Black Box 1102, 1101 User Manual

May 2010 LES1101A LES1102A
1101 and 1102 Secure Device Servers
Securely monitor, access, and control the computers, networking devices, telecommunications equipment, and power supplies in your data room or communications centers.
Manage your servers:
• Locally across your management LAN or through the local serial console port.
• Remotely across the Internet or private network.
Customer
Support
Information
Order toll-free in the U.S.: Call 877-877-BBOX (outside U.S. call 724-746-5500) • FREE technical support 24 hours a day, 7 days a week: Call 724-746-5500 or fax 724-746-0746 • Mailing address: Black Box Corporation, 1000 Park Drive, Lawrence, PA 15055-1018 • Web site: www.blackbox.com
• E-mail: info@blackbox.com
1101 and 1102 Secure Device Servers
Federal Communications Commission and Industry Canada Radio Frequency Interference Statements
This equipment generates, uses, and can radiate radio-frequency energy, and if not installed and used properly, that is, in strict accordance with the manufacturer’s instructions, may cause interference to radio communication. It has been tested and found to comply with the limits for a Class A computing device in accordance with the specifications in Subpart J of Part 15 of FCC rules, which are designed to provide reasonable protection against such interference when the equipment is operated in a commercial environment. Operation of this equipment in a residential area is likely to cause interference, in which case the user at his own expense will be required to take whatever measures may be necessary to correct the interference. Changes or modifications not expressly approved by the party responsible for compliance could void the user’s authority to operate the equ ipment.
This digital apparatus does not exceed the Class A limits for radio noise emission from digital apparatus set out in the Radio Interference Regulation of Industry Canada.
Le présent appareil numérique n’émet pas de bruits radioélectriques dépassant les limites applicables aux appareils numériques de la classe A prescrites dans le Règlement sur le brouillage radioélectrique publié par Industrie Canada.
2
724-746-5500 | blackbox.com
FCC and IC RFI Statements
Normas Oficiales Mexicanas (NOM) Electrical Safety Statement INSTRUCCIONES DE SEGURIDAD
1. Todas las instrucciones de seguridad y operación deberán ser leídas antes de que el aparato eléctrico sea operado.
2. Las instrucciones de seguridad y operación deberán ser guardadas para referencia futura.
3. Todas las advertencias en el aparato eléctrico y en sus instrucciones de operación deben ser respetadas.
4. Todas las instrucciones de operación y uso deben ser seguidas.
5. El aparato eléctrico no deberá ser usado cerca del agua—por ejemplo, cerca de la tina de baño, lavabo, sótano mojado o cerca de una alberca, etc..
6. El aparato eléctrico debe ser usado únicamente con carritos o pedestales que sean recomendados por el fabricante.
7. El aparato eléctrico debe ser montado a la pared o al techo sólo como sea recomendado por el fabricante.
8. Servicio—El usuario no debe intentar dar servicio al equipo eléctrico más allá a lo descrito en las instrucciones de operación. Todo otro servicio deberá ser referido a personal de servicio calificado.
9. El aparato eléctrico debe ser situado de tal manera que su posición no interfiera su uso. La colocación del aparato eléctrico sobre una cama, sofá, alfombra o superficie similar puede bloquea la ventilación, no se debe colocar en libreros o gabinetes que impidan el flujo de aire por los orificios de ventilación.
10. El equipo eléctrico deber ser situado fuera del alcance de fuentes de calor como radiadores, registros de calor, estufas u otros aparatos (incluyendo amplificadores) que producen calor.
11. El aparato eléctrico deberá ser connectado a una fuente de poder sólo del tipo descrito en el instructivo de operación, o como se indique en el aparato.
12. Precaución debe ser tomada de tal manera que la tierra fisica y la polarización del equipo no sea eliminada.
13. Los cables de la fuente de poder deben ser guiados de tal manera que no sean pisados ni pellizcados por objetos colocados sobre o contra ellos, poniendo particular atención a los contactos y receptáculos donde salen del aparato.
14. El equipo eléctrico debe ser limpiado únicamente de acuerdo a las recomendaciones del fabricante.
15. En caso de existir, una antena externa deberá ser localizada lejos de las lineas de energia.
16. El cable de corriente deberá ser desconectado del cuando el equipo no sea usado por un largo periodo de tiempo.
17. Cuidado debe ser tomado de tal manera que objectos liquidos no sean derramados sobre la cubierta u orificios de ventilación.
18. Servicio por personal calificado deberá ser provisto cuando: A: El cable de poder o el contacto ha sido dañado; u B: Objectos han caído o líquido ha sido derramado dentro del aparato; o C: El aparato ha sido expuesto a la lluvia; o D: El aparato parece no operar normalmente o muestra un cambio en su desempeño; o E: El aparato ha sido tirado o su cubierta ha sido dañada.
European Community (CE) Electromagnetic Compatibility Directive
This equipment has been tested and found to comply with the protection requirements of European Emission Standard EN55022/EN61000-3 and the Generic European Immunity Standard EN55024. EMC: EN55022 (2003)/CISPR-2 (2002): class A IEC61000-4-2 (2001): 4KV CD, 8KV AD IEC61000-4-3 (2002): 3V/m IEC61000-4-4 (2001):1KV (power line), 0.5KV (signal line)
724-746-5500 | blackbox.com
3
1101 and 1102 Secure Device Servers
Trademarks Used in this Manual
Black Box and the Double Diamond logo are registered trademarks of BB Technologies, Inc.
Mac is a registered trademark of Apple Computers, Inc.
Linux is a registered trademark of Linus Torvalds.
Internet Explorer, Windows, Windows Me, Windows NT, and Windows Vista are a registered trademarks of Microsoft Corporation.
Nagios is a registered trademark of Nagios Enterprises LLC.
Java and Solaris are trademarks of Sun Microsystems, Inc.
Unix is a registered trademark of X/Open Company Ltd.
Any other trademarks mentioned in this manual are acknowledged to be the property of the trademark owners.
4
724-746-5500 | blackbox.com
Table of Contents
5
Table of Contents
1. Specifications.......................................................................................................................................................................................................... 9
2. Overview ................................................................................................................................................................................................................10
2.1 Introduction....................................................................................................................................................................................................10
2.2 Manual Organization ....................................................................................................................................................................................10
2.3 Types of Users ..................................................................................................................................................................................................10
2.4 Management Console ....................................................................................................................................................................................11
2.5 Hardware Description .....................................................................................................................................................................................11
2.5.1 LES1101A Front Panel .........................................................................................................................................................................11
2.5.2 LES1101A Back Panel..........................................................................................................................................................................12
2.5.3 LES1102A Front Panel .........................................................................................................................................................................13
2.5.4 LES1102A Back Panel..........................................................................................................................................................................13
2.6 What’s Included ......................................................................................................................................................................................14
2.6.1 LES1101A.....................................................................................................................................................................................14
2.6.2 LES1102A.....................................................................................................................................................................................14
3. Installation ................................................................................................................................................................................................................15
3.1 Power Connection...........................................................................................................................................................................................15
3.2 Network Connection.......................................................................................................................................................................................15
3.3 Serial Port Connection ....................................................................................................................................................................................15
3.3.1 Non RS-232 Serial Port Pinouts—LES1102A .....................................................................................................................................16
3.3.2 Non RS-232 Serial Port Pinouts—LES1101A .....................................................................................................................................17
4. System Configuration ................................................................................................................................................................................................18
4.1 Management Console Connection................................................................................................................................................................18
4.1.1 Connected PC/Workstation Setup .....................................................................................................................................................18
4.1.2 Browser Connection ............................................................................................................................................................................19
4.2 Administrator Password ..................................................................................................................................................................................20
4.3 Network IP Address .........................................................................................................................................................................................21
4.4 System Services ................................................................................................................................................................................................22
4.5 Communications Software .............................................................................................................................................................................24
4.5.1 SDT Connector.....................................................................................................................................................................................24
4.5.2 PuTTY....................................................................................................................................................................................................25
4.5.3 SSHTerm ...............................................................................................................................................................................................25
5. Serial Port, Host, Device, and User Configuration ...................................................................................................................................................26
5.1 Configure Serial Ports......................................................................................................................................................................................26
5.1.1 Common Settings................................................................................................................................................................................27
5.1.2 Console Server Mode ..........................................................................................................................................................................28
5.1.3 SDT Mode.............................................................................................................................................................................................31
5.1.4 Device (RPC, UPS, EMD) Mode...........................................................................................................................................................32
5.1.5 Terminal Server Mode .........................................................................................................................................................................32
5.1.6 Serial Bridging Mode ...........................................................................................................................................................................32
5.1.7 Syslog ....................................................................................................................................................................................................33
5.2 Add/Edit Users .................................................................................................................................................................................................34
5.3 Authentication .................................................................................................................................................................................................36
5.4 Network Hosts .................................................................................................................................................................................................36
5.5 Trusted Networks ............................................................................................................................................................................................37
5.6 Serial Port Redirection .....................................................................................................................................................................................37
5.7 Managed Devices ............................................................................................................................................................................................38
6. Secure SSH Tunneling and SDT Connector...............................................................................................................................
6.1 Configuring for SSH Tunneling to Hosts .......................................................................................................................................................41
6.2 SDT Connector Client Configuration .............................................................................................................................................................41
6.2.1 SDT Connector Installation..................................................................................................................................................................41
6.2.2 Configuring a New Console Server Gateway in the SDT Connector Client....................................................................................42
6.2.3 Auto-Configure SDT Connector Client with the User’s Access Privileges .......................................................................................43
6.2.4 Make an SDT Connection through the Gateway to the Host..........................................................................................................44
6.2.5 Manually Adding Hosts to the SDT Connector Gateway .................................................................................................................44
6.2.6 Manually Adding New Services to the New Hosts............................................................................................................................45
6.2.7 Adding a Client Program to be Started for the New Service ...........................................................................................................47
6.3 SDT Connector to Management Console .....................................................................................................................................................49
6.4 SDT Connector–Telnet or SSH Connect to Serially Attached Devices.........................................................................................................49
6.5 Using SDT Connector for Out-of-Band Connection to the Gateway..........................................................................................................50
6.6 Importing (and Exporting) Preferences ..........................................................................................................................................................52
...............................40
724-746-5500 | blackbox.com
5
6
1101 and 1102 Secure Device Servers
6.7 SDT Connector Public Key Authentication .................................................................................................................................................... 52
6.8 Setting Up SDT for Remote Desktop Access ................................................................................................................................................. 53
6.8.1 Enable Remote Desktop on the Target Windows Computer to be Accessed ................................................................................ 53
6.8.2 Configure the Remote Desktop Connection Client .......................................................................................................................... 54
6.9 SDT SSH Tunnel for VNC ................................................................................................................................................................................ 56
6.9.1 Install and Configure the VNC Server on the Computer to be Accessed........................................................................................ 56
6.9.2 Install, Configure, and Connect the VNC Viewer ............................................................................................................................. 58
6.10 Using SDT to Connect to Hosts that are Serially Attached to the Gateway ............................................................................................. 59
6.10.1 Establish a PPP Connection between the Host COM Port and the Console Server ..................................................................... 60
6.10.2 Setup SDT Serial Ports on the Console Server ................................................................................................................................. 62
6.10.3 Setup SDT Connector to SSH Port Forward over the Console Server Serial Port.......................................................................... 63
6.10.4 SSH Tunneling Using Other SSH Clients (for example, PuTTY) ...................................................................................................... 63
7. Alerts and Logging..................................................................................................................................................................................................... 67
7.1 Configure SMTP/SMS/SNMP/Nagios Alert Service........................................................................................................................................ 67
7.1.1 Email Alerts........................................................................................................................................................................................... 67
7.1.2 SMS Alerts ............................................................................................................................................................................................ 68
7.1.3 SNMP Alerts ......................................................................................................................................................................................... 68
7.1.4 Nagios Alerts ........................................................................................................................................................................................ 69
7.2 Activate Alert Events and Notifications .......................................................................................................................................................... 69
7.2.1 Add a New Alert .................................................................................................................................................................................. 70
7.2.2 Configuring General Alert Types ........................................................................................................................................................ 70
7.2.3 Configuring Power Alert Type ............................................................................................................................................................ 72
7.3 Remote Log Storage........................................................................................................................................................................................ 73
7.4 Serial Port Logging .......................................................................................................................................................................................... 73
7.5 Network TCP or UDP Port Logging ................................................................................................................................................................ 73
8. Power Management .................................................................................................................................................................................................. 75
8.1 Remote Power Control (RPC) ......................................................................................................................................................................... 75
8.1.1 RPC Connection................................................................................................................................................................................... 75
8.1.2 RPC Access Privileges and Alerts......................................................................................................................................................... 77
8.1.3 User Power Management ................................................................................................................................................................... 77
8.1.4 RPC Status ............................................................................................................................................................................................ 78
8.2 Uninterruptible Power Supply Control (UPS)................................................................................................................................................. 78
8.2.1 Managed UPS Connections ................................................................................................................................................................ 79
8.2.2 Remote UPS Management.................................................................................................................................................................. 82
8.2.3 Controlling UPS Powered Computers ................................................................................................................................................ 83
8.2.4 UPS Alerts ............................................................................................................................................................................................. 83
8.2.5 UPS Status ............................................................................................................................................................................................ 83
8.2.6 Overview of Network UPS Tools (NUT) .............................................................................................................................................. 84
9. Authentication ........................................................................................................................................................................................................... 87
9.1 Authentication Configuration ........................................................................................................................................................................ 87
9.1.1 Local Authentication............................................................................................................................................................................ 87
9.1.2 TACACS Authentication ..................................................................................................................................................................... 87
9.1.3 RADIUS Authentication ....................................................................................................................................................................... 88
9.1.4 LDAP Authentication ........................................................................................................................................................................... 89
9.1.5 RADIUS/TACACS User Configuration ................................................................................................................................................ 89
9.2 Pluggable Authentication Modules (PAM) .................................................................................................................................................... 90
9.3 SSL Certificate .................................................................................................................................................................................................. 91
10. Nagios Integration ................................................................................................................................................................................................... 94
10.1 Nagios Overview............................................................................................................................................................................................ 94
10.2 Central Management and Setting Up SDT for Nagios ............................................................................................................................... 95
10.2.1 Setup Central Nagios Server ............................................................................................................................................................. 96
10.2.2 Setup Distributed Console Servers ................................................................................................................................................... 96
10.3 Configuring Nagios Distributed Monitoring ............................................................................................................................................... 98
10.3.1 Enable Nagios on the Console Server .............................................................................................................................................. 98
10.3.2 Enable NRPE Monitoring ................................................................................................................................................................... 99
10.3.3 Enable NSCA Monitoring.................................................................................................................................................................. 99
10.3.4 Configure Selected Serial Ports for Nagios Monitoring ..................................................................................................................100
10.3.5 Configure Selected Network Hosts for Nagios Monitoring............................................................................................................100
10.3.6 Configure the Upstream Nagios Monitoring Host..........................................................................................................................100
10.4 Advanced Distributed Monitoring Configuration .......................................................................................................................................100
10.4.1 Sample Nagios Configuration...........................................................................................................................................................100
10.4.2 Basic Nagios Plug-Ins .........................................................................................................................................................................103
10.4.3 Number of Supported Devices .........................................................................................................................................................103
10.4.4 Distributed Monitoring Usage Scenarios .........................................................................................................................................104
6
724-746-5500 | blackbox.com
Table of Contents
11. System Management ..............................................................................................................................................................................................106
11.1 System Administration and Reset ................................................................................................................................................................106
11.2 Upgrade Firmware ........................................................................................................................................................................................107
11.3 Configure Date and Time .............................................................................................................................................................................108
11.4 Configuration Backup...................................................................................................................................................................................108
12. Status Reports ..........................................................................................................................................................................................................110
12.1 Port Access and Active Users........................................................................................................................................................................110
12.2 Statistics .........................................................................................................................................................................................................110
12.3 Support Reports ............................................................................................................................................................................................111
12.4 Syslog .............................................................................................................................................................................................................112
12.5 Dashboard .....................................................................................................................................................................................................112
12.5.1 Configuring the Dashboard ..............................................................................................................................................................113
12.5.2 Creating Custom Widgets for the Dashboard ................................................................................................................................114
13. Management ...........................................................................................................................................................................................................115
13.1 Device Management.....................................................................................................................................................................................115
13.2 Port and Host Logs ........................................................................................................................................................................................115
13.3 Serial Port Terminal Connection ...................................................................................................................................................................116
13.4 Power Management .....................................................................................................................................................................................117
14. Configuration from the Command Line................................................................................................................................................................118
14.1 Accessing Config from the Command Line................................................................................................................................................118
14.2 Serial Port Configuration ..............................................................................................................................................................................120
14.3 Adding and Removing Users........................................................................................................................................................................122
14.4 Adding and Removing User Groups ............................................................................................................................................................124
14.5 Authentication ...............................................................................................................................................................................................124
14.6 Network Hosts...............................................................................................................................................................................................125
14.7 Trusted Networks ..........................................................................................................................................................................................126
14.8 Cascaded Ports ..............................................................................................................................................................................................127
14.9 UPS Connections ...........................................................................................................................................................................................127
14.10 RPC Connections ........................................................................................................................................................................................128
14.11 Managed Devices........................................................................................................................................................................................129
14.12 Port Log .......................................................................................................................................................................................................129
14.13 Alerts............................................................................................................................................................................................................130
14.14 SMTP and SMS............................................................................................................
14.15 SNMP ...........................................................................................................................................................................................................132
14.16 Administration.............................................................................................................................................................................................132
14.17 IP Settings ....................................................................................................................................................................................................132
14.18 Date and Time Settings ..............................................................................................................................................................................133
14.19 DHCP Server ................................................................................................................................................................................................134
14.20 Services ........................................................................................................................................................................................................134
14.21 NAGIOS........................................................................................................................................................................................................135
15. Advanced Configuration .........................................................................................................................................................................................136
15.1 Custom Scripting...........................................................................................................................................................................................136
15.1.1 Custom Script to Run When Booting ..............................................................................................................................................136
15.1.2 Running Custom Scripts When Alerts are Triggered ......................................................................................................................136
15.1.3 Example Script—Power Cycling on Pattern Match .........................................................................................................................137
15.1.4 Example Script—Multiple Email Notifications on Each Alert ..........................................................................................................137
15.1.5 Deleting Configuration Values from the CLI ...................................................................................................................................138
15.1.6 Power Cycle Any Device When a Ping Request Fails ......................................................................................................................140
15.1.7 Running Custom Scripts When a Configurator is Invoked.............................................................................................................141
15.1.8 Backing Up the Configuration and Restoring Using a Local USB Stick .........................................................................................141
15.1.9 Backing Up the Configuration Off-Box............................................................................................................................................142
15.2 Advanced Portmanager................................................................................................................................................................................143
15.2.1 Portmanager Commands..................................................................................................................................................................143
15.2.2 External Scripts and Alerts.................................................................................................................................................................144
15.3 Raw Access to Serial Ports ............................................................................................................................................................................145
15.3.1 Access to Serial Ports .........................................................................................................................................................................145
15.3.2 Accessing the Console/Modem Port................................................................................................................................................145
15.4 IP Filtering.......................................................................................................................................................................................................145
15.5 Modifying SNMP Configuration...................................................................................................................................................................146
15.6 Secure Shell (SSH) Public Key Authentication .............................................................................................................................................147
15.6.1 SSH Overview.....................................................................................................................................................................................147
15.6.2 Generating Public Keys (Linux) .........................................................................................................................................................147
15.6.3 Installing the SSH Public/Private Keys (Clustering) ...........................................................................................................................148
................................................................................131
7
724-746-5500 | blackbox.com
7
8
1101 and 1102 Secure Device Servers
15.6.4 Installing SSH Public Keys Authentication (Linux)............................................................................................................................148
15.6.5 Generating Public/Private Keys for SSH (Windows) ........................................................................................................................150
15.6.6 Fingerprinting.....................................................................................................................................................................................151
15.6.7 SSH Tunneled Serial Bridging............................................................................................................................................................152
15.6.8 SDT Connector Public Key Authentication ......................................................................................................................................153
15.7 Secure Sockets Layer (SSL) Support .............................................................................................................................................................154
15.8 HTTPS .............................................................................................................................................................................................................154
15.8.1 Generating an Encryption Key..........................................................................................................................................................154
15.8.2 Generating a Self-Signed Certificate with OpenSSL .......................................................................................................................154
15.8.3 Installing the Key and Certificate......................................................................................................................................................155
15.8.4 Launching the HTTPS Server.............................................................................................................................................................155
15.9 Power Strip Control.......................................................................................................................................................................................155
15.9.1 The PowerMan Tool ..........................................................................................................................................................................155
15.9.2 The pmpower Tool ............................................................................................................................................................................156
15.9.3 Adding New RPC Devices .................................................................................................................................................................157
15.10 IPMtool ...................................................................................................................................................................................................157
15.11 Custom Development Kit (CDK) ..........................................................................................................................................................160
15.12 Scripts for Managing Slaves..................................................................................................................................................................160
Appendix. Linux Commands and Source Code ...........................................................................................................................................................161
8
724-746-5500 | blackbox.com
1. Specifications
CPU: MIcrel KS8695P controller
Memory: 16 MB SDRAM, 8 MB Flash
Serial Baud Rates: 2400 to 115,200 bps
Connectors: LES1101A: (1) DB9 RS-232 serial, (1) RJ-45 10/100BASE-T Ethernet;
LES1102A: (2) DB9 RS-232 serial, (1) RJ-45 10/100BASE-T Ethernet
Indicators: LES1101A: (4) LEDs: Power, Activity, On RJ-45: Connectivity, Activity LES1102A: (5) LEDs: Power, Serial 1, Serial 2, On RJ-45: Connectivity, Activity
Temperature Tolerance: Operating: 41 to 122° F (5 to 50° C); Storage: -20 to +140° F (-30 to +60° C)
Humidity Tolerance: 5 to 90%
Power: (1) 12-VDC universal input external wallmount power supply,100–240 VAC, 50/60 Hz
Size: LES1101A: 4”H x 1.75”W x 1”D (10.2 x 4.5 x 2.5 cm);
LES1102A: 3.9”H x 2.8”W x 1”D (10 x 7.2 x 2.5 cm)
Weight: LES1101A: 0.25 lb. (0.11 kg); LES1102A: 1 lb. (0.45 kg)
Chapter 1: Specifications
724-746-5500 | blackbox.com
9
1101 and 1102 Secure Device Servers
2. Overview
2.1 Introduction
This User’s Manual walks you through installing and configuring your Black Box Secure Device Servers (LES1101A or LES1102A). Each of these products is referred to generically in this manual as a “console server.”
Once configured, you will be able to use your console server to securely monitor access and control the computers, networking devices, telecommunications equipment, power supplies, and operating environments in your data room or communications centers. This manual guides you in managing this infrastructure locally (across your operations or management LAN or through the local serial console port), and remotely (across the Internet or private network).
2.2 Manual Organization
This manual contains the following chapters:
• Chapter 1. Specifications: Lists the general specifications for the console servers.
• Chapter 2, Overview: An overview of the features of console server and information on this manual.
• Chapter 3, Installation: Physical installation of the console server and how to interconnect controlled devices.
• Chapter 4, System Configuration: Describes the initial installation and configuration using the Management Console. Covers configuration of the console server on the network and the services that will be supported.
• Chapter 5, Serial Port and Network Host: Covers configuring serial ports and connected n etwork hosts, and setting up Users and Groups.
• Chapter 6, Secure Tunneling (SDT): Covers secure remote access using SSH and configuring for RDP, VNC, HTTP, HTTPS, etc. access to network and serially connected devices.
• Chapter 7, Alerts and Logging: Explains how to set up local and remote event/data logs and how to trigger SNMP and email alerts.
• Chapter 8, Power Management: Describes how to manage USB, serial, and network attached power strips and UPS supplies including Network UPS Tool (NUT) operation and IPMI power control.
• Chapter 9, Authentication: Access to the console server requires usernames and passwords that are locally or externally authenticated.
• Chapter 10, Nagios Integration: Describes how to set Nagios central management with SDT extensions and configure the console server as a distributed Nagios server.
• Chapter 11, System Management: Covers access to and configuration of services that will run on the console server .
• Chapter 12, Status Reports: View a dashboard summary and detailed status and logs of serial and network connected devices (ports, hosts, power, and environment)
• Chapter 13, Management: Includes port controls that Users can access.
• Chapter 14, Basic Configuration: Command line installation and configuration using the config command.
• Chapter 15, Advanced Config: More advanced command line configuration activities where you will need to use Linux commands. The latest update of this manual can be found online at www.Black Box.com/download.html
• Appendix: Linux Commands and Source Code.
2.3 Types of Users
The console server supports two classes of users:
First, there are the administrative users who will be authorized to configure and control the console server; and to access and control all the connected devices. These administrative users will be set up as members of the admin user group and any user in this class is referred to generically in this manual as the Administrator. An Administrator can access and control the console server using the config utility, the Linux command line, or the browser-based Management Console. By default, the Administrator has access to all services and ports to control all the serial connected devices and network connected devices (hosts).
The second class of users are those who have been set up by the Administrator with specific limits of their access and control authority. These users are set up as members of the users user group (or some other user groups the Administrator may have added). They are only authorized to perform specified controls on specific connected devices and are referred to as Users. These Users (when authorized) can access serial or network connected
10
724-746-5500 | blackbox.com
Chapter 2: Overview
devices; and control these devices using the specified services (for example, Telnet, HHTPS, RDP, IPMI, Serial over LAN, Power Control). An authorized User also has a limited view of the Management Console and can only access authorized configured devices and review port logs.
In this manual, when the term user (lower case) is used, it refers to both the above classes of users. This document also uses the term remote users to describe users who are not on the same LAN segment as the console server. These remote users may be Users, who are on the road connecting to managed devices over the public Internet, or it may be an Administrator in another office connecting to the console server itself over the enterprise VPN, or the remote user may be in the same room o r the same office but connected on a separate VLAN than the console server.
2.4 Management Console
The Management Console provides a view of the console server and all the connected devices.
Administrators can use any browser to log into the Management Console either locally or from a remote location. They can then use Management
Console to manage the console server, the users, the serial ports and serially connected devices, network connected hosts, and connected power devices; and to view associated logs and con figure alerts.
1 2 3
Figure 2-1. Login screen for the management console.
A User can also use the Management Console, but has limited menu access to control select devices, review their logs, and access them using the built-in java terminal or control power to them.
The console server runs an embedded Linux® operating system, and experienced Linux and UNIX® users may prefer to configure it at the command line. To get command line access, connect through a terminal emulator or communications program to the console serial port; connect via ssh or telnet through the LAN; or connect through an SSH tunneling to the console server.
1 2 3
2.5 Hardware Description
2.5.1 LES1101A Front Panel
Figure 2-2 shows the front panel of the LES1101A. Table 2-1 describes its components.
724-746-5500 | blackbox.com
1 2 3
5 4
Figure 2-2. LES1101A front panel.
11
1101 and 1102 Secure Device Servers
Table 2-1. LES1101A front-panel components.
Number Component Description
` 1 Barrel connector Power
2 RJ-45 connector Links to 10/100 Mbps Ethernet
3 J1 jumper Selects RS-232, RS-485, RS-422
4 RJ-45 LED Ethernet Connectivity LED
5 RJ-45 Ethernet Activity
2.5.2 LES1101A Back Panel
Figure 2-3 shows the LES1101A back panel. Table 2-2 describes its components.
6
Figure 2-3. LES1101A back panel.
Table 2-2. LES1101A back-panel components.
Number Component Description
6 DB9 connector Serial connector (RS-232, RS-485, RS-422)
12
724-746-5500 | blackbox.com
2.5.3 LES1102A Front Panel
Figure 2-4 shows the front panel of the LES1102A. Table 2-3 describes its components.
1 2 3
Chapter 2: Overview
Figure 2-4. LES1102A front panel.
Table 2-3. LES1102A front-panel components.
Number Component Description
1 Barrel connector Power
2 8-position Phoenix connector Port 2 (RS-422/485)
3 RJ-45 connector Links to 10/100 Mbps Ethernet
4 RJ-45 LED (left side of connector) Ethernet Connectivity LED
5 RJ-45 LED (right side of connector) Ethernet Activity LED
4 5
2.5.4 LES1102A Back Panel
Figure 2-5 shows the LES1102A back panel. Table 2-4 describes its components.
6 7
Figure 2-5. LES1102A back panel.
Table 2-4. LES1102A back-panel components.
Number Component Description
6 DB9 connector Port 1 RS-232
7 DB9 connector Port 2 RS-232
724-746-5500 | blackbox.com
13
1101 and 1102 Secure Device Servers
2.6 What’s Included
Your package should include the following items. If anything is missing or damaged, contact Black Box Technical Support at 724-746-5500 or
info@blackbox.com
2.6.1 LES1101A
• 1101 Secure Device Server
• Universal input 12-VDC wallmount power supply
• Printed Quick Start Guide
• CD-ROM containing this user’s manual
2.6.2 LES1102A
• 1101 Secure Device Server
• (2) UTP cables
• (2) DB9 F to RJ-45 S adapters
• Universal input 12-VDC wallmount power supply
• Printed Quick Start Guide
• CD-ROM containing this user’s manual
.
14
724-746-5500 | blackbox.com
Chapter 3: Installation
3. Installation
Make sure you have everything listed in Chapter 2, Section 2.6 for your 1101 or 1102 Secure Device Server.
3.1 Power Connection
The LES1101A or LES1102A models are each supplied with an external DC wall mount power supply. This power supply comes with a selection of wall socket adapters for each geographic region (North American, Europe, UK, Japan or Australia) and will operate with 100-240 VAC, 50/60 Hz input, 7.2 watts maximum.
Plug in the DC power cable. The 12V DC connector from the power supply unit plugs into the DC power socket on the side of the console server casing.
Plug in the power supply AC power cable and turn on the AC power. Confirm that the console server Power LED (PWR) is lit.
NOTE: When you first apply power to the LES1101A or LES1102A the Local and Serial LEDs will flash alternately.
The LES1102A can also be powered directly from any +9V DC to +48V DC power source by connecting the DC power lines to the IN-GND and VIN+ screw jacks.
Power connector
+9 to +48 VDC 1 GND
Figure 3-1. Power connector.
3.2 Network Connection
The RJ-45 LAN ports are located on the side of the LES1101A and LES1102A units.
All physical connections are made using industry standard CAT5 cabling and connectors. Make sure you only connect the LAN port to an Ethernet network that supports 10BASE-T/100BASE-T.
The first time you configure the console server, you must connect a PC or workstation to the console server’s network port.
3.3 Serial Port Connection
The LES1102A has two DB9 serial ports (Ports 1–2). By default, Port 1 is configured in Local Console (modem) mode. The LES1101A also has one DB9 serial port that‘s configured by default in Local Console (modem) mode.
The serial ports are all set by default in RS-232 mode. The RS-232 pinout standards for the DB9 connector are described in Table 3-1.
724-746-5500 | blackbox.com
15
1101 and 1102 Secure Device Servers
Table 3-1. RS-232 DB9 connector pinouts.
3.3.1 Non RS-232 Serial Port Pinouts— LES1102A
Port 2 on the LES1102A can also be software selected to be an RS-485 or RS-422 port connected through the screw terminal block (pinout shown in Table 3-2.
Signal Pin Definition
CD 1 Received Line Signal Detector
RXD 2 Received Data
TXD 3 Transmitted Data
DTR 4 Data Terminal Ready
GND 5 Signal Ground
DSR 6 Data Set Ready
RTS 7 Request To Send
CTS 8 Clear To Send
RI 9 Ring Indicator
Table 3-2. Non RS-232 serial port pinout for the LES1102A.
1 +V DC IN 2 GND 3 RX+ 4 RX­5 TX+ 6 TX- 7 +3.3V DC OUT 8 GND
RS-422 uses a full-duplex transmit on TX+/TX- pair, receive on RX+/RX- pair.
RS-485 uses half-duplex over single pair. The LES1102A supports half duplex “party-line” communications over a 2-wire RS-485 bus (D+/D-). This is enabled by choosing the RS-485 option (instead of RS-232 or RS-422) for “Signaling Protocol” from the “Serial Port: Configuration” link on the
16
724-746-5500 | blackbox.com
Figure 3-2. Front panel of the LES1102A showing pinout connections on the left side.
Chapter 3: Installation
Web management console. Two short cable loops are also required between the RX+/TX+ pins and RX-/TX- pins. This is because the LES1102A uses universal differential transceivers that support 4-wire (RS-422) and 2-wire (RS-485) operation.
In RS-485 mode, Port 2 on the LES1102A listens on the 2-wire bus for receive data until it is required to send data. In RS-485 send mode, it stops receiving, enables its transmitters when there is data to be sent, transmits the data, and returns to receive mode. This eliminates the possibility of collisions with other devices that share the RS-485 bus and avoids receiving stale echoed data.
1 +3V 2 GND 3 RX+ 4 RX-
D+ D-
5 TX+ 6 TX­7 +VIN 8 GND
Figure 3-3. RS-485 wiring diagram for LES1102A.
3.3.2 Non RS-232 Serial Port Pinouts— LES1101A
The one DB9 serial port on the LES1101A can be used as an RS-232, RS-485 or RS-422 port. By default, the LES1101A is configured in RS-232 mode (with a vertical jumper in place on the left hand J1 pins).
Figure 3-4. RS-232 configuration for the DB9 port on the LES1101A.
To set the port in RS-422 or RS-485 mode, you must remove the J1 jumper and then configure the Signaling Protocol using the Management Console.
The DB9 pinout is shown in Table 3-3.
Table 3-3. DB9 pinout for LES1101A.
Pin: Mode: RS232 RS422 RS485
1 DCD DCD+ ­2 RXD RX - ­3 TXD TX + D+ 4 DTR DTR+ ­5 GND GND GND 6 DSR RX + ­7 RTS TX - D­8 CTS DCD- ­9 - DTR- -
724-746-5500 | blackbox.com
17
1101 and 1102 Secure Device Servers
4. System Configuration
This chapter provides step-by-step instructions for the console server’s initial configuration, and for connecting it to the Management or Operational LAN. Th e Administrator must:
• Activate the Management Console.
• Change the Administrator password.
• Set the IP address console server’s principal LAN port.
• Select the network services that will be supported.
This chapter also discusses the communications software tools that the Administrator may use to access the console server.
4.1 Management Console Connection
Your console server is configured with a default IP Address 192.168.0.1 Subnet Mask 255.255.255.0
• Directly connect a PC or workstation to the console server.
NOTE: For initial configuration we recommend that you connect the console server directly to a single PC or workstation. However, if you choose to connect your LAN before completing the initial setup steps:
• make sure that there are no other devices on the LAN with an address of 192.168.0.1
• make sure that the console server and the PC/workstation are on the same LAN segment, with no interposed router appliances.
4.1.1 Connected PC/Workstation Setup
To configure the console server with a browser, the connected PC/workstation should have an IP address in the same range as the console server (for example, 192.168.0.100):
• To configure the IP Address of your Linux or Unix PC/workstation, simply run ifconfig
• For Windows PCs (Win9x/Me/2000/XP, Windows NT, Windows Vista, Windows 7):
- Click Start -> (Settings ->) Control Panel and double click Network Connections (for 95/98/Me, double click Network).
- Right click on Local Area Connection and select Properties.
- Select Internet Protocol (TCP/IP) and click Properties.
- Select Use the following IP address and enter the following details:
- IP address: 192.168.0.100
Subnet mask: 255.255.255.0
If you want to retain your existing IP settings for this network connection, click Advanced and Add the above as a secondary IP connection. If it is not convenient to change your PC/workstation network address, you can use the ARP-Ping command to reset the console server IP address. To do this from a Windows PC:
• Click Start -> Run (or select All Programs then Accessories then Run).
• Type cmd and click OK to bring up the command line.
• Type arp –d to flush the ARP cache.
• Type arp –a to view the current ARP cache (this should be empty).
18
724-746-5500 | blackbox.com
Chapter 4: System Configuration
Figure 4-1. Run screen.
Now add a static entry to the ARP table and ping the console server to assign the IP address to the console server. In the example below, a console server has a MAC Address 00:13:C6:00:02:0F (designated on the label on the bottom of the unit) and we are setting its IP address to
192.168.100.23. Also the PC/workstation issuing the arp command must be on the same network segment as the console server (that is, have an IP address of 192.168.100.xxx)
• Type arp -s 192.168.100.23 00-13-C6-00-02-0F (Note for UNIX the syntax is: arp -s 192.168.100.23 00:13:C6:00:02:0F).
• Type ping -t 192.18.100.23 to start a continuous ping to the new IP Address.
• Turn on the console server and wait for it to configure itself with the new IP address. It will start replying to the ping at this point.
• Type arp –d to flush the ARP cache again.
4.1.2 Browser connection
Activate your preferred browser on the connected PC/workstation and enter https://192.168.0.1 The Management Console supports all current versions of the popular browsers (Internet Explorer, Mozilla Firefox, Chrome, and more).
724-746-5500 | blackbox.com
19
1101 and 1102 Secure Device Servers
You will be prompted to log in. Enter the default administration username and administration password:
Username: root
Password: default
Figure 4-2. Login screen.
NOTE: Console servers are factory configured with HTTPS access enabled and HTTP access disabled.
Figure 4-3. Management console welcome screen.
A Welcome screen, which lists four initial installation configuration steps, will be displayed:
1. Change the default administration password on the System/Administration page (Chapter 4).
2. Configure the local network settings on the System/IP page (Chapter 4).
3. Configure port settings and enable them on the Serial & Network/Serial Port page (Chapter 5).
4. Configure users with access to serial ports on the Serial & Network/Users page (Chapter 4).
After completing each of the above steps, you can return to the configuration list by clicking in the top left corner of the screen on the Black Box logo.
NOTE: If you are not able to connect to the Management Console at 192.168.0.1 or if the default Username/Password were not accepted, then reset your console server (refer to Chapter 11).
4.2 Administrator Password
For security reasons, only the administrator user named root can initially log into your console server. Only people who know the root password can access and reconfigure the console server itself. However, anyone who correctly guesses the root password could gain access (and the default root password is default). To avoid this, enter and confirm a new root password before giving the console server any access to, or control of, your computers and network appliances.
NOTE: We recommend that you set up a new Administrator user as soon as convenient and log in as this new user for all ongoing administration functions (rather than root). This Administrator can be configured in the admin group with full access privileges through the Serial & Network: Users & Groups menu as detailed in Chapter 5.
20
724-746-5500 | blackbox.com
Chapter 4: System Configuration
Figure 4-4. System: Administration screen.
1. Select System: Administration.
2. Enter a new System Password then re-enter it in Confirm System Password. This is the new password for root, the main administrative user account, so choose a complex password, and keep it safe.
3. At this stage, you may also wish to enter a System Name and System Description for the console server to give it a unique ID and make it simple to identify.
NOTE: The System Name can contain from 1 to 64 alphanumeric characters (however you can also use the special characters “-”, “_”,
and “.” ) There are no restrictions on the characters that can be used in the System Description or the System Password (each can contain up to 254 characters). However, only the first eight System Password characters are used to make the password hash.
4. Click Apply. Since you have changed the password, you will be prompted to log in again. This time, use the new password.
NOTE: If you are not confident that your console server has the current firmware release, you can upgrade. Refer to Upgrade Firmware— Chapter 11.
4.3 Network IP Address
The next step is to enter an IP address for the principal Ethernet (LAN/Network/Network1) port on the console server; or enable its DHCP client so that it automatically obtains an IP address from a DHCP server on the network it will connect to.
On the System: IP menu, select the Network Interface page, then check dhcp or static for the Configuration Method.
If you selected Static, you must manually enter the new IP Address, Subnet Mask, Gateway, and DNS server details. This selection automatically disables the DHCP client.
724-746-5500 | blackbox.com
21
1101 and 1102 Secure Device Servers
Figure 4-5. IP Settings screen.
If you selected DHCP, the console server will look for configuration details from a DHCP server on your management LAN. This selection automatically disables any static address. The console server MAC address is printed on a label on the base plate.
NOTE: In its factory default state (with no Configuration Method selected) the console server has its DHCP client enabled, so it automatically
accepts any network IP address assigned by a DHCP server on your network. In this initial state, the console server will then respond to both its Static address (192.168.0.1) and its newly assigned DHCP address.
By default, the console server LAN port auto-detects the Ethernet connection speed. You can use the Media menu to lock the Ethernet to 10 Mbps or 100 Mbps, and to Full Duplex (FD) or Half Duplex (HD).
NOTE: If you changed the console server IP address, you may need to reconfigure your PC/workstation so it has an IP address that is in the same
network range as this new address.
Click Apply.
Enter http://new IP address to reconnect the browser on the PC/workstation that is connected to the console server.
IPv6 configuration
You can also configure the console server management LAN for IPv6 operation:
• On the System: IP menu, select the General Settings page and check Enable IPv6.
• Then, configure the IPv6 parameters on the Network Interface page.
4.4 System Services
The Administrator can access and configure the console server and connect to the managed devices using a range of access protocols (services). The factory default enables HTTPS and SSH access to the console server and disables HTTP and Telnet.
A User or Administrator can also use nominated enabled services to connect through the console server to attached serial and network connected managed devices.
The Administrator can simply disable any of the services, or enable others.
22
724-746-5500 | blackbox.com
Chapter 4: System Configuration
Figure 4-6. System: Services screen.
Select the System: Services option, then select/deselect for the service to be enabled/disabled. The following access protocol options are available:
• HTTPS: This ensures secure browser access to all the Management Console menus. It also allows appropriately configured Users secure browser access to selected Management Console Manage menus. If you enable HTTPS, the Administrator will be able to use a secure browser connection to the Console server’s Management Console. For information on certificate and user client software configuration, refer to Chapter 9—Authentication. By default, HTTPS is enabled, and we recommend that that you only use HTTPS access if the console server will be managed over any public network (for example, the Internet).
• HTTP: By default HTTP is disabled. We recommend that the HTTP service remain disabled if the console server will be remotely accessed over the Internet.
• Telnet: This gives the Administrator Telnet access to the system command line shell (Linux commands). This may be suitable for a local direct connection over a management LAN. By default, Telnet is disabled. We recommend that this service remain disabled if you will remotely administer the console server.
• SSH: This service provides secure SSH access to the Linux command line shell. We recommend that you choose SSH as the protocol where the Administrator connects to the console server over the Internet or any other public network. This will provide authenticated communications between the SSH client program on the remote PC/workstation and the SSH sever in the conso le server. By default SSH is enabled. For more information on SSH configuration refer Chapter 9—Authentication.
You can configure related service options at this stage:
• Ping: This allows the console server to respond to incoming ICMP echo requests. Ping is enabled by default. For security reasons, you should disable this service after initial configuration.
And there are some serial port access parameters that you can configure on this menu:
724-746-5500 | blackbox.com
23
1101 and 1102 Secure Device Servers
• Base: The console server uses specific default ranges for the TCP/IP ports for the various access services that Users and Administrators can use to access devices attached to serial ports (as covered in Chapter 4—Configuring Serial Ports). The Administrator can also set alternate ranges for these services, and these secondary ports will then be used in addition to the defaults.
The default TCP/IP base port address for telnet access is 2000, and the range for telnet is IP Address: Port (2000 + serial port #), that is, 2001–2002. If the Administrator sets 8000 as a secondary base for telnet, then serial port #2 on the console server can be accessed via telnet at IP Address:2002 and at IP Address:8002.
The default base for SSH is 3000; for Raw TCP is 4000; and for RFC2217 it is 5000.
Click Apply. As you apply your services selections, the screen will be updated with a confirmation message:
Message Changes to configuration succeeded.
4.5 Communications Software
You have configured access protocols for the Administrator client to use when connecting to the console server. User clients (who you may set up later) will also use these protocols when accessing con sole server serial attached devices and network attached hosts. You will need to have appropriate communications software tools set up on the Administrator (and User) PC/workstation.
Black Box provides the SDT Connector Java applet as the recommended client software tool. You can use other generic tools such as PuTTY and SSHTerm. These tools are all described below as well.
4.5.1 SDT Connector
Each console server has an unlimited number of SDT Connector licenses to use with that console server.
LES1102A
LAN
SDT connector
(RDP/VNC/Telnet/
HTTP client
RDP/VNC/Telnet/HTTP sessions
forwarded to
devices/computers/service processors
SDT Connector is a lightweight tool that enables Users and Administrators to securely access the console server and the various computers, network devices, and appliances that may be serially or network connected to the console server.
SDT Connector is a Java applet that couples the trusted SSH tunneling protocol with popular access tools such as Telnet, SSH, HTTP, HTTPS, VNC, and RDP to provide point-and-click secure remote management access to all the systems and devices being managed.
Information on using SDT Connector for browser access to the console server’s Management Console, Telnet/SSH access to the console server command line, and TCP/UDP connecting to hosts that are network connected to the console server is in Chapter 6—Secure Tunneling .
SDT Connector can be installed on Windows 2000, XP, 2003, Windows Vista, Windows NT PCs, and on most Linux, UNIX, and Solaris computers.
SSH encrypted
on the LAN
tunnel
Network
appliance
Figure 4-7. SDT connector application.
Database
server
Web
server
PCs
24
724-746-5500 | blackbox.com
Chapter 4: System Configuration
4.5.2 PuTTY
You can also use communications packages like PuTTY to connect to the console server command line (and to connect serially attached devices as covered in Chapter 5). PuTTY is a freeware implementation of Telnet and SSH for Windows and UNIX platforms. It runs as an executable application without needing to be installed onto your system. PuTTY (the Telnet and SSH client itself) can be downloaded from
http://www.tucows.com/preview/195286.html
To use PuTTY for an SSH terminal session from a Windows client, enter the console server’s IP address as the ”Host Name (or IP address).” To access the console server command line, select “SSH” as the protocol, and use the default IP Port 22. Click “Open” and the console server login prompt will appear. (You may also receive a “Security Alert” that the host’s key is not cached. Choose “yes” to continue.) Using the Telnet protocol is similarly simple, but you use the default port 23.
Figure 4-8. PuTTY screen.
4.5.3 SSHTerm
Another popular communications package you can use is SSHTerm, an open source package that you can download from
http://sourcefo rge.net/projects/sshtools
To use SSHTerm for an SSH terminal session from a Windows Client, simply Select the “File” option and click on “New Connection.”
A new dialog box will appear for your “Connection Profile.” Type in the host name or IP address (for the console server unit) and the TCP port that the SSH session will use (port 22). Then type in your username, choose password authentication, and click connect.
You may receive a message about the host key fingerprint. Select “yes” or “always” to continue.
The next step is password authentication. The system prompts you for your username and password from the remote system. This logs you on to the
console server
Figure 4-9. Connection Profile screen.
724-746-5500 | blackbox.com
25
1101 and 1102 Secure Device Servers
5. Serial Port, Host, Device, and User Configuration
The Black Box LES1101A and LES1102A console server enables access and control of serially attached devices and network attached devices (hosts). The Administrator must configure access privileges for each of these devices, and specify the services that can be used to control the devices. The Administrator can also set up new users and specify each user’s individual access and control privileges.
LAN
Network connected
(HTTP, HTTPS, IPMI, ALOM, SOL, VNC, RDP, SSH, X, Telnet)
Figure 5-1. Configuration.
This chapter covers each of the steps in configuring hosts and serially attached devices:
Configure Serial Ports
Users & Groups
Authentication—
Network Hosts
Configuring Trusted Networks
Cascading and Redirection of Serial Console Ports.
Connecting to Power (UPS PDU and IPMI) and Environmental Monitoring (EMD) devices.
Managed Devices—presents a consolidated view of all the connections.
—setting up the protocols to be used in accessing serially-connected devices.
—setting up users and defining the access permissions for each of these users.
covered in more detail in Chapter 9.
—configuring access to network connected devices (referred to as hosts).
—nominate user IP addresses.
LES1102A
Serial connected
Linux, Solaris, Windows, UNIX, BSD servers
VoIP PBX switch, router, firewall, power strip, UPS
5.1 Configure Serial Ports
To configure a serial port, you must first set the Common Settings (the protocols and the RS-232 parameters (such as baud rate) that will be used for the data connection to that port.
Select what mode the port is to operate in. You can set each port to support one of five operating modes:
1. Console Server Mode is the default and this enables general access to serial console port on the serially attached devices.
2. Device Mode sets the serial port up to communicate with an intelligent serial controlled PDU or UPS.
3. SDT Mode enables graphical console access (with RDP, VNC, HTTPS, etc.) to hosts that are serially connected.
4. Terminal Server Mode sets the serial port to wait for an incoming terminal login session.
5. Serial Bridge Mode enables transparently interconnects two serial port devices over a network.
26
724-746-5500 | blackbox.com
Chapter 5: Serial Port, Host, Device, and User Configuration
Figure 5-2. Serial port screen.
Select Serial & Network: Serial Port and you will see the current labels, modes, logging levels, and RS-232 protocol options that are currently set up for each serial port.
By default, each serial port is set in Console Server mode. To reconfigure the port, click Edit.
When you have reconfigured the common settings (Chapter 5.1.1) and the mode (Chapters 5.1.2–5.1.6) for each port, you can set up any remote syslog (Chapter 5.1.7), then click Apply.
NOTE: If you want to set the same protocol options for multiple serial ports at once, click Edit Multiple Ports and select which ports you want to
configure as a group.
If the console server has been configured with distributed Nagios monitoring enabled, then you will also be presented with Nagios Settings options to enable nominated services on the Host to be monitored (refer Chapter 10—Nagios Integration).
5.1.1 Common Settings
There are a number of common settings that you can set for each serial port. These are independent of the mode in which the port is being used. Set these serial port parameters to match the serial port parameters on the device you attach to that port.
Figure 5-3. Edit multiple ports screen.
Specify a label for the port.
Select the appropriate Baud Rate, Parity, Data Bits, Stop Bits, and Flow Control for each port. (Note: The RS-485/RS-422 option is not relevant for console servers.)
724-746-5500 | blackbox.com
27
1101 and 1102 Secure Device Servers
Before proceeding with further serial port configuration, connect the ports to the serial devices they will be controlling, and make sure they have matching settings.
NOTE: The serial ports are all set at the factory to RS-232: 9600 baud, no parity, 8 data bits, 1 stop bit, and Console server Mode. You can
5.1.2 Console Server Mode
Select Console Server Mode to en able remote management access to the serial console that is attached to this serial port:
change the baud rate to 2400–230400 baud using the management console. You can configure lower baud rates (50, 75, 110, 134, 150, 200, 300, 600, 1200, 1800 baud) from the command line. Refer to Chapter 14— Basic Configuration (Linux Commands).
Figure 5-4. Console Server settings screen.
Logging Level: This specifies the level of information to be logged and monitored (referto Chapter 7Alerts and Logging).
Telnet: Wh en the Telnet service is enabled on the console server, a Telnet client on a User or Administrator’s computer can connect to a serial device attached to this serial port on the console server. The Telnet communications are unencrypted, so this protocol is generally recommended only for local connections.
With Win2000/XP/NT you can run telnet from the command prompt (cmd.exe). Vista and Windows 7 include a Telnet client and server, but they are not enabled by default. To enable Telnet:
• Log in as Admin and go to Start/Control Panel/Programs and Features.
• Select Turn Windows features on or off, check the Telnet Client, and click OK.
28
724-746-5500 | blackbox.com
Chapter 5: Serial Port, Host, Device, and User Configuration
Figure 5-5. Windows features screen.
If the remote communications are tunneled with SDT Connector, then you can use Telnet to securely access these attached devices (refer to the Note below).
NOTE: In Console Server mode, Users and Administrators can use SDT Connector to set up secure Telnet connections that are SSH tunneled from
their client PC/workstations to the serial port on the console server. SDT Connector can be installed on Windows 2000, XP, 2003, Vista, and Windows 7 PCs and on most Linux platforms. You can also set up secure Telnet connections with a simple point-and-click.
To use SDT Connector to access consoles on the console server serial ports, you configure SDT Connector with the console server as a gateway, then configure it as a host. Next, you enable Telnet service on Port (2000 + serial port #) i.e. 2001–2002. Refer to Chapter 6 for more details on using SDT Connector for Telnet and SSH access to devices that are attached to the console server serial ports.
You can also use standard communications packages like PuTTY to set a direct Telnet (or SSH) connection to the serial ports (refer to the Note below).
NOTE: PuTTY also supports Telnet (and SSH), and the procedure to set up a Telnet session is simple. Enter the console server’s IP address as the
“Host Name (or IP address).” Select “Telnet” as the protocol and set the “TCP port” to 2000 plus the physical serial port number (that is, 2001 to 2002).
Click the “Open” button. You may then receive a “Security Alert” that the host‘s key is not cached. Choose “yes” to continue. You will then be presented with the login prompt of the remote system connected to the serial port chosen on the console server. Login as normal and use th e host serial console screen.
724-746-5500 | blackbox.com
29
1101 and 1102 Secure Device Servers
Figure 5-6. PuTTY Configuration screen.
PuTTY can be downloaded at http://www.tucows.com/preview/195286.html
SSH: We recommend that you use SSH as the protocol where the User or Administrator connects to the console server (or connects through the console server to the attached serial consoles) over the Internet or any other public network. This will provide authenticated SSH communications between the SSH client program on the remote user’s computer and the console server, so the user’s communication with the serial device attached to the console server is secure.
For SSH access to the consoles on devices attached to the console server serial ports, you can use SDT Connector. Configure SDT Connector with the console server as a gateway, then as a host, and enable SSH service on Port (3000 + serial port #) i.e. 3001-3002. Chapter 6—Secure Tunneling has more information on using SDT Connector for SSH access to devices that are attached to the console server serial ports. You can also use common communications packages, like PuTTY or SSHTerm to SSH connect directly to port address IP Address _ Port (3000 + serial port #), for example, 3001–3002.
SSH connections can be configured using the standard SSH port 22. Identify the the serial port that’s accessed by appending a descriptor to the username. This syntax supports: <username>:<portXX>
<username>:<port label>
<username>:<ttySX> <username>:<serial>
For a User named “fred” to access serial port 2, when setting up the SSHTerm or the PuTTY SSH client, instead of typing username = fred and ssh port = 3002, the alternate is to type username = fred:port02 (or username = fred:ttyS1) and ssh port = 22.
Or, by typing username=fred:serial and ssh port = 22. A port selection option appears to the User:
This syntax enables Users to set up SSH tunnels to all serial ports with only opening a single IP port 22 in their firewall/gateway.
30
724-746-5500 | blackbox.com
Figure 5-7. Port Selection option.
Loading...
+ 134 hidden pages