Avocent CCM1640, CCM840 User Manual

CCM840/1640
Installer/User Guide
INSTRUCTIONS
This symbol is intended to alert the user to the presence of important operating and maintenance (servicing) instructions in the literature accompanying the appliance.
DANGEROUS VOLTAGE
This symbol is intended to alert the user to the presence of uninsulated dangerous voltage within the product’s enclosure that may be of sufficient magnitude to constitute a risk of electric shock to persons.
POWER ON
This symbol indicates the principal on/off switch is in the on position.
POWER OFF
This symbol indicates the principal on/off switch is in the off position.
PROTECTIVE GROUNDING TERMINAL
This symbol indicates a terminal which must be connected to earth ground prior to making any other connections to the equipment.
This document is written for use with the CCM840/1640 application version 2.0.
CCM840/1640
Installer/User Guide
Avocent, Equinox and AVWorks are trademarks or registered trademarks of Avocent Corporation or its affiliates. All other marks are the property of their respective owners.
© 2004 Avocent Corporation. All rights reserved.
USA Notification
Canadian Notification
Japanese Notification
Agency Approvals
Warning: Changes or modifications to this unit not expressly approved by the party responsible for compliance could void the user's authority to operate the equipment.
Note: This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment generates, uses and can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference in which case the user will be required to correct the interference at his own expense.
This digital apparatus does not exceed the Class A limits for radio noise emissions from digital apparatus set out in the Radio Interference Regulations of the Canadian Department of Communications.
Le présent appareil numérique n’émet pas de bruits radioélectriques dépassant les limites applicables aux appareils numériques de la classe A prescrites dans le Règlement sur le brouillage radioélectrique édicté par le Ministère des Communications du Canada.
FCC P 15 Class A, EN55022, EN61000-3-2, EN61000-3-3, EN60950, EN55024, ETL (UL 1950), CSA 22.2 No. 950

Table of Contents

Chapter 1: Product Overview
Features and Benefits . . . . . . . . . . . . . . . . . . . . . . . . . 3
Safety Precautions . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Using AVWorks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Chapter 2: Installation and Configuration
Hardware Overview . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Installing the CCM . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Configuring the CCM . . . . . . . . . . . . . . . . . . . . . . . 10
Reinitializing the CCM . . . . . . . . . . . . . . . . . . . . . . 14
Chapter 3: Operations
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Configuring Serial Port Settings . . . . . . . . . . . . . . . 17
Connecting to Serial Devices . . . . . . . . . . . . . . . . . . 18
Managing User Accounts . . . . . . . . . . . . . . . . . . . . 28
Using Authentication Modes . . . . . . . . . . . . . . . . . . 31
Using Security Lock-out . . . . . . . . . . . . . . . . . . . . . 33
Managing the Port History Buffer . . . . . . . . . . . . . 34
Managing the CCM Using SNMP . . . . . . . . . . . . . 37
Chapter 4: Using CCM Commands
Accessing the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Entering Commands . . . . . . . . . . . . . . . . . . . . . . . . 43
Understanding Conventions . . . . . . . . . . . . . . . . . . 44
Command Summary . . . . . . . . . . . . . . . . . . . . . . . . 46
Chapter 5: CCM Commands
Connect Command . . . . . . . . . . . . . . . . . . . . . . . . . 53
Disconnect Command . . . . . . . . . . . . . . . . . . . . . . . 53
Help Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Port Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Quit Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Resume Command . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Server Commands . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Show Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
SPC Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
User Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Appendices
Appendix A: Technical Specifications . . . . . . . . . . 85
Appendix B: Device Cabling . . . . . . . . . . . . . . . . . . 86
Appendix C: Ports Used . . . . . . . . . . . . . . . . . . . . . . 90
Appendix D: Technical Support . . . . . . . . . . . . . . . 91
1
Product Overview
Contents
Features and Benefits . . . . . . . . . . . . . . . . . . . . . . . . . 3
Safety Precautions . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Using AVWorks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Chapter 1: Product Overview 3
Chapter 1: Product Overview
Features and Benefits
Overview
The CCM840 and CCM1640 serial over IP network appliances provide non­blocked access and control for serial devices such as routers, power management devices and firewalls.
You may connect up to 8 serial devices to a CCM840, and up to 16 serial devices to a CCM1640. A single 10/100 Ethernet port provides network connectivity on each CCM. Two CCM appliances may be mounted in 1U of vertical space in a standard 19 inch rack.
Serial device access options
You may choose from among several available Telnet options to access the CCM and its attached serial devices:
The AVWorks™ multiplatform graphic management interface that offers a built-in enhanced Telnet client and a Secure Shell (SSH) client
Third-party Telnet clients
Third-party SSH clients
Access to attached serial devices is also possible via a serial Command Line Interface (CLI) connection, a PPP (Point to Point Protocol) dial-in connection to a serial CLI modem or from a third-party SSH client.
User authentication and data security
The CCM user database supports up to 64 user accounts, which include usernames, passwords and/or keys, plus specifications of access rights to CCM ports and commands. User definitions may be changed at any time. You may choose to have user access authenticated locally at the CCM user database or at one or more RADIUS (Remote Access Dial-In User Service) servers. Data security may be enhanced via industry-standard SSH encryption.
Extensive command set
The CCM offers a wide range of commands that allow administrators to easily configure, control and display information about the CCM operating environment, including its ports, user accounts and active sessions. The user interface also offers descriptive error message data and built-in command help information. On-board Trivial File Transfer Protocol (TFTP) support allows administrators to upload new functionality to CCM units in the field.
4 CCM840/1640 Installer/User Guide
Port history
Each CCM port has a buffer that holds the most recent 64K bytes of online and offline serial data. A separate history command mode lets you navigate within a ports current history file and conduct tailored searches.
Safety Precautions
To avoid potential device problems, if the building has 3-phase AC power, ensure that a computer and its monitor (if used) are on the same phase. For best results, they should be on the same circuit.
To avoid potentially fatal shock hazard and possible damage to equipment, please observe the following precautions:
Do not use a 2-wire extension cord in any product confi guration.
Test AC outlets at the computer and monitor (if used) for proper polarity and grounding.
Use only with grounded outlets at both the computer and monitor. When using a backup Uninterruptible Power Supply (UPS), power the computer, the monitor and the CCM unit off the supply.
NOTE: The AC inlet is the main disconnect.
Rack mount safety considerations
Elevated Ambient Temperature: If installed in a closed rack assembly, the operation temperature of the rack environment may be greater than room ambient. Use care not to exceed the rated maximum ambient temperature of the unit.
• Reduced Airfl ow: Installation of the equipment in a rack should be such that the amount of airfl ow required for safe operation of the equipment is not compromised.
Mechanical Loading: Mounting of the equipment in the rack should be such that a hazardous condition is not achieved due to uneven mechanical loading.
Circuit Overloading: Consideration should be given to the connection of the equipment to the supply circuit and the effect that overloading of circuits might have on overcurrent protection and supply wiring. Consider equipment nameplate ratings for maximum current.
Reliable Earthing: Reliable earthing of rack mounted equipment should be maintained. Pay particular attention to supply connections other than direct connections to the branch circuit (for example, use of power strips).
Chapter 1: Product Overview 5
Using AVWorks
The AVWorks graphical management interface may be used to manage CCM840/1640 appliances and access attached devices. Using AVWorks, you may perform most of the operations that are described in this manual. This manual describes how to manage a CCM840/1640 by entering commands using the CLI. The AVWorks Installer/User Guide describes how to manage a CCM840/1640 using the graphical interface.
6 CCM840/1640 Installer/User Guide
Installation and
2
Configuration
Contents
Hardware Overview . . . . . . . . . . . . . . . . . . . . . . . . . 9
Installing the CCM . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Configuring the CCM . . . . . . . . . . . . . . . . . . . . . . . 10
Reinitializing the CCM . . . . . . . . . . . . . . . . . . . . . . 14
Chapter 2: Installation and Configuration 9
Chapter 2: Installation and Configuration
Hardware Overview
Figure 2.1 shows the front of a CCM1640.
Figure 2.1: CCM1640 Front View
The lower left area of the front panel contains the following LEDs and buttons:
The POWER LED illuminates when the CCM is connected to a power source.
The ON LIN E LED illuminates steadily (not blinking) when the CCM
self-test and initialization procedures complete successfully.
The LIN K LED illuminates when the CCM establishes a connection to the network.
The TRA FFIC LED blinks when there is network traffi c.
The 100MBps LED illuminates when the CCM is c onnected to a 100
MBps LAN.
The RESET button, when pressed, reboots the CCM.
The INIT button, when pressed, restores the CCM to factory defaults. See
Reinitializing the CCM in this chapter.
Figure 2.2 shows the back panel of a CCM1640.
Figure 2.2: CCM1640 Back Panel
The back panel contains:
8 (CCM840) or 16 (CCM1640) RJ-45 connectors for serial cabling
A LAN connector for a 10BaseT or 100BaseT interface cable
The AC line cord connector
10 CCM840/1640 Installer/User Guide
Installing the CCM
WARNING: The power outlet should be installed near the equipment and should be
easily accessible.
To install the CCM hardware:
1. Locate the CCM where you can connect cables between the serial devices and the CCM serial ports, and where you can connect a LAN interface cable between the Ethernet hub or switch and the CCM LAN connector.
If you are using a rack mount kit, follow the instructions inc luded with
the kit.
2. Connect serial devices to the CCM serial ports ; see Appendix B for cabling information. Connect each serial device to it s appropriate power source, following the devices documentation.
3. Attach a 1 0BaseT or 100BaseT LAN interface cable to the LAN connector on the back of the CCM. A CAT 5 cable is required for 100BaseT operation.
4. Insert the power cord into the back of the CCM. Insert the other end of the power cord into a grounded electrical receptacle.
5. Check that the POWER LED on the front of the CCM is illuminated. If not, check the power cable to ensure that it is inserted snugly into the back of the unit. The ONLINE LED will illuminate within one minute to indicate that the unit self-test is complete. If the ONLIN E LED blinks, contact Equinox Technical Support for assistance.
6. Check that the LINK LED is illuminated. If not, check the Ethernet cable to ensure that both ends are correctly inserted into their jacks. If the unit is connected to a 1 00 MB Ethernet hub, the 100MBps LED will be illuminated.
7. Once the POWER, ONLINE and LINK LEDs are illuminated, remove power from the CCM and proceed with the confi guration process.
WARNING: The CCM840/1640 and all attached devices should be powered down before servicing the unit. Always disconnect the power cord from the wall outlet.
Configuring the CCM
To configure the CCM840/1640, you must enter a unique IP address and the networks subnet mask. This information will be stored in the units configuration database. During initial login, you will specify a password for the Admin user.
Chapter 2: Installation and Configuration 11
Configuring the IP address and subnet mask
You may use any of four methods to configure the CCM IP address and subnet mask: AVWorks, BootP, Telnet Command Line Interface (CLI) or the serial CLI on port 1.
These methods work as documented on most Windows
®
and UNIX® systems; however, the actual implementation on your system may differ from the instructions provided. Refer to your system administrator guide, or use AVWorks to simplify CCM configuration.
To confi gure the IP address and subnet mask using AVWorks:
Using the AVWorks installation wizard is the easiest method to configure the CCM IP address and subnet mask. See the AVWorks Installer/User Guide for instructions. After the IP address and subnet mask are configured, see Initial CCM login in this chapter.
To confi gure the IP address and subnet mask using BootP:
1. Ensure that there is a BootP server on your network that is confi gured t o
correctly respond to a BootP request from the CCM. BootP servers require the Ethernet MAC address of network devices. The CCM Ethernet MAC address is located on the back of the unit. See your BootP servers system administrator guide for information about confi guring the BootP server.
2. After you have confi gured your networks BootP server with the CCM
Ethernet MAC address, IP address and subnet mask, restore power to the CCM and wait for the ONLINE LED to illuminate. Once this occurs, the CCM has completed the BootP protocol, obtained its IP address and subnet mask and stored these in FLASH.
3. You may verify that the BootP process was successful with a ping command,
which tests network connectivity. The ping command is entered as:
ping <ip_address>
For example, the following command tests the network connectivity of a
CCM with the IP address 192.168.0.5.
ping 192.168.0.5
4. If the CCM completes the BootP successfully, you will see a display similar
to the following.
Pinging 192.168.0.5 with 32 bytes of data: Reply from 192.168.0.5: bytes=32 time<10ms TTL=128 Reply from 192.168.0.5: bytes=32 time<10ms TTL=128 Reply from 192.168.0.5: bytes=32 time<10ms TTL=128 Reply from 192.168.0.5: bytes=32 time<10ms TTL=128
12 CCM840/1640 Installer/User Guide
If the CCM did not successfully obtain its IP address with the BootP
protocol, you will see a display similar to the following.
Pinging 192.168.0.5 with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out.
In this case, check the MAC address and IP address provided to the BootP
server to confi rm they are correct. Verify that the Ethernet LAN adaptor cable is correctly installed on the CCM and the Ethernet hub.
After the IP address is configured successfully, launch a Telnet session to the CCM IP address. Then, see Initial CCM login in this chapter.
To confi gure the IP address and subnet mask using a Telnet CLI:
1. Ensure that your server or workstation has a Telnet client and is located on the same LAN segment as the CCM.
2. Use the arp command to update the server or workstation with the CCM IP address and Ethernet MAC address. The CCM Ethernet MAC address is located on the back panel above the LAN connector. The arp command is entered as:
arp -s <ip_address> <mac_address>
For example, the following command assigns the IP address 192.168.0.5
and the Ethernet MAC address 00-80-7d-54-01-54 to the CCM.
arp -s 192.168.0.5 00-80-7d-54-01-54
On a UNIX platform, the MAC address may require colons (:) instead of
dashes (-), for example, 00:80:7d:54:01:54.
3. You may verify that you entered the information correctly by using an arp command with the -a option.
arp -a
This command shows all arp entries for the server or workst ation. S ee
your system administrator guide if you need additional help with the arp command.
4. After the above arp c ommand is ent ered c orrec t ly, launch a Telnet client to the assigned IP address. Then, continue with Initial CCM login in this chapter.
To confi gure the CCM using the serial CLI:
1. By factory default, port 1 of the CCM is confi gured for the serial CLI. To access the serial CLI, attach a compatible device to port 1. The compatible device types are: ASCII, VT52, VT100, VT102, VT220 and VT320.
Chapter 2: Installation and Configuration 13
Appendix B lists the required cables and adaptors. You may also use any
terminal emulation program that is available on your system.
2. Confi gure your terminal or terminal emulation program as follows. Baud rate 9600
Bits per character 8 Parity None Stop bits 1 Flow control None
3. Press the Return or Enter key until a prompt appears, requesting your username. If you do not receive a prompt after pressing the key fi ve t imes, check your cable and serial settings to be sure that they are correct.
4. Proceed to Initial CCM login in this chapter.
After you complete the CCM configuration, you may reconfigure the CLI on another port or disable it completely and use port 1 with an attached device. For more information, see Connecting to devices from the serial CLI port in Chapter 3.
Initial CCM login
The CCM ships with a single user defined in its user database. The first time you connect to the CCM via Telnet or serial CLI, you are prompted for a username.
To log in to the CCM for the fi rst time:
1. At the Username prompt, type Admin. There is no factory default password for the Admin user. At the Password prompt, press Return.
Username: Admin Password: Authentication Complete CCM configuration is required.
2. Once authentication completes, the CCM prompts for any missing confi guration values that are required for operation.
If you already provided the IP address and subnet mask, you will not be
prompted for those values again.
If you have not already provided the IP address and subnet mask, you will
be prompted for them. Enter the CCM IP address and subnet mask using standard dot notation.
CCM configuration is required Enter CCM IP address > 192.168.0.5 Enter CCM Subnet mask > 255.255.255.0
14 CCM840/1640 Installer/User Guide
3. You are prompted for a new Admin password. Passwords are case sensitive and must contain 3-16 alphanumeric characters. You must enter the new password twice to confi rm that you entered it correctly.
Enter CCM New Admin Password > ***** Confirm New Admin Password > *****
After you have provided the required configuration information, a confirmation message appears while the CCM stores the values in its configuration database.
You have now completed the initial login, and you may enter additional commands at the CLI prompt (>). To configure CCM ports, see Configuring Serial Port Settings in Chapter 3.
Reinitializing the CCM
Reinitializing the CCM removes configured information. This may be useful when reinstalling the CCM at another location in your network.
The CCM stores configuration information in FLASH databases. During reinitialization, the FLASH erase has two phases. The first phase erases the CCM configuration database, which contains all nonvolatile data except the IP address. The second phase erases the IP address and restores the CCM to its factory default settings.
To reinitialize the CCM:
1. Locate the recessed INIT button on the front of the CCM. You will need a tool that fi ts inside the recess, such as an opened paper clip.
2. Insert the tool in the recess, then depress and hold the button. The ONLINE LED will blink, indicating a CCM initialization has been requested. You have approximately seven seconds to release the button before any action is taken.
After seven seconds, the ONLINE LED will blink more rapidly to confi rm
that the CCM confi guration database has been erased. Continuing to hold the INIT button for a few more seconds will erase the IP address as well. The ON LIN E LED will blink faster to confi rm the deletion.
If any portion of FLASH is erased, the CCM reboots when the INIT button is released.
3
Operations
Contents
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Configuring Serial Port Settings . . . . . . . . . . . . . . . 17
Connecting to Serial Devices . . . . . . . . . . . . . . . . . . 18
Managing User Accounts . . . . . . . . . . . . . . . . . . . . 28
Using Authentication Modes . . . . . . . . . . . . . . . . . . 31
Using Security Lock-out . . . . . . . . . . . . . . . . . . . . . 33
Managing the Port History Buffer . . . . . . . . . . . . . 34
Managing the CCM Using SNMP . . . . . . . . . . . . . 37
Chapter 3: Operations 17
Chapter 3: Operations
Overview
The CCM and its ports may be easily configured and managed to meet your requirements for device connection, user authentication, access control, power status monitoring, port history information display and SNMP compliance for use with third-party network management products.
Configuring Serial Port Settings
By default, CCM ports are configured with the following settings. Target device Console
Name xx-xx-xx Pn (last 3 octets of MAC address plus the port number) Baud rate 9600 Bits per character 8 Parity None Stop bits 1 Flow control None Time-out 15 minutes CLI access character Use Server CLI setting (^D) Power None
Most of these settings are standard serial port operating characteristics. The CLI access character parameter specifies how you access the CLI. For
more information, see CLI mode in this chapter. The Power parameter instructs the CCM to monitor the state of a specified
control signal. Signal transitions may be configured to trigger SNMP alerts. The parameter value indicates an inbound control signal (CTS, DCD or DSR) and the state of that signal (low or high). When the defined signal is true, the CCM interprets it as a power on condition for the attached device; when the signal is false, a power off condition for the device is assumed. The signal specified for flow control cannot be used for power control, and vice versa.
To confi gure serial console port settings:
Issue a Port Set command. You may specify settings for one or all ports. PORT [<port>|ALL] SET [NAME=<name>] [BAUD=<baud>]
[SIZE=<size>] [PARITY=<parity>] [STOP=<stop_bits>] [FLOW=<fl ow_ctrl>] [TIMEOUT=<time-out>] [SOCKET=<socket>] [CHAR=^<cli_char>] [TOGGLE=NONE|DTR] [POWER=<signal>] . . .
18 CCM840/1640 Installer/User Guide
For more information and descriptions of all valid parameters, see Port Set command in Chapter 5.
To display serial port settings:
Issue a Show Port command. SHOW PORT [<port>|ALL|NAMES]
When you request information about a port, the display includes configuration information, current power status (if power status monitoring has been enabled), plus transmit, receive and error counts. When you request information about a single port and a user is currently accessing that port, the display also includes the username, access rights and other information about the current session.
When you request information about port names, the display includes the port numbers and names. If a ports name has not been changed with a Port Set command, the logical name is displayed.
For more information, see Show Port command in Chapter 5.
Connecting to Serial Devices
The CCM offers several methods for connecting to attached serial devices: Telnet, serial CLI, PPP and SSH.
Preemption
Depending on configured access levels, a user who is connecting to a port (the connecting user) may disconnect another user of equal or lower access (the current user).
If the connecting users access level is lower than the current users access level, the connecting user will receive an In Use message and the connection will be dropped.
If the connecting users access level is equal to or higher than the owning users access level, an In Use by owning user message will be displayed. The connecting user may then choose to preempt the current users session. If the current users session is preempted, an appropriate message is displayed.
For more information about access levels, see Access rights and levels in this chapter.
Chapter 3: Operations 19
Connecting to devices using Telnet
Each CCM serial port is directly addressable via a unique TCP port number that provides a connection to the attached serial device.
Plain text (non-encrypted) Telnet connections are enabled by default. For information about enabling both plain text Telnet and SSH connections, see Enabling plain text Telnet and SSH connections in this chapter.
To connect to a device using Telnet:
Type telnet, followed by the CCM IP address and the appropriate TCP port number, which by default is 3000 plus the physical port number, in decimal format. (The TCP port number may be changed for any CCM port.)
For example, the following Telnet command connects to the serial device attached to physical port 14 of a CCM1640.
telnet 192.168.0.5 3014
If an authentication method other than None has been configured for the CCM, you will be prompted for credentials (username and password). Once authentication completes, your connection is confirmed. When you successfully connect to the serial device, you will see a display similar to the following.
Username: Myname Password: ****** Authentication Complete Connected to Port: 14 9600,8,N,1,XON/XOFF
If the authentication method is configured as None, you may Telnet and connect to a serial device without entering credentials; however, credentials are always required when connecting to the CCM CLI.
Data entered at the Telnet client is written to the attached serial device. Any data received by the CCM from the serial device is output to your Telnet client.
You may access the CCM and its ports using Equinox-provided or third-party Telnet client applications. A cross-platform Telnet client is bundled with the AVWorks application. Third-party Telnet client applications may be used in combination with AVWorks or standalone.
You may connect using either SSH (AVWorks provides built-in support for SSH2) or plain text.
AVWorks Telnet
AVWorks is a cross-platform client application provided with each CCM. AVWorks provides a convenient way to select a CCM or attached device and
launch a Telnet session to manage it.
20 CCM840/1640 Installer/User Guide
AVWorks includes a built-in Serial Console Viewer Telnet application that offers several features not found in other Telnet clients. For maximum flexibility, AVWorks allows you to associate a unique Telnet client with each CCM port.
You may specify the built-in Telnet client or a third-party Telnet client. For more information, see the AVWorks Installer/User Guide.
Standalone third-party Telnet clients
You may use third-party Telnet clients to access the CCM directly without AVWorks management software.
Connecting to devices from the serial CLI port
By factory default, port 1 of the CCM is configured with the serial CLI, which prohibits the use of port 1 with an attached serial device. You may configure the CLI on a different port, but only one port may be configured as the serial CLI port at one time. For example, when you enable the CLI interface on port n, and it is already active on port p, then the CLI will automatically be disabled on port p.
You may connect to one serial device at a time through the serial CLI port using a local terminal or a local PC using a terminal emulation program. If you connect an external modem to the serial CLI port, you may also access devices through a remote terminal or PC that can dial into the CCM external modem. For information about modem connections, see Configuring and using dial-in connections in this chapter and Server CLI command in Chapter 5.
To confi gure a port for the serial CLI:
1. Issue a Server CLI command, using the Port parameter to specify the CLI port and the Type parameter to specify the terminal type.
SERVER CLI PORT=<port> TYPE=<type>
2. To disable the CLI that was previously confi gured on a port, issue a Server CLI command, indicating Type=Off.
For more information, see Server CLI command in Chapter 5.
To display CLI port information:
Issue a Show Server CLI command. SHOW SERVER CLI
The display includes the CLI port number and terminal type, plus the CLI access character. For more information, see Show Server CLI command in Chapter 5.
Chapter 3: Operations 21
To connect to a device from the serial CLI port:
1. Issue a Server CLI command, using the Connect parameter to enable the use of the Connect command from the serial CLI port.
SERVER CLI CONNECT=ON
2. Issue a Connect command to the desired port.
CONNECT <port>
3. To end a device session that was initiated with a Connect command, issue a Disconnect command.
DISCONNECT For more information, see Server CLI command, Connect Command and
Disconnect Command in Chapter 5.
Configuring and using dial-in connections
You may attach an external modem to the serial CLI port for dial-in serial CLI access to the CCM. This may be used as a backup connection if the unit is not accessible from the network. It may also be used as a primary connection at remote sites that do not have Ethernet network capability. The modem must be Hayes compatible.
To specify a modem initialization string:
1. Issue a Show Server CLI command to ensure that the port where the modem is connected has been defi ned as the serial CLI port.
SHOW SERVER CLI
2. Issue a Server CLI command, using the Modeminit parameter to specify the modem initialization string.
SERVER CLI MODEMINIT=<string> The string must be enclosed in quotes and must include at least the
command settings ATV1 and SO=1, which cause the modem to issue verbose response strings and auto-answer the phone on the fi rst ring. For more information, see Server CLI command in Chapter 5.
The modem initialization string is sent to the cabled modem when any of
the following conditions occur:
CCM initialization
Detection of a transition of DSR from low to high
Completion of a call when DCD changes from high to low
3. Upon successful modem connection, press the Enter key until the login prompt appears.
22 CCM840/1640 Installer/User Guide
To display modem confi guration information:
Issue a Show Server CLI command. SHOW SERVER CLI
For more information, see Show Server CLI command in Chapter 5.
Connecting to devices using PPP
The CCM supports remote PPP access using an auto-answer modem that answers calls. A dial-in client and the CCM establish the PPP protocol.
The PPP dial-in may be used to access a remote CCM that does not warrant a WAN (Wide Area Network) link to the Ethernet interface. In this case, the PPP connection allows a remote PC with Telnet capability to dial the CCM and then establish a Telnet connection to a CCM port.
The PPP dial-in may also be used to access a subnet containing remote CCM devices in the event of a WAN link failure. In this case, the PPP provides an alternate path to one or more remote CCM devices.
Once the PPP connection is established, you must launch an application that connects to the CCM or to one of its ports. The PPP connection is only a communications interface to the CCM.
The CCM implements a PPP server that uses CHAP (Challenge Authentication Protocol). Passwords are not accepted in the clear on PPP connections.
PPP is disabled by default.
To enable or disable a PPP server on the serial CLI port:
1. To enable a PPP server on the serial CLI port, issue a Show Server CLI command to ensure that a serial CLI port has been defi ned.
SHOW SERVER CLI
2. Issue a Server PPP command with the Enable parameter.
SERVER PPP ENABLE LOCALIP=<local_ip> REMOTEIP=<rem_ip>
[MASK=<subnet>]
You must specify local and remote IP addresses to be used for the CCM
and client ends of the PPP connection respectively. You are prompted to confi rm or cancel the changes. Enter Y to confi rm or N to cancel.
3. To disable a PPP server, issue a S erver PPP command with the Disable parameter.
SERVER PPP DISABLE
Chapter 3: Operations 23
For more information, see Show Server CLI command and Server PPP command in Chapter 5.
To display PPP confi guration information:
Issue a Show Server PPP command. SHOW SERVER PPP
For more information, see Show Server PPP command in Chapter 5.
Connecting to devices using SSH
The CCM supports version 2 of the SSH protocol (SSH2). The CCM SSH server operates on the standard SSH port 22. The shell for this connection provides a CLI prompt as if you had established a Telnet connection on port 23. The shell request for this connection is for CLI access.
Additional CCM SSH servers operate on TCP ports that are numbered with values 100 greater than the standard 30xx Telnet ports for the CCM. For example, if port 7 is configured for Telnet access on port 3007, then port 3107 will be a direct SSH connection for port 7. When SSH is enabled, Telnet port 23 connections will be accepted from other clients if the Server Security command includes Encrypt=SSH,None. Connecting to Telnet port 23 may be
tunneled via a connection to SSH port 22.
SSH server keys
When SSH is enabled for the first time, the CCM generates an SSH server key. The key generation process may take up to ten minutes. The key is computed at random and is stored in the CCM configuration database.
In most cases, the SSH server key should not be modified because most SSH clients will associate the key with the IP address of the CCM. During the first connection to a new SSH server, the client will display the fingerprint of the SSH server key and prompt you to indicate if you wish to store it on the SSH client. After the first connection, most SSH clients will validate the key when connecting to the CCM. This provides an extra layer of security because the SSH client can verify the key sent by the server each time it connects.
If you disable SSH and later reenable it, you may either use the existing server key or compute a new one. If you are reenabling the same server at the same IP address, it is recommended that you use the existing key, as SSH clients may be using it for verification. If you are moving the CCM to another location and changing the IP address, you may wish to generate a new SSH server key.
24 CCM840/1640 Installer/User Guide
Authenticating an SSH user
SSH is enabled and disabled with the Server SSH command. When you enable SSH, you may specify the authentication method(s) that will be used for SSH connections. The method may be a password, an SSH key or both. A users password and SSH key are specified with a User Add or User Set command. All SSH keys must be RSA keys. DSA keys are not supported.
The following table lists and describes the valid SSH authentication methods that may be specified with a Server SSH command.
SSH Authentication Methods
Method Description
PW (default) SSH connections will be authenticated with a username/
KEY SSH connections will be authenticated with an SSH key. With this
PW|KEY or KEY|PW SSH connections will be authenticated with either a username/
password. With this method, a user’s defi nition must include a valid password in order for that user to authenticate an SSH session. A password may authenticate to a RADIUS server or to the local user database.
method, a user’s defi nition must include valid SSH key information in order for that user to authenticate an SSH session. Key authentication is always local; RADIUS is not supported. For more information, see SSH user keys in this chapter.
password or an SSH key. If a user has only a password defi ned, that user must authenticate an SSH session with a username/password. If a user has only an SSH key defi ned, that user must authenticate an SSH session using the key. If a user has both a password and an SSH key defi ned, that user may use either a username/password or the SSH key to authenticate an SSH session. This method allows the CCM administrator to defi ne how each user will authenticate an SSH session based on information provided in the User Add/Set command.
PW authentication will be local or RADIUS as specifi ed in the Auth parameter of the Server Security command. Key authentication is always local.
PW&KEY or KEY&PW SSH connections will be authenticated using both a username/
password and an SSH key. With this method, a user’s defi nition must include a password and SSH key information for that user to authenticate an SSH session.
PW authentication will be local or RADIUS as specifi ed in the Auth parameter of the Server Security command. Key authentication is always local.
A users access rights are determined from the authentication method used. SSH key authentication always uses the access rights from the local user database. Depending on the server authentication mode specified with the
Chapter 3: Operations 25
Server Security command, SSH password authentication will use either the access rights from the local user database or the values returned by the RADIUS server.
With either of the or methods (PW|KEY and KEY|PW), the user access rights are determined from the method used to authenticate the user.
With either of the and methods (PW&KEY and KEY&PW), the user access rights are determined from the first method specified. If PW&KEY is specified, the access rights from the password authentication will be used. If KEY&PW is specified, the access rights from the key authentication will be used.
For more information, see Using Authentication Modes in this chapter.
SSH user keys
A users SSH key is specified in a User Add or User Set command. You may define a key even if SSH is not currently enabled. The key may be specified in one of two ways:
When using the SSHKEY and FTPIP keyword pair to de ne the network location of a users SSH key fi le, the SSHKEY parameter specifi es the name of the uuencoded (UNIX to UNIX encoded) public key fi le on an FTP server. The maximum fi le size that can be received is 4K bytes. The FTPIP parameter specifi es the FTP servers IP address.
When this method is specifi ed, the CCM initiates an FTP client request to
the specifi ed IP address. The CCM then prompts the user for an FTP user- name and password for connection. When connected, the CCM will GET the specifi ed key fi le and the FTP connection will be closed. The CCM then stores the SSH key with the username in the CCM user database.
When using the KEY keyword to specify the SSH key, the KEY param- eter specifi es the act ual uuenc oded SSH key. This is for c onfi gurations that do not implement an FTP server. The CCM st ores t he spec ifi ed key in the CCM user database.
The CCM processes a uuencoded SSH2 public key file with the format described in the IETF document draft-ietf-secshpublickeyfile-02. The key must follow all format requirements. The UNIX ssh-keygen2 generates this file format. The CCM also processes a uuencoded SSH1 public key file. The UNIX ssh-keygen generates this file format.
You may also generate SSH user keys via AVWorks. See the AVWorks Installer/ User Guide.
26 CCM840/1640 Installer/User Guide
To enable SSH session access to the CCM:
1. Issue a Show Server Security command to ensure that you are using an authentication method other than None.
SHOW SERVER SECURITY
2. Issue a Server SSH command with the Enable parameter. You may also specify an authentication method.
SERVER SSH ENABLE AUTH=<auth> If an authentication method is not specifi ed, the previous authentication
parameter will be used. The default value is AUTH=PW.
3. If you are enabling SSH for the fi rst time, you are advised that all other CCM sessions will be terminated. Enter Y to continue or N to cancel.
4. If you are reenabling SSH, you are prompted to use the existing SSH server key or generate a new key. Enter Y to use the existing key or N to generate a new key.
For more information, see Server SSH command in Chapter 5.
To disable SSH session access to the CCM:
Issue a Server SSH command with the Disable parameter. SERVER SSH DISABLE When SSH is disabled, the CCM operates in plain text mode.
To display SSH information:
Issue a Show Server Security command. SHOW SERVER SECURITY If SSH is enabled, the display will include SSH2. Regardless of whether SSH is
enabled, the display will indicate the authentication method that was specifi ed with the Server SSH command.
Enabling plain text Telnet and SSH connections
Plain text (non-encrypted) Telnet connections are enabled by default. If you enable SSH connections using the Server Security command and the
Encrypt=SSH parameter, plain text Telnet connections will be disabled. However, if you enable SSH connections with the Server SSH command, both plain text and SSH connections will be allowed.
Chapter 3: Operations 27
To enable both Telnet and SSH connections:
Issue a Server Security command, indicating Encrypt=SSH,None.
Telnet CLI mode
While you are connected to an attached serial device, you may enter CLI mode and enter CCM commands.
To enter or exit CLI mode when connected to a serial device:
1. To enter CLI mode, type the CLI access character, which is Ctrl-D by default. At the CLI prompt (>), you may enter CCM commands.
2. To exit CLI mode and return to the session with the attached device, issue a Resume command.
RESUME For more information, see Resume Command in Chapter 5.
To change the CLI access character:
Issue a Server CLI command or a Port Set command, using the Char parameter to specify the CLI access character.
SERVER CLI CHAR=^<char>
- or ­PORT SET CHAR=^<char>
If you issue a Port Set command with Char=None, then the CLI access character specified in the Server CLI command will be used. The Port Set command may be used to override the Server CLI access character on a per-port basis. For more information, see Server CLI command and Port Set command in Chapter 5.
To display CLI access character information:
Issue a Show Server CLI command. SHOW SERVER CLI
For more information, see Show Server CLI command in Chapter 5.
Ending device sessions
To end your device session:
Enter CLI mode and issue a Quit command or a User Logout command. QUIT
28 CCM840/1640 Installer/User Guide
- or ­If you initiated the device session with a Connect command, enter CLI mode
and issue a Disconnect command. DISCONNECT
- or ­Allow the port to time-out due to inactivity. In this case, a notification message is issued and the serial CLI session returns to CLI mode. This time-out may occur while you are in CLI mode.
- or ­For modem connections, if a carrier drop occurs, the serial CLI session is automatically logged off.
Session time-outs
The CCM monitors data traffic when you are connected to an attached serial device. You may specify a time-out value with the Server CLI command. You may also specify a time-out value for each port with the Port Set command. When no data is received from the connected user for the configured number of minutes, the connection is terminated.
The following time-out values are used:
For a Telnet session, the Server CLI time-out value is used.
For a serial port session, if the port’s confi gured time-out value is Ø, the Server CLI time-out value is used, even if it is also Ø.
For a serial port session, if the port’s con gured time-out value is non-Ø,
that value is used.
Managing User Accounts
The CCM user database may store information for up to 64 user accounts.
To add a user:
Issue a User Add command. USER ADD <username> [PASSWORD=<pwd>] [SSHKEY=<key le>]
[FTPIP=<ftpadd>] [KEY=<sshkey>] [ACCESS=<access>]
You must specify a username. You must also specify a password or SSH user key information, or you may specify both. You may also include an access level or access rights. For more information, see Connecting to devices using SSH and Access rights and levels in this chapter and User Add command in Chapter 5.
Chapter 3: Operations 29
To change a users confi guration information:
Issue a User Set command. USER SET <username> [PASSWORD=<pwd>] [SSHKEY=<key le>]
[FTPIP=<ftpadd>] [KEY=<sshkey>] [ACCESS=<access>]
You may change your own password at any time. You must have USER access rights to change another users password or to change any users SSH user key information and access rights.
To remove an SSH user key or password, specify Key=“” or Password=“”. You cannot remove both the password and the SSH key from a users definition; one must remain in the user database. Also, you cannot remove a users key or password if that removal would result in no valid users having USER access rights.
For more information, see Connecting to devices using SSH and Access rights and levels in this chapter and User Set command in Chapter 5.
To end another users CCM session:
Issue a User Logout command. USER LOGOUT <username> A message is sent and the Telnet or SSH connection is dropped. For more
information, see User Logout command in Chapter 5.
To delete a user:
Issue a User Delete command. USER DELETE <username>
If the specified user is currently logged in, a message is sent to the user indicating that access is no longer permitted, and the users Telnet session is terminated. For more information, see User Delete command in Chapter 5.
To display user confi guration information:
1. To display information about one user, issue a Show User command, specifying the username.
SHOW USER <username>
2. To display information about all users, issue a Show User command with the All parameter.
SHOW USER ALL
30 CCM840/1640 Installer/User Guide
For more information, see Show User command in Chapter 5.
Access rights and levels
Most CCM commands require the user to have access rights to use the commands. The access rights for each CCM command are listed in Chapter 4. The following table describes the access rights a user may be given.
Access Rights
Access Right Description
PCON The Port Confi guration access right should be given to users who
SCON The Server Confi guration access right should be given to users
SMON The Server Monitor access right should be given to users who need
USER The User access right should be given to users who need to modify
BREAK The Break access right allows users to send a serial break sequence
P The Port access right gives users access to one or more serial ports.
must modify port settings. Grant PCON access rights only to users who need to issue the Port Set command.
who must change the CCM confi gurations, including setting the IP address and updating the CCM program load in FLASH. Grant SCON access only to users who need to administer the CCM.
to view CCM status and monitor serial port activity. Grant SMON access only to users who need to assist other users in accessing attached serial devices.
the user database. Grant USER access only to users who must add, change or delete user accounts. At least one user must have USER access rights; otherwise, the user database cannot be changed.
to the attached serial device. On certain devices, this sequence has a special meaning. Grant BREAK access only to users who need to use the Port Break command.
This confers the right to access that serial port and connect to the attached serial device. You may grant Port access rights to specifi c ports (Pn), a range of ports (Px-y) or all ports (PALL).
The Admin user is preconfigured in the user database with all access rights.
Access levels
When you specify a users access rights, you may either specify the individual rights or you may use a shortcut that specifies an access level. The APPLIANCEADMIN and ADMIN levels (which are used in AVWorks in lieu of individual specifications other than port access rights) are equivalent to the following individual specifications:
The APPLIANCEADMIN level is equivalent to PALL, USER, SCON, SMON, PCON and BREAK.
The ADMIN level is equivalent to PALL, USER, SMON, PCON and BREAK.
Chapter 3: Operations 31
A users access level may be used for preemption. For example, assume User A is connected to a port. User B tries to connect to the same port. If User B has an access level equal to or greater than User As access level, then User B will be given the option of preempting User A.
To manage a users access rights/level:
1. To confi gure a users access rights/level, issue a User Add command, using the Access parameter to specify the rights or a level.
USER ADD <username> ACCESS=<access>
2. To change a users access rights/level, issue a User Set command, using the Access parameter to specify the rights or a level.
USER SET <username> ACCESS=<access>
3. To display the access rights and level for one or all users, issue a Show User command.
SHOW USER <username>|ALL For more information, see Managing Users in this chapter, plus User Add
command, User Set command and Show User command in Chapter 5.
Using Authentication Modes
The CCM supports several methods for authenticating users: RADIUS, local and none. Multiple connection and authentication methods may operate concurrently. By default, authentication is done at the local CCM user database.
Local authentication
Local authentication uses the CCM internal user database to authenticate users.
RADIUS authentication
RADIUS authentication uses an external third-party RADIUS server containing a user database to authenticate CCM users. The CCM, functioning as a RADIUS client, sends usernames and passwords to the RADIUS server. If a username and password do not agree with equivalent information on the RADIUS server, the CCM is informed and the user is denied CCM access. If the username and password are successfully validated on the RADIUS server, the RADIUS server returns an attribute that indicates the access rights defined for that username.
To use RADIUS authentication, you must specify information about the primary RADIUS server and optionally, a secondary RADIUS server to be used as a backup.
32 CCM840/1640 Installer/User Guide
The RADIUS server definition values specified in CCM commands must match corresponding values configured on the RADIUS server. On the RADIUS server, you must include CCM-specific information: the list of valid users and their access rights for the CCM. Each user-rights attribute in the RADIUS servers dictionary must be specified as a string containing the users access rights for the CCM, exactly matching the syntax used in the CCM User Add command.
Consult your RADIUS administrators manual for information about specifying users and their attributes. The exact process depends on the RADIUS server you are using.
No authentication
When authentication is disabled, users are not authenticated. Telnet sessions to serial ports are accepted immediately, and users are not prompted for a username or password. In this case, users are granted access only to the port to which they are connected, including Break access.
Connections to the Telnet port (23), serial CLI and PPP are still authenticated, even when authentication is expressly disabled. Generally, these communications paths are used only by administrators, and authentication is enforced in order to establish appropriate access rights.
Authentication may not be disabled when SSH session access is enabled.
Authentication summary
The CCM allows concurrent use of multiple authentication modes. This allows Telnet and SSH clients to all access a single CCM as long as the appropriate values are enabled.
You may optionally specify both RADIUS and local authentication, in either order. In this case, authentication will be attempted initially on the first method specified. If that fails, the second method will be used for authentication.
For example, if you enable local and RADIUS authentication (in that order), authentication uses the CCM user database. If that fails, authentication goes to the defined RADIUS servers. If you enable RADIUS and local authentication (in that order), authentication goes first to the defined RADIUS servers. If that fails, the local user database is used.
To specify the authentication mode:
1. For RADIUS authentication, issue a Server RADIUS command. SERVER RADIUS PRIMARY|SECONDARY IP=<radius_ip>
SECRET=<secret> USER-RIGHTS=<attr> [AUTHPORT=<udp>] [TIMEOUT=<time-out>] [RETRIES=<retry>]
Chapter 3: Operations 33
You must specify the servers IP address, the UDP port to be used and a
secret to be used. You must also specify a user-rights attribute value that matches a value in the RADIUS servers dictionary.
You may also use this command to delete a RADIUS server defi nition. SERVER RADIUS PRIMARY|SECONDARY DELETE
For more information, see Server RADIUS command in Chapter 5.
2. Issue a Server Security command, using the Authentication parameter to specify the authentication mode. Use the Encrypt parameter to enable plain text Telnet connections, SSH connections or both.
SERVER SECURITY AUTHENTICATION=<auth_mode>
ENCRYPT=<conns>
3. You are prompted to sav e the information. Enter Y to co n fi rm or N to cancel.
To display authentication confi guration information:
1. Issue a Show Server Security command.
SHOW SERVER SECURITY The display includes the current CCM authentication settings that were
confi gured with the Server Security command. If SSH access has been enabled, the display indicates SSH2. Regardless of whether SSH is enabled, the display includes the authentication method specifi ed with the Server SSH command.
2. To display CCM RADIUS settings that were confi gured with the Server RADIUS command, issue a Show Server RADIUS command.
SHOW SERVER RADIUS For more information, see Server Security command, Show Server Security
command and Show Server RADIUS command in Chapter 5, plus Connecting to devices using SSH and Enabling plain text Telnet and SSH connections in
this chapter.
Using Security Lock-out
When the Security Lock-out feature is enabled, a user will be locked-out after five consecutive authentication failures. A successful authentication will reset the counter to zero. You may configure a lock-out period of from 1-99 hours. Specifying a lock-out period of Ø disables the feature; that is, users will not be locked-out.
34 CCM840/1640 Installer/User Guide
A locked-out user will remain locked-out until the specified time elapses, the CCM is power-cycled or the user is unlocked by an administrator with the User Unlock command.
A user with the ADMIN access level may unlock all users except a user with the APPLIANCEADMIN level. A user with the APPLIANCEADMIN level may unlock all users.
To enable or disable Security Lock-out:
1. To enable Security Lock-out, issue a Server Security command, using the Lockout parameter with a value between 1-99.
2. To disable Security Lock-out, issue a Server Security command, using the Lockout=Ø parameter.
To unlock a locked-out user:
Issue a User Unlock command with the username.
Managing the Port History Buffer
Each CCM serial port has a circular history buffer that contains the latest 64K bytes of data received from the attached serial device. This information may be helpful in analyzing attached device anomalies.
The history buffer begins filling with received data upon completion of CCM initialization, even if no user is connected. When you connect to a serial port, the data that was received from the attached serial device prior to the connection is available in the buffer. Once online, new data continues to be stored in the buffer. You may choose whether to display the history buffers content automatically when you connect and whether to keep or discard the history buffers content at the end of a session.
When more than 64K bytes of data are sent to the history buffer, data at the top of the buffer is discarded to make room for the new data. As a result, the buffer always contains the most recent 64K bytes of port history.
Using port history mode commands
Once you issue a Port History command to enter port history mode, you may issue the commands listed in the following table. Only the first letter of the command is required.
Chapter 3: Operations 35
Port History Mode Commands
Command Description Bottom B sets the view location to the bottom of the le minus 23 history
display lines, if available.
Clear C clears the port history buffer. Next N increments the current history display line by the number of lines
per page and outputs a new history display page.
Prev P decrements the current history display line by the number of lines
per page and outputs a new history display page.
Quit Q returns to the normal CLI. Resume R leaves port history mode and CLI mode and resumes the session
with the attached serial device. This single command is equivalent to sequentially using the Quit and Resume commands.
Search S searches the port history buffer for a specifi ed text string. Search
strings with embedded spaces must be enclosed in quotes. By default, the search is case sensitive. To ignore case, enter -i before
the string. To specify direction, type line toward the top of the buffer or line toward the bottom of the buffer. The search direction remains in effect for subsequent searches until you change the search direction.
If the string is found, the current history display line is set to the line containing the string, and the CCM outputs a history display page. If the string is not found, an error message is displayed, no other information is output and the current history display line is not changed.
Entering the Search command with no parameters searches again for the previous string in the same direction as the previous search.
Top T sets the current history display line to one and outputs a history
display page.
-u to search up from the current
-d to search down from the current
The following examples assume the user is in port history mode. The following command searches the history buffer in the upward direction
for the string Abort Process.
PORT HISTORY> s -u “Abort Process”
The following command searches the history buffer for the string Process, ignoring case.
PORT HISTORY> s -i Process
For more information, see Server CLI command and Port History command in Chapter 5.
36 CCM840/1640 Installer/User Guide
To access port history mode:
Issue a Port History command. PORT HISTORY
The PORT HISTORY > prompt appears.
To control the port history buffer display when you connect:
Issue a Server CLI command, using the History parameter to specify the Hold or Auto option:
SERVER CLI HISTORY=HOLD|AUTO
If Hold is speci ed, the number of bytes in the history buffer is displayed, but none of the history data is output. In this case, you must access the CLI and use the Port History command to view the ports history buffer content. This is the default mode.
If Auto is speci ed, the number of bytes in the history buffer is displayed and the entire content of the buffer is output to the Telnet session. In this mode, the history buffers content may be reviewed in the Telnet clients scrolling window. You may also use the Port History command to view the
ports history buffer content.
To control the port history buffer content when you end a session:
Issue a Server CLI command, using the History parameter to specify the Clear or Keep option:
SERVER CLI HISTORY=CLEAR|KEEP
If Clear is speci ed, the port history buffer is cleared and all data is discarded at the end of a session.
If Keep is speci ed, the port history buffers content is retained at the end of a session.
To clear and discard all data in a port history buffer:
Issue a Clear command while you are in port history mode. CLEAR
- or -
Issue a Server CLI command, indicating History=Clear. SERVER CLI HISTORY=CLEAR In this case, the ports history buffer is cleared at the end of each device session.
Chapter 3: Operations 37
Managing the CCM Using SNMP
The CCM provides a set of commands that create and manage SNMP structures for use by third-party network management products. These commands cover the following operations:
Enabling and disabling SNMP UDP port 161 SNMP processing
De ning read, write and trap community names
De ning and deleting up to four SNMP management entity IP addresses
Enabling and disabling SNMP traps
De ning and deleting up to four trap destination IP addresses
De ning, copying and deleting up to ten alert strings for each port
SNMP is disabled by default.
To enable or disable SNMP processing:
1. To enable SNMP processing, issue a Server SNMP command with the Enable parameter. This is the default setting.
SERVER SNMP ENABLE
2. To disable SNMP processing, issue a Server SNMP command with the Disable parameter.
SERVER SNMP DISABLE For more information, see Server SNMP command in Chapter 5.
To specify SNMP community names:
Issue a Server SNMP Community command, using the Readcomm, Writecomm and Trapcomm parameters to specify community names.
NOTE: The default community names are public; if you enable SNMP, you are encouraged to change the community values to prevent access to the MIB.
SERVER SNMP COMMUNITY READCOMM=<name>
WRITECOMM=<name> TRAPCOMM=<name>
Although all three community names default to public, if you specify a trap community name with this command, it must be different from the read and write community names.
For more information, see Server SNMP Community command in Chapter 5.
38 CCM840/1640 Installer/User Guide
To add or delete SNMP management entity addresses:
1. To add an SNMP management entity address, issue a Server SNMP Manager command with the Add parameter and the management entitys IP address. You may defi ne up to four SNMP management entity addresses, using separate commands.
SERVER SNMP MANAGER ADD <ip_address> When you defi ne at least one SNMP manager , SNMP requests are processed
if they are from one of the defi ned SNMP managers. If a request is not from one of the defi ned SNMP managers, the SNMP request is discarded.
2. To delete an SNMP management entity address, issue a Server SNMP Manager command with the Delete parameter and the management entitys IP address.
SERVER SNMP MANAGER DELETE <ip_address> If no management entities are defined, any SNMP manager may access the
MIB. For more information, see Server SNMP Manager command in Chapter 5.
To enable or disable SNMP traps:
1. To enable SNMP traps, issue a Server SNMP Trap command with the Enable parameter.
SERVER SNMP TRAP ENABLE The CCM will display a numbered list of traps that are currently disabled
with a prompt requesting you to select trap(s) to enable. Indicate the traps to be enabled by entering a traps list number, several numbers separated by commas, a range of numbers separated by a dash or a combination of numbers with commas and dashes. To enable all traps, type ALL. To cancel the command, press Enter.
- or ­To enable all SNMP traps, issue a Server SNMP Trap command with the Enable and All parameters. In this case, the numbered list is not displayed.
SERVER SNMP TRAP ENABLE ALL
2. To disable SNMP traps, issue a Server SNMP Trap command with the Disable parameter.
SERVER SNMP TRAP DISABLE The CCM will display a numbered list of traps that are currently enabled
with a prompt requesting you to select trap(s) to disable. Indicate the traps to be disabled by entering a traps list number, several numbers separated by commas, a range of numbers separated by a dash or a combination of numbers with commas and dashes. To disable all traps, type ALL. To cancel the command, press Enter.
Chapter 3: Operations 39
- or ­To disable all SNMP traps, issue a Server SNMP Trap command with the
Disable and All parameters. In this case, the numbered list is not displayed. SERVER SNMP TRAP DISABLE ALL For more information, see Server SNMP Trap command in Chapter 5. The
Equinox web site www.equinox.com/support describes the supported traps.
To add or delete SNMP trap destination addresses:
1. To add an SNMP t rap dest ination address, issue a S erver S NMP Trap
Destination command with t he Add parameter and the dest inations
IP address. You may defi ne up t o four dest ination addresses, using
separate commands. SERVER SNMP TRAP DESTINATION ADD <ip_address>
2. To delete an S NM P t rap dest ination address, issue a S erver SNM P Trap
Destination command with t he Delet e paramet er and t he dest inations
IP address. SERVER SNMP TRAP DESTINATION DELETE <ip_address> For more information, see Server SNMP Trap Destination command in Chapter 5.
To add, copy or delete port alert strings:
1. To add a port alert string, issue a Port Alert Add command, specifying the
port number and a 3-32 character string. You may defi ne up to ten strings
for each port, using separate commands. The alert string will only generate
a trap if the portAlert trap is enabled with a Server SNMP Trap command. PORT <port> ALERT ADD <string>
2. To delete a port alert string, issue a Port Alert Delete command, specifying
a port number. PORT <port> ALERT DELETE
The CCM displays a numbered list of alert strings that have been defi ned
for the specifi ed port with a prompt requesting you to select alert string(s)
to delete. Indicate the alert strings to be deleted by entering an alert
strings list number, several numbers separated by commas, a range of
numbers separated by a dash or a combination of numbers with commas
and dashes. To delete all alert strings, type ALL. To cancel the command,
press Enter.
3. To copy the defi ned alert strings from one port to another port, issue a Port
Alert Copy command, specifying the port numbers to be copied to and from. PORT <to_port> ALERT COPY <from_port>
40 CCM840/1640 Installer/User Guide
At the confi rmation prompt, press Y to confi rm or N to cancel. When the
copy operation occurs, all previously defi ned strings on the port to which you are copying will be replaced.
For more information, see Port Alert Add command, Port Alert Copy command and Port Alert Delete command in Chapter 5.
To display SNMP confi guration information:
Issue a Show Server SNMP command. SHOW SERVER SNMP
The display includes information specified with the Server SNMP, Server SNMP Community, Server SNMP Manager, Server SNMP Trap and Server SNMP Trap Destination commands.
For more information, see Show Server SNMP command in Chapter 5.
To display port alert string information:
Issue a Show Port Alert command, specifying a port number. SHOW PORT <port> ALERT
The display lists all the ports defined alert strings. For more information, see Show Port Alert command in Chapter 5.
4
Using CCM Commands
Contents
Accessing the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Entering Commands . . . . . . . . . . . . . . . . . . . . . . . . 43
Understanding Conventions . . . . . . . . . . . . . . . . . . 44
Command Summary . . . . . . . . . . . . . . . . . . . . . . . . 46
Chapter 4: Using CCM Commands 43
Chapter 4: Using CCM Commands
Accessing the CLI
You may access the CLI in three ways: using the Telnet CLI, using the serial CLI or entering the CLI access character during a session to a serial device. When the CLI is accessed, its prompt appears (>), indicating you may type a command.
Entering Commands
At the command prompt, type a command and then press Return or Enter. When the key is pressed, the command line comprises all characters to the left of the cursor. The character at the cursor and any characters to the right of the cursor are ignored. The following table lists the line editing operations for VT100 compatible devices.
Line Editing Operations for VT100 Compatible Devices
Operation Action Backspace The character immediately before the cursor is erased and all text at
and to the right of the cursor moves one character to the left.
Left Arrow If the cursor is not at the beginning of the line, the cursor moves one
character to the left. If the cursor is at the beginning of the line, no action is taken.
Right Arrow If the cursor is not at the end of the line, the cursor moves one
character to the right. If the cursor is at the end of the line, no action is taken.
Up Arrow The CLI maintains a buffer containing the last 16 typed command
lines. If there is a previous command line, it will be output as the current command line and may be edited. If there is no previous command line in the command line buffer, the command line is set to blanks and you may enter a new command.
Down Arrow The next command in the CLI command line buffer is made available
for edit. If there is no next command line, the command line is set to blanks and you may enter a new command.
Delete The character at the cursor position is deleted and all characters to
the right of the cursor position are moved left one character.
The following table lists the line editing operations for ASCII TTY devices. There is no command line buffer available on an ASCII TTY device.
Line Editing Operations for ASCII TTY Devices
Operation Action Backspace Erases the last character typed. Esc Erases the current command line.
44 CCM840/1640 Installer/User Guide
When commands take effect
Each command is completely processed before the next command may be entered. Some commands prompt for confirmation before they are processed. In these cases, you must confirm or cancel by entering Y or N respectively.
If you enter a Server FLASH command or if you change the CCM IP address with a Server Set command, a CCM reboot is required before the change becomes effective. In these cases, the CCM database is updated when you enter the command and you are prompted that the change will not take effect until the CCM reboots. You may choose to reboot at that time, or you may decline. When the CCM reboots, your session and all other sessions on the CCM are terminated.
Understanding Conventions
This section describes the parts of a CCM command and the conventions used in this document to describe a commands syntax.
Command syntax
A command may have four types of syntax: positional commands, positional parameters, keyword parameters and keyword values. The following examples demonstrate the syntax types.
The following Set Port command changes the baud rate and flow control settings for port 2.
> PORT 2 SET BAUD=57600 FLOW=XONXOF
Command Syntax Types in Example Command
Value Syntax
PORT Positional command. 2 Positional parameter that indicates the port number for the command. SET Positional command that indicates port settings are to be changed. BAUD Keyword parameter, which is always followed by an equal (=) sign. 57600 Keyword value indicating the baud rate value for the BAUD
keyword parameter. FLOW Keyword parameter, which is always followed by an equal (=) sign. XONXOF Keyword value.
Not every command will contain all syntax types. For example, the following command reboots the CCM.
>SERVER REBOOT
Chapter 4: Using CCM Commands 45
In this case, both SERVER and REBOOT are positional commands. In most cases, one or more spaces separate positional commands, positional
parameters and keyword parameters. For most positional commands, positional parameters or keyword parameters,
you only need to enter the first three characters. The exceptions are:
When you specify a terminal type with the Type parameter in the Server CLI command, you must enter all characters.
When you specify an authentication method with the Auth parameter in the Server SSH command, you must enter all characters.
When you specify control signal monitoring with the Power parameter in the Port Set command, you must enter all characters.
With the exception of usernames and passwords, commands are not case sensitive; they may be entered in uppercase, lowercase or a combination. For example, all of the following commands are correct.
> PORT 2 SET BAUD=57600 FLOW=XON > POR 2 SET BAU=57600 FLOW=XON > por 2 Set Baud=57600 flow=xon > port 2 set baud=57600 flow=xon
NOTE: Usernames and passwords are case sensitive. These values are stored exactly as you enter them. For example, the username “Ann” must be entered with an uppercase “A” and all other letters lowercase. The username ANN will not be accepted by the CCM as the username Ann. Usernames and passwords must contain 3-16 alphanumeric characters.
Any syntax errors are displayed, and where applicable, the error is underlined. In the following example, the keyword parameter baud is misspelled. Even if
more than three characters are entered, they must all be correct.
> port 2 Set Baux=57600 flow=xon
---­ERR 26 - SET keyword parameter invalid
In the following example, the keyword value 576 is not valid. Numeric keyword values must be fully specified and may not be shortened to three characters.
> POR 2 SET BAUD=576 FLOW=XON
--­ERR 27 - SET keyword value invalid
46 CCM840/1640 Installer/User Guide
In the following example, there are spaces between BAUD, the equal sign and the value 57600. Spaces are not permitted between keyword parameters and their values.
> POR 2 SET BAUD = 57600 FLOW=XON
-----------­ERR 26 - SET keyword parameter invalid
Syntax conventions
This manual uses the following command syntax conventions:
Brackets [ ] surround optional keywords and values.
Angle brackets < > surround user-supplied positional parameters and
keyword parameter values.
In most cases, choices are separated by a vertical bar |. The description indicates if you may specify more than one of the choices and how to separate multiple values. The exception is the Server SSH command. In this case, the vertical bar is specifi ed on the command line when you enable the password or key method (PW|KEY) or the key or password method (KEY|PW).
Command Summary
The following table lists the CCM commands, including a brief description plus the required access rights and level.
CCM Command Summary
Command Description, Access Right and Access Level
Connect Accesses devices from the serial CLI port.
Access right: port-specifi c Access level: ADMIN or APPLIANCEADMIN **
Disconnect Ends a device session initiated with Connect command.
Access right: port-specifi c Access level: ADMIN or APPLIANCEADMIN **
Help Displays information about commands.
Access right: none needed Access level: all
Port Alert Add Adds a port alert string.
Access right: SCON or PCON Access level: ADMIN or APPLIANCEADMIN
Port Alert Copy Copies a ports alert strings to another port.
Access right: SCON or PCON Access level: ADMIN or APPLIANCEADMIN
** Users who do not have the ADMIN or APPLIANCEADMIN level must have the appropriate port access confi gured to issue this command.
Chapter 4: Using CCM Commands 47
CCM Command Summary (Continued)
Command Description, Access Right and Access Level
Port Alert Delete Deletes one or more port alert strings.
Access right: SCON or PCON Access level: ADMIN or APPLIANCEADMIN
Port Break Sends a break signal to the attached device.
Access right: BREAK Access level: ADMIN or APPLIANCEADMIN
Port History Accesses the port history buffer.
Access right: none needed Access level: all
Port Logout Terminates the CCM session on a specifi ed port.
Access right: USER Access level: ADMIN or APPLIANCEADMIN
Port Set Changes port settings.
Access right: SCON or PCON Access level: ADMIN or APPLIANCEADMIN
Quit Terminates the current CCM session.
Access right: none needed Access level: all
Resume Resumes device connection after being in CLI mode.
Access right: none needed Access level: all
Server CLI Specifi es the serial CLI port, port type and access
character; enables/disables device connection from the CLI port; specifi es a modem initialization string; specifi es port history mode operations and a port time-out value. Access right: SCON Access level: APPLIANCEADMIN
Server FLASH Updates the CCM FLASH.
Access right: SCON Access level: APPLIANCEADMIN
Server PPP Enables/disables a PPP server on the serial CLI port.
Access right: SCON Access level: APPLIANCEADMIN
Server RADIUS Specifi es RADIUS server parameters.
Access right: SCON Access level: APPLIANCEADMIN
Server Reboot Reboots the CCM.
Access right: SCON Access level: APPLIANCEADMIN
Server Security Specifi es user authentication mode, allowed access
methods and security lock-out. Access right: SCON Access level: APPLIANCEADMIN
48 CCM840/1640 Installer/User Guide
CCM Command Summary (Continued)
Command Description, Access Right and Access Level
Server Set Changes CCM addresses.
Server SNMP Enables/disables UDP port 161 SNMP processing.
Server SNMP Community Defi nes read, write and trap SNMP community strings.
Server SNMP Manager Defi nes/deletes SNMP management entities.
Server SNMP Trap Enables/disables SNMP traps.
Server SNMP Trap Destination Defi nes/deletes destinations for enabled SNMP traps.
Server SSH Enables/disables SSH session access to the CCM and
Show Port Displays port c o n fi guration information and statistics.
Show Port Alert Displays a ports alert strings.
Show Server Displays CCM confi guration, statistics and session information.
Show Server CLI Displays information specifi ed with the Server CLI command.
Show Server PPP Displays PPP settings.
Show Server RADIUS Displays RADIUS settings.
Show Server Security Displays authentication, encryption and lock-out settings.
Access right: SCON Access level: APPLIANCEADMIN
Access right: SCON Access level: APPLIANCEADMIN
Access right: SCON Access level: APPLIANCEADMIN
Access right: SCON Access level: APPLIANCEADMIN
Access right: SCON Access level: APPLIANCEADMIN
Access right: SCON Access level: APPLIANCEADMIN
specifi es the SSH authentication method. Access right: SCON Access level: APPLIANCEADMIN
Access right: SMON Access level: ADMIN or APPLIANCEADMIN
Access right: SMON Access level: ADMIN or APPLIANCEADMIN
Access right: SMON Access level: ADMIN or APPLIANCEADMIN
Access right: SMON Access level: ADMIN or APPLIANCEADMIN
Access right: SMON Access level: ADMIN or APPLIANCEADMIN
Access right: SMON Access level: ADMIN or APPLIANCEADMIN
Access right: SMON Access level: ADMIN or APPLIANCEADMIN
Chapter 4: Using CCM Commands 49
CCM Command Summary (Continued)
Command Description, Access Right and Access Level
Show Server SNMP Displays SNMP confi guration information.
Access right: SMON Access level: ADMIN or APPLIANCEADMIN
Show User Displays user confi guration and session information.
Access right: SMON
Access level: ADMIN or APPLIANCEADMIN SPC Reserved for future functionality. User Add Adds a new user.
Access right: USER
Access level: ADMIN or APPLIANCEADMIN User Delete Deletes a user.
Access right: USER
Access level: ADMIN or APPLIANCEADMIN User Logout Terminates a users session.
Access right: USER
Access level: ADMIN*** or APPLIANCEADMIN User Set Changes a users confi guration information.
Access right: USER
Access level: ADMIN or APPLIANCEADMIN User Unlock Unlocks a locked-out user.
Access right: USER
Access level: ADMIN*** or APPLIANCEADMIN ** Users who do not have the ADMIN or APPLIANCEADMIN level must have the appropriate
port access confi gured to issue this command. *** A user with ADMIN level may issue a User Logout or User Unlock command for users with any level other than APPLIANCEADMIN.
50 CCM840/1640 Installer/User Guide
5
CCM Commands
Contents
Connect Command . . . . . . . . . . . . . . . . . . . . . . . . . 53
Disconnect Command . . . . . . . . . . . . . . . . . . . . . . . 53
Help Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Port Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Quit Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Resume Command . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Server Commands . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Show Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
SPC Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
User Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Chapter 5: CCM Commands 53
Chapter 5: CCM Commands
Connect Command
The Connect command establishes a connection from the CCM serial CLI port to a device attached to another port on that CCM. If the specified port is already in use, you will receive an error message. To use this command, you must have previously issued a Server CLI command with the Connect=On parameter. For more information, see Connecting to Serial Devices in Chapter 3.
Access right: port-specific Access level: ADMIN, APPLIANCEADMIN or others with access to port
Syntax
CONNECT <port>
Connect Command Parameter
Parameter Description
<port> Port number in range 1-8 for a CCM840 or 1-16 for a CCM1640.
Example
The following command establishes a connection from the serial CLI port to port 6.
> connect 6
Disconnect Command
The Disconnect command terminates a session with a serial device that was previously initiated with a Connect command. This command frees the attached serial device and allows other users to access it.
Access right: port-specific Access level: ADMIN, APPLIANCEADMIN or others with access to port
Syntax
DISCONNECT
Help Command
The Help command displays information about CCM commands. Access right: none needed
Access level: none needed
Syntax
HELP [<command_name>]
54 CCM840/1640 Installer/User Guide
Help Command Parameter
Parameter Description
<command_name> Command name.
Examples
The following command displays information about the Show Server CLI command.
help sho ser cli
The following command displays a list of all commands.
help
Port Commands
The Port command has several forms, as listed in the following table.
Port Command Summary
Default: Displays list of all commands
Command Description
Port Alert Add Adds a port alert string to a specifi ed port. Port Alert Copy Copies port alert strings from one port to another port. Port Alert Delete Deletes one or more port alert strings from a specifi ed port. Port Break Sends a serial break signal to the attached device. Port History Accesses a port’s history mode. Port Logout Terminates the CCM session on a specifi ed port. Port Set Changes CCM serial port settings for one or all ports.
Port Alert Add command
The Port Alert Add command adds a port alert string to a specified port. Each port may have up to ten port alert strings. Duplicate strings are not allowed on the same port. To generate a trap, the Server SNMP Trap command must be issued to enable the portAlert trap. For more information, see Managing the CCM Using SNMP in Chapter 3.
Access right: SCON or PCON Access level: ADMIN or APPLIANCEADMIN
Syntax
PORT <port> ALERT ADD <string>
Chapter 5: CCM Commands 55
Port Alert Add Command Parameters
Parameter Description
<port> Port number in the range 1-8 for a CCM840 or 1-16 for a CCM1640. <string> 3-32 character string.
Port Alert Copy command
The Port Alert Copy command copies the alert strings from one port (from_port) to another (to_port). Any alert strings that were previously defined on the to_port will be deleted. When you enter this command, you are prompted to confirm or cancel the copy operation.
For more information, see Managing the CCM Using SNMP in Chapter 3. Access right: SCON or PCON
Access level: ADMIN or APPLIANCEADMIN
Syntax
PORT <to_port> ALERT COPY <from_port>
Port Alert Copy Command Parameters
Parameter Description
<to_port> Port number where alert strings will be copied, in the range 1-8 for a
CCM840 or 1-16 for a CCM1640.
<from_port> Port number from which alert strings will be copied, in the range 1-8
for a CCM840 or 1-16 for a CCM1640.
Example
The following command copies the alert strings defined on port 1 to port 7, replacing any previously-defined alert strings on port 7.
port 7 alert copy 1
Port Alert Delete command
The Port Alert Delete command deletes one or more alert strings from a port. When you issue this command, a numbered list of defined alert strings is displayed, from which you choose those to be deleted. You may enter one or more numbers separated by commas, a range of numbers separated by a hyphen or type ALL to specify all strings. Pressing Enter cancels the command.
For more information, see Managing the CCM Using SNMP in Chapter 3. Access right: SCON or PCON
Access level: ADMIN or APPLIANCEADMIN
56 CCM840/1640 Installer/User Guide
Syntax
PORT <port> ALERT DELETE
Port Alert Delete Command Parameter
Parameter Description
<port> Port number in the range 1-8 for a CCM840 or 1-16 for a CCM1640.
Example
The following command deletes defined alert strings from port 3.
> PORT 3 ALERT DELETE Alert-strings assigned to port 3:
1) The first alert string
2) The second alert string
3) The third alert string
4) The fourth alert string Select Alert-string(s) to delete>
The alert string numbers specified at the prompt will be deleted.
Port Break command
The Port Break command sends a serial break signal to the device to which you are attached.
Access right: BREAK Access level: ADMIN or APPLIANCEADMIN
Syntax
PORT BREAK
Port History command
The Port History command accesses a CCM serial ports history mode while you are attached to the port. When you are in history mode, the PORT HISTORY> prompt appears, and you may search the ports history buffer for specified strings.
For more information, see Managing the Port History Buffer in Chapter 3. Access right: none needed
Access level: all
Syntax
PORT HISTORY
Chapter 5: CCM Commands 57
When you are in port history mode, you may issue the following commands.
Port History Mode Commands
Command Description Bottom B sets the history view location to the bottom of the le minus 23
history display lines, if available.
Clear C clears the ports history buffer. Next N increments the current history display line by the number of lines
per page and a new history display page is output.
Prev P decrements the current history display line by the number of lines
per page and a new history display page is output.
Quit Q returns to the normal CLI. Resume R exits port history mode and CLI mode, and resumes the serial
session with the attached serial device.
Search S searches the port history buffer for a specifi ed string. Enclose
strings containing embedded spaces in quotes. To specify search direction, type -u (up) or -d (down). To ignore case, type -i.
Top T sets the current history display line to 1 and outputs a history
display page.
Examples
The following command accesses the serial ports history mode.
> port history
In history mode, the following command searches the history buffer in the downward direction for the string connected to, ignoring case.
PORT HISTORY > s -d -i “connected to”
Port Logout command
The Port Logout command terminates the CCM session on a specified port. Access right: USER
Access level: ADMIN or APPLIANCEADMIN
Syntax
PORT <port> LOGOUT
Port Logout Command Parameter
Parameter Description
<port> Port number in the range 1-8 for a CCM840 or 1-16 for a CCM1640.
58 CCM840/1640 Installer/User Guide
Port Set command
The Port Set command changes CCM port settings in the CCM configuration database. At least one keyword parameter and value must be specified. For more information, see Configuring Serial Port Settings in Chapter 3.
Access right: SCON or PCON Access level: ADMIN or APPLIANCEADMIN
Syntax
PORT [<port>|ALL] SET [TD=<device>] [NAME=<name>] [BAUD=<baud>] [SIZE=<size>] [PARITY=<parity>] [STOP=<stopbits>] [FLOW=<signal>] [TIMEOUT=<time-out>] [SOCKET=<socket>] [CHAR=^<cli_char>] [TOGGLE=NONE|DTR] [POWER=<signal>]
Port Set Command Parameters
Parameter Description
<port>|ALL Either a port number in range 1-8 for a CCM840 or 1-16 for a
TD=<device> Target device type. Valid values are Console and SPC. The SPC
NAME=<name> Port name, up to 32 characters. If the name contains spaces, enclose
BAUD=<baud> Baud rate. Valid values are:
SIZE=<size> Number of data bits per character. Valid values are 7 and 8.
PARITY=<parity> Parity. Valid values are:
STOP=<stopbits> Number of stop bits per character. Valid values are 1 and 2.
CCM1640, or All which indicates that the settings that follow should be applied to all ports. Default = port to which you are attached
value is reserved for future functionality. Default = Console
the name in double quotes. To return one or all port names to default values, specify Name=“”. The port name is used only by AVWorks. Default = last 3 octets of MAC address plus the port number
0, 75, 110, 134, 150, 200. 300, 600, 1200, 2400, 4800, 7200, 9600, 14400, 19200, 28800, 38400, 57600, 115200. Default = 9600
Default = 8
None No parity. Even Even parity. Odd Odd parity. Mark Mark parity. Space Space parity. Default = None
Default = 1
Chapter 5: CCM Commands 59
Port Set Command Parameters (Continued)
Parameter Description
FLOW=<signal> Flow control signal. For hardware fl ow control, be sure the control
signals are correctly wired, or data loss may occur . The fl ow control signal cannot also be used for power status monitoring. Valid values are: XONXOF Software XON/XOFF fl ow control. RTSCTS Hardware RTS/CTS fl ow control. DTRDCD Hardware DTR/DCD fl ow control. None No fl ow control. Default = None
TIMEOUT=<time-out> Number of time-out minutes in the range Ø-90. If no data is received
or transmitted during a Telnet session for the specifi ed period, the session will time-out. A zero value indicates no time-out. This value overrides the time-out value set with a Server CLI command. Default = use value set with Server CLI command
SOCKET=<socket> TCP port that must be entered on the Telnet client to connect to this
serial port. The new value becomes effective upon the next connection to the port. When SSH is enabled, the CCM automatically adds 100 to the specifi ed value. When All is specifi ed, port 1 will be assigned the specifi ed socket value plus 1, port 2 will be assigned the specifi ed value plus 2, and so on. When All is specifi ed and SSH is enabled, port 1 will be assigned the specifi ed socket value plus 101, port 2 will be assigned the specifi ed value plus 102, and so on. When both plain text Telnet and SSH connections are enabled, the +100 value will not appear in displays. Default = 3000 plus the port number, 3100 plus the port number if SSH is enabled; see above for action taken if All is specifi ed
CHAR=^<cli_char> CLI access character in the range A to _ (underscore) or NONE.
(The allowable ASCII range is Øx41-Øx5F and Øx61-Øx7A.) The CLI access character, when pressed simultaneously with the Ctrl key during a session with an attached serial device, will suspend the session with the device and place you in CLI command mode. If None is specifi ed, the value specifi ed in the Char parameter of the Server CLI command will be used. Default = None
TOGGLE=NONE|DTR When set to DTR, the CCM will toggle the ports DTR-out signal
off for 1/2 second each time a connection is made to the port. This toggle is required to awaken the console port of some devices.
POWER=<signal> Control signal to monitor and the state that indicates the target
device has power on. The entire value must be specifi ed; abbreviations are not allowed. The power status monitoring signal cannot also be used for fl ow control. Valid values are: None Disables power status monitoring. HICTS CTS high indicates power on. LOCTS CTS low indicates power on. HIDCD DCD high indicates power on. LODCD DCD low indicates power on. HIDSR DSR high indicates power on. LODSR DSR low indicates power on. Default = None
60 CCM840/1640 Installer/User Guide
Example
The following command sets a baud rate of 57600 and enables XON/XOFF flow control on port 2.
> port 2 set baud=57600 flow=xonxof
Quit Command
The Quit command terminates the current CCM session and terminates your Telnet connection to the CCM.
Access right: none needed Access level: all
Syntax
QUIT
Resume Command
The Resume command exits the CLI and resumes your connection to the attached serial device. The history buffer contains any data received while you were in CLI mode.
Access right: none needed Access level: all
Syntax
RESUME
Server Commands
The Server command has several forms.
Server Command Summary
Command Description
Server CLI Specifi es the serial CLI port, type and access character;
modem initialization string; port history mode operations and port time-out value. It also enables/disables device
connection from the CLI port. Server FLASH Updates the CCM program FLASH. Server PPP Enables/disables PPP connections to the serial CLI port. Server RADIUS Specifi es RADIUS parameters. Server Reboot Reboots the CCM.
Chapter 5: CCM Commands 61
Server Command Summary (Continued)
Command Description
Server Security Specifi es the authentication mode and lock-out. Server Set Changes CCM addresses. Server SNMP Enables/disables SNMP processing. Server SNMP Community Defi nes read, write and trap community strings. Server SNMP Manager Defi nes/deletes SNMP management entities. Server SNMP Trap Enables/disables SNMP traps. Server SNMP Trap Destination Defi nes/deletes destinations for enabled SNMP traps. Server SSH Enables/disables SSH session access to the CCM.
Server CLI command
The Server CLI command:
Speci es the CLI port, type and access character
Enables or disables device connection from the CLI port
Speci es a modem initialization string
Speci es port history mode operations
Speci es a port time-out value
At least one parameter must be specifi ed. Access right: SCON
Access level: APPLIANCEADMIN
Syntax
SERVER CLI [PORT=<port>] [TYPE=<type>] [CHAR=^<char>] [CONNECT=ON|OFF] [HISTORY=HOLD|AUTO,CLEAR|KEEP] [MODEMINIT=“<string>”] [TIMEOUT=<time-out>]
Server CLI Command Parameters
Parameter Description
PORT=<port> CLI port number in the range 1-8 for a CCM840 or 1-16 for a
CCM1640. Default = current CLI port number; 1 is the manufacturing default
TYPE=<type> Terminal type to be used on CLI port. The entire type name must be
specifi ed; abbreviations are not permitted. Valid types are: ASCII, VT52, VT100, VT102, VT220, VT320 and OFF. Specifying Type=Off disables the CLI. Default: ASCII
62 CCM840/1640 Installer/User Guide
Server CLI Command Parameters (Continued)
Parameter Description
CHAR=^<char> CLI access character in the range A through _ (underscore). (The
CONNECT=ON|OFF Enables or disables the ability to use the Connect command from
HISTORY= Port history fi le processing options during connection (Hold or Auto) HOLD|AUTO, and when a session ends (Clear or Keep): CLEAR|KEEP When Hold is specifi ed, upon connection you are informed of how much data is in the history buffer, but the data is not displayed. When Auto is specifi ed, upon connection you are informed of how much data is in the history buffer, and it is then displayed. When Clear is specifi ed, the history buffers content is cleared when a session ends. When Keep is specifi ed, the history buffers content is retained when a session ends. You cannot specify both Clear and Keep or both Hold and Auto. Default = HOLD,CLEAR
MODEMINIT= Modem initialization string, enclosed in quotation marks. Must <string> contain at least ATV1 and SØ=1. Default = “” (no modem is attached to serial CLI port)
TIMEOUT=<time-out> Number of time-out minutes in the range Ø-90. If no data is received
allowable ASCII range is Øx41-Øx5F and Øx61-Øx7A.) The CLI access character, when pressed simultaneously with the Ctrl key during a session with an attached serial device, will suspend the session with the device and place you in CLI command mode. This value will be used if a ports Port Set command contains a Char=None parameter. Default = ^d is the manufacturing default
the serial CLI port. When enabled, a serial CLI user may use the Connect command to establish a connection to the serial device attached to another CCM serial port. When disabled, you cannot use the Connect command from the serial CLI port. Default = ON
or transmitted during a Telnet session for the specifi ed period, the session will time-out. A zero value indicates no time-out. This value is used for any CCM port that does not have a time-out value set with the Port Set command, during a Telnet session to port 23 or an SSH session to port 22. Default = 15 minutes is the manufacturing default
Server FLASH command
The Server FLASH command updates the CCM program images in FLASH memory. You may wish to use this command to update the program with new features or to install a later release of the program.
There are two program images that you may update in the CCM FLASH. The boot image file (ccm40bt.img) contains the CCM startup and self-test logic. The application image (ccm40app.img) contains the CCM program that provides CCM functionality.
Chapter 5: CCM Commands 63
You will need a TFTP server. Download the latest FLASH image. Save the image file to the appropriate directory on the TFTP server.
Access right: SCON Access level: APPLIANCEADMIN
Syntax
SERVER FLASH BOOT|APP HOSTIP=<tftp_add> IMAGE=<host_file>
Server FLASH Command Parameters
Parameter Description
BOOT Indicates the BIOS/Bootstrap image should be updated. APP Indicates the application image should be updated. HOSTIP=<tftp_add> IP address of TFTP server host. IMAGE=<host_fi le> Name of fi le on TFTP server host containing the image fi le.
Example
The following command updates the CCM boot image program using the image file name c:\winnt\system32\drivers\ccm4Øbt.img, which is located on the TFTP server host located at 192.168.1.16.
> ser fla boot hostip=192.168.1.16 ima=c:\winnt\system32\drivers\ ccm40bt.img
Server PPP command
The Server PPP command enables or disables the PPP server on the serial CLI port. For more information, see Connecting to devices using PPP in Chapter 3.
Once the PPP server has been configured with this command by specifying the required addresses and masks, those values remain in the database. Later, if you disable the PPP server and wish to reenable it with the same addresses, you dont need to specify the address values again.
When you enable the PPP server, the serial CLI port must already be defined. When you enter this command, you are prompted to confirm or cancel the
specified changes. Access right: SCON
Access level: APPLIANCEADMIN
Syntax
SERVER PPP DISABLE|ENABLE [LOCALIP=<local_ip>] [REMOTEIP=<rem_ip>] [MASK=<subnet>]
64 CCM840/1640 Installer/User Guide
Server PPP Command Parameters
Parameter Description
DISABLE Disables the PPP server. ENABLE Enables the PPP server. LOCALIP=<local_ip> IP address to be used to connect the CCM over the PPP
REMOTEIP=<rem_ip> IP address to assign to the PPP client end of the PPP connection.
MASK=<subnet> LAN subnet for the PPP dial-in client.
Examples
The following command enables the PPP server with a local IP address of
192.168.0.1, a remote IP address of 192.168.0.2 and a subnet mask of 255.255.255.0.
> ser ppp ena loc=192.168.0.1 rem=192.168.0.2 mas=255.255.255.0
The following command enables the PPP server with previously-configured IP and subnet mask values. This form of the command would not be valid unless the IP and subnet mask values had been previously configured.
connection. Must be on same subnet as REMOTEIP address.
Must be on same subnet as LOCALIP address.
> server ppp enable
Server RADIUS command
The Server RADIUS command defines or deletes RADIUS parameters for the CCM RADIUS client. For more information, see RADIUS authentication in Chapter 3.
When you enter this command, you are prompted to confirm or cancel the specified changes.
Access right: SCON Access level: APPLIANCEADMIN
Syntax
SERVER RADIUS PRIMARY|SECONDARY IP=<radius_ip> SECRET=<secret> USER-RIGHTS=<attr> [AUTHPORT=<udp>] [TIMEOUT=<time-out>] [RETRIES=<retry>]
- or ­ SERVER RADIUS PRIMARY|SECONDARY DELETE
Chapter 5: CCM Commands 65
Server RADIUS Command Parameters
Parameter Description
PRIMARY Indicates the primary RADIUS server is being defi ned or deleted. SECONDARY Indicates the secondary RADIUS server is being defi ned or deleted. IP=<radius_ip> IP address of the RADIUS authentication server. SECRET=<secret> 8-24 character text string for shared secret with the RADIUS server.
Enclose the string in quotes if it contains spaces. USER-RIGHTS=<attr> Attribute number defi ned on the RADIUS server, in the range 1-255. AUTHPORT=<udp> UDP port for RADIUS authentication server, in the range 1-65535.
This value is usually 1645, but may be 1812.
Default = 1645 TIMEOUT=<time-out> Number of seconds to wait for a response from the RADIUS server,
in the range 1-60.
Default = 5 RETRIES=<retry> Number of attempts to make to authenticate a user after a time-out,
in the range 1-10.
Default = 3 DELETE Deletes the RADIUS server defi nition.
Examples
The following command specifies primary RADIUS server information; default values will be used for the UDP port, time-out and retries values.
> ser radius primary ip=192.168.0.200 secret=ThePrimaryRadSecret user-rights=86
The following command deletes the primary RADIUS server definition.
> ser radius primary del
Server Reboot command
The Server Reboot command reboots the CCM. During a reboot, any active Telnet sessions, including your own, are terminated, and all users are informed accordingly. Any CCM configuration changes that require a reboot will become effective when the reboot completes.
When you enter this command, you are prompted to confirm or cancel the reboot. Access right: SCON
Access level: APPLIANCEADMIN
Syntax
SERVER REBOOT
66 CCM840/1640 Installer/User Guide
Server Security command
The Server Security command specifies how authentication will be performed and whether Security Lock-out is enabled. You may also enable/disable SSH connections, plain text Telnet connections or both. For more information, see Using Authentication Modes and Using Security Lock-out in Chapter 3.
When you enter this command, you are prompted to confirm or cancel the specified information.
Access right: SCON Access level: APPLIANCEADMIN
Syntax
SERVER SECURITY [AUTHENTICATION=<auth_mode>] [ENCRYPT=<conns>] [LOCKOUT=<hours>]
Server Security Command Parameters
Parameter Description
AUTHENTICATION= Authentication mode. Multiple values may be specifi ed, separated <auth_mode> by commas. Valid values are: LOCAL - Use the internal CCM user database to authenticate users. RADIUS - Use the previously defi ned RADIUS server(s) to authenticate users. NONE - Do not authenticate users. This mode cannot be used when SSH access is enabled, and it cannot be combined with other authentication modes. Default = LOCAL
ENCRYPT=<conns> Enables/disables plain text Telnet or SSH connections. You may
LOCKOUT=<hours> Enables or disables Security Lock-out. To enable, specify the number
enable both by specifying both values, separated by a comma. Valid values are: SSH Enables SSH connections. None Enables plain text Telnet connections. Default: None
of hours in the lock-out period, in the range 1-99. To disable, specify a Ø value. Default = Ø (disabled)
Examples
The following command specifies that the CCM user database will be used to authenticate users. SSH and plain text Telnet connections will be allowed.
> server security authentication=local encrypt=ssh,none
Chapter 5: CCM Commands 67
Server Set command
The Server Set command changes CCM address information. If you change the IP address, you are prompted to confirm or cancel a CCM
reboot to effect the change (changing the mask or gateway address doesnt require a reboot).
Access right: SCON Access level: APPLIANCEADMIN
Syntax
SERVER SET IP=<ip_address> MASK=<subnet> [GATEWAY=<gtwy>]
Server Set Command Parameters
Parameter Description
IP=<ip_address> CCM IP address. MASK=<subnet> Subnet mask for the subnet on which the CCM resides. GATEWAY=<gtwy> IP address of default gateway for routing IP packets.
Server SNMP command
The Server SNMP command enables or disables SNMP UDP port 161 SNMP processing. When you disable SNMP processing, you may still enable and disable traps with the Server SNMP Trap command.
For more information, see Managing the CCM Using SNMP in Chapter 3. Access right: SCON
Access level: APPLIANCEADMIN
Syntax
SERVER SNMP ENABLE|DISABLE
Server SNMP Command Parameter
Parameter Description
ENABLE|DISABLE Enables or disables SNMP processing.
Default = Enabled
Server SNMP Community command
The Server SNMP Community command defines read, write and trap SNMP community strings. Community names are case-sensitive.
For more information, see Managing the CCM Using SNMP in Chapter 3.
68 CCM840/1640 Installer/User Guide
Access right: SCON Access level: APPLIANCEADMIN
Syntax
SERVER SNMP COMMUNITY [READCOMM=<name>] [WRITECOMM=<name>] [TRAPCOMM=<name>]
Server SNMP Community Command Parameters
Parameter Description
READCOMM=<name> 1-64 alphanumeric character read community name.
WRITECOMM
TRAPCOMM=
=<name> 1-64 alphanumeric character write community name.
<name> 1-64 alphanumeric character trap community name. If you
Server SNMP Manager command
The Server SNMP Manager command defines or deletes SNMP management entities. You may define up to four management entities. If you delete all SNMP managers (or never add any), the CCM may be accessed via SNMP from any IP address.
Default = public
Default = public
specify this parameter, the name must be different from the read and write community names. Default = public
For more information, see Managing the CCM Using SNMP in Chapter 3. Access right: SCON
Access level: APPLIANCEADMIN
Syntax
SERVER SNMP MANAGER ADD|DELETE <ip_address>
Server SNMP Manager Command Parameters
Parameter Description
ADD|DELETE Adds or deletes the specifi ed SNMP management entity. <ip_address> IP address of SNMP management entity.
Example
The following command adds an SNMP management entity with the IP address of 192.168.0.1.
server snmp manager add 192.168.0.1
Chapter 5: CCM Commands 69
Server SNMP Trap command
The Server SNMP Trap command enables or disables SNMP traps. When you issue this command with the Enable parameter, the CCM displays a numbered list of all currently disabled traps. When you issue this command with the Disable parameter, the CCM displays a numbered list of all currently enabled traps.
You may indicate the traps to be enabled/disabled by entering a single number, several numbers separated by commas, a range of numbers separated by a dash or a combinations of numbers separated by commas and dashes. You may also type ALL to select all traps in the list or press Enter, which cancels the operation.
If you specify ALL on the command line, the numbered list is not displayed. If you enable a trap but there is no trap destination configured for it, a warning
will be issued. In this case, issue a Server SNMP Trap Destination command.
NOTE: By default, all traps are disabled. The portAlert trap must be enabled for port alert processing to be performed.
For more information, see Managing the CCM Using SNMP in Chapter 3. The Equinox web site www.equinox.com/support lists the supported traps.
Access right: SCON Access level: APPLIANCEADMIN
Syntax
SERVER SNMP TRAP [ENABLE|DISABLE] [ALL]
Server SNMP Trap Command Parameter
Parameter Description
ENABLE|DISABLE Enable generates a numbered list of currently disabled traps from
which you choose those to enable. Disable generates a numbered list
of currently enabled traps from which you choose those to disable.
Example
The following command enables the linkUp, userDeleted and userLogin SNMP traps.
server snmp trap enable Traps now disabled:
1) linkUp 4) userLogin
2) userAdded 5) imageUpgradeStarted
3) userDeleted Select trap(s) to enable>1,3-4
70 CCM840/1640 Installer/User Guide
Server SNMP Trap Destination command
The Server SNMP Trap Destination command defines or deletes destinations for enabled SNMP traps. Once you define destinations for enabled SNMP traps, when a trap occurs, the CCM will generate SNMP trap messages to each defined SNMP trap destination. You may define up to four trap destinations, using separate commands.
For more information, see Managing the CCM Using SNMP in Chapter 3. Access right: SCON
Access level: APPLIANCEADMIN
Syntax
SERVER SNMP TRAP DESTINATION ADD|DELETE <ip_address>
Server SNMP Trap Destination Command Parameters
Parameter Description
ADD|DELETE Defi nes or deletes the specifi ed destination. <ip_address> IP address of trap destination.
Server SSH command
The Server SSH command enables or disables SSH session access to the CCM and specifies the SSH authentication method. When you enable SSH, all CCM sessions will be terminated if a CCM SSH server key must be generated.
If you enable plain text Telnet connections with a Server Security command, enabling SSH session access with the Server SSH command will add that as a valid connection method (both plain text and SSH connections will be allowed).
For more information, see Connecting to devices using SSH in Chapter 3. Access right: SCON
Access level: APPLIANCEADMIN
Syntax
SERVER SSH ENABLE|DISABLE [AUTH=<auth>]
Server SSH Command Parameters
Parameter Description
ENABLE|DISABLE Enables or disables SSH session access to the CCM.
Chapter 5: CCM Commands 71
Server SSH Command Parameters (Continued)
Parameter Description
AUTH=<auth> SSH authentication methods. You must enter the entire value;
abbreviations are not permitted. Valid values are:
PW Password authentication.
KEY Key authentication.
PW|KEY Password or key authentication.
KEY|PW Key or password authentication.
PW&KEY Password and key authentication.
KEY&PW Key and password authentication.
Default = PW
Show Commands
The Show command has several forms, as listed in the following table.
Show Command Summary
Command Description
Show Port Displays confi guration information and statistics for one or all ports. Show Port Alert Displays port alert strings. Show Server Displays CCM confi guration information and statistics. Show Server CLI Displays CCM CLI settings. Show Server PPP Displays CCM PPP settings. Show Server RADIUS Displays CCM RADIUS settings. Show Server Security Displays CCM authentication, allowed access method and Security
Lock-out settings. Show Server SNMP Displays SNMP confi guration information. Show User Displays user confi guration and session information.
Show Port command
The Show Port command displays configuration and status information about one or all ports.
Access right: SMON Access level: ADMIN or APPLIANCEADMIN
Syntax
SHOW PORT [<port>|ALL|NAMES]
72 CCM840/1640 Installer/User Guide
Show Port Command Parameter
Parameter Description
<port> Port number.
ALL Displays information about all ports. NAMES Displays only port numbers and names. If a port has not been given
The following tables list the display fields for a SHOW PORT command that specifies one or all ports.
Show Port Command Display Fields for Console Ports
Field Content
Port Port number. Serial Port Settings Comma-separated string of port values: baud rate, number of bits,
TX Bytes Number of bytes transmitted. RX Bytes Number of bytes received. Errors Number of TX/RX parity and framing errors. Power Device power status, if monitoring is enabled. ON indicates the
Toggle ** Toggle value (from Port Set command). Power Signal ** Signal and state being monitored for device power status (from Port
Logical name ** Logical port name, which contains last three octets of MAC address
User * Username (from User Add command). Level * User’s access level (from User Add and User Set commands). Access * Users access rights (from User Add and User Set commands). Duration * Duration of user’s session. * Displayed only when the command specifi es a single port that is currently being accessed.
** Displayed only when the command specifi es a single port that is not in use.
Default = your port
a name with a Port Set command, the default name is displayed. A default name contains the last three octets of the MAC address plus the port number.
parity, stop bits, fl ow control, socket number, time-out value and CLI access character. The CLI character is preceded by POR CLI= if it was defi ned with a Port Set command or by SER CLI= if it was defi ned with a Server CLI command.
device is on, OFF indicates the device is off. If monitoring is disabled, this fi eld is blank.
Set command).
plus the port number.
Chapter 5: CCM Commands 73
Show Port Alert command
The Show Port Alert command displays a ports alert strings. Access right: SMON
Access level: ADMIN or APPLIANCEADMIN
Syntax
SHOW PORT <port> ALERT
Show Port Alert Command Parameter
Parameter Description
<port> Port number in the range 1-8 for a CCM840 or 1-16 for a CCM1640.
Show Server command
The Show Server command displays CCM configuration information and statistics.
Access right: SMON Access level: ADMIN or APPLIANCEADMIN
Syntax
SHOW SERVER
Show Server Command Display Fields
Field Content
Server CCM IP address (from initial confi guration or Server Set command). Mask Subnet mask (from initial confi guration or Server Set command). Gateway Gateway IP address (from initial confi guration or Server Set command). Up Time Days, hours, minutes and seconds since CCM was rebooted. MAC Ethernet MAC address. S/N CCM serial number. Port Port number. Username Username (from User Add command). Duration Duration of session. Socket Telnet CCM socket number. From Socket Telnet client IP address with socket number in parentheses. IP Input and Output Network IP statistics, including number of packets delivered,
discarded and fragments. TCP Network TCP statistics, including in segs, out segs, errors
and retransmissions.
74 CCM840/1640 Installer/User Guide
Show Server Command Display Fields (Continued)
Field Content
UDP Network UDP statistics, including in, out, errors and no port events. BOOT BIOS/Bootstrap version, date and time. APP Application version that is running, plus its date and time.
Show Server CLI command
The Show Server CLI command displays the CCM serial CLI settings. Access right: SMON
Access level: ADMIN or APPLIANCEADMIN
Syntax
SHOW SERVER CLI
Show Server CLI Command Display Fields
Field Contents
CLI Port Serial CLI port number and terminal type. Access Character Control character used to access CLI. History Indicates whether a ports history buffer content is displayed (auto)
Connect Indicates whether a valid user on the serial CLI port may use the
Modeminit string String used to initiate modem connections on the serial CLI port. Server CLI Timeout Session time-out value, shown in full minute or minute: second form
or not displayed (hold) when a user connects to the port, and whether the buffer content is cleared (clear) or kept (keep) when a session ends.
Connect command.
(for example, 3m for 3 minutes, 3:30 for 3 minutes, 3 seconds).
Show Server PPP command
The Show Server PPP command displays the current CCM PPP settings that were configured with the Server PPP command.
Access right: SMON Access level: ADMIN or APPLIANCEADMIN
Syntax
SHOW SERVER PPP
Chapter 5: CCM Commands 75
Show Server RADIUS command
The Show Server RADIUS command displays the current CCM RADIUS settings that were configured with the Server RADIUS command.
Access right: SMON Access level: ADMIN or APPLIANCEADMIN
Syntax
SHOW SERVER RADIUS
Show Server Security command
The Show Server Security command displays the current CCM authentication and lock-out settings that were configured with the Server Security and Server SSH commands.
Access right: SMON Access level: ADMIN or APPLIANCEADMIN
Syntax
SHOW SERVER SECURITY
Show Server Security Command Display Fields
Field Contents
Authentication Confi gured authentication method(s). This includes the SSH
authentication method confi gured with the Server SSH command (or
the default value), regardless of whether SSH is enabled. Encryption Confi gured connection methods. Lockout Confi gured security lock-out state (Enabled or Disabled). If Enabled,
the number of hours in the lock-out period is included. Fingerprint (Hex) SSH key MD5 hash. This fi eld is displayed only when SSH is enabled. Fingerprint (BB) SSH key bubble babble. This fi eld is displayed only when SSH
is enabled.
Show Server SNMP command
The Show Server SNMP command displays SNMP configuration information. Access right: SMON
Access level: ADMIN or APPLIANCEADMIN
Syntax
SHOW SERVER SNMP
76 CCM840/1640 Installer/User Guide
Show User command
The Show User command displays information about one or all users. Access right: SMON
Access level: ADMIN or APPLIANCEADMIN
Syntax
SHOW USER [<username>|ALL]
Show User Command Parameter
Parameter Description
<username> Username.
ALL Requests a display of all defi ned users.
The Show User command display for one user includes the information in the following table.
Show User Command Display Fields
Default: user currently logged in
Field Contents
User Username. Level User’s access level. If a level was not confi gured, access rights
determine the level: Users with SCON access => APPLIANCEADMIN. Users with USER but not SCON => ADMIN.
Otherwise, USER level is assigned. Access User’s access rights. Locked YES if user is locked-out, NO if not. Last Login System up time value when the user logged in. Port Serial port to which user is connected. Username Username. Duration Duration of users session. Socket Telnet CCM socket number. From Socket Telnet client IP address and socket number.
Chapter 5: CCM Commands 77
A Show User All command display includes the information in the following table.
Show User All Command Display Fields
Field Contents
User Username. Pass YES if user has a password defi ned, NO if not. Key YES if user has an SSH key defi ned, NO if not. Lock YES if user is locked-out, NO if not. Level Users access level. If a level was not confi gured, access rights
determine the level: Users with SCON access => APPLIANCEADMIN. Users with USER but not SCON => ADMIN. Otherwise, USER level is assigned..
Access Users access rights.
SPC Command
The SPC command is reserved for future functionality
.
User Commands
The User command has several forms, as listed in the following table.
User Command Summary
Command Description
User Add Adds a new user to the CCM user database. User Delete Deletes a user from the CCM user database. User Logout Terminates a user’s active CCM session. User Set Changes a users confi guration information. User Unlock Unlocks a locked-out user.
User Add command
The User Add command adds a new user to the CCM user database. The CCM user database holds a maximum of 64 user definitions. For more information, see Managing Users, Connecting to devices using SSH and Access rights and levels in Chapter 3.
Access right: USER Access level: ADMIN or APPLIANCEADMIN
78 CCM840/1640 Installer/User Guide
Syntax
USER ADD <username> [PASSWORD=<pwd>] [SSHKEY=<keyfile>] [FTPIP=<ftpadd>] [KEY=<sshkey>] [ACCESS=<access>]
User Add Command Parameters
Parameter Description
<username> 3-16 alphanumeric character username. Usernames are case sensitive. PASSWORD=<pwd> 3-16 alphanumeric character password. Passwords are case sensitive. SSHKEY=<key le> Name of uuencoded public key fi le on an FTP server. The maximum
FTPIP=<ftpadd> FTP server’s IP address. If this parameter is specifi ed, you must also
KEY=<sshkey> Uuencoded SSH key. ACCESS=<access> Command and port access rights or level. You may specify multiple
le size that can be received is 4K bytes. If this parameter is
specifi ed, you must also specify the FTPIP parameter.
specify the SSHKEY parameter.
access rights, separated by commas, or a level.
Valid values for access rights are:
P<n> Access to the specifi ed port number.
P<x-y> Access to the specifi ed range of ports.
PALL Access to all ports.
USER User confi guration access rights.
PCON Port confi guration access rights.
SCON Confi guration access rights.
SMON Monitor access rights.
BREAK May issue Port Break command.
Valid values for access levels are:
ADMIN PALL, USER, SMON, PCON and
BREAK access rights.
APPLIANCEADMIN PALL, USER, SCON, SMON,
PCON and BREAK access rights.
Default = PALL,SMON
Examples
The following command adds the username JohnDoe, with the password secretname, access to ports 2, 5, 6 and 7 and user and monitor access rights.
> user add JohnDoe password=secretname access=P2,5-7,user,smon
The following command adds the username JaneDoe, with access to all ports. The name of the SSH public user key file is ccm_key2.pub. This file is located on the FTP server at IP address 10.0.0.3.
> user add JaneDoe ssh=ccm_key2.pub ftp=10.0.0.3 access=pall
Chapter 5: CCM Commands 79
The following command adds the username JDoe and gives that user the Appliance Administrator access level, which enables access to all ports and CCM commands.
> user add JDoe access=applianceadmin
User Delete command
The User Delete command removes a username entry from the CCM user database. The username may no longer be used to authenticate a session with the CCM. If the specified user is currently logged in, a message is output to the user, indicating that access is no longer permitted, and the Telnet session is terminated.
Access right: USER Access level: ADMIN or APPLIANCEADMIN
Syntax
USER DEL <username>
User Delete Command Parameter
Parameter Description
<username> Username to be deleted.
User Logout command
The User Logout command terminates a users active sessions on the CCM. If the specified user has no active sessions, an error message is displayed. For all active sessions that are terminated, a message is sent to the Telnet client and the Telnet connection is dropped.
Access right: USER Access level: APPLIANCEADMIN may log out any user; ADMIN may log out any other user except APPLIANCEADMIN
Syntax
USER LOGOUT <username>
User Logout Command Parameter
Parameter Description
<username> Username to be logged out.
80 CCM840/1640 Installer/User Guide
User Set command
The User Set command changes a users configuration in the CCM user database. For more information, see Managing Users, Connecting to devices using SSH and Access rights and levels in Chapter 3.
You may delete a users password or key; however, each user must have a password or a key, so you cannot remove both. Also, you cannot remove a users password or key if that action would result in no users having USER access rights.
Access right: none to change your own password, USER to change anything else Access level: none to change your own password; ADMIN or APPLIANCEADMIN to change anything else
Syntax
USER SET <username> [PASSWORD=<pwd>] [SSHKEY=<keyfile>] [FTPIP=<ftpadd>] [KEY=<sshkey>] [ACCESS=<access>]
User Set Command Parameters
Parameter Description
<username> Username. PASSWORD=<pwd> New 3-16 alphanumeric character password. Passwords are case
SSHKEY=<key le> Name of uuencoded public key fi le on an FTP server. The maximum
FTPIP=<ftpadd> FTP server’s IP address. KEY=<sshkey> Uuencoded SSH key. To delete an SSH key (whether it was
ACCESS=<access> Command and port access rights or level. You may specify multiple
sensitive. This parameter is required when changing another users
password. The password is displayed on the screen. For security,
clear your screen display after issuing this command.
To delete a password, specify Password =“”.
le size that can be received is 4K bytes.
originally specifi ed with the SSHKEY and FTPIP parameters or with
the KEY parameter), specify Key=“”.
access rights, separated by commas, or a level. If specifying access
rights, you may use one of three forms:
ACCESS=<access> to specify all access rights.
ACCESS=+<access> to specify only access rights to be added.
ACCESS=-<access> to specify only access rights to be deleted.
Valid values for access rights are:
P<n> Access to the specifi ed port number.
P<x-y> Access to the specifi ed range of ports.
PALL Access to all ports.
USER User confi guration access rights.
PCON Port confi guration access rights.
SCON Confi guration access rights.
SMON Monitor access rights.
BREAK May issue Port Break command.
Chapter 5: CCM Commands 81
User Set Command Parameters (Continued)
Parameter Description
ACCESS=<access> Valid values for access levels are: (Continued) ADMIN PALL, USER, SMON, PCON and BREAK access rights. APPLIANCEADMIN PALL, USER, SCON, SMON, PCON and BREAK access rights. Default = PALL,SMON
Examples
The following command sets the access rights for JohnDoe enabling access to all ports with configuring and monitoring access rights.
> user set JohnDoe access=pall,scon,smon
The following command removes the server configuration access right for JohnDoe, and leaves other access rights intact.
> user set JohnDoe access=-SCON
The following command deletes the SSH key information for JohnDoe. The command will complete successfully only if JohnDoe has a password configured in a previous User Add or User Set command, and if there are other users with User access rights.
> user set key=“”
User Unlock command
The User Unlock command unlocks a user who was previously locked­out. After this command completes, the user will be able to attempt login authentication again.
Access right: USER Access level: APPLIANCEADMIN may unlock any user; ADMIN may unlock any user except APPLIANCEADMIN
Syntax
USER UNLOCK <username>
User Logout Command Parameter
Parameter Description
<username> Username to be unlocked.
82 CCM840/1640 Installer/User Guide

Appendices

Contents
Appendix A: Technical Specifications . . . . . . . . . . 85
Appendix B: Device Cabling . . . . . . . . . . . . . . . . . . 86
Appendix C: Ports Used . . . . . . . . . . . . . . . . . . . . . . 90
Appendix D: Technical Support . . . . . . . . . . . . . . . 91
Appendices 85
Appendices
Appendix A: Technical Specifications
The following table lists the CCM technical specifications.
CCM Product Specifi cations
Device Ports Number 8 (CCM840); 16 (CCM1640) Type Serial ports Connectors Serial port RJ-45 Network Connection Number 1 Type Ethernet: IEEE 802.3, 10BaseT
Fast Ethernet: IEEE 802.3U, 100BaseT Connector RJ-45 Dimensions Dimensions (H x W x D) 4.45 x 22.23 x 20.32 cm 1U form factor
(1.75 x 8.75 x 8.00 in) Weight 5 lbs (2.3 kg) without cables
Heat Dissipation 75 BTU/hr (CCM840); 102 BTU/hr (CCM1640)
Airfl ow 2.5 cfm Power Consumption 22 W (CCM840); 30 W (CCM1640) AC-input power 50 W maximum AC-input maximum 90-267 VAC AC-input current rating 0.5 A AC-input cable 18 AWG three-wire cable, with a three-lead
IEC-320 receptacle on the power supply end and a country dependent plug on the power resource end
Frequency 50-60 Hz Temperature Ø˚ to +40˚ Celsius (+32˚ to +104˚ Fahrenheit) operating
-20˚ to +65˚ Celsius (-4˚ to +149˚ Fahrenheit) nonoperating Humidity 10%-90% noncondensing Agency Approvals FCC P 15 Class A, EN55022, EN61000-3-2, EN61000-3-3, EN60950,
EN55024, ETL (UL 1950), CSA 22.2 No. 950
86 CCM840/1640 Installer/User Guide
Appendix B: Device Cabling
Each CCM serial port has an RJ-45 connector for attaching a serial device. The following table lists the pin assignments.
Port Pin Assignments
Pin # RS-232 Signal Direction Description
1 RTS Output Request To Send 2 DSR Input Data Set Ready 3 DCD Input Data Carrier Detect 4 RxD Input Receive Data 5 TxD Output Transmit Data 6 GND (N/A) Signal Ground 7 DTR Output Data Terminal Ready 8 CTS Input Clear to Send NOTE: RI (Ring Indicate) is not supported
Figures B.1 through B.3 show the wiring diagrams for cables that connect from CCM ports to terminals/printers, PCs and modems.
Figure B.1: Cable Pin Assignments for RJ-45 to Terminal/Printer
Appendices 87
Figure B.2: Cable Pin Assignments for RJ-45 to PC DB-9
Figure B.3: Cable Pin Assignments for RJ-45 to Modem DB-25
88 CCM840/1640 Installer/User Guide
RJ-45 modular adaptors and cables
Modular adaptors are available from Equinox to convert RJ-45 modular jacks to standard pinout configurations. These modular adaptors, when used with 8­wire cables, provide the functions shown in Figures B.1 through B.3. Adaptors are available for use with:
CAT 5 cable.
Serial reversing cable. Reversing adaptors and cables are recommended
for distances greater than 100 feet.
Adaptors for Use with CAT 5 Cable
Part No. Description
210122 RJ-45 to DB-9M (DTE) Adaptor 210120 RJ-45 to DB-9F (DCE) Adaptor 210124 RJ-45 to DB-25M (DTE) Adaptor 210123 RJ-45 to DB-25M (DCE) Adaptor 210125 RJ-45 to DB-25F (DTE) Adaptor 210121 RJ-45 to DB-25F (DCE) Adaptor 210127 RJ-45 to RJ-45 Male Adaptor for Cisco and Sun Netra console port 750238 CAT 5 Serial Starter Kit - includes all the above adaptors
The following table lists the available Equinox modular adaptors for use with 8-wire reversing modular cables, plus available reversing modular cables. These are recommended for distances greater than 100 feet.
Reversing Cables and Adaptors
Part No. Description
210094 RJ-45 to DB-9M (DTE) Adaptor 210095 RJ-45 to DB-9F (DCE) Adaptor 210090 RJ-45 to DB-25M (DTE) Adaptor 210092 RJ-45 to DB-25M (DCE) Adaptor 210091 RJ-45 to DB-25F (DTE) Adaptor 210093 RJ-45 to DB-25F (DCE) Adaptor 210105 RJ-45 to RJ-45 Male Adaptor for Cisco and Sun Netra console port 690226 10 foot 8-wire Reversing Modular Cable 690227 25 foot 8-wire Reversing Modular Cable 690228 75 foot 8-wire Reversing Modular Cable 750122 Wiring Starter Kit (8-wire) - includes all the above adaptors and one
690226 cable
Appendices 89
If you choose to use a non-Equinox reversing cable, make sure the cable is reversing, as shown in Figure B.4.
RTS DSR CD RD TD GND DTR CTS
Figure B.4: 8-wire RJ-45 Reversing Cable
You may also order a Rack Mount Shelf.
90 CCM840/1640 Installer/User Guide
Appendix C: Ports Used
The following table lists the UDP and TCP port numbers used by the CCM. The values assume a default CCM configuration; some values are configurable.
Ports Used by CCM
Port Type and Number Used for
TCP 22 SSH2, if enabled. TCP 23 Telnet. UDP 161 SNMP, if enabled. UDP 3211 Secure protocol used by AVWorks. TCP 3211 Secure protocol used by AVWorks. TCP 3001-3016 Telnet serial sessions with ports 1-16. TCP 3101-3116 SSH serial sessions with ports 1-16.
Appendices 91
Appendix D: Technical Support
Our Technical Support staff is ready to assist you with any installation or operating problems you encounter with your Equinox product. If an issue should develop, follow the steps below for the fastest possible service:
1. Check the pertinent section of the manual to see if the issue may be resolved by following the procedures outlined.
2. Check our web site at www.equinox.com/support to search the knowledge base or use the online service request.
3. Call Equinox Technical Support for assistance at (954) 746-9000, ext. 322. Visit the Equinox web site at http://www.equinox.com/support and click on Support - Getting Support for current phone support hours.
92 CCM840/1640 Installer/User Guide
LIMITED WARRANTY
Equinox warrants that the Product(s) shall be free from manufacturing defects in materials and workmanship for a period of fi ve (5) years from the date of delivery provided that the Product was properly installed and used. Defects, malfunctions or failures of the warranted Product caused by damage resulting from ac ts of God (such as fl oods, fi re, etc.), environmental and atmospheric disturbances, other external forces such as power line disturbances, host computer malfunction, plugging the board in under power , or incorrect cabling and damage caused by misuse, abuse and unauthorized alteration or repair are not warranted.
This warranty is limited to the repair and/or replacement, at Equinox option, of the defective Product during its warranty period. Customer must obtain a Return Material Authorization (RMA) number prior to ret urning the defective Product to Equinox for service. Customer agrees to insure the Product or assume the risk of loss or damage in transit, to prepay shipping charges and to use the original shipping container or equivalent. Contact Equinox Customer Support at 954-746-9000 for further information. Product repaired or replaced shall be warranted for a period of ninety (90) days or for the duration of the initial Product warranty period, whichever is longer.
THE PROVISIONS OF THE WARRANTY ARE IN LIEU OF ANY OTHER WARRANTY, WHETHER EXPRESSED OR IM PLI ED, WRITTEN O R ORAL, AND EQ UI NOX LIABILITY ARI SI NG OUT OF TH E MANU FACTURE, SALE OR SU PP LYI NG OF TH E PR ODUCT AN D ITS US E, WH ETHER BASE D ON WARRANTY, C ONTRACT, NEG LIGENC E, PRO DUCT LIABILITY OR OTH ERWISE , SHALL NOT EXCEED TH E ORIG INAL COST OF THE P RODUCT. IN NO EVENT SHALL EQ UI NOX BE LIABLE FO R UNI NTEN DED O R CONS EQU ENTIAL DAMAGES , INC LUDIN G , B UT N OT LIMITED TO, LOSS OF P R OFITS OR US E DAMAGES ARIS ING OUT OF THE MANUFACTURE, SALE OR SUPPLYING OF THE PRODUCT.
© Copyright 2004 Equinox Systems. All rights reserved.
For T echnical Support:
Email: support@equinox.com
www.equinox.com
Equinox Systems One Equinox Way Sunrise, Florida 33351 USA Tel: 954.746.9000
590-364-001B
Loading...