Avocent CPS1610 User Manual

CPS
Installer/User Guide
CPS810
CPS1610
INSTRUCTIONS
This symbol is intended to alert the user to the presence of important operating and maintenance (servicing) instructions in the literature accompanying the appliance.
DANGEROUS VOLTAGE
POWER ON
This symbol indicates the principal on/off switch is in the on position.
POWER OFF
This symbol indicates the principal on/off switch is in the off position.
PROTECTIVE GROUNDING TERMINAL
This symbol indicates a terminal which must be connected to earth ground prior to making any other connections to the equipment.
This document is written for use with the CPS application version 2.1.
CPS
Installer/User Guide
Avocent, the Avocent logo, The Power of Being There, CPS, DSView and AVWorks are trademarks or registered trademarks of Avocent Corporation. All other marks are the property of their respective owners.
© 2003 Avocent Corporation. All rights reserved.
USA Notification
Canadian Notification
Japanese Notification
Agency Approvals
Warning: Changes or modifications to this unit not expressly approved by the party responsible for compliance could void the user's authority to operate the equipment.
Note: This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment generates, uses and can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference in which case the user will be required to correct the interference at his own expense.
This digital apparatus does not exceed the Class A limits for radio noise emissions from digital apparatus set out in the Radio Interference Regulations of the Canadian Department of Communications.
Le présent appareil numérique n’émet pas de bruits radioélectriques dépassant les limites applicables aux appareils numériques de la classe A prescrites dans le Règlement sur le brouillage radioélectrique édicté par le Ministère des Communications du Canada.
UL 1950, CSA C22.2 No. 950, EN60950, IEC 950 FCC part 15A, EN55022, EN610003-2, EN610003-3, EN5502
Table of Contents
Chapter 1: Product Overview
Features and Benefits . . . . . . . . . . . . . . . . . . . . . . . . . 3
Safety Precautions . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Chapter 2: Installation and Configuration
Hardware Overview . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Installing the CPS . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Configuring the CPS . . . . . . . . . . . . . . . . . . . . . . . . 10
Reinitializing the CPS . . . . . . . . . . . . . . . . . . . . . . . 14
Chapter 3: Operations
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Configuring Serial Port Settings . . . . . . . . . . . . . . . 17
Connecting to Serial Devices . . . . . . . . . . . . . . . . . . 19
Managing User Accounts . . . . . . . . . . . . . . . . . . . . 28
Using Authentication and Encryption . . . . . . . . . . 31
Using Security Lock-out . . . . . . . . . . . . . . . . . . . . . 35
Managing the Port History Buffer . . . . . . . . . . . . . 36
Managing SNMP Structures . . . . . . . . . . . . . . . . . . 39
Chapter 4: Using CPS Commands
Accessing the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Entering Commands . . . . . . . . . . . . . . . . . . . . . . . . 45
Understanding Conventions . . . . . . . . . . . . . . . . . . 46
Command Summary . . . . . . . . . . . . . . . . . . . . . . . . 48
Chapter 5: CPS Commands
Connect Command . . . . . . . . . . . . . . . . . . . . . . . . . 53
Disconnect Command . . . . . . . . . . . . . . . . . . . . . . . 53
Help Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Port Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Quit Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Resume Command . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Server Commands . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Show Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
SPC Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
User Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Appendices
Appendix A: Technical Specifications . . . . . . . . . . 85
Appendix B: Device Cabling . . . . . . . . . . . . . . . . . . 86
Appendix C: Ports Used . . . . . . . . . . . . . . . . . . . . . . 89
Appendix D: Technical Support . . . . . . . . . . . . . . . 90
1
Product Overview
Contents
Features and Benefits . . . . . . . . . . . . . . . . . . . . . . . . . 3
Safety Precautions . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Chapter 1: Product Overview 3
Chapter 1: Product Overview
Features and Benefits
Overview
The CPS is a serial over IP network appliance that provides non-blocked access and control for multiplatform servers and serial devices such as routers, power management devices and firewalls. This includes Avocent SPC power distribution units that provide advanced power management and security.
You may connect up to 8 serial devices to a CPS810, and 16 serial devices to a CPS1610. A single 10/100 Ethernet port provides network connectivity on each CPS. Two CPS appliances may be mounted in 1U of vertical space in a standard 19 inch rack.
Figure 1.1: CPS Model 1610
Serial device access options
You may choose from among several available Telnet options to access the CPS and its attached serial devices:
The proprietary DS family of access and management interfaces, includ­ing DSAdmin, DSAuth and DSView™, which offers a built-in enhanced Te lnet client
Third-party Telnet clients
Access to attached serial devices is also possible via a serial Command Line Interface (CLI) connection, a PPP (Point to Point Protocol) dial-in connection to a serial CLI modem or from a third-party SSH client.
User authentication and data security
The CPS user database supports up to 64 user accounts, which include usernames, passwords and/or keys, plus specifications of access rights to CPS ports and commands. User definitions may be changed at any time. You may choose to have user access authenticated locally at the CPS user database, at one or more DS authentication servers or at one or more RADIUS (Remote Access Dial-In User Service) servers. Data security may be enhanced via industry-standard Secure Socket Layer (SSL) and SSH encryption methods.
4 CPS Installer/User Guide
Extensive command set
The CPS offers a wide range of commands that allow administrators to easily configure, control and display information about the CPS operating environment, including its ports, user accounts and active sessions. The user interface also offers descriptive error message data and built-in command help information. On-board Trivial File Transfer Protocol (TFTP) support allows administrators to upload new functionality to CPS units in the field.
Port history
Each CPS port has a buffer that holds the most recent 64K bytes of online and offline serial data. A separate history command mode lets you navigate within a port’s current history file and conduct tailored searches.
Safety Precautions
To avoid potential device problems when using Avocent products, if the building has 3-phase AC power, ensure that a computer and its monitor (if used) are on the same phase. For best results, they should be on the same circuit.
To avoid potentially fatal shock hazard and possible damage to equipment, please observe the following precautions:
Do not use a 2-wire extension cord in any Avocent product confi guration.
Test AC outlets at the computer and monitor (if used) for proper polarity and grounding.
Use only with grounded outlets at both the computer and monitor. When using a backup Uninterruptible Power Supply (UPS), power the computer, the monitor and the CPS unit off the supply.
NOTE: The AC inlet is the main disconnect.
Rack mount safety considerations
Elevated Ambient Temperature: If installed in a closed rack assembly, the operation temperature of the rack environment may be greater than room ambient. Use care not to exceed the rated maximum ambient temperature of the unit.
• Reduced Airfl ow: Installation of the equipment in a rack should be such that the amount of airfl ow required for safe operation of the equipment is not compromised.
Mechanical Loading: Mounting of the equipment in the rack should be such that a hazardous condition is not achieved due to uneven mechanical loading.
Chapter 1: Product Overview 5
Circuit Overloading: Consideration should be given to the connection of the equipment to the supply circuit and the effect that overloading of circuits might have on overcurrent protection and supply wiring. Consider equipment nameplate ratings for maximum current.
Reliable Earthing: Reliable earthing of rack mounted equipment should be maintained. Pay particular attention to supply connections other than
direct connections to the branch circuit (for example, use of power strips).
6 CPS Installer/User Guide
Installation and
2
Configuration
Contents
Hardware Overview . . . . . . . . . . . . . . . . . . . . . . . . . 9
Installing the CPS . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Configuring the CPS . . . . . . . . . . . . . . . . . . . . . . . . 10
Reinitializing the CPS . . . . . . . . . . . . . . . . . . . . . . . 14
Chapter 2: Installation and Configuration 9
Chapter 2: Installation and Configuration
Hardware Overview
Figure 2.1 shows the front panel of a CPS1610.
Figure 2.1: CPS1610 Front Panel
The lower left area of the front panel contains five LEDs and two buttons, which are described in the following table.
CPS LEDs and Buttons
LED/Button Description
POWER The POWER LED illuminates when the CPS is connected to a
power source.
ONLINE The ONLINE LED illuminates steadily (not blinking) when the CPS
self-test and initialization procedures complete successfully.
LINK The LINK LED illuminates when the CPS establishes a connection
to the network.
TRAFFIC The TRAFFIC LED blinks when there is network traffi c.
100MBps The 100MBps LED illuminates when the CPS is connected to a 100
MBps LAN.
RESET The RESET button, when pressed, reboots the CPS.
INIT The INIT button, when pressed, restores the CPS to factory defaults;
for more information, see Reinitializing the CPS in this chapter.
As shown in Figure 2.2, the back of the CPS contains 8 (CPS810) or 16 (CPS1610) RJ-45 connectors for serial cabling, a LAN connector for a 10BaseT or 100BaseT interface cable and a power receptacle.
Figure 2.2: CPS1610 Back Panel
10 CPS Installer/User Guide
Installing the CPS
See Appendix B for device cabling information.
WARNING : The power outlet should be installed near the equipment and should be easily accessible.
To install the CPS hardware:
1. Locate the CPS where you can connect cables between the serial devices and the CPS serial ports, and where you can connect a LAN interface cable between the Ethernet hub or switch and the CPS LAN connector.
If you are using a CPS rack mount kit, follow the instructions included
with the kit.
2. Attach a 10BaseT or 100BaseT LAN interface cable to the LAN connector on the back of the CPS. The CPS requires a CAT 5 cable for 100BaseT operation.
3. Insert the power cord into the back of the CPS. Insert the other end of the power cord into a grounded electrical receptacle.
4. Check that the POWER LED is illuminated. If not, check the power cable to ensure that it is inserted snugly into the back of the CPS. The ONLINE LED will illuminate within one minute to indicate that the CPS self-test is complete. If the ONLINE LED blinks, contact Avocent Technical Support for assistance.
5. Check that the LINK LED is also illuminated. If not, check the Ethernet cable to ensure that both ends are correctly inserted into their jacks. If the CPS is not correctly connected to an Ethernet hub or switch, you will not be able to confi gure the CPS for operation. If the CPS is connected to a 100 MB Ethernet hub, the 100M Bps LED will also be illuminated.
6. Once the POWER, ONLINE and LINK LEDs are illuminated, remove power from the CPS and proceed with the confi guration process.
WARNING : The CPS and all attached devices should be powered down before servicing the unit. Always disconnect the power cord from the wall outlet.
Configuring the CPS
To configure the CPS, you must enter a unique IP address and the network’s subnet mask. This information will be stored in the CPS configuration database. During initial login, you will specify a password for the Admin user.
Chapter 2: Installation and Configuration 11
Configuring the IP address and subnet mask
You may use any of three methods to configure the CPS IP address and subnet mask: BootP, Telnet Command Line Interface (CLI) or the serial CLI on port 1.
These methods work as documented on most Windows® and UNIX systems; however, the actual implementation on your system may differ from the instructions provided. Refer to your system administrator guide.
To confi gure the IP address and subnet mask using BootP:
1. Ensure that there is a BootP server on your network that is confi gured to correctly respond to a BootP request from the CPS. BootP servers require the Ethernet MAC address of network devices. The CPS Ethernet MAC address is located on the back panel above the LAN connector. See your BootP server’s system administrator guide for information about confi guring the BootP server.
2. After you have confi gured your network’s BootP server with the CPS Ethernet MAC address, IP address and subnet mask, restore power to the CPS and wait for the ONLINE LED to illuminate. Once this occurs, the CPS has completed the BootP protocol, obtained its IP address and subnet mask and stored these in FLASH.
3. You may verify that the BootP process was successful with a ping command, which tests network connectivity. The ping command is entered as:
ping <ip_address>
For example, the following command tests the network connectivity of a
CPS with the IP address 192.168.0.5.
ping 192.168.0.5
4. If the CPS completes the BootP successfully, you will see a display similar to the following.
Pinging 192.168.0.5 with 32 bytes of data: Reply from 192.168.0.5: bytes=32 time<10ms TTL=128 Reply from 192.168.0.5: bytes=32 time<10ms TTL=128 Reply from 192.168.0.5: bytes=32 time<10ms TTL=128 Reply from 192.168.0.5: bytes=32 time<10ms TTL=128
If the CPS did not successfully obtain its IP address with the BootP
protocol, you will see a display similar to the following.
Pinging 192.168.0.5 with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out.
In this case, check the MAC address and IP address provided to the BootP
server to confi rm they are correct. Verify that the Ethernet LAN adaptor cable is correctly installed on the CPS and the Ethernet hub.
12 CPS Installer/User Guide
After the IP address is configured successfully, launch a Telnet session to the CPS IP address. Then, see Initial CPS login in this chapter.
To confi gure the IP address and subnet mask using a Telnet CLI:
1. Ensure that your server or workstation has a Telnet client and is located on the same LAN segment as the CPS.
2. Use the arp command to update the server or workstation with the CPS IP address and Ethernet MAC address. The CPS Ethernet MAC address is located on the back panel above the LAN connector. The arp command is entered as:
arp -s <ip_address> <mac_address>
For example, the following command assigns the IP address 192.168.0.5
and the Ethernet MAC address 00-80-7d-54-01-54 to the CPS.
arp -s 192.168.0.5 00-80-7d-54-01-54
On a UNIX platform, the MAC address may require colons (:) instead of
dashes (-), for example, 00:80:7d:54:01:54.
3. You may verify that you entered the information correctly by using an arp command with the -a option.
arp -a
This command shows all arp entries for the server or workstation. See
your system administrator guide if you need additional help with the arp command.
4. After the above arp command is entered correctly, launch a Telnet client to the assigned IP address. Then, continue with Initial CPS login in this chapter.
To confi gure the CPS using the serial CLI:
1. By factory default, port 1 of the CPS is confi gured for the serial CLI. To access the serial CLI, attach a compatible device to port 1. The compatible device types are: ASCII, VT52, VT100, VT102, VT220 and VT320.
Appendix B lists the required cables and adaptors. You may also use any
terminal emulation program that is available on your system.
2. Confi gure your terminal or terminal emulation program as follows.
Baud rate 9600
Bits per character 8 Parity None Stop bits 1 Flow control None
3. Press the Return or Enter key until a prompt appears, requesting your username. If you do not receive a prompt after pressing the key fi ve times, check your cable and serial settings to be sure that they are correct.
Chapter 2: Installation and Configuration 13
4. Proceed to Initial CPS login in this chapter.
After you complete the CPS configuration, you may reconfigure the CLI on another port or disable it completely and use port 1 with an attached device. For more information, see Connecting to devices from the serial CLI port in Chapter 3.
Initial CPS login
The CPS ships with a single user defined in its user database. The first time you connect to the CPS via Telnet or serial CLI, you are prompted for a username.
To log in to the CPS for the fi rst time:
1. At the Username prompt, type Admin. There is no factory default password for the Admin user. At the Password prompt, press Return.
Avocent CPS1610 S/W Version 2.1 (ASCII) Username: Admin Password: Authentication Complete CPS configuration is required.
2. Once authentication completes, the CPS prompts for any missing confi guration values that are required for operation.
If you already provided the IP address and subnet mask, you will not be
prompted for those values again.
If you have not already provided the IP address and subnet mask, you will
be prompted for them. Enter the CPS IP address and subnet mask using standard dot notation.
CPS configuration is required Enter CPS IP address > 192.168.0.5 Enter CPS Subnet mask > 255.255.255.0
3. You are prompted for a new Admin password. Passwords are case sensitive and must contain 3-16 alphanumeric characters. You must enter the new password twice to confi rm that you entered it correctly.
Enter CPS New Admin Password > ***** Confirm New Admin Password > *****
After you have provided the required configuration information, a confirmation message appears while the CPS stores the values in its configuration database.
You have now completed the initial login, and you may enter additional commands at the CLI prompt (>). To configure other CPS ports, see Configuring Serial Port Settings in Chapter 3.
14 CPS Installer/User Guide
Reinitializing the CPS
Reinitializing the CPS removes configured information. This may be useful when reinstalling the CPS at another location in your network.
The CPS stores configuration information in FLASH databases. During reinitialization, the FLASH erase has two phases. The first phase erases the CPS configuration database, which contains all nonvolatile data except the IP address. The second phase erases the IP address and restores the CPS to its factory default settings.
To reinitialize the CPS:
1. Locate the recessed INIT button on the front of the CPS. You will need a non-conductive, non-metallic tool that fi ts inside the recess.
2. Insert the tool in the recess, then depress and hold the button. The ONLINE LED will blink, indicating a CPS initialization has been requested. You have approximately seven seconds to release the button before any action is taken.
After seven seconds, the ONLINE LED will blink more rapidly to confi rm
that the CPS confi guration database has been erased. Continuing to hold the INIT button for a few more seconds will erase the IP address as well. The ONLINE LED will blink faster to confi rm the deletion.
If any portion of FLASH is erased, the CPS reboots when the INIT button is released.
You can also use the Server FLASH command to update the CPS FLASH application or boot program. For more information, see Server FLASH command in Chapter 5.
3
Operations
Contents
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Configuring Serial Port Settings . . . . . . . . . . . . . . . 17
Connecting to Serial Devices . . . . . . . . . . . . . . . . . . 19
Managing User Accounts . . . . . . . . . . . . . . . . . . . . 28
Using Authentication and Encryption . . . . . . . . . . 31
Using Security Lock-out . . . . . . . . . . . . . . . . . . . . . 35
Managing the Port History Buffer . . . . . . . . . . . . . 36
Managing SNMP Structures . . . . . . . . . . . . . . . . . . 39
Chapter 3: Operations 17
Chapter 3: Operations
Overview
The CPS and its ports can be easily configured and managed to meet your requirements for device connection, user authentication, access control, power status monitoring, port history information display and SNMP compliance for use with third-party network management products. Support for SSH (Secure Shell) access via third-party clients is also provided.
Configuring Serial Port Settings
You can configure a CPS port to support one of two types of target devices (TDs): SPC and console.
The SPC power distribution TD provides enhanced security options, including password protection, port-specific access rights and port groupings. For more information, see the SPC Installer/User Guide.
A console TD can be a router, firewall, server or other supported serial device.
By default, CPS ports are configured with the following settings.
Target device Console Name xx-xx-xx Pn (last 3 octets of MAC address plus the port number) Baud rate 9600 Bits per character 8 Parity None Stop bits 1 Flow control None Time-out 15 minutes CLI access character Use Server CLI setting (^D) Power None
Most of these settings are standard serial port operating characteristics.
The CLI access character parameter specifies how you access the CLI. For more information, see CLI mode in this chapter.
The Power parameter instructs the CPS to monitor the state of a specified control signal. The parameter value indicates an inbound control signal (CTS, DCD or DSR) and the state of that signal (low or high). When the defined signal is true, the CPS interprets it as a power on condition for the attached device; when the signal is false, a power off condition for the device is assumed. The signal specified for flow control cannot be used for power control, and vice versa.
18 CPS Installer/User Guide
To confi gure serial console port settings:
Issue a Port Set command. You may specify settings for one or all ports.
PORT [<port>|ALL] SET TD=CONSOLE [NAME=<name>]
[BAUD=<baud>] [SIZE=<size>] [PARITY=<parity>] [STOP=<stop_bits>] [FLOW=<fl ow_ctrl>] [TIMEOUT=<time-out] [SOCKET=<socket>] [CHAR=^<cli_char>] [TOGGLE=NONE|DTR] [POWER=<signal>]
To confi gure SPC ports and settings:
Issue a Port Set command with the TD=SPC parameter.
PORT <port> SET TD=SPC
When a port is configured as an SPC, you cannot change the serial port settings. However, you can use the SPC command to change certain configuration values for the SPC and its 8 or 16 individual sockets.
SPC <port>|ALL [MINLOAD=<amps>] [MAXLOAD=<amps>]
[SOCKET <socket>|ALL] [WAKE=ON|OFF] [ONMIN=<time>] [OFFmin=<time>]
For more information, see Port Set command and SPC Command in Chapter 5.
When you specify TD=SPC, you may configure the SPC and control its individual sockets using DSView. Existing users who already have an SPC and use its native command interfaces should specify TD=Console.
To display serial port settings:
Issue a Show Port command.
SHOW PORT [<port>|ALL|NAMES]
When you request information about a console port, the display includes configuration information, current power status (if power status monitoring has been enabled), plus transmit, receive and error counts. When you request information about a single console port and a user is currently accessing that port, the display also includes the username, access rights and other information about the current session.
When you request information about a single SPC port, the display includes information configured with the SPC command. A Show Port All command will indicate which ports are SPC ports.
When you request information about port names, the display includes the port numbers and names. If a port’s name has not been changed with a Port Set command, the logical name is displayed.
For more information, see Show Port command in Chapter 5.
Chapter 3: Operations 19
Connecting to Serial Devices
The CPS offers several methods for connecting to attached serial devices: Telnet, serial CLI, PPP and SSH.
If a user attempts to connect to a port that is already in use, and if the user attempting to connect has an access level equal to or higher than the currently-connected user, the connecting user will be prompted with the choice of preempting the current user or dropping the connection. For more information, see Access rights and levels in this chapter.
Session time-out
The CPS monitors data traffic when you are connected to an attached serial device. You may specify a time-out value with the Server CLI command. You may also specify a time-out value for each port with the Port Set command. When no data is received from the connected user for the configured number of minutes, the connection is terminated.
The following time-out values are used:
For a Telnet session, the Server CLI time-out value is used.
For a serial port session, if the port’s confi gured time-out value is Ø, the Server CLI time-out value is used, even if it is also Ø.
For a serial port session, if the port’s confi gured time-out value is non-Ø, that value is used.
Preemption
Depending on configured access levels, a user who is connecting to a port (the connecting user) may disconnect another user of equal or lower access (the current user).
If the connecting user’s access level is lower than the current user’s access level, the connecting user will receive an In Use message and the connection will be dropped.
If the connecting user’s access level is equal to or higher than the owning user’s access level, an In Use by owning user message will be displayed. The connecting user may then choose to preempt the current user’s session. If the current user’s session is preempted, an appropriate message is displayed.
For more information about access levels, see Access rights and levels in this chapter.
20 CPS Installer/User Guide
Connecting to devices using Telnet
Each CPS serial port is directly addressable via a unique TCP port number that provides a connection to the attached serial device.
To connect to a device using Telnet:
Type telnet, followed by the CPS IP address and the appropriate TCP port number, which by default is 3000 plus the physical port number, in decimal format. (The TCP port number can be changed for any CPS port.) For example, the following Telnet command connects to the serial device attached to physical port 14 of the CPS.
telnet 192.168.0.5 3014
If an authentication method other than None has been configured for the CPS, you will be prompted for a username and password. Once authentication completes, your connection is confirmed. When you successfully connect to the serial device, you will see a display similar to the following.
Avocent CPS1610 S/W Version 2.1 Username: Myname Password: ****** Authentication Complete Connected to Port: 7 9600,8,N,1,XON/XOFF
If the authentication method is configured as None, you can Telnet and connect to a serial device without entering credentials; however, credentials are always required when connecting to the CPS CLI.
Data entered at the Telnet client is written to the attached serial device. Any data received by the CPS from the serial device is output to your Telnet client.
You may access the CPS and its ports using Avocent-provided or third-party Telnet client applications.
You may connect using either SSH or plain text (not SSL).
DS application software
The Avocent DS software offers an interface to access devices attached to Avocent digital Keyboard, Video and Mouse (KVM) appliances and CPS appliances. The Telnet client built into DSView and DSAdmin uses Windows server-based authentication and a DS authentication server to control access. Third-party Telnet clients may be supported with DS management software, depending on the encryption values configured for the CPS. For more information, see the DSView Installer/User Guide.
Chapter 3: Operations 21
Standalone third-party Telnet clients
You may use third-party Telnet clients to access the CPS directly without DS management software.
Connecting to devices from the serial CLI port
By factory default, port 1 of the CPS is configured with the serial CLI, which prohibits the use of port 1 with an attached serial device. You can configure the CLI on a different port, but only one port may be configured as the serial CLI port at one time. For example, if you attempt to enable the CLI interface on port n, and it is already active on port p, then the CLI will automatically be disabled on port p.
You may connect to one serial device at a time through the serial CLI port using a local terminal or a local PC using a terminal emulation program. If you connect an external modem to the serial CLI port, you can also access devices through a remote terminal or PC that can dial into the CPS external modem. For information about modem connections, see Configuring and using dial-in connections in this chapter and Server CLI command in Chapter 5.
To confi gure a port for the serial CLI:
1. Issue a Server CLI command, using the Port parameter to specify the CLI port and the Type parameter to specify the terminal type.
SERVER CLI PORT=<port> TYPE=<type>
2. To disable the CLI that was previously confi gured on a port, issue a Server CLI command, indicating Type=Off.
For more information, see Server CLI command in Chapter 5.
To display CLI port information:
Issue a Show Server CLI command.
SHOW SERVER CLI
The display includes the CLI port number and terminal type, plus the CLI access character. For more information, see Show Server CLI command in Chapter 5.
To connect to a device from the serial CLI port:
1. Issue a Server CLI command, using the Connect parameter to enable the use of the Connect command from the serial CLI port.
SERVER CLI CONNECT=ON
2. Issue a Connect command to the desired port.
CONNECT <port>
22 CPS Installer/User Guide
3. To end a device session that was initiated with a Connect command, issue a Disconnect command.
DISCONNECT
For more information, see Server CLI command, Connect Command and Disconnect Command in Chapter 5.
Connecting to devices using PPP
The CPS supports remote PPP access using an auto-answer modem that answers calls and establishes the PPP protocol with a dial-in client.
The PPP dial-in can be used to access a remote CPS that does not warrant a WAN (Wide Area Network) link to the Ethernet interface. In this case, the PPP connection allows a remote PC with Telnet capability to dial the CPS and then establish a Telnet connection to a CPS port.
The PPP dial-in can also be used to access a subnet containing remote CPS devices in the event of a WAN link failure. In this case, the PPP provides an alternate path to one or more remote CPS devices.
Once the PPP connection is established, you must launch an application that connects to the CPS or to one of its ports. The PPP connection is only a communications interface to the CPS.
The CPS implements a PPP server that uses CHAP (Challenge Authentication Protocol). Passwords are not accepted in the clear on PPP connections.
To enable or disable a PPP server on the serial CLI port:
1. To enable a PPP server on the serial CLI port, issue a Show Server CLI command to ensure that a serial CLI port has been defi ned.
SHOW SERVER CLI
2. Issue a Server PPP command with the Enable parameter.
SERVER PPP ENABLE LOCALIP=<local_ip> REMOTEIP=<rem_ip>
[MASK=<subnet>]
You must specify local and remote IP addresses to be used for the CPS
and client ends of the PPP connection respectively. You are prompted to confi rm or cancel the changes. Enter Y to confi rm or N to cancel.
3. To disable a PPP server, issue a Server PPP command with the Disable parameter.
SERVER PPP DISABLE
Chapter 3: Operations 23
For more information, see Show Server CLI command and Server PPP command in Chapter 5.
To display PPP confi guration information:
Issue a Show Server PPP command.
SHOW SERVER PPP
For more information, see Show Server PPP command in Chapter 5.
Configuring and using dial-in connections
You can attach an external modem to the CPS serial CLI port for dial-in serial CLI access to the CPS. This may be used as a backup connection if the CPS is not accessible from the network. It may also be used as a primary connection at remote sites that do not have Ethernet network capability. The modem must be Hayes compatible.
To specify a modem initialization string:
1. Issue a Show Server CLI command to ensure that the port where the modem is connected has been defi ned as the serial CLI port.
SHOW SERVER CLI
2. Issue a Server CLI command, using the Modeminit parameter to specify the modem initialization string.
SERVER CLI MODEMINIT=“<string>”
The string must be enclosed in quotes and must include at least the
command settings ATV1 and SO=1, which cause the modem to issue verbose response strings and auto-answer the phone on the fi rst ring. For more information, see Server CLI command in Chapter 5.
The modem initialization string is sent to the cabled modem when any of
the following conditions occur:
• CPS initialization
Detection of a transition of DSR from low to high
Completion of a call when DCD changes from high to low
3. Upon successful modem connection, press the Enter key until the login prompt appears.
To display modem confi guration information:
Issue a Show Server CLI command.
SHOW SERVER CLI
For more information, see Show Server CLI command in Chapter 5.
24 CPS Installer/User Guide
Connecting to devices using SSH
The CPS supports version 2 of the SSH (Secure Shell) protocol (SSH2). The CPS SSH server operates on the standard SSH port 22. The shell for this connection provides a CLI prompt as if you had established a Telnet connection on port
23. The shell request for this connection is for CLI access.
Additional CPS SSH servers operate on TCP ports that are numbered with values 100 greater than the standard 30xx Telnet ports for the CPS. For example, if port 7 is configured for Telnet access on port 3007, then port 3107 will be a direct SSH connection for port 7. When SSH is enabled, connecting to Telnet port 23 can be tunneled via a connection to SSH port 22.
Telnet, DSView and SSH clients may authenticate using a specified DS authentication server.
SSH server keys
When SSH is enabled for the first time, the CPS generates an SSH server key. The key generation process may take up to ten minutes. The key is computed at random and is stored in the CPS configuration database.
In most cases, the SSH server key should not be modified because most SSH clients will associate the key with the IP address of the CPS. During the first connection to a new SSH server, the client will display the SSH server key and ask if you want to store it on the SSH client. After the first connection, most SSH clients will validate the key when connecting to the CPS. This provides an extra layer of security because the SSH client can verify the key sent by the server each time it connects.
If you disable SSH and later reenable it, you may either use the existing server key or compute a new one. If you are reenabling the same server at the same IP address, it is recommended that you use the existing key, as SSH clients may be using it for verification. If you are moving the CPS to another location and changing the IP address, you may want to generate a new SSH server key.
Authenticating an SSH user
SSH is enabled and disabled with the Server SSH command. When you enable SSH, you may specify the authentication method(s) that will be used for SSH connections. The method may be a password, an SSH key or both. A user’s password and SSH key are specified with a User Add or User Set command. All SSH keys must be RSA keys. DSA keys are not supported.
The following table lists and describes the valid SSH authentication methods that can be specified with a Server SSH command.
Loading...
+ 68 hidden pages