Avocent CCM1640, CCM840 User Manual

CCM840/1640
Installer/User Guide
INSTRUCTIONS
This symbol is intended to alert the user to the presence of important operating and maintenance (servicing) instructions in the literature accompanying the appliance.
DANGEROUS VOLTAGE
This symbol is intended to alert the user to the presence of uninsulated dangerous voltage within the product’s enclosure that may be of sufficient magnitude to constitute a risk of electric shock to persons.
POWER ON
This symbol indicates the principal on/off switch is in the on position.
POWER OFF
This symbol indicates the principal on/off switch is in the off position.
PROTECTIVE GROUNDING TERMINAL
This symbol indicates a terminal which must be connected to earth ground prior to making any other connections to the equipment.
This document is written for use with the CCM840/1640 application version 2.0.
CCM840/1640
Installer/User Guide
Avocent, Equinox and AVWorks are trademarks or registered trademarks of Avocent Corporation or its affiliates. All other marks are the property of their respective owners.
© 2004 Avocent Corporation. All rights reserved.
USA Notification
Canadian Notification
Japanese Notification
Agency Approvals
Warning: Changes or modifications to this unit not expressly approved by the party responsible for compliance could void the user's authority to operate the equipment.
Note: This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment generates, uses and can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference in which case the user will be required to correct the interference at his own expense.
This digital apparatus does not exceed the Class A limits for radio noise emissions from digital apparatus set out in the Radio Interference Regulations of the Canadian Department of Communications.
Le présent appareil numérique n’émet pas de bruits radioélectriques dépassant les limites applicables aux appareils numériques de la classe A prescrites dans le Règlement sur le brouillage radioélectrique édicté par le Ministère des Communications du Canada.
FCC P 15 Class A, EN55022, EN61000-3-2, EN61000-3-3, EN60950, EN55024, ETL (UL 1950), CSA 22.2 No. 950

Table of Contents

Chapter 1: Product Overview
Features and Benefits . . . . . . . . . . . . . . . . . . . . . . . . . 3
Safety Precautions . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Using AVWorks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Chapter 2: Installation and Configuration
Hardware Overview . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Installing the CCM . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Configuring the CCM . . . . . . . . . . . . . . . . . . . . . . . 10
Reinitializing the CCM . . . . . . . . . . . . . . . . . . . . . . 14
Chapter 3: Operations
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Configuring Serial Port Settings . . . . . . . . . . . . . . . 17
Connecting to Serial Devices . . . . . . . . . . . . . . . . . . 18
Managing User Accounts . . . . . . . . . . . . . . . . . . . . 28
Using Authentication Modes . . . . . . . . . . . . . . . . . . 31
Using Security Lock-out . . . . . . . . . . . . . . . . . . . . . 33
Managing the Port History Buffer . . . . . . . . . . . . . 34
Managing the CCM Using SNMP . . . . . . . . . . . . . 37
Chapter 4: Using CCM Commands
Accessing the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Entering Commands . . . . . . . . . . . . . . . . . . . . . . . . 43
Understanding Conventions . . . . . . . . . . . . . . . . . . 44
Command Summary . . . . . . . . . . . . . . . . . . . . . . . . 46
Chapter 5: CCM Commands
Connect Command . . . . . . . . . . . . . . . . . . . . . . . . . 53
Disconnect Command . . . . . . . . . . . . . . . . . . . . . . . 53
Help Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Port Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Quit Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Resume Command . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Server Commands . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Show Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
SPC Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
User Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Appendices
Appendix A: Technical Specifications . . . . . . . . . . 85
Appendix B: Device Cabling . . . . . . . . . . . . . . . . . . 86
Appendix C: Ports Used . . . . . . . . . . . . . . . . . . . . . . 90
Appendix D: Technical Support . . . . . . . . . . . . . . . 91
1
Product Overview
Contents
Features and Benefits . . . . . . . . . . . . . . . . . . . . . . . . . 3
Safety Precautions . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Using AVWorks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Chapter 1: Product Overview 3
Chapter 1: Product Overview
Features and Benefits
Overview
The CCM840 and CCM1640 serial over IP network appliances provide non­blocked access and control for serial devices such as routers, power management devices and firewalls.
You may connect up to 8 serial devices to a CCM840, and up to 16 serial devices to a CCM1640. A single 10/100 Ethernet port provides network connectivity on each CCM. Two CCM appliances may be mounted in 1U of vertical space in a standard 19 inch rack.
Serial device access options
You may choose from among several available Telnet options to access the CCM and its attached serial devices:
The AVWorks™ multiplatform graphic management interface that offers a built-in enhanced Telnet client and a Secure Shell (SSH) client
Third-party Telnet clients
Third-party SSH clients
Access to attached serial devices is also possible via a serial Command Line Interface (CLI) connection, a PPP (Point to Point Protocol) dial-in connection to a serial CLI modem or from a third-party SSH client.
User authentication and data security
The CCM user database supports up to 64 user accounts, which include usernames, passwords and/or keys, plus specifications of access rights to CCM ports and commands. User definitions may be changed at any time. You may choose to have user access authenticated locally at the CCM user database or at one or more RADIUS (Remote Access Dial-In User Service) servers. Data security may be enhanced via industry-standard SSH encryption.
Extensive command set
The CCM offers a wide range of commands that allow administrators to easily configure, control and display information about the CCM operating environment, including its ports, user accounts and active sessions. The user interface also offers descriptive error message data and built-in command help information. On-board Trivial File Transfer Protocol (TFTP) support allows administrators to upload new functionality to CCM units in the field.
4 CCM840/1640 Installer/User Guide
Port history
Each CCM port has a buffer that holds the most recent 64K bytes of online and offline serial data. A separate history command mode lets you navigate within a ports current history file and conduct tailored searches.
Safety Precautions
To avoid potential device problems, if the building has 3-phase AC power, ensure that a computer and its monitor (if used) are on the same phase. For best results, they should be on the same circuit.
To avoid potentially fatal shock hazard and possible damage to equipment, please observe the following precautions:
Do not use a 2-wire extension cord in any product confi guration.
Test AC outlets at the computer and monitor (if used) for proper polarity and grounding.
Use only with grounded outlets at both the computer and monitor. When using a backup Uninterruptible Power Supply (UPS), power the computer, the monitor and the CCM unit off the supply.
NOTE: The AC inlet is the main disconnect.
Rack mount safety considerations
Elevated Ambient Temperature: If installed in a closed rack assembly, the operation temperature of the rack environment may be greater than room ambient. Use care not to exceed the rated maximum ambient temperature of the unit.
• Reduced Airfl ow: Installation of the equipment in a rack should be such that the amount of airfl ow required for safe operation of the equipment is not compromised.
Mechanical Loading: Mounting of the equipment in the rack should be such that a hazardous condition is not achieved due to uneven mechanical loading.
Circuit Overloading: Consideration should be given to the connection of the equipment to the supply circuit and the effect that overloading of circuits might have on overcurrent protection and supply wiring. Consider equipment nameplate ratings for maximum current.
Reliable Earthing: Reliable earthing of rack mounted equipment should be maintained. Pay particular attention to supply connections other than direct connections to the branch circuit (for example, use of power strips).
Chapter 1: Product Overview 5
Using AVWorks
The AVWorks graphical management interface may be used to manage CCM840/1640 appliances and access attached devices. Using AVWorks, you may perform most of the operations that are described in this manual. This manual describes how to manage a CCM840/1640 by entering commands using the CLI. The AVWorks Installer/User Guide describes how to manage a CCM840/1640 using the graphical interface.
6 CCM840/1640 Installer/User Guide
Installation and
2
Configuration
Contents
Hardware Overview . . . . . . . . . . . . . . . . . . . . . . . . . 9
Installing the CCM . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Configuring the CCM . . . . . . . . . . . . . . . . . . . . . . . 10
Reinitializing the CCM . . . . . . . . . . . . . . . . . . . . . . 14
Chapter 2: Installation and Configuration 9
Chapter 2: Installation and Configuration
Hardware Overview
Figure 2.1 shows the front of a CCM1640.
Figure 2.1: CCM1640 Front View
The lower left area of the front panel contains the following LEDs and buttons:
The POWER LED illuminates when the CCM is connected to a power source.
The ON LIN E LED illuminates steadily (not blinking) when the CCM
self-test and initialization procedures complete successfully.
The LIN K LED illuminates when the CCM establishes a connection to the network.
The TRA FFIC LED blinks when there is network traffi c.
The 100MBps LED illuminates when the CCM is c onnected to a 100
MBps LAN.
The RESET button, when pressed, reboots the CCM.
The INIT button, when pressed, restores the CCM to factory defaults. See
Reinitializing the CCM in this chapter.
Figure 2.2 shows the back panel of a CCM1640.
Figure 2.2: CCM1640 Back Panel
The back panel contains:
8 (CCM840) or 16 (CCM1640) RJ-45 connectors for serial cabling
A LAN connector for a 10BaseT or 100BaseT interface cable
The AC line cord connector
10 CCM840/1640 Installer/User Guide
Installing the CCM
WARNING: The power outlet should be installed near the equipment and should be
easily accessible.
To install the CCM hardware:
1. Locate the CCM where you can connect cables between the serial devices and the CCM serial ports, and where you can connect a LAN interface cable between the Ethernet hub or switch and the CCM LAN connector.
If you are using a rack mount kit, follow the instructions inc luded with
the kit.
2. Connect serial devices to the CCM serial ports ; see Appendix B for cabling information. Connect each serial device to it s appropriate power source, following the devices documentation.
3. Attach a 1 0BaseT or 100BaseT LAN interface cable to the LAN connector on the back of the CCM. A CAT 5 cable is required for 100BaseT operation.
4. Insert the power cord into the back of the CCM. Insert the other end of the power cord into a grounded electrical receptacle.
5. Check that the POWER LED on the front of the CCM is illuminated. If not, check the power cable to ensure that it is inserted snugly into the back of the unit. The ONLINE LED will illuminate within one minute to indicate that the unit self-test is complete. If the ONLIN E LED blinks, contact Equinox Technical Support for assistance.
6. Check that the LINK LED is illuminated. If not, check the Ethernet cable to ensure that both ends are correctly inserted into their jacks. If the unit is connected to a 1 00 MB Ethernet hub, the 100MBps LED will be illuminated.
7. Once the POWER, ONLINE and LINK LEDs are illuminated, remove power from the CCM and proceed with the confi guration process.
WARNING: The CCM840/1640 and all attached devices should be powered down before servicing the unit. Always disconnect the power cord from the wall outlet.
Configuring the CCM
To configure the CCM840/1640, you must enter a unique IP address and the networks subnet mask. This information will be stored in the units configuration database. During initial login, you will specify a password for the Admin user.
Chapter 2: Installation and Configuration 11
Configuring the IP address and subnet mask
You may use any of four methods to configure the CCM IP address and subnet mask: AVWorks, BootP, Telnet Command Line Interface (CLI) or the serial CLI on port 1.
These methods work as documented on most Windows
®
and UNIX® systems; however, the actual implementation on your system may differ from the instructions provided. Refer to your system administrator guide, or use AVWorks to simplify CCM configuration.
To confi gure the IP address and subnet mask using AVWorks:
Using the AVWorks installation wizard is the easiest method to configure the CCM IP address and subnet mask. See the AVWorks Installer/User Guide for instructions. After the IP address and subnet mask are configured, see Initial CCM login in this chapter.
To confi gure the IP address and subnet mask using BootP:
1. Ensure that there is a BootP server on your network that is confi gured t o
correctly respond to a BootP request from the CCM. BootP servers require the Ethernet MAC address of network devices. The CCM Ethernet MAC address is located on the back of the unit. See your BootP servers system administrator guide for information about confi guring the BootP server.
2. After you have confi gured your networks BootP server with the CCM
Ethernet MAC address, IP address and subnet mask, restore power to the CCM and wait for the ONLINE LED to illuminate. Once this occurs, the CCM has completed the BootP protocol, obtained its IP address and subnet mask and stored these in FLASH.
3. You may verify that the BootP process was successful with a ping command,
which tests network connectivity. The ping command is entered as:
ping <ip_address>
For example, the following command tests the network connectivity of a
CCM with the IP address 192.168.0.5.
ping 192.168.0.5
4. If the CCM completes the BootP successfully, you will see a display similar
to the following.
Pinging 192.168.0.5 with 32 bytes of data: Reply from 192.168.0.5: bytes=32 time<10ms TTL=128 Reply from 192.168.0.5: bytes=32 time<10ms TTL=128 Reply from 192.168.0.5: bytes=32 time<10ms TTL=128 Reply from 192.168.0.5: bytes=32 time<10ms TTL=128
12 CCM840/1640 Installer/User Guide
If the CCM did not successfully obtain its IP address with the BootP
protocol, you will see a display similar to the following.
Pinging 192.168.0.5 with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out.
In this case, check the MAC address and IP address provided to the BootP
server to confi rm they are correct. Verify that the Ethernet LAN adaptor cable is correctly installed on the CCM and the Ethernet hub.
After the IP address is configured successfully, launch a Telnet session to the CCM IP address. Then, see Initial CCM login in this chapter.
To confi gure the IP address and subnet mask using a Telnet CLI:
1. Ensure that your server or workstation has a Telnet client and is located on the same LAN segment as the CCM.
2. Use the arp command to update the server or workstation with the CCM IP address and Ethernet MAC address. The CCM Ethernet MAC address is located on the back panel above the LAN connector. The arp command is entered as:
arp -s <ip_address> <mac_address>
For example, the following command assigns the IP address 192.168.0.5
and the Ethernet MAC address 00-80-7d-54-01-54 to the CCM.
arp -s 192.168.0.5 00-80-7d-54-01-54
On a UNIX platform, the MAC address may require colons (:) instead of
dashes (-), for example, 00:80:7d:54:01:54.
3. You may verify that you entered the information correctly by using an arp command with the -a option.
arp -a
This command shows all arp entries for the server or workst ation. S ee
your system administrator guide if you need additional help with the arp command.
4. After the above arp c ommand is ent ered c orrec t ly, launch a Telnet client to the assigned IP address. Then, continue with Initial CCM login in this chapter.
To confi gure the CCM using the serial CLI:
1. By factory default, port 1 of the CCM is confi gured for the serial CLI. To access the serial CLI, attach a compatible device to port 1. The compatible device types are: ASCII, VT52, VT100, VT102, VT220 and VT320.
Chapter 2: Installation and Configuration 13
Appendix B lists the required cables and adaptors. You may also use any
terminal emulation program that is available on your system.
2. Confi gure your terminal or terminal emulation program as follows. Baud rate 9600
Bits per character 8 Parity None Stop bits 1 Flow control None
3. Press the Return or Enter key until a prompt appears, requesting your username. If you do not receive a prompt after pressing the key fi ve t imes, check your cable and serial settings to be sure that they are correct.
4. Proceed to Initial CCM login in this chapter.
After you complete the CCM configuration, you may reconfigure the CLI on another port or disable it completely and use port 1 with an attached device. For more information, see Connecting to devices from the serial CLI port in Chapter 3.
Initial CCM login
The CCM ships with a single user defined in its user database. The first time you connect to the CCM via Telnet or serial CLI, you are prompted for a username.
To log in to the CCM for the fi rst time:
1. At the Username prompt, type Admin. There is no factory default password for the Admin user. At the Password prompt, press Return.
Username: Admin Password: Authentication Complete CCM configuration is required.
2. Once authentication completes, the CCM prompts for any missing confi guration values that are required for operation.
If you already provided the IP address and subnet mask, you will not be
prompted for those values again.
If you have not already provided the IP address and subnet mask, you will
be prompted for them. Enter the CCM IP address and subnet mask using standard dot notation.
CCM configuration is required Enter CCM IP address > 192.168.0.5 Enter CCM Subnet mask > 255.255.255.0
14 CCM840/1640 Installer/User Guide
3. You are prompted for a new Admin password. Passwords are case sensitive and must contain 3-16 alphanumeric characters. You must enter the new password twice to confi rm that you entered it correctly.
Enter CCM New Admin Password > ***** Confirm New Admin Password > *****
After you have provided the required configuration information, a confirmation message appears while the CCM stores the values in its configuration database.
You have now completed the initial login, and you may enter additional commands at the CLI prompt (>). To configure CCM ports, see Configuring Serial Port Settings in Chapter 3.
Reinitializing the CCM
Reinitializing the CCM removes configured information. This may be useful when reinstalling the CCM at another location in your network.
The CCM stores configuration information in FLASH databases. During reinitialization, the FLASH erase has two phases. The first phase erases the CCM configuration database, which contains all nonvolatile data except the IP address. The second phase erases the IP address and restores the CCM to its factory default settings.
To reinitialize the CCM:
1. Locate the recessed INIT button on the front of the CCM. You will need a tool that fi ts inside the recess, such as an opened paper clip.
2. Insert the tool in the recess, then depress and hold the button. The ONLINE LED will blink, indicating a CCM initialization has been requested. You have approximately seven seconds to release the button before any action is taken.
After seven seconds, the ONLINE LED will blink more rapidly to confi rm
that the CCM confi guration database has been erased. Continuing to hold the INIT button for a few more seconds will erase the IP address as well. The ON LIN E LED will blink faster to confi rm the deletion.
If any portion of FLASH is erased, the CCM reboots when the INIT button is released.
3
Operations
Contents
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Configuring Serial Port Settings . . . . . . . . . . . . . . . 17
Connecting to Serial Devices . . . . . . . . . . . . . . . . . . 18
Managing User Accounts . . . . . . . . . . . . . . . . . . . . 28
Using Authentication Modes . . . . . . . . . . . . . . . . . . 31
Using Security Lock-out . . . . . . . . . . . . . . . . . . . . . 33
Managing the Port History Buffer . . . . . . . . . . . . . 34
Managing the CCM Using SNMP . . . . . . . . . . . . . 37
Chapter 3: Operations 17
Chapter 3: Operations
Overview
The CCM and its ports may be easily configured and managed to meet your requirements for device connection, user authentication, access control, power status monitoring, port history information display and SNMP compliance for use with third-party network management products.
Configuring Serial Port Settings
By default, CCM ports are configured with the following settings. Target device Console
Name xx-xx-xx Pn (last 3 octets of MAC address plus the port number) Baud rate 9600 Bits per character 8 Parity None Stop bits 1 Flow control None Time-out 15 minutes CLI access character Use Server CLI setting (^D) Power None
Most of these settings are standard serial port operating characteristics. The CLI access character parameter specifies how you access the CLI. For
more information, see CLI mode in this chapter. The Power parameter instructs the CCM to monitor the state of a specified
control signal. Signal transitions may be configured to trigger SNMP alerts. The parameter value indicates an inbound control signal (CTS, DCD or DSR) and the state of that signal (low or high). When the defined signal is true, the CCM interprets it as a power on condition for the attached device; when the signal is false, a power off condition for the device is assumed. The signal specified for flow control cannot be used for power control, and vice versa.
To confi gure serial console port settings:
Issue a Port Set command. You may specify settings for one or all ports. PORT [<port>|ALL] SET [NAME=<name>] [BAUD=<baud>]
[SIZE=<size>] [PARITY=<parity>] [STOP=<stop_bits>] [FLOW=<fl ow_ctrl>] [TIMEOUT=<time-out>] [SOCKET=<socket>] [CHAR=^<cli_char>] [TOGGLE=NONE|DTR] [POWER=<signal>] . . .
18 CCM840/1640 Installer/User Guide
For more information and descriptions of all valid parameters, see Port Set command in Chapter 5.
To display serial port settings:
Issue a Show Port command. SHOW PORT [<port>|ALL|NAMES]
When you request information about a port, the display includes configuration information, current power status (if power status monitoring has been enabled), plus transmit, receive and error counts. When you request information about a single port and a user is currently accessing that port, the display also includes the username, access rights and other information about the current session.
When you request information about port names, the display includes the port numbers and names. If a ports name has not been changed with a Port Set command, the logical name is displayed.
For more information, see Show Port command in Chapter 5.
Connecting to Serial Devices
The CCM offers several methods for connecting to attached serial devices: Telnet, serial CLI, PPP and SSH.
Preemption
Depending on configured access levels, a user who is connecting to a port (the connecting user) may disconnect another user of equal or lower access (the current user).
If the connecting users access level is lower than the current users access level, the connecting user will receive an In Use message and the connection will be dropped.
If the connecting users access level is equal to or higher than the owning users access level, an In Use by owning user message will be displayed. The connecting user may then choose to preempt the current users session. If the current users session is preempted, an appropriate message is displayed.
For more information about access levels, see Access rights and levels in this chapter.
Chapter 3: Operations 19
Connecting to devices using Telnet
Each CCM serial port is directly addressable via a unique TCP port number that provides a connection to the attached serial device.
Plain text (non-encrypted) Telnet connections are enabled by default. For information about enabling both plain text Telnet and SSH connections, see Enabling plain text Telnet and SSH connections in this chapter.
To connect to a device using Telnet:
Type telnet, followed by the CCM IP address and the appropriate TCP port number, which by default is 3000 plus the physical port number, in decimal format. (The TCP port number may be changed for any CCM port.)
For example, the following Telnet command connects to the serial device attached to physical port 14 of a CCM1640.
telnet 192.168.0.5 3014
If an authentication method other than None has been configured for the CCM, you will be prompted for credentials (username and password). Once authentication completes, your connection is confirmed. When you successfully connect to the serial device, you will see a display similar to the following.
Username: Myname Password: ****** Authentication Complete Connected to Port: 14 9600,8,N,1,XON/XOFF
If the authentication method is configured as None, you may Telnet and connect to a serial device without entering credentials; however, credentials are always required when connecting to the CCM CLI.
Data entered at the Telnet client is written to the attached serial device. Any data received by the CCM from the serial device is output to your Telnet client.
You may access the CCM and its ports using Equinox-provided or third-party Telnet client applications. A cross-platform Telnet client is bundled with the AVWorks application. Third-party Telnet client applications may be used in combination with AVWorks or standalone.
You may connect using either SSH (AVWorks provides built-in support for SSH2) or plain text.
AVWorks Telnet
AVWorks is a cross-platform client application provided with each CCM. AVWorks provides a convenient way to select a CCM or attached device and
launch a Telnet session to manage it.
20 CCM840/1640 Installer/User Guide
AVWorks includes a built-in Serial Console Viewer Telnet application that offers several features not found in other Telnet clients. For maximum flexibility, AVWorks allows you to associate a unique Telnet client with each CCM port.
You may specify the built-in Telnet client or a third-party Telnet client. For more information, see the AVWorks Installer/User Guide.
Standalone third-party Telnet clients
You may use third-party Telnet clients to access the CCM directly without AVWorks management software.
Connecting to devices from the serial CLI port
By factory default, port 1 of the CCM is configured with the serial CLI, which prohibits the use of port 1 with an attached serial device. You may configure the CLI on a different port, but only one port may be configured as the serial CLI port at one time. For example, when you enable the CLI interface on port n, and it is already active on port p, then the CLI will automatically be disabled on port p.
You may connect to one serial device at a time through the serial CLI port using a local terminal or a local PC using a terminal emulation program. If you connect an external modem to the serial CLI port, you may also access devices through a remote terminal or PC that can dial into the CCM external modem. For information about modem connections, see Configuring and using dial-in connections in this chapter and Server CLI command in Chapter 5.
To confi gure a port for the serial CLI:
1. Issue a Server CLI command, using the Port parameter to specify the CLI port and the Type parameter to specify the terminal type.
SERVER CLI PORT=<port> TYPE=<type>
2. To disable the CLI that was previously confi gured on a port, issue a Server CLI command, indicating Type=Off.
For more information, see Server CLI command in Chapter 5.
To display CLI port information:
Issue a Show Server CLI command. SHOW SERVER CLI
The display includes the CLI port number and terminal type, plus the CLI access character. For more information, see Show Server CLI command in Chapter 5.
Chapter 3: Operations 21
To connect to a device from the serial CLI port:
1. Issue a Server CLI command, using the Connect parameter to enable the use of the Connect command from the serial CLI port.
SERVER CLI CONNECT=ON
2. Issue a Connect command to the desired port.
CONNECT <port>
3. To end a device session that was initiated with a Connect command, issue a Disconnect command.
DISCONNECT For more information, see Server CLI command, Connect Command and
Disconnect Command in Chapter 5.
Configuring and using dial-in connections
You may attach an external modem to the serial CLI port for dial-in serial CLI access to the CCM. This may be used as a backup connection if the unit is not accessible from the network. It may also be used as a primary connection at remote sites that do not have Ethernet network capability. The modem must be Hayes compatible.
To specify a modem initialization string:
1. Issue a Show Server CLI command to ensure that the port where the modem is connected has been defi ned as the serial CLI port.
SHOW SERVER CLI
2. Issue a Server CLI command, using the Modeminit parameter to specify the modem initialization string.
SERVER CLI MODEMINIT=<string> The string must be enclosed in quotes and must include at least the
command settings ATV1 and SO=1, which cause the modem to issue verbose response strings and auto-answer the phone on the fi rst ring. For more information, see Server CLI command in Chapter 5.
The modem initialization string is sent to the cabled modem when any of
the following conditions occur:
CCM initialization
Detection of a transition of DSR from low to high
Completion of a call when DCD changes from high to low
3. Upon successful modem connection, press the Enter key until the login prompt appears.
22 CCM840/1640 Installer/User Guide
To display modem confi guration information:
Issue a Show Server CLI command. SHOW SERVER CLI
For more information, see Show Server CLI command in Chapter 5.
Connecting to devices using PPP
The CCM supports remote PPP access using an auto-answer modem that answers calls. A dial-in client and the CCM establish the PPP protocol.
The PPP dial-in may be used to access a remote CCM that does not warrant a WAN (Wide Area Network) link to the Ethernet interface. In this case, the PPP connection allows a remote PC with Telnet capability to dial the CCM and then establish a Telnet connection to a CCM port.
The PPP dial-in may also be used to access a subnet containing remote CCM devices in the event of a WAN link failure. In this case, the PPP provides an alternate path to one or more remote CCM devices.
Once the PPP connection is established, you must launch an application that connects to the CCM or to one of its ports. The PPP connection is only a communications interface to the CCM.
The CCM implements a PPP server that uses CHAP (Challenge Authentication Protocol). Passwords are not accepted in the clear on PPP connections.
PPP is disabled by default.
To enable or disable a PPP server on the serial CLI port:
1. To enable a PPP server on the serial CLI port, issue a Show Server CLI command to ensure that a serial CLI port has been defi ned.
SHOW SERVER CLI
2. Issue a Server PPP command with the Enable parameter.
SERVER PPP ENABLE LOCALIP=<local_ip> REMOTEIP=<rem_ip>
[MASK=<subnet>]
You must specify local and remote IP addresses to be used for the CCM
and client ends of the PPP connection respectively. You are prompted to confi rm or cancel the changes. Enter Y to confi rm or N to cancel.
3. To disable a PPP server, issue a S erver PPP command with the Disable parameter.
SERVER PPP DISABLE
Chapter 3: Operations 23
For more information, see Show Server CLI command and Server PPP command in Chapter 5.
To display PPP confi guration information:
Issue a Show Server PPP command. SHOW SERVER PPP
For more information, see Show Server PPP command in Chapter 5.
Connecting to devices using SSH
The CCM supports version 2 of the SSH protocol (SSH2). The CCM SSH server operates on the standard SSH port 22. The shell for this connection provides a CLI prompt as if you had established a Telnet connection on port 23. The shell request for this connection is for CLI access.
Additional CCM SSH servers operate on TCP ports that are numbered with values 100 greater than the standard 30xx Telnet ports for the CCM. For example, if port 7 is configured for Telnet access on port 3007, then port 3107 will be a direct SSH connection for port 7. When SSH is enabled, Telnet port 23 connections will be accepted from other clients if the Server Security command includes Encrypt=SSH,None. Connecting to Telnet port 23 may be
tunneled via a connection to SSH port 22.
SSH server keys
When SSH is enabled for the first time, the CCM generates an SSH server key. The key generation process may take up to ten minutes. The key is computed at random and is stored in the CCM configuration database.
In most cases, the SSH server key should not be modified because most SSH clients will associate the key with the IP address of the CCM. During the first connection to a new SSH server, the client will display the fingerprint of the SSH server key and prompt you to indicate if you wish to store it on the SSH client. After the first connection, most SSH clients will validate the key when connecting to the CCM. This provides an extra layer of security because the SSH client can verify the key sent by the server each time it connects.
If you disable SSH and later reenable it, you may either use the existing server key or compute a new one. If you are reenabling the same server at the same IP address, it is recommended that you use the existing key, as SSH clients may be using it for verification. If you are moving the CCM to another location and changing the IP address, you may wish to generate a new SSH server key.
24 CCM840/1640 Installer/User Guide
Authenticating an SSH user
SSH is enabled and disabled with the Server SSH command. When you enable SSH, you may specify the authentication method(s) that will be used for SSH connections. The method may be a password, an SSH key or both. A users password and SSH key are specified with a User Add or User Set command. All SSH keys must be RSA keys. DSA keys are not supported.
The following table lists and describes the valid SSH authentication methods that may be specified with a Server SSH command.
SSH Authentication Methods
Method Description
PW (default) SSH connections will be authenticated with a username/
KEY SSH connections will be authenticated with an SSH key. With this
PW|KEY or KEY|PW SSH connections will be authenticated with either a username/
password. With this method, a user’s defi nition must include a valid password in order for that user to authenticate an SSH session. A password may authenticate to a RADIUS server or to the local user database.
method, a user’s defi nition must include valid SSH key information in order for that user to authenticate an SSH session. Key authentication is always local; RADIUS is not supported. For more information, see SSH user keys in this chapter.
password or an SSH key. If a user has only a password defi ned, that user must authenticate an SSH session with a username/password. If a user has only an SSH key defi ned, that user must authenticate an SSH session using the key. If a user has both a password and an SSH key defi ned, that user may use either a username/password or the SSH key to authenticate an SSH session. This method allows the CCM administrator to defi ne how each user will authenticate an SSH session based on information provided in the User Add/Set command.
PW authentication will be local or RADIUS as specifi ed in the Auth parameter of the Server Security command. Key authentication is always local.
PW&KEY or KEY&PW SSH connections will be authenticated using both a username/
password and an SSH key. With this method, a user’s defi nition must include a password and SSH key information for that user to authenticate an SSH session.
PW authentication will be local or RADIUS as specifi ed in the Auth parameter of the Server Security command. Key authentication is always local.
A users access rights are determined from the authentication method used. SSH key authentication always uses the access rights from the local user database. Depending on the server authentication mode specified with the
Loading...
+ 70 hidden pages