This document contains proprietary information that is protected by copyright. All rights reserved.
No part of this document may be photocopied, reproduced, or translated into another language
without express prior written consent of Raritan, Inc.
This equipment has been tested and found to comply with the limits for a Class A digital device,
pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection
against harmful interference in a commercial installation. This equipment generates, uses, and can
radiate radio frequency energy and if not installed and used in accordance with the instructions,
may cause harmful interference to radio communications. Operation of this equipment in a
residential environment may cause harmful interference.
VCCI Information (Japan)
Raritan is not responsible for damage to this product resulting from accident, disaster, misuse,
abuse, non-Raritan modification of the product, or other events outside of Raritan’s reasonable
control or not arising under normal operating conditions.
U
C
LI STED
1F61
US
L
I.T.E.
For assistance in North or South America, please contact the Raritan Technical Support Team
by telephone (732) 764-8886, by fax (732) 764-8887, or by e-mail
tech@raritan.com
Ask for Technical Support – Monday through Friday, 8:00am to 8:00pm, Eastern.
For assistance around the world, please see the last page of this guide for
regional Raritan office contact information.
Safety Guidelines
To avoid potentially fatal shock hazard and possible damage to Raritan equipment:
• Do not use a 2-wire power cord in any product configuration.
• Test AC outlets at your computer and monitor for proper polarity and grounding.
• Use only with grounded outlets at both the computer and monitor.
• When using a backup UPS, power the computer, monitor and appliance off the supply.
Rack Mount Safety Guidelines
In Raritan products that require rack mounting, follow these precautions:
• Operation temperature in a closed rack environment may be greater than room
temperature. Do not exceed the rated maximum ambient temperature of the appliances
(See Appendix A: Specifications).
• Ensure sufficient airflow through the rack environment.
• Mount equipment in the rack carefully to avoid uneven mechanical loading.
• Connect equipment to the supply circuit carefully to avoid overloading circuits.
• Ground all equipment properly, especially supply connections, such as power strips
(other than direct connections), to the branch circuit.
CONTENTSi
Contents
Preface.............................................................................................................................. xii
Help .................................................................................................................................................49
Standalone Raritan Serial Console Installation......................................................... 50
Standalone Raritan Serial Client Requirements........................................................ 50
Setting Windows OS Variables........................................................................................................51
Setting Linux OS Variables..............................................................................................................54
Setting UNIX OS Variables..............................................................................................................54
Installing Standalone RSC for Windows ................................................................... 55
Launching RSC on Windows Systems...................................................................... 56
Installing RSC for Sun Solaris................................................................................... 57
Launching RSC on Sun Solaris................................................................................. 58
The Dominion SX User Guide provides the information needed to install, set up and configure,
access devices such as routers, servers, switches, VPNs, and power strips, manage users and
security, and maintain and diagnose the Dominion SX secure console server.
Audience
The primary audiences for this guide are infrastructure administrators and installers who are
responsible for installing and setting up devices such as secure console servers. Other interested
audiences are operators and observers who use the Dominion SX to reach other devices.
Conventions
This guide uses the following conventions:
EXAMPLEDESCRIPTION
/usr/local/java
Enter
<ip address>
Monospaced text indicates file names, paths, directories, or screen text.
Menu items, Key words and Keyboard keys are bolded.
Monospaced, italicized text indicate where the user would substitute a
value in a command.
TACACS+ Terminal Access Controller Access Control System (PLUS)
TLS Transport Layer Security
UTC Universal Time Coordinated
VLAN Virtual Local Area Network
PREFACEXIII
ACRONYMMEANING
VPN Virtual Private Network
Notices
Important: cautionary information that warns of possible affects on the users,
corruption risks, and actions that may affect warranty and service coverage.
Note: general information that is supplemental to the text.
This page intentionally left blank.
CHAPTER 1:INTRODUCTION1
Chapter 1: Introduction
Dominion SX Overview
The Dominion SX Series of Serial over IP Console Servers offers convenient and secure, remote
access and control through LAN/WAN, Internet, or Dial-up modem to all networking devices.
The Dominion SX:
• Provides a non-intrusive solution for managing network elements and does not require any
installation of software agents on the target device.
• Connects to any networking device (servers, firewalls, load balancer, and so forth) through
the serial port and provides the ability to remotely and securely manage the device using a
Web browser.
Dominion SX is a fully configured stand-alone product in a standard 1U high 19” rack mount
chassis.
Figure 1 Dominion SX16 Unit
2DOMINION SXUSER GUIDE
Product Features
Comprehensive Console Management
• Remote Management: Access, monitor, administer, and troubleshoot up to 48 target devices
(depending on the model) via Secure Socket Shell (SSH), Telnet, Local Port or Web browser
with only one IP address.
• Direct Port Access via TCP/IP address per port; or one IP address and TCP Port numbers.
• Notification: Create notification messages by email alerts.
• Collaborative Management and Training: Access ports simultaneously; up to 10 users per
port at any time.
• SecureChat™: “Instant message” and other Secure Sockets Layer (SSL) users can securely
collaborate on device management, troubleshooting, and training activities.
• Get History: Get up to 256 KB (64KB on units with 64MB SDRAM; 256KB on units with
128MB SDRAM) of recent console history to assist with debugging.
• Supports VT100, VT220, VT 320, and ANSI terminal emulation.
• Up to a 5,000 line copy-paste buffer.
• Local port access.
• SNMP traps.
• SYSLOG.
• Logging to Network File System (NFS) Server.
• Comprehensive SNMP traps.
• Port alerts with keyword triggers.
• Three Levels of User Access:
oAdministrator: Has read and write access to the console window; can modify the
configuration of unit.
oOperator: Has read and write access to the console window; cannot modify the
configuration of unit (except own password).
oObserver: Has read-only access to the console window; cannot modify the configuration
of unit (except own password).
Strong Security and User-Authentication
• SSHv2 Support
• Encryption Security: 128-bit SSL handshake protocol and RC4 encryption.
• User Authentication Security: local database, remote authentication
• Supports RADIUS, TACACS+, LDAP, LDAP(S), Microsoft Active Directory, and NTP.
• Supports user-defined and installable security Certificates.
Reliable Connectivity
• Optional Modem Connectivity: For emergency remote access if the network has failed.
• Target Device Connectivity: Simplified RJ45-based CAT 5 cable scheme; serial port adapters
are available from Raritan.
• Local Access for “crash-cart” applications.
Simplified User Experience
• Telnet
• SSH
• Browser-based Interface: The new GUI provides intuitive access to target devices (click on
the appropriate button to select the desired target device).
• Upgrades: Built-in firmware upgrade capability through FTP and integrated with Command
Center (CC) and SSH.
CHAPTER 1:INTRODUCTION3
Package Contents
Each Dominion SX ships with the following:
• (1) Dominion SX unit with mounting kit (Rack-mount kit is optional on some units)
• (1) Raritan Dominion SX User Guide CD-ROM, which contains the installation and
operations information for the Dominion SX
• (1) Printed Dominion SX Quick Setup Guide
• (1) Power cord
• (1) Release Notes
• (1) Packing List page
• (1) RJ45 serial loop-back plug
• A DB9 Factory Reset Adapter for some units (Other units have a reset switch and do not
require an adapter).
4DOMINION SXUSER GUIDE
This page intentionally left blank.
CHAPTER 2:INSTALLATION5
Chapter 2: Installation
There are two ways of completing the initial network installation of the Dominion SX:
• Using a serial cable with a VT100/equivalent, such as a PC with HyperTerminal.
• Using Ethernet (with an installation computer).
This section describes the steps necessary to configure Dominion SX for use on a local area
network (LAN). The following table describes the factory default network settings that come with
the Dominion SX. After units are connected to the network, these factory default settings allow
you to configure the Dominion SX for normal use.
Table 1 Factory Default Network Settings
DEFAULT NETWORK SETTINGS
Internet Address (IP)192.168.0.192
Gateway Address 192.168.0.192
Subnet Mask 255.255.255.0
CSC Port Address 5000
Port Address for CC Discovery 5000
Username admin (all lowercase)
Password raritan (all lowercase)
Pre-Installation
Ensure that you have the correct cabling ready to connect to the serial consoles of the target
server (s) or other serially managed devices that provide a console port.
The following sections describe information that you must supply to complete the configuration
of the Dominion SX. Obtain all required configuration information prior to performing the
configuration steps. If you are uncertain of any information, contact your system administrator for
assistance.
Client Configuration
1. Disable Proxies in the installation computer Web browser.
Use “no Proxies” or temporarily add 192.168.0.192 to the list of URLs for which no proxy is
configured.
2. Enable Java Applet Execution in the installation computer Web browser for the console
client application (RSC).
3. Access the unit through your installation computer Web browser on the same subnet by
typing the URL https://192.168.0.192 into the address/location field.
6DOMINION SXUSER GUIDE
Hardware Installation
Figure 2 Rear Panel of the DSXA-32
Physical Installation of Dominion SX for Initial Configuration
1. Use a computer with a network card and crossover network cable. This computer will be
referred to as the ‘installation computer.’
2. Physically mount the unit in an ergonomically sound manner. The unit is designed to be
easily rack-mounted, and rack mounting is recommended.
3. Connect the crossover network LAN cable to the primary LAN connection (LAN 1 on
models with two Ethernet interfaces) on the back of the chassis.
4. Connect the other end of the network LAN cable to the network card in the installation
computer.
5. Connect the female end of the external power cord to the back of the chassis.
6. Connect the male end of the external power cord to the power supply outlet.
7. Power ON the Dominion SX unit.
Note: The unit will perform a hardware and firmware self-test then start the software boot
sequence, which takes a short time and is complete when the light turns on and remains
on.
After completion of the hardware and firmware self-test and the software boot sequence, perform
the initial configuration tasks using the Graphical User Interface (GUI) or the Command
Language Interface (CLI) as described in the following sections.
LED State
On the front panel of the Dominion SX unit, there exists a LED indicator right next to the model
name label. The LED indicator will blink blue in the following three cases:
1. Ethernet packets are received or transmitted.
2. Serial data are received or transmitted.
3. When watchdog timer is reset to 0. The LED blinks on a periodic basis as the watchdog
timer reaches a certain value, and then is reset to 0.
CHAPTER 2:INSTALLATION7
Initial Configuration Using the Graphical User Interface (GUI)
To initially configure the Dominion SX unit from the Graphical User Interface, follow the steps
below.
Network Access
1. Ensure that the installation computer has the route for 192.168.0.192 and that it can
communicate with IP address 192.168.0.192.
2. To check the route table in Windows, type the command route print in a Command
window on the installation computer. If 192.168.0.192 is on the gateway list, proceed to step
3. Otherwise, add 192.168.0.192 to the gateway list using the appropriate DOS or UNIX CLI
command:
• Windows 98/2000/NT system: route add 192.168.0.192
<INSTALLATION COMPUTER IP ADDRESS>.
[Example: route add 192.168.0.192 15.128.122.12
• UNIX (including Sun Solaris) system:
route add 192.168.0.192 <CLIENT_HOST IP ADDRESS> -interface.
3. Type ping 192.168.0.192. Go to step 4 if you receive a successful reply from the
Dominion SX unit. If an error occurs, verify that the default IP address is entered correctly
and that a route to that IP address exists.
4. Use the installation computer to connect to the unit by launching a browser and typing the
factory default IP address 192.168.0.192 in the Web browser’s address box.
5. The computer displays the security screens before you can log in.
6. If you click View Certificate on the Security Alert-Certificate screen a Certificate screen
appears.
Figure 3 Certificate Information
See Chapter 8: Security and Appendix C: Certificates for information about installing
certificates.
8DOMINION SXUSER GUIDE
The login screen appears after you finish viewing the security alerts and the Certification
Information screen.
Figure 4 DSX Login Screen
7. Log in with the default username admin and password raritan. Use all lowercase letters. A
Restricted Service Agreement Screen appears:
Figure 5 Restricted Service Agreement Screen
Note: Once you click Accept after login, the Dominion SX prompts you to change the
default password.
A Change Password screen appears:
Figure 6 Change Password Screen
8. Type a new secure password then retype it (Remember the new password).
9. Click OK.
10. Click Exit.
11. Log in again using your new password.
The Dominion SX Port Access Screen appears. (See
Chapter 3: Initial Software
Configuration)
CHAPTER 2:INSTALLATION9
Initial Configuration Using the Command Line Interface
To initially configure the Dominion SX unit from the Command Line Interface, follow the steps
below.
1. Connect the serial port of your Installation Computer to the Terminal serial port on your
Dominion SX. This port is a DB9-Male port on most models, except ALL dual-power dualLAN models, including DSXA-48, which have an RJ45 connector for a terminal port.
2. Open a terminal emulation program, such as HyperTerminal, to connect to the Dominion SX
unit. The serial communication parameters are 9600 bps, No parity, 8 data bits, 1 stop bit and
None flow control.
3. Power ON the Dominion SX.
4. Log in using the default username admin and the default password raritan when prompted.
Once logged in a prompt to change the password appears.
5. Type a new password, and then retype it (Remember this password).
A display will appear showing the Dominion SX unit’s status and serial channel ports.
Note: If the password entered does not follow the password rules, an error message will
appear as a warning. The user will then be logged out and need to start over again for
password setting.
Network Access
1. Ensure that the installation computer has the route for 192.168.0.192 and that it can
communicate with IP address 192.168.0.192.
2. To check the route table in Windows, type the command route print in a Command
window on the installation computer. If 192.168.0.192 is on the gateway list, proceed to step
3. Otherwise, add 192.168.0.192 to the gateway list using the appropriate DOS or UNIX CLI
command:
• Windows 98/2000/NT system: route add 192.168.0.192
<INSTALLATION COMPUTER IP ADDRESS>.
[Example: route add 192.168.0.192 15.128.122.12
• UNIX (including Sun Solaris) system:
route add 192.168.0.192 <CLIENT_HOST IP ADDRESS> -interface.
3. Type ping 192.168.0.192. Go to step 4 if you receive a successful reply from the
Dominion SX unit. If an error occurs, verify that the default IP address is entered correctly
and that a route to that IP address exists.
4. Use the installation computer to connect to the unit by launching a browser and typing the
factory default IP address 192.168.0.192 in the Web browser’s address box.
Set Date and Time
1. Type Configuration to change the unit’s configuration.
2. Type Time to select the Date / Time configuration.
3. Type Timezonelist and find the number code that corresponds to your time zone.
4. Type clock [tz timezone] [datetime datetime-string]. The following is an
In this example, 9 is the time zone code (Step 3) and “2007-02-05 09:22:33” the
date/time string in the format “YYYY-MM-DD HH:MM:SS” (quotes required).
Network Configuration
10DOMINION SXUSER GUIDE
1. Type Configuration to change the unit’s configuration.
2. Type Network to select the network configuration.
3. Type:
admin > Config > Network > interface enable true if lan1 ip
192.16.151.12 mask 255.255.255 gw 192.168.51.12
.Upon successfully entering the data, a report will display the new network configuration and you
will be prompted to reboot the unit.
4. Type yes to reboot the Dominion SX.
5. You can now remove the serial cable.
6. Reconnect from the installation computer browser to the Dominion SX using the new IP
address and password and proceed.
User Configuration
1. Type Configuration to change the unit’s configuration.
2. Type Users to select the user configuration.
To add a user group
Type
addgroup name <group name> class <class type> ports <n1,n2,n3...>
where <group name> is the name of the group and <class type> is
• Op for operator
• Ob for observer.
<n1,n2,n3...> is a list of port numbers this group has access to, separated by comas and no
spaces. You could configure port ranges using the same parameters as well, or use the wildcard
asterisk (*). For example:
•“config port 3-7 exitstring #0”(this disables exit strings for ports
3,4,5,6,7)
•config port * bps 115200 (this sets all ports to a communications speed of
115200 bps)
To add a user
1. Type
adduser user <user name> fullname <full name> group <group name>
password <password> info <information> dialback <dialback number>
active <status>
...
where <user name> is user’s login name,
<full name> is a user’s descriptive name (no spaces),
<group name> is the user’s assigned group,
<password> is the user’s password,
<information> is extra information (optional, no spaces),
<dialback number> is the user’s phone number (optional),
<status> is true or false, allowing the user to login or not.
2.Type top to return to the top level of the CLI menu.
CHAPTER 3:INITIAL SOFTWARE CONFIGURATION 11
Chapter 3: Initial Software Configuration
After the hardware installation, perform the initial software configuration. Do this by logging
onto the Dominion SX from either a browser or through a Command Line Interface (See Chapter 12: Command Line Interface for CLI information.)
Dominion SX Initial Software Configuration
1. Log on to the Dominion SX using your new password. A Port Access screen appears
according to your user type:
Figure 7 Dominion SX Port Access Screen for Operators/ Observers
Figure 8 Dominion SX Port Access Screen for Administrators.
2. Click the Setup tab. The Setup screen appears. It contains links to the Configuration and
Logging screens.
Figure 9 Setup Screen
12DOMINION SXUSER GUIDE
Important: After you complete each configuration task, you must return to the Setup tab to
perform the next configuration task.
Date / Time Configuration
1. Click the Date / Time in the Configuration section of the Setup Screen. The Date / Time
Configuration screen appears.
Figure 10 Date / Time Configuration Screen
2. Select the correct time zone from the UTC Offset drop-down menu.
3. Choose one of the following:
•User Specified Time – Click this radio button and enter the date and time manually
in the corresponding fields.
•Synchronize with NTP Server – Click this radio button and enter the IP address of a
Network Time Protocol (NTP) server in the Primary Time Server. If you have a
backup NTP server, enter its IP address in the Secondary Time Server field.
4. Type the Interface Name in the Interface field.
5. Click OK.
Note: Features such as certificate generation depend on the correct Timestamp, used to
check the validity period of the certificate. In addition, the Syslog and NFS logging
features also use the system time for time-stamping log entries.
After you click OK, the system displays one of the following screens:
• A confirmation screen, which contains the settings you chose and a confirmation message
at the top of the screen.
Date / Time Settings successfully applied.
• An error screen, which contains the original Date / Time screen and the error message.
ERROR: Date / Time Settings NOT successfully applied.
CHAPTER 3:INITIAL SOFTWARE CONFIGURATION 13
Network Configuration
1. Click Network in the Configuration section of the Setup screen. The Network Configuration
Screen appears.
Note: If you have a dual LAN model, there is an Eth Failover checkbox that is selected by
default, but can be turned off. The screen below represents a single LAN model and does
not show this checkbox.
Figure 11 Network Configuration Screen
Note: Your network administrator usually assigns the values for the following parameters:
2. Type the data in the following fields:
• IP Address: Network address for this unit
• Subnet Mask: Subnet mask for the network where this unit will reside
• Gateway IP Gateway: Default gateway for this unit
3. Select the Mode from the Mode drop-down menu.
4. Type the Domain Name in the Domain field.
5. Type your Unit Name in the Unit Name field.
6. In the Ports section:
• Type 5000 or another port number in the CSC Port field.
• Type 5000 or another port number in the Discovery Port field.
7. Click OK.
Dominion SX displays either a confirmation or error screen.
1. Click OK when the confirmation window appears. After the confirmation screen, Dominion
SX automatically disconnects to update the configuration then restarts.
2. Remove the crossover cable between the SX unit and your computer.
3. Connect one end of a straight-through Cat 5 cable to the SX.
4. Connect the other end of the cable to the network.
5. Use the newly assigned IP Address to access your SX unit.
14DOMINION SXUSER GUIDE
Deployment
1. You can remotely access the Dominion SX through a: LAN connection or a modem
connection (optional).
2. The Dominion SX can access target devices only through a serial connection.
LAN Connection
After the initial software configuration phase, configure the DSX unit for operation on the LAN.
1. Ensure that you have an Ethernet cable connected to the network for use with the unit.
2. Physically mount the unit in an ergonomically sound manner.
3. Connect the LAN cable to the primary LAN connection (LAN 1) on the back of the chassis.
If the unit has a failover module, connect the secondary network LAN connection (LAN 2).
4. Perform a quick connectivity check by connecting to the device using the Web browser.
5. Enter https://<IPAddress> in the address line, where <IPAddress> is the IP address of
the unit as previously configured.
The login display should appear verifying that the unit has been properly configured and
can be accessed from the network.
6. Log in with username admin and the password you created earlier.
7. From the Home page, click the Setup tab and select the various configuration options for
configuring the DSX and each console port.
Modem Connection (Optional)
To configure the DSX for a modem connection:
1. Connect a phone line to the modem port.
2. Write down the phone number for this line because it will be needed when you configure a
client for dialup networking.
See
Appendix E: Modem Configuration for more information.
CHAPTER 4:NETWORK SETTINGS AND SERVICES 15
Chapter 4: Network Settings and Services
This chapter explains how to configure the basic network settings for the DSX, and how to
configure the various access protocols (SSH, telnet, etc.) It also explains how to configure the
DSX for modem access, and how to enable IP forwarding and create static routes.
Configuring the Basic Network Settings
To configure the basic network settings and discovery ports, click the Setup tab, and then click
Network. The Network Basic Settings and Ports screen appears (
Figure 12).
Figure 12 Network Basic Settings and Ports Screen
Give the DSX a Name
To give the DSX unit a name to help identify it:
1. Type a name in the Unit Name field.
2. Click OK.
Configure the DSX’s Network Settings
To configure the network settings:
1. Type an IP address for the DSX in the IP Address field.
2. Type the subnet mask in the Subnet Mask field.
3. Type the IP address of the gateway router in the Gateway IP Address field.
4. Select the speed from the drop-down menu in the Mode field. Your choices are Auto
(default) or 100 Mbps.
5. Type your domain name in the Domain field.
6. Click OK.
16DOMINION SXUSER GUIDE
Change the Discovery Ports
The DSX has two discovery ports:
• TCP 5000 Common Socket Connection (CSC) discovery
• UDP 5000 Command Center (CC) discovery
If either of these ports is used by another application, you can change the discovery port number
in the DSX in the appropriate field and click OK.
Configuring the Network Service Settings
The table below indicates the default settings for the various network access services:
Service Default Setting
HTTP Enabled. The default port is 80. This can be changed.
HTTPS redirect is enabled by default. If HTTPS is also enabled, all HTTP
requests are automatically redirected to the HTTPS port (see below).
HTTPS Enabled. The default port is 443. This can be changed.
Encryption is set to SSL, but this can be changed to TLS.
Telnet Disabled for security reasons. This can be enabled and the port configured.
Local Port Access Enabled. The baud rate is set to 9600 bps, but this can be changed.
Direct Port Access Set to IP, but this can be changed to Normal or TCP port.
CHAPTER 4:NETWORK SETTINGS AND SERVICES 17
To change any of these network service settings:
1. Click the Setup tab, and then click Services. The Network Service Settings screen appears.
Figure 13 Network Service Settings
2. Make any necessary changes to the appropriate fields.
3. Click OK.
18DOMINION SXUSER GUIDE
Configuring Modem Access
You can access the DSX via a modem. To set this up:
1. Click the Setup tab, and then click Modem. The Modem Settings screen appears.
Figure 14 Modem Settings Screen
2. Click the checkbox labeled Enable Modem to enable modem access.
3. Type the IP addresses of the Point-to-Point (PPP) server in the PPP Server IP field. The
default is 10.0.0.1
4. Type the IP address of the PPP client in the PPP Client IP field. The default is 10.0.0.2.
5. If you want to enable modem dialback, click the Enable Modem Dial Back checkbox.
6. Click OK. Modem access is enabled.
Configuring IP Forwarding and Static Routes
You can enable IP forwarding. You can also create static routes if your DSX has two LAN ports
or is configured for modem access.
Enable IP Forwarding
To enable IP forwarding:
1. Click the Setup tab, and then click Static Routes. The Static Routes screen appears. It
consists of an Enable IP Forwarding panel and a Static Routes List.
2. Go to the IP Forwarding panel and click the checkbox labeled Enable IP Forwarding.
Figure 15 IP Forwarding Panel
3.Click OK. IP forwarding is enabled.
CHAPTER 4:NETWORK SETTINGS AND SERVICES 19
Add a New Static Route
To add a new Static Route:
1. Click the Setup tab, and then click Static Routes. The Static Routes screen appears. It
consists of an Enable IP Forwarding panel and a Static Routes List.
Figure 16 Static Routes List
2. Go to the Static Routes List and click Add New Route. The Static Route screen appears.
Figure 17 Static Route Screen
3. On a DSX with one LAN interface, LAN1 appears automatically in the Interface field. On a
DSX with two LAN interfaces, select the one you want from the drop-down menu In the
Interface field.
• LAN1 = eth0
• LAN2 = eth1
4. Type the IP address, subnet mask, and gateway of the destination host in the Destination,
Mask and Gateway fields.
5. Type the TCP maximum segment size (MSS) in bytes in the MSS field.
6. Type the TCP windows size for connections over this route in bytes in the Window field.
7. Type the initial round trip time (IRTT) for TCP connections over this route in
milliseconds(1-12000) in the IRTT field.
8. Select your route type from the Flags drop-down menu.
• Host means this route is for a host machine.
• Net means this route it for a subnet.
9.Click OK.
20DOMINION SXUSER GUIDE
Delete a Static Route
To delete a static route:
1. Click the Setup tab, and then click Static Routes. The Static Routes screen appears. It
consists of an Enable IP Forwarding panel and a Static Routes List.
2. Go the Static Routes List and click the checkbox next to the route you want to delete.
3. Click Delete. You are prompted to confirm the deletion.
4. Click OK. The route is deleted.
CHAPTER 5:USER PROFILES AND GROUPS 21
Chapter 5: User Profiles and Groups
This chapter explains how to create and manage user profiles and user groups.
Managing User Profiles
User profiles serve two purposes:
• To provide users with a username and password to log into the DSX
• To associate the user with a user group. The user group determines which system
functions and ports the user can access.
The DSX is shipped with one user profile built in. This is the admin user. This profile is
associated with the Admin user group, and has full system and port permissions. This profile
cannot be modified or deleted.
You can create as many other user profiles as necessary. You can create individual user profiles
for each person who will be logging into the DSX, or you can create a limited number of profiles
and allow more than one person to use each profile.
Display a List of User Profiles
1.To display a list of existing user profiles, click the User Management tab, and then click
User List. The User List screen appears (
Figure 18).
Figure 18 User List Screen
2. The User List screen shows every user profile created to date, and for each one gives the:
• Username
• Full name
• Dialback number (if one has been defined)
• User group
3. The User List screen also indicates whether the user profile is active or inactive.
Create a User Profile
To create a new user profile:
1. Click the User Management tab, and then click User List. The User List screen appears
(
Figure 18).
22 DOMINION SXUSER GUIDE
2.Click Add New User. The New User screen appears.
Figure 19 New User Screen
3. Type a login name in the Username field. This is the name the user enters to log into the
DSX. This field is required.
• You can enter any number of characters up to a maximum of 255.
• You can enter any printable character except “ > <
• The user name is case sensitive.
4. Type the user’s full name in the Full Name field. This field is required.
5. Type the user’s telephone number in the Dialback field. This field is optional.
6. Type any comments about the user profile in the Information field. This field is to help you
identify the profile. It is optional.
7. Type the password in the Password field, and then type it again in the Confirm Password
field. This field is required.
• You can enter any number of characters up to a maximum of 16.
• You can enter any printable character.
• The password is case sensitive.
Note: If the strong password feature is enabled, there are other password requirements.
Refer to Chapter 8 for details.
8.Select a user group from the drop-down menu in the User Group field. By default, the
Admin group is entered.
CHAPTER 5:USER PROFILES AND GROUPS 23
Tip: If the user group you want has not yet been created, you can create it and then return
to the user profile and select it. For now, keep the default.
9. Decide whether or not to activate this profile immediately. By default, the Active checkbox is
selected. To deactivate this account, clear this checkbox. You can return at any time and
activate the user when necessary.
10. Click OK. The user profile is created. It should appear in the User List screen.
Modify a User Profile
To modify an existing user profile:
1. Click the User Management tab, and then click User List. The User List screen appears
(
Figure 18).
2. Click the Username of the profile you want to edit. The Edit User screen appears. It looks
exactly like the New User screen (
Figure 19).
3. You can change any of the fields except the Username field.
4. For security reasons, the password is not displayed. To change the profile’s password, type a
new password in the Password and Confirm Password fields. If you leave these fields as is,
the password is unchanged.
5. Click OK when finished. The user profile is modified.
Delete a User Profile
To delete an existing user profile:
1. Click the User Management tab, and then click User List. The User List screen appears
(
Figure 18).
2. Click the checkbox to the left of the user profile you want to delete. You can select more than
one.
3. Click Delete. You are prompted to confirm the deletion.
4. Click OK. The selected user profiles are deleted.
Managing User Groups
User groups serve two purposes:
• To determine which system functions the users associated with a group are permitted to
perform
• To determine which ports the users associated with a group are permitted to access.
The DSX is shipped with one user group built in. This is the Admin user group. Users associated
with this group can perform all system functions and access all ports. This group cannot be
modified or deleted.
You can create as many other user groups as necessary.
24 DOMINION SXUSER GUIDE
Display a List of User Groups
To display a list of existing user groups, click the User Management tab, and then click User
Group List. The Group List screen appears (
Figure 20 Group List Screen
Figure 20).
The Group List screen shows every user group created to date, and for each one gives the group’s
name and class.
Create a User Group
To create a new user group:
1. Click the User Management tab, and then click User Group List. The Group List screen
appears (
Figure 20).
2. Click AddNew User Group. The New Group screen appears.
Figure 21 New Group Screen
3. Type a group name in the Group Name field.
• You can enter any number of characters up to a maximum of 255.
• You can enter all letters and numbers, as well as the underscore character (_)
• The user name is case sensitive.
4. Select the class from the drop-down menu in the Class field. Your choices are:
•Operator This is the default. Users associated with the Operator class have read/write
access to the console window, and cannot change any system configuration parameters
except their own password.
CHAPTER 5:USER PROFILES AND GROUPS 25
•Observer Users associated with the Observer class have read-only access to the
console window, and cannot change any system configuration parameters except their
own password.
5. Select the ports that the users associated with this group are permitted to access. You can
select all ports, or you can select any combination of individual ports.
6. Click OK. The user group is created. It should appear in the User List screen.
Modify a User Group
To modify an existing user group:
1. Click the User Management tab, and then click User Group List. The Group List screen
appears (
Figure 20).
2. Click the GroupName of the group you want to edit. The Edit Group screen appears. It
looks exactly like the New Group screen (
Figure 21).
3. You can change any of the fields except the Group Name field.
4. Click OK when finished. The user group is modified.
Delete a User Group
To delete an existing User Group:
1. Click the User Management tab, and then click User Group List. The Group List screen
appears (
Figure 20).
2. Select the checkbox to the left of the user group you want to delete. You can select more than
one.
3. Select Delete. You are prompted to confirm the deletion.
4. Click OK. The selected user groups are deleted.
26 DOMINION SXUSER GUIDE
CHAPTER 6:REMOTE AUTHENTICATION 27
Chapter 6: Remote Authentication
This chapter explains how to configure RADIUS, LDAP, and TACACS+ authentication.
Tip: If you are setting up remote authentication, it is a good idea to still keep local
authentication enabled. When an authentication request reaches the DSX, it looks to
authenticate the user remotely first, and then looks to authenticate the user locally.
Keeping local authentication enabled ensures that if remote authentication is
misconfigured or otherwise unavailable, you are not locked out or the DSX because you
can always be authenticated locally.
Configuring RADIUS
You can use Remote Dial-In User Service (RADIUS) to authenticate DSX users instead of local
authentication. To configure RADIUS:
1. Click the Setup tab, and then click Remote Authentication. The Remote Authentication
screen appears. It contains a RADIUS panel.
Figure 22 RADIUS Panel
2. In the RADIUS panel, click the RADIUS button to enable RADIUS authentication.
3. Under Primary Radius, type the following information:
• IP address of the RADIUS server
• Port the RADIUS server is listening on (default is 1812)
• Shared secret
4. If you have a backup RADIUS server, enter the same information in the Secondary Radius
fields.
5. Click OK. RADIUS authentication is enabled.
28 DOMINION SXUSER GUIDE
Configuring LDAP
You can use the Lightweight Directory Access Protocol (LDAP) to authenticate DSX users
instead of local authentication. To configure LDAP:
1. Click the Setup tab, and then click Remote Authentication. The Remote Authentication
screen appears. It contains an LDAP panel.
Figure 23 LDAP Panel
2. In the LDAP panel, click the LDAP button to enable LDAP authentication.
3. Under Primary LDAP, type the IP address of the LDAP server and the port it is listening on
(default is 389) in the IP Address and Port fields.
4. Type the root password to access the directory server/manager in the Secret field. The name
for this field depends on the Directory Server. For example, Microsoft Windows Active
Directory refers to the field as Password, while the SUN iPlanet directory server uses Secret.
5. Type the 'root' point to bind to the server in the Base DN field. This is the same as Directory
Manager DN (for example, BaseDn: cn=Directory Manager).
6. Type a string in the Query field. Make sure the same string is added as an attribute in the
Search field. For example, if the authorization query string is DominionSX, an attribute
named DominionSX must be added under the given domain specified by the Search field. On
top of that, a user group must have been created in DSX to map with the one in Windows
Active Directory for these configurations to work correctly.
7. Type the domain name where the search starts in the Search field. The Search field is the
sub-tree of the Base DN to direct the search to the path of the user information such as UID
and speed up search time.
In other words, it is the domain name. This is where the search starts for the user name. The
user name is created in this domain (for example, Search: dc=raritan, dc=com) to process
LDAP authentication queries from Dominion SX.
CHAPTER 6:REMOTE AUTHENTICATION 29
8.If you are using a modem to connect to the LDAP server, type a dialback string in the
Dialback Query String field.
9. If you have a backup LDAP server, enter the same information in the Secondary LDAP
fields.
10. Click OK. LDAP authentication is enabled.
Configuring TACACS+
You can use the Terminal Access Controller Access-Control System Plus (TACACS+) to
authenticate DSX users instead of local authentication. To configure TACACS+:
1. Click the Setup tab, and then click Remote Authentication. The Remote Authentication
screen appears. It contains a TACACS+ panel.
Figure 24 TACACS+ Panel
2. In the TACACS+ panel, click the TACACS+ button to enable TACACS+ authentication.
3. Under Primary TACACS+, type the IP address of the TACACS+ server and the port it is
listening on (default is 49) in the IP Address and Port fields.
4. Type the root password to access the directory server/manager in the Secret field. The name
for this field depends on the Directory Server. For example, Microsoft Windows Active
Directory refers to the field as Password, while the SUN iPlanet directory server uses Secret.
5. If you have a backup TACACS+ server, enter the same information in the Secondary
TACACS+ fields.
6. Click OK. TACACS+ authentication is enabled.
30 DOMINION SXUSER GUIDE
CHAPTER 7:PORT CONFIGURATION AND PORT ACCESS APPLICATION 31
Chapter 7: Port Configuration and Port Access
Application
Port configuration allows Administrators to define the serial/console port settings in order to
communicate with remote target devices.
Note: You can access the Raritan Serial Console (RSC) from the Port screen. See the
Raritan Serial Console section of this chapter for RSC information.
Port Keywords
You can create port keywords and associate them with:
• Events
• Local/remote syslog messages
• SNMP traps.
Port keywords work as a filter. If a keyword is detected, then and only then will a corresponding
message be logged in a local/NFS port log. A corresponding event will be sent via SMTP (if
configured) and corresponding trap will be sent via SNMP (if configured).
This is very useful for local/remote NFS logging, as it logs just the information you need and no
junk messages, thus providing ease of traceability.
Note: The SMTP notification (event.amp.keyword) is selected from the Event configuration
page.
1. Click the Setup tab, and then click Port Keywords. The Port Keywords screen appears.
Figure 25 Port Keywords Screen
2. Type a keyword in the Keyword field.
3. Type the Port(s) you want to associate with that keyword.
4. Click OK.
32 DOMINION SXUSER GUIDE
Port Configuration
To configure one or more ports:
1. Click the Setup tab, and then click Port Configuration. The Port Configuration screen
appears.
Figure 26 Port Configuration Screen
2. Select the port(s) you want to configure. You can select one port or several ports, so long as
the port configurations are all the same.
• To select specific ports, click the checkboxes to the left of the port numbers and then
click Edit.
•To select all ports, click Select All.
CHAPTER 7:PORT CONFIGURATION AND PORT ACCESS APPLICATION 33
The Edit Port screen appears.
Figure 27 Edit Port Screen
3. Make sure the port values match the target system’s serial port configuration for the first
three values.
• Select the Baud Rate from the Baud Rate drop-down menu.
Note: The minimum baud rate supported for local port access is 9600.
• Select the Parity Bits from the Parity Bits drop-down menu.
• Select the Flow Control from the Flow Control drop-down menu.
4. In the Detect field, indicate whether you want the Dominion SX to detect or not detect the
physical connection to the target. The default is Not detect. Change by selecting Detect
Physical Connection to the Target from the drop-down menu in the Detect field.
5. Type a command in the Exit Command field. This is the command that will be sent to your
system when a port disconnection occurs, for example, logout.
34 DOMINION SXUSER GUIDE
6.Select the escape mode. The default is None. Change as follows:
• Select Control from the drop-down menu in the Escape Mode field.
• Type the Escape Character. The default for the Dominion SX is ] (closed bracket ).
7. Select the terminal emulation type from the drop-down menu in the Emulation field. The
choices are:
• VT100
• VT220
• VT320
• ANSI
8. If you plan to use Direct Port Access (DPA), you must enter the DPA IP Address, as well as
one or both of the following:
• The port number, such as 7700, in the DPA SSH TCP Port field
• The port number, such as 8800, in the DPA Telnet TCP Port field .
9. Click OK.
Direct Port Access
To configure direct port access:
1. Click the Setup tab, and then click Services. The Network Service Settings screen appears.
The Direct Port Access Mode field is at the bottom of the screen.
Figure 28 Direct Port Access Mode Field
2. Go to the Direct Port Access Mode field. The default is Normal, which means disabled. To
enable DPA, select either IP or TCP Port from the drop-down menu.
3. Click OK to save this information. The screen displays the following message:
The system will need to be rebooted for changes to take effect.
4. Reboot now or reboot after completely configuring for DPA.
5. Click the Setup tab, and then click Port Configuration. The Port Configuration screen
appears. (
Figure 26).
6. Select the ports to configure for direct port access:
• To select specific ports, click the checkboxes to the left of the port number. You can
select more than one. When you have finished, lick Edit.
• To select all the ports, click Select All.
The Edit Port Configuration screen appears (
the screen.
Figure 27). The DPA fields are at the bottom of
7. Type the DPA IP address of the DSX, and the DPA ports used for SSH and Telnet in the
appropriate fields.
8. Click OK to save this information.
9. Reboot the DSX unit. This is necessary for the direct port access settings to take effect.
.
CHAPTER 7:PORT CONFIGURATION AND PORT ACCESS APPLICATION 35
Anonymous Port Access
Anonymous port access allows users to access DPA configured ports without entering a password.
To enable the feature:
1. Click the Security tab, and then click Login Settings. The Login Settings screen appears
(
Figure 54).
2. Make sure the Anonymous Port Access checkbox at the bottom of the screen is checked.
3. Click the User Management tab, and the click User Group List. The Group List appears
(
Figure 20).
Note: Refer to Chapter 5 for additional information about user groups.
4. Click Add New User Group. The New Group screen appears (Figure 21).
5. Type Anonymous in the Group Name field.
6. Select Observer from the drop-down menu in the Class field.
7. Select the ports for which you want anonymous port access in the Port Access field.
8. Click OK.
Important: The Dominion SX unit must be rebooted to apply new direct port access
settings.
Raritan Serial Console
Use the following steps to launch the Raritan Serial Client (RSC).
1. Select the Port Access tab.
Figure 29 Port Access Screen
2. Click on the Name of the port you want to access for the RSC, for example, Port1 or Port2.
Note: A Security popup screen appears only if you used https to connect to the RSC.
3. Click Yes. A Warning – Security popup screen appears.
4. Click Yes to access the Raritan Serial Client from the Port Screen.
Note: If you click Always, you will not receive the security screen for future access.
The Raritan Serial Console window appears. Refer to the Raritan Serial Client Interface section in
this chapter.
36 DOMINION SXUSER GUIDE
Raritan Serial Client Requirements for Java
The Raritan Serial Client (RSC) requires a minimum 1 GHz PC with 512 MB RAM. Java must
be installed to access targets (managed devices) before you can use the RSC.
Java Runtime Environment (JRE)
The RSC will function with JRE version 1.4.2_05 or later (except for JRE version1.5.0_02) .
However, for optimum performance, Raritan recommends using JRE 1.5.0 (except, of course for
1.5.0_02).
Depending on your operating system and browser, it is possible that you need to adjust some JRE
configurations to prevent problems with the system’s memory.
Note: Raritan does not support JRE version 1.5.0_02 for use with the RSC.
JRE provides configuration instructions with the JRE download. Determine the JRE version on
your system by going to the Java Web page at:
http://www.java.com/en/download/help/testvm.xml
IMPORTANT: When launching RSC from a browser, Raritan highly recommends that
Java Applet Caching be disabled and that you perform the following steps to make sure
that Java does not create problems for the system’s memory.
Java Applets and Memory Considerations
Usually, a browser based RSC does not need to make any changes to the Runtime parameters for
Java Applets. Do the following if you notice any “Out of Memory” errors happening when
executing RSC via a web browser:
• Change the Runtime settings for Java Applets.
• Use the following links to find out how to use Runtime settings in the Java Control
Important: The Raritan Serial Client (Console) Screen usually opens in a separate
window in back of the Port Screen. With some versions of Java on Windows, the
screen opens in front of the Port Screen.
Minimize the Port Access screen to access the Raritan Serial Console screen. The RSC contains
drop-down menus that provide the user with the ability to:
• Modify emulation settings such as fonts and window size.
• Manage the history of the session.
• Request Write Access to the port.
• Get a Write Lock on the port.
• Send a Break signal (used for Solaris servers).
• Get a list of users connected to this port.
• Edit text in the window.
• Manage client workstation-based logging of data from the target device.
• Send Keystroke (combinations).
• Send Text files.
• Send power commands to a Power Distribution Unit (PDU).
• Chat among other users on the same port.
• Get help.
Figure 31 Raritan Serial Client Window
CHAPTER 7:PORT CONFIGURATION AND PORT ACCESS APPLICATION 39
Emulator
1. Change the default user Idle Timeout setting before launching the RSC for the first time
or it will timeout in 10 minutes and display a host termination message. See the Security
section of the Dominion SX User Guide for changing the Idle Timeout setting..
2. Click on the Emulator drop-down menu to display a list of topics.
Figure 32 Emulator Drop-Down Menu
IMPORTANT: You must change the default user Idle Timeout setting on the Dominion
SX GUI before you begin using the RSC or it will timeout in 10 minutes and display a
host termination message. See the Security chapter of the Dominion SX User Guide for
changing the Idle Timeout setting.
Figure 33 Connection Terminated Warning
3.Change the default Idletimeout setting and then launch the RSC.
40 DOMINION SXUSER GUIDE
Note: If the RSC Idletimeout expires, the Dominion SX Idletimeout period begins.
Settings
Note: Terminal emulation settings are set with the port by an Administrator using the
Setup->Port Configuration menu.
1. On the Emulator menu, click Settings. The Settings screen displays the General tab with the
default settings.
Figure 34 General Settings Window
2.Accept the Main Menu Shortcut: default of None or choose one of the following from the
Main Menu Shortcut: drop-down menu.
• F10
• Alt
3. Accept the Show Confirmation Dialog on Exit default or uncheck it.
4. Accept the Terminal Size: default or choose a size from the Terminal Size: drop-down
menu.
5. Accept the Backspace Sends: default of ASCII DEL or choose Control-H from the
Backspace Sends: drop-down menu.
6. Accept the History Buffer Size: default of 200 or use the arrows to change the buffer size.
7. Accept the Cursor type: default of Block Cursor: or select Line Cursor.
8. Click Ok.
CHAPTER 7:PORT CONFIGURATION AND PORT ACCESS APPLICATION 41
Display Settings
1. Return to the Emulator menu, select Settings and then click the Display tab.
Figure 35 Display Settings Window
2. Click Default to accept the Default settings. Then click Ok to close the Display Settings
window; however, if you want to change the settings, perform the following steps:
3. Accept the Terminal Font Properties default of Arial or choose a font from the
Terminal Font Properties scrolling list.
4. Accept the Antialiase Font default or uncheck it.
5. If you want to change the size of the font, check the Lock Font Size box and choose a
font size from the Font size: drop-down menu.
42 DOMINION SXUSER GUIDE
6. Click on the GUI Font Properties tab and accept the default of Monospaced or choose a
font from the GUI Font Properties scrolling list.
Figure 36 Display Settings: GUI Font Properties
7. Choose the following from their drop-down menus:
• Foreground Color
• Background Color
8. Choose one of the following from the Encoding drop-down menu:
• US-ASCII
• ISO-8859-1
• ISO-8859-15
• UTF-8
9. Choose one of the following from the Language drop-down menu:
• English
• Bulgarian
• Japanese
• Korean
• Chinese
10. Click Ok to close the Display Settings window. If you changed the Language setting, the
RSC changes to that language when the Display Settings window is closed.
Note: In case of unrecognized characters or blurry screens that might appear when RSC is
launched due to localization support, please try changing the font to Courier New.
CHAPTER 7:PORT CONFIGURATION AND PORT ACCESS APPLICATION 43
Get History
History information can be useful when debugging, troubleshooting, or administering a target
device. The Get History feature:
• Allows you to view the recent history of console sessions by displaying the console
messages to and from the target device.
• Displays up to 256 KB (64KB only on models with 64MB SDRAM; 256KB available on
128MB SDRAM Models) of recent console message history. This allows a user to see
target device events over time.
When the size limit is reached, the text will wrap, overwriting the oldest data with the newest.
Notes: Verify the memory on your unit from the Maintenance->Configuration menu.
History data is displayed only to the user who requested the history.
To view the Session History, click Get History on the Emulator menu.
Clear History
To clear the history, click Clear History on the Emulator menu.
Get Write Access
Only Administrators and Operators can get write access. The user with Write Access can send
commands to the target device. Write Access can be transferred among users working in the
Raritan Serial Client via the Get Write Access command.
10. To enable Write Access, click Get Write Access on the Emulator menu.
• You now have Write Access to the target device.
• When another user assumes Write Access from you,
o The RSC displays a red block before Write Access in the status bar.
o A message alerting the user who currently has Write Access appears to tell that
user that another user has taken over access to the console.
Get Write Lock
1. To get write lock, click Get Write Lock on the Emulator menu.
2. If the Get Write Lock is not available, a request rejected message appears:
Write Unlock
To get Write Unlock, click Write Unlock on the Emulator menu.
Send Break
Some target systems such as Sun Solaris servers require the transmission of a null character
(Break) to generate the OK prompt. This is equivalent to issuing a STOP-A from the Sun
keyboard.
• Only users with Administrator privileges can send a break.
• Users who are Operator or Observers cannot send a break.
To send an intentional “break” to a Sun Solaris server:
1. Verify that you have Write Access. If not, follow the instructions in the previous section
to obtain write access.
2. Click Send Break on the Emulator menu.
A Send Break Ack (Acknowledgement) pop-up appears.
3. Click OK.
44 DOMINION SXUSER GUIDE
Connected Users
The Connected Users command allows you to view a list of other users who are currently
connected on the same port.
1. Click Connected Users to view the connected users on the Emulator menu.
Figure 37 Connected Users Window
11. A check mark appears in the Write Access column after the name of the User who has
Write Access to the console.
2. Click Close to close the Connected Users window.
Exit
1. Click Exit on the Emulator menu to close the Raritan Serial Console.
The Exit Confirmation screen appears.
2. Click Yes.
CHAPTER 7:PORT CONFIGURATION AND PORT ACCESS APPLICATION 45
Edit
Use the Copy, Paste, and Select All text commands to relocate and/or re-use important text.
Figure 38 Edit Commands - Copy, Paste, and Select All Text
Copy and Paste All Text:
1. Click Select All on the Edit menu.
2. Click Copy on the Edit menu.
3. Position the cursor at the location where you want to paste the text.
4. Click once to make that location active.
5. Click Paste on the Edit menu.
Note: Here are keyboard shortcuts that you can use to highlight, copy, and paste all or
partial lines of text:
- Click and drag your mouse over the text you wish to copy.
- Press CTRL and tap the C key to copy.
- Position the cursor where you want to paste the text and click in that location to make it
active.
- Press CTRL and tap the V key to paste.
The text copy limit in Raritan Serial Client is 9999 lines.
46 DOMINION SXUSER GUIDE
Tools
1. Click on the Tools drop-down menu to display a list of topics.
Figure 39 Tools Menu
CHAPTER 7:PORT CONFIGURATION AND PORT ACCESS APPLICATION 47
Start Logging
The Start Logging function allows you to collect raw console data from the target device and save
it to a file in your computer. When you start the RSC, the Logging indicator on the status bar
indicates whether logging is on or off.
1. On the Tools menu, click Start Logging.
2. Choose an existing file or provide a new file name in the Save RSC Log dialog box.
• When an existing file is selected for logging, data gets appended to the contents.
• Providing a new file name results in new file being created.
Figure 40 Start Logging Command Window
3. Click Save after selecting or creating a file.
Stop Logging
On the Tools menu, click Stop Logging. The logging stops.
48 DOMINION SXUSER GUIDE
Send Keystroke
1. On the Tools menu, click Send Keystroke.
A Send Keystroke screen appears:
Figure 41 Send Keystroke
2. Enter the keystroke combinations that you want and select a Key Code name from the dropdown menu.
3. Send the keystroke combinations.
Send Text File
1. On the Tools menu, click Send Text File.
A Send Text File screen appears:
2. Open the directory of the Text file.
3. Click on or enter the File Name of the Text file.
4. Click Open.
• As soon as you click the Open dialog box, it sends whatever file you selected directly to
the port.
• If there is a loopback plug inserted, you see the file displayed.
• If there is currently no target connected, then nothing will be visible on the screen.
Chat
When using browser access over SSL, an interactive chat feature called Chat provides you and
other users on the same port to communicate. You can conduct an online dialog for training or
collaborative diagnostic activities. The maximum length of a chat message is 300 characters.
Note: When a chat is initiated, a chat window appears on the monitors of all SSL users
logged on to the port. If a user is logged into a port multiple times, chat messages will not
be shown to the same user.
CHAPTER 7:PORT CONFIGURATION AND PORT ACCESS APPLICATION 49
To use Chat:
1. Click Chat on the Chat menu.
Figure 42 SecureChat Command and User Chat Window
2. Type a message in the Message text field.
3. Click Send or press ENTER to send the message.
4. Click Clear to delete the typed text, or click Close to exit and close the Message window.
Help
Help Topics include on-line assistance for operating the Raritan Serial Console, and release
information about Raritan Serial Console.
Help Topics
To Access Help Topics:
1. Click Help Topics on the Help menu.
2. Use the navigation bar on the right side of Table of Contents window to scroll to the
topic you need or click on the links.
3. Close this window when you are finished.
About Raritan Serial Console
The About Raritan Serial Console window displays the copyright and version information
(name and revision number) of the console terminal emulation software. When contacting Raritan
for technical support or when performing a software upgrade, you may be asked for this
information.
50 DOMINION SXUSER GUIDE
To Access ‘About’ Information:
1. Click About Raritan Serial Console on the Help menu.
An About Raritan Serial Console message appears on top of the Raritan Serial Console
drop-down menu:
Figure 43 Sample of the About Raritan Serial Console Window
2. Click OK to close the About Raritan Serial Console window.
Standalone Raritan Serial Console Installation
Note: You can download the Standalone Raritan Serial Client from the Raritan support
Web site: http://www.raritan.com/support
The standalone Raritan Serial Client (RSC) is used to make direct connections to the target
without going through the Dominion SX GUI application. The user specifies the Dominion SX
address and the port number (target) and then is connected.
The steps in this section install the standalone Raritan Serial Client (RSC).
Standalone Raritan Serial Client Requirements
The following requirements must be met to support the Raritan Serial Console:
• The RSC will function with JRE version 1.4.2_05 or later (except for JRE version
1.5.0_02) . However, for optimum performance, Raritan recommends using JRE 1.5.0
(except, of course for 1.5.0_02).
• Your system may require configuration adjustments depending on the operating system
and browser. The JRE provides configuration instructions with the JRE download.
Browse to the page at
the JRE version currently installed on your system.
If you do not have a compatible version of the JRE, go to
click the Download Now button.
http://www.java.com/en/download/help/testvm.xml to determine
http://www.java.com and
Note: Raritan does not support JRE version 1.5.0_02 for use with the RSC.
•Minimum 1 GHz PC with 512 MB RAM.
CHAPTER 7:PORT CONFIGURATION AND PORT ACCESS APPLICATION 51
• Ensure that Java can be started from the command line. To do this, environment variables
must be configured. Make a note of the exact path where Java was installed. (The path
information will be used later.)
Setting Windows OS Variables
1. Open the Start menu, and then open the Control Panel and choose System.
2. Go to Advanced and open Environment Variables.
Figure 44 Windows OS: System Properties
3. In the System variables section, click New.
4. In the New System Variable dialog, add JAVA_HOME to the Variable name block and the
path you wrote down earlier in the Variable value block.
52 DOMINION SXUSER GUIDE
5.Click OK.
Figure 45 Windows OS: New System Variable
6. Select the PATH variable and click Edit.
7. Add %JAVA_HOME%\bin to the end of the current Variable value. Ensure a
semicolon (;) separates the new value from the last value in the string.
CHAPTER 7:PORT CONFIGURATION AND PORT ACCESS APPLICATION 53
8.Click OK.
Figure 46 Windows OS: Edit System Variable
9. Select the CLASSPATH variable and click Edit.
Ensure the CLASSPATH Variable value is configured properly; that is, its value must have a
period(.) in it. If, for any reason, there is no CLASSPATH variable defined, create one.
Figure 47 Windows OS: CLASSPATH Variable
54 DOMINION SXUSER GUIDE
Setting Linux OS Variables
If you want to set Java for this user only, open and edit .profile file located in the
/home/Username folder.
If you want to set Java for all users, open .profile file in your /etc folder
set PATH = ($PATH /usr/local/java/j2re1.4.2_05/bin).
• These commands can either be typed at the terminal each time you log in, or you can add
them to your .bashrc for bash shell or .cshrc for csh or tcsh so that each time you log in,
the PATH is already set. See your shell documentation if you encounter problems.
Figure 48 Check JRE Version in Sun Solaris
3. If the JRE is version 1.4.2_05 or later, but not version 1.5.0_02 , proceed with the RSC
installation. If the version is older, go to the Sun Web site at:
download the latest Runtime Environment.
http://java.sun.com/products/ to
CHAPTER 7:PORT CONFIGURATION AND PORT ACCESS APPLICATION 55
Installing Standalone RSC for Windows
You must have administrative privileges to install RSC.
1. Log on to a Windows machine.
2. Download, or copy from a known location, the RSC-installer.jar installation file.
3. Double-click on the executable file to start the installer program. The splash screen appears.
4. Click Next. The installation path screen appears.
5. Change the path, if desired.
6. Click Next. The installation progress screen appears.
Figure 49 RSC Windows Install Progress Screen
56 DOMINION SXUSER GUIDE
7.Click Next. The Windows shortcut screen appears.
Figure 50 RSC Windows Shortcut Screen
8. Specify the desired Program Group for the Shortcut.
9. Click Next. The installation finished screen appears.
10. Click Done.
Launching RSC on Windows Systems
1.Double-click on the shortcut or use Start Programs to launch the standalone RSC. The
Raritan Serial Console Login connection properties window appears.
Figure 51 Standalone RSC Login Screen
CHAPTER 7:PORT CONFIGURATION AND PORT ACCESS APPLICATION 57
2. Enter the Dominion SX IP address, account information, and the desired target (port).
3. Click Start. The RSC opens with a connection to the port.
Figure 52 Standalone RSC Connected to Port Window
Note: In case of unrecognized characters or blurry screens that might appear in RSC
window due to localization support, please try changing the font to Courier New. Go to:
Emulator
GUI Font Properties.
Æ
Settings Æ Display, and select Courier New for Terminal Font Properties or
Installing RSC for Sun Solaris
You must have administrative privileges to install RSC.
1. Log on to your Sun Solaris machine.
2. Download, or copy from a known location, the RSC-installer.jar installation file.
3. Open a terminal window and change to the directory where the installer is saved.
4. Type java –jar RSC-installer.jar and press ENTER to run the installer.
5. Click Next after the initial screen loads.
58 DOMINION SXUSER GUIDE
6. The Set Installation Path screen appears.
a) Select the directory where you want to install RSC and click Next.
b) Click Browse to navigate to a non-default directory.
c) Click Next when the installation is complete.
d) Click Next again. The installation is complete. The final screen indicates where you will
find an uninstaller program, and allows the option of generating an automatic installation
script.
e) Click Done to close the Installation window.
Launching RSC on Sun Solaris
1. Open a terminal window and change to the directory where you installed the RSC.
2. Type ./start.sh and press ENTER to launch RSC.
3. Double-click on the desired device to establish a connection.
4. Type your Username and Password.
5. Click OK to log on.
CHAPTER 8:SECURITY59
Chapter 8: Security
There are a number of elements to consider when addressing security for console servers. The
following are some of the Security aspects:
• Encrypting the data traffic sent between the operator console and the DSX unit.
• Providing authentication and authorization for users.
• Logging data relevant to the operation so it can later be viewed for auditing purposes. In
some cases, this data is required for compliance with governmental or company
regulations.
• Encryption of port data log sent to a remote nfs server.
• Security profile
• “Man in the Middle”
The Security function provides the Dominion SX administrator with the following tools:
• Specify login authentication and handling parameters.
• Kerberos settings.
• Certificate specifications.
• Banner to be displayed.
• Security profile management.
• Manage firewall rules.
Security Settings
Select the Security tab to bring up the security-related tools. The Security Settings screen
appears.
Figure 53 Security Settings Screen
60 DOMINION SXUSER GUIDE
Login Settings
Click LoginSettings on the Security Settings screen to access the Login Settings screen, which
contains the Local Authentication, Login Handling, and Strong Password Settings panels..
Figure 54 Login Settings Screen
Local Authentication
1. Go to the Local Authentication panel and click the Enable Local Authentication checkbox.
2. The system displays these defaults in the following fields:
• Inactive Login Expiry (days): 330
• Invalid Login Retries: 3
• Lockout Period on Invalid Login (minutes): 5
3. Accept the system defaults or type your own.
Login Handling
1. Go to the Login Handling panel and enter a value in the User Idle Timeout (minutes) field.
This is the length of inactive time, after which the user is timed out. Default is to 0, which
effectively disables this feature.
2. To enable single login only, click the Single Login per User checkbox. Only one user can
log in at a time using the same profile.
3. Click the Anonymous Port Access checkbox to turn this feature on. An Anonymous User
Group is created by default and it can’t be deleted even by the Administrator. It is visible/not
visible in Group List if Anonymous Port Access is unchecked/checked.
Note: Refer to Chapter 7 for additional information about anonymous port access.
CHAPTER 8:SECURITY61
Strong Password Settings
To enable strong passwords, go to the Strong Password panel and select the requirements for a
strong password. This includes maximum and minimum length and special character
requirements.
Configure Kerberos
Figure 55 Kerberos Settings
1. Click Enable Kerberos.
2. Type the name of the file you want for your Hosts File in the Hosts File field or click on the
Browse drop-down menu and select your file.
3. Type the name of the file you want for your Kerberos Configuration File in the Kerberos
Configuration File field or click on the Browse drop-down menu and select your file.
4. Type the name of the file you want for your Kerberos Keytab File in the Kerberos Keytab
File field or click on the Browse drop-down menu and select your file.
5. Click OK.
Certificates
The Certificate feature allows you to generate a Certificate Signing Request (CSR), install a user
key on the DSX, and install a user certificate on the DSX.
62 DOMINION SXUSER GUIDE
Generate a Certificate Signing Request
To generate a Certificate Signing Request (CSR):
1. Click the Security tab, and then click Certificate. The Certificate screen appears.
Figure 56 Certificate Signing Request
2. Click the checkbox labeled Generate a Certificate Signing Request.
3. Click on the drop-down menu in the Bits field. Keep the 1024 default or change it to 512.
4. Type the following in the corresponding fields:
• Name
• Country
• State
• Locality
• Unit
• Email address
5. To view the default certificate or the CSR, click the appropriate radio buttons.
6. Click OK. The CSR is generated.
CHAPTER 8:SECURITY63
Install a User Key
To install a user key on the DSX:
1. Click the Security tab, and then click Certificate. The Certificate screen appears.
Figure 57 Install User Key
2. Click the checkbox labeled Install User Key.
3. Type the following information in the corresponding fields:
• The IP address of the host with the key
• A login and password on the host
• The path and name of the file containing the key
6. Click OK.
Install a User Certificate
To install a user certificate on the DSX:
1. Click the Security tab, and then click Certificate. The Certificate screen appears.
Figure 58 Install User Certificate
64 DOMINION SXUSER GUIDE
2. Click the checkbox labeled Install User Certificate.
3. Type the following information in the corresponding fields:
• The IP address of the host with the certificate
• A login and password on the host
• The path and name of the file containing the certificate
4. Click OK.
SSL Client Certificate
SSL Security certificates are used in browser access to ensure that the device that you are
attached to is the device that is authorized to be connected. See
details on SSL Certificates. This section describes only how to configure the certificates, but you
can find additional SSL Certificate information at:
2. Click OK to enable the Client Certificate authentication.
Installing a New Trusted Certificate Authority
To install a new trusted Certificate Authority (CA) to the DSX, the CA certificate must be on an
accessible FTP server.
1. Click Install Certificate Authority.
2. Fill in the data needed to retrieve the certificate from the FTP server.
3. Click OK to retrieve and install the CA certificate to the DSX.
Removing a User-Added Certificate Authority
To remove a user-added CA from the DSX:
1. Click Remove Certificate Authority.
2. In the CA Name field, type the name that was specified when the CA certificate was
added.
3. Click OK to remove the certificate.
Viewing a Certificate Authority
To view a CA:
1. Click View Certificate Authority.
2. In the CA Name field, type the name of the CA you want to view.
3. Click OK to retrieve the list of CAs.
Managing the Client Certificate Revocation List (CRL)
The DSX comes with VeriSign and Thawte CA certificates and CRLs preinstalled. If a user adds
a custom CA to the DSX, a corresponding CRL should be added to keep track of revoked
certificates. For the CRL to be automatically retrieved when expired, it should be retrievable from
a web server that the DSX can connect to.
Adding a New Certificate Revocation List to the DSX
To add a new CRL to the DSX, the CRL list must be on an accessible FTP server.
1. Click Add Certificate Revocation List.
2. Fill in the fields to access the FTP Server.
• The CRL Name field should match the name that was used to add the CA.
• The URL field should be the numeric dot notation of the IP address of the HTTP
server.
3. Click OK to add the CRL.
Deleting a Certificate Revocation List from the DSX
To delete a CRL from the SX:
1. Click Delete Certificate Revocation List.
2. In the CRL Name field, type the name of the CA this CRL belongs to.
3. Click OK to delete the CRL.
CHAPTER 8:SECURITY67
Viewing a Certificate Revocation List
To view a CRL:
1. Click View Certificate Revocation List.
2. Click OK to retrieve the list of CRLs.
Banner
Dominion SX optionally supports a customizable (maximum 5000 words, 8 words per row)
welcome banner that is displayed after login. The banner identifies where the user has logged
into. In addition, there is the ability to add a consent banner that forces the user to accept the
stated conditions prior to advancing into operation of the console server.
Figure 60 Banner Screen
1. Check one of the following fields.
• Display Restricted Service Banner
• Require Acceptance of Restricted Service Banner
2. Check one of the following fields:
• Restricted Service Banner Message
• Restricted Service Banner File
3. If you selected Restricted Service Banner File, click on the Browse drop-down menu
4. Locate and select the file that contains the Restricted Service Banner message you want to
display on the DSX login screen.
5. Click OK.
68 DOMINION SXUSER GUIDE
Security Profiles
The DSX provides three security profiles that you can use. They simplify the assigning of
permissions to users and groups by defining basic permissions that automatically apply to all
users.
About Security Profiles
The three security profiles are:
• Standard ─ Custom defaults
• Secure ─ All functions in Custom are checked
• Custom ─ Can be configured by a user
If you enable the Standard or Secure profiles, you cannot enable/disable manually any of the
features they include. You have to disable the profile in order to make those changes.
If a profile is disabled, the features in the profile keep the states they had when the profile was
enabled. For example, if the default TLS Required feature is unchecked, and you enable the
Secure profile, this feature becomes checked. When you disable the Secure profile, the TLS Required feature remains checked.
Select a Security Profile
To select a security profile:
1. Click the Security tab, and then click Security Profiles. The Security Profiles screen
appears.
Figure 61 Security Profiles
2. Click the checkbox labeled Enable Security Profile.
3. Select the profile from the drop-down menu in the Profile field.
4. Click OK.
Edit the Custom Profile
To edit the Custom profile:
1. Click the Security tab, and then click Security Profiles. The Security Profiles screen
appears.
CHAPTER 8:SECURITY69
2.Click the Edit Custom Profile link. The Edit Custom Security Profile screen appears.
Figure 62 Edit Custom Security Profile Screen
3. Check one or all of the following fields.
• Telnet Access
• Strong Password Required
• Single Login Per User
• Timeout Required
• TLS Required
• Redirect HTTP to HTTPS
4.Click OK.
70 DOMINION SXUSER GUIDE
Firewall
The DSX provides a firewall function to provide protection for the IP network and to control
access between the internal router and the LAN 1, LAN 2 and the dial modem interfaces.
Enable the Firewall
To enable the firewall:
1. Click the Security tab, and then click Firewall. The Firewall Screen appears. The Firewall
screen displays the existing IPTables rules.
Figure 63 Firewall Screen
2. Click the check box labeled Enable Firewall.
3. Click OK.
Note: When you enable IP forwarding for Dual LAN units, use IPTables rules to create
policies for traffic being forwarded between LAN interfaces
Add an IPTables Rule
To add an IPTables rule:
1. Click the Security tab, and then click Firewall. The Firewall Screen appears. The firewall
screen displays the default IPTables rules.
2. Go to the Add/Delete IP Tables Rule field and enter a rule.
3. Click Apply, and then click Save. The rule is displayed on the screen.
4. Delete some or all of the default rules if you choose.
5. Add new rules if you choose.
Note: Rules are added using the IP Tables command to the kernel. These rules take effect
immediately but persist permanently only after clicking the Save button.
Note: If there is a mistake in the rules and as a result, the unit becomes inaccessible, the
Save action allows you to recover from the mistake. Reboot the system. If you do not Save
the rules, you lose them in the reboot.
CHAPTER 9:LOGGING71
Chapter 9: Logging
This chapter explains how to enable and configure the various DSX logs.
Configuring Local Event Logging
To configure the local log settings, click the Setup tab, and then click Log. The Log Settings
screen appears. It contains a number of individual logging panels.
Enable the Event Log File
This feature enables event log messages to be stored locally on the DSX unit. To set this feature
up:
1. Go to the Event Log panel and click the Enable Event Log File checkbox. (To turn this
feature off, clear this checkbox.).
Figure 64 Event Log Panel
2. Select the log file style in the Style field. This determines how the file reacts when the
maximum file size is reached. Your choices are:
•Wrap This causes the log file to circle around to the beginning when the end of the file
is reached.
•Flat This causes logging to stop when the end of the file is reached.
3. Enter the maximum size of the file in the Size field. The default is 65535 bytes.
4. Click OK.
Enable System Logging
This feature sends event log messages to a remote Syslog server. The messages from the
Dominion SX unit are sent to the LOCAL0 channel of the Syslog server for more efficient
parsing. To set this feature up:
1. Go to the System Logging panel and click the Enable System Logging checkbox. (To turn
this feature off, clear this checkbox.)
Figure 65 System Logging Panel
2. Type the IP address of the remote Syslog server in the Primary IP Address field.
3. If you have a backup Syslog server, types its IP address in the Secondary IP Address field.
72 DOMINION SXUSER GUIDE
4.Click OK.
Enable Port Logging
You need to configure port logging after you have enabled NFS logging (see “Configuring NFS
Logging” below).
This feature enables port data to be logged to a Network File System (NFS) server. This allows
you to save and access the log files over a network.
NFS supports file sharing, which means you can store the files on the network that you want other
people to access, while keeping your secure files on the DSX unit. NFS stores the port sessions as
viewed by the user, as well as adding messages when a user connects to or disconnects from a
port.
To set up port logging:
1. Go to the Port Logging panel and click the Enable Port Logging checkbox. (To turn this
feature off, clear this checkbox.)
Figure 66 Port Logging Panel
2. Type the prefix to the port data file's name on the NFS server in the Prefix field.
3. Type the maximum file size allowed in the Size field. Once this size is reached, a new file is
created to store the port log data. If you enter a value of 0, the DSX will not create a new file.
4. Type the time interval (in seconds) between two timestamp messages in the log file in the
Timestamp (Interval) field. If you enter a value of 0, this will disable timestamps in the log
file. The maximum value is 99999. This field is optional.
5. Type the time interval (in seconds) between two updates of the port log file in the NFS
Update Frequency (seconds) field. Data is buffered until the internal buffer is full or this
timestamp occurs. Then the data is written to the file. This prevents severe network traffic on
port activity where every character would trigger a write to the NFS server.
6. Type the subdirectory on the configured NFS server to write the output port data to in the
Out Directory field. This is the default log file and contains the port sessions as visible to the
user.
7. Click OK.
Figure 67 shows an example of an output file.
CHAPTER 9:LOGGING73
Mon Nov 06-2006 13:46:20 -------- admin connected to port-------Mon Nov 06-2006 13:46:21 -------- admin got write access -------Password:
Authentication failure.
Username: admin
Password:
Authentication successful.
Mon Nov 06-2006 13:46:47 -------- admin disconnected from port --------
Figure 67 Sample Output File
74 DOMINION SXUSER GUIDE
Configure Input Port Logging
To enable input port logging:
1. Go to the Input Port Logging panel and click the Enable Input Port Logging checkbox. (To
turn this feature off, clear this checkbox.)
Figure 68 Input Port Logging Panel
2. Type a directory for input in the In Directory field.
3. Click OK.
Configuring Encryption
To configure encryption:
1. Go to the Encryption panel and click the Encryption checkbox. (To turn this feature off,
clear this checkbox.)
Figure 69 Encryption Panel
2. Accept the default encryption key or type a new one in the NFS Encryption Key (RC4)
field.
3. Click OK.
CHAPTER 9:LOGGING75
Configuring SMTP Logging
To configure SMTP logging, click the Setup tab, and then click Events. The SMTP Logging
screen appears. This screen contains and SMTP Settings panel and a New SMTP Event panel.
Enable SMTP Logging
To enable SMTP logging:
1. Go to the SMTP Settings panel and click the Enable SMTP Server checkbox to enable SMTP
logging.
Figure 70 SMTP Settings Panel
2. Type the IP address of the SMTP server in the SMTP Server IP Address field.
3. Type the username and password in the Username and Password fields. These are required
to access the SMTP server.
4. Type your source address in the Source Address field.
5. Click OK.
Select a New SMTP Event
To select a new SMTP event:
1. Go to the New SMTP Event panel and select the new event in the Event field.
Figure 71 New SMTP Event Panel
76 DOMINION SXUSER GUIDE
Available events include:
• event.amp.notice.port.connection
• event.amp.notice.user.logoff
• event.amp.notice.backup
• event.amp.notice.restore
• event.amp.notice.config.directaccesslockout
• event.amp.notice.reboot
• event.amp.notice.boot
• event.amp.notice.config.datacom
• event.amp.notice.config
• event.amp.notice.upgrade
• event.amp.keyword
• event.amp.strongpasssword
• event.amp.banner
• event.amp.firewall
• event.amp.iptablesaved
• event.amp.security.clientauth
• event.amp.security.clientcert.ca
• event.amp.security.clientcert.crl.expired
• event.amp.security.clientcert.crl.updated
2. Type the email address to send the event in the Destination field.
3. Click OK.
Test the SMTP Logging
It is important that the SMTP server information be accurate so that the Dominion SX unit can
send messages using that SMTP server.
To verify that the information is correct and working:
1. Send a test email by selecting an event such as:
event.amp.notice.port connection.
2. Connect to a port and see if the message is received by the intended email target. If there are
problems, contact your SMTP administrator to make sure your SMTP server IP address and
authorization information are correct.
Configuring NFS Logging
Network File System (NFS) logging allows you to log all port activity to an NFS shared
directory. All user activity and user port logins and logouts are logged. There are two log files:
• Input Records all input (keystrokes) from users.
• Output Contains all the messages that come from the server into the console server.
This includes all user input that is echoed back from the managed device/server.
You must also enable port logging. For more information on port logging, see “Enable Port
Logging” above.
CHAPTER 9:LOGGING77
Note: The NFS server must have the exported directory with write permission for the port
logging to work.
To configure NFS Logging:
1. Click the Setup tab, and then click NFS. The NFS Settings screen appears.
Figure 72 NFS Settings Screen
2. Click the Enable NFS checkbox to enable NFS logging.
3. Type the IP address of the NFS server in the Primary IP field, and then enter the path to the
log file in the Primary Directory field.
4. If you have a backup NFS server, enter the same information for this server in the Secondary
IP field and Secondary Directory fields. If the primary server fails, port logging is
redirected to the secondary server.
5. Click OK.
78 DOMINION SXUSER GUIDE
Configuring SNMP Logging
The DSX supports Simple Network Management Protocol (SNMP) traps and logging.
Enable SNMP Logging
To enable SNMP logging:
1. Click the Setup tab, and then click SNMP. The SNMP screen appears.
2. Go to the SNMP Setting panel and click the Enable SNMP checkbox to enable the SNMP
feature.
Figure 73 SNMP Settings Panel
3. Type an SNMP public community in the Public Community field. The default is Public.
The public community determines which SNMP management stations receive SNMP alerts.
4. Click OK.
Create a New SNMP Destination
SNMP destinations determine which SNMP management stations receive SNMP traps. To create
a new SNMP destination:
1. Go the SNMP Destination panel and type the IP address of the new destination in the IP
Address field.
Figure 74 SNMP Destination Panel
2. By default, the new destination will use the standard SNMP port of 162. You can change this
to another port, if you wish, by entering a different port number in the Port field.
3. Click OK.
Note: To display the SNMP Management Information Base (MIB), click the View SNMPMIB link in the SNMP Settings panel (Figure 73).
CHAPTER 10:MAINTENANCE79
Chapter 10: Maintenance
The Dominion SX maintenance features presented in this chapter allow the administrator perform
the following tasks:
• Manage event logs.
• View configuration report.
• Backup and restore the SX unit settings.
• Upgrade firmware and track upgrade history.
• Reset to factory default settings.
• Reboot the unit.
Managing the Local Event Log
The DSX allows you to display the contents of the event log, clear the log, and send the log to a
remote FTP server
Display the Local Event Log
To display the contents of the local event log, click the Maintenance tab, and then click View
Event Log. The event log is displayed.
Figure 75 shows a typical event log.
Figure 75 Event Log
Note: If the number of events in the log exceeds the size of one screen, a Next link is added
under “Event Log” at the top of the screen to display the next page.
For each event, the log gives the date and time the event was logged and a brief description. The
following are typical events:
Feb 5 12:55:23 DominionSX DomSX: DominionSX notice SXRebootCompleted
Feb 5 12:55:25 DominionSX DomSX: DominionSX notice SXSystemReady
Feb 1 16:30:35 DominionSX DomSX: DominionSX notice SXSettingSaved User Elaine
changed configuration for Logging
Clear the Event Log
To clear the event log:
1. Click the Maintenance tab, and then click Clear Event Log. You are prompted to confirm
the clear action.
2. Click Yes. The log is cleared of all contents. (If you change your mind, click No.)
80 DOMINION SXUSER GUIDE
Send the Event Log
To send the contents of the event log to a remote FTP server:
1. Click the Maintenance tab, and then click Send Event Log. The Send Event Log screen
appears.
Figure 76 Send Event Log Screen
2. Enter the IP address of the FTP server in the IP address field.
3. Enter a login name and password on the FTP server in the Login and Password fields. This
is necessary to access the FTP server.
4. Enter the path to the location where the event log will be stored in the Remote Path field.
5. Enter the name of the file to store the event log in the Remote File field.
6. Click Send.
Displaying a Configuration Report
The Configuration Report is a report that provides detailed information about the DSX unit. To
display the report, click the Maintenance tab, and then click Configuration Report. The report
shows:
• Version and firmware information
• Port settings
• User and group settings
• HTTP, HTTPS, SSH and Telnet ettings
• RADIUS, LDAP, TACACS+, and Kerberos settings
• Local authentication settings
• Other settings
CHAPTER 10:MAINTENANCE81
Backing Up and Restoring the DSX
When you back up the DSX, the system makes a copy of the DSX configuration (without
network settings) and writes the copy to an FTP server. The file can be recovered using a Restore
operation, if necessary.
Backing Up the DSX
To back up the DSX unit:
1. Click the Maintenance tab, and then click Backup. The Backup screen appears.
Figure 77 Backup Screen
2. In the IP Address field, type the IP address of the target FTP server where the backup will be
written.
3. In the Login field, type the login name of the account on the system where the backup will be
stored.
4. In the Password field, type the password of the account on the system where the backup will
be stored.
5. In the Remote Path field, type the path to the backup file.
6. In the Remote File field, type the name of the file in which the backup will be saved.
7. Click OK.
82 DOMINION SXUSER GUIDE
Restoring the DSX
Restoring the DSX retrieves a copy of the DSX configuration from the FTP server where it has
been backed up and writes the file to the DSX. To perform a restore operation
1. Click the Maintenance tab, and then click Restore. The Restore screen appears.
Figure 78 Restore Screen
2. In the IP Address field, type the IP address of the source FTP server system from which the
restore data will be retrieved.
3. In the Login field, type the login name of the account on the system where the restore data
will be stored.
4. In the Password field, type the password of the account on the system where the restore data
will be stored.
5. In the Remote Path field, type the path to the restore file.
6. In the Remote File field, type the name of the file in which the restore will be saved.
7. Click OK.
Upgrading the DSX Firmware
You can display the version of the firmware currently running on the DSX, upgrade the firmware
to a later version, and display a history of firmware upgrades.
Loading...
+ hidden pages
You need points to download manuals.
1 point = 1 manual.
You can buy points or you can get point for every manual you upload.