TRIPP LITE B096-048, B096-032, B094-008-2E-V, B096-016, B094-008-2E-M-F User Manual [ru]
Owner’s Manual
Console Server Management Switch
Models:
B096-016 / B096-032 / B096-048
Console Server with PowerAlert
Model:
B092-016
Console Server
Models:
B095-004-1E / B095-003-1E-M / B094-008-2E-M-F / B094-008-2E-V
PROTECT YOUR INVESTMENT!
Register your product for quicker service and ultimate peace of mind.
You could also win an ISOBAR6ULTRA surge protector—a $100 value!
www.tripplite.com/warranty
1111 W. 35th Street, Chicago, IL 60609 USA • www.tripplite.com/support
Copyright © 2015 Tripp Lite. All rights reserved. All trademarks are the property of their respective owners.
1
FCC Information, Class A
This device complies with part 15 of the FCC Rules. Operation is subject to the following two conditions: (1) This device may
not cause harmful interference, and (2) this device must accept any interference received, including interference that may
cause undesired operation.
Note: This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to part 15 of
the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment
is operated in a commercial environment. This equipment generates, uses, and can radiate radio frequency energy and, if
not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications.
Operation of this equipment in a residential area is likely to cause harmful interference in which case the user will be required
to correct the interference at his own expense. The user must use shielded cables and connectors with this equipment. Any
changes or modifications to this equipment not expressly approved by Tripp Lite could void the user’s authority to operate this
equipment.
RoHS
This product is RoHS compliant.
User Notice
All information, documentation and specifications contained in this manual are subject to change without prior notification by
the manufacturer. The manufacturer makes no representations or warranties, either expressed or implied, with respect to the
contents hereof and specifically disclaims any warranties as to merchantability or fitness for any particular purpose. Any of the
manufacturer's software described in this manual is sold or licensed `as is'. Should the programs prove defective following
their purchase, the buyer (and not the manufacturer, its distributor, or its dealer), assumes the entire cost of all necessary
servicing, repair and any incidental or consequential damages resulting from any defect in the software.
The manufacturer of this system is not responsible for any radio and/or TV interference caused by unauthorized modifications
to this device. It is the responsibility of the user to correct such interference. The manufacturer is not responsible for any
damage incurred in the operation of this system if the correct operational voltage setting was not selected prior to operation.
Please take care to follow the safety precautions below when installing and operating the Console Server:
• Do not remove the metal covers. There are no operator-serviceable components inside. Opening or
removing the cover may expose you to dangerous voltage which may cause fire or electric shock. Refer all
service to Tripp Lite qualified personnel
• To avoid electric shock the power cord protective grounding conductor must be connected through to ground
• Always pull on the plug, not the cable, when disconnecting the power cord from the socket
• Do not connect or disconnect the Console Server during an electrical storm
• Also it is recommended you use a surge suppressor or UPS to protect the equipment from transients
Table of Contents
Introduction 10
Installation 14
2.1 Models 14
2.1.1 Kit components: B096-048, B096-032 and B096-016 Console Server Management Switch 14
2.1.2 Kit components: B092-016 Console Server with PowerAlert 15
2.1.3 Kit components: B095-004-1E and B095-003-1E-M Console Server 15
2.1.4 Kit components: B094-008-2E-M-F and B094-008-2E-V Console Server 16
2.2 Power Connection 17
2.2.1 Power: Console Server Management Switch 17
2.2.2 Power: Console Server with PowerAlert 17
2.2.3 Power: Console Server 17
2.3 Network Connection 17
2.4 Serial Port Connection 18
2.5 USB Port Connection 18
2.6 Rackmount Console / KVM Connection (B092-016 only) 18
Initial System Configuration 19
3.1 Management Console Connection 19
3.1.1 Connected computer set up 19
3.1.2 Browser connection 20
3.1.3 Initial B092-016 connection 21
3.2 Administrator Password 22
3.2.1 Set up new administrator 23
3.3 Network IP Address 24
3.3.1 IPv6 configuration 25
3.3.2 Dynamic DNS (DDNS) configuration 26
3.4 System Services and Service Access 27
3.4.1 Brute force protection 30
3.5 Communications Software 31
3.5.1 SDT Connector 31
3.5.2 PuTTY 31
3.5.3 SSHTerm 32
3.6 Management Network Configuration 33
3.6.1 Enable the Management LAN 33
3.6.2 Configure the DHCP server 34
3.6.3 Select Failover or broadband OOB 35
3.6.4 Bridging the network ports 35
3.6.5 Wireless LAN 36
3.6.6 Static routes 37
Serial Port, Device & User Configuration 38
4.1 Configuring Serial Ports 38
4.1.1 Common Settings 39
4.1.2 Console Server Mode 40
4.1.3 SDT Mode 44
4.1.4 Device (RPC, UPS, EMD) Mode 44
4.1.5 Terminal Server Mode 44
4.1.6 Serial Bridging Mode 45
4.1.7 Syslog 45
4.2 Add/ Edit Users 46
4.3 Authentication 48
4.4 Network Hosts 48
3
Table of Contents
4.5 Trusted Networks 49
4.6 Serial Port Cascading 50
4.6.1 Automatically generate and upload SSH keys 50
4.6.2 Manually generate and upload SSH keys 51
4.6.3 Configure the slaves and their serial ports 52
4.6.4 Managing the slaves 52
4.7 Serial Port Redirection 53
4.7.1 Install VirtualPort client 53
4.7.2 Configure the VirtualPort client 54
4.7.3 To remove a configured port 56
4.7.4 Configure the remote serial device connection 56
4.8 Managed Devices 57
4.9 IPsec VPN 58
4.9.1 Enable the VPN gateway 58
4.10 OpenVPN 60
4.10.1 Enable the OpenVPN 61
4.10.2 Configure as Server or Client 62
4.10.3 Windows OpenVPN Client and Server set up 64
4.11 PPTP VPN 67
4.11.1 Enable the PPTP VPN server 68
4.11.2 Add a PPTP user 69
4.11.3 Set up a remote PPTP client 70
4.12 IP Passthrough 71
4.12.1 Downstream router setup 71
4.12.2 IP Passthrough pre-configuration 71
4.12.3 IP Passthrough configuration 72
4.12.4 Service intercepts 72
4.12.5 IP Passthrough status 72
4.12.6 Caveats 72
Firewall, Failover & Out-of-Band 73
5.1 OoB Dial-In Access 73
5.1.1 Configure dial-in PPP 74
5.1.2 Using SDT Connector client for dial-in 75
5.1.3 Set up Windows XP/2003/Vista/7 client for dial-in 75
5.1.4 Set up earlier Windows clients for dial-in 76
5.1.5 Set up Linux clients for dial-in 76
5.2 OoB Broadband Access 77
5.3 Broadband Ethernet Failover 77
5.4 Dial-Out Access 78
5.4.1 Always-on dial-out 78
5.4.2 Dial-Out Failover 79
5.5 Firewall & Forwarding 80
5.5.1 Configuring network forwarding and IP masquerading 80
5.5.2 Configuring client devices 82
5.5.3 Port/Protocol Forwarding 83
5.5.4 Firewall Rules 84
5.6 Internal Cellular Modem Connection 85
5.6.1 Connecting to a 4G LTE carrier network 85
5.6.2 Verifying the cellular connection 86
5.6.3 Cellular modem watchdog 87
4
Table of Contents
5.7 Cellular Operation 88
5.7.1 OOB access set up 88
5.7.2 Cellular failover setup 89
5.7.3 Cellular routing 89
Secure SSH Tunneling & SDT Connector 90
6.1 Configuring for SDT Tunneling to Hosts 91
6.2 SDT Connector Configuration 92
6.2.1 SDT Connector client installation 92
6.2.2 Configuring a new gateway in the SDT Connector client 93
6.2.3 Auto-configure SDT Connector client with the user’s access privileges 94
6.2.4 Make an SDT connection through the gateway to a host 95
6.2.5 Manually adding hosts to the SDT Connector gateway 96
6.2.6 Manually adding new services to the new hosts 97
6.2.7 Adding a client program to be started for the new service 99
6.2.8 Dial-in configuration 100
6.3 SDT Connector to Management Console 101
6.4 SDT Connector - Telnet or SSH Serial Device Connection 102
6.5 SDT Connector OoB Connection 103
6.6 Importing (and Exporting) Preferences 104
6.7 SDT Connector Public Key Authentication 105
6.8 Setting up SDT for Remote Desktop Access 106
6.8.1 Enable Remote Desktop on the target Windows computer to be accessed 106
6.8.2 Configure the Remote Desktop Connection client 107
6.9 SDT SSH Tunnel for VNC 110
6.9.1 Install and configure the VNC Server on the computer to be accessed 110
6.9.2 Install, configure and connect the VNC Viewer 111
6.10 SDT IP Connection to Hosts 113
6.10.1 Establish a PPP connection between the host COM port and Console Server 113
6.10.2 Set up SDT Serial Ports on Console Server 116
6.10.3 Set up SDT Connector to SSH port forward over the Console Server Serial Port 116
6.11 SSH Tunneling using other SSH clients (e.g. PuTTY) 117
Alerts, Automated Response and Logging 120
7.1 Set Up Auto-Response and Configure Check Conditions 120
7.1.1 Environmental Check 121
7.1.2 Alarms and Digital Inputs 122
7.1.3 UPS/Power Supply 122
7.1.4 UPS Status 122
7.1.5 Serial Login/Logout 123
7.1.6 ICMP Ping 123
7.1.7 Cellular Data 123
7.1.8 Custom Check 124
7.1.9 SMS Command 124
7.1.10 Log In/Log Out 125
7.1.11 Network Interface Event 125
7.1.12 Routed data usage check 126
5
Table of Contents
7.2 Trigger and Resolve Actions 127
7.2.1 Send Email on Trigger 127
7.2.2 Send SMS on Trigger 127
7.2.3 Perform RPC Action on Trigger 127
7.2.4 Run Custom Script on Trigger 128
7.2.5 Send SNMP Trap on Trigger 128
7.2.6 Send Nagios Event on Trigger 128
7.2.7 Perform Interface Action 128
7.2.8 Resolve Actions 129
7.2.9 Send Email alerts on Resolution 129
7.2.10 Send SMS Alerts on Resolution 129
7.2.11 Send SNMP Trap alerts on Resolution 130
7.2.12 Send Nagios Event alerts on Resolution 131
7.3 Remote Log Storage 132
7.4 Serial Port Logging 132
7.5 Network TCP or UDP Port Logging 133
7.6 Auto-Response Event Logging 133
7.7 Power Device Logging 133
Power and Environment 134
8.1 Remote Power Control (RPC) 134
8.1.1 RPC connection 134
8.1.2 RPC alerts 136
8.1.3 RPC status 136
8.1.4 User power management 137
8.2 Uninterruptible Power Supply Control (UPS) 138
8.2.1 Managed UPS connections 138
8.2.2 Configure UPS powering the Console Server 140
8.2.3 Configuring powered computers to monitor a Managed UPS 141
8.2.4 UPS alerts 142
8.2.5 UPS status 142
8.2.6 Overview of Network UPS Tools (NUT) 143
8.3 Environmental Monitoring 144
8.3.1 Connecting the EMD 145
8.3.2 Environmental alerts 146
8.3.3 Environmental status 146
Authentication 147
9.1 Authentication Configuration 147
9.1.1 Local authentication 147
9.1.2 TACACS authentication 148
9.1.3 RADIUS authentication 149
9.1.4 LDAP authentication 150
9.1.5 RADIUS/TACACS user configuration 152
9.1.6 Group support with remote authentication 152
9.1.7 Remote groups with RADIUS authentication 152
9.1.8 Remote groups with LDAP authentication 154
9.1.9 Idle timeout 155
9.1.10 Kerberos authentication 156
9.1.11 Authentication testing 156
9.2 PAM (Pluggable Authentication Modules) 156
9.3 Secure Management Console Access 157
9.4 SSL Certificate 158
6
Table of Contents
Nagios Integration 160
10.1 Nagios Overview 160
10.2 Central management and setting up SDT for Nagios 161
10.2.1 Set up central Nagios server 161
10.2.2 Set up distributed Console Servers 162
10.3 Configuring Nagios distributed monitoring 164
10.3.1 Enable Nagios on the Console Server 164
10.3.2 Enable NRPE monitoring 165
10.3.3 Enable NSCA monitoring 166
10.3.4 Configure selected Serial Ports for Nagios monitoring 167
10.3.5 Configure selected Network Hosts for Nagios monitoring 167
10.3.6 Configure the upstream Nagios monitoring host 168
10.4 Advanced Distributed Monitoring Configuration 169
10.4.1 Sample Nagios configuration 169
10.4.2 Basic Nagios plug-ins 172
10.4.3 Additional plug-ins 172
System Management 173
11.1 System Administration and Reset 173
11.2 Upgrade Firmware 174
11.3 Configure Date and Time 175
11.4 Configuration Backup 176
11.5 Delayed Configuration Commit 177
11.6 FIPS Mode 178
Status Reports 179
12.1 Port Access and Active Users 179
12.2 Statistics 180
12.3 Support Reports 180
12.4 Syslog 181
12.5 Dashboard 181
12.5.1 Configuring the Dashboard 182
12.5.2 Creating custom widgets for the Dashboard 183
Management 184
13.1 Device Management 184
13.2 Port and Host Log Management 185
13.3 Terminal Connection 185
13.3.1 Web Terminal 185
13.3.1.1 Web Terminal to Command Line 185
13.3.1.2 Web Terminal to Serial Device 186
13.3.2 SDTConnector access 186
13.4 Power Management 187
13.5 Remote Console Access (B092-016 only) 187
Command Line Configuration 188
14.1 Accessing config from the command line 188
14.1.1 Serial Port configuration 190
14.1.2 Adding and removing Users 193
14.1.3 Adding and removing user Groups 194
14.1.4 Authentication 195
14.1.5 Network Hosts 196
14.1.6 Trusted Networks 197
14.1.7 Cascaded Ports 197
7
Table of Contents
14.1.8 UPS Connections 198
14.1.9 RPC Connections 199
14.1.10 Environmental 200
14.1.11 Managed Devices 200
14.1.12 Port Log 201
14.1.13 Alerts 202
14.1.14 SMTP & SMS 203
14.1.15 SNMP 205
14.1.16 Administration 205
14.1.17 IP settings 205
14.1.18 Date & Time settings 206
14.1.19 Dial-in settings 206
14.1.20 DHCP server 207
14.1.21 Services 208
14.1.22 NAGIOS 208
14.2 General Linux command usage 209
Advanced Configuration 211
15.1 Custom Scripting 211
15.1.1 Custom script to run when booting 211
15.1.2 Running custom scripts when alerts are triggered 212
15.1.3 Example script - Power cycling on pattern match 213
15.1.4 Example script - Multiple email notifications on each alert 213
15.1.5 Deleting configuration values from the CLI 214
15.1.6 Power cycle any device upon a ping request failure 217
15.1.7 Running custom scripts when a configurator is invoked 218
15.1.8 Backing-up the configuration and restoring using a local USB stick 218
15.1.9 Backing-up the configuration off-box 219
15.2 Advanced Portmanager 220
15.2.1 Portmanager commands 220
15.2.2 External Scripts and Alerts 223
15.3 Raw Access to Serial Ports 224
15.3.1 Access to serial ports 224
15.3.2 Accessing the console/modem port 224
15.4 IP- Filtering 225
15.5 SNMP Status Reporting and Traps 225
15.5.1 Retrieving status information using SNMP 225
15.5.2 Check firewall rules 225
15.5.3 Enable SNMP service 226
15.5.4 /etc/config/snmpd.conf 229
15.5.5 Adding multiple remote SNMP managers 229
15.6 Secure Shell (SSH) Public Key Authentication 230
15.6.1 SSH Overview 230
15.6.2 Generating Public Keys (Linux) 231
15.6.3 Installing the SSH Public/Private Keys (Clustering) 231
15.6.4 Installing SSH Public Key Authentication (Linux) 232
15.6.5 Generating public/private keys for SSH (Windows) 233
15.6.6 Fingerprinting 234
15.6.7 SSH tunneled serial bridging 235
15.6.8 SDT Connector Public Key Authentication 237
15.7 Secure Sockets Layer (SSL) Support 238
8
Table of Contents
15.8 HTTPS 238
15.8.1 Generating an encryption key 238
15.8.2 Generating a self-signed certificate with OpenSSL 238
15.8.3 Installing the key and certificate 239
15.8.4 Launching the HTTPS Server 239
15.9 Power Strip Control 240
15.9.1 PowerMan 240
15.9.2 pmpower 241
15.9.3 Adding new RPC devices 241
15.10 IPMItool 243
15.11 Scripts for Managing Slaves 245
15.12 SMS Server Tools 246
15.13 Multicast 246
15.14 Zero Touch Provisioning 247
15.14.1 Preparation 247
15.14.2 Example ISC DHCP server configuration 247
15.14.3 Setup for an untrusted LAN 247
15.14.4 How it works 248
15.14.5 Setup a USB key for authenticated restore 249
Thin Client (B092-016) 252
16.1 Local Client Service Connections 252
16.1.1 Connect: Serial Terminal 253
16.1.2 Connect: Browser 254
16.1.3 Connect: VNC 255
16.1.4 Connect: SSH 256
16.1.5 Connect: IPMI 257
16.1.6 Connect: Remote Desktop (RDP) 258
16.1.7 Connect: Citrix ICA 259
16.1.8 Connect: PowerAlert 259
16.2 Advanced Control Panel 260
16.2.1 System: Terminal 260
16.2.2 System: Shutdown / Reboot 260
16.2.3 System: Logout 260
16.2.4 Custom 260
16.2.5 Status 260
16.2.6 Logs 260
16.3 Remote Control 261
Appendix A: Hardware Specification 262
Appendix B: Serial Port Connectivity 263
Appendix C: End User License Agreements 265
Appendix D: Service and Warranty 272
9
Chapter 1: Introduction
This User Manual is provided to help you get the most from your B096-016 / B096-032 / B096-048 Console Server
Management Switch, B092-016 Console Server with PowerAlert or B095-004-1E / B095-003-1E-M / B094-008-2E-M-F /
B094-008-2E-V Console Server product. These products are referred to generically in this manual as Console Servers.
Once configured, you will be able to use your Console Server to securely monitor, access and control the computers,
networking devices, telecommunications equipment, power supplies and operating environment in your data center, branch
office or communications room. This manual guides you in managing this infrastructure locally (at the rack side or across your
operations or management LAN or through the local serial console port), and remotely (across the Internet, private network or
via dial up).
Manual Organization
This manual contains the following chapters:
1. Introduction An overview of the features of the Console Server and information on this manual
2. Installation Details physical installation of the Console Server and the interconnection of controlled
devices
3. System Configuration Describes the initial installation and configuration using the Management Console of the
Console Server on the network and the services that will be supported
4. Serial and Network Covers configuring serial ports and connected network hosts, and setting up Users and
Groups
5. Failover and OoB dial-in Describes setting up the high-availability access features of the Console Server
6. Secure Tunneling (SDT) Covers secure remote access using SSH and configuring for RDP, VNC, HTTP, HTTPS, etc.
access to network and serially connected devices
7. Alerts and Logging Explains the setting up of local and remote event/ data logs and triggering SNMP and email
alerts
8. Power & Environment Management of USB, serial and network attached Power Distribution units and UPS units
including Network UPS Tool (NUT) operation and IPMI power control. EMD environmental
sensor configuration
9. Authentication All access to the Console Server requires usernames and passwords which are locally or
externally authenticated
10. Nagios Integration Setting Nagios central management with SDT extensions and configuring the Console Server
as a distributed Nagios server
11. System Management Covers access to and configuration of services to be run on the Console Server
12. Status Reports View the status and logs of serial and network connected devices (ports, hosts, power and
environment)
13. Management Includes port controls and reports that can accessed by Users
14. Basic Configuration Command line installation and configuration using the config command
15. Advanced Config More advanced command line configuration activities where you will need to use Linux
commands
16. Thin Client Configuration and use of the thin client and other applications (including PowerAlert)
embedded in the Console Server with PowerAlert (B092-016) product
10
Chapter 1: Introduction
Types of users
The Console Server supports two classes of users:
I. Administrative users: Those who will be authorized to configure and control the Console Server; and to access and control
all the connected devices. These administrative users will be set up as members of the admin user group. Any user
in this class is referred to generically in this manual as an Administrator. An Administrator can access and control the
Console Server using the config utility, the Linux command line or the browser-based Management Console. By default
the Administrator has access to all services and ports to control all the serial connected devices and network connected
devices (hosts).
II. Users: Embraces those who have been set up by the Administrator with specific limits on their access and control
authority. These users are set up as members of the user’s user group (or some other user groups the Administrator may
have added). They are only authorized to perform specified controls on specific connected devices and are referred to as
Users. These Users (when authorized) can access serial or network connected devices; and control these devices using
the specified services (e.g. Telnet, HHTPS, RDP, IPMI, Serial over LAN, Power Control). An authorized User can also use the
Management Console to access configured devices and review port logs.
In this manual, when the term user (lower case) is used, it is referring to both the above classes of users. This document
also uses the term remote users to describe users who are not on the same LAN segment as the Console Server. These
remote users may be Users, who are on the road connecting to managed devices over the public Internet, or it may be an
Administrator in another office connecting to the Console Server itself over the enterprise VPN, or the remote user may be in
the same room or the same office but connected on a separate VLAN to the Console Server.
Management Console
The Console Server Management Console runs in a browser. It provides a view of your Console Server Management Switch
(B096-016/032/048), Console Server with PowerAlert (B092-016) or Console Server (B095-004/003 and
B094-008-2E-M-F / B094-008-2E-V) product and all the connected equipment.
Administrators can use the Management Console, either locally or from a remote location, to configure the Console Server, set
up Users, configure the ports and connected hosts, and set up logging and alerts.
An authorized User can use the Management Console to access and control configured devices, review port logs, use the
in-built Web terminal to access serially attached consoles and control power to connected devices.
11
Chapter 1: Introduction
The Console Server runs an embedded Linux operating system. Experienced Linux and UNIX users may prefer to undertake
configuration at the command line. As an Administrator you can get command line access by connecting through a terminal
emulator or communications program to the console serial port; or by SSH or Telnet connecting to the Console Server over the
LAN; or by connecting to the Console Server through an SSH tunnel using the SDTConnector.
The B092-016 Console Server also has PowerAlert software and a selection of thin clients embedded (RDP, Firefox etc). You
will be able to use these consoles as well as the standard Management Console for access and control.
Manual Conventions
This manual uses different fonts and typefaces to show specific actions:
Note: Text presented like this indicates issues to take note of.
Text presented like this highlights important issues and it is essential you read and take head of these warnings.
• Text presented with a bullet point indent indicates an action you should take as part of the procedure.
Bold text indicates text that you type, or the name of a screen object (e.g. a menu or button) on the Management Console.
Italic text is also used to indicate a text command to be entered at the command line level.
12
Chapter 1: Introduction
Publishing history
Date Revision Update details
January 2009 0.9 Initial draft
February 2009 0.91 Pre-release
January 2010 1.01 Add B095-004/003 Console Server and Firmware 3.0.1 features
January 2011 2.0 Firmware 3.3.2 features
March 2011 2.0.1 Support for additional USB ports and 16GB internal flash in B096-016 /
B096-032 / B096-048
February 2012 2.0.02 Add B094-008-2E-M-F and 3.5.2 firmware features
September 2013 2.0.3 Firmware 3.8.1 features
October 2014 2.0.4 Add B094-008-2E-V and 3.11.2 firmware features
December 2014 2.0.5 Firmware 3.11.4 features
April 2015 2.0.6 Firmware 3.15.1 features
13
Chapter 2: Installation
This chapter describes the physical installation of the Console Server hardware and connection to controlled devices
2.1 Models
There are a number of Console Server models, each with a different number of network, USB and serial ports and power
supplies:
Console Server Model Serial Ports Network Ports Console Port USB Port Modem Power
B096-048 48 2 1 1+2 Internal Dual AC Universal Input
B096-032 32 2 1 1+2 Internal Dual AC Universal Input
B096-016 16 2 1 1+2 Internal Dual AC Universal Input
B092-016 16 1 1+KVM 4 - Single AC Universal Input
B095-004-1E 4 1 1 1 - External DC Supply
B095-003-1E-M 3 1 1 1 Internal External DC Supply
B094-008-2E-M-F 8 2 1 2 Internal External DC Supply
B094-008-2E-V 8 2 1 2 Internal
Cellular
2.1.1 Kit components: B096-048, B096-032 and B096-016 Console Server Management Switch
B096-048, B096-032 or B096-016
Console Server Management Switch
External DC Supply
2 x Cable UTP Cat5 blue
Connectors
DB9F-RJ45S straight and cross-over
Dual IEC AC power cords
Quick Start Guide and CD-ROM
• Unpack your Console Server Management Switch kit and verify you have all the parts shown above, and that they all
appear in good working order
• If you are installing your Console Server Management Switch in a rack you will need to attach the rack mounting brackets
supplied with the unit, and install the unit in the rack. Take care to head the Safety Precautions
• Connect your Console Server Management Switch to the network, to the serial ports of the controlled devices, and to
power as outlined below
14
Chapter 2: Installation
2.1.2 Kit components: B092-016 Console Server with PowerAlert
B092-016
Console Server with PowerAlert
2 x Cable UTP Cat5 blue
Connector
DB9F-RJ45S straight and DB9F-RJ45S cross-over
AC power cable
Quick Start Guide and CD-ROM
• Unpack your Console Server and verify you have all the parts shown above, and that they all appear in good working order
• If you are installing your Console Server in a rack, you will need to attach the rack mounting brackets supplied with the
unit, and install the unit in the rack. Take care to heed the Safety Precautions listed earlier
• Proceed to connect your B092-016 to the network, to the serial and USB ports of the controlled devices, to any rack side
LCD console or KVM switch, and to power as outlined below
2.1.3 Kit components: B095-004-1E and B095-003-1E-M Console Server
B095-004-1E 4-port Console Server with single NIC or B095-003-1E-M 3- port Console
Server with single NIC and modem
2 x Cable UTP Cat5 blue
Connectors
DB9F-RJ45S straight and cross-over
External power supply
Quick Start Guide and CD-ROM
• Unpack your Console Server kit and verify you have all the parts shown above, and that they all appear in good working
order
• If you are installing your Console Server in a rack you will need to attach the rack mounting brackets supplied with the
unit, and install the unit in the rack. Take care to head the Safety Precautions
• Proceed to connect your Console Server to the network, to the serial ports of the controlled devices, and to power as
outlined below
15
Chapter 2: Installation
2.1.4 Kit components: B094-008-2E-M-F and B094-008-2E-V Console Server
B094-008-2E-M-F 8- port Console Server with dual NIC and modem or B094-008-2E-V 8 -port
Console Server with dual NIC and cellular
2 x Cable UTP Cat5 blue
Connectors
DB9F-RJ45S straight and cross-over
External power supply
Quick Start Guide and CD-ROM
• Unpack your Console Server kit and verify you have all the parts shown above, and they all appear to be in good working order
• If you are installing your Console Server in a rack, you will need to attach the rack mounting brackets supplied with the
unit and install the unit in the rack. Follow the Safety Precautions
• Proceed to connect your Console Server to the network, to the serial ports of the controlled devices, and to power as
outlined below
16
Chapter 2: Installation
2.2 Power Connection
2.2.1 Power: Console Server Management Switch
The B096-048/032/016 Console Server Management Switch has dual universal AC power supplies with auto failover built in.
These power supplies each accept AC input voltage between 100 and 240 VAC with a frequency of 50 or 60 Hz and the total
power consumption per Console Server is less than 30W. Two IEC AC power sockets are located at the rear of the metal case,
and these IEC power inlets use conventional IEC AC power cords. A North American power cord is provided by default. Power
cords for other regions are available separately from Tripp Lite.
2.2.2 Power: Console Server with PowerAlert
The standard B092-016 Console Server has a built-in universal auto-switching AC power supply. This power supply accepts AC
input voltage between 100 and 240 VAC with a frequency of 50 or 60 Hz and the power consumption is less than 40W.
The AC power socket is located at the rear of the B092-016. This power inlet uses a conventional AC power cord. A North
American power cord is provided by default. Power cords for other regions are available separately from Tripp Lite.
2.2.3 Power: Console Server
The B095-004/003 and B094-008-2E-M-F / B094-008-2E-V Console Servers each have an external wall-mount power
supply. This power supply accepts AC input voltage between 100 and 240 VAC with a frequency of 50 or 60 Hz and the total
power consumption per console server is less than 20W. The DC power socket on the Console Server is located on the side of
the metal case marked PWR.
2.3 Network Connection
The RJ45 10/100 LAN port is located on the rear of the B092-016 Console Server, on the front of the B096-048/032/016
Console Server Management Switch and on the side panel of the B095-004/003 and B094-008-2E-M-F / B094-008-2E-V
Console Servers. All physical connections are made using industry standard Cat5e patch cables (Tripp Lite N001 and N002
series cables). Ensure you only connect the LAN port to an Ethernet network that supports 10Base-T/100Base-T. For the initial
configuration of the Console Server you must connect a computer to the Console Server’s principal network port.
17
Chapter 2: Installation
2.4 Serial Port Connection
The RJ45 serial ports are located on the rear of the B092-016 Console Server, on the front of the B096-048/032/016
Console Server and B094-008 Console Server, and on the side panel of the B095-004/003 Console Server. These Console
Servers use the RJ45 pinout used by Cisco. Use straight through RJ-45 cabling to connect to equipment such as Cisco,
Juniper, SUN, and more.
PIN SIGNAL DEFINITION DIRECTION
1 CTS Clear To Send Input
2 DSR Data Set Ready Input
3 RXD Receive Data Input
4 GND Signal Ground NA
5 GND Signal Ground NA
6 TXD Transmit Data Output
7 DTR Data Terminal Ready Output
8 RTS Request To Send Output
Conventional Cat5 cabling with RJ45 jacks are used for serial connections. Before connecting the console port of an external
device to the Console Server serial port, confirm that the device supports standard RS-232C (EIA-232).
The Console Server also has a DB9 LOCAL (Console/Modem) port. This DB-9 connector is on the rear panel of the B092-016
Console Server, and on the front panel of the B096-048/032/016 Console Server Management Switch.
2.5 USB Port Connection
The B096-048/032/016 Console Server Management Switch has one USB 1.0 port on the front panel and two USB 2.0 ports
on the rear. External USB devices can be plugged into these USB ports.
Note: The B096-048/032/016 Console Server Management Switch ships with an internal 16GB USB memory which can be
used for extended log file storage
The B094-008-2E-M-F / B094-008-2E-V Console Server has two USB 2.0 ports on the front. External USB devices can be
plugged into these USB ports.
Note: The B094-008-2E-M-F / B094-008-2E-V Console Server ships with an internal 4GB USB memory which can be used
for extended log file storage
There are four USB 2.0 ports on the rear panel of the B092-016 Console Server and one USB2.0 port located under the RJ45
10/100 LAN connector on the B095-004/003 Console Server. These ports are used to connect to USB consoles (of managed
UPS hardware) and to other external devices (such as a USB memory stick or keyboard).
External USB devices (including USB hubs) can be plugged into any Console Server USB port.
2.6 Rackmount Console / KVM Connection (B092-016 only)
B092-016 Console Server with PowerAlert can be connected directly to a rackmount console (such as B021-000-17
or B021-019 by Tripp Lite) to provide direct local management right at the rack. Connect the rackmount console’s PS/2
Keyboard/Mouse and VGA connectors directly to the PS/2 and VGA connectors on the B092-016. The default video resolution
is 1024 x 768. The B092-016 Console Server also supports the use of a USB keyboard/mouse.
Alternately, the B092-016 Console Server can also be connected locally to a KVM (or KVMoIP) switch at the rack. The B092016 Console Server with PowerAlert will enable you then to use this KVM infrastructure to run PowerAlert, to manage your
power devices and to run the thin clients to manage other devices.
Note: Care should be taken in handling all Console Server products. There are no operator-serviceable components inside, so
do not remove cover. Refer any service to qualified personnel
18
Chapter 3: Initial System Configuration
This chapter provides step-by-step instructions for the initial configuration of your Console Server and connecting it to your
management or operational network. This involves the Administrator:
• Activating the Management Console
• Changing the Administrator password
• Setting the IP address for the Console Server’s principal LAN port
• Selecting the network services to be supported
This chapter also discusses the communications software tools that the Administrator may use to access the Console Server. It
also covers the configuration of the additional LAN ports on the B096-016/032/048 Console Server Management Switch.
Note: For guidance on configuring large numbers of appliances and/or automating provisioning, please consult the sections
entitled Bulk Provisioning and Zero Touch Provisioning.
3.1 Management Console Connection
Your Console Server comes configured with a default IP Address 192.168.0.1 Subnet Mask 255.255.255.0
• Directly connect a computer to the Console Server
Note: For initial configuration it is recommended that the Console Server be connected directly to a single PC or computer.
However, if you choose to connect your LAN before completing the initial setup steps, it is important that:
o you ensure there are no other devices on the LAN with an address of 192.168.0.1
o the Console Server and the computer are on the same LAN segment, with no interposed router appliances
3.1.1 Connected computer set up
To configure the Console Server with a browser, the connected computer should have an IP address in the same range as the
Console Server (for example, 192.168.0.100):
• To configure the IP Address of your Linux or Unix computer simply run ifconfig
• For Windows PCs (Win9x/Me/2000/XP/Vista/7/NT):
• Click Start -> (Settings ->) Control Panel and double click Network Connections (for 95/98/Me, double click
Network).
• Right click on Local Area Connection and select Properties.
• Select Internet Protocol (TCP/IP) and click Properties.
• Select Use the following IP address and enter the following details:
o IP address: 192.168.0.100
o Subnet mask: 255.255.255.0
• If you want to retain your existing IP settings for this network connection, click Advanced and Add the above as a
secondary IP connection.
• If it is not convenient to change your computer network address, you can use the ARP-Ping command to reset the Console
Server IP address. To do this from a Windows PC:
• Click Start -> Run (or select All Programs then Accessories then Run).
• Type cmd and click OK to bring up the command line.
• Type arp –d to flush the ARP cache.
• Type arp –a to view the current ARP cache (this should be empty).
19
Chapter 3: Initial System Configuration
Now add a static entry to the ARP table and ping the Console Server to assign the IP address to the console server. In the
example below, a Console Server has a MAC Address 00:13:C6:00:02:0F (designated on the label on the bottom of the unit)
and we are setting its IP address to 192.168.100.23. Also the PC/workstation issuing the arp command must be on the same
network segment as the Console Server (that is, have an IP address of 192.168.100.xxx)
• Type arp -s 192.168.100.23 00-13-C6-00-02-0F (Note for UNIX the syntax is: arp -s 192.168.100.23
00:13:C6:00:02:0F).
• Type ping -t 192.18.100.23 to start a continuous ping to the new IP Address.
• Turn on the Console Server and wait for it to configure itself with the new IP address. It will start replying to the ping at
this point.
• Type arp –d to flush the ARP cache again.
3.1.2 Browser connection
• Activate your preferred browser on the connected computer and enter https://192.168.0.1 The Management Console
supports all current versions of the popular browsers (Internet Explorer, Mozilla Firefox, Google Chrome, Apple Safari and
more)
• You will be prompted to log in. Enter the default administration username and administration password (Username: root
Password: default)
Note: Console Servers are factory configured with HTTPS access enabled and HTTP access disabled.
20
Chapter 3: Initial System Configuration
A Welcome screen, which lists initial installation configuration steps, will be displayed. These steps are:
• Change default administration password (System/Administration page. Refer Chapter 3.2)
• Configure the local network settings (System/IP page. Refer Chapter 3.3)
To configure Console Server features:
• Configure serial ports settings (Serial & Network/Serial Port page. Refer Chapter 4)
• Configure user port access (Serial & Network/Users page. Refer Chapter 4)
After completing each of the above steps, you can return to the configuration list by clicking the Tripp Lite logo in the top left corner
of the screen:
Note: If you are not able to connect to the Management Console at 192.168.0.1 or if the default Username / Password were
not accepted then reset your Console Server (refer Chapter 10)
3.1.3 Initial B092-016 connection
You can configure the B092-016 Console Server using a connected computer and browser connection as described in the two
sections above, or you can configure it directly. To do this you will need to connect a console (keyboard, mouse and display) or
a KVM switch directly to its mouse, keyboard and VGA ports. When you initially power on the B092-016, you will be prompted
on your directly connected video console to log in
• Enter the default administration username and password (Username: root Password: default). The B092-016 control
panel will be displayed
• Click the Configure button on the control panel. This will load the Firefox browser and open the B092-016 Management Console
• At the Management Console menu select System: Administration
21
Chapter 3: Initial System Configuration
3.2 Administrator Password
For security reasons, only the administration user named root can initially log into your Console Server. Only those people who
know the root password can access and reconfigure the Console Server itself.
However, anyone who correctly guesses the root password (and the default root password which is default) could gain access.
It is therefore essential that you enter and confirm a new root password before giving the Console Server any access to, or
control of, your computers and network appliances.
• Select Change default administration password from the Welcome page, which will take you to Serial & Network:
Users & Groups
• Select Edit for the user root
• Add a new Password and then re-enter it in Confirm. This is the new password for root, the main administrative user
account, so it is important that you choose a complex password, and keep it safe
Note: There are no restrictions on the characters that can be used in the System Password (which can contain up to 254
characters). However, only the first eight Password characters are used to make the password hash.
• Click Apply
Note: If the Console Server has flash memory you will be given the option to Save Password across firmware erases.
Checking this will save the password hash in the non-volatile configuration partition, which does not get erased on firmware
reset. However take care as if this password is lost, the device will need to be firmware recovered.
• Select System: Administration
22
Chapter 3: Initial System Configuration
• You may now wish to enter a System Name and System Description for the Console Server to give it a unique ID and
make it simple to identify
Note: The System Name can contain from 1 to 64 alphanumeric characters (however you can also use the special characters
“-” “_” and “.” ). There are no restrictions on the characters that can be used in the System Description (which can contain up
to 254 characters).
• The MOTD Banner can be used to display a “message of the day” text to authenticating users when the ssh, ftp or web
access the Console Server
• Click Apply. As you have changed the password you will be prompted to log in again. This time use the new password
Note: If you are not confident your Console Server has been supplied with the current release of firmware, you can upgrade.
Refer to Upgrade Firmware - Chapter 10
3.2.1 Set up new administrator
It is also recommended that you set up a new Administrator user as soon as convenient and log-in as this new user for all
ongoing administration functions (rather than root).
This Administrator can be configured in the admin group with full access privileges through the Serial & Network: Users &
Groups menu (refer to Chapter 4 for details)
23
Chapter 3: Initial System Configuration
3.3 Network IP Address
It is time to enter an IP address for the principal 10/100 LAN port on the Console Server; or enable its DHCP client so that it
automatically obtains an IP address from a DHCP server on the network to which it is to be connected.
• On the System: IP menu select the Network Interface page then check DHCP or Static for the Configuration Method
• If you select Static you must manually enter the new IP Address, Subnet Mask, Gateway and DNS server details. This
selection automatically disables the DHCP client
• If you selected DHCP the Console Server will look for configuration details from a DHCP server on your management LAN.
This selection automatically disables any static address. The Console Server MAC address can be found on a label on the
base plate
Note: In its factory default state (with no Configuration Method selected) the Console Server has its DHCP client enabled, so
it automatically accepts any network IP address assigned by a DHCP server on your network. In this initial state, the Console
Server will then respond to both its Static address (192.168.0.1) and its newly assigned DHCP address
• By default the Console Server LAN port auto detects the Ethernet connection speed. However you can use the Media
menu to lock the Ethernet to 10 Mb/s or 100Mb/s and to Full Duplex (FD) or Half Duplex (HD)
Note: If you have changed the Console Server IP address, you may need to reconfigure your PC/workstation so it has an IP
address that is in the same network range as this new address (as detailed in an earlier note in this chapter)
• Click Apply
• You will need to reconnect the browser on the PC/workstation that is connected to the Console Server by entering
http://new IP address
24
Chapter 3: Initial System Configuration
3.3.1 IPv6 configuration
By default, the Console Server Ethernet interfaces support IPv. However, they can also be configured for IPv6 operation:
• On the System: IP menu select General Settings page and check Enable IPv6
• You will then need to configure the IPv6 parameters on each network interface page
25
Chapter 3: Initial System Configuration
3.3.2 Dynamic DNS (DDNS) configuration
Dynamic DNS (DDNS) enables a Console Server with a dynamically assigned IP address (that may change from time to time)
to be located using a fixed host or domain name.
• The first step in enabling DDNS is to create an account with the supported DDNS service provider of your choice.
Supported DDNS providers include:
o DyNS www.dyns.cx
o dyndns.org www.dyndns.org
o GNUDip gnudip.cheapnet.net
o ODS www.ods.org
o TZO www.tzo.com
o 3322.org (Chinese provider) www.3322.org
Upon registering with the DDNS service provider, you will select a username and password, as well as a hostname that
you will use as the DNS name (to allow external access to your machine using a URL).
The Dynamic DNS service providers allow the user to choose a hostname URL and set an initial IP address to
correspond to that hostname URL. Many Dynamic DNS providers offer a selection of URL hostnames available for free
use with their service. However, with a paid plan, any URL hostname (including your own registered domain name) can
be used.
You can now enable and configure DDNS on any of the Ethernet or cellular network connections on the Console Server (by
default DDNS is disabled on all ports):
• Select the DDNS service provider from the drop down Dynamic DNS list on the System:IP or System:Dial menu
• In DDNS Hostname enter the fully qualified DNS hostname for your console server e.g. your-hostname.dyndns.org
• Enter the DDNS Username and DDNS Password for the DDNS service provider account
• Specify the Maximum interval between updates - in days. A DDNS update will be sent even if the address has not changed
• Specify the Minimum interval between checks for changed addresses - in seconds. Updates will still only be sent if the
address has changed
• Specify the Maximum attempts per update i.e. the number of times to attempt an update before giving up (defaults to 3)
26
Chapter 3: Initial System Configuration
3.4 System Services and Service Access
Service Access specifies which access protocols/services can be used to access the Console Server (and connected serial ports).
The Administrator can access and configure the Console Server (and connected devices) using a range of access protocols/
services – and for each such access, the particular service must be running with access through the firewall enabled.
By default HTTP, HTTPS, Telnet and SSH services are running, and these services are enabled on all network interfaces. However,
again by default, only HTTPS and SSH access to the Console Server is enabled, while HTTP and Telnet access is disabled.
For other services, such as SNMP/Nagios NRPE/NUT, the service must first be started on the relevant network interface using
Service Settings. Then the Service Access can be set to allow or block access.
To enable and configure a service:
• Select the Service Settings tab on the System: Services page and enable required services
To change the access settings:
• Select the Service Access tab on the System: Services page. This will display the service currently enabled for the
Console Server’s network interfaces.
o Network interface (for the principal Ethernet connection)
o Dial out (V90 and cellular modem)
o Dial in (internal or external V90 modem)
o WiFi (802.11 wireless)
o OoB Failover (second Ethernet connections)
o VPN (IPSec or Open VPN connection over any network interface)
• Check/uncheck for each network which service access is to be enabled /disabled
In the example shown below local Administrators on local Network Interface LAN do not have Telnet access to the Console
Server itself (only SSH and HTTPS access) but they do have Telnet access to the serial console devices attached to the
Console Server.
27
Chapter 3: Initial System Configuration
The Services Access settings specify which services the Administrator can use over which network interface to access the
console server. It also nominates the enabled services that the Administrator and the User can use to connect through the
Console Server to attached serial and network connected devices.
• The following general service access options can be specified:
HTTPS
HTTP
Telnet
SSH
• There are also a number of related service options that can be configured at this stage:
SNMP
TFTP/
FTP
Ping
Nagios
NUT
This ensures the Administrator has secure browser access to all the Management Console menus on the Console
Server. It also allows appropriately configured Users secure browser access to selected Manage menus. For
information on certificate and user client software configuration refer Chapter 9 - Authentication. By default
HTTPS is enabled, and it is recommended that only HTTPS access be used if the Console Server is to be
managed over any public network (e.g. the Internet).
The HTTP service allows the Administrator basic browser access to the Management Console. It is recommended
the HTTP service be disabled if the Console Server is to be remotely accessed over the Internet.
This gives the Administrator telnet access to the system command line shell (Linux commands). While this may
be suitable for a local direct connection over a management LAN, it is recommended this service be disabled if
the Console Server is to be remotely administered. This service may also be useful for local Administrator and the
User access to selected serial consoles
This service provides secure SSH access. It is recommended you choose SSH as the protocol where the
Administrator connects to the Console Server over the Internet or any other public network. This will provide
authenticated communications between the SSH client program on the remote PC/workstation and the SSH sever
in the Console Server. For more information on SSH configuration refer Chapter 9 - Authentication.
This will enable netsnmp in the Console Server, which will keep a remote log of all posted information. SNMP is
disabled by default. To modify the default SNMP settings, the Administrator must make the edits at the command
line as described in Chapter 15 – Advanced Configuration
If a USB flash card or internal flash is detected on the Console Server, then enabling this service will set up
default tftp and ftp servers on the USB flash. These server are used to store config files, maintain access and
transaction logs etc. Files transferred using tftp will be stored under /var/tmp/usbdisk/tftpboot
This allows the Console Server to respond to incoming ICMP echo requests. Ping is enabled by default, however
for security reasons this service should generally be disabled post initial configuration
Access to the NUT UPS monitoring and Nagios NRPE monitoring daemons
Access to the NUT UPS monitoring and Nagios NRPE monitoring daemons
• And there are some serial port access parameters that can be configured on this menu:
Base
RAW/
Direct
• Click Apply. As you apply your services selections, the screen will be updated with a confirmation message:
Message Changes to configuration succeeded
The Console Server uses specific default ranges for the TCP/IP ports for the various access services that Users
and Administrators can use to access devices attached to serial ports (as covered in Chapter 4 – Configuring
Serial Ports). The Administrator can also set alternate ranges for these services, and these secondary ports will
then be used in addition to the defaults.
The default TCP/IP base port address for telnet access is 2000, and the range for telnet is IP Address: Port (2000
+ serial port #) i.e. 2001 – 2048. So if the Administrator were to set 8000 as a secondary base for telnet then
serial port #2 on the Console Server can be telnet accessed at IP Address:2002 and at IP Address:8002. The
default base for SSH is 3000; for Raw TCP is 4000; and for RFC2217 it is 5000
You can also specify that serial port devices can be accessed from nominated network interfaces using Raw TCP,
direct Telnet/SSH, unauthenticated Telnet services etc
28
Chapter 3: Initial System Configuration
• The B092-016 Console Server with PowerAlert also presents some additional service and configuration options:
VNC
Secure
VNC
PowerAlert
The B092-016 Console Server has an internal VNC server. When enabled, it allows remote users to connect
to the Console Server and run the PowerAlert software and any other embedded thin client programs as if they
were plugged in locally to the KVM connectors on the B092-016 (refer to Chapter 16 for more details). Users
connect using port 5900 and need to run a VNC client applet
This enables a secure encrypted remote connection using VNC over SSL on port 5800 to the B092-016
Console Server (refer to Chapter 16)
This configuration option will automatically start the PowerAlert application on the B092-016 and display
the console as soon as you log into the local display or VNC session (refer to Chapter 16). The complete
PowerAlert manual can be downloaded at www.tripplite.com/EN/support/PowerAlert/Downloads.cfm
29
Chapter 3: Initial System Configuration
3.4.1 Brute force protection
Brute force protection (Micro Fail2ban) temporarily blocks source IPs that show malicious signs, such as too many password
failures. This may help mitigate scenarios where the appliance’s network services are exposed to an untrusted network such
as the public WAN, and scripted attacks or software worms are attempting to guess (brute force) user credentials and gain
unauthorized access.
Brute Force Protection may be enabled for the listed services. Once protection is enabled, 3 or more failed connection
attempts within 60 seconds from a specific source IP trigger it to be banned from connecting for the next 60 seconds. Active
Bans are also listed and may be refreshed by reloading the page.
Note: When an appliance is running on an untrusted network, it is recommended that a variety of strategies are used to lock
down remote access. This includes strong passwords (or even better, SSH public key authentication), VPN, and using Firewall
Rules to whitelist remote access from trusted source networks only.
30
Loading...