Avocent Cyclades ACS, Cyclades ACS8 Installation/administration/user Manual
Installation/Administration/User Guide
Cyclades® AC S
FCC Warning Statement
The Cyclades ACS advanced console server has been tested and found to comply with the limits for
Class A digital devices, pursuant to Part 15 of the FCC rules. These limits are designed to provide
reasonable protection against harmful interference when the equipment is operated in a commercial
environment.
This equipment generates, uses and can radiate radio frequency energy and, if not installed and
used in accordance with the Installation and Service Manual, may cause harmful interference to radio
communications.
Operation of this equipment in a residential area is likely to cause harmful interference in which case the
user is required to correct the problem at his or her own expense.
Notice about FCC Compliance for All Cyclades ACS Advanced Console
Server Models
To comply with FCC standards, the Cyclades ACS advanced console server requires the use of a
shielded CAT 5 cable for all interface ports. Notice that this cable is not supplied with either of the
products and must be provided by the customer.
Canadian DOC Notice
The Cyclades ACS advanced console server does not exceed the Class A limits for radio noise
emissions from digital apparatus set out in the Radio Interference Regulations of the Canadian
Department of Communications.
L’Cyclades ACS advanced console server n’émete pas de bruits radioélectriques dépassant les limites
applicables aux appareils numériques de la classe A prescrites dans le règlement sur le brouillage
radioélectrique edicté par le Ministère des Communications du Canada.
Safety and EMC Approvals and Markings
FCC Part 15 A, ICES-003, C-Tick, VCCI Class A, BSMI Class A, MIC Class A, CE (EN55022 Class A,
EN55024, EN60950-1), GS, CB, CSA/UL 60950-1, Solaris Ready™, NEBS for ACS 16 NEBS and
ACS 32 NEBS with single or dual DC power supplies
Cyclades® ACS Advanced
Console Server
Installation/Administration/User
Guide
Avocent, the Avocent logo, The Power of Bein g There, DSView and
Cyclades are registered trademarks of Avocent C orporation or its
affiliates in th e U.S. and other count rie s. All ot her mar ks are th e pr opert y
of their respective owners.
© 2008 Avocent Corporation. All rights reser ved. 590-660-501D
Instructions
This symbol is intended to alert the user to the presence of important operating and maintenance
(servicing) instructions in the literature accompanying the appliance.
Dangerous Voltage
This symbol is intended to alert the user to the presence of uninsulated dangerous voltage within the
product’s enclosure that may be of sufficient magnitude to constitute a risk of electric shock to persons.
Power On
This symbol indicates the principal on/off switch is in the on position.
Power Off
This symbol indicates the principa l on/off switch is in the off position.
Protective Grounding Terminal
This symbol indicates a terminal which must be connected to earth ground prior to making any other
connections to the equipment.
TABLE OF CONTENTS
Table of Contents
List of Tables..................................................................................................................vii
List of Figures .................................................................................................................xi
Chapter 1: Introduction .......... ...... ....... ...... ....... ...... ....... ...... ...... ....... ...... ....... ...... ....... ..... 1
Overview............................................................................................................................................1
Connectors on the ACS Console Server ............................................................................................1
Accessing the ACS Console Server and Connected Devices.............................................................2
Web Manager.....................................................................................................................................2
Prerequisites for Using the Web Manager........................................................................................3
Types of Users....................................................................................................................................3
Security ..............................................................................................................................................3
Authentication....................................................................................................................................4
IPv6....................................................................................................................................................5
Services not supporting IPv6......................................................................................................5
VPN....................................................................................................................................................5
Packet Filtering .................................................................................................................................6
Structure of IP filtering...............................................................................................................6
Add rule and edit rule options....................................................................................................7
SNMP.................................................................................................................................................8
Notifications, Alarms and Data Buffering.........................................................................................8
Syslog servers.............................................................................................................................8
iii
Managing Users of Connected Devices.............................................................................................9
Configuring access to connected devices...................................................................................9
ACS Console Server and Power Management ..................................................................................9
Configuring power management..............................................................................................11
Options for managing power.......................................... ..........................................................11
Hostname Discovery.................................................. ...... ...... ..........................................................12
Chapter 2: Installation ............................... ....... ...... ....... ...... ...... ....... ...... ....... ...... ....... ... 13
Important Pre-installation Requirements........................................................................................13
Basic Installation Procedures..........................................................................................................13
Making an Ethernet connection................................................................................................14
iv Cyclades ACS Advanced Console Server Installati on/Administration/User Guide
Making a direct connection to configure the network parameters...........................................14
Powering up the console server and the connected devices.....................................................15
Performing basic network configuration using the wiz command ...........................................16
Adding users and configuring ports using the Web Manager..................................................20
Other Methods of Accessing the Web Manager...............................................................................20
Installing PC Cards.........................................................................................................................21
Connecting Cyclades PM IPDUs ....................................................................................................21
Chapter 3: Web Manager for Regular Users................................................................ 23
Using the Web Manager..................................................................................................................23
Features of Regular User Forms.....................................................................................................24
Connect............................................................................................................................................24
Connect to the console server...................................................................................................25
Connect to serial ports .............................................................................................................25
Connection protocols for serial ports.......................................................................................26
IPDU Power Management...............................................................................................................27
Outlets Manager.......................................................................................................................27
Outlets Group Ctrl....................................................................................................................28
View IPDU info.........................................................................................................................28
Security ............................................................................................................................................30
Chapter 4: Web Manager for Administrators............................................................... 31
Common Tasks for ACS Console Server Administrators.................................................................31
Common Features of Administrator Forms.....................................................................................32
Logging Into the Web Manager.......................................................................................................33
Overview of Administrative Modes ..................................................................................................34
Wizard mode.............................................................................................................................34
Expert mode..............................................................................................................................35
Chapter 5: Configuring the ACS Console Server in Wizard Mode ............................ 37
Step 1: Security Profile....................................................................................................................37
Step 2: Network Settings..................................................................................................................41
Step 3: Port Profile..........................................................................................................................43
Step 4: Access ..................................................................................................................................44
Step 5: Data Buffering.....................................................................................................................47
Table of Contents v
Step 6: System Log...........................................................................................................................50
Chapter 6: Applications............................. ....... ...... ....... ...... ....................................... ... 5 3
Configuring the Console Server in Expert Mode.............................................................................53
Overview of menus and forms...................................................................................................53
Applications Menu and Forms.........................................................................................................55
Connect.....................................................................................................................................55
IPDU Power Management .......................................................................................................56
Applications - IPDU Power Mgmt. - Outlets Group Ctrl.........................................................59
Applications - IPDU Power Mgmt. - View IPDUs Info............................................................60
Applications - IPDU Power Mgmt. - Configuration ................................................................62
Applications - IPDU Power Mgmt. - Software Upgrade..........................................................64
Expert - Applications - PMD Configuration....................................................................................65
Applications - PMD Configuration- General...........................................................................65
Applications - PMD Configuration- Outlet Groups.................................................................66
Applications - PMD Configuration- Users Management.........................................................67
Expert - Applications - Terminal Profile Menu...............................................................................70
Chapter 7: Network Menu and Forms .......................................................................... 73
Host Settings ....................................................................................................................................74
General host settings ................................................................................................................74
Disabling and enabling IPv4 or IPv6 protocols.......................................................................75
IPv4 settings..............................................................................................................................76
IPv6 settings..............................................................................................................................77
Syslog...............................................................................................................................................81
PCMCIA Management.....................................................................................................................82
VPN Connections.............................................................................................................................91
SNMP...............................................................................................................................................95
Firewall Configuration....................................................................................................................99
Host Table ......................................................................................................................................108
Static Routes ......................................................... ..... ...... ..............................................................109
Chapter 8: Security Menu and Forms ................................ ...... ....... ...... ....... ...... ....... . 11 3
Users and Groups..........................................................................................................................113
Active Ports Sessions.....................................................................................................................116
Authentication................................................................................................................................117
vi Cyclades ACS Advanced Console Server Inst allation/Administration/User Gui de
Configuring authentication for console server logins............................................................117
Security Profiles.............................................................................................................................124
Security certificates ................................................................................................................128
Chapter 9: Ports Menu and Forms ............................................................................. 131
Physical Ports....................................................... ..... ....................................................................131
Virtual Ports ..................................................................................................................................152
Ports Status....................................................................................................................................155
Ports Statistics ...............................................................................................................................156
Expert - Ports - Hostname Discovery............................................................................................157
Chapter 10: Administration Menu and Forms ........................................................... 159
System Information........................................................................................................................159
Notifications...................................................................................................................................160
Time/Date.......................................................................................................................................164
Boot Configuration........................................................................................................................166
Backup Configuration................................................ ....................................................................168
Upgrade Firmware........................................................................................................................170
Reboot............................................................................................................................................171
Online Help....................................................................................................................................171
Appendices................................................................................................................... 175
Appendix A: Technical Specifications...........................................................................................175
Appendix B: Safety, Regulatory and Compliance Information......................................................176
Appendix C: Technical Support.....................................................................................................184
Index.............................................................................................................................. 185
LIST OF TABLES
List of Tables
Table 1.1: ACS Console Server Connectors......................................................................................2
Table 1.2: Authentication Methods Supported...................... ..... .......................................................4
Table 1.3: Add Rule and Edit Rule Option Definitions.....................................................................7
Table 1.4: TCP Protocol Option Definitions.....................................................................................7
Table 1.5: Common Administrator Tasks for Configuring Software.................................................9
Table 2.1: ACS Console Server Serial Port Pin-out........................................................................15
Table 2.2: Tasks Related to Connecting Cyclades IPDUs ..............................................................22
Table 3.1: Description of Regular User Web Interface...................................................................24
Table 3.2: Java Applet Buttons for Connecting to the Console Server...........................................25
Table 3.3: Available Serial Port Protocols .....................................................................................26
vii
Table 3.4: Regular User - Outlet Management Buttons..................................................................27
Table 3.5: Power Management Display Information by Configured Port......................................29
Table 4.1: Administrator - Common Administrative Tasks .............................................................31
Table 4.2: Description of Administrator Web Manager Buttons.....................................................32
Table 4.3: Administrator - Options for Trying, Saving and Restoring Configuration Change.......33
Table 4.4: Administrator - Logout Button and Other Information in the Upper Right...................33
Table 5.1: Wizard - Serial Port Enabled Services for Each Security Profile..................................38
Table 5.2: Wizard - Serial Port Enabled Services for Each Security Profile..................................38
Table 5.3: Wizard - Enabled Protocols for Each Security Profile..................................................38
Table 5.4: Port Profile Setup Options.............................................................................................43
Table 5.5: Wizard - Add User Dialog: Field Names and Definitions .............................................46
Table 5.6: Wizard - Data Buffering Field Names and Definitions..................................................49
Table 5.7: Differences Beween Remote and Local Data Buffering.................................................49
Table 6.1: Expert Mode Screen Elements........................................................................................54
Table 6.2: Expert - Outlets Manager Icons Description .................................................................58
Table 6.3: Expert - Outlet Groups Ctrl Information .......................................................................60
viii Cyclades ACS Advanced Console Server Installation/Administration/User Guide
Table 6.4: Expert - Applications - Ipdu Power Mgmt - View IPDUs Info Description...................61
Table 6.5: IPDU Power Mgmt Configuration Description .............................................................63
Table 6.6: Conventions Used in Specifying Outlets for User Accessibility.....................................68
Table 6.7: Outlet Designations on Daisy-chained IPDUs (PM10 shown)......................................69
Table 6.8: Methods for Specifying a Specific Port on Daisy-chained IPDUs.................................70
Table 7.1: Expert - Network Menu Descriptions.............................................................................73
Table 7.2: Network - Host Settings General Tab Form Field .........................................................74
Table 7.3: Network - Host Setting - IPv4 Field Defintions .............................................................77
Table 7.4: Network - Host Setting - IPv6 Field Defintions .............................................................78
Table 7.5: Modem Dialog Box Fields..............................................................................................84
Table 7.6: ISDN Dialog Box Fields................................................................................................. 85
Table 7.7: GSM Dialog Box Fields .................................................................................................86
Table 7.8: Ethernet Dialog Box Fields............................................................................................87
Table 7.9: CompactFlash / Hard Drive Dialog Box Fields ............................................................88
Table 7.10: Wireless LAN Dialog Box Fields..................................................................................89
Table 7.11: CDMA Dialog Box Fields............................................................................................90
Table 7.12: Field and Menu Options for Configuring a VPN Connection......................................93
Table 7.13: Expert - Fields and Menu Options for SNMP Configuration ......................................97
Table 7.14: Expert - TCP Options Fields......................................................................................103
Table 7.15: UDP Options..............................................................................................................103
Table 7.16: Expert - Firewall Configuration Input/Output Interface and Fragments Fields.......104
Table 7.17: Expert - Target LOG Options Selection Fields..........................................................105
Table 7.18: Reply Packet Names and Definitions......................................................................... 106
Table 7.19: Routing Type Fields in the New/Modify Route Dialog Box .......................................110
Table 8.1: Expert - Add User Dialog Field Names and Definitions..............................................114
Table 8.2: Expert - Active Ports Sessions Information..................................................................116
Table 8.3: Tasks for Setting up Authentication Servers.................................................................118
Table 8.4: Enabled Services to Access the Console Server Under Each Security Profile ...........125
List of Tables ix
Table 8.5: Enabled Services to Access the Serial Ports Under Each Security Profile..................125
Table 8.6: Enabled Protocols for Each Security Profile Shown with a Check Mark....................126
Table 9.1: Connections Protocols When Serial Port is Connected to Device Console Port ........133
Table 9.2: Available Connection Protocols When Terminal is Connected to a Serial Port .........134
Table 9.3: Connection Protocols for Modems or IPDUs..............................................................135
Table 9.4: Access Form Menu and Fields............................. ..... ...... .............................................139
Table 9.5: Expert - Authentication Methods and Fallback Mechanisms ......................................140
Table 9.6: List of Authentication Method Procedures...................................................................141
Table 9.7: Data Buffering Form Fields.........................................................................................143
Table 9.8: Expert - Multi User Form Fields..................................................................................145
Table 9.9: Available Options from the Allow Multiple Sessions Pull-down .................................145
Table 9.10: Expert - Power Management Form Fields.................................................................147
Table 9.11: Other Form Fields......................................................................................................149
Table 9.12: New/Modify Port Dialog Box Fields..........................................................................153
Table 9.13: Expert - Port Status Read-Only Form........................................................................156
Table 9.14: Expert - Ports-Port Status Read-Only Form..............................................................156
Table 9.15: Expert - Ports - Hostname Discovery Fields..............................................................157
Table 10.1: System Information Form...........................................................................................159
Table 10.2: Notifications Form Fields ..........................................................................................160
Table 10.3: Email Notifications Dialog Box Fields ......................................................................161
Table 10.4: Pager Notification Add/Edit Dialog Box Fields.........................................................162
Table 10.5: SNMP Trap Notifications Add/Edit Dialog Box Fields..............................................163
Table 10.6: Boot Configuration Form Fields................................................................................167
Table 10.7: Backup Configuration Settings if Using FTP Server .................................................168
Table 10.8: Backup Configuration if Using Storage Device.........................................................169
Table 10.9: Expert - Upgrade Firmware Form Fields..................................................................170
Table A.1: ACS Console Server Product Specifications................................................................175
x Cyclades ACS Advanced Console Server Installation/ Admi nistration/User Guide
LIST OF FIGURES
List of Figures
Figure 1.1: Front of the ACS Console Server ................................................................................1
Figure 1.2: ACS Console Server Connectors .................................................................................1
Figure 2.1: Placement of Mounting Brackets (Forw ard Mounting Conf igur ation Sho wn)......... 13
Figure 2.2: Configuration Wizard Screen....................................................................................17
Figure 2.3: Current Configuration Wizard Screen for Option 0 (IPv4 Enabled)........................18
Figure 3.1: Regular User Form....................................................................................................24
Figure 3.2: Regular User - IPDU Power Mgmt. Form................................................................27
Figure 3.3: Regular User - IPDU Power Mgmt. - Outlet Groups Ctrl ........................................28
Figure 3.4: Regular User - View IPDUs Info...............................................................................29
Figure 4.1: Administrator - Web Manager Buttons .....................................................................32
Figure 4.2: Example of Web Manager Form in Wizard Mode.....................................................35
Figure 4.3: Example of Web Manager Form in Expert Mode...................................................... 36
Figure 5.1: Administrator - Physical Ports Factory Settings.......................................................39
Figure 5.2: Wizard - Step 1: Security Profile Form.....................................................................40
Figure 5.3: Custom Security Profile Dialog Box .........................................................................41
Figure 5.4: Wizard - Step 2: Network Settings - DHCP Disabled ............................................... 42
Figure 5.5: Wizard - Step 2: Network Settings - DHCP Enabled ................................................42
Figure 5.6: Wizard - Step 3: Port Profile.....................................................................................43
Figure 5.7: Wizard - Step 4: Access.............................................................................................45
Figure 5.8: Wizard - Step 4: Access Add User Dialog Box..........................................................45
xi
Figure 5.9: Wizard - Step 4: Change Password Dialog Box........................................................46
Figure 5.10: Wizard - Step 5: Data Buffering [Local].................................................................48
Figure 5.11: Wizard - Step 5: Data Buffering [Remote]..............................................................48
Figure 5.12: Wizard - Step 6: System Log....................................................................................50
Figure 6.1: Expert Mode Screen Elements...................................................................................54
Figure 6.2: Expert - SSH session Java Applet..............................................................................55
Figure 6.3: Expert - Applications - IPDU Power Mgmt. - Outlets Manager...............................57
Figure 6.4: Expert - Applications - IPDU Power Mgmt. - Outlets Manager - Show Outlets......58
Figure 6.5: Expert - Applications - IPDU Power Mgmt - Outlet Groups Ctrl.............................60
Figure 6.6: IPDU Power Mgmt. - View IPDUs Info....................................................................61
Figure 6.7: Expert - Applications - IPDU Power Mgmt. - Configuration ...................................63
xii Cyclades ACS Advanced Console Server Installation/Admin istratio n/Use r Guide
Figure 6.8: Applications - PMD Configuration ...........................................................................65
Figure 6.9: PMD Configuration - Outlet Groups .........................................................................66
Figure 6.10: PMD Configuration - Users Management ..............................................................67
Figure 6.11: Various Outlet Designations on Daisy-chained IPDUs..........................................69
Figure 6.12: Expert - Applications - Terminal Profile Menu.......................................................70
Figure 6.13: Expert - Terminal Profile Menu Example ..............................................................71
Figure 7.1: Expert - Network - Host Settings ............................................................................... 74
Figure 7.2: Expert - Network - Host Settings - IPv4 (DHCP disabled).......................................76
Figure 7.3: Expert - Network - Host Settings - IPv6 ....................................................................77
Figure 7.4: Expert - Network - Syslog..........................................................................................81
Figure 7.5: Expert - Network - PCMCIA Management................................................................82
Figure 7.6: PC Card Type by Slot ................................................................................................83
Figure 7.7: Expert - CompactFlash/Hard Disk PC Card Configuration Dialog Box ................88
Figure 7.8: Expert - Wireless LAN PC Card Configuration Dialog Box.................................... 89
Figure 7.9: Expert - VPN New/Modify Connection Dialog Box .................................. ...... ..........92
Figure 7.10: Security Custom Profile Dialog...............................................................................94
Figure 7.11: Expert - Network - SNMP.......................................................................................96
Figure 7.12: Expert - New/Mod SNMP v1 v2 Configuration Dialog Box...................................97
Figure 7.13: Expert - New/Mod SNMP v3 Configuration Dialog Box ........................................98
Figure 7.14: Expert - Network - Firewall Configuration.............................................................99
Figure 7.15: Expert - Firewall Configuration Edit Chain Dialog Box.....................................100
Figure 7.16: Firewall Configuration User-defined Chain Message..........................................100
Figure 7.17: Expert - Firewall Configuration Add Chain Dialog Box......................................100
Figure 7.18: Firewall Configuration Edit Rules for chain_name Form...................................101
Figure 7.19: Firewall Configuration Edit Rules for chain_name Buttons.................................101
Figure 7.20: Expert - Firewall Configuration Add Rule and Edit Rule Dialog Boxes ..............101
Figure 7.21: Firewall Configuration TCP Protocol Fields and Menu Options.........................102
Figure 7.22: Firewall Configuration Add Rule and Edit Rule UDP Protocol Fields................103
Figure 7.23: Input/Output Interface Fields and Fragments Menu Options...............................104
Figure 7.24: Firewall Configuration Add Rule and Edit Rule LOG Target Fields ...................105
Figure 7.25: Firewall Configuration Add Rule and Edit Rule REJECT Target Menu Options.105
Figure 7.26: Edit Chain Dialog Box ..........................................................................................107
Figure 7.27: Expert - Network - Host Tables ............................................................................108
Figure 7.28: Expert - Network - Static Routes ..........................................................................109
Figure 7.29: Expert - Static Routes Add and Edit Dialog Boxes - Default Route.....................109
List of Figures xiii
Figure 7.30: Expert - Static Routes Add and Edit Dialog Boxes - Network Route...................110
Figure 7.31: Expert - Static Routes Add and Edit Dialog Boxes - Host Route.........................110
Figure 8.1: Expert - Security - Users and Groups Form............................................................113
Figure 8.2: Expert - Security - Active Ports Sessions.................................................................116
Figure 8.3: Expert - Security - Authentication ...........................................................................117
Figure 8.4: Expert - Security - Authentication - LDAP..............................................................121
Figure 8.5: Expert - Administration - Time/Date......................................................................123
Figure 8.6: Expert - Security - Authentication - Kerberos.........................................................123
Figure 8.7: Expert - Security - Authentication - NIS..................................................................124
Figure 8.8: Expert - Security - Security Profile.........................................................................124
Figure 8.9: Expert - Physical Ports Default Factory Settings ..................................................127
Figure 8.10: Serial Ports Protocol Incompatibility Dialog Box................................................127
Figure 8.11: Custom Security Profile Dialog Box ....................................................................128
Figure 9.1: Ports - Physical Ports..............................................................................................131
Figure 9.2: Ports - Physical Ports - General Form ...................................................................132
Figure 9.3: Ports - Physical Ports - Data Buffering Enabled....................................................142
Figure 9.4: Ports - Physical Ports - Power Management, Enable IPMI Checked.....................146
Figure 9.5: Ports - Physical Ports - Power Management-Allow All Users ...............................149
Figure 9.6: Ports - Physical Ports -Power Management -Allow Users and Groups.................149
Figure 9.7: Ports - Virtual Ports................................................................................................ 152
Figure 9.8: Ports - Virtual Ports - New/Modify Port Dialog Box..............................................153
Figure 9.9: Ports - Virtual Ports - New/Modify Port Dialog Box..............................................154
Figure 9.10: Ports - Virtual Ports - New/Modify - Port Names Dialog box..............................155
Figure 9.11: Ports - Ports Status (Read-Only)...........................................................................155
Figure 9.12: Ports - Port Statistics (Read-Only)........................................................................156
Figure 10.1: Expert - Administration - Time/Date.................................................................... 164
Figure 10.2: Expert - Administration - Time and Date - NTP Enable......................................165
Figure 10.3: Expert - Administration - Time/Date - Edit Custom.............................................. 166
Figure 10.4: Expert - Administration - Online Help ..................................................................172
xiv Cyclades ACS Advanced Console Server Installation/Administration/User Guide
CHAPTER
3
4
1
2
1
Overview
Each model in the Cyclades® ACS advanced console server family is a 1U appliance serving as a
single access point for accessing and admini stering server s and o ther devices , supporting both IPv 4
and IPv6 protocols. The following figure shows the front of the console server.
1
Introduction
.
Figure 1.1: Front of the ACS Conso le Ser v e r
Connectors on the ACS Console Server
The following figure depicts the connectors on the back of a typical ACS console server.
Figure 1.2: ACS Console Server Connectors
2 Cyclades ACS Advanced Console Server Installation/ Admi nistration/User Guide
NOTE: The number of serial ports and power supplies depends on the model.
Tab le 1.1: ACS Console Server Connectors
Number Description
1 Power connection. This may be single or dual power. Dual power requires two power cords.
2 Serial port connectors.
3 Ethernet port connectors.
4 Console port connectors.
Accessing the ACS Console Server and Connected Devices
You can access a console server and the connected servers or devices either locally or remotely
using any of the following methods.
• Web Manager through LAN/WAN IP networks.
• A modem, ISDN, GSM or CDMA optional PCMCIA card.
• Using the Web Manager , you can l og in an d la unch a consol e ses s ion s uch as Telnet or SSH to
connect to the devices attached to the console server’s serial ports.
• Connecting a server runnin g a terminal emu lation program enables an administrator to log into
the console server and either enter commands in the console server shell or use the Command
Line Interface (CLI) tool.
NOTE: Only one root or admin user can have an active CLI or Web Manager session. A second root or admin
user must abort the session or close the other user’s session.
CAUTION: If there are cron jobs running through automated scripts, a root or admin user login can cause the
automated cron jobs to fail.
Web Manager
ACS console server administrators perform most tasks through the Web Manager either locally or
from a remote location. The Web Manager runs in a browser and provides a real-time view of all
equipment connected to the console server.
The administrator can use the Web Manager to configure users and ports. An authorized user can
access connected devices through the Web Manager to troubleshoot, maintain, cycle power and
reboot connected devices.
Access the Web Manager using one of the following ways:
• The IP Net work.
• A dial-in or callback connection with one of the following:
• An optional external modem connected to one of the serial ports.
• A modem on an optional PCMCIA modem card.
• An optional CDMA, GSM or ISDN card.
Prerequisites for Using the Web Manager
The following conditions must be met prior to accessing the Web Manager.
• Basic network parameters must be defined on the console server so the Web Manager can be
launched over the network.
• The dynamically-assigned IP address of the console server must be known. This address is
found in one of the following three ways:
• Make an inquiry to the DHCP server on the subnet that the console server resides, using
the MAC address.
• Connect to the console server remotely using Telnet or SSH and use the
ifconfig command.
• Connect directly to the console server and use the ifconfig command through a terminal
emulator application.
• A Web Manager user account must be defined. The admin has an account by default, and can
add regular user accounts to grant access to the connected servers or devices using the
Web Manager.
Chapter 1: Introduction 3
Types of Users
The ACS console server supports the following user account types:
• The root user who can manage the console server and its connected devices. The root user
performs the initial network configuration. Access privileges are full read/write and
management.
NOTE: It is strongly recommended that you change the default password tslinux before setting up the console
server for secure access to the connected servers or devices.
• Users who are in an Admin group with administrative privileg e s.
• Regular users who can access the connected devices through the serial ports they are
authorized for. Regular users have limited access to the Web Manager features.
Security
The Cyclades ACS advanced console server includes a set of security profiles that consis ts of
predefined parameters to control access to the console server and its serial ports. This feature
provides more control over the services that are active at any one time. As an additional security
measure, all serial ports are disabled by default, allowing the administrator to enable and assign
individual ports to use rs.
4 Cyclades ACS Advanced Console Server Installation/ Admi nistration/User Guide
NOTE: The Default security profile parameters are the same as the Moderate profile.
Authentication
The ACS console server supports a number of authentication methods to assist the administrator
with user management. Authentication can be performed locally or with a remote server, such as
RADIUS, TACACS+, LDAP or Kerberos. An authentication security fallback mechanism is also
employed should the negotiation process with the authentication server fail. In such sit uation s, th e
console server follows an alternate defined rule when the authentication server cannot authenticate
the user.
The following table lists the supported authentication methods.
Table 1.2: Authentication Methods Supported
Authentication Type Definition
None No authentication.
DSView Authentication is performed with a DSView
DSView/Local DSView management software authentication is tried first, then Local.
DSViewDownLocal Local authentication is performed only if the DSView 3 server is down.
Kerberos Authentication is performed using a Kerberos server.
Kerberos/Local Kerberos authentication is tried first, switching to Local if unsuccessful.
KerberosDownLocal Local authentication is performed only when the Kerberos server is down.
LDAP Authentication is performed against an LDAP database using an LDAP server.
LDAP/Local LDAP authentication is tried first, switching to Local if unsuccessful.
LDAPDownLocal Local authentication is performed only when the LDAP server is down.
Local Authentication is performed locally. For example using the /etc/passwd file.
Local/Radius Authentication is performed locally first, switching to Radius if unsuccessful.
Local/TACACS+ Authentication is performed locally first, switching to TACACS+ if unsuccessful.
Local/NIS Authentication is performed locally first, switching to NIS if unsuccessful.
NIS NIS authentication is performed.
NIS/Local NIS authentication is tried first, switching to Local if unsuccessful.
®
3 server.
NISDownLocal Local authentication is performed only when the NIS server is down.
OTP Uses the one time password (OTP) authentication method.
IPv6
Chapter 1: Introduction 5
Table 1.2: Authentication Methods Supported (Continued)
Authentication Type Definition
OTP/Local Uses the local password if the OTP password fails.
Radius Authentication is performed using a Radius authentication server.
Radius/Local Radius authentication is tried first, switching to Local if unsuccessful.
RadiusDownLocal Local authentication is performed only when the Radius server is down.
TACACS+ Authentication is performed using a TACACS+ authentication server.
TACACS+/Local TACACS+ authentication is tried first, switching to Local if unsuccessful.
TACACS+DownLocal Local authentication is tried only when the TACACS+ server is down.
The ACS console server is compliant with IPv4, IPv6 and dual stack protocols so that you can
enable IPv4 only, IPv6 only or both protocols, with support for dial-up connections and primary
network connections. You can confi gure the ap pliance t o obtain its I Pv6 network parameters from a
DHCPv6 server, by stat ic conf ig urati on (IP address, prefix length and default g a teway ) or stateless
auto-configuration. You can ad d an appliance to th e local network using either its IPv6 addres s or a
DNS name.
Services not supporting IPv6
The following services do not support IPv6:
• NIS authentication
• NFS data logging
• ISDN PC card dial-up
• Virtual ports
VPN
The console server administrator can set up VPN connections to establish an encrypted
communication between the console server and a ho st on a remote n etwork. The encry ption creates
a security tunnel for dedicated communications.
You can use the VPN features on the console server to create a secure connection between the
console server every machine on the subnet at the remote location or between the console server
and a single remote host.
To set up a security gateway, install IPSec on any machine performing networking over IP,
including routers, firewall machines, application servers and end-user machines.
6 Cyclades ACS Advanced Console Server Installation/ Admi nistration/User Guide
The ESP and AH authentication protocols are supported. RSA Public Keys and Shared Secret are
supported.
For detailed information and procedures to configure a VPN connection, see VPN Connections on
page 91.
Packet Filtering
The administrator can configure the device to f ilter packets like a fir ewall. IP f iltering is contr olled
by chains and rules.
Structure of IP filtering
The Firewall Configuration form in the Web Manager is structured on two levels:
• The view table of the Firewall Configuration form containing a list of chains.
• The chains which contain the rules controlling filtering.
Chain
A chain is a named profile that includes one or more rules defining either a set of characteristics to
look for in a packet or what to do with any packet having all the defined characteristics.
The console server filter table contains a number of built-in chains, each referenced according to
the packet type they handle. As defined in the rules for the default chains, all in put and output
packets and packets being forwarded are accepted.
Rule
Each chain can have one or more rules that define either the packet characteristics being filtered or
what to do when the packet matches the rule.
Each filtered packet characteristic is compared against the rules. All defined characteristics must
match. If no rules are found then the default action for that chain is applied.
Administrators can:
• Add a new chain and specify rules for that chain
• Add new rules to existing chains
• Edit a built-in chain or delete the built-in chain rules
Add rule and edit rule options
When you add or edit a rule, you can define any of the options described in the following table.
Table 1.3: Add Rule and Edit Rule Option Definitions
Filter Options Description
Chapter 1: Introduction 7
Source IP and Mask
Destination IP and Mask
Protocol Select protocol options for filtering from ALL, Numeric, TCP, UDP, ESP (IPv6 only)
Input Interface The input interface (ethN) used by the incoming packet.
Output Interface The output interface (ethN) used by the outgoing packet.
With source IP, incoming packets are filtered for the specified IP address. With
destination IP, outgoing packets are filtered.
If you fill in a source or destination mask, all packets are filtered for IP addresses
from the subnetwork in the specified netmask.
NOTE: For IPv6, only one field is available: <IP Address>/<Prefix>.
ICMP (IPv4 only) and ICMPv6 (IPv6 only).
Flag any of the above elements with Inverted to perform target action on packet s not mat chi ng any
criteria specified in that line. For example, if you select DROP as the target action, specify Inverted
for a source IP address and do not specify any other criteria in the rule, any packets arriving from
any other source IP address than the one specified are dropped.
Numeric protocol options
If you select Numeric as the protocol when specifying a rule, you need to specify the desired
number.
TCP protocol options
If you select TCP as the protocol when specifying a rule, you can define the following options.
Table 1.4: TCP Protocol Option Definitions
Field/Menu option Definition
Source or Destination Port Specify a source or destination port number for filtering. Specify a range to
TCP Flags Specify any of the flags: SYN (synchronize), ACK (acknowledge), FIN
UDP protocol options
Select UDP options by selecting UDP as the protocol when selecting a rule. Choose either the
Source or Destination Port from the field, as defined above.
filter TCP packets for any port number within the range.
(finish), RST (reset), URG (urgent), PSH (push) and one of the Any, Set, or
Unset conditions to filter TCP packets for the specified flag and selected
condition.
8 Cyclades ACS Advanced Console Server Installation/ Admi nistration/User Guide
ICMP protocol options
When you select ICMP as a protocol when specifying a rule, you can select the ICMP options
available on the display.
Target actions
The Target is the action to be performed on an IP packet that matches all the criteria specified in a
rule.
NOTE: If the LOG and REJECT targets are selected, additional options are available.
For detailed information on LOG target options, see LOG target on page 104.
For detailed information on REJECT target options, see REJECT target on page 105.
SNMP
The administrator can activate the Simple Network Management Protocol (SNMP) agent that
resides on the console server so th at the SNMP agent sends notifications about significant events or
traps to an SNMP management application. The console server SNMP agent supports SNMP v1/v2
and v3.
See To configure SNMP: on page 98 for more information.
Notifications, Alarms and Data Buffering
The administrator can set up logging, notifications and alarms to alert administrators of problems.
System generated messages on the console server and the connected servers or devices can be sent
to syslog servers for handling. The administrator can also configure data buffering to store data
from communication on serial ports for monitoring.
Data from communication with serial-connected consoles can be stored locally in the console
server’s flash memory or remotely either on an NFS server or a syslog server.
Syslog servers
Messages about the console server and connected servers or devices can be sent to central logging
servers, called syslog servers. Console data from devices connected to serial ports can be stored in
data buffer files on syslog servers. By default, logging and data buffering are not done.
Prerequisites for logging to syslog servers
Before configuring s ys logging, ensure that syslog server i s pre-configured with a public IP addr ess
and is accessible from the console se rver. Th e system administrator mus t obtain both the IP address
of the syslog server from the syslog server’s administrator and the facility number for messages
from the console server. Facility numbers are used on the syslog server for handling messages
generated by multiple devices.
Facility numbers for syslog messages
Each syslog server has seven local facility numbers available for its administrator to assign to
different devices or groups of devices, at different locations. The available facility numbers are
Local0 through Local7.
Example of using facility numbers
The syslog system administrator sets up a ser ver called sysl ogg er to h andle log messages fr om two
console servers. One console server is located in São Paulo, Brazil and the other in Fremont,
California. The syslog server’s administrator wishes to aggregate messages from the São Paulo
console server into the local1
the local2
On syslogger the system administrator has configured the system logg ing u tility to write messages
from the
facility to the
using the Web Manager, according to this example, you would select the facility number local2
from the Facility Number pull-down menu on the Syslog form.
facility.
local1 facility to the /var/log/saopaulo-config file and the messages from the local2
/var/log/fremont-config file. If you were in Fremont and identif ying the syslog server
facility and to aggregate messages from Fremont console server into
Managing Users of Connected Devices
Chapter 1: Introduction 9
This section provides a list of tasks that a Cyclades ACS advanced console server administrator can
perform to enable access to connected devices.
Configuring access to connected devices
During hardware installation of the console server, the installer connects the servers, devices and
any IPDUs to the serial ports. During software configuration, the console server administrator
performs the common tasks listed in the following table.
Tab le 1.5: Common Administrator Tasks for Configuring Software
Task Where Documented
To Configure a Serial Port Connection Protocol for a Console Connection Page 135
To Configure User Access to Serial Ports Page 140
ACS Console Server and Power Management
Authorized users can turn on, tur n off and reb oot dev ices that are plug ged into one of the foll owing
types of po wer devices, which can be optionally connected to any of the serial ports:
• Cyclades PM Intelligent Power Distribution Units (IPDUs) - With Cyclades PM IPDUs, up to
128 IPDU outlets can be daisy-chained from a single serial port
• Avocent SPC power control devices
10 Cyclades ACS Advanced Console Server Installation/Adm in istratio n/User Guide
• Server Technology Sentry™ family of Switched Cabinet Power Distribution Units (CDUs)
and switched CDU Expansion Module (CW/CX) power devices
• Server Technology Sentry Power Tower XL™ (PTXL) and Power Tower Expansion Module
(P TX M) power devices
NOTE: The term IPDU is used to refer to any of these types of power devices.
The ACS console server automatically recognizes and supports a Cyclades PM IPDU or Avocent
SPC device when the serial port to which the power device is connected has been configured for
power management.
Additional requirements for Server Technology IPDUs
For supported Server Technology IPDUs the following additional requirements appl y:
• The ACS console server must be managed by a DSView 3 server (DSVi ew 3 software version
3.4.1 or above).
• The needed power device license must be present, and the power device must be added to the
DSV iew 3 software.
The license is automatically downloaded from the DSView 3 server onto the console server.
Configuration and management can then be performed either through the DSView software or
through the Web Manager.
Conventions used to identify outlets
Several formats (such as outlet names, outlet groups, IPDU IDs and port names) can be used to
identify outlets during configuration, as described below:
• An administrator can configure optional names for each outlet to replace the default names
assigned by the system. Outlet names must begin with a letter. Valid characters are letters,
numbers, dash (-) and underscore (_). When an outlet name is configured, the name can be
used in other power management configurations.
NOTE: Outlet names can be configured in two places in the Web Manager. Ensure that names are consistent.
• An administrator can configure outlet groups. Once defined, outlet groups are specified with
the dollar sign ($) pr efix f ollowed b y th e outlet grou p name: $outl et_gro upname. For example,
$Cyclades_IPDU specifies an outlets group called Cyclades_IPDU.
• An administrator can specify outlets in any of the following ways:
• With a name that was configured for the outlet
• With an outlet group name preceded by the $ suffix
• With the IPDU ID assigned to the IPDU
• With the port number to which the IPDU is connected
Chapter 1: Introduction 11
The IPDU and port number are always followed by one or more outlet numbers in brackets:
[outlets]. Commas between outlet numbers indicate multiple outlets. Hyphens indicate a range.
For example, [1,5-8] specifies outlets 1, 5, 6, 7 and 8.
• IPDU ID - An IPDU ID is automatically assigned to each IPDU when the port to which it is
connected is configured for power management. An administrator can optionally assign a
name to each IPDU. Both automatically assigned and administrator-assigned names are
referred to as IPDU IDs.
• Specify outlets with the IPDU ID in the following format: IPDU_ID[outlets]. For
example, ilA[4,5] specifies outlets 4 and 5 on an IPDU whose ID is ilA.
• When devices are plugged into more than one IPDU, you can separate multiple IPDU
entries with commas in the form IPDU_ID[outlets],IPDU_ID[outlets]. For example,
i1A[1,5],i1B[2] specifies two outlets on IPDU i1A and one outlet on a daisy-chained
IPDU whose IPDU ID is ilB.
• Port number - To specify outlets by the port number to which the IPDU is connected, use the
suffix !ttyS followed by the port number followed by [outlets]. For example, !ttyS2[16]
indicates outlet 16 on an IPDU that is connected to serial port 2.
You can specify outlets in a chain of IPDUs with the port ID two different ways:
• By the outlet sequence. For example, in !ttyS3[2,16], outlet number 2 is the second outlet
on the first IPDU in a chain that is connected to port 3. If the first IPDU has 10 outlets,
outlet number 16 would be the sixth outlet on the second IPDU.
• By IPDU sequence, identified with alphabetic characters. The first IPDU is A and the
second is B and so forth. Precede the character with a hyphen. For example, !ttyS3-B[6]
would also refer to the sixth outlet on the second IPDU in the chain connected to port 3.
Configuring power management
Administrators comm only perf or m power management through the Web Manager to assign power
management permissions to users, configure IPMI devices and configure ports for power
management.
Configuring ports for power management by authorized users
Administrators of connected devices who have power management permissions can do power
management while co nnected by using a hotkey that brings up a power management screen.
For IPMI power manageme nt, the defaul t hotkey is
default hotkey is
Ctrl+p.
Options for managing power
Authorized users can per for m power management through the cons ol e s erv er b y using forms in the
web manager, from a power management screen while logged into a device or from the command
line while logged into the console server.
Ctrl+Shift+I. For IPDU power management, the
12 Cyclades ACS Advanced Console Server Installation/Adm in istratio n/User Guide
An authorized user with adminis trative privileges can perf orm IPDU and IPMI power management.
A regular user with permissions to the connected devices can perform IPDU power management.
Power management through the Web Manager
Users with power management permissions can perform power management through the Web
Manager. The Web Manager menu includes two power management options, both discussed in
Chapter 6.
Power management from the console server command line interface (CLI)
ACS console server administrators can use the ipmitool command to manage power on IPMI
devices while logged into the console server with administrative rights. The ipmitool command is
documented in the Cyclades ACS Command Reference Guide.
Hostname Discovery
An administrator can configure hostname discovery on the console server. When hostname
discovery is enabled for a serial port, the console server attempts to discover the hostname of the
server connected to the port. I f the ho stname of a server is successfully discovered, th e hostnam e of
the device connected to it is shown as the serial port alias.
If the server is later moved to another port, and the new port is also configured for hostname
discovery, the hostname for the server is again discovered at the new serial port.
NOTE: If the console server is being managed through DSView 3 software, hostname discovery can be
configured through the DSView 3 software.
An administrator can also configure site-specific probe and answer strings. These strings are used
to probe the target device that is connected to the selected serial port and extract the hostname from
the answer that is received in response to the probe string. The result of each probe string is
matched against all answer strings. If no match is found, the next probe string is sent until there are
no more probe strings or a match occurs. The default strings have a broad range and work in most
cases.
NOTE: Probe string configuration requires knowledge of C-style escape sequences. Answer strings require
knowledge of POSIX extended regular expressions. Hostnames longer than 31 characters are truncated when
the hostname is assigned to the serial port alias.
CHAPTER
Installation
2
Important Pre-installation Requirements
Before installing and configuring the console server, ensure that you have the following:
• Root Access on your local UNIX machine to use the serial ports.
• An appropriate terminal application for your operating system.
• IP address, DNS, Network Mask and Gateway addresses of your server or terminal, the
console server and the machine to which the console server is connected.
• A web browser that supports the console server Web Manager, such as Netscape, Internet
Explorer, Firefox or Mozilla.
• Java 2 Runtime Environment (JRE) versi on 1.4.2 or later. If a more recent version is avail able,
go to http://java.com to locate and download the latest version of J2RE.
13
Basic Installation Procedures
Mounting the console server
You can mount the ACS console server on a wall, rack or cabinet or place it on a desktop or other
flat surface. Two brackets are supplied with six h ex screws fo r attaching the brackets to the co nsole
server for mounting.
Figure 2.1: Placement of Mounting Brackets (Forward Mounting Configuration Shown)
• You will need a hex screwdriver and the nut s and bolts pr ovided w ith the moun ting br ackets to
perform the following procedure.
14 Cyclades ACS Advanced Console Server Installation/Adm in istratio n/User Guide
To rack mount the console server:
1. Install the brackets on to the front or back edges of the ACS console server using a screw
driver and the screws provided with the mounting kit.
2. Mount the console server unit in a secure position.
Making an Ethernet connection
Connect a CAT5 patch cabl e from the co nsole s erver por t lab eled 10 /100Bas e-T to an Ethernet hu b
or switch.
To connect devices to serial ports:
Using patch cables with RJ-45 connectors and DB-9 console adaptor s assemble crossover cables to
connect the console server serial ports to the device’s console port.
NOTE: For ACS 16 NEBS and ACS 32 NEBS models with single or dual DC power supplies, you must use
shielded cables when connecting devices to all ports. Shielded cables are required to comply with NEBS Level 3
certification on these models. In addition, to meet RoHS requirements, a ferrite bead with equal or better
impedance than TDK ZCAT2436-1330 must be installed on the Ethernet cable near the console server’s
Ethernet port.
Making a direct connection to configure the network parameters.
On your Windows workstation, ensure that a terminal emulation program is installed . On serv ers
running a UNIX-based operating system such as Solaris or Linux, make sure that a compatible
terminal emulator such as Kermit or Minicom is installed.
To connect to the console port:
You can use a CAT5 straight-through cable with RJ-45 connectors and the appropriate adaptor
provided in the product box to assemble a console cable. All adaptors have an RJ-45 connector on
one end and either a DB25 or DB9 male or female connector on the other end.
1. Connect the RJ-45 end of the cable to the port labeled Console on the console server.
2. Connect the adaptor end of the cable to the console port of your server or device.
3. Open your terminal emulation program, start a connection session, select an available COM
port and enter the following console parameters.
• Bits per second: 9600 bps
• Data bits: 8
• Parity: None
• Stop bit: 1
• Flow control: None
Loading...