Dominion SX ® User Guide 3.5.0 Copyright © 2014 Raritan, Inc. DSX-v3.
This document contains proprietary information that is protected by copyright. All rights reserved. No part of this document may be photocopied, reproduced, or translated into another language without express prior written consent of Raritan, Inc. © Copyright 2014 Raritan, Inc. All third-party software and hardware mentioned in this document are registered trademarks or trademarks of and are the property of their respective holders.
Contents CS03 Certification - DSXA-16 and DSXA-48 xiii Package Contents xiv How to - Dominion SX Essentials xvi Case 1. Upgrading SX Firmware via Web Browser .....................................................................xvi Case 2. Configuring and Using Direct Port Access via SSH .......................................................xvi Case 3. Using Exclusive Write Access via RSC ......................................................................... xvii Case 4. Configuring LDAP ..........
Contents Chapter 2 Installation and Configuration 30 Overview ...................................................................................................................................... 30 Factory Defaults ........................................................................................................................... 31 LED State .....................................................................................................................................
Contents Chapter 5 Remote Authentication 57 Configuring RADIUS .................................................................................................................... 57 Configuring LDAP ........................................................................................................................ 58 Configuring TACACS+ .................................................................................................................
Contents SSL Client Certificate ................................................................................................................. 104 Enable Client Certificate Authentication .......................................................................... 105 Install a New Trusted Certificate Authority ...................................................................... 106 Remove a User-Added Certificate Authority ...................................................................
Contents Upgrading Firmware .................................................................................................................. 128 Display the Current Firmware Version............................................................................. 129 Upgrade the Firmware ..................................................................................................... 129 Display a Firmware Upgrade History ...............................................................................
Contents Configuring Authorization and Authentication (AA) Services .................................................... 155 Remote Services ............................................................................................................. 155 LDAP Configuration Menu ............................................................................................... 156 RADIUS Command..........................................................................................................
Contents Configuring Time........................................................................................................................ 191 Clock Command .............................................................................................................. 191 NTP Command ................................................................................................................ 191 Timezonelist Command ..................................................................................
Contents Chapter 12 Intelligent Platform Management Interface 224 Discover IPMI Devices ............................................................................................................... 224 IPMI Configuration ..................................................................................................................... 225 Chapter 13 Power Control 229 Port Power Associations ............................................................................................................
Contents SX Terminal Ports ...................................................................................................................... 261 SX16 and SX32 Terminal Ports ................................................................................................. 262 Appendix B System Defaults 264 Initiate Port Access .................................................................................................................... 264 Supported Character Length of Various Field Types ....
Contents TACACS+ Server Configuration ................................................................................................ 282 CiscoSecure ACS ...................................................................................................................... 282 Appendix E Modem Configuration 285 Client Dial-Up Networking Configuration ................................................................................... 285 Windows NT Dial-Up Networking Configuration .......................
CS03 Certification - DSXA-16 and DSXA-48 To avoid potentially fatal shock hazard and possible damage to Raritan equipment: Do not use a 2-wire power cord in any product configuration. Test AC outlets at your computer and monitor for proper polarity and grounding. Use only with grounded outlets at both the computer and monitor. When using a backup UPS, power the computer, monitor and appliance off the supply.
Chapter 1: Package Contents Package Contents NOTICE: This equipment meets the applicable Industry Canada Terminal Equipment Technical Specifications. This is confirmed by the registration number. The abbreviation IC, before the registration number, signifies that registration was performed based on a Declaration of Conformity, indicating that Industry Canada technical specifications were met. It does not imply that Industry Canada approved the equipment.
Package Contents Check the contents of the carton containing the SX against the packing list that ships with your SX. If any piece is missing or damaged, contact your Raritan sales representative.
How to - Dominion SX Essentials Case 1. Upgrading SX Firmware via Web Browser Upgrade the SX firmware version for enhanced features or service patches. During the upgrade, SX verifies there is enough space on the device to perform the upgrade. If there is not, the SX restarts and the upgrade does not take place. If the upgrade fails due to lack of space, clear the local logs on the device and try upgrading again. Contact Raritan Technical Support if you still cannot upgrade after clearing the local logs.
How to - Dominion SX Essentials 2. Log back in to the SX and select the port enabled for DPA in Setup > Port Configuration. 3. Edit the DPA SSH TCP Port to which SSH client connects. Click OK. 4. Log in to the SX via a web browser. Click Setup > Services, select TCP port on Direct Port Access Mode, and click OK. 5. Launch an SSH client, such as Plink or PuTTY. Enter the IP address and change the default TCP Port to connect to the enabled port (for example, plink -ssh -P 2203 192.168.51.9).
Chapter 1: How to - Dominion SX Essentials 3. Click OK. See Configuring LDAP (on page 58) for details. Case 5. Creating Power Association Group See Power Strip Configuration (on page 231) for details on how to add power strips to SX management first.
How to - Dominion SX Essentials Case 6. Performing Factory Reset on SX To set the SX configuration back to the factory defaults through the GUI: 1. Log in to SX via a web browser. 2. Choose Maintenance > Factory Reset. Confirm your decision when prompted. 3. Do not power off the SX as it reboots. 4. You are redirected to the login page after the SX is rebooted.
Chapter 1: How to - Dominion SX Essentials 3. Select Yes to proceed through the security warning(s). The Raritan Serial Console (RSC) launches in a separate window. Press the Enter key to "wake up" the session. 4. Type the target system's native commands in the RSC window/console. 5. Choose Emulator > Exit. Click Yes on the confirmation dialog to exit. See Raritan Serial Console (on page 67) for details. Case 9.
How to - Dominion SX Essentials f. To return to the SX console, enter the escape sequence characters. For example, simultaneously press the control and closed bracket key (]). g. To exit the target serial console session, enter the letter "q" to quit. You are redirected to the SX console, and the port serial console session is now closed. 2. SSH access from a UNIX® Workstation a. Enter the following command to log in: ssh -l admin 192.168.0.192 b. Enter the admin username and raritan as the password.
Chapter 1 Introduction In This Chapter Dominion SX Overview............................................................................22 SX Connections, Ports and Indicators .....................................................23 Product Features .....................................................................................
Chapter 1: Introduction SX Connections, Ports and Indicators Note the image shown here is an example, so it may be different from your SX model. AC unit diagram key A AC power outlet(s) and power on/off switch(s) B Internal modem (if available) C Terminal port/console port D Server ports E Reset button F Ethernet port G Unit status indicators In normal operation, the LED blinks whenever there is network or serial activity detected.
Chapter 1: Introduction DC unit diagram key A DC power connections B Power on/off switch C Internal modem (if available) D Terminal port/console port E Server ports F Reset button G Ethernet port H Unit status indicators (see above for details) 4 Port SX Models DSX4 DSXB-4-M 24 Single-feed Console AC power port 19" rackmount kit (2) (optional) (1) (optional) Internal modem
Chapter 1: Introduction 8 Port SX Models Single-feed Dual-feed AC power AC power Single-feed DC power Console ports DSX8 19" rackmount kit (2) DSXA-8 Internal modem (optional) (1) DSXB-8-M DSXB-8-DC (-36-72V) (1) (optional) (2) (optional) 16 Port SX Models DSXA-16 DSXA-16-DL DSXA-16DLM Dual-feed AC power Dual-feed DC power Dual Ethernet Console port Local access port 19" rackmount kit Internal modem (1) (2) (1) 25
Chapter 1: Introduction 32 Port SX Models Dual-feed AC power Dual-feed DC power DSXA-32 Dual Ethernet Console port (1) DSXA-32-AC (2) DSXA-32-DL (2) DSXA-32DLM (1) DSXA-32-DC (1) 48 Port SX 26 Local access ports 19" rackmount kit Internal modem
Chapter 1: Introduction Models DSXA-48 DSXA-48-AC DSXA-48-DC Dual-feed AC power Dual-feed DC power Dual Ethernet Console port 19" rackmount kit Internal modem (1) (2) (1) 27
Chapter 1: Introduction Product Features Comprehensive Console Management 28 Remote Management: Access, monitor, administer, and troubleshoot up to 48 target units (depending on the model) via Secure Socket Shell (SSH), Telnet, Local Port, or web browser with only one IP address Direct Port Access via TCP/IP address per port, or one IP address and TCP Port numbers Notification: Create notification messages by email alerts Collaborative Management and Training: Access ports simultaneously;
Chapter 1: Introduction Strong Security and User-Authentication SSHv2 Support Encryption Security: 128-bit SSL handshake protocol and RC4 encryption User Authentication Security: local database, remote authentication Supports RADIUS, TACACS+, LDAP, LDAP(S), Microsoft Active Directory®, and NTP Supports user-defined and installable security Certificates Reliable Connectivity Optional Modem Connectivity: For emergency remote access if the network has failed Target Device Connectivi
Chapter 2 Installation and Configuration In This Chapter Overview ..................................................................................................30 Factory Defaults ......................................................................................31 LED State ................................................................................................31 Power and Connect the SX .....................................................................32 Configure the SX ..............
Chapter 2: Installation and Configuration Factory Defaults The SX device is shipped from the factory with the following default settings built in: Setting Value IP address 192.168.0.192 Subnet mask 255.255.255.0 Gateway 192.168.0.
Chapter 2: Installation and Configuration Power and Connect the SX There are various SX models. The model shown here contains two power outlets, one LAN interface, and 32 server ports. Your model may differ, but this does not affect the following installation instructions. 1. After you have installed the SX at the rack, connect the power cord(s) between the power connector on the SX and an external power source(s).
Chapter 2: Installation and Configuration Configure the SX You can configure the SX using a web browser or a command line interface (CLI). Configuring the SX Using a Browser To configure the SX using a web browser: 1. Connect a computer to the LAN interface on the SX using a crossover Ethernet cable. If your SX has two LAN interfaces, use LAN1. 2. Open a browser and enter this URL: http://192.168.0.192 3. When the Login window appears, enter the default username admin and password raritan.
Chapter 2: Installation and Configuration a. Click the checkbox next to a port with a target device connected to it. If more than one target device will have the exact same settings, you can select multiple ports. b. Click Edit to display the settings for the port(s) and enter the information. See the user guide for details. c. When finished, click OK and repeat for any other ports. Configuring SX Using the Command Line Interface To configure the SX using the CLI: 1.
Chapter 2: Installation and Configuration 12. At the admin > prompt, enter config and at the next prompt enter time. 13. At the admin > config > time > prompt, set the date and time on the SX. a. Enter timezonelist and find the number code that corresponds to your time zone. b. Enter clock tz datetime <"time string"> where is the time zone code and <”time string”> is the current date and time in “YYYY-MM-DD HH:MM:SS" format (quotes included, use 24-hour time).
Chapter 3 Network Settings and Services In This Chapter Configuring the Basic Network Settings ..................................................37 Configuring the Network Service Settings ...............................................40 Configuring Modem Access.....................................................................43 Configuring IP Forwarding and Static Routes .........................................
Chapter 3: Network Settings and Services Configuring the Basic Network Settings Network basic settings include: Enabling/disabling Ethernet failover, and enabling/disabling LAN Interface 1 and 2 - see Configure the Network Settings of SX (on page 38) Specifying the SX unit name - see Name the SX (on page 39) Configuring the discovery ports - see Change the Discovery Ports (on page 40) 37
Chapter 3: Network Settings and Services Configure the Network Settings of SX SX dual LAN models can be configured for failover or for dual LAN mode. When configured for failover, the IP address you enter is shared between Ethernet ports. When configured for dual LAN mode, different IP addresses are assigned to each Ethernet port and failover is not supported. If you apply dual LAN mode and you use Command Center Secure Gateway to interact with SX, CC-SG must be assigned one of the IP addresses.
Chapter 3: Network Settings and Services e. Type the IP address of the gateway router in the Gateway IP Address field. f. Select the speed from the drop-down menu in the Mode field. Your choices are Auto (default) or 100 Mbps. 5. Type your domain name in the Domain field. 6. Click OK. Name the SX To give the SX a name to help identify it: 1. Choose Setup > Network. The Network Basic Settings and Ports page opens. 2. Type a name in the Unit Name field. 3. Click OK.
Chapter 3: Network Settings and Services Change the Discovery Ports To change the discovery ports: 1. Choose Setup > Network. The Network Basic Settings and Ports page opens. The SX has two discovery ports: TCP 5000 Common Socket Connection (CSC) discovery UDP 5000 Command Center (CC) discovery 2. If either of these ports is used by another application, change the discovery port number in the SX in the appropriate field and click OK.
Chapter 3: Network Settings and Services Service Default Setting Windows Vista® operating system. Available authorization methods are: Both certificate and password Password Certificate 22 is the default Telnet port. Local Port Access Enabled. The baud rate is set to 9600 bps, but this can be changed. Direct Port Access Set to Normal by default, but this can be Mode changed to lP or TCP port.
Chapter 3: Network Settings and Services 42
Chapter 3: Network Settings and Services Change Network Service Settings To change network service settings: 1. Choose Setup > Services. The Network Service Settings page opens. 2. Make any necessary changes to the appropriate fields. 3. Fixed TCP Window is checked by default, enabling SSH connection to work under the Windows Vista® operating system. Note: Some operating systems may require TCP window scaling for successful SSH connections, in which case the ‘Fixed TCP Window’ option needs to be disabled.
Chapter 3: Network Settings and Services a. Select All to allow modem access to all modems. Looks for a PPP signal and falls back to allow console access if the PPP signal is not detected. In this mode, Modem Dial Back cannot be enabled. b. Select PPP Only to allow only PPP connections. Allows GUI, SSH and Telnet access (if enabled). c. Select Console Only to allow only console connections. Allows only CLI access through a terminal emulation programs such as Hypertreminal. 4.
Chapter 3: Network Settings and Services Add a New Static Route To add a new Static Route: 1. Choose Setup > Static Routes. The Static Routes page opens. 2. Go to the Static Routes List and click Add New Route. 3. For an SX with one LAN interface, LAN appears automatically in the Interface field. On an SX with two LAN interfaces, select the one you want from the drop-down menu in the Interface field. LAN1 = eth0 LAN2 = eth1 4.
Chapter 3: Network Settings and Services 5. Type the TCP maximum segment size (MSS) in bytes in the MSS field. 6. Type the TCP windows size for connections over this route in bytes in the Window field. 7. Type the initial round trip time (IRTT) for TCP connections over this route in milliseconds (1-12000) in the IRTT field. 8. Select your route type from the Flags drop-down menu. Host means this route is for a host machine. Net means this route is for a subnet. 9. Click OK.
Chapter 4 User Profiles and Groups In This Chapter Managing User Profiles ...........................................................................47 Managing User Groups ...........................................................................51 Managing User Profiles User profiles serve two purposes: To provide users with a username and password to log into the SX. To associate the user with a user group. The user group determines which system functions and ports the user can access.
Chapter 4: User Profiles and Groups User group 3. The User List page also indicates whether the user profile is active or inactive. Create a User Profile To create a new user profile: 1. Choose User Management > User List. The User List page opens (as shown in Display a List of User Profiles (on page 47)). 2. Click Add New User. The New User page opens. 3. Type a login name in the Username field. This is the name the user enters to log into the SX. This field is required.
Chapter 4: User Profiles and Groups 4. Type the user's full name in the Full Name field. This field is required. 5. Type the user's telephone number in the Dialback field. This field is optional. 6. Type any comments about the user profile in the Information field. This field is to help you identify the profile and is optional. 7. Type the password in the Password field, and then type it again in the Confirm Password field. This field is required.
Chapter 4: User Profiles and Groups 6. When you SSH with this user, the key data should be used for authentication and you should not have to enter a password. To delete an SSH key: 1. Click on the Delete SSH Key radio button. 2. In the SSH Key Index, enter the SSH key's index. 3. Click Apply. Modify a User Profile To modify an existing user profile: 1. Choose User Management > User List. The User List page opens (as shown in Display a List of User Profiles (on page 47)). 2.
Chapter 4: User Profiles and Groups 4. For security reasons, the password is not displayed. To change the profile's password, type a new password in the Password and Confirm Password fields. If you leave these fields as is, the password is unchanged. Passwords are case sensitive and can contain up to 64 alphanumeric characters with the exception of " ' < > \ & 5. Click OK when finished. The user profile is modified. Delete a User Profile To delete an existing user profile: 1.
Chapter 4: User Profiles and Groups The Group List page shows every user group created to date, and for each one gives the group's name and class. Create a User Group To create a new user group: 1. Choose User Management > User Group List. The Group List page opens (as shown in Display a List of User Groups (on page 51)).
Chapter 4: User Profiles and Groups 2. Click Add New User Group. The New Group page opens.
Chapter 4: User Profiles and Groups 54
Chapter 4: User Profiles and Groups 3. Type a group name in the Group Name field. You can enter any number of characters up to a maximum of 255. You can enter all letters and numbers, as well as the underscore character (_). The user name is case sensitive. 4. Select the class from the drop-down menu in the Class field. Your choices are: Operator - This is the default.
Chapter 4: User Profiles and Groups 6. Select the ports that the users associated with this group are permitted to access. You can select all ports or you can select any combination of individual ports. 7. Select the ports for which users associated with the group are allowed to access the power commands. Only administrators can access the power strips via CLI directly. 8. Click OK. The user group is created and should appear in the User List page. Modify a User Group To modify an existing user group: 1.
Chapter 5 Remote Authentication In This Chapter Configuring RADIUS ................................................................................57 Configuring LDAP ....................................................................................58 Configuring TACACS+ ............................................................................59 Configuring RADIUS You can use Remote Dial-In User Service (RADIUS) to authenticate SX users instead of local authentication. To configure RADIUS: 1.
Chapter 5: Remote Authentication 5. Click OK. RADIUS authentication is enabled. Configuring LDAP You can use the Lightweight Directory Access Protocol (LDAP) to authenticate SX users instead of local authentication. To configure LDAP: 1. Choose Setup > Remote Authentication. The Remote Authentication page opens, displaying an LDAP panel. 2. In the LDAP panel, click the LDAP button to enable LDAP authentication. 3.
Chapter 5: Remote Authentication 7. Type the domain name where the search starts in the Search field. The Search field is the sub-tree of the Base DN to direct the search to the path of the user information such as UID and speed up search time. In other words, it is the domain name. This is where the search starts for the user name. The user name is created in this domain (for example, Search: dc=raritan, dc=com) to process LDAP authentication queries from SX. 8.
Chapter 5: Remote Authentication 4. Type the root password to access the directory server/manager in the Secret field. The name for this field depends on the Directory Server. For example, Microsoft Windows Active Directory® refers to the field as Password, while the SUN iPlanet directory server refers to it as Secret. 5. If you have a backup TACACS+ server, enter the same information in the Secondary TACACS+ fields. 6. Click OK. TACACS+ authentication is enabled.
Chapter 6 Port Configuration and Port Access Application In This Chapter Port Keywords .........................................................................................62 Port Configuration ....................................................................................63 Direct Port Access ...................................................................................65 Direct Port Access via Username for SSH and Telnet ............................66 Direct Port Access via HTTP ..........
Chapter 6: Port Configuration and Port Access Application Port Keywords You can create port keywords and associate them with: Events Local/remote syslog messages SNMP traps Port keywords work as a filter. If a keyword is detected, a corresponding message is logged in a local/NFS port log. A corresponding event is sent via SMTP (if configured) and corresponding trap is sent via SNMP (if configured).
Chapter 6: Port Configuration and Port Access Application Port Configuration To configure one or more ports: 1. Choose Setup > Port Configuration. The Port Configuration page opens. 2. Select the port(s) you want to configure. You can select one port or several ports, providing that all selected port configurations are identical. To select specific ports, click the checkboxes to the left of the port numbers and then click Edit. To select all ports, click Select All. The Edit Port page opens. 3.
Chapter 6: Port Configuration and Port Access Application Select control from the drop-down menu in the Escape Mode field. Type the character in the Escape Character field. The default for the SX is ] (closed bracket). Note: See Configuring Ports (on page 177) for details on port configuration commands. 7. Select the terminal emulation type from the drop-down menu in the Emulation field. The choices are: VT100 VT220 VT320 ANSI 8.
Chapter 6: Port Configuration and Port Access Application Note: Anonymous access should be enabled for DPA to succeed. 13. Select from the Multiple Writers drop-down if you want multiple clients to be able to write to the port at the same time. The default behavior is that only one user may have write access to the port at a single time. 14. Click OK. Direct Port Access To configure direct port access: 1. Choose Setup > Services. The Network Service Settings page opens. 2.
Chapter 6: Port Configuration and Port Access Application Direct Port Access via Username for SSH and Telnet You are able to configure direct port access for SSH and Telnet based on username. To enable direct port access via username for SSH and Telnet: 1. Choose Setup > Services. The Network Service Settings page opens. 2. Select the "Allow DPA via the username for SSH/Telnet" checkbox. 3. Click OK to save this information. The page displays the following message: "Reboot for the changes to take effect.
Chapter 6: Port Configuration and Port Access Application Anonymous Port Access Anonymous port access allows users to access DPA configured ports without entering a password. To enable the feature: 1. Choose Security > Login Settings. The Login Settings page opens (as shown in Login Settings (on page 97)). 2. Make sure the Anonymous Port Access checkbox at the bottom of the page is selected. 3. Click the User Management tab, and the click User Group List.
Chapter 6: Port Configuration and Port Access Application Note: A Security message appears only if you use HTTPS to connect to the RSC. 3. Click Yes. A Warning - Security pop up appears. 4. Click Yes to access the Raritan Serial Client from the Port page. Note: If you click Always, security pop up is displayed when the SX is accessed in the future. The Raritan Serial Console window appears. See Raritan Serial Client Interface (see "Raritan Serial Console Interface" on page 71).
Chapter 6: Port Configuration and Port Access Application Java Applets and Memory Considerations Usually, a browse- based RSC does not need to make any changes to the Runtime parameters for Java™ Applets. Following these steps if you notice any "Out of Memory" errors happening when executing RSC via a web browser: Change the Runtime settings for Java Applets. Use the following links to find out how to use Runtime settings in the Java Control Panel. http://java.sun.com/j2se/1.5.
Chapter 6: Port Configuration and Port Access Application Values - Syntax Description -Xmn in bytes Sets the initial 640K Java heap size for the Eden generation The -server flag increases the default size to 2M. Sets the 64M maximum size to which the Java heap can grow The -server flag increases the default size to 128M. -Xmx in bytes Default/Comments Append the letter “m” or “M” to indicate megabytes and “k” or “K” to indicate kilobytes.
Chapter 6: Port Configuration and Port Access Application Raritan Serial Console Interface Important: The Raritan Serial Console page usually opens in a separate window behind the Port page. With some versions of Java™ on the Windows® operating system, the page opens in front of the Port page.
Chapter 6: Port Configuration and Port Access Application Emulator 1. Click the Emulator drop-down menu to display a list of topics.
Chapter 6: Port Configuration and Port Access Application IMPORTANT: RSC sessions are affected by the Idle Timeout, which is set, by default, to 10 minutes for security purposes. If you have not changed the Idle Timeout setting from the default, your RSC session could be closed automatically if your RSC configuration time exceeds the Idle Timeout period. See Security (on page 96) for details on changing the Idle Timeout setting. 1. Change the default Idle Timeout setting and then launch the RSC.
Chapter 6: Port Configuration and Port Access Application Settings Note: An Administrator can set Terminal emulation settings using Setup > Port Configuration. 1. Choose Emulator > Settings. The Settings screen displays the General tab with the default settings. 2. The Main Menu Shortcut default is None; accept this, or choose one of the following from the Main Menu Shortcut drop-down menu: F10 Alt 3.
Chapter 6: Port Configuration and Port Access Application 5. The Backspace Sends default is ASCII DEL, or you can choose Control-H from the Backspace Sends drop-down menu. 6. The History Buffer Size default is 200, or you can use the arrows to change the buffer size. 7. The Cursor type default is Block Cursor, or you can select the Line Cursor radio button. 8. Click OK. Display Settings 1. Choose Emulator > Settings and click the Display tab. 2.
Chapter 6: Port Configuration and Port Access Application b. The Antialiase Font checkbox is selected by default, or you can deselect the checkbox. c. To change the font size, select the Lock Font Size checkbox and then use the arrows to choose a font size in the Font size field. d. Click the GUI Font Properties tab e. The default font property is Moonscape, or you can choose a font from the GUI Font Properties scrolling list.
Chapter 6: Port Configuration and Port Access Application US-ASCII ISO-8859-1 ISO-8859-15 5. Choose one of the following from the Language drop-down menu: English Japanese Korean Chinese 6. Click Ok to close the Display Settings window. If you changed the Language setting, the RSC changes to that language when the Display Settings window is closed.
Chapter 6: Port Configuration and Port Access Application Get Write Access Only Administrators and Operators can get write access. The user with Write Access can send commands to the target device. Write Access can be transferred among users working in the Raritan Serial Console via the Get Write Access command. To enable Write Access, choose Emulator > Click Get Write Access. You now have Write Access to the target device.
Chapter 6: Port Configuration and Port Access Application Connected Users The Connected Users command allows you to view a list of other users who are currently connected on the same port. 1. Choose Emulator > Connected Users. 2. A check mark appears in the Write Access column after the name of the User who has Write Access to the console. 3. Click Close to close the Connected Users window. Exit 1. Choose Emulator > Exit to close the Raritan Serial Console. The Exit Confirmation dialog appears. 2.
Chapter 6: Port Configuration and Port Access Application Edit Use the Copy, Paste, and Select All text commands to relocate and/or re-use important text. To copy and paste all text: 1. Choose Edit > Select All. 2. Choose Edit > Copy. 3. Position the cursor at the location where you want to paste the text. 4. Click once to make that location active. 5. Choose Edit > Paste.
Chapter 6: Port Configuration and Port Access Application Note: The copy-paste limit of text in Raritan Serial Console is 9999 lines. Keyboard shortcuts to highlight, copy, and paste all or partial lines of text: Click and drag your mouse over the text you wish to copy. Use Ctrl+C to copy text. Position the cursor where you want to paste the text and click in that location to make it active. Use Ctrl+V to paste text. Tools Click the Tools drop-down menu to display a list of topics.
Chapter 6: Port Configuration and Port Access Application Start Logging The Start Logging function allows you to collect raw console data from the target device and save it to a file on your computer. When you start RSC, the Logging indicator on the status bar indicates whether logging is on or off. 1. Choose Tools > Start Logging. 2. Choose an existing file or provide a new file name in the Save RSC Log dialog. When an existing file is selected for logging, data gets appended to the contents.
Chapter 6: Port Configuration and Port Access Application Stop Logging Choose Tools > Stop Logging. The logging stops. Send Keystroke 1. Choose Tools > Send Keystroke. A Send Keystroke dialog appears: 2. Enter the keystroke combinations that you want and select a Key Code name from the drop-down menu. 3. Send the keystroke combinations. Send Text File 1. Choose Tools > Send Text File. A Send Text File screen appears. 2. Open the directory of the Text file. 3.
Chapter 6: Port Configuration and Port Access Application Toggle Power The Toggle Power function lets you power on or off the device that is connected to the associated outlet on a Power Distribution Unit (PDU). For example, if a router is connected to one of the outlets on the PDU, you can toggle the router’s power on or off. You must configure the association of outlets to the target port of the device before you can use the Toggle Power feature.
Chapter 6: Port Configuration and Port Access Application Chat When using browser access over SSL, an interactive chat feature called Chat allows you and other users on the same port to communicate. The maximum length of a chat message is 300 characters. Note: When a chat is initiated, a chat window appears on the monitors of all SSL users logged on to the port. If a user is logged into a port multiple times, multiple chat messages do not appear to that user. To open chat: Choose Chat > Chat.
Chapter 6: Port Configuration and Port Access Application Help Help Topics include online assistance for operating the Raritan Serial Console and release information about Raritan Serial Console. Help Topics To access help topics: Choose Help > Help Topics. A list of help topics are displayed. About Raritan Serial Console The About Raritan Serial Console dialog displays the copyright and version information (name and revision number) of the console terminal emulation software.
Chapter 6: Port Configuration and Port Access Application Standalone Raritan Serial Client Requirements The following requirements must be met to support the Raritan Serial Console: The RSC functions with JRE™ version 1.4.2_05 or later (except for JRE version 1.5.0_02) . However, for optimum performance, Raritan recommends using JRE 1.5.0 (except version 1.5.0_02). Your system may require configuration adjustments depending on the operating system and browser.
Chapter 6: Port Configuration and Port Access Application 2. Click the Advanced tab and then click Environment Variables. 3. In the System variables section, click New. 4. In the New System Variable dialog, add JAVA_HOME to the Variable name block and the path you wrote down earlier in the Variable value block. 5. Click OK. 6. Select the PATH variable and click Edit. 7. Add %JAVA_HOME%\bin to the end of the current Variable value.
Chapter 6: Port Configuration and Port Access Application 8. Click OK. 9. Select the CLASSPATH variable and click Edit. 10. Ensure the CLASSPATH Variable value is configured properly; that is, its value must have a period (.) in it. If, for any reason, there is no CLASSPATH variable defined, create one.
Chapter 6: Port Configuration and Port Access Application Setting Linux OS Variables To set Java™ for a specific user, open and edit the .profile file located in the /home/Username folder. To set Java for all users, open the .profile file in your /etc folder: 1. Find the line where you set your path: export PATH=$PATH:/home/username/somefolder 2. Before that line you must set your JAVA_HOME and then modify your PATH to include it by adding the following lines: export JAVA_HOME=/home/username/j2sdk1.
Chapter 6: Port Configuration and Port Access Application Installing Standalone RSC for Windows You must have administrative privileges to install RSC. 1. Log in to a Windows® machine. 2. Download, or copy from a known location, the RSC-installer.jar installation file. 3. Double-click on the executable file to start the installer program. The splash page opens. 4. Click Next. The installation path page opens. 5. Change the path, if desired. 6. Click Next. The installation progress page opens.
Chapter 6: Port Configuration and Port Access Application 7. Click Next. The Windows shortcut page opens. 8. Select the Program Group for the Shortcut. 9. Click Next. The installation finished page opens. 10. Click Done.
Chapter 6: Port Configuration and Port Access Application Launching RSC on Windows Systems 1. Double-click the shortcut or use Start Programs to launch the standalone RSC. The Raritan Serial Console Login connection properties dialog appears. 2. Enter the Dominion SX IP address, account information, and the desired target (port).
Chapter 6: Port Configuration and Port Access Application 3. Click Start. The RSC opens with a connection to the port. Note: In case of unrecognized characters or blurry screens in RSC window due to localization support, try changing the font to Courier New. Choose Emulator > Settings > Display, and select Courier New for Terminal Font Properties or GUI Font Properties. Installing RSC for Sun Solaris and Linux You must have administrative privileges to install RSC. 1. Log in to your Sun Solaris™ machine.
Chapter 6: Port Configuration and Port Access Application d. Click Next again. The installation is complete. The final page indicates where you can find an uninstaller program and provides the option to generate an automatic installation script. 6. Click Done to close the Installation dialog. Launching RSC on Sun Solaris 1. Open a terminal window and change to the directory where you installed the RSC. 2. Type ./start.sh and press the Enter key to launch RSC. 3.
Chapter 7 Security In This Chapter Security Settings ......................................................................................96 Login Settings ..........................................................................................97 Configure Kerberos .................................................................................99 Certificates .............................................................................................100 SSL Client Certificate ........................
Chapter 7: Security Login Settings Choose Security > Login Settings. This panel includes Local Authentication, Login Handling, and Strong Password Settings. Local Authentication 1. Go to the Local Authentication panel and select the Enable Local Authentication checkbox. 2.
Chapter 7: Security 3. Accept the system defaults or type your own. Login Handling 1. Go to the Login Handling panel and enter a value in the User Idle Timeout (minutes) field. This is the length of inactive time, after which the user is timed out. Default time is 10 (minutes). Note: If no port connections are established from CC-SG to SX within the configured time of User Idle Timeout, service sessions from both devices are disconnected. 2.
Chapter 7: Security Configure Kerberos 1. Click Enable Kerberos. 2. Type the name of the file you want for your Hosts File in the Hosts File field or click on the Browse drop-down menu and select your file. 3. Type the name of the file you want for your Kerberos Configuration File in the Kerberos Configuration File field or click on the Browse drop-down menu and select your file. 4.
Chapter 7: Security Certificates The Certificate feature allows you to generate a Certificate Signing Request (CSR), install a user key on the SX, and install a user certificate on the SX. If you are using Firefox®, you must install a Java® client authentication certificate. To do this, open the Java Control Panel and select Security > Certificates. Select Client Authentication from the certificate types and import the .p12 certificate.
Chapter 7: Security Generate a Certificate Signing Request To generate a Certificate Signing Request (CSR): 1. Choose Security > Certificate. The Certificate page opens. 2. Click the Generate a Certificate Signing Request radio button. 3. Click on the drop-down menu in the Bits field. Keep the 1024 default or change it to 512. 4.
Chapter 7: Security 5. To view the default certificate or the CSR, click the appropriate radio buttons. 6. Click OK. The CSR is generated. Install a User Key To install a user key on the SX: 1. Choose Security > Certificate. The Certificate page opens. 2. Select the Install User Key radio button. 3. Type the following in the corresponding fields: IP address of the host with the key Login on host Password on host Remote Path containing the key Remote File containing the key 4. Click OK.
Chapter 7: Security Install a User Certificate To install a user certificate on the SX: 1. Choose Security > Certificate. The Certificate page opens. 1. Select the Install User Certificate radio button. 2. Type the following information in the corresponding fields: The IP address of the host with the certificate Login on the host Password on the host Remote Path containing the certificate Remote File containing the certificate 3. Click OK.
Chapter 7: Security SSL Client Certificate SSL Security certificates are used in browser access to ensure that the device to which you are attached is the device that is authorized to be connected. See Appendix C: Certificates (see "Certificates" on page 267) for details on SSL Certificates. This section describes only how to configure the certificates, but you can find additional SSL Certificate information at: http://www.microsoft.com/technet/prodtechnol/ie/reskit/6/part2/c06i e6rk.
Chapter 7: Security Enable Client Certificate Authentication To enable Client Certificate Authentication: 1. Select the Enable SSL Client Certification checkbox. 2. Click OK to enable the Client Certificate authentication.
Chapter 7: Security Install a New Trusted Certificate Authority To install a new trusted Certificate Authority (CA) to the SX, the CA certificate must be on an accessible FTP server. 1. Select the Install Certificate Authority checkbox. 2. Fill in the data needed to retrieve the certificate from the FTP server. 3. Click OK to retrieve and install the CA certificate to the SX. Remove a User-Added Certificate Authority To remove a user-added CA from the SX: 1.
Chapter 7: Security 3. Click OK to add the CRL. Delete a Certificate Revocation List from the SX To delete a CRL from the SX: 1. Select the Delete Certificate Revocation List checkbox. 2. In the CRL Name field, type the name of the CA to which this CRL belongs. 3. Click OK to delete the CRL. View a Certificate Revocation List To view a CRL: 1. Select the View Certificate Revocation List checkbox. 2. Click OK to retrieve the list of CRLs.
Chapter 7: Security Banner SX optionally supports a customizable welcome banner with a maximum 5000 words, 8 words per row, that appears after log in. The banner identifies where the user has logged into. SX also allows you to add a consent banner that forces the user to accept stated conditions prior to advancing into operation of the console server. Note: When you are logged in to the SX via GUI, a banner using a fixed width typeface and a common dimension like 80x25 appears.
Chapter 7: Security 4. Locate and select the file that contains the Restricted Service Banner message you want to display on the SX login dialog. 5. Click OK. Security Profiles The SX provides three security profiles for your use. The profiles simplify the task of assigning permissions to users and groups by defining basic permissions that automatically apply to all users.
Chapter 7: Security 4. Click OK. Edit the Custom Profile To edit the Custom profile: 1. Choose Security > Security Profiles. The Security Profiles page opens. 2. Click the Edit Custom Profile link. The Edit Custom Security Profile page opens. 3. Check one or more of the following checkboxes. Telnet Access Strong Password Required Single Login Per User Timeout Required TLS Required Redirect HTTP to HTTPS 4. Click OK.
Chapter 7: Security Enable the Firewall To enable the firewall: 1. Choose Security > Firewall. The Firewall page opens, displaying the existing IPTables rules. 2. Select the Enable Firewall checkbox. 3. Click OK. Note: When you enable IP forwarding for Dual LAN units, use IPTables rules to create policies for traffic being forwarded between LAN interfaces Add an IPTables Rule To add an IPTables rule: 1. Choose Security > Firewall. The Firewall page opens, displaying the default IPTables rules. 2.
Chapter 7: Security Note: Rules are added using the IPTables command to the kernel. These rules take effect immediately but persist permanently only after clicking the Save button. If there is a mistake in the rules and as a result, the unit becomes inaccessible, while the Save action allows you to recover from the mistake. Reboot the system. If you do not Save the rules, you lose them in the reboot.
Chapter 8 Logging In This Chapter Configuring Local Event Logging ..........................................................113 Configuring SMTP Logging ...................................................................117 Configuring NFS Logging ......................................................................120 Configuring SNMP Logging ...................................................................121 Configuring Local Event Logging To configure the local log settings, choose Setup > Log.
Chapter 8: Logging Enable System Logging This feature sends event log messages to a remote Syslog server. The messages from the SX unit are sent to the LOCAL0 channel of the Syslog server for more efficient parsing. To set this feature up: 1. Go to the System Logging panel and click the Enable System Logging checkbox. (To turn this feature off, clear this checkbox.) 2. Type the IP address of the remote Syslog server in the Primary IP Address field. 3.
Chapter 8: Logging Note: If no specific IPs are entered for the port data destination servers, port logs are sent to the Syslog server configured in the System Logging section. If the Syslog category is set to Local0, then system events and port logs are sent to all servers configured in the System Logging section and Port Syslog section. 3. Type the IP address of the remote Syslog server in the Primary IP Address field. 4.
Chapter 8: Logging 3. Type the maximum file size allowed in the Size field. Once this size is reached, a new file is created to store the port log data. If you enter a value of 0, the SX creates a new file. 4. Type the time interval (in seconds) between two timestamp messages in the log file in the Timestamp (Interval) field. If you enter a value of 0, this disables timestamps in the log file. The maximum value is 99999.
Chapter 8: Logging Configure Encryption To configure encryption: 1. Go to the Encryption panel and select the Encryption checkbox. To turn this feature off, deselect this checkbox. 2. Accept the default encryption key or type a new one in the NFS Encryption Key (RC4) field. 3. Click OK. Block Port Access On Failure This feature specifies NFS mount behavior. This feature appears as checked by default, and NFS behaves as a soft mount.
Chapter 8: Logging Enable SMTP Logging To enable SMTP logging: 1. Go to the SMTP Settings panel and select the Enable SMTP Server checkbox. 2. Type the IP address of the SMTP server in the SMTP Server IP Address field. 3. Type the username and password in the Username and Password fields. These are required to access the SMTP server. 4. Type your source address in the Source Address field. 5. Click OK.
Chapter 8: Logging Select a New SMTP Event To select a new SMTP event: 1. Go to the New SMTP Event panel and select a new event from the Event drop-down list. Available events include: event.amp.notice.port.connection event.amp.notice.user.logoff event.amp.notice.backup event.amp.notice.restore event.amp.notice.config.directaccesslockout event.amp.notice.reboot event.amp.notice.boot event.amp.notice.config.datacom event.amp.notice.config event.amp.notice.
Chapter 8: Logging 3. Click OK. Test SMTP Logging It is important that the SMTP server information be accurate so that the SX unit can send messages using that SMTP server. To verify that the information is correct and working: 1. Send a test email by selecting an event such as: event.amp.notice.port connection 2. Connect to a port and see if the message is received by the intended email target.
Chapter 8: Logging You must also enable port logging. For more information on port logging, see Enable Port Logging. Note: The NFS server must have the exported directory with write permission for the port logging to work. To configure NFS Logging: 1. Choose Setup > NFS. The NFS Settings page opens. 2. Select the Enable NFS checkbox to enable NFS logging. 3. Type the IP address of the NFS server in the Primary IP field, and then enter the path to the log file in the Primary Directory field. 4.
Chapter 8: Logging Enable SNMP Logging To enable SNMP logging: 1. Choose Setup > SNMP. The SNMP page opens. 2. Go to the SNMP Setting panel and select the Enable SNMP checkbox. 3. Select the SNMP Trap Version - either 1 or 2c. 4. Type an SNMP public community in the Public Community field. The default is Public. The public community determines which SNMP management stations receive SNMP alerts. 5. If needed, click View SNMP-MIB to view the MIB. 6. Click OK.
Chapter 8: Logging 2. Go to the SNMP Setting panel and select the Enable SNMP v3 checkbox. 3. If needed, click View SNMP-MIB to view the MIB. 4. Click OK. Create a New SNMP Destination SNMP destinations determine which SNMP management stations receive SNMP traps. To create a new SNMP destination: 1. Go the SNMP Destination panel and type the IP address of the new destination in the IP Address field. 2. By default, the new destination uses the standard SNMP port of 162.
Chapter 9 Maintenance In This Chapter Managing the Local Event Log ..............................................................124 Displaying a Configuration Report .........................................................126 Backing Up and Restoring the SX .........................................................126 Upgrading Firmware ..............................................................................128 Performing a Factory Reset on the SX ..................................................
Chapter 9: Maintenance Note: If the number of events in the log exceeds the size of one page, click the Next link that appears under “Event Log” at the top of the screen to display the next page. For each event, the log gives the date and time the event was logged and a brief description.
Chapter 9: Maintenance 2. Enter the IP address of the FTP server in the IP address field. 3. Enter a login name and password on the FTP server in the Login and Password fields. This is necessary to access the FTP server. 4. Enter the path to the location where the event log is stored in the Remote Path field. 5. Enter the name of the file to store the event log in the Remote File field. 6. Click Send.
Chapter 9: Maintenance Back Up the SX To back up the SX unit: 1. Choose Maintenance > Backup. The Backup page opens. 2. Type the IP address of the target FTP server where the backup is written in the IP Address field. 3. Type the login name of the account on the system where the backup is stored in the Login field. 4. Type the password of the account on the system where the backup is stored in the Password field. 5. Type the path to the backup file in the Remote Path field. 6.
Chapter 9: Maintenance Restore the SX Restoring the SX retrieves a copy of the SX configuration from the FTP server where it has been backed up and writes the file to the SX. To perform a restore operation: 1. Choose Maintenance > Restore. The Restore page opens. 2. Type the IP address of the source FTP server system from which the restore data is retrieved in the IP Address field. 3. Type the login name of the account on the system where the restore data is stored in the Login field. 4.
Chapter 9: Maintenance Display the Current Firmware Version To display the current version of firmware running on an SX unit, choose Maintenance > Firmware Version. The Firmware Version page opens, displaying the Firmware Version, RSC, Kernel, and PMON. Upgrade the Firmware During the upgrade, SX verifies there is enough space on the device to perform the upgrade. If there is not, the SX restarts and the upgrade does not take place.
Chapter 9: Maintenance Note: Many upgrades can be performed "anonymously" from the FTP server. To perform the upgrade: 1. Choose Maintenance > Firmware Upgrade. The Firmware Upgrade page opens. 2. Type the IP Address of the FTP server in the IP Address field. 3. Type your login name in the Login field. 4. Type your password in the Password field. 5. Type the path to the firmware file in the File Path field (for example, /home/downloads/firmware/UpgradePack_2.5.6_3.1.0.5.2/Pack1of1). 6. Click Upgrade.
Chapter 9: Maintenance Display a Firmware Upgrade History To display the firmware upgrade history for an SX unit, choose Maintenance > Firmware Upgrade History. The Firmware Upgrade History page opens, displaying the version of each past firmware upgrade and the date and time the upgrade was performed. Performing a Factory Reset on the SX Performing a factory Reset returns the SX unit to its default factory settings.
Chapter 10 Diagnostics In This Chapter Network Infrastructure Tools .................................................................132 Administrator Tools - Process Status ....................................................135 Network Infrastructure Tools Network infrastructure tools allow you to view the status of the active network interfaces and important network statistics. You can also perform ping and trace route operations. Status of Active Network Interfaces 1.
Chapter 10: Diagnostics Network Statistics 1. Choose Diagnostics > Network Statistics. The Network Statistics page opens. 2. By default, all statistics are shown. To show specific statistics, select an entry from the drop-down menu in the Options field.
Chapter 10: Diagnostics Interfaces Groups Statistics Program 3. Click Refresh to update the information. Ping Host 1. Choose Diagnostic > Ping Host. The Ping Host page opens. 2. Type the IP address of the host to be pinged in the IP Address field. 3. Click Ping. The page displays the results of the ping. Trace Route to Host 1. Choose Diagnostics > Trace Route to Host. The Trace Route to Host page opens. 2. Type the IP address of the host in the IP Address field. 3.
Chapter 10: Diagnostics Administrator Tools - Process Status 1. Choose Diagnostics > Process Status. The Process Status page opens. 2. Click Refresh to update the information.
Chapter 11 Command Line Interface In This Chapter Command Line Interface Overview .......................................................137 Accessing the SX Using CLI..................................................................137 SSH Connection to the SX ....................................................................138 Telnet Connection to the SX .................................................................139 Local Port Connection to the SX ...............................................
Chapter 11: Command Line Interface Command Line Interface Overview The SX Serial Console supports all serial devices, including: Servers, including Windows Server 2003® when using the Emergency Management Console (EMS-) Special Administration Console, or SAC with BIOS redirection in the server BIOS Routers Layer 2 switches Firewalls Power strips Other user equipment The SX allows an Administrator or User to access, control, and manage multiple serial devices.
Chapter 11: Command Line Interface SSH Connection to the SX Use any SSH client that supports SSHv2 to connect to the SX. You must enable SSH access from Network Service Settings page (See Change Network Service Settings (on page 43)). Note: For security reasons, SSH V1 connections are not supported by the SX. SSH Access from a Windows PC To open an SSH session from a Windows® PC: 1. Launch the SSH client software. 2. Enter the IP address of the SX server. For example, 192.168.0.192. 3.
Chapter 11: Command Line Interface The welcome message appears. You are now logged in as an Administrator. After reviewing Navigation of the CLI (on page 141), perform the initial configuration tasks. Telnet Connection to the SX Due to the lack of security, user name, password and all traffic is in clear-text on the wire. Telnet access is disabled by default. Enabling Telnet To use Telnet to access the SX, first access the SX from the CLI or a browser. CLI 1.
Chapter 11: Command Line Interface Note: By default, the telnet port is set to 23. You may change it by issuing the following command: Admin Port > Config > Services > telnet enable true port 2. Reboot the system. Browser (GUI) Enable Telnet access in the Setup > Services menu. Accessing the SX Unit Once Telnet access is enabled, use it to access the SX unit and set up the remaining parameters. Accessing Telnet from a Windows PC To open a Telnet session from a Windows® PC: 1.
Chapter 11: Command Line Interface Connection To make a local port connection: 1. Open a HyperTerminal application or equivalent. 2. Ensure the HyperTerminal is configured to communicate with the port that is connected to the SX unit. 3. Disable Flow control. 4. Press the Enter key and the following prompt appears: user name See Login (on page 138) for details.
Chapter 11: Command Line Interface CLI Syntax -Tips and Shortcuts Tips Commands are listed in alphabetical order. Commands are not case sensitive. Parameter names are single word without underscore. Commands without arguments default to show current settings for the command. Typing a question mark ( ? ) after a command produces help for that command. A pipe symbol ( | ) indicates a choice within an optional or required set of keywords or arguments.
Chapter 11: Command Line Interface Show Command The show command displays various configuration settings and is available at all levels.
Chapter 11: Command Line Interface PMON Version: 2.0.1 RSC Version: 1.0.0.1.16 Supporting software: OpenSSH_4.3p2, OpenSSL 0.9.7i 14 Oct 2005 HTTP Server version: Apache/2.2.0 HTTP Server built: Mar 29 2006 16:06:30 TELNET Linux NetKit 0.17 Note: SX security is not impacted if the version of Apache 2.2 installed on the remote host is older than 2.2.9. Initial Configuration SX units come from the factory with default factory settings.
Chapter 11: Command Line Interface Date and Time Configuration Note: It is important to set the date and time correctly to ensure that log entries and events contain the correct timestamp. Return to the top menu level by entering the top command. Use the following command to view the current date and time settings: Admin Port > Config > Time > clock The system displays the current settings.
Chapter 11: Command Line Interface CLI Prompts The Command Line Interface prompt indicates the current command level. The root portion of the prompt is the login name. For a direct admin serial port connection with a terminal emulation application, Admin Port is the root portion of a command.
Chapter 11: Command Line Interface Command Definition cleareventlog Clear Contents of the local log eventlogfile Local log configuration for logging of events eventsyslog Syslog configuration for logging of events nfsgetkey Get the NFS Encryption key used for encrypting port log nfssetkey Set the encryption key to be used for encrypting port log portlog Configure logging of port data portsyslog Portlog Syslog Server configuration sendeventlog Send local logfile to remote FTP server viewev
Chapter 11: Command Line Interface Command Definition fixedtcpwindow TCP Window Tuning Parameter http HTTP configuration https HTTPS configuration lpa Local Port configuration ssh SSH configuration telnet Telnet configuration snmp Switches to snmp menu add Add SNMP destination addv3 Add SNMP destination delete Delete SNMP destination deletev3 Delete SNMP v3 destination snmp SNMP Server configuration snmpv3 SNMP Server configuration time Switches to time menu clock Set/Get tim
Chapter 11: Command Line Interface Command Definition ifconfig Show detailed network configuration netstat Print network connections ping Ping a remote system ps report system process status traceroute Print the route to a remote system uptime Print system uptime information getconfig Retrieve remote configure script ipmi Switches to ipmi menu ipmidiscover discover all the IPMI enabled devices ipmitool send command to remote ipmi device listports List accessible ports logout Logout
Chapter 11: Command Line Interface Command Definition association View Currently configured associations cycle Power cycle specified ID off Power off specified ID on Power on specified ID outlet Edit Outlet information powerdelay Configure global Power Strip delays powergroup Switch to Power Group Menu powerstatus Get Power Strip status powerstrip Edit Power Strip information setpowerport Configure an SX Port to contain a Power Strip device unassociate Remove a power outlet associati
Chapter 11: Command Line Interface Command Definition generatecsr View Default System Cert generatedefaultcert Generate Default System SSL Certificate installusercert Install a User Certificate installuserkey Install a User Certificate Key viewcsr View The Certificate Signing Request viewdefaultcert View Default System Cert firewall Switches to firewall menu firewall Enable/Disable firewall iptables administration tool for IPv4 packet filtering and NAT iptables-save save IP Tables to m
Chapter 11: Command Line Interface Command Definition userlist List active user sessions Security Issues Elements to consider when addressing security for console servers: Encrypting the data traffic sent between the operator console and the SX unit. Providing authentication and authorization for users. Logging data relevant to the operation for later viewing and auditing purposes. In some cases, this data is required for compliance with governmental or company regulations.
Chapter 11: Command Line Interface Enabling Firewall Protection SX provides a firewall function to provide protection for the IP network and to control access between the internal router, LAN (or LAN1 and LAN2 if dual-LAN units) and the dial modem interfaces. Enabling Security Profiles SX provides the ability to define security profiles which simplify the assigning of permissions to users and groups. There are three types of profiles. Two are predefined: standard and secure.
Chapter 11: Command Line Interface Target Connections and the CLI The purpose of the SX is to let authorized users establish connections to various targeted devices using the connect command. Before connecting to a target, the terminal emulation and escape sequence must be configured. When a target is disconnected, the appropriate disconnect message appears. The SX also provides the ability to share ports among users.
Chapter 11: Command Line Interface Port Sharing Using CLI Access Client users can share ports with other authenticated and authorized users, regardless of whether they are Access Client users or SSH/Telnet users. Port sharing is used for training or for troubleshooting applications. Users are notified in real time if they have Write access or Read Only access at any point during the port-sharing session. Users can request Write permission to a port.
Chapter 11: Command Line Interface Note: When configuring the LDAP server, the query string format on the server should contain the name of a group configured on the SX. When configuring the Radius server, the Filter-ID format for the users on the server should have the following format “raritan:G{GroupOnSX}:D{DialbackNumber}“. When configuring the TACACS+ server, the user-group format for the user on the server should contain the name of a group configured on the SX.
Chapter 11: Command Line Interface LDAP Command Examples admin > Config > Authentication > ldap admin > Config > Authentication > ldap > ldaps admin > Config > Authentication > ldap > ldaps > viewcert 157
Chapter 11: Command Line Interface RADIUS Command The RADIUS menu provides access to commands used to configure access to a RADIUS server. Syntax primaryraduius <> RADIUS Command Example admin > Config > Authentication > radius > primaryradius Following is information using the Raritan-Vendor-Specific attribute, which is defined in the custom dictionary file. The dictionary file must be created at following location /usr/share/freeradius/ Dictionary File Configuration # -*- text -*# # dictionary.
Chapter 11: Command Line Interface TACACS+ Command The TACACS+ menu offers commands used to configure access to a TACACS+. Syntax primarytacacs <> TACACS+ Command Example admin > Config > Authentication > radius > primarytacacs Administering the SX Console Server Configuration Commands Note: CLI commands are the same for SSH, Telnet, and Local Port access sessions.
Chapter 11: Command Line Interface Command Description smtp Configure the SMTP server settings.
Chapter 11: Command Line Interface Eventlogfile Command The eventlogfile command controls and configures the logging of events to the local log. Syntax eventlogfile [enable ] [size value] [style ] eventlogfile Command Description enable Enable or disable the system event log logging. size value Maximum size of local log file (in bytes). If the event log file size exceeds the available flash memory on your SX model, the event is not saved.
Chapter 11: Command Line Interface Command Description primip ipaddress Primary FTP server address secip ipaddress Secondary FTP server address Eventsyslog Command Example admin > Config > Log > eventsyslog enable true primip 192.168.134.11 secip 192.168.245.11 portsyslog Command The portsyslog command controls system event logging.
Chapter 11: Command Line Interface nfsgetkey Command Description encryption (rc4 or aes128) nfsgetkey Command Example admin > Config > Log > nfsgetkey type aes128 nfssetkey Command The nfssetkey command sets the type of encryption and the key. Because NFS is insecure, it can be easily accessed and the data misused. With SX, you can encrypt the data stored on the NFS server. Consequently, if the data were to be accessed inappropriately, it would be of no use to anyone without the encryption key.
Chapter 11: Command Line Interface 164 portlog Command Description enable Enable/Disable logging of port data to remote NFS server. prefix name Prefix for log file name. size value Maximum Size (in bytes) for the log file. timestamp interval Time interval (in seconds) between two timestamps in the log file. A value of 0 will disable timestamp logging. The default value is 20. The max value is 99999.
Chapter 11: Command Line Interface Portlog Command Example portlog enable true prefix DomSX1size 1000000 timestamp 1 update 20 inputlog false indir /nfs_SX_DomIn outdir SX_Dom_Out encrypt true The following command displays the default portlog values: admin > Config > Log > portlog Portlog Settings : Enable : false File Prefix: domSX-NFS File Size : 65535 UpdateFrequency : 20 TimestampFrequency : 20 Input Log Enable : false Input Log Directory: input Output Log Directory: output Encrypted : false Block on
Chapter 11: Command Line Interface Sendeventlog Command The sendeventlog command sends the local logfile to a remote FTP server. Syntax sendeventlog [ip ipaddress] [login login] [password password] [path pathname] [file filename] sendeventlog Command Description ip ipaddress FTP server IP address login login FTP Server login name password password FTP Server password path pathname FTP server path, for example, /ftphome file filename Filename on FTP server to save log.
Chapter 11: Command Line Interface Configuring a Modem The Modem menu offers commands used to configure modem access. Callback (dialback) occurs when the originator of a call is immediately called back in a second call as a response to the first dial-in. Both Dial-in and Dialback must be enabled, and the dialback number for a user must be configured in the authentication service used on the unit (local, RADIUS, LDAP, or TACACS+).
Chapter 11: Command Line Interface Modem Menu Command Examples admin > Config > modem > dialin enable true serverip 10.0.13.211 clientip 10.0.13.212 accessmodes PPPOnly admin > Config > modem > dialback enable true admin > Config > Modem > show modem Modem Settings Dialin Enabled: false Access Mode: All Server Address: 10.0.13.211 Client Address: 10.0.13.212 Dialback with local user Before a modem connection can be established, the local user for dial-in authentication should be configured.
Chapter 11: Command Line Interface admin > Config > Authentication > RADIUS > primaryradius RADIUS Server Settings ---------------------------------------Primary Server Enabled - true IP Address - 10.0.0.188 Port - 1812 Secret - qaz1wsx On the Remote Radius Server, the user's configuration should contain the following line: Filter-Id = "raritan:G{}:D{}" Dialback with remote LDAP user (OpenLdap v.2 & v.
Chapter 11: Command Line Interface The Remote LDAP Server user's configuration should be: Dialback with remote TACACS user (Tacacs+ v.4.0.3a) Dial-in and Dialback should be enabled on the SX used for modem communication. Primary (or/and Secondary) TACACS Server Settings should be configured correctly and enabled on the SXs: Primary Server Enabled - true IP Address - 10.0.0.
Chapter 11: Command Line Interface Commands Description routeadd Add route to kernel routing table routedelete Delete route of kernel routing table Note: All operations that normally trigger a reboot or prompt the user for feedbacks are now added a new parameter named force. This force parameter prevents reboot, prompting or both from taking place until all configurations are completed.
Chapter 11: Command Line Interface interface Command Description administrator gw ipaddress Gateway IP Address obtained from the IP administrator. mode Set Ethernet Mode to auto detect or force 100Mbps full duplex (100fdx) force The force parameter is used so that sequences of commands can be inserted without need for user interaction.
Chapter 11: Command Line Interface Name Command The name command is used to configure the unit and host name. Syntax name [unitname name] [domain name] [force ] name Command Example The following command sets the unit name: Admin Port > Config > Network > name unitname domain force trues Ports Command The ports command is used to configure the network ports.
Chapter 11: Command Line Interface Routeadd Command The routeadd command is used to add a route to the kernel routing table.
Chapter 11: Command Line Interface Getconfig Command The getconfig command retrieves the script from an FTP server. This command appears only in the administrator's help menu. You can write a script using the same sequence and commands used in a normal CLI session, also known as a recorded session. The script can be used to set up commonalities among multiple SX units, including remote authentication servers, users, and security settings.
Chapter 11: Command Line Interface nfs Command Description enable Enable or disable NFS logging. primaryip primaryip IP address of the primary NFS server. secondaryip secondaryip IP address of the secondary NFS server. primarydir primarydir Primary Server mount directory secondarydir secondarydir Secondary Server mount directory nfs Command Example The following command displays the current NFS settings: admin > Config > NFS > nfs NFS Settings : Enable : 0 Primary IP : 0.0.0.
Chapter 11: Command Line Interface Configuring Ports Ports Configuration Menu Target serial ports are configured from the CLI using the ports menu. In addition to the description of the physical nature of the ports, other services may also be defined, including: The escape sequence used to disconnect from the port to access the emulator to send breaks or control multi user functions such as Ctrl + a. The exit string sent to the target when an idle timeout occurs.
Chapter 11: Command Line Interface ports config Command Description sw =X on/X off) 178 detect Enable/Disable detection of port connection escapemode Use Ctrl-key (escapemode=control) or single key (escapemode=none) as escape sequence; for example, Ctrl-] => escapemode=control, escapechar=] escapechar char Escape character emulation type Target Emulation type: VT100|VT220|VT320|ANSI sendbreak duration Duration of the sendbreak signal.
Chapter 11: Command Line Interface ports config Command Example admin > ports >config port 1 name ld1 bps 115200 parity odd flowcontrol hw detect true escapemode none emulation VT100 The following command displays the current settings for port 1: admin > Config > Port > config port 1 Port number 1: Name: Port1 BPS: 9600 Parity: 0 Flow control: 0 RSC Terminal Emulation: VT100 Disconnect: Disabled Application: RaritanConsole Exit String: Escape: Control-] DPA: IP: 0.0.0.
Chapter 11: Command Line Interface Authentication successful. Port 1: Configuration Saved. After entering the password, you have direct access to port 1, using the newly assigned IP specifically for port 1. The following example configures DPA port settings for a group of ports (make sure a free range of IPs are available for dpa IP mode usage): admin > Config > Port > config port 1-32 dpaip 10.0.13.200 or admin > Config > Port > config port * dpaip 10.0.13.
Chapter 11: Command Line Interface or admin > Config > Port > config port * ssh 7000 telnet 8000 In both cases above, port 1 will have ssh port 7000 and telnet port 8000 assigned for direct port access, port 2 will have ssh port 7001 and telnet port 8001, and so on.
Chapter 11: Command Line Interface Ports Keyworddelete Command The keyworddelete command removes an existing keyword.
Chapter 11: Command Line Interface dpa Command The permitted TCP Port Range is 1024-64510. When run without the mode parameter, the system displays the current dpa type.
Chapter 11: Command Line Interface Note: There is currently no way to set the unit back to the default DPA IP of 0.0.0.0. dpa Command Example The following example chooses the DPA IP mode IP: admin > Config > Services > dpa mode IP Note: When any changes are made over DPA mode and ports DPA configuration, the SX needs to be rebooted to apply new settings. DPA changes will not be available until after the SX is rebooted. After a successful DPA connection, try the following: ssh -l sx_user 10.0.13.
Chapter 11: Command Line Interface Enable: 1 Group Settings: Name: Anonymous Class: Operator Ports: To configure Anonymous group settings choose config > user and execute the following command: admin > Config > User > editgroup name Anonymous class op ports 1,2,3,4,5 Editing group... Group Anonymous: Configuration Saved The 'Anonymous' group is successfully configured. DPA Anonymous access The DPA is already configured (see the DPA configuration settings section). DPA Mode is IP, IP 10.0.13.
Chapter 11: Command Line Interface If option suppress is "none", authentication credentials are shown (username: password:). configuration > ports > config port 1 suppress none ssh -l anonymous 10.0.13.240 Password: Authentication successful. Starting DPA for port 1 Authentication successful. Escape Sequence is: Control-] You are now master for the port. Encryption Command The encryption command sets the type of encryption for HTTPS. Note: The factory default value of this protocol is SSL.
Chapter 11: Command Line Interface http Command Description enable Enable/Disable HTTP access port value HTTP server default listen port (tcp) redirect Enable/Disable redirection from HTTP to HTTPS http Command Example The example below enables http access and redirection to https and sets the default port to 2. admin > Config > Services > http enable true port 2 redirect true HTTPS Command The https command is used to control https access and define the port.
Chapter 11: Command Line Interface LPA Command The lpa command is used to display and set local port access configuration. SX units have one or two local ports, depending on the model. See Appendix A (see "SX Serial RJ-45 Pinouts" on page 258) for pinouts on DB9-M and RJ45-F ports. Syntax lpa [enable ] [bps value] lpa Command Description none The lpa command with no parameters specified displays the current LPA configuration.
Chapter 11: Command Line Interface Telnet Command Syntax telnet [enable ] [port value] telnet Command Description enable Enable or disable Telnet access. port value Telnet server tcp listen port telnet Command Example The command below enables telnet access on port 23. admin > Config > Services > telnet enable true port 23 fixedtcpwindow Command The fixed TCP Window is enabled by default. The Fixed TCP window command is used to disable automatic TCP window scaling.
Chapter 11: Command Line Interface SMNP Add Command The add command adds trap recipients. A recipient is an IP address with an optional space- separated port number. Traps may be sent to multiple ports with the same IP address. Syntax add [dest ipaddress] [port value] add Command Description dest ipaddress SNMP destination IP address port value SNMP destination port SNMP add Command Example admin > Config > SNMP > add dest 72.236.162.
Chapter 11: Command Line Interface public community-string Community string snmp Command Example admin > Config > SNMP > snmp enable true public XyZZy1 Configuring Time Time-related configuration mode commands: clock ntp timezonelist Clock Command The clock command allows you to set the time and date for the server. Syntax clock [tz timezone] [datetime datetime-string] clock Command Description tz timezone The timezone index is a number corresponding to the desired time zone.
Chapter 11: Command Line Interface ntp Command Description enable Enable or disable the use of NTP. primip primip The primary NTP server to use first. secip secip The NTP server to use if the primary is not available. ntp Command Example The following command enables NTP. admin > Config > Time > ntp enable true primip 132.163.4.101 Timezonelist Command The timezonelist command returns a list of timezones and associated index values. The index values are then used as part of the clock command.
Chapter 11: Command Line Interface addgroup Command Description name groupname Group name class Group user class erator or server ports Port(s) assigned to the group. Single port or range of ports (1-n or 1,3,4 or * for all ports) power Power strip assigned to the group. Single power strip or range of power strips.
Chapter 11: Command Line Interface Deletegroup Command The deletegroup command deletes an existing group. Syntax deletegroup [name groupname] deletegroup Command Description name groupname Group name deletegroup Command Example admin > Config > User > deletegroup name unixgroup Deleteuser Command The deleteuser command is used to remove a specified user.
Chapter 11: Command Line Interface editgroup Command Description assigned to the group. sharing Indicate whether port access is shared while the port is being utilized. editgroup Command Example admin > Config > User > editgroup name unixgroup class op ports 1,4 power 1,4 Edituser Command The edituser command is used to manage information about a specified user.
Chapter 11: Command Line Interface Users Command The users command shows the details of existing users. Syntax users users Command Example admin > Config > User > users Connect Commands The connect commands allow you to access ports and their histories. Command Description connect Connect to a port. The port submenu, reached using escape key sequence. clearhistory Clear history buffer for this port. close, quit, q Close this target connection.
Chapter 11: Command Line Interface Command Description associate Associate a Power Strip outlet to a SX Port. association View Currently configured associations. cycle Power cycle specified ID. Note: If you are connecting a PX to the SX, it is recommended you set the power cycle time to 5 seconds. off Power off specified ID. on Power on specified ID. outlet Edit outlet information. powerdelay Configure global Power Strip delays. powergroup Switch to Power Group Menu.
Chapter 11: Command Line Interface IPMI Commands IPMIDiscover and IPMITool commands allow you to work with IPMIsupported devices. IPMIDISCOVER The ipmidiscover tool is user to discover Intelligent Platform Management Interface (IPMI) servers in the network. The IP address range can be set using startIP and endIP. Only users belonging to the Administrator group are able to configure the support of IPMI. The supported IPMI version 2.0.
Chapter 11: Command Line Interface IPMITOOL This command lets you manage the IPMI functions of a remote system, including printing FRU information, LAN configuration, sensor readings, and remote chassis power control. The ipmitool command controls IPMIenabled devices. The user name to access the IPMI device is ADMIN, password ADMIN.
Chapter 11: Command Line Interface ipmitool Command Description [-o ] Select OEM type to support. This usually involves minor hacks in place in the code to work around quirks in various BMCs from various manufacturers. Use -o list to see a list of current supported OEM types. [-C ] The remote server authentication, integrity, and encryption algorithms to use for IPMIv2 lanplus connections. See table 22-19 in the IPMIv2 specification.
Chapter 11: Command Line Interface ipmitool Command Description firewall - Configure firmware firewall (IPMIv2.0) sunoem - OEM Commands for Sun servers picmg - Run a PICMG/ATCA extended cmd fwum - Update IPMC using Kontron OEM Firmware Update Manager shell - Launch interactive IPMI shell exec - Run list of commands from file set - Set runtime variable for shell and exec ipmitool Command Example The following command allows the user to get the chassis status and set the power state.
Chapter 11: Command Line Interface Command Description listports List accessible ports. admin > listports column Port no. Port name 1 Port1 [U] 2 Port2 [U] 3 Port3 [U] 4 Port4 [U] Can be 1,2,3. Indicates the number of columns to display the port list in. Port names up to 23 characters are displayed when two columns are needed to display the available ports.
Chapter 11: Command Line Interface Maintenance Commands The maintenance commands allow you to perform maintenance-related tasks on the SX firmware: backup cleareventlog factoryreset firmware logoff reboot restore sendeventlog upgrade upgradehistory upgradestatus userlist vieweventlog Note: All operations that normally trigger a reboot or prompt the user for feedbacks are now added a new parameter named force.
Chapter 11: Command Line Interface backup is written. Username of the account on the system where the backup is stored. Password of the account on the system where the backup is stored. [path pathname] Specifies the path to the backup file. [file filename] Specifies the name of the file in which the backup is saved. backup Command Example In this example, the console server data is sent to a system at the IP address 192.168.51.220.
Chapter 11: Command Line Interface Syntax factoryreset factoryreset Command Example admin > Maintenance > factoryreset Network Settings: Name: DominionSX Domain : raritan.com CSC Port: 5000 Discover Port: 5000 DHCP Client: true IP: 192.168.0.192 Net Mask : 255.255.255.0 Gateway : 192.168.0.192 Failover : true Do you wish to commit these settings (no/yes) (default: no) Firmware Command The firmware command provides the versions of the firmware.
Chapter 11: Command Line Interface Reboot Command The reboot command restarts the SX console server. This command is only available to users with administrative privileges. All user sessions are terminated without warning, and no confirmation is required. It is highly recommended that you ask all users to log off before you reboot the unit. The userlist command can be used to display a list of connected users and sessions.
Chapter 11: Command Line Interface restore Command Example In this example, the console server data is being retrieved from a system at IP address 192.168.51.220. The guest account and password are used. The data is pulled from the top level of the guest account in a file named backupfile. admin > system > restore ip 192.168.51.220 login guest password guestpassword path /home/bac file backupfile1 Sendeventlog Command The sendeventlog command sends the local logfile to a remote FTP server.
Chapter 11: Command Line Interface Upgrade Command Note: To perform an upgrade, there must be a configured remote ftp server. The upgrade command upgrades one version of the system to another version, for example v2.5 to v3.0. During the upgrade, SX verifies there is enough space on the device to perform the upgrade. If there is not, the SX restarts and the upgrade does not take place. If the upgrade fails due to lack of space, clear the local logs on the device and try upgrading again.
Chapter 11: Command Line Interface Userlist Command The userlist command displays a list of all users who are logged in, their source IP Addresses and any ports to which they are connected. Syntax userlist Vieweventlog Command The vieweventlog command displays the local log file. Syntax Vieweventfile vieweventlog Command Example admin > Config > Log > vieweventlog Security Commands SX controls the ability to hack into the system by using random logins.
Chapter 11: Command Line Interface banner Command Example admin > Security > banner > banner display true audit false Ftpgetbanner Command The ftpgetbanner command directs the SX to go to this site to retrieve the welcome banner. The welcome banner and the audit statement are maintained on an external FTP site.
Chapter 11: Command Line Interface Certificate Command Menu The certificate command menu provides the client and server commands to create and manage security certificates. Note: If the SX is not used to generate the certificate signing request and an external certificate is used instead, encryption needs to be removed from the private key before installing it on the SX. If this is the case, to remove the encryption from the key, a command such as openssl rsa -in server.key -out server2.key and server2.
Chapter 11: Command Line Interface Certificate Client Command Example Enable SSL Client Certificates: admin > Security > certificate > clientcert enable true Install Certificate Authority: admin > Security > certificate > add ip 10.0.0.189 login root password passwordword path /home/cert/ SXCert file cacert.pem ca ca_test Add Certificate Renovation List: admin > Security > certificate > addcrl ip 10.0.0.189 login root password pass path /home/cert/SXCert file demoCA.
Chapter 11: Command Line Interface Server Command Example Install User Certificate: admin > Security > certificate > installusercert ip 10.0.0.189 login root password pass path /home/SXCert file sx.pem Install User Key: admin > Security > certificate > installuserkey ip 10.0.0.189 login root password pass path /home/ SXCert file sx.
Chapter 11: Command Line Interface IPtables Command The iptables command is an administration tool for IPv4 packet filtering and Network Address Translation (NAT). The iptables command provides an interface to the linux iptables. The command parameters and options are the same as the linux system command. iptables Command Description -A input Append one or more rules to specified chain. --dport Destination port. --flush Clear the iptables.
Chapter 11: Command Line Interface iptables Command Examples Iptables can be configured in a plethora of ways that is outside the scope of this document. The examples below show some simple configuration options created with iptables. The following example enables a log for iptables: admin > firewall > iptables -A INPUT -t filter -j LOG --log-prefix DOM_IPACL -m state --state NEW -s Adding a default local rule The default local rule is included as part of the standard SX implementation.
Chapter 11: Command Line Interface admin > Security > firewall > iptables --list or admin > Security > firewall > iptables -xvnL Clear the iptables rules To clear the iptables rules. admin > Security > firewall > iptables --flush Save the configured settings To save the iptables rules into the local database. admin > Security > firewall > iptables-save Note: No spaces between iptables and save. Execute this command once you have configured all the settings.
Chapter 11: Command Line Interface 3. Use kadmin to add the keys to /etc/krb5.keytab for HTTP/FQDN@REALM and host/FQDN@REALM. These keys are consistent across boots. 4. Remote authentication and authorization can be set up along with Kerberos authentication. HTTP and telnet access will prompt you to enter username and password. Currently Kerberos does not automatically map to local or remote usernames. 5. Enable Kerberos. 6. After a reboot, the SX is ready for secure telnet and HTTP protocol remote access.
Chapter 11: Command Line Interface Loginsettings Commands The loginsettings command menu offers commands used to configure the systemwide login settings: Command Description idletimeout Set systemwide idletimeout. inactiveloginexpiry Configure local login expiry time. invalidloginretries Configure local login max number of retries. localauth Configure local authentication. lockoutperiod Lockout period on invalid login attempt. singleloginperuser Restrict to a single login session per user.
Chapter 11: Command Line Interface inactiveloginexpiry Command Description account will expire for local users on inactivity Command Example admin > Security > LoginSettings > inactiveloginexpiry days 5 Invalidloginretries Command The invalidloginretries command specifies the number of failed invalid login attempts before the account is deactivated.
Chapter 11: Command Line Interface lockoutperiod Command Example admin > Security > LoginSettings > lockoutperiod time 120 Singleloginperuser Command The singleloginperuser command enables or disables multiple logins per user. Syntax singleloginperuser [enable ] singleloginperuser Command Description enable Enable/Disable multiple login sessions per user.
Chapter 11: Command Line Interface strongpassword Command Description expiry Number of days before password will expire for local users. history Number of passwords to store in password history. uppercase If true, force uppercase characters in password. lowercase If true, force lowercase characters in password. numeric If true, force numeric characters in password. other If true, force other characters in password.
Chapter 11: Command Line Interface Portaccess Command Syntax portaccess portaccess Command portaccess Description Indicate whether port access should be private or shared. portaccess Command Example admin > Security > LoginSettings > portaccess share admin > Security > LoginSettings > portaccess private Securityprofiles Commands The securityprofiles command menu provides access to the commands used to configure and control security profiles.
Chapter 11: Command Line Interface profiledata Command Description [name ] Specifies the type of security profile. [telnet ] Enable/Disable telnet. [strongpass ] Enable/Disable strong password. [timeout ] Enable/Disable idle timeout. [single ] Enable/Disable single login per user. [redirect ] Enable/Disable redirection from HTTP to HTTPS.
Chapter 12 Intelligent Platform Management Interface In This Chapter Discover IPMI Devices ..........................................................................224 IPMI Configuration .................................................................................225 Discover IPMI Devices To discover IPMI servers on the network: 1. Choose IPMI > Discover IPMI Devices. The Discover IPMI Devices page opens. 2. Leave the Options field blank or enter -t timeout [seconds]. 3.
Chapter 12: Intelligent Platform Management Interface Example The following is an example of the output when nothing has been entered in the Options field: Result: Discovering IPMI Devices ... --- ipmidiscover statistics --448 requests transmitted, 0 responses received in time, 100.0% packet loss IPMI Configuration IPMI configuration allows you to manage the IPMI functions of a remote system, including printing FRU information, LAN configuration, sensor readings, and remote chassis power control. 1.
Chapter 12: Intelligent Platform Management Interface ipmitool version 1.8.7 usage: ipmitool [options...
Chapter 12: Intelligent Platform Management Interface lan IPMI v1.
Chapter 12: Intelligent Platform Management Interface 5. Type your password in the Password field. 6. Type an option in the Option field. 7. Type a command in the Command field. 8. Click the IPMI Discover button. The system displays the results of your command.
Chapter 13 Power Control In This Chapter Port Power Associations ........................................................................229 Power Strip Configuration ......................................................................231 Power Association Groups ....................................................................231 Power Control ........................................................................................232 Associations Power Control........................................
Chapter 13: Power Control 2. Click Add. The Port Power Association page opens. 3. Select the port from the drop-down menu in the Port field. 4. Select the power strip name from the drop-down menu in the Power Strip field. 5. Select the outlet to associate with the port from the drop-down menu in the Outlet field. 6. Click Add. Note: It is not recommended to access the port associated with a power strip via RSC or CLI.
Chapter 13: Power Control 2. Click Add. The Port Power Association page opens. 3. Select the association in the Outlet Association list. 4. Click Delete. Power Strip Configuration Important: A maximum of 31 powerstrips can be run with the SX. To configure a power strip: 1. Choose Setup > Power Strip Configuration. 2. Click Add. The Power Strip Configuration page opens. 3. Type a name and description in the Name and Description fields. 4.
Chapter 13: Power Control 2. Click Add. The Power Association Groups page opens. 3. Type a name and description in the Group Name and Description fields. 4. Select the number of outlets from the drop-down menu in the Number of Outlets field. 5. Click OK. Power Control Click the Power Control tab to display the power control-related tools.
Chapter 13: Power Control Associations Power Control Choose Power Control > Associations Power Control to access the tool to manage power control associations. Note: When executing power on/off operation, about ~5 seconds are added to the configured sequential interval, resulting in an operational delay time (minimum amount of time to operate). If power cycle is selected, all associated outlets are powered off sequentially, and then powered on sequentially.
Chapter 13: Power Control Power Strip Power Control Choose Power Control > Power Strip Power Control to access the Outlet Control page, where you can manage power strips.
Chapter 13: Power Control Power Strip Status Choose Power Control > Power Strip Status to check power strip status. CLI Command for Power Control CLI Port Power Association Description: Power Control menu - Associate a power strip outlet to an SX port Scenario #1 Port power association - add outlet Pre-condition Administrator user is logged in via CLI. Power strip (DPX) is physically connected to SX named PowerStr1. User is in power menu. Action Type command. Press Enter.
Chapter 13: Power Control Scenario #2 Port power association - associate 6 outlets to one port Pre-condition Administrator user is logged in via CLI. Power strip (DPX) is physically connected and configured to DSX named PowerStr1. User is in power menu. Action Type command - associate [port port] [powerstrip powerstrip] [outlet outlet] to associate Outlet1 to Port1 Press Enter. Repeat steps 3 and 4 for Outlet 2, 3, 4, 5 and 6.
Chapter 13: Power Control Scenario #4 Port power association - associate one outlet to two ports Action Enter command Press Enter CLI Input associate port 1 powerstrip PowerStr1 outlet 1 associate port 2 powerstrip PowerStr1 outlet 1 Scenario #5 Port power association - associate all available outlets to ports Pre-condition Administrator user is logged in via CLI. Power strip (DPX) is physically connected and configured to the SX named PowerStr1. User is in power menu Action Enter command.
Chapter 13: Power Control Scenario #7 Port power association - associate outlets from 6 different power strips to one port 6 Power strip (DPX) are physically connected and configured to SX. User is in power menu. Action Enter Command to associate Port1 to Outlet1 of PowerStr1. Press Enter. Repeat steps 1 and 2 to associate Port1 with Outlet1 from each of the other PDUs.
Chapter 13: Power Control Scenario #1 Remove port power association Press Enter. CLI Input Command: unassociate port 1 powerstrip PowerStr1 outlet 1 Scenario #2 Delete multiple outlets association Pre-condition Administrator user is logged in via CLI. Power strip (DPX) is physically connected and configured to the SX named PowerStr1. User is in power menu. Action Enter command. Press Enter.
Chapter 13: Power Control CLI Power Association Group Description: Power > PowerGroups menu Scenario #1 Create new power group Pre-condition Administrator user is logged in via CLI. Power strip (DPX) named PowerStr1 is physically connected to Port1 of SX. Administrator is in Power > PowerGroups menu. Action Enter Command. Press Enter.
Chapter 13: Power Control Scenario #4 Remove group member Administrator is in Power > PowerGroups menu. Action Enter Command. Press Enter. CLI Input Command: deletepowergroupport name "Test Group" port 2 Scenario #5 Delete power group Pre-condition Administrator user is logged in via CLI. Power strip (DPX) named PowerStr1 is physically connected to Port1 of SX. Administrator is in Power > PowerGroups menu. Action Enter Command. Press Enter.
Chapter 13: Power Control Scenario #2 Switch on/off all Outlets Press Enter. CLI Input on powerstrip PowerStr1 outlet * off powerstrip PowerStr1 outlet * Scenario #3 Switch on/off group of outlets Pre-condition Administrator user is logged in via CLI. Power strip (DPX) named PowerStr1 is physically connected to Port1 of SX. Administrator is in power menu. Action Enter Command. Press Enter.
Chapter 13: Power Control Scenario #6 Sequence interval for switch on operation Pre-condition Administrator user is logged in via CLI. Power strip (DPX) named PowerStr1 is physically connected to Port1 of SX. Administrator is in power menu. Action Enter command to set sequence interval. Press Enter. Enter command to switch on group of outlets. Press Enter.
Chapter 13: Power Control A powerdelay setting of 0 executes the commands as fast as possible. Example: powerdelay sequence 2 cycle 5 Note: The powerdelay setting of 0 may not function on PX1 devices. This command does function on Baytech® and PX2 PDUs. CLI Association Power Control - Port Association Description: Power Control Menu Scenario #1 Association Power Control - Recycle Port Association (Target is associated to One Outlet) Pre-condition Administrator user is logged in via CLI.
Chapter 13: Power Control Scenario #2 Association Power Control - Recycle Port Association (Target is associated to Two Outlets from one power strip) Press Recycle button. CLI Input Power Recycle Interval value: 1 sec. Scenario #3 Association Power Control - Recycle Port Association (Target is associated to Two Outlets from two different power strips) Pre-condition Administrator user is logged in via CLI. Power strip (DPX) named PowerStr1 is physically connected to Port1 of SX.
Chapter 13: Power Control CLI Association Power Control - Group Association Description: Power Control Menu Scenario #1 Turn ON Group Association Pre-condition Administrator user is logged in via CLI. Administrator is in power menu. Group Association named Group1 (shown in Fg.1) is already created. Action Enter Command. Press Enter.
Chapter 13: Power Control Scenario #4 Turn OFF Group Association (outlets in association are with different statuses) Administrator is in power menu. Group Association named Group1 (shown in Fg.1) is already created. Outlets in Group1 are with different statuses. Action Enter Command. Press Enter. CLI Input Command: off nodegroup Group1 Scenario #5 Recycle Group Association Pre-condition Administrator user is logged in via CLI. Administrator is in power menu.
Chapter 13: Power Control Scenario #7 Turn ON Group and Port Association simultaneously outlet8 of PowerStr1 which has been created and available in the list. Action Enter Command. Press Enter. CLI Input powerdelay sequence 2 cycle 5 on port 3 nodegroup Group1 Scenario #8 Turn OFF Group and Port Association simultaneously Pre-condition Administrator user is logged in via CLI. Administrator is in power menu. Group Association named Group1 (shown in Fg.1) is already created.
Chapter 13: Power Control CLI Power Strip Status Description: Power Control Menu Scenario #1 Power Strip Status Pre-condition Administrator user is logged in via CLI. Power strip (DPX) named PowerStr1 is physically connected to Port1 of SX. Administrator is in Power menu. Action Enter Command. Press Enter.
Chapter 13: Power Control Scenario #3 Power Strip Status - Outlet status Action Check the current status of outlets - outlet1 is turn on Turn off outlet1. Go to Power menu and check the status of outlet1. CLI Input powerstrip name PowerStr1 off powerstrip PowerStr1 outlet 1 powerstrip name PowerStr1 Scenario #4 Power Strip Status - Outlet status when port association is removed Pre-condition Administrator user is logged in via CLI.
Chapter 13: Power Control Scenario #5 Power Strip Status - Outlet status when group association is removed CLI Input powerstrip name PowerStr1 deletepowergroup name Group1 powerstrip name PowerStr1 251
Appendix A Specifications In This Chapter SX Models and Specifications ...............................................................252 Maximum Number of Connections for a Single User ............................255 Maximum Number of CLI Sessions .......................................................255 Requirements ........................................................................................256 Supported Operating Systems, Browsers and Java Versions ..............256 Connectivity ...........
Appendix A: Specifications Model Ports Built-In Modem # of Local Ports # of Ethernet Ports Power Supply DSXA-48 48 Yes 1 2 Dual AC DSXA-48-AC 48 No 2 2 Dual AC DLM The following table lists the SX models, their dimensions, and weights. MODEL DIMENSIONS (W) x (D) x (H) WEIGHT DSX4 11.41" x 10.7" x 1.75"; 290 x 270 x 44 mm 4.61 lbs; 2.08 kg DSXB-4-M 11.41" x 10.7" x 1.75"; 290 x 270 x 44 mm 4.61 lbs; 2.08 kg DSX8 11.41" x 10.7" x 1.75"; 290 x 270 x 44 mm 4.81 lbs; 2.
Appendix A: Specifications The following table lists the information of Cables/Adapters/Brackets. The SX is able to support long distance cables. The actual distance you may achieve is dependent on many factors including baud rate, cable quality, environmental radiation, and the target serial device’s specifications, quality and tolerances. You may achieve higher or lower lengths based on these factors. Raritan recommends that you test in your environment to validate the desired distance.
Appendix A: Specifications Pin Pin 1 8 2 7 3 6 4 5 5 4 6 3 7 2 8 1 Maximum Number of Connections for a Single User The following maximum number of connections for a single user apply to the SX; All SX models support a maximum of twelve (12) simultaneous RSC port sessions per user per host. A maximum of six (6) SSH port sessions per user are supported.
Appendix A: Specifications Requirements The following table lists the requirements for the SX. Requirements Description Form factor 1U, rack mountable (brackets included on DSX16, DSX32, DSXA-8 and DSX48) Power 110/240VAC auto-switching: 50-60 Hz Max. power consumption 4-Port SX: 5.75W 8-port SX: 6W 16-port SX: 8W 32-port SX: 9.375W 48-port SX: 12.
Appendix A: Specifications Operating Systems Browsers Java™ versions Windows 7® Home Premium SP1 64-bit Internet Explorer® 10, 11 1.7.0_55, 1.7.0_60, Firefox 31 Chrome® 35 1.7.0_65, and 1.7.0_67 Internet Explorer 8, 9, 11 1.7.0_55 ® Windows 7 Ultimate SP1 64-bit Firefox 28 Chrome 31 Internet Explorer 8 Windows 7 Ultimate 32-bit 1.7.0_55 Firefox 25 Chrome 31 Internet Explorer 10, 11 ® Windows 8 64-bit 1.7.
Appendix A: Specifications Vendor Device Console Connector Cisco® PIX Firewall Cisco Catalyst Serial Connection and a CAT 5 cable RJ-45 CRLVR-15 rollover cable; or CRLVR-1 adapter cable and a CAT5 cable CRLVR-1 cable for connecting a terminal port (RJ-45 Connector type) of SX-48 models that have this connector to another SX.
Appendix A: Specifications RJ-45 PIN SIGNAL 1 RTS 2 DTR 3 TxD 4 GND 5 Signal GND 6 RxD 7 DSR 8 CTS See http://www.raritan.com/support for the latest information about the SX serial pinouts (RJ-45).
Appendix A: Specifications RJ-45 (female) DB9 (male) 6 3 7 4 8 7 DB25F Nulling Serial Adapter Pinouts RJ-45 (female) DB25 (female) 1 5 2 6, 8 3 3 4 1 5 7 6 2 7 20 8 4 DB25M Nulling Serial Adapter Pinouts 260 RJ-45 (female) DB25 (male) 1 5 2 6, 8 3 3 4 1 5 7 6 2 7 20 8 4
Appendix A: Specifications SX Terminal Ports All SX models, except the DSX16 and DSX32, have the same pinouts on the two DB9M serial ports. This applies to models with two serial ports. All dual-LAN (dual-power) models have one RJ-45 serial port. The DSX16 and DSX32 models have only one external DB9M serial port (labeled TERMINAL). All dual-LAN (dual-power) models have one RJ-45 serial port. The DSX16 and DSX32 models have only one external DB9M serial port (labeled TERMINAL).
Appendix A: Specifications DB9M PIN SIGNAL 4 DTR (H) 5 GND 6 7 RTS (H) 8 9 SX16 and SX32 Terminal Ports A modem should not be connected to the terminal ports on DSX16 and DSX32 because the Ring Indicator (RI) signal is not present. These models have a built-in modem that can be enabled or disabled. The modem is disabled by default.
Appendix A: Specifications Additional information about the SX16 and SX32 Terminal Ports: Pins 1 and 9 are used to factory reset units shipped after August 2004. Units shipped prior to August 2004 have the DB9M port labeled RESERVED (not TERMINAL/RESERVED), since this port was used to factory reset the unit, with a Factory reset adapter shipped with each SX. Pins 1 and 6 were used for factory reset.
Appendix B System Defaults In This Chapter Initiate Port Access ................................................................................264 Supported Character Length of Various Field Types ............................264 Initiate Port Access Use the following information for initiating port access: Initiate port access using Ports Kept open or Closed Directions HTTP Ports 80, 443 and 5000 must be Both kept open in the firewall for the unit to operate. Port 5000 can be configured.
Appendix B: System Defaults Field Type Character Length username 255 user full name 255 user information 64 user password 64 group name 255 Remote Auth Secret 128 LDAP BaseDN 128 LDAP Query 128 LDAP Search 128 LDAP Dialback Query 128 Remote Auth Port 1-65535 Network Failover Interval 0-65535 Network Domain Name 255 Network Unit Name 64 CSC port 1-64510 CSC Discovery Port 1-64510 HTTP/HTTPS Port 1-64510 Telnet /SSH Port 1-64510 Port Name 64 Port Exit Command 100 Por
Appendix B: System Defaults 266 Field Type Character Length PortLog NFS Update 0-99999 PortLog In/Out Directory 64 SMTP Username 255 SMTP Password 128 SMTP Source address 64 Event Destination 64 NFS Directory 128 SNMP Community 64 SNMP Dest Port 1-65535 Login Inactive Expiration 0-65535 Login Retries 0-65535 Login Lockout Period 0-65535 Strong Password Min Length 8 - 15 Strong Password Max Length 15 - 64 Idle Timeout Period 0-65535
Appendix C Certificates In This Chapter Default SX Certificate Authority Settings ...............................................267 Installing Dominion SX Server Certificate for Netscape Navigator .......267 Installing a Third-Party Root Certificate .................................................270 Importing Certificates for LDAP .............................................................
Appendix C: Certificates 2. Select Accept this certificate permanently and click OK. 3. Select OK on the Security Warning window 4. The Raritan default certificate is now accepted on this computer. Remove an Accepted Certificate Removing a previously accepted certificate from a SX uses the same process whether removing a Raritan default certificate or removing a user-installed third-party certificate. Note: The SX does not use encrypted private keys.
Appendix C: Certificates 3. In the Manage Certificates section, click the Manage Certificates... button to view the Certificate Manager.
Appendix C: Certificates 4. Select the Web Sites tab, select the certificate name that is the common name of the IP address of the SX, and click Delete. 5. Click OK on the Delete Web Site Certificates window to confirm the deletion of the certificate. 6. On the left side of this page, locate Certificates, and click Web Sites. 7. Click OK on the Options Advanced Window.
Appendix C: Certificates Note: Some CAs will provide the root certificate code in text format rather than providing a downloadable root certificate. If this occurs, select the root certificate code, copy it, and follow the steps outlined in the section Install the Raritan Root Certificate, then follow the steps outlined below.
Appendix C: Certificates Generate a CSR for a Third Party CA to Sign To have a third party CA certificate (for example, Verisign) installed on the SX rather than the internal CA on the SX signing the certificate, a Certificate Signing Request (CSR) must be generated by the SX to be signed. The third party CA will take this CSR and generate a Certificate. This certificate must be installed on the SX along with the CA's public key in order for this certificate to be enabled.
Appendix C: Certificates 7. Install the certificate to SX. 8. Reboot the SX. If the CSR is generated by an external source: 1. Generate a CSR for the SX by an external computer. 2. Send this CSR to the third party CA to get it signed. 3. CA returns a Signed Certificate built from the CSR. 4. Install the certificate to the SX. 5. Upload the private key received for this CSR to the SX. 6. Reboot the SX.
Appendix C: Certificates Install Client Root Certificate In order for Client Certificates to be recognized as valid by the SX, the Root Certificate of the CA that signed the Client Certificates must be installed on the SX with the following steps: 1. Retrieve the CA's Root certificate used to sign the client certificates and place it on an accessible FTP server 2. Choose Security > SSL Client Certificates. 3. Select Install Certificate Authority. 4.
Appendix C: Certificates 6. If the certificate is ASCII encoded, select ASCII. If it is a binary certificate file, select binary. 7. Enter a unique name for this certificate to be stored on the SX. 8. Click OK and the SX should retrieve the specified certificate file with supplied credentials. Import Certificates from Windows XP Follow these steps to load the SX certdb with sufficient certificates to allow for LDAP connectivity: 1. Launch Internet Explorer®. 2. Type https://:636.
Appendix C: Certificates Import Certificates from Dominion SX via CLI A user with Administrator privileges can do the following to import certificates for LDAP. Type the configuration command and issue the following commands: Config > Authentication > LDAP > LDAPS >getservercert ip login password path / file ROOT_BIN.
Appendix C: Certificates D4:1D:8C:D9:8F:00:B2:04:E9:80:09:98:EC:F8:42:7E Fingerprint (SHA1): DA:39:A3:EE:5E:6B:4B:0D:32:55:BF:EF:95:60:18:90:AF:D8:07:09 Signature Algorithm: PKCS #1 MD2 With RSA Encryption Signature: 65:dd:7e:e1:b2:ec:b0:e2:3a:e0:ec:71:46:9a:19:11: b8:d3:c7:a0:b4:03:40:26:02:3e:09:9c:e1:12:b3:d1: 5a:f6:37:a5:b7:61:03:b6:5b:16:69:3b:c6:44:08:0c: 88:53:0c:6b:97:49:c7:3e:35:dc:6c:b9:bb:aa:df:5c: bb:3a:2f:93:60:b6:a9:4b:4d:f2:20:f7:cd:5f:7f:64: 7b:8e:dc:00:5c:d7:fa:77:ca:39:16:59:6f:0e:ea:d3:
Appendix D Server Configuration In This Chapter Microsoft IAS RADIUS Server ...............................................................278 Cisco ACS RADIUS Server ...................................................................281 TACACS+ Server Configuration ............................................................282 CiscoSecure ACS ..................................................................................
Appendix D: Server Configuration IAS Active Directory Access If using a Domain Controller, set IAS to access the Active Directory® using the following steps: 1. Launch IAS (choose Start > All Programs > Administrative Tools > Internet Authentication Service). 2. Right-click on Internet Authentication Service (Local) and select Register Server in Active Directory. Note: See the following Microsoft URL for information about Active Directory: http://support.microsoft.com/default.
Appendix D: Server Configuration 7. Select the Grant remote access permission radio button. 8. Click Next>. The Profile dialog appears. 9. Click the Edit Profile... button. 10. Choose the Authentication tab. Deselect all other checkboxes select the Unencrypted authentication (PAP, SPAP) checkbox. Note: This version of SX does not support Challenge Authentication Protocol (CHAP). 11. Click the Advanced tab. Remove Framed-Protocol. Note: Each policy has conditions that must be met.
Appendix D: Server Configuration 18. Ensure that the Active Directory®/Local account for the user has Dial In access enabled in their user profile. If the Windows 2000® Domain server is in Native Mode and IAS is registered with the Active Directory, you can set the User Profile > Dial In setting to use Remote Access Policies. Cisco ACS RADIUS Server The Cisco Access Control Server (ACS) is another authentication solution supported by the SX.
Appendix D: Server Configuration TACACS+ Server Configuration The SX has the capability to use Terminal Access Controller AccessControl System Plus (TACACS+) for authentication services. The SX requires a new service to be added and two argument-value pairs to be returned by the server. The new service is called dominionsx. The valid authorization parameter is user-group. If this user is to have a modem dialback, the valid dialback parameter is user-dialback.
Appendix D: Server Configuration 2. Select Interface Configuration. 3. Select TACACS+ (Cisco IOS). 4. Add dominionsx service under the heading New Services.
Appendix D: Server Configuration 5. When adding or editing a user or group, the dominionsx service will appear under the heading TACACS+ Settings. The service can be enabled per user or per group by selecting the dominionsx and Custom Attributes checkboxes. Add the attributes (user-type) and the appropriate values to the text box. Note: The value for the user-group attribute is case sensitive; ensure that it matches exactly the same as the local group name on the SX.
Appendix E Modem Configuration In This Chapter Client Dial-Up Networking Configuration ...............................................285 Windows NT Dial-Up Networking Configuration....................................285 Windows 2000 Dial-Up Networking Configuration ................................288 Windows Vista Dial-Up Networking Configuration ................................292 Windows XP Dial-Up Networking Configuration....................................
Appendix E: Modem Configuration 2. Click New in the Dial-Up Networking dialog. The New Phonebook Entry dialog allows you to configure the details of this connection. 3.
Appendix E: Modem Configuration Dial using - Modem being used to connect to SX; if there is no entry here, there is no modem installed in your workstation 4. Click the Security tab. The Security section allows you to specify the level of security to use with the modem connection. When connecting to the SX, security is provided by SSL/ with RC4 encryption, therefore no dial-up security is required.
Appendix E: Modem Configuration 5. Click the "Accept any authentication including clear text" radio button. 6. Click OK to return to the main Dial page. 7. Click Dial. See the Windows NT® Users Guide if you receive any error messages. Windows 2000 Dial-Up Networking Configuration 1. Choose Start > Programs > Accessories > Communications > Network and Dial-Up Connections.
Appendix E: Modem Configuration 2. Double-click the Make New Connection icon when the Network and Dial-Up Connections window appears. 3. Click Next and follow the steps in the Network Connection Wizard dialog to create custom dial-up network profiles.
Appendix E: Modem Configuration 4. Click the Dial-up to private network radio button and click Next. 5. Select the checkbox before the modem that you want to use to connect to the SX and then click Next. 6. Type the area code and phone number you wish to dial in the appropriate fields.
Appendix E: Modem Configuration 7. Click the Country/region code drop-down arrow and select the country or region from the list. 8. Click Next. The Connection Availability dialog appears. 9. Click the Only for myself radio button in the Connection Availability dialog.
Appendix E: Modem Configuration 10. Click Next. The Network Connection has been created. 11. Type the name of the Dial-up connection. 12. Click Finish. 13. Click Dial to connect to the remote machine when the Dial dialog appears. A dialog indicating that a successful connection has been established will appear. Consult the Windows 2000® Dial-up Networking Help if you receive any error messages. Windows Vista Dial-Up Networking Configuration 1. Click Start and then click Network. The Network window opens.
Appendix E: Modem Configuration Windows XP Dial-Up Networking Configuration 1. Choose Start > Programs > Accessories > Communications > New Connection Wizard. 2. Click Next and follow the steps in the New Connection Wizard to create custom dial-up network profiles. 3. Click the Connect to the Internet radio button and click Next.
Appendix E: Modem Configuration 4. Click the "Set up my connection manually" radio button and click Next.
Appendix E: Modem Configuration 5. Click the "Connect using a dial-up modem" radio button and click Next.
Appendix E: Modem Configuration 6. Type a name to identify this particular connection in the ISP Name field and click Next.
Appendix E: Modem Configuration 7. Type the phone number for the connection in the Phone number field and click Next. 8. Type your ISP information. Type the user name and password in the appropriate fields, and retype the password to confirm it.
Appendix E: Modem Configuration 9. Select the checkbox before the appropriate option below the fields and click Next. 10. Click Finish. 11. Click Dial to connect to the remote machine when the Dial dialog appears. A dialog indicating that you connected successfully appears. If you get any errors, consult Windows XP® Dial-up Networking Help. Note: The maximum modem speed connecting to the SX is 33,600 bps, as it is a Linux® default limitation.
Appendix F Accessing a PX2 from the SX In This Chapter Overview ................................................................................................299 Connecting the SX to the PX2 Serial Port .............................................299 Connecting the SX to the PX2 FEATURE Port .....................................300 Overview The SX provides the following options when connecting a PX2 to a SX: Connecting the SX to the PX2 Serial port to connect to and access the PX2.
Appendix F: Accessing a PX2 from the SX 3. Power on the PX2. The CLI interface appears. Connecting the SX to the PX2 FEATURE Port In this configuration, the PX2 is managed from the SX interface like any other powerstrip. See Power Control (on page 229). To connect the SX to the Feature port on the PX2: 1. Connect the red end of the CSCSPCS crossover Cat5 cable into the Feature port on the PX2. 2. Connect the yellow end of the CSCSPCS crossover Cat5 cable into a port on the SX.
Appendix F: Accessing a PX2 from the SX 3. Power on the PX2. You can now add the PX2 as a managed powerstrip to the SX.
Appendix G Troubleshooting In This Chapter Page Access ..........................................................................................302 Firewall ..................................................................................................303 Login ......................................................................................................304 Port Access ...........................................................................................304 Upgrade ........................
Appendix G: Troubleshooting Problem Solution error and reading that the server is unreachable. Remove any installed SX certificates and restart the browser. Unsupported Encryption The unit supports only 128-bit SSL encryption. In Internet Explorer®, view Help > About Internet Explorer and determine the maximum SSL bit strength for the browser. If it is not at the desired strength, it is recommended that the browser be upgraded. In Netscape®, view Communicator > Tools > Security Info > SSL v3.
Appendix G: Troubleshooting Problem Solution SSL Security Warnings The unit embeds its Internet Address (IP) in its SSL certificate. Should the firewall perform Network Address Translation (NAT), the SSL certificate will not match the IP address recognized by the browser generating a security warning. This is normal behavior. The warning message does not affect operation of the unit. Login Problem Solution Login Failure To provide additional security, the unit login page expires after three minutes.
Appendix G: Troubleshooting Problem Solution Whenever possible, it is recommended that Administrators not change port access rights to a user who is already logged in to the unit. Upgrade Problem Solution FTP - Server Unreachable If FTP server specified in the upgrade panel is unreachable or incorrect, the upgrade process halts until a response is received from the FTP server or until a timeout occurs. Wait and allow the FTP Server Unreachable message to appear.
Appendix G: Troubleshooting Problem Solution upgrade pack again. Events Not Captured in Event Log The eventlogfile command can fail to be captured in the SX event log for three possible reasons: The log file size is set to greater than 10000000 The log file size is set to less than 1024 Saving the event to the event log file causes the log file size to exceed 50% of the available flash memory on the SX. SX does not allow this to occur.
Appendix G: Troubleshooting Problem Solution TCP auto tuning. Vista's Enterprise (and Business) editions utilize an aggressive scaling factor, which causes issues in packet segmentation, leading to SSH handshake messages being split apart and connection to never complete. The problem with Vista, is what Vista is doing when it sees that the SX cannot support the window scaling size of 8. Microsoft has described this problem at http://support.microsoft.com/kb/929868/ http://support.microsoft.com/kb/929868/.
Appendix G: Troubleshooting Lines are Overwritten after Column 80 in Linux The default Linux® terminal display is set up for 80 columns, while RSC can be configured to have a different number of columns. If the RSC is configured to a different column number than the terminal, the last line in the columns may be overwritten when you perform a carriage return at the end of the last line.
Appendix H Frequently Asked Questions In This Chapter FAQs......................................................................................................
Chapter 14 FAQs Questions Answers How do I enable Direct Enabling Direct Port Access (DPA) from the CLI in Dominion SX. Port Access with a Attached is a sample run for DPA configuration from CLI. Dominion SX unit running SX3.1+ firmware? The following are main steps: 1. Configure DPA mode from Configuration->Services. 2. Configure which port need DPA and type of DPA (Telnet-TCP, SSHTCP, IP ADDR) from Configuration->ports 3. Reboot SX 4.
Chapter 14: Frequently Asked Questions Questions Answers How do I enable Direct Enabling Direct Port Access (DPA) from the CLI in Dominion SX. Port Access with a Attached is a sample run for DPA configuration from CLI. Dominion SX unit running SX3.1+ firmware? The following are main steps: 1. Configure DPA mode from Configuration->Services. 2. Configure which port need DPA and type of DPA (Telnet-TCP, SSHTCP, IP ADDR) from Configuration->ports 3. Reboot SX 4.
Chapter 14: Frequently Asked Questions Questions Answers How do I enable Direct Enabling Direct Port Access (DPA) from the CLI in Dominion SX. Port Access with a Attached is a sample run for DPA configuration from CLI. Dominion SX unit running SX3.1+ firmware? The following are main steps: 1. Configure DPA mode from Configuration->Services. 2. Configure which port need DPA and type of DPA (Telnet-TCP, SSHTCP, IP ADDR) from Configuration->ports 3. Reboot SX 4.
Chapter 14: Frequently Asked Questions Questions Answers How do I enable Direct Enabling Direct Port Access (DPA) from the CLI in Dominion SX. Port Access with a Attached is a sample run for DPA configuration from CLI. Dominion SX unit running SX3.1+ firmware? The following are main steps: 1. Configure DPA mode from Configuration->Services. 2. Configure which port need DPA and type of DPA (Telnet-TCP, SSHTCP, IP ADDR) from Configuration->ports 3. Reboot SX 4.
Chapter 14: Frequently Asked Questions Questions Answers How do I enable Direct Enabling Direct Port Access (DPA) from the CLI in Dominion SX. Port Access with a Attached is a sample run for DPA configuration from CLI. Dominion SX unit running SX3.1+ firmware? The following are main steps: 1. Configure DPA mode from Configuration->Services. 2. Configure which port need DPA and type of DPA (Telnet-TCP, SSHTCP, IP ADDR) from Configuration->ports 3. Reboot SX 4.
Chapter 14: Frequently Asked Questions Questions Answers How do I enable Direct Enabling Direct Port Access (DPA) from the CLI in Dominion SX. Port Access with a Attached is a sample run for DPA configuration from CLI. Dominion SX unit running SX3.1+ firmware? The following are main steps: 1. Configure DPA mode from Configuration->Services. 2. Configure which port need DPA and type of DPA (Telnet-TCP, SSHTCP, IP ADDR) from Configuration->ports 3. Reboot SX 4.
Chapter 14: Frequently Asked Questions Questions Answers How do I enable Direct Enabling Direct Port Access (DPA) from the CLI in Dominion SX. Port Access with a Attached is a sample run for DPA configuration from CLI. Dominion SX unit running SX3.1+ firmware? The following are main steps: 1. Configure DPA mode from Configuration->Services. 2. Configure which port need DPA and type of DPA (Telnet-TCP, SSHTCP, IP ADDR) from Configuration->ports 3. Reboot SX 4.
Chapter 14: Frequently Asked Questions Questions Answers How do I enable Direct Enabling Direct Port Access (DPA) from the CLI in Dominion SX. Port Access with a Attached is a sample run for DPA configuration from CLI. Dominion SX unit running SX3.1+ firmware? The following are main steps: 1. Configure DPA mode from Configuration->Services. 2. Configure which port need DPA and type of DPA (Telnet-TCP, SSHTCP, IP ADDR) from Configuration->ports 3. Reboot SX 4.
Chapter 14: Frequently Asked Questions Questions Answers How do I enable Direct Enabling Direct Port Access (DPA) from the CLI in Dominion SX. Port Access with a Attached is a sample run for DPA configuration from CLI. Dominion SX unit running SX3.1+ firmware? The following are main steps: 1. Configure DPA mode from Configuration->Services. 2. Configure which port need DPA and type of DPA (Telnet-TCP, SSHTCP, IP ADDR) from Configuration->ports 3. Reboot SX 4.
Chapter 14: Frequently Asked Questions Questions Answers How do I enable Direct Enabling Direct Port Access (DPA) from the CLI in Dominion SX. Port Access with a Attached is a sample run for DPA configuration from CLI. Dominion SX unit running SX3.1+ firmware? The following are main steps: 1. Configure DPA mode from Configuration->Services. 2. Configure which port need DPA and type of DPA (Telnet-TCP, SSHTCP, IP ADDR) from Configuration->ports 3. Reboot SX 4.
Chapter 14: Frequently Asked Questions Questions Answers How do I enable Direct Enabling Direct Port Access (DPA) from the CLI in Dominion SX. Port Access with a Attached is a sample run for DPA configuration from CLI. Dominion SX unit running SX3.1+ firmware? The following are main steps: 1. Configure DPA mode from Configuration->Services. 2. Configure which port need DPA and type of DPA (Telnet-TCP, SSHTCP, IP ADDR) from Configuration->ports 3. Reboot SX 4.
Chapter 14: Frequently Asked Questions Questions Answers How do I enable Direct Enabling Direct Port Access (DPA) from the CLI in Dominion SX. Port Access with a Attached is a sample run for DPA configuration from CLI. Dominion SX unit running SX3.1+ firmware? The following are main steps: 1. Configure DPA mode from Configuration->Services. 2. Configure which port need DPA and type of DPA (Telnet-TCP, SSHTCP, IP ADDR) from Configuration->ports 3. Reboot SX 4.
Chapter 14: Frequently Asked Questions Questions Answers How do I enable Direct Enabling Direct Port Access (DPA) from the CLI in Dominion SX. Port Access with a Attached is a sample run for DPA configuration from CLI. Dominion SX unit running SX3.1+ firmware? The following are main steps: 1. Configure DPA mode from Configuration->Services. 2. Configure which port need DPA and type of DPA (Telnet-TCP, SSHTCP, IP ADDR) from Configuration->ports 3. Reboot SX 4.
Chapter 14: Frequently Asked Questions Questions Answers How do I enable Direct Enabling Direct Port Access (DPA) from the CLI in Dominion SX. Port Access with a Attached is a sample run for DPA configuration from CLI. Dominion SX unit running SX3.1+ firmware? The following are main steps: 1. Configure DPA mode from Configuration->Services. 2. Configure which port need DPA and type of DPA (Telnet-TCP, SSHTCP, IP ADDR) from Configuration->ports 3. Reboot SX 4.
Chapter 14: Frequently Asked Questions Questions Answers How do I enable Direct Enabling Direct Port Access (DPA) from the CLI in Dominion SX. Port Access with a Attached is a sample run for DPA configuration from CLI. Dominion SX unit running SX3.1+ firmware? The following are main steps: 1. Configure DPA mode from Configuration->Services. 2. Configure which port need DPA and type of DPA (Telnet-TCP, SSHTCP, IP ADDR) from Configuration->ports 3. Reboot SX 4.
Chapter 14: Frequently Asked Questions Questions Answers How do I enable Direct Enabling Direct Port Access (DPA) from the CLI in Dominion SX. Port Access with a Attached is a sample run for DPA configuration from CLI. Dominion SX unit running SX3.1+ firmware? The following are main steps: 1. Configure DPA mode from Configuration->Services. 2. Configure which port need DPA and type of DPA (Telnet-TCP, SSHTCP, IP ADDR) from Configuration->ports 3. Reboot SX 4.
U.S./Canada/Latin America Monday - Friday 8 a.m. - 6 p.m. ET Phone: 800-724-8090 or 732-764-8886 For CommandCenter NOC: Press 6, then Press 1 For CommandCenter Secure Gateway: Press 6, then Press 2 Fax: 732-764-8887 Email for CommandCenter NOC: tech-ccnoc@raritan.com Email for all other products: tech@raritan.com China Europe Europe Monday - Friday 8:30 a.m. - 5 p.m. GMT+1 CET Phone: +31-10-2844040 Email: tech.europe@raritan.com United Kingdom Monday - Friday 8:30 a.m. to 5 p.m.