support After finishing configurations for iLO and SMASH-CLP, access iLO port or SMASH-CLP support from the Serial port > Connection page. When iLO and SMASH are configured, four connection icons are displayed on the Serial port connection page, as shown: Serial Terminal Connection is for direct access to the iLO service process. View Port log is for checking logs for the connection made from the Passport.
Integrated Lights Out (iLO, iLO2) iLO GUI Access is for connecting to a SAC-like iLO user interface page, as shown below. SMASH GUI Access accesses the SMASH-CLP user interface, as shown below.
Integrated Lights Out (iLO, iLO2) Under Targets, click the links to move to the corresponding target path. SMASH-CLP shows sub targets and properties. Any commands that can be executed on the corresponding target path, such as Start, Stop and Reset, are displayed. To move to the root path, click the leftmost / on Current Default Target Path, as shown.
Integrated Lights Out (iLO, iLO2) If the target path has properties that can be set, the SMASH-CLP user interface displays an edit box for changing properties; for example: Chapter 7 Service Processors 135
Dell Remote Access Controller (DRAC) Dell Remote Access Controller (DRAC) Dell Remote Access Controller (DRAC) is a specification for the equipment that monitors the physical environment and condition of Dell servers. The specification is intended to cover the regulation of temperature, voltage and power, and to ensure the proper operation of the firmware. DRAC works with hardware servers regardless of the operating platform or other software they may run.
Dell Remote Access Controller (DRAC) 6. Select Remote port parameters. Enter the remote port parameters: • Destination IP address: The address of the server to monitor. Generally this will be the address assigned to the DRAC management channel. • Destination port: normally 22 for SSH or 23 for Telnet, but these may vary on individual servers. • Protocol: The protocol to be used on the port. Normally, the protocol is SSH, but Telnet or RawTCP can be used if enabled on the server.
Dell Remote Access Controller (DRAC) After DRAC is configured, to access the DRAC port, select Serial port > Connection. If DRAC and SMASH are configured, four connection icons are shown, as in the example below. Serial Terminal Connection is for direct access to the DRAC service process. View Port Log displays logs for the connection made from the Digi Passport unit.
Dell Remote Access Controller (DRAC) DRAC GUI Access is for connecting to a SAC-like DRAC user interface page as shown in the example screens.
Dell Remote Access Controller (DRAC) SMASH GUI Access opens the SMASH-CLP user interface, as shown in the example. Under Targets, click the links to move to the corresponding target path, and SMASH-CLP shows sub targets and properties. Any commands that can be executed on the corresponding target path, such as Start, Stop and Reset, are displayed. To move to the root path, click the leftmost / on Current Default Target Path as shown.
Methods for Controlling User Access f Chapter 8 U s e r s , S e c u r i t y, a n d A u t h e n t i c a t i o n Methods for Controlling User Access The Digi Passport unit provides four methods for controlling access to the network and the devices on the network: • Restricting or permitting IP filtering This method allows or prevents users with specific IP addresses from accessing devices or serial ports on the network. IP filtering can be permitted or restricted for all ports globally or per port.
Configure User Access Control Configure User Access Control Another method for controlling access to the serial ports on the Digi Passport unit is the User Access Control configuration. User access control can be set up either globally (using the All Ports option) or per port. It is not necessary to have users added to the system to assign rights. However, for the permissions or restrictions to be enforced, the username must match exactly.
Configure User Access Control A strategy for assigning rights to a port can include: • Allowing <> access to a port and then restricting access to certain users -or• Specifying each individual user and their specific rights to a port • Adding a user to an established group (Access list) with preconfigured rights to a port. Selecting <>, means that all users, whether they are configured locally or are using a remote authentication (such as LDAP or Kerberos), have access to this port.
Configure User Access Control Configure User Access Privileges 1. Select Serial Port Configuration > All Ports or Serial Port Configuration > port number. 2. Click User access mode. 3. Enter the users and their privileges, and click Add user. Restrict a User’s Privileges To restrict user access: 1. Select Port configuration > User access control. 2. Enter privileges for <>. 3. Enter restricted user’s name. In this example, it is ronk. 4. Enter the privileges for the user.
Configure User Access Control Change the Privileges of an Access List 1. On the same screen shown in the previous procedure, select an access list from the pulldown box. 2. Click Add access, then click Save & apply. When the access list is added, it will include users Paul and Tim. In this screen, the sun-users Access group has access to Port, Monitor, and Power, while any other users (<>) do not have access.
Configure User Access Control Sniff Session A sniff session enables multiple users to access a single serial port for viewing the data stream. Anyone who is registered for a sniff session can access a specific serial port — even if someone else is using the port. The Digi Passport unit supports multiple concurrent sniff sessions.
Configure User Access Control Sniff session settings include: • Enable/Disable sniff mode: • Disabled: No one can enter a sniff session after the first user logs on.
Security Profile Security Profile The Security Profile tab, available under System Administration > Security Profile, provides a centralized access for enforcing siteappropriate, minimum security parameters on the Passport. These are the available control mechanisms: • System Security • Password Security (Force heightened) System Security Settings System security settings include: • SNMP: The Digi Passport unit allows using Get and Set commands for easy remote configuration and monitoring.
Security Profile Password Security Settings To enhance password security, use these settings: • Minimum password length: Allows passwords that are 3 to 255 characters long; also allows spaces in passwords. • Maximum password age: Specified in days. To disable this setting, enter 0. • Enforce password complexity: Prevents including all or part of a user’s account name. Passwords must be at least eight characters long, or exceed Minimum password length if larger.
Authentication Authentication The Digi Passport unit supports multiple methods of user authentication, including local, TACACS+, RADIUS, RADIUS Down-Local, LDAP, Kerberos, and Custom PAM. The authentication protocol depends on the environment. 4. Access granted Server 1. Connection request 2. Query User ID PC 3.
Configure Authentication Methods for Port Access Configure Authentication Methods for Port Access Authentication can be performed either through a single authentication method, such as RADIUS, or an authentication method where a Local authentication service is used in addition to the RADIUS, LDAP, TACACS+ server, or Kerberos. These options are listed when configuring the Digi Passport unit for authentication. To configure the Digi Passport unit for authentication: 1.
Configure Authentication for the Web Server Configure Authentication for the Web Server 1. Enter the IP address of the Digi Passport unit in the address bar of a web browser to access the web interface. 2. Select Network > Web server configuration. The Web server configuration settings are displayed: 3.
Configure Authentication for the CLI Configure Authentication for the CLI The CLI configuration is for specifying the authentication method and shell when accessing the Passport directly. Available options: • Authentication method: Local, Radius, TACACS, LDAP, Kerberos • Timeout for CLI menu: Specify the idletimeout in minutes. • Use CLI auth for serial console access: Authentication method to be the same, or different, than the Passport console port.
Configure Authentication for the CLI LDAP Authentication The Digi Passport unit supports authenticating against an LDAP-based database, including LDAP systems running on Linux servers, and Microsoft systems running the Microsoft Active Directory with the LDAP gateway ADAM (Active Directory Application Mode). If the Digi Passport unit authenticates against an LDAP directory, all users must be configured in a single container.
Configure Authentication for the CLI Custom PAM Module The Digi Passport unit supports custom PAM modules for remote authentication. This allows creating a custom authentication schema or using any other third party PAM module. The module must be compiled for the Digi Passport unit’s environment. Digi offers an SDK for the Digi Passport family. To download the SDK, contact technical support at: support.wizards@digi.com 1. Place the custom PAM modules onto: /usr/2 on the Digi Passport unit. 2.
Configure Authentication for the CLI Configuration for a Samba Server On the Samba server Make a shared folder to use a Windows machine for a Samba server. For a Linux machine, run the smb service. On the Digi Passport 1. In the Web interface, go to Network > Samba configuration. 2. Set Samba configuration values as follows: • Samba service: Enable • Samba server name: IP address or Computer name of Samba server • Mounting path on Samba server: shared folder name (should be started with '/'. e.g.
Recommended Process for Implementing Custom Menus Custom and Default Menus Chapter 9 The Digi Passport unit has several default menus for easy configuration and access by different users. Depending on access privileges, the menus available are the Web Interface, Configuration Menu, and Port Access Menu. A Custom Menu feature for creating menus is also available through the web interface.
Add Users to the System Add Users to the System Before users can be assigned menus, the users must be added to the system. 1. Enter the IP address of the Digi Passport unit in the address bar of a web browser to access the web interface. 2. Select System administration > Users administration. Click the Add button. 3. Enter the User name and select the User group. For Shell program, select Custom menu. 4. Click Add to add the user. 5. Continue to add users as needed.
Create Menu Names Create Menu Names To name a custom menu, do the following: 1. Enter the IP address of the Digi Passport unit in the address bar of a web browser to access the web interface. 2. Select Custom Menu > Configuration. 3. Enter the Menu Name to assign and click the Add Menu button. The menu is added. 4. Click the hyperlink to the menu just created. 5. From the pulldown menu, select the method to Sort and Display items. 6. Click Save & apply. 7. Repeat as required to create additional menus.
Add Menu Items Add Menu Items 1. Select Custom Menu > Configuration >menu name link for the menu to configure. 2. Select Menu Items > Add Item. The Custom Menu Item Configuration settings are displayed. 3. Fill in the desired parameters: • Key: Assign any letter or number except a value already used by another menu item. • Label: Assign a label or name for the menu item. • Create new submenu: Assign a name for a new submenu that this menu item will be assigned or linked to.
Assign Users to a Menu Assign Users to a Menu 1. Enter the IP address of the Digi Passport unit in the address bar of a web browser to access the web interface. 2. Select Configuration > Custom Menu > Menu Users. A list of available users is displayed. 3. Select a menu for a user by selecting a menu from the pulldown Assigned Menu list. 4. Click Save & apply.
Default Menu: The Port Access Menu Default Menu: The Port Access Menu The port access menu is a flat (one level) menu showing all ports, port titles and the mode of each port. It provides an overview of all ports and initiating a connection to any of them. When connecting to a specific port, a prompt for the username and password us displayed.
Support for Microsoft Windows Server 2003 in Digi Passport Microsoft SAC Support Chapter 10 Support for Microsoft Windows Server 2003 in Digi Passport The Digi Passport unit provides a browser-based user interface to Microsoft’s text-based Special Administration Console (SAC), an integral part of Windows Server 2003 Emergency Management Services (EMS). Both the English and International versions of SAC are now supported.
Process for Setting Up Microsoft SAC Support Process for Setting Up Microsoft SAC Support Setup for the Digi Passport unit SAC support is a three-step process: 1. Set up the Windows Server 2003 for SAC support. To do this, ensure that the COM port used for console traffic is properly set up. This includes designating a COM port for console communication and setting the port speed (baud) appropriately. For further information please refer to Set Up the Windows Server 2003 Port below. 2.
Set Up the Windows Server 2003 Port Set Up the Windows Server 2003 Port 1. Sign on to the Windows Server 2003 as the administrator. 2. Access the command line. 3. Use the bootcfg command to redirect console traffic to the correct COM port. The following is the command syntax and an example. See the Microsoft documentation for additional information on the SAC feature. Command Syntax bootcfg /ems on /port com# /id # /baud 115200 where: • com# is the COM port to which console traffic will be redirected.
Set Up the Digi Passport Unit for SAC Support Set Up the Digi Passport Unit for SAC Support To set up a serial port to provide access to the Windows Server 2003 console port, do the following: 1. Enter the IP address of the Digi Passport unit in the address bar of a web browser to access the web interface. 2. Select Serial port > Configuration. 3. Select a port. 4. Select Host mode configuration. The Host mode configuration page is displayed. 5.
Access Windows Server 2003 Console Port from Digi Passport Unit’s GUI Access Windows Server 2003 Console Port from Digi Passport Unit’s GUI To access the Windows Server 2003 console port, do the following: 1. Enter the IP address of the Digi Passport unit in the address bar of a web browser to access the web interface. 2. Select Serial port > Connection. A screen similar to the following is displayed. 3. Click on the title of the port to which the Windows Server 2003 console port is connected.
About freeKVM Configure and Use freeKVM Chapter 11 About freeKVM The Digi Passport provides a method, called freeKVM, for gaining access to the graphical interface of a system using the network. Using freeKVM involves specifying a connection method and IP address to use to reach the system.
About freeKVM Example Configuration Here is an example of a Digi Passport managing a Linux SuSE 9.2 system, a Windows 2003 system, and an HPUX system. The rest of this chapter describes how to set up freeKVM with each of the supported methods and connect to a system through freeKVM.
Use freeKVM with Remote Desktop Protocol Use freeKVM with Remote Desktop Protocol This section describes how to configure freeKVM with Remote Desktop Protocol, and connect to a system through freeKVM using Remote Desktop Protocol. Configure freeKVM with Remote Desktop Protocol To set up freeKVM with Remote Desktop protocol, follow this procedure.
Use freeKVM with Remote Desktop Protocol 4. Click freeKVM configuration. This window is displayed: 5. For the freeKVM configuration setting, select Enable. From the Client program pulldown, select Windows remote desktop connection. 6. If not using IP automatic detection, enter the IP address. 7. Enter title for KVM connection. 8. Click Save & Apply. User permission for each freeKVM session can be specified separately Click No.
Use freeKVM with Remote Desktop Protocol Connect to a System through freeKVM using Remote Desktop Protocol When connecting through the Connection window, and a freeKVM connection is configured, these things are now displayed: • The terminal monitor button, which connects to the raw ASCII SAC console. • A mouse button (next to the monitor icon), which connects to the freeKVM graphical interface. • The manage button, which connects to the SAC GUI screen.
Use freeKVM with VNC Protocol Use freeKVM with VNC Protocol This section describes how to configure freeKVM with the VNC Protocol, and connect to a system through freeKVM using VNC. Configure freeKVM with VNC Protocol 1. Access the Digi Passport Web interface and log in. 2. Select Serial Port > Configuration. This window is displayed: 3. Double-click the port to configure.
Use freeKVM with VNC Protocol 4. Select the freeKVM tab. This window is displayed: 5. From the freeKVM connection pulldown list, select Enable. Then, from the Client program pulldown list, select the VNC Client program. 6. Adjust the VNC socket/screen number, if necessary. The default is 1. 7. Click Save & apply.
Use freeKVM with VNC Protocol Connect to a System through freeKVM using VNC When connecting through the Connection window, and a freeKVM connection is configured, these things are displayed: • The terminal monitor button, which connects to the serial console. • A mouse button (next to the monitor icon), which connects to the freeKVM graphical interface. To connect through freeKVM using VNC: 1. Click on the mouse button. 2. Click OK in each of the three Java confirmation request windows.
Use freeKVM with X Window System Protocol and XManager Software Use freeKVM with X Window System Protocol and XManager Software This section describes how to configure freeKVM with X Window System Protocol and XManager software and connect to a system with it. Configure freeKVM with X Window System Protocol 1. Access the Digi Passport Web interface and log in. 2. Select Serial Port > Configuration. This window is displayed. 3. Select the port to configure.
Use freeKVM with X Window System Protocol and XManager Software 4. Select freeKVM configuration. This window is displayed: 5. From the freeKVM connection pulldown list, select Enable. 6. From the Client program pulldown list, select the Xmanager program. 7. Click Save and Apply.
Web Redirection Connect to a system through freeKVM using Xmanager When connecting through the Connection window, and a freeKVM connection is configured, these things are displayed: • The terminal monitor button, which connects to the serial console. • A mouse button (next to the monitor icon), which connects to the freeKVM graphical interface. To connect through freeKVM using X Window System Protocol and XManager Software: 1. Click on the mouse icon. 2.
Installing Programs for freeKVM Installing Programs for freeKVM freeKVM relies on software installed on the client system to provide access to the target system. This section is for troubleshooting common issues that may come up when using freeKVM. Check software levels and install software as needed Some general software considerations: • Because the freeKVM is launched by a Java applet, Java must be installed on the Workstation and in a browser.
Installing Programs for freeKVM VNC Viewer Required Client Software Windows: • TightVNC from http://www.tightvnc.com/ • RealVNC software from http://www.realvnc.com/ • UltraVNC from http://www.ultravcn.com/ Linux: vncviewer from the VNC client software package for the distribution. Make sure that vncviewer is installed into a folder in the standard Windows or Linux/Unix path. On Windows systems, as a secondary option, copy file vncviewer.exe to the c:\windows directory.
About the Rackable Systems Management Card Chapter 12 Rackable® Systems Management Card About the Rackable Systems Management Card Rackable® Systems manufactures a management card that is built into some of their servers. This card interfaces between the Digi Passport unit and the server’s serial port. In normal mode, it allows transparent communication between the Digi Passport unit and the server.
Rackable Systems Management Card Configuration Rackable Systems Management Card Configuration To configure the serial port to provide access to the Rackable Systems Management console: 1. Access the Digi Passport unit’s web interface. 2. Select Serial Port > Configuration. 3. Select a port. 4. Select Host mode configuration. The Host mode configuration page is displayed. 5. Set the Host mode to Console server. 6. Set the Rackable Systems Mgmt Card support to Enable. 7. Click Save & apply.
Access Rackable Systems Management Card from Digi Passport GUI Access Rackable Systems Management Card from Digi Passport GUI 1. Access the Digi Passport unit’s web interface. 2. Select Serial Port > Connection. A screen similar to the following is displayed. 3. Click on the Rackable Server link. A screen similar to the following is displayed.
Access Rackable Systems Management Card from Digi Passport GUI 4. Use the Digi Passport unit’s user interface to perform Rackable Systems Management Card functions. Attributes of the user interface controls are shown below and described in the following table.
Access Rackable Systems Management Card from Digi Passport GUI Rackable Systems Management Card Properties and Controls Field Description Control: Power status The first column shows the current state. Three buttons are available to initiate an action to either, power on, power off or restart the server. Depending on the current status, Power on or Power off is disabled. Reboot Reboot the Rackable Server by sending a 500ms reset signal to the server.
Chapter 13 Configure Remote Dial-In Access The Digi Passport unit supports dial-in connections from remote sites for out-of-band access. In this configuration, the Digi Passport unit has serial ports configured for external modems and waits for dial-in connections from remote sites. When dialing in using a terminal application, the Digi Passport unit accepts the connection and displays a menu of available serials ports.
Configure for Dial-In Modem Access Configure for Dial-In Modem Access To configure a serial port for a dial-in modem, enter the values for these fields: Host mode, Modem init string, and Inactivity timeout. To access the Host mode configuration screen, do the following: 1. Enter the IP address of the Digi Passport unit in the address bar of a web browser to access the web interface. 2. Select Serial port > Configuration. 3.
Configure for Dial-In Modem Access • Modem test: To ensure the proper functionality of the modem, the Digi Passport unit has the ability to test the modem connection in a configurable interval. The modem test allows a phone number and an interval to be specified. After the system has booted, the interval has elapsed, and the modem is not in use, the specified dial number is called. The modem trains and receives a login prompt from the other side (normally another Digi Passport unit).
Configure for Dial-In Modem Access By e-mail based notification. The Alert configuration dialog of the port configuration, contains multiple settings: The title of the e-mail and the address can be configured. To configure e-mail notifications, a primary SMTP server must be configured under Network > SMTP configuration. By SNMP configuration It is also possible to receive notifications using SNMP traps.
Add a PC Modem Add a PC Modem A PC card slot is provided on the front panel of the Digi Passport unit. To install and configure the PC modem on the Digi Passport unit, do the following. 1. Insert the card into the PC slot located on the front of the device. 2. Enter the IP address of the Digi Passport unit in the address bar of a web browser to access the web interface. 3. From the menu, select PC card > Configuration. 4. Click Discover a new card.
Configure for Dial-In Terminal Server Access Configure for Dial-In Terminal Server Access The host mode Dial-In Terminal Server is similar to the host mode Terminal Server, but also allows configuring a modem init string. In this mode, an incoming modem connection is automatically connected to an IP address. To configure a serial port for a dial-in terminal server access, enter the values for these fields: Host mode, Destination IP, Base Port, Protocol, Inactivity timeout, and Modem init string.
About the Power Controller Feature Power Controller Chapter 14 About the Power Controller Feature The Power Controller feature allows administrators of the Digi Passport unit to use console management to control power functions. Power control consists of three basic functions: on, off, and reboot (power cycle). There are two typical scenarios when using a power controller.
Install Power Controller Install Power Controller To connect the Digi RPM power controller to the Digi Passport unit use the straight-thru cable provided with the Digi RPM unit. Plug one side into the “Console” port of the Digi RPM unit and the other into any port of the Digi Passport unit. If connecting multiple power controllers, set up all of them as described before proceeding. For details configuring the Digi RPM unit for cascading, see "Cascading Multiple Digi RPM Units" on page 202.
Configure Power Controller Configure Power Controller Only system administrators can add a power controller although authorized users may reconfigure outlets or serial ports. Configure the Serial Port Parameters to Match the Power Controller 1. Log in to the Digi Passport unit (username root, password dbps). 2. Click Serial port > Configuration. 3. Select the port number of the serial port to connect to the power controller. 4. Select the Serial port parameters.
Set Alarms and Thresholds Set Alarms and Thresholds The Power Controller can be set to issue an alert via E-mail notification or an SNMP trap when environmental conditions exceed specifications. 1. On the Power Controller Configuration page, click Alarms & thresholds. 2. Enter the appropriate parameters. Select the condition(s) for an alert and enter the information for the alert (E-mail or SNMP trap or select both).
Configure Outlets Configure Outlets To configure the power supplied to the device from the power controller, follow these steps. 1. Under Power controller, click Outlets. 2. Click the outlet number to configure. 3. Select the serial port number that controls the device connected to the Digi Passport unit (if any). If the port number has a title, it will appear. To add a title or change the existing title, go to Serial port > Configuration and select the port number to be changed.
Configure Outlets 6. Click Save & apply. This screen shows that serial port one on the Digi Passport unit is connected to a Sun Server that is supplied power from outlet 1 on the power controller. In this example, user tomw has access to the power outlets. 7. To select the parameters for the User Access Control, click the User Access link. Users can be granted permission to access an outlet or restrict access for specific users from an outlet.
User Access for Power Controller User Access for Power Controller The Digi Passport unit can be configured to allow all or specific users access to the power controller feature, as well as restricting specific users to the power controller feature. User Access is configured on an per-outlet basis. User Access to a serial device that is connected to the power controller in configured under Serial Port > Configuration > Port # > User Access.
User Access for Power Controller Configure to Restrict Specific Users To restrict specific users, select access for << Everyone>> and add the restricted user by deselecting his or her access. 1. Log in to the Digi Passport unit (username root, password dbps). 2. Select Power Controller > Configuration > Outlets > outlet number to configure. 3. Select the port to configure to the outlet. If it is a non-serial device select None. 4. Edit the outlet title.
User Access for Power Controller The screen shows that outlets 1 and 2 control power to the Sun Server configured on port 1 of the Digi Passport unit. Outlets 3 and 4 are not serial devices. User janl has been designated the specific user to control outlet # 3. User tomw does not have access to Outlet # 4.
Power Controller Management Power Controller Management The Power Controller Management option changes outlet settings and provides a quick update of the power controller status. 1. Under Power Control click Management. The Power controller management screen gives a quick view of all the power controllers and the current status of the connection. The Port # and Manufacturer fields are a link to the specific power controller statistic page, which displays information for the power controller.
Cascading Multiple Digi RPM Units Cascading Multiple Digi RPM Units The Digi RPM power controllers can be cascaded when used with the Digi Passport unit. The DIP switches on the front panel of the Digi RPM allow configuring unique identities (ID) to the Digi RPMs so they can be identified. In a cascaded environment each unit has to be configured to a unique ID.
Allowed IDs for Digi RPM Unit The figure shows all possible IDs that can be configured on the Digi RPM unit, and the switch settings to configure each ID.
Managing Digi RPM from the Command Line Managing Digi RPM from the Command Line The Digi RPM can be managed using ASCII commands. For information about these commands, see the Digi Knowledge Base article Quick reference to the RPM command line, at: http://www.digi.com/support/kbase/kbaseresultdetl.jsp?id=866 Third-Party Power Controllers In addition to the Digi RPM power controller, Digi supports several thirdparty power controllers, including controllers manufactured by ServerTech and BayTech.
Third-Party Power Controllers 3. Select New in Port menu list on the Add power controller page as shown below. This page below will open: 4. Set the number of cascaded units. 5. Fill in the listening port (for example 7049). This will be added as a remote port. 6. Fill in the destination IP address with the IP assigned to the ServerTech device.
Third-Party Power Controllers 7. Set the Protocol to SNMP. 8. Specify the destination port number. Normally, this number is 162. 9. Specify the Get and Set community strings (by default these are public and private). 10. Set the Remote version to v1 from the drop down list. 11. Select the Web protocol. 12. Click Add controller.
Third-Party Power Controllers Locally connected ServerTech power controller To install a locally connected ServerTech power controller, follow the steps listed. 1. Connect the serial port of the ServerTech device to one of the serial ports on the Passport using a standard Ethernet cable. 2. In the Web go to Power controller > Configuration. The page below will open. After adding the Power controller a page similar to the one below will be displayed. 3. Select ServerTech from the Manufacturer pull down. 4.
Third-Party Power Controllers The resulting page will open. 5. Set the number of cascaded units. 6. Set the web protocol. 7. Fill in the destination IP address. This is assigned to the ServerTech device. 8. Press Add controller. After adding the Power controller a page similar to the one below will be displayed.
Third-Party Power Controllers 9. To configure the outlets on the controller, select a power controller from the installed Power controllers and a new page will be displayed, similar to the one shown below. 10. From this page select the Outlets link and a new page will be displayed, where you can configure the outlets. Select an outlet to configure.
Third-Party Power Controllers 11. A page and similar to the following is displayed. From this page you can link the outlet to a serial port, give the outlet a name and assign user access rights. 12. When you are finished configuring the outlet. select Save & apply.
Third-Party Power Controllers Power groups Power groups are groups of outlets that can be controlled at the same time. To configure a power group: 1. In the Web UI, go to Power controller > Power group and the page below will be displayed. 2. Enter a name for the new group and click Add. This page is displayed. 3. To add outlets to the newly created group, select the number next to the group name. This page is displayed. 4. 5. 6. 7. Select the power controller from the drop down list.
Third-Party Power Controllers 8. Repeat steps until all outlets for this group are added. 9. Click Save & apply. A page similar to the one below is displayed.
Third-Party Power Controllers Outlet management To manage the outlets on the power controller: 1. In the Web UI, go to Power controller > Manage and the page below will be displayed. 2. From this page, you can select power controller from the list or select the Power outlet management link. • Selecting the Power controller https/http link from the list will result in opening the Web UI for the ServerTech device. This allows direct access to all the features on the ServerTech.
Third-Party Power Controllers 3.Selecting the Power outlet management link will result in a new page similar to the one shown below. From this page you can manage individual outlets or manage a group of outlets. Manage individual outlets 1. Select the outlets from the list. 2. Select Power on, Power off or Reboot. Manage a group of outlets 1. Select the power group from the drop down list. 2. Select Power on, Power off or Reboot.
Third-Party Power Controllers 6. Click Save & Apply. Connect to the port To connect to the port, choose Serial Port > Connection and choose the port number. You can either control the power through the web interface by clicking on the Power control button or through the serial console connection by clicking on the serial terminal connection and then using the port menu key.
Third-Party Power Controllers Power Control Screen: Serial Console Screen: Chapter 14 Power Controller 216
Third-Party Power Controllers After typing the port menu key: Type p to power device off or r to reboot device. The Hot Key by default is Ctrl-Z. This can be changed by going to Configuration > Serial Ports > {Port # or All} > Host mode configuration > {set the Port Escape Sequence} > Save & Apply. Note: This is also what is displayed when connecting directly to the port using ssh or telnet without going through the web interface.
Pinouts for Third-Party Power Controllers and Digi Passport Pinouts for Third-Party Power Controllers and Digi Passport Pinouts for supported power controllers and the Digi Passport follow. An Ethernet cable can be used to connect the ServerTech Sentry Power Controller to the the Digi Passport unit.
Pinouts for Third-Party Power Controllers and Digi Passport Pinouts for console port of Digi Passport Pin Number EIA-232 Signal 1 CTS 2 DSR 3 RxD 4 GND 5 DCD 6 TxD 7 DTR 8 RTS Chapter 14 Power Controller 219
About Port Clustering Port Clustering Chapter 15 About Port Clustering Port clustering is the ability to coherently manage serial ports across multiple devices. Digi Passport supports two methods of port clustering, both of which can be used concurrently: • Master/Slave Clustering • Peer-to-Peer Clustering Master/Slave Clustering Master/slave clustering allows serial ports on one or multiple slave devices to be managed from one master device using a single IP address.
About Port Clustering Peer-to-Peer Clustering Peer-to-peer clustering allows multiple Digi Passport units to share information and have equal status within a cluster, without requiring one of the units to be the master. Any unit in the cluster, typically, the closest unit to the user, can act as a master.
Configure Master-Slave Port Clustering Configure Master-Slave Port Clustering Configuring the Digi Passport unit for port clustering requires these tasks: • Configure all the Digi Passport serial ports. • Assign one Digi Passport unit as the master clustering device; all other Digi Passport units default to slave devices. • Import the slave configuration to the Digi Passport unit’s master device. Assign Master Clustering Mode To assign a Digi Passport unit as the master cluster device, do the following: 1.
Configure Master-Slave Port Clustering Configure Slaves to Join a Cluster Digi Passport units can be configured as basic slaves without any additional configuration. Two additional settings, however, enhance the clustering capability. • Authentication mode: Local authentication is the slave independently authenticating all port access. Master authentication is the master performs port authentication. Users do NOT need to be defined on the slave unit. Password verification will be done by the master unit.
Configure Master-Slave Port Clustering Configure Advanced Clustering Settings To refine a cluster environment, use the advanced clustering configuration settings. 1. Select Clustering > Configuration > Master > Save & apply. 2. Select the port number > Enable > Save & apply. 3. From the Clustering >Master mode, select Advanced.
Configure Master-Slave Port Clustering Advanced master-slave clustering settings include: • Enable: Shows whether the port is enabled or disabled. All ports are enabled by default. • Slave unit address: The IP address of slave. • No. of ports: The number of ports on the slave. • Slave authentication mode: Whether the database is controlled by the master unit, or locally by the slaves themselves.
Configure Master-Slave Port Clustering Chapter 15 Port Clustering 226
Configure Master-Slave Port Clustering Access the Cluster Ports Connect to the slave port using the web interface, Telnet, or SSH client. Either access the port access menu or custom menu of each slave device or connect directly to each slave port. From the Web Interface 1. Clustered Ports appear in the Web user interface, and can be sorted by Port Title or Port Number. If there are more ports than will display on the screen, use the Move To pager feature on the upper right of the Port list. 2.
Configure peer-to-peer Clustering Configure peer-to-peer Clustering Configure Peer-to-peer Mode 1. Access the Digi Passport unit through the web interface. 2. Select Configuration > Peer-to-Peer configuration. 3. Configure peer-to-peer mode settings: • Peer-to-peer mode: select Enable. • Peer-to-peer authentication method: Select authentication method to be used. Local authentication: this peer will continue to authenticate users locally and independently of other peers.
Configure peer-to-peer Clustering Peer-to-peer Information Page The Peer to peer information page allows for joining and withdrawing peer-to-peer connections, and displays status of peer-to-peer connections. Status fields and buttons on this page include: • Not ready: Peer-to-peer mode is not active • Not joined: Peer-to-peer mode is active but no peers have been defined. • Joining: Joining peer-to-peer group. • Joined: Joined peer-to-peer group.
Configure peer-to-peer Clustering Join a Peer-to-peer Group To join an existing peer-to-peer group, enter the IP address of a member of that group and click the Join button. If the peer is not enabled or the password is incorrect, the joining process will fail. Peer information for a joining peer This screen shows peer-to-peer information of a joining peer after joining an existing group.
Configure peer-to-peer Clustering Invite Peers To invite peers, enter their IP addresses and click the Invite button. Each unit will be invited to join the peer-to-peer group of the current unit (or a group will be established if there is no current group. If the remote host is not already part of a group and its password matches that of the requesting peer, it will join the local peer-to-peer group. All existing units in the same peer-to-peer group will receive information about the invited hosts.
Configure peer-to-peer Clustering Peer-to-peer information after inviting peers • • • Chapter 15 Port Clustering Withdraw: Withdraws the peer-to-peer group. Remove: Removes the peer from the peers list. Update: Gets the information of the peers that have not responded.
Connect to Peers Connect to Peers Link to Web Interface To link to the web interface of the peer, click the protocol or the source port of the web port. Link to Port Access Menu To connect to the port access menu of the peer, click the protocol or the source port of the port access menu. Use the Digi Passport unit to Connect to Devices on Clustered Systems Ports on clustered systems appear in the Web UI alongside ports from the local system.
Connect to Peers Move to and Peer list To limit those ports that belong to the selected peer, select a peer in the Peer list box. The port number consists of the peer number, unit number and port number. This example shows the first port of slave unit 4 of the second peer. Connect to a Port via connect.asp Connecting by URL Users can access to ports using the connect.asp tool on the Passport by using the following URL construction rules. Connect.
Connect to Peers Connect to a Port via SSH Users can also access ports using ssh console by including the t= or p= option. For example: ssh root:t=any-unique-port-title@192.168.12.8 (where 192.168.12.8 is any peer) ssh root:p=1@192.168.12.8 (192.168.12.8’s local port 1) ssh root:p=R2P1@192.168.12.8 (Peer 2 port 1) ssh root:p=R2S0P1@192.168.12.8 ssh root:p=R2S4P1@192.168.12.8 (Peer 2 Slave 4 port 1) ssh root:15064@192.168.12.
Clustering push configuration Clustering push configuration Clustering push configuration is used to push the configuration of one Passport (Push server) to the other Passport unit in the cluster. This can facilitate initial configuration of multiple Passport units. Because of security concerns, pushing configuration is only possible to the units which have default root password (dbps). Also only the ADR and User configuration can be pushed. Clustering push configuration has two main configuration menus.
Clustering push configuration If the unit is joined peer to peer clustering, you can see the peer list on the Push server filtering configuration page. You can also add the push server manually by entering the IP address and net work mask to the new option box and then pressing Add. Once the push servers are configured, only the Passport unit listed on the Push server filtering configuration page can push the configuration to the unit.
Clustering push configuration Pushing the configuration can be done through Push configuration menu page. If the unit has salve unit or joins peer to peer clustering, you will see the list of clustered units on this page. After selecting the configuration and unit to be pushed the configuration, press the push button. And then wait until the Status has changed from Busy to Ready. Once the status has changed to Ready again, you will find selected configuration was pushed the target unit.
About the Configuration Menu Configuration Menu Interface Chapter 16 About the Configuration Menu The configuration menu enables authorized users to configure the Digi Passport unit with the same functionality as is available with the web interface, except for creating custom menus. Access the Configuration Menu The configuration menu is available through a Telnet or SSH session to the root user, system administrator, or port administrator. (Port administrator can only change serial port parameters.) 1.
Configure SSH Configure SSH 1. Select Serial Port Configuration > port number or 0 (zero) for all ports. 2. Select Host mode configuration > Protocol > SSH. 3. Use the ESC key to return to the main configuration menu. 4. Select Exit and apply changes. Add, Edit, and Remove Users 1. Select System administration > User administration and then choose an operation to perform: Add, Remove, or Edit. 2. Configure the user as required.
Add and Configure a PC Card Add and Configure a PC Card To add a modem card, compact-flash card, wireless LAN card, or network card to the Digi Passport unit using the configuration menu, do the following: 1. Access the configuration menu. (1 Network Configuration, 5 Peripherals). 2. Select PC Card configuration. 3. Configure the card by choosing Change card configuration. The system searches for the card and displays information on the product model number and type of card. 4. Select Save Changes.
Host Mode Configuration Host Mode Configuration 1. Access the configuration menu. 2. Select Serial Port Configuration > port number or 0 (zero) for all ports > Host Mode Configuration. 3. Enter the desired parameters for each menu item. Port Parameters 1. Access the configuration menu. 2. Select Serial Port Configuration > port number or 0 or 0 (zero) for all ports. 3. Enter the desired parameters for each menu item.
Port Access Menu Port Access Menu Another default menu is the Port Access Menu, which is available to all users. 1. Access the configuration menu. 2. Select Serial Port Configuration. 3. Select 0 for all ports. 4. Select Port access menu configuration. Access this menu through a Telnet or SSH session using the IP address of the Digi Passport unit followed by the port number 7000 as in the following example: telnet 192.168.100.
System Logging System Logging System logging is a two-part process. First, the device being used to record the system logs must be configured. Second, system logging must be configured for the system under System status and log. System logs can be saved to the Digi Passport unit’s system memory (there is no need to configure the memory), a compact-flash card, an NFS server, or a SYSLOG server.
System Logging Configure an NFS or SYSLOG Server 1. Access the configuration menu. 2. Select Network configuration > NFS or SYSLOG server configuration. 3. Disable or enable the server. Configure System Logging 1. Access the configuration menu. 2. Select System Status & log > System logging. 3. Enter the desired parameters for the menu items.
Configure SNMP Configure SNMP To configure SNMP from the configuration menu, do the following: 1. Access the configuration menu. 2. Select Network Configuration > SNMP configuration. 3. Enter the desired parameters for the menu items. Configure SMTP To configure SMTP from the configuration menu, do the following: 1. Access the configuration menu. 2. Select Network configuration > SMTP configuration. 3. Enter the desired parameters for the menu items.
Configure Network IP Filtering Configure Network IP Filtering The Digi Passport unit offers built-in firewall functionality to limit TCP/IP traffic to and from certain networks, TCP ports, and interfaces. The functionality implemented is based on the Linux tool IP tables. The next scenario shows that access to the device connected to the Digi Passport is allowed only on the .1 subnet. The device at 192.168.1.
Configure Network IP Filtering IP Filtering Settings The IP filtering settings page looks like this. Settings include: • Interface: The name of the network interface through which a packet is received.
Configure Network IP Filtering • Protocol: The protocol being accepted on or dropped from the port: • TCP • UDP • ICMP • Port: A TCP/IP port on the Digi Passport unit that other hosts try to access. Specify either one port, using a single value, or a range of ports using this form: port1:port2, where port1 defines the lowest port, and port2 the highest port.
Configure Network IP Filtering IP Filtering Rules This table describes the IP filtering rules. IP Filtering Rule Description #1 Defines SSH access to the Digi Passport unit (port 22). The Normal option specifies that the rule applies to all addresses listed. The rule says to Accept traffic from these addresses for Port 22. #2 Defines Telnet access to the Digi Passport unit (port23). The Invert option specifies that the rule applies to all addresses except those listed.
Configure Network IP Filtering Configure Network IP Filtering from the Configuration Menu To configure the Digi Passport unit for Network IP filtering, do the following: 1. Access the configuration menu. 2. Select Network configuration > IP filtering. s 3. Select a menu item and enter the desired parameters for the menu items. 4. Use the ESC key to return to the main menu. 5. Select Save changes.
Configure Port IP Filtering Configure Port IP Filtering To configure the Digi Passport unit for Port IP filtering, do the following: 1. Access the configuration menu. 2. Select Serial port configuration. 3. Select port number or 0 (zero) for all ports > IP filtering. 4. Select a menu item and enter the desired parameters for the menu items. 5. When all parameters are entered, use the ESC key to return to the main menu. 6. Select Save changes.
Configure and View Sniff Sessions Configure and View Sniff Sessions To configure a port or all ports for sniff users, do the following: 1. Access the configuration menu. 2. Select Serial port configuration. 3. Select port number or 0 (zero) for all ports > User access control. 4. Select User Access Control. 5. Select Enable/Disable Sniff Mode. 6. Select a menu item and enter the desired parameters. 7. When all parameters are entered, use the ESC key to return to the main menu. 8. Select Save changes.
Configure and View Sniff Sessions View a Sniff Session A sniff user enters a sniff session by starting a Telnet session on a specified port. In the following example, a sniff user uses Telnet to connect to port 7 of the Digi Passport unit. From the command prompt enter the following command: telnet 192.168.100.42 7007 1. Log in and enter your password. 2. Enter the port escape sequence. When sniff users login to a port from a Telnet session, a sniff session menu is displayed with allowed options.
Configure and View Sniff Sessions Escape Sequences for Sniff Sessions Escape Sequence Ctrl+ Action Occurrence m Take over main session (read/write). Presented only to users with read/write access upon entering a session. s Enter as a slave session (read only). Presented only to users with read/write access upon entering a session. b Send break. Not functional for sniff users. l Show last 100 lines of log buffer. Must enable logging for this option. d Disconnect a sniff session.
Authentication Authentication 1. Access the configuration menu. 2. Select Serial port configuration. 3. Select an individual port number or 0 (zero) for all ports > Authentication. 4. Select Authentication type. 5. To the main menu, use the ESC key. 6. Select Save changes.
Certificate Management Certificate Management Upload a Server Certificate To upload a server certificate, use either of these methods, • Use the Upload Server Certificate menu. This menu is displayed only when running configmenu on the serial console of the Digi Passport unit. (Running configmenu on CLI via Telnet or SHI does not display this menu.) • Use the scp command to copy your server.pem file to /tmp/cnf/etc. To make this change permanent, run the saveconf command from the command line interface.
Certificate Management 7. Use the configuration from this location: /usr/local/ssl/lib/ssleay.cnf 8. Generate a 1024-bit RSA private key. ........++++++ ......................++++++ 9. Write new private key to this location: ./demoCA/private/./cakey.pem' 10. Enter the PEM pass phrase: ; CA Password (Enter password and remember this) Verify password - Enter PEM pass phrase: ; CA Password ----- The information entered next will be incorporated into the certificate. 11.
Make a Certificate Request To make new certificates, first, make a certificate request. 1. Enter: # cd /work/openssl-0.9.7c/CA 2. Run the following commands. It is assumed that the sample configuration file, openssl.conf.digi, is being used. # openssl genrsa -out key.pem 1024 # openssl req -new -key key.pem -out req.pem 3. Use the configuration from /usr/share/ssl/openssl.cnf. A prompt is displayed to enter information that will be incorporated into the certificate request.
Sign a Certificate Request 1. To sign a certificate request, enter the following: # cd /work/openssl-0.9.7c/CA # cp req.pem newreq.pem # sh /usr/local/ssl/misc/CA.sh -sign 2. Use the configuration from sample file /usr/share/ssl/openssl.cnf. 3. Enter PEM pass phrase. Enter the CA Password created in "Create/Use a Server Certificate" on page 257, in the step that begins Enter the PEM pass phrase. CA Password 4.
Certificate Management 5. Verify that the signed certificate, newcert.pem, is generated. # ls demoCA key.pem newcert.pem newreq.pem req.pem Make Certificate for the Digi Passport Unit 1. Remove headings in newcert.pem file: # cd /work/openssl-0.9.7c/CA # cp newcert.pem server.pem # vi server.
Dial-in Modem Access Dial-in Modem Access Individual serial ports on the Digi Passport unit can be configured for dial-in modem access. To use dial-in modem mode, an external modem is first attached to a serial port and then the serial port is configured for dial-in modem access. In the illustration below, port 7 is configured for a dial-in modem. To configure a serial port for a dial-in modem, do the following: 1. Access the configuration menu. 2. Select Serial Port Configuration. 3.
Dial-in Terminal Server Access Dial-in Terminal Server Access Individual serial ports on the Digi Passport unit can be configured for dial-in terminal server access. To use dial-in terminal server access, an external modem is attached to a serial port on the Digi Passport unit, then the serial port is configured for dial-in terminal server mode. In the illustration below, port 7 is configured for dial-in terminal server mode. Terminal server mode makes a direct connection to a server.
Clustering Clustering By default, clustered slave devices are configured using the Telnet protocol and the following port parameters: • bps=9600 • data bits=8 • parity=none • stop bits=1 • flow control=none When the master device autoconfigures a slave device, it simply imports the information from the slave unit. To use other protocols or port parameters, configure the slave unit with those parameters before autoconfiguring.
Clustering 7. Select the port number to configure or 0 for all ports. 8. Select Enable configuration. 9. Select Auto Configuration. 10. Select Exit and apply changes.
Upgrade Firmware Upgrade Firmware Before upgrading firmware from the configuration menu: • Download the firmware to a system on the same subnet. • Set up a terminal emulation program that supports the Zmodem transfer protocol. To upgrade the firmware with the configuration menu: 1. Access the configuration menu. 2. Select System administration. 3. Select Firmware upgrade. Enter y for Yes when prompted whether to upgrade the firmware. 4.
Restore Factory Defaults Restore Factory Defaults There are two choices to restore the unit to its factory defaults: restoring all factory defaults, or restoring all factory defaults except IP settings. To restore the Digi Passport unit unit to the factory defaults: 1. Access the configuration menu. 2. Select System administration. 3. Select Configuration import. 4. Select Location. 5. Select Factory Default. The system will restore factory defaults, and the unit will automatically reboot. 6.
Set Date and Time Set Date and Time Date and time on the Digi Passport unit can either be kept internally or by an NTP server. It is easier to set the date and time from the Digi Passport unit’s Web interface "Set Date and Time" on page 298. To set the date and time from the configuration menu: 1. Access the configuration menu. 2. 3. 4. 5. Select System administration. Select Date and Time. Enter the desired parameters. Select Save changes.
Access the Boot Loader Program Access the Boot Loader Program The Boot Loader program can be accessed during the boot process. The main function of the program is to provide a backup means for restoring the firmware if the Digi Passport unit will no longer boot. It also provides a hardware testing module that detects and tests hardware components on the unit. To access the Boot Loader program: 1.
Access the Boot Loader Program Hardware Test Menu The Boot Loader program provides a hardware test for detecting and testing hardware components on the Digi Passport unit. From the Boot Loader menu, select the number 3 to access the Hardware test. Options for several components appear. Disaster Recovery The Digi Passport unit provides a disaster recovery procedure in the event the configuration data is destroyed or corrupted.
Access the Boot Loader Program 5. Choose Firmware upgrade by entering 3. The following screen is displayed. 6. Enter the information for the first menu items. • Protocol: The choices are BOOTP or TFTP. • IP address assigned: Enter the IP address of the Digi Passport unit. • Server’s IP address: The IP address of the BOOTP or TFTP server. • Firmware File Name: The filename for the firmware. • Ethernet interface: 1 or 2. Use the ESC key to return to earlier menu screens. 7. Select Start firmware upgrade.
Configmenu scripting Configmenu scripting There are scripting capabilities built into Configmenu as a convenience for command-line users who need to configure multiple devices via scripts. Note: Not all sections of Configmenu support the scripting feature (Clustering and Power Controller do not support scripting). Syntax and examples The following command line options are supported for scripting to UI (configmenu) in the CLI.
Configmenu scripting For example, you can find the XML paths related with IP configuration in file tmp/cnf/sys/network/ip.cnf as follows , [root@Digi_Passport ~]# more /tmp/cnf/sys/network/ip.cnf /network/ip/dns1=206.13.28.12 /network/ip/dns2=0.0.0.0 /network/ip/ipconf1/ipconf1/gateway=10.0.0.1 /network/ip/ipconf1/ipconf1/ip_addr=10.0.5.1 /network/ip/ipconf1/ipconf1/ip_mode=1 /network/ip/ipconf1/ipconf1/s_ip_enb=0 /network/ip/ipconf1/ipconf1/subnet=255.255.0.
Configmenu scripting The “apply” command can be also run separately after saving all changes [root@Digi_Passport ~]# configmenu set /network/ip/ipconf2/ ipconf2/ip_mode=1 save Set : /network/ip/ipconf2/ipconf2/ip_mode=static IP (1) [root@Digi_Passport ~]# configmenu set /network/ip/ipconf2/ ipconf2/ip_addr=10.0.5.2 save Set : /network/ip/ipconf2/ipconf2/ip_addr=10.0.5.2 [root@Digi_Passport ~]# configmenu apply ............. Apply Done.
Configmenu scripting Configuration commands can be entered and executed in a script file, as shown below. Each command should be on a separate line and the "save" and "apply" commands should be added at the end of file if you want to apply your changes. [root@Digi_Passport4 ~]# more /usr2/rpot2 add rport 7006 set /serial/serial_config/ports/*6/rport_param/dest_ip=192.168.1.
Back Up All Configuration Files Before Using Commands Command Line Interface Chapter 17 Digi Passport runs the embedded Embedded Linux operating system. The command line interface for configuration purposes is accessible only by the root user. The system administrator has read only privileges from the command line. By default the root user is connected to the command line interface (CLI) when accessing the Digi Passport unit through Telnet or SSH.
Linux Commands Linux Commands This section lists various Linux commands available on the Digi Passport unit. This is simply a listing of commands and does not detail what the commands do or give their particular parameters. For more detailed command information, see the man pages on a Linux system. Commands for Saving and Applying Changes Two commands that are very important for saving and applying changes to the configuration files are: • saveconf: Saves the configuration files to flash memory.
Dual Network Options Dual Network Options Source Based Routing When more than one router is needed, with each network interface using a different router, set up source-based routing on the Passport. The following commands are needed to be run for source based routing on the Passport # /sbin/ip rule add from $IP table $TBL # /sbin/ip route add default dev $ETH via $GW table $TBL # /sbin/ip route add $NET dev $ETH table $TBL where: $IP is an IP address which should use a non-default gateway.
Dual Network Options Ethernet Bridging Ethernet bridging is commonly used to connect different networks of Ethernets together, so that these Ethernets will appear as one Ethernet to the participants. Ethernet bridging essentially involves combining an Ethernet interface with one or more physical Ethernet interfaces and bridging them together under the umbrella of a single bridge interface. Ethernet bridges represent the software analog to a physical Ethernet switch.
Dual Network Options Shell and Shell Utilities ash bash echo env false grep more pwd sed sh which cat chmod cp dd df du e2fsck find fsck gunzip gzip ln ls mkdir mkdosfs mke2fs mknod mount mv rm rmdir scp sync tail tar touch vi umount date free half hostname id init insmod kill killall lsmod modprobe poweroff ps reboot reset rmmod shutdown sleep stty su telnet uname useradd userdel usermod who whoami ftp ifconfig iptables netstat ping rou
Important File Locations Important File Locations The Digi Passport unit has several files that are important for administrative use. This section lists and briefly describes some of the files that the root user or system administrator may wish to view, monitor, and edit. Default Script The default script file is executed whenever the Digi Passport unit is booted. The file is /usr2/rc.user and can be modified with the vi editor. The modified script becomes effective when the system is rebooted.
Important File Locations File Name Description krb5.conf Kerberos configuration file. nsswitch Search order for files and DNS ./pam.d Authorization table directory passwd User password file ./ppp PPP info directory resolv.conf DNS info server.pem Stores the private keys when using SSH with key certification. shadow The secure passwd file snmpd.conf All SNMP info sshd_config SSH config file syslog-ng.conf Syslog-ng config file timezone Timezone file ./xinetd.d ./xinetd.d/master .
File Name Description ccard.cnf PC Card security.cnf Security profile syslog-ng.cnf Syslog-ng system.cnf System log User Storage Space The Digi Passport unit comes with 16 megabytes of user storage space. This storage space can be used to store custom scripts. The location is /usr2. Custom scripts such as simple commands, are simply dropped into /usr2. If a file needs to be edited, copy the file into usr2/rc.usr, kill the process, then restart the process from the new file.
Example Scripts Example Scripts Save IP tables options permanently Add the following command in the /usr2/rc.user script file just above exit 0. Disabling Telnet is just shown as one example. 1. Create a new script file /usr2/run.user that includes the desired commands. iptables -A INPUT -p tcp --dport 23 -j DROP 2. Run the following command to make the script executable chmod 755 /usr2/run.user 3. Add the following command in the /usr2/rc.user script, just above exit 0: ln -s /usr2/run.user /etc/rc.
Example Scripts Limit root access to the console on Digi Passport products (for SSH only) Limiting root access to the console prevents root access from any means except physically logging in on the Digi Passport console. To limit root access: 1. Modify file /etc/inetd.conf and append -f /usr2/sshd_config to the sshd line. cp /etc/inetd.conf /usr2/inetd.conf 2. Edit file /etc/ssh/sshd_config. Change PermitRootLogin to no. cp /etc/ssh/sshd_config /usr2 3. In the in the /usr2/rc.
User Administration User Administration Add, edit or delete users with the Digi Passport unit’s command line interface. Add a user The syntax for adding a user is: adduser [username] -h /tmp [-g groupid] [-s shellprogram] Where: groupid Is an identifier for the three types of groups supported by the Digi Passport. 500 or vadmin Sys admin group ID. 501 or padmin Port admin group ID. 502 or users Standard User group ID. shellprogram Specifies the type of shell for the Digi Passport device.
User Administration Locator LED Script The Locator LED on the Digi Passport 48 can be deactivated and reactivated with the following file and command. /bin/blinkled [{start|stop}] For example, use these commands to stop and start Locator LEDS: root@mankato:~# /bin/blinkled stop root@mankato:~# /bin/blinkled start All other Digi Passport units have the locator feature without a Locator LED. To identify another Digi Passport unit, all the LEDs blink when the feature is activated.
Upgrade Firmware System Administration Chapter 18 This chapter describes how to perform system administration tasks for the Digi Passport unit, when logged in as either the root user or the system administrator. System administration tasks include firmware upgrades, saving configurations, resetting the Digi Passport unit to defaults, and disaster recovery procedures. Upgrade Firmware Web Interface The latest firmware for the Digi Passport unit is in this location: http://www.digi.
Configuration Management Configuration Management Configuration management allows saving all or parts of a configuration at a specified interval: either periodically or ten minutes after the latest changes. The Digi Passport unit saves all configurations when clicking Save & apply or Apply changes. These configurations are saved to the local Digi Passport unit in the default directory, /tmp/cnf. Then, manage these configurations by exporting the files to the desired location. 1.
Configuration Management Automatically Save the Configuration Further down the screen are the options for automatically saving the configuration either periodically or 10 minutes after the latest changes. Settings for automatic saving include:. • Automatic backup option: Disable: Select if not using an automatic save option. Periodic: Save after the specified interval. 10 minutes after last change: Save ten minutes after the last configuration change.
Configuration Management Option for auto backup configuration to use an auto file naming scheme The following file naming schemes are supported for the auto backup configuration • $HOSTNAME$ : Add host name • $TIME$
Automatically Upgrade Firmware or Configuration using TFTP Automatically Upgrade Firmware or Configuration using TFTP The Digi Passport unit supports upgrading the firmware, configuration, or any other files in the file system using a TFTP-based mechanism. When booting, the Digi Passport unit can verify a “hash” file and determine if it needs to download upgrades from the TFTP server.
Automatically Upgrade Firmware or Configuration using TFTP Structure of the Hash File The hash file is an ASCII configuration file with one line per entry. Each entry defines one upgrade action. The hash file defines several actions: 1. Upgrade firmware 2. Upgrade configuration 3. Upgrade any file 4. Execute an application. The action is the first entry in the line and it also defines the syntax of the line.
Automatically Upgrade Firmware or Configuration using TFTP Upgrade configuration action The syntax for action 2, configuration upgrade, is: action #,image name,model name,version Where: action # The action number to be performed, which is 2. image name The path and the filename of the configuration file on the TFTP server. model name The product name, including the port count, for example, DigiPassport4, DigiPassport8, DigiPassport16, DigiPassport32, DigiPassport48.
Automatically Upgrade Firmware or Configuration using TFTP Upgrade any file action The syntax for action 3, file upgrade, is: action #,file name,options,destination Where: action # The action number to be performed, which is 3. file name The path and the filename of the file on the TFTP server. options Actions performed on the file: F Forced copy: override existing file. X Decompress file. Z Unzip file. U Upload file; this is the default option.
Reset the Digi Passport unit to Factory Defaults Reset the Digi Passport unit to Factory Defaults There are several ways to reset the Digi Passport unit to the factory defaults: using the Factory reset button on the unit, using the web interface, or entering a command through the command-line interface. Using the Factory Reset Button The quickest and simplest method is to push and hold the hardware factory default reset button until the Ready light on the front panel goes out.
Reset the Digi Passport unit to Factory Defaults Using the Web Interface The web interface provides the option of retaining the IP settings. To use the web interface to reset the Digi Passport unit, do the following: 1. Enter the IP address of the Digi Passport unit in the address bar of a web browser to access the web interface. 2. Select System administration > Configuration management 3. Under Configuration import, select Factory default. 4.
Set Date and Time Set Date and Time The Digi Passport unit provides two options for keeping system time. The first is by using an NTP server and the other is through an internal battery backup. To configure the Digi Passport unit for date and time, do the following: 1. Enter the IP address of the Digi Passport unit in the address bar of a web browser to access the web interface. 2. Select System administration > Date and time. 3.
Hardware Specifications Specifications and Certifications Chapter 19 This chapter provides information on Digi Passport hardware, including hardware specifications, LED descriptions, pinouts for Ethernet cable and cable adapter, and rack mounting specifications. It also includes certification statements for the Digi Passport unit.
Hardware Specifications Digi Passport 8/16/32/48 Models Value AC Powered Attribute Operating temperature 0°C to 50°C (41°F to 122°F) Storage temperature -30°C to 60°C (-20°F to 140°F) Humidity 10% to 90% non-condensing Power supply All models except Digi Passport 32 DC Internal, 100 -240VAC, 50/60 Hz, 0.37A (max), 15W (power output side) Digi Passport 32 DC Internal, 36-72VDC, 50/60 Hz, 1.
LED Indicators Value AC Powered Attribute Dimensions Digi Passport 8 Length: 17.50 in (44.30 cm) Depth: 1.80 in (4.40 cm) Width: 8.0 in (20.30 cm) Digi Passport 16/32/48 Length: 17.50 in (44.30 cm) Depth: 1.80 in (4.40 cm) Width: 10.0 in (25.30 cm) Weight Digi Passport 8 5.19 lb (2.28 kg) Digi Passport 16 6.09 lb (2.78 kg) Digi Passport 32 6.23 lb (2.85 kg) Digi Passport 48 6.48 lb (2.96 kg) Dual power models Add 0.20 lb (0.09 kg) Internal modem models Add 0.33 lb (0.
Serial Port Cabling Serial Port Cabling The Digi Passport unit simplifies cabling. The RJ-45 8-pin configuration matches all SUN and Cisco RJ-45 console port configurations, enabling CAT 5 cabling without pinout concerns. Three DB-25 and one DB-9 adapters come in the package. A DB-25 male, a DB-25 female, and a DB-9 adapter support console management applications. A DB-25 male adapter provides a modem connection. See the cable adapter information that follows later in this chapter.
Cable Adapters and Pinouts Cable Adapters and Pinouts The Digi Passport unit comes with four cable adapters. The following illustrations show cable adapter pin outs. Additional adapters can be purchased from Digi in quantities of 8.
Cable Adapters and Pinouts DB-9 Female Console Adapter (Digi 8-pack reorder P/N 76000671) Pin #1 Pin #5 Pin #1 Pin #6 Pin #8 DB-9 Female to RJ-45 Pin Assignments RJ-45 Signal DB-9F Signal 1 CTS Connected to 7 RTS 2 DSR Connected to 4 DTR 5 DCD 3 RxD Connected to 3 TxD 4 GND Connected to 5 GND 6 TxD Connected to 2 RxD 7 DTR Connected to 1 DCD 6 DSR 8 CTS 8 RTS Chapter 19 Specifications and Certifications Connected to 304
Cable Adapters and Pinouts DB-25 Female Console Adapter (Digi 8-pack reorder P/N 76000673) Pin #1 Pin#13 Pin#25 DB-25 Female to RJ-45 Pin Assignments RJ-45 Signal 1 CTS Connected to 4 RTS 2 DSR Connected to 20 DTR 5 DCD 3 RxD Connected to 2 TxD 4 GND Connected to 7 GND 6 TxD Connected to 3 RxD 7 DTR Connected to 6 DCD 8 DSR 5 CTS 8 RTS Chapter 19 Specifications and Certifications DB-25M Connected to Signal 305
Cable Adapters and Pinouts DB-25 Male Modem Adapter (Digi 8-pack reorder P/N 76000670) Pin #13 Pin #1 Pin #25 DB-25 Male Modem to RJ-45 Pin Assignment RJ-45 Signal DB-25M Signal 1 CTS Connected to 5 CTS 2 DSR Connected to 6 DSR 3 RxD Connected to 3 RxD 4 GND Connected to 7 GND 5 DCD Connected to 8 DCD 6 TxD Connected to 2 TxD 7 DTR Connected to 20 DTR 8 RTS Connected to 4 RTS Chapter 19 Specifications and Certifications 306
Cable Adapters and Pinouts DB-9 Male Modem Adapter (Digi 8-pack reorder P/N 76000702) (Available but not included Pin #5 Pin #1 Pin #1 Pin #8 Pin #6 DB-9 Male Modem to RJ-45 Pin Assignment RJ-45 Signal DB-9M Signal 1 CTS Connected to 8 CTS 2 DSR Connected to 6 DSR 3 RxD Connected to 2 RxD 4 GND Connected to 5 GND 5 DCD Connected to 1 DCD 6 TxD Connected to 3 TxD 7 DTR Connected to 4 DTR 8 RTS Connected to 7 RTS Chapter 19 Specifications and Certifications 307
Ethernet Pinouts Ethernet Pinouts The Digi Passport unit uses a standard Ethernet connector, that is a shielded and compliant with AT&T 258 specifications.
Rack Mounting Rack Mounting Rack Mounting Installation 1. Attach enclosed bracket ears to rack as shown in illustration. Rack shown in illustration is not included with the Digi Passport unit. 2. Follow safety and installation considerations when placing the Digi Passport unit on the rack.
Rack Mounting • Power and wiring: • This equipment is for indoor use and all the communication wirings are limited to inside of the building. • Locate the DC supply source within the same premises as the equipment. • Check equipment nameplate ratings before connecting to the supply circuit to avoid overloads that may damage over-current protection devices and supply wiring. • Maintain reliable earthing of rack-mounted equipment.
Lithium Battery Replacement Lithium Battery Replacement A 3 Volt CR2032 battery maintains date and time information in the Digi Passport unit. If resetting the time and date information after turning on the Digi Passport unit is necessary, replace the battery. Replace the battery with the same or equivalent type recommended by the manufacturer only. Manufacturer: SONY FUKUSHIMA CORP., Model: CR2032. Toshiba Battery Co.,Ltd, Model: CR2032) Caution: A new battery can explode if incorrectly installed.
Certifications Certifications Safety Certifications • US: UL1950 • Canada: CSA 22.2 No. 60950 • Europe: EN60950 (CB Scheme Report) Working Inside the Digi Passport Unit NOTICE: Do not attempt to service the Digi Passport unit yourself, except when following the instructions from Technical Support personnel. In such a case, first perform the following actions: • Turn off the Digi Passport unit.
Certifications Environmental Considerations and Cautions To ensure safe and efficient operation of the Digi Passport unit, follow these guidelines: • Do not position the Digi Passport unit near high-powered radio transmitters or electrical equipment, such as electrical motors or air conditioners. Interference from electrical equipment can cause intermittent failures. • Avoid exceeding the maximum cabling distances discussed in the online cable guide.
Certifications Emissions Certifications • US: FCC part 15, Class A • Canada: ICES 003 Class A • Europe: EN55022 • Japan: VCCI • Australia: AS3548 Immunity Certifications Europe: EN55024:1998 EN61000-3-2: 2000 EN61000-3-3: 1998 Solaris Ready Certification All Digi Passport products are Solaris Ready certified.