Tripp Lite 93-2879, B096-048, B096-016 User Manual

Warranty
Registration:
register online today for a
chance to win a FREE Tripp Lite
product—www.tripplite.com/warranty
Owner’s Manual
Models: B096-016 / B096-048
&
Console Server with PowerAlert
Model: B092-016
Tripp Lite World Headquarters
1111 W. 35th Street, Chicago, IL 60609 USA
(773) 869-1234 (USA) • 773.869.1212 (International)
www.tripplite.com
Copyright © 2009 Tripp Lite. All rights reserved. All trademarks are the property of their respective owners.
1
INDEX
1. INTRODUCTION 9
2. INSTALLATION 14
2.1 Models 14
2.1.1 Kit components: B096-048 and B096-016 Console Server Management Switch 14
2.1.2 Kit components: B092-016 Console Server with PowerAlert 15
2.2 Power connection 15
2.2.1 Power: Console Server Management Switch 15
2.2.2 Power: Console Server with PowerAlert 16
2.3 Network connection 16
2.4 Serial Port connection 16
2.5 USB Port Connection 17
2.6 Rackmount Console / KVM Connection (B092-016 only) 17
3. INITIAL SYSTEM CONFIGURATION 18
3.1 Management Console Connection 18
3.1.1 Connected computer set up 18
3.1.2 Browser connection 19
3.1.3 Initial B092-016 connection 21
3.2 Administrator Password 21
3.3 Network IP address 22
3.3.1 IPv6 configuration 23
3.4 System Services 24
3.5 Communications Software 27
3.5.1 SDT Connector 27
3.5.2 PuTTY 27
3.5.3 SSHTerm 28
3.6 Management Network Configuration (B096-048/016 only) 29
3.6.1 Configure Management Switch as a Management LAN gateway 29
3.6.3 Configure Management Switch for Failover or broadband OOB 32
4. SERIAL PORT AND NETWORK HOST 33
4.1 Configuring Serial Ports 33
4.1.1 Common Settings 34
4.1.2 Console Server Mode 35
2
4.1.3 SDT Mode 39
4.1.4 Device (RPC, UPS, EMD) Mode 39
4.1.5 Terminal Server Mode 39
4.1.6 Serial Bridging Mode 40
4.1.7 Syslog 41
4.2 Add/Edit Users 41
4.3 Authentication 44
4.4 Network Hosts 44
4.5 Trusted Networks 46
4.6 Serial Port Cascading 47
4.6.1 Automatically generate and upload SSH keys 47
4.6.2 Manually generate and upload SSH keys 48
4.6.3 Configure the Slaves and their serial ports 50
4.6.4 Managing the Slaves 51
5. FAILOVER AND OUT-OF-BAND ACCESS 52
5.1 OoB Dial-In Access 52
5.1.1 Configure dial-in PPP 52
5.1.2 Using SDT Connector client for dial-in 54
5.1.3 Set up Windows XP/ 2003/Vista client for dial-in 54
5.1.4 Set up earlier Windows clients for dial-in 55
5.1.5 Set up Linux clients for dial-in 56
5.2 OoB Broadband Access (B096-048/016 only) 56
5.3 Broadband Ethernet Failover (B096-048/016 only) 56
5.4 Dial-Out Failover 58
6. SECURE TUNNELING AND SDT CONNECTOR 60
6.1 Configuring for SDT Tunneling to Hosts 61
6.2 SDT Connector Configuration 61
6.2.1 SDT Connector client installation 62
6.2.2 Configuring a new gateway in the SDT Connector client 63
6.2.3 Auto-configure SDT Connector client with the user’s access privileges 64
6.2.4 Make an SDT connection through the gateway to a host 65
6.2.5 Manually adding hosts to the SDT Connector gateway 66
6.2.6 Manually adding new services to the new hosts 67
6.2.7 Adding a client program to be started for the new service 69
6.2.8 Dial- in configuration 70
3
6.2.9 Choosing an alternate SSH client (e.g. PuTTY) 70
6.3 SDT Connector to Management Console 75
6.4 SDT Connector - Telnet or SSH connect to serially attached devices 76
6.5 Using SDT Connector for out-of-band connection to the gateway 77
6.6 Importing (and exporting) preferences 79
6.7 SDT Connector Public Key Authentication 79
6.8 Setting up SDT for Remote Desktop access 80
6.8.1 Enable Remote Desktop on the target Windows computer to be accessed 80
6.8.2 Configure the Remote Desktop Connection client 81
6.9 SDT SHH Tunnel for VNC 85
6.9.1 Install and configure the VNC Server on the computer to be accessed 85
6.9.2 Install, configure and connect the VNC Viewer 86
6.10 Using SDT to IP connect to hosts that are serially attached to the gateway 88
6.10.1 Establish a PPP connection between the host COM port and Console Server 88
6.10.2 Set up SDT Serial Ports on Console Server 91
6.10.3 Set up SDT Connector to ssh port forward over the Console Server Serial Port 92
7. ALERTS AND LOGGING 93
7.1 Configure SMTP/SMS/SNMP/Nagios alert service 93
7.1.1 Email alerts 93
7.1.2 SMS alerts 94
7.1.3 SNMP alerts 95
7.1.4 Nagios alerts 96
7.2 Activate Alert Events and Notifications 96
7.2.1 Add a new alert 97
7.2.2 Select general alert type 98
7.2.3 Configuring environment and power alert type 99
7.3 Remote Log Storage 100
7.4 Serial Port Logging 101
7.5 Network TCP or UDP Port Logging 102
POWER & ENVIRONMENTAL MANAGEMENT 103
8.1 Remote Power Control (RPC) 103
8.1.1 RPC connection 103
8.1.2 RPC alerts 105
8.1.3 RPC status 105
4
8.1.4 User power management 105
8.2 Uninterruptible Power Supply Control (UPS) 106
8.2.1 Managed UPS connections 106
8.2.2 Configure UPS powering the Console Server 109
8.2.3 Configuring powered computers to monitor a Managed UPS 110
8.2.4 UPS alerts 111
8.2.5 UPS status 111
8.2.6 Overview of Network UPS Tools (NUT) 111
8.3 Environmental Monitoring 113
8.3.1 Connecting the EMD 114
8.3.2 Environmental alerts 115
8.3.3 Environmental status 115
AUTHENTICATION 117
9.1 Authentication Configuration 117
9.1.1 Local authentication 118
9.1.2 TACACS authentication 118
9.1.3 RADIUS authentication 119
9.1.4 LDAP authentication 120
9.1.5 RADIUS/TACACS user configuration 121
9.2 PAM (Pluggable Authentication Modules) 122
9.3 Secure Management Console Access 123
NAGIOS INTEGRATION 125
10.1 Nagios Overview 125
10.2 Central management 126
10.2.1 Set up central Nagios server 126
10.2.2 Set up distributed Console Servers 127
10.3 Configuring Nagios distributed monitoring 129
10.3.1 Enable Nagios on the Console Server 129
10.3.2 Enable NRPE monitoring 131
10.3.3 Enable NSCA monitoring 132
10.3.4 Configure selected Serial Ports for Nagios monitoring 132
10.3.5 Configure selected Network Hosts for Nagios monitoring 133
10.3.6 Configure the upstream Nagios monitoring host 134
10.4 Advanced Distributed Monitoring Configuration 135
10.4.1 Sample Nagios configuration 135
5
10.4.2 Basic Nagios plug-ins 138
10.4.3 Additional plug-ins 138
11. SYSTEM MANAGEMENT 140
11.1 System Administration and Reset 140
11.2 Upgrade Firmware 141
11.3 Configure Date and Time 142
12. STATUS REPORTS 143
12.1 Port Access and Active Users 143
12.2 Statistics 143
12.3 Support Reports 144
12.4 Syslog 144
13. MANAGEMENT 146
13.1 Device Management 146
13.2 Port and Host Management 146
13.3 Power Management 147
13.4 Serial Port Terminal Connection 147
13.5 Remote Console Access (B092-016 only) 149
14. BASIC CONFIGURATION - LINUX COMMANDS 151
14.1 The Linux Command line 152
14.2 Administration Configuration 154
System Settings 154
Authentication Configuration 154
14.3 Date and Time Configuration 155
14.4 Network Configuration 156
IP Configuration 156
Dial-in Configuration 157
Services Configuration 158
14.5 Serial Port Configuration 159
Serial Port Settings 159
Supported Protocol Configuration 160
Users 160
Trusted Networks 161
14.6 Event Logging Configuration 162
Remote Serial Port Log Storage 162
6
Alert Configuration 163
14.7 SDT Host Configuration 163
SDT Host TCP Ports 163
14.8 Configuration backup and restore 165
14.9 General Linux command usage 166
15. ADVANCED CONFIGURATION 168
15.1 Advanced Portmanager 169
15.2 External Scripts and Alerts 171
15.3 Raw Access to Serial Ports 173
15.4 IP- Filtering 174
15.5 Modifying SNMP Configuration 176
Adding more than on SNMP server 177
15.6 Secure Shell (SSH) Public Key Authentication 178
SSH Overview 178
Generating Public Keys (Linux) 179
Installing the SSH Public/Private Keys (Clustering) 180
Installing SSH Public Key Authentication (Linux) 180
Generating Public/Private keys for SSH (Windows) 182
Fingerprinting 184
SSH tunneled serial bridging 185
SDT Connector Public Key Authentication 188
15.7 Secure Sockets Layer (SSL) Support 189
15.8 HTTPS 190
15.9 Power Strip Control 192
PowerMan 192
pmpower 194
Adding new RPC devices 194
15.10 IPMItool 196
15.11 Scripts for Managing Slaves 200
16. THIN CLIENT (B092-016) 202
16.1 Local Client Service Connections 202
16.1.1 Connect- serial terminal 204
16.1.2 Connect- browser 204
16.1.3 Connect- VNC 205
7
16.1.4 Connect- SSH 206
16.1.5 Connect- IPMI 207
16.1.6 Connect- Remote Desktop (RDP) 208
16.1.7 Connect- Citrix ICA 209
Connect- PowerAlert 209
16.1.8
16.2 Advanced Control Panel 210
16.2.1 System: Terminal 210
16.2.2 System: Shutdown / Reboot 211
16.2.3 System: Logout 211
16.2.4 Custom 211
16.2.5 Status 211
16.2.6 Logs 211
16.3 Remote control 212
Appendix A Hardware Specification 213
Appendix B Serial Port Connectivity 214
Appendix C End User License Agreement 216
Appendix D Service and Warranty 223
8
1. INTRODUCTION
This Manual
This User Manual is provided to help you get the most from your B096-016 / B096-048 Console Server Management Switch or B092-016 Console Server with PowerAlert product. These products are referred to generically in this manual as Console Servers.
Once configured, you will be able to use your Console Server to securely monitor, access and control the computers, networking devices, telecommunications equipment, power supplies and operating environment in your data center, branch office or communications room. This manual guides you in managing this infrastructure locally (at the rack side or across your operations or management LAN or through the local serial console port), and remotely (across the Internet, private network or via dial up).
FCC Information
This is an FCC Class A product. In a domestic environment this product may cause radio interference in which case the user may be required to take adequate measures. This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment.
This equipment generates, uses and can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference, in which case the user will be required to correct the interference at his own expense.
RoHS
This product is RoHS compliant.
User Notice
All information, documentation and specifications contained in this manual are subject to change without prior notification by the manufacturer. The manufacturer makes no representations or warranties, either expressed or implied, with respect to the contents hereof and specifically disclaims any warranties as to merchantability or fitness for any particular purpose. Any of the manufacturer's software described in this manual is sold or licensed `as is'. Should the programs prove defective following their purchase, the buyer (and not the manufacturer, its distributor, or its dealer), assumes the entire cost of all necessary servicing, repair and any incidental or consequential damages resulting from any defect in the software.
The manufacturer of this system is not responsible for any radio and/or TV interference caused by unauthorized modifications to this device. It is the responsibility of the user to correct such interference. The manufacturer is not responsible for any damage incurred in the operation of this system if the correct operational voltage setting was not selected prior to operation.
RODUCTION
9
Please take care to follow the safety precautions below when installing and operating the Console Server:
Do not remove the metal covers. There are no operator-serviceable
components inside. Opening or removing the cover may expose you to dangerous voltage which may cause fire or electric shock. Refer all service to Tripp Lite qualified personnel
To avoid electric shock the power cord protective grounding conductor
must be connected through to ground
Always pull on the plug, not the cable, when disconnecting the power cord
from the socket
Do not connect or disconnect the Console Server during an electrical storm
Also it is recommended you use a surge suppressor or UPS to protect the
equipment from transients
Manual Organization
This User Manual covers all aspects of installation, configuration and operation and an overview of the information found in the manual is provided below.
1. Introduction An overview of the features of the Console Server and information on this manual
2. Installation Details physical installation of the Console Server and the interconnection of controlled devices
3. System Configuration Describes the initial installation and configuration using the Management Console of the Console Server on the network and the services that will be supported
4. Serial and Network Covers configuring serial ports and connected network hosts, and setting up Users and Groups
5. Failover and OoB dial-in Describes setting up the high-availability access features of the Console Server
6. Secure Tunneling (SDT) Covers secure remote access using SSH and configuring for RDP, VNC, HTTP, HTTPS, etc. access to network and serially connected devices
7. Alerts and Logging Explains the setting up of local and remote event/ data logs and triggering SNMP and email alerts
8. Power & Environment Management of USB, serial and network attached Power Distribution units and UPS units including Network UPS Tool (NUT) operation and IPMI power control. EMD environmental sensor configuration
9. Authentication All access to the Console Server requires usernames and passwords which are locally or externally authenticated
10
10. Nagios Integration Setting Nagios central management with SDT extensions and configuring the Console Server as a distributed Nagios server
11. System Management Covers access to and configuration of services to be run on the Console Server
12. Status Reports View the status and logs of serial and network connected devices (ports, hosts, power and environment)
13. Management Includes port controls and reports that can accessed by Users
14. Basic Configuration Command line installation and configuration using the config command
15. Advanced Config More advanced command line configuration activities where you will need to use Linux commands
16. Thin Client Configuration and use of the thin client and other applications (including Power Alert) embedded in the Console Server with PowerAlert (B092-
016) product
Types of users
The Console Server supports two classes of users:
I. Administrative users: Those who will be authorized to configure and control the Console Server; and
to access and control all the connected devices. These administrative users will be set up as members of the admin user group. Any user in this class is referred to generically in this manual as an Administrator. An Administrator can access and control the Console Server using the config utility, the Linux command line or the browser-based Management Console. By default the Administrator has access to all services and ports to control all the serial connected devices and network connected devices (hosts).
II. Users: Embraces those who have been set up by the Administrator with specific limits on their
access and control authority. These users are set up as members of the users user group (or some other user groups the Administrator may have added). They are only authorized to perform specified controls on specific connected devices and are referred to as Users. These Users (when authorized) can access serial or network connected devices; and control these devices using the specified services (e.g. Telnet, HHTPS, RDP, IPMI, Serial over LAN, Power Control). An authorized User can also use the Management Console to access configured devices and review port logs.
In this manual, when the term user (lower case) is used, it is referring to both the above classes of users. This document also uses the term remote users to describe users who are not on the same LAN segment as the Console Server. These remote users may be Users, who are on the road connecting to managed devices over the public Internet, or it may be an Administrator in another office connecting to the Console Server itself over the enterprise VPN, or the remote user may be in the same room or the same office but connected on a separate VLAN to the Console Server.
Management Console
The Console Server Management Console runs in a browser. It provides a view of your Console Server Management Switch (B096-016/048) or Console Server with PowerAlert (B092-016) product and all the connected equipment. Administrators can use the Management Console, either locally or from a remote
11
location, to configure the Console Server, set up Users, configure the ports and connected hosts, and set up logging and alerts.
An authorized User can use the Management Console to access and control configured devices, review port logs, use the in-built java terminal to access serially attached consoles and control power to connected devices.
The Console Server runs an embedded Linux operating system. Experienced Linux and UNIX users may prefer to undertake configuration at the command line. As an Administrator you can get command line access by connecting through a terminal emulator or communications program to the console serial port; or by SSH or Telnet connecting to the Console Server over the LAN; or by connecting to the Console Server through an SSH tunnel using the SDTConnector.
The B092-016 Console Server also has PowerAlert software and a selection of thin clients embedded (RDP, Firefox etc). You will be able to use these consoles as well as the standard Management Console for access and control.
Manual Conventions
This manual uses different fonts and typefaces to show specific actions:
Note Text presented like this indicates issues which need to be noted
12
Text presented like this highlights important issues and it is essential you read and take heed of these warnings
Text presented with an arrow head indent indicates an action you should take as part of the
procedure.
Bold text indicates text that you type, or the name of a screen object (e.g. a menu or button) on the Management Console.
Italic text is also used to indicate a text command to be entered at the command line level.
Publishing history
Date Revision Update details
January 2009 0.9 Initial draft
February 2009 0.91 Pre-release
13
2. INSTALLATION
Introduction
This chapter describes the physical installation of the Console Server hardware and connection to controlled devices
2.1 Models
There are a number of Console Server models, each with a different number of network, USB and serial ports and power supplies:
Serial
Ports
B096-048 48 2 1 1 Internal Dual AC Universal Input B096-016 16 2 1 1 Internal Dual AC Universal Input B092-016 16 1 1+KVM 4 - Single AC Universal Input
Network
Ports
Console
Port
USB Port
Modem Power
2.1.1 Kit components: B096-048 and B096-016 Console Server Management Switch
Unpack your Console Server Management Switch kit and verify you have all the parts shown
above, and that they all appear in good working order
B096-048 or B096-016 Console Server Management Switch
2 x Cable UTP Cat5 blue
Connectors DB9F-RJ45S straight and cross-over
Dual IEC AC power cords
Quick Start Guide and CD-ROM
14
If you are installing your Console Server Management Switch in a rack you will need to attach
the rack mounting brackets supplied with the unit, and install the unit in the rack. Take care to head the Safety Precautions
Connect your Console Server Management Switch to the network, to the serial ports of the
controlled devices, and to power as outlined below
2.1.2 Kit components: B092-016 Console Server with PowerAlert
Unpack your Console Server and verify you have all the parts shown above, and that they all
appear in good working order
If you are installing your Console Server in a rack, you will need to attach the rack mounting
brackets supplied with the unit, and install the unit in the rack. Take care to heed the Safety Precautions listed earlier
B092-016 Console Server with PowerAlert
2 x Cable UTP Cat5 blue
Connector DB9F-RJ45S straight and DB9F­RJ45S cross-over
AC power cable
Quick Start Guide and CD-ROM
Proceed to connect your B092-016 to the network, to the serial and USB ports of the controlled
devices, to any rack side LCD console or KVM switch, and to power as outlined below
2.2 Power connection
2.2.1 Power: Console Server Management Switch
The B096-048/16 Console Server Management Switch has dual universal AC power supplies with auto failover built in. These power supplies each accept AC input voltage between 100 and 240 VAC with a frequency of 50 or 60 Hz and the total power consumption per Console Server is less than 30W. Two IEC AC power sockets are located at the rear of the metal case, and these IEC power inlets use conventional IEC AC power cords. A North American power cord is provided by default. Power cords for other regions are available separately from Tripp Lite.
15
2.2.2 Power: Console Server with PowerAlert
The standard B092-016 Console Server has a built-in universal auto-switching AC power supply. This power supply accepts AC input voltage between 100 and 240 VAC with a frequency of 50 or 60 Hz and the power consumption is less than 40W.
The AC power socket is located at the rear of the B092-016. This power inlet uses a conventional AC power cord. A North American power cord is provided by default. Power cords for other regions are available separately from Tripp Lite.
2.3 Network connection
The RJ45 10/100 LAN port is located on the rear of the B092-016 Console Server, and on the front of the B096-048/016 Console Server Management Switch. All physical connections are made using industry standard Cat5e patch cables (Tripp Lite N001 and N002 series cables). Ensure you only connect the LAN port to an Ethernet network that supports 10Base-T/100Base-T. For the initial configuration of the Console Server you must connect a computer to the Console Server’s principal network port.
2.4 Serial Port connection
The RJ45 serial ports are located on the rear of the B092-016 Console Server and on the front of the B096-048/016 Console Server Management Switch. These Console Servers use the RJ45 pinout used by Cisco. Use straight through RJ-45 cabling to connect to equipment such as Cisco, Juniper, SUN, and more.
PIN SIGNAL DEFINITION DIRECTION
1 CTS Clear To Send Input 2 DSR Data Set Ready Input 3 RXD Receive Data Input
Conventional Cat5 cabling with RJ45 jacks are used for serial connections. Before connecting the console port of an external device to the Console Server serial port, confirm that the device supports standard RS-232C (EIA-232).
4 GND Signal Ground NA 5 GND Signal Ground NA 6 TXD Transmit Data Output 7 DTR Data Terminal Ready Output 8 RTS Request To Send Output
16
The Console Server also has a DB9 LOCAL (Console/Modem) port. This DB-9 connector is on the rear panel of the B092-016 Console Server, and on the front panel of the B096-048/016 Console Server Management Switch.
2.5 USB Port Connection
The B096-048/016 Console Server Management Switch has one USB port on the front panel. External USB devices can be plugged into this USB port. The B096-048/016 Console Server Management Switch ships with a USB memory stick so that it will be installed in this port for extended log file storage.
There are four USB 2.0 ports on the rear panel of the B092-016 Console Server. These ports are used to connect to USB consoles (of managed UPS hardware) and to other external devices (such as a USB memory stick or keyboard).
External USB devices (including USB hubs) can be plugged into any Console Server USB port.
2.6 Rackmount Console / KVM Connection (B092-016 only)
B092-016 Console Server with PowerAlert can be connected directly to a rack mount console (such as B021-000-17 or B021-019 by Tripp Lite) to provide direct local management right at the rack. Connect the rack mount console’s PS/2 Keyboard/Mouse and VGA connectors directly to the PS/2 and VGA connectors on the B092-016. The default video resolution is 1024 x768. The B092-016 Console Server also supports the use of a USB keyboard/mouse.
Alternately, the B092-016 Console Server can also be connected locally to a KVM (or KVMoIP) switch at the rack. The B092-016 Console Server with PowerAlert will enable you then to use this KVM infrastructure to run PowerAlert, to manage your power devices and to run the thin clients to manage other devices.
Note Care should be taken in handling all Console Server products. There are no operator-serviceable
components inside, so do not remove cover. Refer any service to qualified personnel
17
3. INITIAL SYSTEM CONFIGURATION
Introduction
This chapter provides step-by-step instructions for the initial configuration of your Console Server and connecting it to your management or operational network. This involves the Administrator:
Activating the Management Console
Changing the Administrator password
Setting the IP address for the Console Server’s principal LAN port
Selecting the network services to be supported
This chapter also discusses the communications software tools that the Administrator may use to access the Console Server. It also covers the configuration of the additional LAN ports on the B096-016/048 Console Server Management Switch.
3.1 Management Console Connection
Your Console Server has a default IP Address 192.168.0.1 Subnet Mask 255.255.255.0
Directly connect a computer to the Console Server
Note For initial configuration it is recommended that the Console Server be connected directly to a
single computer. However, if you choose to connect your LAN before completing the initial setup steps, it is important that:
you ensure there are no other devices on the LAN with an address of 192.168.0.1 the Console Server and the computer are on the same LAN segment, with no interposed router
3.1.1 Connected computer set up
To configure the Console Server with a browser, the connected computer should have an IP address in the same range as the Console Server (e.g. 192.168.0.100):
appliances
To configure the IP Address of your Linux or Unix computer simply run ifconfig
For Windows computers (Win9x/Me/2000/XP/ Vista/ NT):
Click Start -> (Settings ->) Control Panel and double click Network Connections (for
95/98/Me, double click Network).
Right-click on Local Area Connection and select Properties
Select Internet Protocol (TCP/IP) and click Properties
Select Use the following IP address and enter the following details:
18
o IP address: 192.168.0.100
o Subnet mask: 255.255.255.0
If you wish to retain your existing IP settings for this network connection, click Advanced
and Add the above as a secondary IP connection.
If it is not convenient to change your computer network address, you can use the ARP-Ping
command to reset the Console Server IP address. To do this from a Windows computer:
Click Start -> Run
Type cmd and click OK to bring up the command line
Type arp –d to flush the ARP cache
Type arp –a to view the current ARP cache which should be empty
Now add a static entry to the ARP table and ping the Console Server to have it get the IP address. In the example below we have a Console Server with a MAC Address 00:13:C6:00:02:0F (designated on the label on the bottom of the unit) and we are setting its IP address to
192.168.100.23. The computer issuing the arp command must be on the same network segment as the Console Server (i.e. have an IP address of 192.168.100.xxx)
Type arp -s 192.168.100.23 00-13-C6-00-02-0F (Note for UNIX the syntax is: arp -s
192.168.100.23 00:13:C6:00:02:0F)
Type ping -t 192.18.100.23 to start a continuous ping to the new IP Address.
Turn on the Console Server and wait for it to configure itself with the new IP address. It will
start replying to the ping at this point
Type arp –d to flush the ARP cache again
3.1.2 Browser connection
Activate your preferred browser on the connected computer and enter https://192.168.0.1 The
Console Server supports all current versions of the popular browsers (Netscape, Internet Explorer, Mozilla Firefox and more)
19
You will be prompted to log in. Enter the default
administration username and administration password:
Username: root
Password: default
The above screen, which lists four initial installation configuration steps, will be displayed:
1. Change the default administration password on the System/Administration page (Chapter 3)
2. Configure the local network settings on the System/IP page (Chapter 3)
3. Configure port settings and enable the Serial & Network/Serial Port page (Chapter 4)
4. Configure users with access to serial ports on the Serial & Network/Users page (Chapter 3)
After completing each of the above steps, you can return to the configuration list by clicking in the top left corner of the screen on the logo:
Note If you are not able to connect to the Management Console at 192.168.0.1 or if the default
Username / Password were not accepted then reset your Console Server (refer to Chapter 10)
20
3.1.3 Initial B092-016 connection
For the initial configuration of the B092-016 Console Server, you will need to connect a console (keyboard, mouse and display) or a KVM switch directly to its mouse, keyboard and VGA ports. When you initially power on the B092-016, you will be prompted on your directly connected video console to log in
Enter the default administration username and password (Username: root Password: default).
The B092-016 control panel will be displayed
Click the Configure button on the control panel. This will load the Firefox browser and open the
B092-016 Management Console
At the Management Console menu select System: Administration
3.2 Administrator Password
For security reasons, only the administration user named root can initially log into your Console Server. Only those people who know the root password can access and reconfigure the Console Server itself. However, anyone who correctly guesses the root password (and the default root password which is default) could gain access. It is therefore essential that you enter and confirm a new root password before giving the Console Server any access to, or control of, your computers and network appliances.
Note: It is also recommended that you set up a new Administrator user as soon as convenient and log-
in as this new user for all ongoing administration functions (rather than root). This Administrator can be configured in the admin group with full access privileges through the Serial & Network: Users & Groups menu as detailed in Chapter 4
21
Select System: Administration
Enter a new System Password then re-enter it in Confirm System Password. This is the new
password for root, the main administrative user account, so it is important that you choose a complex password, and keep it safe
You may now wish to enter a System Name and System Description for the Console Server to
give it a unique ID and make it simple to identify
Click Apply. As password has been changed, you will be prompted to log in again. This time use
the new password
Note If you are not confident your Console Server has been supplied with the current release of
firmware, you can upgrade. Refer to Upgrade Firmware - Chapter 10
3.3 Network IP address
It is time to enter an IP address for the principal 10/100 LAN port on the Console Server; or enable its DHCP client so that it automatically obtains an IP address from a DHCP server on the network to which it is to be connected.
On the System: IP menu select the Network Interface page then check DHCP or static for the
Configuration Method
If you select static you must manually enter the new IP Address, Subnet Mask, Gateway and
DNS server details. This selection automatically disables the DHCP client
22
If you select DHCP, the Console Server will look for configuration details from a DHCP server on
your management LAN. This selection automatically disables any static address. The Console Server MAC address can be found on a label on the base plate
Note In its factory default state (with no Configuration Method selected) the Console Server has its
DHCP client enabled, so it automatically accepts any network IP address assigned by a DHCP server on your network. In this initial state, the Console Server will then respond to both its Static address (192.168.0.1) and its newly assigned DHCP address
By default, the Console Server 10/100 LAN port auto detects the Ethernet connection speed.
However you can use the Media menu to lock the Ethernet to 10 Mb/s or 100Mb/s and to Full Duplex (FD) or Half Duplex (HD)
Note If you have changed the Console Server IP address, you may need to reconfigure your Computer
so it has an IP address that is in the same network range as this new address (as detailed in an earlier note in this chapter)
Click Apply
You will need to reconnect the browser on the Computer that is connected to the Console
Server by entering http://new IP address
3.3.1 IPv6 configuration
By default, the Console Server Ethernet interfaces support IPv4, however, they can also be configured for IPv6 operation:
On the System: IP menu select General Settings page and check Enable IPv6
23
You will then need to configure the IPv6 parameters on each interface page
3.4 System Services
The Administrator has a selection of access protocols that can be used to access the Console Server. The factory default enables HTTPS and SSH access to the Console Server and disables HTTP and Telnet. The User can also use the nominated services for limited access to the Console Server itself. The Administrator can configure the services to be enabled:
24
Select System: Services. Then select /deselect the service to be enabled /disabled. The following
access protocol options are available:
HTTPS Ensures secure browser access to all the Management Console menus. It also allows
appropriately configured Users secure browser access to selected Management Console Manage menus. If HTTPS is enabled, the Administrator will be able to use a secure browser connection to the Console Server’s Management Console. For information on certificate and user/client software configuration, refer to Chapter 9 - Authentication. By default, HTTPS is enabled, and it is recommended that only HTTPS access be used if the Console Server is to be managed over any public network (e.g. the Internet).
HTTP Allows the Administrator basic browser access to the Management Console. It is
recommended that you disable the HTTP service if the Console Server is to be remotely accessed over the Internet.
Telnet Gives the Administrator Telnet access to the system command line shell (Linux
commands). While this may be suitable for a local direct connection over a management LAN, it is recommended this service be disabled if the Console Server is to be remotely administered.
SSH Provides secure SSH access to the Linux command line shell. It is recommended you
choose SSH as the protocol when the Administrator is connecting to the Console Server over the Internet or over any other public network. This will provide authenticated communications between the SSH client program on the remote Computer and the SSH sever in the Console Server. For more information on SSH configuration, refer to Chapter 9 - Authentication.
25
There are also a number of related service options that can be configured at this stage:
SNMP Enables netsnmp in the Console Server which will keep a remote log of all posted
information. SNMP is disabled by default. To modify the default SNMP settings, the Administrator must make the edits at the command line as described in Chapter 15 –
Advanced Configuration
TFTP The Console Servers set up default TFTP server on the USB flash card. This server can
be used to store config files, maintain access and transaction logs, etc.
Ping Allows the Console Server to respond to incoming ICMP echo requests. Ping is
enabled by default, however, for security reasons this service should generally be disabled post initial configuration
And there are some serial port access parameters that can be configured on this menu:
Base The Console Server uses specific default ranges for the TCP/IP ports for the various
access services that Users and Administrators can use to access devices attached to serial ports (as covered in Chapter 4 – Configuring Serial Ports). The Administrator can also set alternate ranges for these services, and these secondary ports will then be used in addition to the defaults.
The default TCP/IP base port address for Telnet access is 2000, and the range for Telnet is IP Address: Port (2000 + serial port #) i.e. 2001 – 2048. So if the Administrator were to set 8000 as a secondary base for Telnet then serial port #2 on the Console Server can be Telnet accessed at IP Address: 2002 and at IP Address:
8002.
The default base for SSH is 3000; for Raw TCP is 4000; for RFC2217 it is 5000 and for Unauthenticated Telnet it is 6000.
The B092-016 Console Server with PowerAlert also presents some additional service and
configuration options:
VNC The B092-016 Console Server has an internal VNC server. When enabled, it allows
remote users to connect to the Console Server and run the PowerAlert software and any other embedded thin client programs as if they were plugged in locally to the KVM connectors on the B092-016 (refer to Chapter 16 for more details). Users
connect using port 5900 and need to run
Secure VNC This enables a secure encrypted remote connection using VNC over SSL on port
5800 to the B092-016 Console Server (refer to Chapter 16)
PowerAlert This configuration option will automatically start the PowerAlert application on
the B092-016 and display the console as soon as you log into the local display or VNC session (refer to Chapter 16). The complete PowerAlert manual can be downloaded at
www.tripplite.com/EN/support/PowerAlert/Downloads.cfm
a VNC client applet
26
Click Apply. As you apply your services selections, the screen will be updated with a
confirmation message:
Message Changes to configuration succeeded.
3.5 Communications Software
You need to configure the access protocols that the communications software on the Administrator and User Computer will use when connecting to the Console Server (and when connecting to serial devices and network hosts which are attached to the Console Server).
This section provides an overview of the communications software tools that can be used on the remote computer. Tripp Lite recommends the SDT Connector software tool that is provided with the Console Server, however, generic tools such as PuTTY and SSHTerm may also be used.
3.5.1 SDT Connector
We recommend using the SDT Connector communications software for all communications with Console Servers. Each Console Server is supplied with an unlimited number of SDT Connector licenses to use with that Console Server.
SDT Connector is a lightweight tool that enables Users and Administrators to securely access the Console Server, and the various computers, network devices and appliances that may be serially or network­connected to the Console Server.
SDT Connector can be installed on Windows 2000, XP, 2003, Vista and on most Linux, UNIX and Solaris computers as detailed in Chapter 7.
3.5.2 PuTTY
Communications packages like PuTTY can be also used to connect to the Console Server command line (and to connect to serially attached devices as covered in Chapter 4). PuTTY is a freeware implementation of Telnet and SSH for Win32 and UNIX platforms. It runs as an executable application without needing to be installed onto your system. PuTTY (the Telnet and SSH client itself) can be downloaded at http://www.tucows.com/preview/195286.html
27
To use PuTTY for an SSH terminal session from a
Windows client, enter the Console Server’s IP address as the ‘Host Name (or IP address)’
To access the Console Server command line,
select ‘SSH’ as the protocol and use the default IP Port 22
Click ‘Open’ and the Console Server login
prompt will appear. (You may also receive a ‘Security Alert’ that the host’s key is not cached. Choose ‘yes’ to continue.)
Using the Telnet protocol is similarly simple, but
you need to use the default port 23
3.5.3 SSHTerm
Another common communications package that may be useful is SSHTerm. This is an open source package that can be downloaded from http://sourceforge.net/projects/sshtools
To use SSHTerm for an SSH terminal session from a
Windows Client, simply Select the ‘File’ option and click on ‘New Connection’.
A new dialog box will appear for your ‘Connection Profile’.
Type in the host name or IP address (for the Console Server unit) and the TCP port that the SSH session will use (port 22). Then type in your username and choose password authentication and click Connect.
28
A message may appear about the host key fingerprint.
You will need to select ‘Yes’ or ‘Always’ to continue.
The next step is password authentication. You will be
prompted for your username and password from the remote system. You will then be logged on to the Console Server
3.6 Management Network Configuration (B096-048/016 only)
The B096-048/016 Console Server Management Switches have a second Ethernet network port that can be configured as a management Console Server/LAN port or as a failover/OoB access port.
3.6.1 Configure Management Switch as a Management LAN gateway
The Management Switch in the B096-048/016 Console Servers can be configured to provide a management LAN gateway. With this configuration, the B096-048/016 provides firewall, router and DHCP server features and you can connect managed hosts to this management LAN.
These features are all disabled by default. To configure the Management LAN gateway:
Select the Management LAN page on the System: IP menu and uncheck Disable
Configure the IP Address and Subnet Mask for the Management LAN (leaving the Gateway and
DNS fields blank) then click Apply
The management LAN gateway function is now enabled with default firewall and router rules.
These rules can be reconfigured at the command line.
29
Note The second Ethernet port on the B096-048/016 can be configured as either a Management LAN
gateway port or it can be configured as an OoB/Failover port - but not both. So be sure that you did not allocate Management LAN as the Failover Interface when you configured the principal
The B096-048/016 Console Server Management Switches also host a DHCP server which by default is set at disabled. The DHCP server enables the automatic distribution of IP addresses to hosts running DHCP clients on the Management LAN. To enable the DHCP server:
Network connection on the System: IP menu
On the System: IP menu select the Management LAN page and click the Disabled label in the
DHCP Server field; or go to the System: DHCP Server menu and check Enable DHCP Server
30
Loading...
+ 194 hidden pages