StarTech.com ECS0016 User Manual
Enhanced Console Server
ECS0016
FCC Compliance Statement
This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to part 15 of the FCC Rules. These limits are designed to provide reasonable
protection against har mful interference in a residential installation. This equipment generates,
uses and can radiate radio frequency energy and, if not installed and used in accordance with
the instructions, may cause harmful interference to radio communications. However, there is
no guarantee that interference will not occur in a particular installation. If this equipment does
cause harmful interference to radio or television reception, which can be determined by turning
the equipment off and on, the user is encouraged to try to correct the interference by one or
more of the following measures:
Reorient or relocate the receiving antenna.•
Increase the separation between the equipment and receiver.•
Connect the equipment into an outlet on a circuit different from that to which the receiver •
is connected.
Consult the dealer or an experienced radio/TV technician for help.•
Use of Trademarks, Registered Trademarks, and other Protected Names and Symbols
This manual may make reference to trademarks, registered trademarks, and other protected
names and/or symbols of third-party companies not related in any way to StarTech.com. Where
they occur these references are for illustrative purposes only and do not represent an endorsement of a product or service by StarTech.com, or an endorsement of the product(s) to which
this manual applies by the third-party company in question. Regardless of any direct acknowledgement elsewhere in the body of this document, StarTech.com hereby acknowledges that all
trademarks, registered trademarks, service marks, and other protected names and/or symbols
contained in this manual and related documents are the property of their respective holders.
Instruction Manual
Instruction Manual
Table of Contents
Introduction .................................................................................... 1
Features ......................................................................................1
Package Contents .......................................................................1
Initial Configuration ....................................................................... 2
Power Connection .......................................................................2
Management Console Connection ............................................... 3
ARPPing IP Address Assignment................................................4
Administrator Password ............................................................... 6
Network IP address .....................................................................7
System Services ..........................................................................8
HTTPS .........................................................................................9
HTTP ...........................................................................................9
Telnet ........................................................................................... 9
SSH .............................................................................................9
SNMP ..........................................................................................10
Ping .............................................................................................10
Base ............................................................................................10
Communications Software ...........................................................11
MetaConnect ...............................................................................11
Applications & Database Servers ................................................11
Web Server ..................................................................................11
Desktop PCs................................................................................11
Network Appliance ......................................................................11
PuTTY .........................................................................................12
SSHTerm .....................................................................................13
i
Instruction Manual
Serial Port and Network Host Configuration............................... 13
Configuring Serial Ports ..............................................................13
Common Settings ........................................................................15
Console Server Mode ..................................................................16
SDT Mode ...................................................................................20
Power Strip Mode ........................................................................20
Terminal Server Mode ................................................................. 20
Serial Bridging Mode ...................................................................21
Syslog ..........................................................................................21
Add / Edit Users...........................................................................22
Authentication ..............................................................................24
Network Hosts .............................................................................25
Serial Port Cascading ..................................................................27
Remote Power Control (RPC) .................................................... 32
Uninterruptible Power Supply Control (UPS) ...............................36
Overview of Network UPS Tools (NUT) ......................................43
Environmental Monitoring ............................................................45
Failover and Out-of-Band Dial Access ........................................ 50
OoB Dial-In access ......................................................................50
Configure Dial In PPP..................................................................51
Using The MetaConnect client ....................................................53
Set up Windows XP/ 2003 client..................................................53
Set up earlier Windows clients ....................................................53
Set up Linux clients .....................................................................54
Secure Tunneling & MetaConnect ................................................ 56
Telnet or SSH connection to serially attached devices ................56
MetaConnect for OoB Connection to the Gateway ......................58
MetaConnect Public Key Authentication .....................................60
ii
Instruction Manual
Setting up MetaConnect for Remote Desktop access ................61
Set up MetaConnect Serial Ports on ECS0016 ..........................62
SSH port forward over the ECS0016 Serial Port .........................63
Alerts and Logging ........................................................................ 64
Enable SMTP, SNMP and/or Nagios ...........................................64
Configure Alerts ...........................................................................65
Remote Log Storage ...................................................................67
Power Control ................................................................................ 68
Configuring Serial Port Power Strips ...........................................70
Configuring IPMI Power Management .........................................70
Configuring Browser Controlled Power Strips ............................. 71
Nagios Integration ......................................................................... 72
Nagios overview ..........................................................................72
Central management and setting up MetaConnect for Nagios ....73
Central Site ..................................................................................75
NagiosServer ...............................................................................75
Network .......................................................................................75
ECS0016 .....................................................................................75
Remote Site .................................................................................75
Serial ...........................................................................................75
Managed Hosts ...........................................................................75
Remote ECS0016 Gateway .........................................................78
System Management ..................................................................... 82
System Administration and Reset ...............................................82
Firmware Upgrades .....................................................................83
Configure Date and Time ............................................................84
iii
Instruction Manual
Status Reports ............................................................................... 85
Port Access and Active Users ..................................................... 85
Statistics ......................................................................................86
Support Reports ..........................................................................86
Syslog ..........................................................................................86
Device Management ....................................................................88
Port Log Management .................................................................88
Power Management ...................................................................88
Serial Port Terminal Connection .................................................. 89
Basic Configuration - Linux Commands ..................................... 90
The Linux Command line .............................................................91
Administration Configuration .......................................................93
Date and Time Configuration .......................................................94
Network Configuration .................................................................95
Serial Port Configuration .............................................................99
Users ...........................................................................................100
Trusted Networks .........................................................................101
Event Logging Configuration .......................................................102
MetaConnect Host Configuration ................................................104
Advanced Configuration ............................................................... 105
Advanced Portmanager ...............................................................105
pmshell ........................................................................................105
pmchat .........................................................................................106
pmusers .......................................................................................106
Portmanager Daemon .................................................................107
Signals .........................................................................................108
External Scripts and Alerts ..........................................................108
iv
Instruction Manual
Raw Access to Serial Ports ......................................................... 110
Access to Serial Ports .................................................................110
Accessing the Console Port ........................................................110
IP - Filtering .................................................................................111
Customizing the IP-Filter: ............................................................ 112
Modifying SNMP Configuration ...................................................113
Power Strip Control .....................................................................115
Glossary of Terms Used ..............................................................121
TERM ..........................................................................................121
MEANING ....................................................................................121
Technical Specifications ..............................................................129
Technical Support ......................................................................... 132
Warranty Information .................................................................... 132
v
Instruction Manual
Introduction
Thank you for purchasing a StarTech.com Conyx ECS0016 Enhanced
Console Server. This innovative remote service management solution
enables system administrators and network managers to affordably monitor and control their computers, networks and connected serial devices
remotely, from anywhere in the world (using an Internet connection).
Features
DHCP client for dynamic IP assignment•
Offline data logging (Syslog, NFS, CIFS)•
Out-of-band access (external dial-up modem)•
Port triggers with SMNP and email alerts•
SSH tunneled serial bridging•
Strong Encryption (3DES, Blowfish, AES, Arcfour)•
SUN / Solaris ready•
Telnet/SSH/Raw TCP connect•
Unlimited user accounts•
Package Contents
1 x DCE Connector•
1 x DTE Connector•
1 x ECS0016 Enhanced Console Server•
1 x Power Cable•
1 x Software/User Manual CD•
1 x Quick Start Guide•
2 x CAT5 Cables•
2 x Mounting Brackets•
1
Instruction Manual
Initial Conguration
Unpack the ECS0016 kit and verify you have all of the par ts indicated in
the Package Contents list shown on the previous page, and that they all
appear in good working order.
If you are installing your ECS0016 in a rack, you will need to attach the
rack-mounting brackets supplied with the unit, and install the unit in the
rack. Following this, proceed to connect your ECS0016 to the network, as
well as to the serial ports of the controlled devices, and to an power outlet
as outlined below.
Power Connection
The ECS0016 and CM4148 models have a built-in universal
autoswitching AC power supply. This power supply accepts AC input
voltage between 100 and 240 VAC with a frequency of 50 or 60 Hz and
the power consumption is less than 20W.
AC power socket
The ECS0016 has an IEC AC power socket located at the rear of the
metal case, which uses a conventional IEC AC power cord. The North
American power cord is provided by default.
There is a warning notice printed on the back of each unit:
2
Instruction Manual
Management Console Connection
The ECS0016 is pre-configured with a default IP Address: 192.168.0.1
and Subnet Mask: 255.255.255.0 .
Directly connect a PC or workstation to the ECS0016. To configure the
ECS0016 with a browser, the connected PC or workstation should have
an IP address in the same range as the ECS0016 (e.g. 192.168.0.100)
Please note: For initial configuration, it is recommended that the
ECS0016 be connected directly to a single PC or workstation. If you
choose to connect your LAN before completing the initial setup steps:
Ensure there are • no other devices on the LAN with an IP Address of
192.168.0.1
Ensure the Console Server and the PC/workstation are on the • same
LAN segment, with no interposed router appliances
To configure the IP Address of your Linux or Unix PC/workstation simply
run ipconfig. For Windows PCs (Win9x/Me/2000/XP/ NT):
Click 1. Start > Settings, then select Control Panel and double-click
Network Connections (for 95/98/Me, double click Network).
Right-click on 2. Local Area Connection and select Properties.
Select 3. Internet Protocol (TCP/IP) and click Properties.
Select 4. Use the following IP address and enter the following details:
IP address: 192.168.0.100 Subnet mask: 255.255.255.0.
If you wish to retain your existing IP settings for this network connection,
click Advanced and add the above as a secondary IP connection.
3
Instruction Manual
ARPPing IP Address Assignment
If it is not convenient to change the PC/workstation network address, you
can use the ARP-Ping command to reset the ECS0016 IP address. To do
this from a Windows PC:
Click 1. Start > Run
Type 2. cmd in the text box provided and click OK to open the command
line
Type 3. arp –d to flush the ARP cache:
Type 4. arp –a to view the current ARP cache which should now be
empty.
Now, add a static entry to the ARP table and ping the ECS0016 to
prompt it to assume the IP address.
The following example illustrates an ECS0016 with a MAC Address
00:13:C6:00:02:0F (designated on the label on the bottom of the unit),
and we are setting its IP address to 192.168.100.23. Also, the PC/work
station issuing the arp command must be on the same network
segment as the ECS0016 (i.e. have an IP address of 192.168.100.xxx).
Type 5. arp -s 192.168.100.23 00-13-C6-00-02-0F (Note for UNIX the
syntax is: arp -s 192.168.100.23 00:13:C6:00:02:0F)
Type 6. ping -t 192.18.100.23 to start a continuous ping to the new IP
Address.
Turn on the ECS0016 and wait for it to configure itself with the new IP 7.
Address. It will start replying to the ping at this point.
Type 8. arp –d to flush the ARP cache again.
Activate your preferred browser on the connected PC/ workstation and 9.
enter https://192.168.0.1 in the URL field.
4
Instruction Manual
You will be prompted to log in. Enter the default administration username
and administration password:
Username: root Password: default
Please note: The ECS0016 is factory configured with HTTP disabled and
HTTPS enabled appliances
Please note: Note If you are not able to connect to the Management
Console at 192.168.0.1 or if the default Username / Password were not
accepted then reset your ECS0016
A Welcome screen will appear , listing the four basic installation configuration steps:
After completing each of the steps listed, you can return to the configuration list by clicking in the top left corner of the screen on the StarTech.com
logo.
As you complete each step, the configuration list will be updated (e.g.
after you have configured the serial ports it will display this step as Done.
5
Instruction Manual
Administrator Password
For security reasons, only the Administrator (the administration user
named root) can initially log into your gateway; only those people who
know the root password can access and reconfigure the ECS0016 gateway itself.
As such, it is important that you enter and confirm a new password before
giving the ECS0016 any access to, or control of, your computers and
network appliances. To do so:
Select 1. System: Administration
Enter a new System Password then re-enter it in the field marked 2.
confirm System Password. This is the new password for root, the main
administrative user account, so it is important that you choose a
complex password, and keep it safe.
(Optional)At this stage you may also wish to enter a 3. System Name
and System Description for the ECS0016 gateway to give it a unique
ID and make it simple to identify.
Click 4. Apply. As you have changed the password you will be prompted
to log in again. This time use the new password.
6
Instruction Manual
Network IP address
You now must enter an IP address for the principal Ethernet (LAN/Network/Network1) port on the ECS0016 gateway, or enable its DHCP client
so that it automatically obtains an IP address from a DHCP server on the
network to which it is connected.
On the System: IP menu:
Select the 1. Network page then check DHCP or Static for the
Configuration Method
If you selected 2. Static you must manually enter the new IP Address,
Subnet Mask, Gateway and DNS server details. This selection
automatically disables the DHCP client.
If you selected DHCP, the ECS0016 will look for configuration details 3.
from a DHCP server on your management LAN. This selection
automatically disables any static address. The ECS0016 MAC address
can be found on a label on the base plate of the unit.
Please note: In its factory default state (with no Configuration Method
selected) the ECS0016 has its DHCP client enabled, so it automatically
accepts any network IP address assigned by a DHCP server on your network. In this initial state, the ECS0016 will then respond to both its Static
address (192.168.0.1) and its newly assigned DHCP address.
7
Instruction Manual
By default the ECS0016 LAN port auto detects the Ethernet connection
speed. However you can use the Media menu to lock the Ethernet to 10
Mb/s or 100Mb/s and to Full Duplex (FD) or Half Duplex (HD).
Please note: If you have changed the ECS0016 IP address, you may
need to reconfigure your PC/workstation so it has an IP address that is
in the same network range as this new address (as detailed in an earlier
note in this chapter).
Click 4. Apply. You will need to reconnect the browser on the PC /
workstation that is connected to the ECS0016, by entering http://new
IP address .
System Services
The Administrator can access and configure the ECS0016 gateway using
a range of access protocols. The factory default enables HTTPS and SSH
access and disables HTTP and Telnet. The Administrator can simply disable any of the services, or enable others.
Select the System: Services option then select /deselect for the service
to be enabled /disabled. The following access protocol options are available:
8
Instruction Manual
HTTPS
This ensures secure browser access to all of the Management Console
menus. It also allows appropriately configured Users secure browser access to selected Management Console Manage menus.
If you enable HTTPS, the Administrator will be able to use a secure
browser connection to the ECS0016 gateway’s Management Console.
By default HTTPS is enabled, and it is recommended that only HTTPS
access be used if the gateway is to be managed over any public network
(e.g. the Internet).
HTTP
The HTTP service allows the Administrator basic browser access to
the Management Console. It is recommended that the HTTP service be
disabled if the ECS0016 gateway is to be remotely accessed over the
Internet.
Telnet
This gives the Administrator telnet access to the system command line
shell (Linux commands). While this may be suitable for a local direct
connection over a management LAN, it is recommended this service be
disabled if the ECS0016 is to be remotely administered.
SSH
This service provides secure SSH access to the Linux command line
shell. It is recommended you choose SSH as the protocol where the Administrator connects to the gateway over the Internet or any other public
network. This will provide authenticated communications between the
SSH client program on the remote PC/workstation and the SSH server in
the gateway.
9
Instruction Manual
There are also a number of related service options that can be configured
at this stage:
SNMP
This will enable netsnmp in the gateway, which will keep a remote log of
all posted information. SNMP is disabled by default. To modify the default
SNMP settings, the Administrator must make the edits at the command
line.
Ping
This allows the ECS0016 to respond to incoming ICMP echo requests.
Ping is enabled by default, however for security reasons this service
should generally be disabled following initial configuration.
And there are some serial port access parameters that can be configured
on this menu:
Base
The ECS0016 uses specific default ranges for the TCP/IP ports for the
various access services that Users and Administrators can use to access
devices attached to serial ports. The Administrator can also set alternate
ranges for these services, and these secondary ports will then be used in
addition to the defaults.
The default TCP/IP base port address for telnet access is 2000, and the
range for telnet is IP Address: Port (2000 + serial port #) i.e. 2001 – 2048.
If the Administrator were to set 8000 as a secondary base for telnet,
serial port #2 on the gateway can be telnet accessed at IP Address:2002
and at IP Address:8002.
The default base for SSH is 3000; for Raw TCP is 4000; and for
RFC2217, 5000.
Once you’ve made the appropriate selections, click Apply.
10
Instruction Manual
Communications Software
You have configured access protocols for the Administrator client to use
when connecting to the ECS0016. User clients (who you may set up later)
will also use these protocols when accessing ECS0016 serial attached
devices and network attached hosts.
You will need to have appropriate communications software tools set
up on the Administrator (and User) client’s PC/workstation. ECS0016
includes MetaConnect as the recommended client software tool, however
other generic tools such as PuTTY and SSHTerm may be used, and
these are all described below:
MetaConnect
StarTech.com recommends using the MetaConnect communications
software tool for all communications with ECS0016 gateways, to ensure
these communications are secure. Each ECS0016 is supplied with an
unlimited number of MetaConnect licenses to use with that gateway.
MetaConnect is a lightweight tool that enables Users and Administrators
to securely access the ECS0016 gateway, and the various computers,
network devices and appliances that may be serially or network connected to the gateway.
Applications &
MetaConnect
(RDP/VNC/Telnet/
HTTP Client)
SSH Encrypted
LAN
Tunnel
Database Servers
Web Server
RDP/VNC/Telnet/HTTP Sessions forwarded to devices/
service processors on the
LAN
Desktop PCs
Network Appliance
11
Instruction Manual
MetaConnect is a Java client program that couples the SSH tunneling
protocol with popular access tools such as Telnet, SSH, HTTP, HTTPS,
VNC, RDP, to provide point-and-click secure remote management access
to all the systems and devices being managed.
MetaConnect can be installed on Windows 2000, XP, 2003, Vista™ PCs
and on most Linux, UNIX and Solaris configurations
PuTTY
Communications packages like PuTTY can be also used to connect to the
ECS0016 gateway command line.
PuTTY is a freeware implementation of Telnet and SSH for Win32 and
UNIX platforms, that runs as an executable application without needing
to be installed onto your system. PuTTY (the Telnet and SSH client itself)
can be downloaded at http://www.tucows.com/preview/195286
To use PuTTY for an SSH terminal session from a Windows client, you •
enter the gateway’s IP address as the ‘Host Name (or IP address)
To access the ECS0016 command line you select ‘SSH’ as the •
protocol, and use the default IP Port 22
Click ‘Open’ and you will be presented with the ECS0016 login prompt. •
(You may also receive a ‘Security Alert’ that the host’s key is not
cached, you will need to choose ‘yes’ to continue.)
Using the • Telnet protocol is similarly simple but you use the default
port 23
12
Instruction Manual
SSHTerm
Another common communications package that may be useful is SSHTerm, an open source package that can be downloaded from
http://sourceforge.net/projects/sshtools
To use SSHTerm for an SSH terminal session from a Windows Client, you
simply Select the File option and click on New Connection
A new dialog box will appear for your ‘Connection Profile’ where you can
type in the host name or IP address (for the ECS0016 unit) and the TCP
port that the SSH session will use (port 22). Then, enter your username
and choose password authentication and click Connect.
You may receive a message about the host key fingerprint, and you will
need to select ‘yes’ or ‘always’ to continue.
The next step is password authentication, where you will be prompted for
your username and password from the remote system.
You will then be logged on to the ECS0016 gateway.
Serial Port and Network Host Conguration
The ECS0016 enables access and control of serially and network
attached devices (hosts). The Administrator must configure the port
access privileges for each of these devices, and specify the selection of
services that can be used to control the devices. The Administrator must
also set up Users and specify each User’s individual access and control
privileges.
13
Instruction Manual
Conguring Serial Ports
To configure the serial port, you must first set the protocols and the
RS232 parameters that are to be used for the data connection to that port
(e.g. baud rate).
Then you must select what mode the port is to operate in. Each port can
be set to support one of five operating modes:
I
Console Server mode enables remote network access to the
attached devices serial console port
I I
SDT mode enables graphical console (RDP, VNC, HTTPS etc)
access to hosts that are serially connected
I I I
Power Device mode sets up the serial port to communicate with an
intelligent serial controlled power strip
IV
Terminal Server mode sets the serial port to await an incoming
terminal login session
V
Serial Bridge mode enables the transparent interconnection of two
serial port devices over a network
You can also configure the ECS0016 to support the remote syslog protocol on a per serial port basis.
Select • Serial & Network: Serial Port and you will see the current
labels, modes, and RS232 protocol options that are currently set up for
each serial port
If you wish to set the same protocol options for multiple serial ports at •
once, click Edit Multiple Ports and select which ports you wish to
configure as a group
By default each serial port is set in • Console Server mode. For the por t
to be reconfigured, click Edit
14
Instruction Manual
When you have reconfigured the common settings and the mode for •
each port, you set up any remote syslog, then click Apply
Common Settings
There are a number of common settings that can be set for each serial
port, that are independent of the mode in which the port is being used.
These serial port parameters must be set so they match the port parameters of the devices you attach to that port:
Specify a label for the port •
Select the appropriate Baud Rate, Parity, Data Bits, Stop Bits and •
Flow Control for each port. (Note that the RS485 field is not relevant for
ECS0016 gateways)
15
Instruction Manual
Before proceeding with further serial port configuration, you should •
connect the ports to the serial devices they will be controlling, and
ensure they have matching settings
Please Note that the serial ports are all factory set to RS232 9600 baud,
no parity, 8 data bits, 1 stop bit and Console Server Mode.
The baud rate can be changed to 2400 – 230400 baud using the management console. Lower baud rates (50, 75, 110, 134, 150, 200, 300,
600, 1200, 1800 baud) can be configured from the command line.
Console Server Mode
Select Console Server Mode to enable remote management access to
the serial console that is attached to this serial port:
Logging Level - specifies the level of information to be logged and
monitored
Telnet - With the Telnet service enabled on the ECS0016, a Telnet
client on a User or Administrator’s PC/workstation can connect to a serial
device attached to this serial port on the gateway. The Telnet communications are unencrypted, so this protocol is generally recommended only for
local connections.
16
Instruction Manual
From Win2000/XP/NT, you can run telnet from the command prompt •
(cmd.exe)
You can also use standard communications packages like PuTTY to •
set a direct Telnet (or SSH) connection to the serial ports (see box
below)
Also, if the remote communications are being tunneled with •
MetaConnect, then Telnet can be used for securely accessing
attached devices
In Console Server mode, Users and Administrators can use MetaConnect to set up secure Telnet connections that are SSH tunneled from
their client PC/workstations to the serial port on the ECS0016. MetaConnect then enables those secure Telnet connections to be selected with a
simple point and click.
To use MetaConnect to access consoles on the ECS0016 serial ports,
you must configure MetaConnect using the ECS0016 as a gateway, then
as a host, with Telnet service on Port (2000 + serial port #) i.e. 2001–
2016 enabled.
MetaConnect can be installed on Windows 2000, XP, 2003, Vista™ PCs
and on most Linux platforms. Solaris platforms are also supported, however they must have Firefox installed.
Enter the ECS0016 gateway’s IP address as the ‘Host Name (or IP address)’. Select ‘Telnet’ as the protocol and set the ‘TCP port’ to 2000 plus
the physical serial port number (i.e. 2001 to 2016).
Click the ‘Open’ button. You may then receive a ‘Security Alert’ that the
host’s key is not cached - choose ‘yes’ to proceed. You will then be presented with the login prompt of the remote system connected to the serial
port chosen on the ECS0016 device, where you can login as normal and
use the host serial console screen.
17
Instruction Manual
SSH
It is recommended that you use SSH as the protocol whereby the User
or Administrator connects to the ECS0016 gateway (or connects to the
attached serial consoles) over the Internet (or any other public network).
This will provide authenticated SSH communications between the SSH
client program on the remote user’s PC/workstation and the gateway, so
the user’s communication with the serial device attached to the gateway
is secure.
For SSH access to the consoles on devices attached to the ECS0016
serial ports, you can use MetaConnect. You configure MetaConnect with
the ECS0016 as a gateway, then as a host, and you enable SSH service
on Port (3000 + serial port #) i.e. 3001-3016.
Also, you can use common communications packages, like PuTTY or
SSHTerm to SSH connect directly to por t address IP Address _ Port
(3000 + serial port #) i.e. 3001–3016
Alternately, SSH connections can be configured using the standard SSH
port 22. The serial port being accessed is then identified by appending a
descriptor to the username. This syntax supports any of:
<username>:<portXX>
<username>:<port label>
<username>:<ttySX>
<username>:<serial>
18
Instruction Manual
For a User named ‘Paul’ to access serial port 2, when setting up the
SSHTerm or the PuTTY SSH client, instead of typing username = paul
and ssh port = 3002, the alternate is to type username = paul:port02 (or
username = fred:ttyS1) and ssh port = 22.
Or, by typing username=fred:serial and ssh port = 22, the User is presented with a port selection option:
This syntax enables Users to set up SSH tunnels to all serial ports with
only a single IP port 22 having to be opened in their firewall/gateway.
TCP
RAW TCP allows connections directly to a TCP socket. However while
communications programs like PuTTY also supports RAW TCP, this protocol would usually be used by a custom application
For RAW TCP, the default port address is IP Address _ Port (4000 + serial
port #) i.e. 4001 – 4016.
RAW TCP also enables the serial port to be tunneled to a remote
ECS0016 client gateway, so two serial port devices can be transparently
interconnect over a network.
RFC2217
Selecting RFC2217 enables serial port redirection on that port. For
RFC2217, the default port address is IP Address _ Port (5000 + serial
port #) i.e. 5001 – 5016.
Special client software is available for Windows UNIX and Linux that
supports RFC2217 virtual com por ts, so a remote host can monitor and
manage remote serially attached devices, as though they were connected
to the local serial port.
19
Instruction Manual
RFC2217 also enables the serial port to be tunneled to a remote
ECS0016 client gateway, so two serial port devices can be transparently
interconnect over a network.
Accumulation Period
By default, once a connection has been established for a particular serial
port (such as a RFC2217 redirection or Telnet connection to a remote
computer) then any incoming characters on that port are forwarded over
the network on a character by character basis. The accumulation period
changes this by specifying a period of time that incoming characters will
be collected before then being sent as a packet over the network.
Escape Character (esc)
This enables you to change the character used for sending escape characters. The default is ~.
SDT Mode
This Secure Tunneling setting allows port forwarding of RDP, VNC, HTPP,
HTTPS, SSH, Telnet and other LAN protocols through to computers which
are locally connected to the ECS0016 by their serial COM port. However
such port forwarding requires a PPP link to be set up over this serial port.
Power Strip Mode
This mode configures the selected serial port to communicate with an
intelligent serial controlled power strip.
Terminal Server Mode
Select Terminal Server Mode and the Terminal Type (vt220, vt102,
vt100, Linux or ANSI) to enable a tty login on the selected serial port.
The getty will then configure the port and wait for a connection to be
made. An active connection on a serial device is usually indicated by the
20
Instruction Manual
Data Carrier Detect (DCD) pin on the serial device being raised. When
a connection is detected, the getty program issues a login: prompt, and
then invokes the login program to handle the actual system login.
Serial Bridging Mode
Serial bridging is the encapsulation of serial data into network packets
and the transport of the data over a network. So two ECS0016 gateways
can configured to act as a virtual serial cable over IP network.
One gateway is configured as the server in Console Server mode with
either RFC2217 or RAW enabled on the serial port to be bridged.
For the client gateway, the serial port must be set in Bridging Mode. To
do so:
Select Serial Bridging Mode and specify the IP address of the first
ECS0016 gateway and the TCP port address of the remote serial port (for
RFC2217 bridging this will be 5001 - 5016)
By default the bridging client will use RAW TCP, so you must select •
RFC2217 if this is the console server mode you have specified on the
server gateway
You may secure the communications over the local Ethernet by •
enabling SSH, however you will need to generate and upload keys
Local Ethernet LAN
ECS0016
Serially Connected Device
(e.g. Security Appliance)
COM Port Connected
Control PC
Syslog
In addition to built-in logging and monitoring (which can be applied to serial attached and network attached management accesses. The ECS0016
21
Instruction Manual
can also be configured to support the remote syslog protocol on a per
serial port basis.
Select the Syslog Facility/Priority fields to enable logging of traffic on •
the selected serial port to a syslog server; and to appropriately sort
and action those logged messages (i.e. redirect them/ send alert email
etc.)
For example if the computer attached to serial port 3 should never send
anything out on its serial console port, the Administrator can set the Facility for that port to local0 (local0 .. local7 are meant for site local values),
and the Priority to critical. At this priority, if the ECS0016 syslog server
does receive a message, it will automatically raise an alert.
Add / Edit Users
The Administrator uses this menu selection to set up, edit and delete Users and to define the access permissions for each of these Users.
Users can be authorized to access specified ECS0016 serial ports and
specified network attached hosts. These Users can also be given full
Administrator status (with full configuration and management and access
privileges).
To simplify User set up, individual users can be configured as members of
Groups. There are two Groups set up by default:
admin which provides User members with full Administrator privileges
and
users which provides User members with access to the Management
section of the Management Console
22
Instruction Manual
Select 1. Serial & Network: Users & Groups to display the configured
Groups and Users
Click 2. Add Group.
Add a 3. Group name and Description for each new Group, then select
Accessible Hosts and Accessible Ports to specify the serial ports
and hosts you wish any Users in this new Group to be able to access.
Click 4. Apply
Select 1. Serial & Network: Users to display the configured Users.
Click 2. Add User to add a new User.
Add a 3. Username and a confirmed Password for each new User. You
may also include information related to the User (e.g. contact details) in
the Description field.
Select 4. Accessible Hosts and Accessible Ports, to specify which
serial ports and to which LAN connected hosts you wish the User to
have access.
Specify the 5. Group (or Groups) of which you wish the User to be a
member.
Click 6. Apply to save changes.
Your new User will now be able to access the selected LAN devices and
the devices attached to the chosen serial ports.
23
Loading...