Tripp Lite 93-2879, B096-048, B096-016 User Manual

Warranty

Registration:

chance to win a FREE Tripp Lite

product—www.tripplite.com/warranty

Console Server Management Switch

Owner’s Manual

Models: B096-016 / B096-048

Console Server with PowerAlert

Model: B092-016

Tripp Lite World Headquarters

1111 W. 35th Street, Chicago, IL 60609 USA

(773) 869-1234 (USA) • 773.869.1212 (International)

www.tripplite.com

INDEX

1. INTRODUCTION 9

2. INSTALLATION 14

2.1 Models 14

2.1.1 Kit components: B096-048 and B096-016 Console Server Management Switch 14

2.1.2 Kit components: B092-016 Console Server with PowerAlert 15

2.2 Power connection 15

2.2.1 Power: Console Server Management Switch 15

2.2.2 Power: Console Server with PowerAlert 16

2.3 Network connection 16

2.4 Serial Port connection 16

2.5 USB Port Connection 17

2.6 Rackmount Console / KVM Connection (B092-016 only) 17

3. INITIAL SYSTEM CONFIGURATION 18

3.1 Management Console Connection 18

3.1.1 Connected computer set up 18

3.1.2 Browser connection 19

3.1.3 Initial B092-016 connection 21

3.2 Administrator Password 21

3.3 Network IP address 22

3.3.1 IPv6 configuration 23

3.4 System Services 24

3.5 Communications Software 27

3.5.1 SDT Connector 27

3.5.2 PuTTY 27

3.5.3 SSHTerm 28

3.6 Management Network Configuration (B096-048/016 only) 29

3.6.1 Configure Management Switch as a Management LAN gateway 29

3.6.3 Configure Management Switch for Failover or broadband OOB 32

4. SERIAL PORT AND NETWORK HOST 33

4.1 Configuring Serial Ports 33

4.1.1 Common Settings 34

4.1.2 Console Server Mode 35

4.1.3 SDT Mode 39

4.1.4 Device (RPC, UPS, EMD) Mode 39

4.1.5 Terminal Server Mode 39

4.1.6 Serial Bridging Mode 40

4.1.7 Syslog 41

4.2 Add/Edit Users 41

4.3 Authentication 44

4.4 Network Hosts 44

4.5 Trusted Networks 46

4.6 Serial Port Cascading 47

4.6.1 Automatically generate and upload SSH keys 47

4.6.2 Manually generate and upload SSH keys 48

4.6.3 Configure the Slaves and their serial ports 50

4.6.4 Managing the Slaves 51

5. FAILOVER AND OUT-OF-BAND ACCESS 52

5.1 OoB Dial-In Access 52

5.1.1 Configure dial-in PPP 52

5.1.2 Using SDT Connector client for dial-in 54

5.1.3 Set up Windows XP/ 2003/Vista client for dial-in 54

5.1.4 Set up earlier Windows clients for dial-in 55

5.1.5 Set up Linux clients for dial-in 56

5.2 OoB Broadband Access (B096-048/016 only) 56

5.3 Broadband Ethernet Failover (B096-048/016 only) 56

5.4 Dial-Out Failover 58

6. SECURE TUNNELING AND SDT CONNECTOR 60

6.1 Configuring for SDT Tunneling to Hosts 61

6.2 SDT Connector Configuration 61

6.2.1 SDT Connector client installation 62

6.2.2 Configuring a new gateway in the SDT Connector client 63

6.2.3 Auto-configure SDT Connector client with the user’s access privileges 64

6.2.4 Make an SDT connection through the gateway to a host 65

6.2.5 Manually adding hosts to the SDT Connector gateway 66

6.2.6 Manually adding new services to the new hosts 67

6.2.7 Adding a client program to be started for the new service 69

6.2.8 Dial- in configuration 70

6.2.9 Choosing an alternate SSH client (e.g. PuTTY) 70

6.3 SDT Connector to Management Console 75

6.4 SDT Connector - Telnet or SSH connect to serially attached devices 76

6.5 Using SDT Connector for out-of-band connection to the gateway 77

6.6 Importing (and exporting) preferences 79

6.7 SDT Connector Public Key Authentication 79

6.8 Setting up SDT for Remote Desktop access 80

6.8.1 Enable Remote Desktop on the target Windows computer to be accessed 80

6.8.2 Configure the Remote Desktop Connection client 81

6.9 SDT SHH Tunnel for VNC 85

6.9.1 Install and configure the VNC Server on the computer to be accessed 85

6.9.2 Install, configure and connect the VNC Viewer 86

6.10 Using SDT to IP connect to hosts that are serially attached to the gateway 88

6.10.1 Establish a PPP connection between the host COM port and Console Server 88

6.10.2 Set up SDT Serial Ports on Console Server 91

6.10.3 Set up SDT Connector to ssh port forward over the Console Server Serial Port 92

7. ALERTS AND LOGGING 93

7.1 Configure SMTP/SMS/SNMP/Nagios alert service 93

7.1.1 Email alerts 93

7.1.2 SMS alerts 94

7.1.3 SNMP alerts 95

7.1.4 Nagios alerts 96

7.2 Activate Alert Events and Notifications 96

7.2.1 Add a new alert 97

7.2.2 Select general alert type 98

7.2.3 Configuring environment and power alert type 99

7.3 Remote Log Storage 100

7.4 Serial Port Logging 101

7.5 Network TCP or UDP Port Logging 102

POWER & ENVIRONMENTAL MANAGEMENT 103

8.1 Remote Power Control (RPC) 103

8.1.1 RPC connection 103

8.1.2 RPC alerts 105

8.1.3 RPC status 105

8.1.4 User power management 105

8.2 Uninterruptible Power Supply Control (UPS) 106

8.2.1 Managed UPS connections 106

8.2.2 Configure UPS powering the Console Server 109

8.2.3 Configuring powered computers to monitor a Managed UPS 110

8.2.4 UPS alerts 111

8.2.5 UPS status 111

8.2.6 Overview of Network UPS Tools (NUT) 111

8.3 Environmental Monitoring 113

8.3.1 Connecting the EMD 114

8.3.2 Environmental alerts 115

8.3.3 Environmental status 115

AUTHENTICATION 117

9.1 Authentication Configuration 117

9.1.1 Local authentication 118

9.1.2 TACACS authentication 118

9.1.3 RADIUS authentication 119

9.1.4 LDAP authentication 120

9.1.5 RADIUS/TACACS user configuration 121

9.2 PAM (Pluggable Authentication Modules) 122

9.3 Secure Management Console Access 123

NAGIOS INTEGRATION 125

10.1 Nagios Overview 125

10.2 Central management 126

10.2.1 Set up central Nagios server 126

10.2.2 Set up distributed Console Servers 127

10.3 Configuring Nagios distributed monitoring 129

10.3.1 Enable Nagios on the Console Server 129

10.3.2 Enable NRPE monitoring 131

10.3.3 Enable NSCA monitoring 132

10.3.4 Configure selected Serial Ports for Nagios monitoring 132

10.3.5 Configure selected Network Hosts for Nagios monitoring 133

10.3.6 Configure the upstream Nagios monitoring host 134

10.4 Advanced Distributed Monitoring Configuration 135

10.4.1 Sample Nagios configuration 135

10.4.2 Basic Nagios plug-ins 138

10.4.3 Additional plug-ins 138

11. SYSTEM MANAGEMENT 140

11.1 System Administration and Reset 140

11.2 Upgrade Firmware 141

11.3 Configure Date and Time 142

12. STATUS REPORTS 143

12.1 Port Access and Active Users 143

12.2 Statistics 143

12.3 Support Reports 144

12.4 Syslog 144

13. MANAGEMENT 146

13.1 Device Management 146

13.2 Port and Host Management 146

13.3 Power Management 147

13.4 Serial Port Terminal Connection 147

13.5 Remote Console Access (B092-016 only) 149

14. BASIC CONFIGURATION - LINUX COMMANDS 151

14.1 The Linux Command line 152

14.2 Administration Configuration 154

System Settings 154

Authentication Configuration 154

14.3 Date and Time Configuration 155

14.4 Network Configuration 156

IP Configuration 156

Dial-in Configuration 157

Services Configuration 158

14.5 Serial Port Configuration 159

Serial Port Settings 159

Supported Protocol Configuration 160

Users 160

Trusted Networks 161

14.6 Event Logging Configuration 162

Remote Serial Port Log Storage 162

Alert Configuration 163

14.7 SDT Host Configuration 163

SDT Host TCP Ports 163

14.8 Configuration backup and restore 165

14.9 General Linux command usage 166

15. ADVANCED CONFIGURATION 168

15.1 Advanced Portmanager 169

15.2 External Scripts and Alerts 171

15.3 Raw Access to Serial Ports 173

15.4 IP- Filtering 174

15.5 Modifying SNMP Configuration 176

Adding more than on SNMP server 177

15.6 Secure Shell (SSH) Public Key Authentication 178

SSH Overview 178

Generating Public Keys (Linux) 179

Installing the SSH Public/Private Keys (Clustering) 180

Installing SSH Public Key Authentication (Linux) 180

Generating Public/Private keys for SSH (Windows) 182

Fingerprinting 184

SSH tunneled serial bridging 185

SDT Connector Public Key Authentication 188

15.7 Secure Sockets Layer (SSL) Support 189

15.8 HTTPS 190

15.9 Power Strip Control 192

PowerMan 192

pmpower 194

Adding new RPC devices 194

15.10 IPMItool 196

15.11 Scripts for Managing Slaves 200

16. THIN CLIENT (B092-016) 202

16.1 Local Client Service Connections 202

16.1.1 Connect- serial terminal 204

16.1.2 Connect- browser 204

16.1.3 Connect- VNC 205

16.1.4 Connect- SSH 206

16.1.5 Connect- IPMI 207

16.1.6 Connect- Remote Desktop (RDP) 208

16.1.7 Connect- Citrix ICA 209

Connect- PowerAlert 209

16.1.8

16.2 Advanced Control Panel 210

16.2.1 System: Terminal 210

16.2.2 System: Shutdown / Reboot 211

16.2.3 System: Logout 211

16.2.4 Custom 211

16.2.5 Status 211

16.2.6 Logs 211

16.3 Remote control 212

Appendix A Hardware Specification 213

Appendix B Serial Port Connectivity 214

Appendix C End User License Agreement 216

Appendix D Service and Warranty 223

1. INTRODUCTION

This Manual

This User Manual is provided to help you get the most from your B096-016 / B096-048 Console Server Management Switch or B092-016 Console Server with PowerAlert product. These products are referred to generically in this manual as Console Servers.

Once configured, you will be able to use your Console Server to securely monitor, access and control the computers, networking devices, telecommunications equipment, power supplies and operating environment in your data center, branch office or communications room. This manual guides you in managing this infrastructure locally (at the rack side or across your operations or management LAN or through the local serial console port), and remotely (across the Internet, private network or via dial up).

FCC Information

This is an FCC Class A product. In a domestic environment this product may cause radio interference in which case the user may be required to take adequate measures. This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment.

This equipment generates, uses and can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference, in which case the user will be required to correct the interference at his own expense.

RoHS

This product is RoHS compliant.

User Notice

All information, documentation and specifications contained in this manual are subject to change without prior notification by the manufacturer. The manufacturer makes no representations or warranties, either expressed or implied, with respect to the contents hereof and specifically disclaims any warranties as to merchantability or fitness for any particular purpose. Any of the manufacturer's software described in this manual is sold or licensed `as is'. Should the programs prove defective following their purchase, the buyer (and not the manufacturer, its distributor, or its dealer), assumes the entire cost of all necessary servicing, repair and any incidental or consequential damages resulting from any defect in the software.

The manufacturer of this system is not responsible for any radio and/or TV interference caused by unauthorized modifications to this device. It is the responsibility of the user to correct such interference. The manufacturer is not responsible for any damage incurred in the operation of this system if the correct operational voltage setting was not selected prior to operation.

RODUCTION

Please take care to follow the safety precautions below when installing and operating the Console Server:

 Do not remove the metal covers. There are no operator-serviceable

components inside. Opening or removing the cover may expose you to dangerous voltage which may cause fire or electric shock. Refer all service to Tripp Lite qualified personnel

 To avoid electric shock the power cord protective grounding conductor

must be connected through to ground

 Always pull on the plug, not the cable, when disconnecting the power cord

from the socket

 Do not connect or disconnect the Console Server during an electrical storm

 Also it is recommended you use a surge suppressor or UPS to protect the

equipment from transients

Manual Organization

This User Manual covers all aspects of installation, configuration and operation and an overview of the information found in the manual is provided below.

1. Introduction An overview of the features of the Console Server and information on this manual

2. Installation Details physical installation of the Console Server and the interconnection of controlled devices

3. System Configuration Describes the initial installation and configuration using the Management Console of the Console Server on the network and the services that will be supported

4. Serial and Network Covers configuring serial ports and connected network hosts, and setting up Users and Groups

5. Failover and OoB dial-in Describes setting up the high-availability access features of the Console Server

6. Secure Tunneling (SDT) Covers secure remote access using SSH and configuring for RDP, VNC, HTTP, HTTPS, etc. access to network and serially connected devices

7. Alerts and Logging Explains the setting up of local and remote event/ data logs and triggering SNMP and email alerts

8. Power & Environment Management of USB, serial and network attached Power Distribution units and UPS units including Network UPS Tool (NUT) operation and IPMI power control. EMD environmental sensor configuration

9. Authentication All access to the Console Server requires usernames and passwords which are locally or externally authenticated

10. Nagios Integration Setting Nagios central management with SDT extensions and configuring the Console Server as a distributed Nagios server

11. System Management Covers access to and configuration of services to be run on the Console Server

12. Status Reports View the status and logs of serial and network connected devices (ports, hosts, power and environment)

13. Management Includes port controls and reports that can accessed by Users

14. Basic Configuration Command line installation and configuration using the config command

15. Advanced Config More advanced command line configuration activities where you will need to use Linux commands

16. Thin Client Configuration and use of the thin client and other applications (including Power Alert) embedded in the Console Server with PowerAlert (B092-

016) product

Types of users

The Console Server supports two classes of users:

I. Administrative users: Those who will be authorized to configure and control the Console Server; and

to access and control all the connected devices. These administrative users will be set up as members of the admin user group. Any user in this class is referred to generically in this manual as an Administrator. An Administrator can access and control the Console Server using the config utility, the Linux command line or the browser-based Management Console. By default the Administrator has access to all services and ports to control all the serial connected devices and network connected devices (hosts).

II. Users: Embraces those who have been set up by the Administrator with specific limits on their

access and control authority. These users are set up as members of the users user group (or some other user groups the Administrator may have added). They are only authorized to perform specified controls on specific connected devices and are referred to as Users. These Users (when authorized) can access serial or network connected devices; and control these devices using the specified services (e.g. Telnet, HHTPS, RDP, IPMI, Serial over LAN, Power Control). An authorized User can also use the Management Console to access configured devices and review port logs.

In this manual, when the term user (lower case) is used, it is referring to both the above classes of users. This document also uses the term remote users to describe users who are not on the same LAN segment as the Console Server. These remote users may be Users, who are on the road connecting to managed devices over the public Internet, or it may be an Administrator in another office connecting to the Console Server itself over the enterprise VPN, or the remote user may be in the same room or the same office but connected on a separate VLAN to the Console Server.

Management Console

The Console Server Management Console runs in a browser. It provides a view of your Console Server Management Switch (B096-016/048) or Console Server with PowerAlert (B092-016) product and all the connected equipment. Administrators can use the Management Console, either locally or from a remote

location, to configure the Console Server, set up Users, configure the ports and connected hosts, and set up logging and alerts.

An authorized User can use the Management Console to access and control configured devices, review port logs, use the in-built java terminal to access serially attached consoles and control power to connected devices.

The Console Server runs an embedded Linux operating system. Experienced Linux and UNIX users may prefer to undertake configuration at the command line. As an Administrator you can get command line access by connecting through a terminal emulator or communications program to the console serial port; or by SSH or Telnet connecting to the Console Server over the LAN; or by connecting to the Console Server through an SSH tunnel using the SDTConnector.

The B092-016 Console Server also has PowerAlert software and a selection of thin clients embedded (RDP, Firefox etc). You will be able to use these consoles as well as the standard Management Console for access and control.

Manual Conventions

This manual uses different fonts and typefaces to show specific actions:

Note Text presented like this indicates issues which need to be noted

Text presented like this highlights important issues and it is essential you read and take heed of these warnings

 Text presented with an arrow head indent indicates an action you should take as part of the

procedure.

Bold text indicates text that you type, or the name of a screen object (e.g. a menu or button) on the Management Console.

Italic text is also used to indicate a text command to be entered at the command line level.

Publishing history

Date Revision Update details

January 2009 0.9 Initial draft

February 2009 0.91 Pre-release

2. INSTALLATION

Introduction

This chapter describes the physical installation of the Console Server hardware and connection to controlled devices

2.1 Models

There are a number of Console Server models, each with a different number of network, USB and serial ports and power supplies:

Serial

Ports

B096-048 48 2 1 1 Internal Dual AC Universal Input B096-016 16 2 1 1 Internal Dual AC Universal Input B092-016 16 1 1+KVM 4 - Single AC Universal Input

Network

Ports

Console

Port

USB Port

Modem Power

2.1.1 Kit components: B096-048 and B096-016 Console Server Management Switch

 Unpack your Console Server Management Switch kit and verify you have all the parts shown

above, and that they all appear in good working order

B096-048 or B096-016 Console Server Management Switch

2 x Cable UTP Cat5 blue

Connectors DB9F-RJ45S straight and cross-over

Dual IEC AC power cords

Quick Start Guide and CD-ROM

 If you are installing your Console Server Management Switch in a rack you will need to attach

the rack mounting brackets supplied with the unit, and install the unit in the rack. Take care to head the Safety Precautions

 Connect your Console Server Management Switch to the network, to the serial ports of the

controlled devices, and to power as outlined below

2.1.2 Kit components: B092-016 Console Server with PowerAlert

 Unpack your Console Server and verify you have all the parts shown above, and that they all

appear in good working order

 If you are installing your Console Server in a rack, you will need to attach the rack mounting

brackets supplied with the unit, and install the unit in the rack. Take care to heed the Safety Precautions listed earlier

B092-016 Console Server with PowerAlert

2 x Cable UTP Cat5 blue

Connector DB9F-RJ45S straight and DB9FRJ45S cross-over

AC power cable

Quick Start Guide and CD-ROM

 Proceed to connect your B092-016 to the network, to the serial and USB ports of the controlled

devices, to any rack side LCD console or KVM switch, and to power as outlined below

2.2 Power connection

2.2.1 Power: Console Server Management Switch

The B096-048/16 Console Server Management Switch has dual universal AC power supplies with auto failover built in. These power supplies each accept AC input voltage between 100 and 240 VAC with a frequency of 50 or 60 Hz and the total power consumption per Console Server is less than 30W. Two IEC AC power sockets are located at the rear of the metal case, and these IEC power inlets use conventional IEC AC power cords. A North American power cord is provided by default. Power cords for other regions are available separately from Tripp Lite.

2.2.2 Power: Console Server with PowerAlert

The standard B092-016 Console Server has a built-in universal auto-switching AC power supply. This power supply accepts AC input voltage between 100 and 240 VAC with a frequency of 50 or 60 Hz and the power consumption is less than 40W.

The AC power socket is located at the rear of the B092-016. This power inlet uses a conventional AC power cord. A North American power cord is provided by default. Power cords for other regions are available separately from Tripp Lite.

2.3 Network connection

The RJ45 10/100 LAN port is located on the rear of the B092-016 Console Server, and on the front of the B096-048/016 Console Server Management Switch. All physical connections are made using industry standard Cat5e patch cables (Tripp Lite N001 and N002 series cables). Ensure you only connect the LAN port to an Ethernet network that supports 10Base-T/100Base-T. For the initial configuration of the Console Server you must connect a computer to the Console Server’s principal network port.

2.4 Serial Port connection

The RJ45 serial ports are located on the rear of the B092-016 Console Server and on the front of the B096-048/016 Console Server Management Switch. These Console Servers use the RJ45 pinout used by Cisco. Use straight through RJ-45 cabling to connect to equipment such as Cisco, Juniper, SUN, and more.

PIN SIGNAL DEFINITION DIRECTION

1 CTS Clear To Send Input 2 DSR Data Set Ready Input 3 RXD Receive Data Input

Conventional Cat5 cabling with RJ45 jacks are used for serial connections. Before connecting the console port of an external device to the Console Server serial port, confirm that the device supports standard RS-232C (EIA-232).

4 GND Signal Ground NA 5 GND Signal Ground NA 6 TXD Transmit Data Output 7 DTR Data Terminal Ready Output 8 RTS Request To Send Output

The Console Server also has a DB9 LOCAL (Console/Modem) port. This DB-9 connector is on the rear panel of the B092-016 Console Server, and on the front panel of the B096-048/016 Console Server Management Switch.

2.5 USB Port Connection

The B096-048/016 Console Server Management Switch has one USB port on the front panel. External USB devices can be plugged into this USB port. The B096-048/016 Console Server Management Switch ships with a USB memory stick so that it will be installed in this port for extended log file storage.

There are four USB 2.0 ports on the rear panel of the B092-016 Console Server. These ports are used to connect to USB consoles (of managed UPS hardware) and to other external devices (such as a USB memory stick or keyboard).

External USB devices (including USB hubs) can be plugged into any Console Server USB port.

2.6 Rackmount Console / KVM Connection (B092-016 only)

B092-016 Console Server with PowerAlert can be connected directly to a rack mount console (such as B021-000-17 or B021-019 by Tripp Lite) to provide direct local management right at the rack. Connect the rack mount console’s PS/2 Keyboard/Mouse and VGA connectors directly to the PS/2 and VGA connectors on the B092-016. The default video resolution is 1024 x768. The B092-016 Console Server also supports the use of a USB keyboard/mouse.

Alternately, the B092-016 Console Server can also be connected locally to a KVM (or KVMoIP) switch at the rack. The B092-016 Console Server with PowerAlert will enable you then to use this KVM infrastructure to run PowerAlert, to manage your power devices and to run the thin clients to manage other devices.

Note Care should be taken in handling all Console Server products. There are no operator-serviceable

components inside, so do not remove cover. Refer any service to qualified personnel

3. INITIAL SYSTEM CONFIGURATION

Introduction

This chapter provides step-by-step instructions for the initial configuration of your Console Server and connecting it to your management or operational network. This involves the Administrator:

 Activating the Management Console

 Changing the Administrator password

 Setting the IP address for the Console Server’s principal LAN port

 Selecting the network services to be supported

This chapter also discusses the communications software tools that the Administrator may use to access the Console Server. It also covers the configuration of the additional LAN ports on the B096-016/048 Console Server Management Switch.

3.1 Management Console Connection

Your Console Server has a default IP Address 192.168.0.1 Subnet Mask 255.255.255.0

 Directly connect a computer to the Console Server

Note For initial configuration it is recommended that the Console Server be connected directly to a

single computer. However, if you choose to connect your LAN before completing the initial setup steps, it is important that:

 you ensure there are no other devices on the LAN with an address of 192.168.0.1  the Console Server and the computer are on the same LAN segment, with no interposed router

3.1.1 Connected computer set up

To configure the Console Server with a browser, the connected computer should have an IP address in the same range as the Console Server (e.g. 192.168.0.100):

appliances

 To configure the IP Address of your Linux or Unix computer simply run ifconfig

 For Windows computers (Win9x/Me/2000/XP/ Vista/ NT):

 Click Start -> (Settings ->) Control Panel and double click Network Connections (for

95/98/Me, double click Network).

 Right-click on Local Area Connection and select Properties

 Select Internet Protocol (TCP/IP) and click Properties

 Select Use the following IP address and enter the following details:

o IP address: 192.168.0.100

o Subnet mask: 255.255.255.0

 If you wish to retain your existing IP settings for this network connection, click Advanced

and Add the above as a secondary IP connection.

 If it is not convenient to change your computer network address, you can use the ARP-Ping

command to reset the Console Server IP address. To do this from a Windows computer:

 Click Start -> Run

 Type cmd and click OK to bring up the command line

 Type arp –d to flush the ARP cache

 Type arp –a to view the current ARP cache which should be empty

Now add a static entry to the ARP table and ping the Console Server to have it get the IP address. In the example below we have a Console Server with a MAC Address 00:13:C6:00:02:0F (designated on the label on the bottom of the unit) and we are setting its IP address to

192.168.100.23. The computer issuing the arp command must be on the same network segment as the Console Server (i.e. have an IP address of 192.168.100.xxx)

 Type arp -s 192.168.100.23 00-13-C6-00-02-0F (Note for UNIX the syntax is: arp -s

192.168.100.23 00:13:C6:00:02:0F)

 Type ping -t 192.18.100.23 to start a continuous ping to the new IP Address.

 Turn on the Console Server and wait for it to configure itself with the new IP address. It will

start replying to the ping at this point

 Type arp –d to flush the ARP cache again

3.1.2 Browser connection

 Activate your preferred browser on the connected computer and enter https://192.168.0.1 The

Console Server supports all current versions of the popular browsers (Netscape, Internet Explorer, Mozilla Firefox and more)

 You will be prompted to log in. Enter the default

administration username and administration password:

Username: root

Password: default

The above screen, which lists four initial installation configuration steps, will be displayed:

1. Change the default administration password on the System/Administration page (Chapter 3)

2. Configure the local network settings on the System/IP page (Chapter 3)

3. Configure port settings and enable the Serial & Network/Serial Port page (Chapter 4)

4. Configure users with access to serial ports on the Serial & Network/Users page (Chapter 3)

After completing each of the above steps, you can return to the configuration list by clicking in the top left corner of the screen on the logo:

Note If you are not able to connect to the Management Console at 192.168.0.1 or if the default

Username / Password were not accepted then reset your Console Server (refer to Chapter 10)

3.1.3 Initial B092-016 connection

For the initial configuration of the B092-016 Console Server, you will need to connect a console (keyboard, mouse and display) or a KVM switch directly to its mouse, keyboard and VGA ports. When you initially power on the B092-016, you will be prompted on your directly connected video console to log in

 Enter the default administration username and password (Username: root Password: default).

The B092-016 control panel will be displayed

 Click the Configure button on the control panel. This will load the Firefox browser and open the

B092-016 Management Console

 At the Management Console menu select System: Administration

3.2 Administrator Password

For security reasons, only the administration user named root can initially log into your Console Server. Only those people who know the root password can access and reconfigure the Console Server itself. However, anyone who correctly guesses the root password (and the default root password which is default) could gain access. It is therefore essential that you enter and confirm a new root password before giving the Console Server any access to, or control of, your computers and network appliances.

Note: It is also recommended that you set up a new Administrator user as soon as convenient and log-

in as this new user for all ongoing administration functions (rather than root). This Administrator can be configured in the admin group with full access privileges through the Serial & Network: Users & Groups menu as detailed in Chapter 4

 Select System: Administration

 Enter a new System Password then re-enter it in Confirm System Password. This is the new

password for root, the main administrative user account, so it is important that you choose a complex password, and keep it safe

 You may now wish to enter a System Name and System Description for the Console Server to

give it a unique ID and make it simple to identify

 Click Apply. As password has been changed, you will be prompted to log in again. This time use

the new password

Note If you are not confident your Console Server has been supplied with the current release of

firmware, you can upgrade. Refer to Upgrade Firmware - Chapter 10

3.3 Network IP address

It is time to enter an IP address for the principal 10/100 LAN port on the Console Server; or enable its DHCP client so that it automatically obtains an IP address from a DHCP server on the network to which it is to be connected.

 On the System: IP menu select the Network Interface page then check DHCP or static for the

Configuration Method

 If you select static you must manually enter the new IP Address, Subnet Mask, Gateway and

DNS server details. This selection automatically disables the DHCP client

 If you select DHCP, the Console Server will look for configuration details from a DHCP server on

your management LAN. This selection automatically disables any static address. The Console Server MAC address can be found on a label on the base plate

Note In its factory default state (with no Configuration Method selected) the Console Server has its

DHCP client enabled, so it automatically accepts any network IP address assigned by a DHCP server on your network. In this initial state, the Console Server will then respond to both its Static address (192.168.0.1) and its newly assigned DHCP address

 By default, the Console Server 10/100 LAN port auto detects the Ethernet connection speed.

However you can use the Media menu to lock the Ethernet to 10 Mb/s or 100Mb/s and to Full Duplex (FD) or Half Duplex (HD)

Note If you have changed the Console Server IP address, you may need to reconfigure your Computer

so it has an IP address that is in the same network range as this new address (as detailed in an earlier note in this chapter)

 Click Apply

 You will need to reconnect the browser on the Computer that is connected to the Console

Server by entering http://new IP address

3.3.1 IPv6 configuration

By default, the Console Server Ethernet interfaces support IPv4, however, they can also be configured for IPv6 operation:

 On the System: IP menu select General Settings page and check Enable IPv6

 You will then need to configure the IPv6 parameters on each interface page

3.4 System Services

The Administrator has a selection of access protocols that can be used to access the Console Server. The factory default enables HTTPS and SSH access to the Console Server and disables HTTP and Telnet. The User can also use the nominated services for limited access to the Console Server itself. The Administrator can configure the services to be enabled:

 Select System: Services. Then select /deselect the service to be enabled /disabled. The following

access protocol options are available:

HTTPS Ensures secure browser access to all the Management Console menus. It also allows

appropriately configured Users secure browser access to selected Management Console Manage menus. If HTTPS is enabled, the Administrator will be able to use a secure browser connection to the Console Server’s Management Console. For information on certificate and user/client software configuration, refer to Chapter 9 - Authentication. By default, HTTPS is enabled, and it is recommended that only HTTPS access be used if the Console Server is to be managed over any public network (e.g. the Internet).

HTTP Allows the Administrator basic browser access to the Management Console. It is

recommended that you disable the HTTP service if the Console Server is to be remotely accessed over the Internet.

Telnet Gives the Administrator Telnet access to the system command line shell (Linux

commands). While this may be suitable for a local direct connection over a management LAN, it is recommended this service be disabled if the Console Server is to be remotely administered.

SSH Provides secure SSH access to the Linux command line shell. It is recommended you

choose SSH as the protocol when the Administrator is connecting to the Console Server over the Internet or over any other public network. This will provide authenticated communications between the SSH client program on the remote Computer and the SSH sever in the Console Server. For more information on SSH configuration, refer to Chapter 9 - Authentication.

 There are also a number of related service options that can be configured at this stage:

SNMP Enables netsnmp in the Console Server which will keep a remote log of all posted

information. SNMP is disabled by default. To modify the default SNMP settings, the Administrator must make the edits at the command line as described in Chapter 15 –

Advanced Configuration

TFTP The Console Servers set up default TFTP server on the USB flash card. This server can

be used to store config files, maintain access and transaction logs, etc.

Ping Allows the Console Server to respond to incoming ICMP echo requests. Ping is

enabled by default, however, for security reasons this service should generally be disabled post initial configuration

 And there are some serial port access parameters that can be configured on this menu:

Base The Console Server uses specific default ranges for the TCP/IP ports for the various

access services that Users and Administrators can use to access devices attached to serial ports (as covered in Chapter 4 – Configuring Serial Ports). The Administrator can also set alternate ranges for these services, and these secondary ports will then be used in addition to the defaults.

The default TCP/IP base port address for Telnet access is 2000, and the range for Telnet is IP Address: Port (2000 + serial port #) i.e. 2001 – 2048. So if the Administrator were to set 8000 as a secondary base for Telnet then serial port #2 on the Console Server can be Telnet accessed at IP Address: 2002 and at IP Address:

8002.

The default base for SSH is 3000; for Raw TCP is 4000; for RFC2217 it is 5000 and for Unauthenticated Telnet it is 6000.

 The B092-016 Console Server with PowerAlert also presents some additional service and

configuration options:

VNC The B092-016 Console Server has an internal VNC server. When enabled, it allows

remote users to connect to the Console Server and run the PowerAlert software and any other embedded thin client programs as if they were plugged in locally to the KVM connectors on the B092-016 (refer to Chapter 16 for more details). Users

connect using port 5900 and need to run

Secure VNC This enables a secure encrypted remote connection using VNC over SSL on port

5800 to the B092-016 Console Server (refer to Chapter 16)

PowerAlert This configuration option will automatically start the PowerAlert application on

the B092-016 and display the console as soon as you log into the local display or VNC session (refer to Chapter 16). The complete PowerAlert manual can be downloaded at

www.tripplite.com/EN/support/PowerAlert/Downloads.cfm

a VNC client applet

 Click Apply. As you apply your services selections, the screen will be updated with a

confirmation message:

Message Changes to configuration succeeded.

3.5 Communications Software

You need to configure the access protocols that the communications software on the Administrator and User Computer will use when connecting to the Console Server (and when connecting to serial devices and network hosts which are attached to the Console Server).

This section provides an overview of the communications software tools that can be used on the remote computer. Tripp Lite recommends the SDT Connector software tool that is provided with the Console Server, however, generic tools such as PuTTY and SSHTerm may also be used.

3.5.1 SDT Connector

We recommend using the SDT Connector communications software for all communications with Console Servers. Each Console Server is supplied with an unlimited number of SDT Connector licenses to use with that Console Server.

SDT Connector is a lightweight tool that enables Users and Administrators to securely access the Console Server, and the various computers, network devices and appliances that may be serially or networkconnected to the Console Server.

SDT Connector can be installed on Windows 2000, XP, 2003, Vista and on most Linux, UNIX and Solaris computers as detailed in Chapter 7.

3.5.2 PuTTY

Communications packages like PuTTY can be also used to connect to the Console Server command line (and to connect to serially attached devices as covered in Chapter 4). PuTTY is a freeware implementation of Telnet and SSH for Win32 and UNIX platforms. It runs as an executable application without needing to be installed onto your system. PuTTY (the Telnet and SSH client itself) can be downloaded at http://www.tucows.com/preview/195286.html

 To use PuTTY for an SSH terminal session from a

Windows client, enter the Console Server’s IP address as the ‘Host Name (or IP address)’

 To access the Console Server command line,

select ‘SSH’ as the protocol and use the default IP Port 22

 Click ‘Open’ and the Console Server login

prompt will appear. (You may also receive a ‘Security Alert’ that the host’s key is not cached. Choose ‘yes’ to continue.)

 Using the Telnet protocol is similarly simple, but

you need to use the default port 23

3.5.3 SSHTerm

Another common communications package that may be useful is SSHTerm. This is an open source package that can be downloaded from http://sourceforge.net/projects/sshtools

 To use SSHTerm for an SSH terminal session from a

Windows Client, simply Select the ‘File’ option and click on ‘New Connection’.

 A new dialog box will appear for your ‘Connection Profile’.

Type in the host name or IP address (for the Console Server unit) and the TCP port that the SSH session will use (port 22). Then type in your username and choose password authentication and click Connect.

 A message may appear about the host key fingerprint.

You will need to select ‘Yes’ or ‘Always’ to continue.

 The next step is password authentication. You will be

prompted for your username and password from the remote system. You will then be logged on to the Console Server

3.6 Management Network Configuration (B096-048/016 only)

The B096-048/016 Console Server Management Switches have a second Ethernet network port that can be configured as a management Console Server/LAN port or as a failover/OoB access port.

3.6.1 Configure Management Switch as a Management LAN gateway

The Management Switch in the B096-048/016 Console Servers can be configured to provide a management LAN gateway. With this configuration, the B096-048/016 provides firewall, router and DHCP server features and you can connect managed hosts to this management LAN.

These features are all disabled by default. To configure the Management LAN gateway:

 Select the Management LAN page on the System: IP menu and uncheck Disable

 Configure the IP Address and Subnet Mask for the Management LAN (leaving the Gateway and

DNS fields blank) then click Apply

 The management LAN gateway function is now enabled with default firewall and router rules.

These rules can be reconfigured at the command line.

Note The second Ethernet port on the B096-048/016 can be configured as either a Management LAN

gateway port or it can be configured as an OoB/Failover port - but not both. So be sure that you did not allocate Management LAN as the Failover Interface when you configured the principal

The B096-048/016 Console Server Management Switches also host a DHCP server which by default is set at disabled. The DHCP server enables the automatic distribution of IP addresses to hosts running DHCP clients on the Management LAN. To enable the DHCP server:

Network connection on the System: IP menu

 On the System: IP menu select the Management LAN page and click the Disabled label in the

DHCP Server field; or go to the System: DHCP Server menu and check Enable DHCP Server

+ 194 hidden pages