Raritan DOMINION DSX-0N-E User Manual

Serial over ip console servers

Table of Contents

Quick Links

Dominion

User Guide

Release 3.1

DSX-0N-E

September 2007

255-60-2000-00

Table of Contents

Troubleshooting

Summary of Contents for Raritan DOMINION DSX-0N-E

Page 2 This page intentionally left blank.
Page 3: Fcc Information
Copyright and Trademark Information This document contains proprietary information that is protected by copyright. All rights reserved. No part of this document may be photocopied, reproduced, or translated into another language without express prior written consent of Raritan, Inc. © Copyright 2007 Raritan, CommandCenter, RaritanConsole, Dominion, and the Raritan company logo are trademarks or registered trademarks of Raritan, Inc.
Page 4 Safety Guidelines To avoid potentially fatal shock hazard and possible damage to Raritan equipment: • Do not use a 2-wire power cord in any product configuration. • Test AC outlets at your computer and monitor for proper polarity and grounding. •...
Page 5: Table Of Contents
ONTENTS Preface... xii Audience ...xii Conventions ...xii Acronyms ...xii Notices ... xiii Chapter 1: Introduction ...1 Dominion SX Overview ... 1 Product Features... 2 Comprehensive Console Management...2 Strong Security and User-Authentication...2 Reliable Connectivity ...2 Simplified User Experience...2 Package Contents... 3 Chapter 2: Installation ...5 Pre-Installation ...
Page 6 Chapter 7: Port Configuration and Port Access Application...31 Port Keywords... 31 Port Configuration ... 32 Direct Port Access... 34 Anonymous Port Access ... 35 Raritan Serial Console ... 35 Raritan Serial Client Requirements for Java ... 36 Java Runtime Environment (JRE)...36 Java Applets and Memory Considerations ...36 Raritan Serial Client Interface ...
Page 7 ONTENTS Test the SMTP Logging ...76 Configuring NFS Logging ... 76 Configuring SNMP Logging... 78 Enable SNMP Logging ...78 Create a New SNMP Destination ...78 Chapter 10: Maintenance...79 Managing the Local Event Log... 79 Display the Local Event Log ...79 Clear the Event Log ...79 Send the Event Log ...80 Displaying a Configuration Report ...
Page 8 Remote Services ...104 LDAP Configuration Menu ...105 RADIUS Command...106 TACACSPLUS Command ...106 Configuring Events ... 106 Configuring Log... 107 Cleareventlog Command ...107 Eventlogfile Command...107 Eventsyslog Command...107 nfsgetkey Command...108 nfssetkey Command ...108 NFS Encryption Enable Command ...109 Portlog Command...109 Decrypting Encrypted Log on Linux-based NFS Server ...110 Sendeventlog Command ...110 Vieweventlog Command...111 Configuring Modem ...
Page 9 ONTENTS Factoryreset Command ...136 Firmware Command ...137 Logoff Command ...137 Password Command ...137 Reboot Command...137 Restore Command...138 Sendeventlog Command ...138 Upgrade Command ...139 Upgradehistory Command...139 Userlist Command ...139 Vieweventlog Command...139 Security Commands ... 140 Banner Command...140 ftpgetbanner Command ...140 Certificate Command Menu ...141 Firewall Command...142 IPtables Command ...142 Kerberos Command...144...
Page 10 Appendix A: Specifications ...175 Dominion SX Models and Specifications ... 175 Requirements... 177 Browser Requirements – Supported ... 177 Connectivity... 178 Dominion SX Serial RJ-45 Pinouts ... 179 DB9F Nulling Serial Adapter Pinouts ...179 DB9M Nulling Serial Adapter Pinouts ...180 DB25F Nulling Serial Adapter Pinouts ...180 DB25M Nulling Serial Adapter Pinouts ...180 Dominion SX Terminal Ports ...
Page 11 IGURES Figures Figure 1 Dominion SX16 Unit... 1 Figure 2 Rear Panel of the DSXA-32 ... 6 Figure 3 Certificate Information... 7 Figure 4 DSX Login Screen ... 8 Figure 5 Restricted Service Agreement Screen ... 8 Figure 6 Change Password Screen ... 8 Figure 7 Dominion SX Port Access Screen for Operators/ Observers ...
Page 12 SX U viii OMINION UIDE Figure 51 Standalone RSC Login Screen ... 56 Figure 52 Standalone RSC Connected to Port Window... 57 Figure 53 Security Settings Screen... 59 Figure 54 Login Settings Screen... 60 Figure 55 Kerberos Settings ... 61 Figure 56 Certificate Signing Request ...
Page 13 IGURES Figure 104 New Phone Entry Display ... 202 Figure 105 Dial-Up Security Display ... 203 Figure 106 Windows 2000 Network and Dial-Up Connections... 203 Figure 107 Network Connection Type... 204 Figure 108 Device Selection ... 204 Figure 109 Phone Number to Dial... 205 Figure 110 Connection Availability...
Page 14 SX U OMINION UIDE Tables Table 1 Factory Default Network Settings... 5 Table 2 Java Runtime Parameters... 37 Table 3 Commands Common to All CLI Levels ... 99 Table 4 Available CLI Commands... 101 Table 5 Configuration: Authentication Commands: ldap ... 105 Table 6 LDAP Command ...
Page 15 ABLES Table 52 Restore Command ... 138 Table 53 Sendeventlog Command... 138 Table 54 Upgrade Command... 139 Table 55 Banner Command ... 140 Table 56 ftpgetbanner Command ... 140 Table 57 Certificate Client Commands ... 141 Table 58 Certificate Server Commands ... 141 Table 59 Firewall Command ...
Page 16: Preface
Preface The Dominion SX User Guide provides the information needed to install, set up and configure, access devices such as routers, servers, switches, VPNs, and power strips, manage users and security, and maintain and diagnose the Dominion SX secure console server. Audience The primary audiences for this guide are infrastructure administrators and installers who are responsible for installing and setting up devices such as secure console servers.
Page 17: Notices
REFACE XIII CRONYM EANING Virtual Private Network Notices Important: cautionary information that warns of possible affects on the users, corruption risks, and actions that may affect warranty and service coverage. Note: general information that is supplemental to the text.
Page 19: Chapter 1: Introduction
1: I HAPTER NTRODUCTION Chapter 1: Introduction Dominion SX Overview The Dominion SX Series of Serial over IP Console Servers offers convenient and secure, remote access and control through LAN/WAN, Internet, or Dial-up modem to all networking devices. The Dominion SX: •...
Page 20: Product Features
Product Features Comprehensive Console Management • Remote Management: Access, monitor, administer, and troubleshoot up to 48 target devices (depending on the model) via Secure Socket Shell (SSH), Telnet, Local Port or Web browser with only one IP address. • Direct Port Access via TCP/IP address per port; or one IP address and TCP Port numbers. •...
Page 21: Package Contents
1: I HAPTER NTRODUCTION Package Contents Each Dominion SX ships with the following: • (1) Dominion SX unit with mounting kit (Rack-mount kit is optional on some units) • (1) Raritan Dominion SX User Guide CD-ROM, which contains the installation and operations information for the Dominion SX •...
Page 22 SX U OMINION UIDE This page intentionally left blank.
Page 23: Chapter 2: Installation
2: I HAPTER NSTALLATION Chapter 2: Installation There are two ways of completing the initial network installation of the Dominion SX: • Using a serial cable with a VT100/equivalent, such as a PC with HyperTerminal. • Using Ethernet (with an installation computer). This section describes the steps necessary to configure Dominion SX for use on a local area network (LAN).
Page 24: Hardware Installation
Hardware Installation Figure 2 Rear Panel of the DSXA-32 Physical Installation of Dominion SX for Initial Configuration 1. Use a computer with a network card and crossover network cable. This computer will be referred to as the ‘installation computer.’ 2. Physically mount the unit in an ergonomically sound manner. The unit is designed to be easily rack-mounted, and rack mounting is recommended.
Page 25: Initial Configuration Using The Graphical User Interface (Gui)
2: I HAPTER NSTALLATION Initial Configuration Using the Graphical User Interface (GUI) To initially configure the Dominion SX unit from the Graphical User Interface, follow the steps below. Network Access 1. Ensure that the installation computer has the route for 192.168.0.192 and that it can communicate with IP address 192.168.0.192.
Page 26: Figure 4 Dsx Login Screen
The login screen appears after you finish viewing the security alerts and the Certification Information screen. 7. Log in with the default username admin and password raritan. Use all lowercase letters. A Restricted Service Agreement Screen appears: Figure 5 Restricted Service Agreement Screen Note: Once you click Accept after login, the Dominion SX prompts you to change the default password.
Page 27: Initial Configuration Using The Command Line Interface
2: I HAPTER NSTALLATION Initial Configuration Using the Command Line Interface To initially configure the Dominion SX unit from the Command Line Interface, follow the steps below. 1. Connect the serial port of your Installation Computer to the Terminal serial port on your Dominion SX.
Page 28: User Configuration
1. Type Configuration to change the unit’s configuration. 2. Type Network to select the network configuration. 3. Type: admin > Config > Network > interface enable true if lan1 ip 192.16.151.12 mask 255.255.255 gw 192.168.51.12 .Upon successfully entering the data, a report will display the new network configuration and you will be prompted to reboot the unit.
Page 29: Chapter 3: Initial Software Configuration
3: I HAPTER NITIAL OFTWARE ONFIGURATION Chapter 3: Initial Software Configuration After the hardware installation, perform the initial software configuration. Do this by logging onto the Dominion SX from either a browser or through a Command Line Interface (See Chapter 12: Command Line Interface for CLI information.) Dominion SX Initial Software Configuration 1.
Page 30: Date / Time Configuration
Important: After you complete each configuration task, you must return to the Setup tab to perform the next configuration task. Date / Time Configuration 1. Click the Date / Time in the Configuration section of the Setup Screen. The Date / Time Configuration screen appears.
Page 31: Network Configuration
3: I HAPTER NITIAL OFTWARE ONFIGURATION Network Configuration 1. Click Network in the Configuration section of the Setup screen. The Network Configuration Screen appears. Note: If you have a dual LAN model, there is an Eth Failover checkbox that is selected by default, but can be turned off.
Page 32: Deployment
Deployment 1. You can remotely access the Dominion SX through a: LAN connection or a modem connection (optional). 2. The Dominion SX can access target devices only through a serial connection. LAN Connection After the initial software configuration phase, configure the DSX unit for operation on the LAN. Ensure that you have an Ethernet cable connected to the network for use with the unit.
Page 33: Chapter 4: Network Settings And Services
4: N HAPTER ETWORK ETTINGS AND ERVICES Chapter 4: Network Settings and Services This chapter explains how to configure the basic network settings for the DSX, and how to configure the various access protocols (SSH, telnet, etc.) It also explains how to configure the DSX for modem access, and how to enable IP forwarding and create static routes.
Page 34: Change The Discovery Ports
Change the Discovery Ports The DSX has two discovery ports: • TCP 5000 Common Socket Connection (CSC) discovery • UDP 5000 Command Center (CC) discovery If either of these ports is used by another application, you can change the discovery port number in the DSX in the appropriate field and click OK.
Page 35: To Change Any Of These Network Service Settings
4: N HAPTER ETWORK ETTINGS AND ERVICES To change any of these network service settings: Click the Setup tab, and then click Services. The Network Service Settings screen appears. Figure 13 Network Service Settings Make any necessary changes to the appropriate fields. Click OK.
Page 36: Configuring Modem Access
Configuring Modem Access You can access the DSX via a modem. To set this up: Click the Setup tab, and then click Modem. The Modem Settings screen appears. Figure 14 Modem Settings Screen Click the checkbox labeled Enable Modem to enable modem access. Type the IP addresses of the Point-to-Point (PPP) server in the PPP Server IP field.
Page 37: Add A New Static Route
4: N HAPTER ETWORK ETTINGS AND ERVICES Add a New Static Route To add a new Static Route: 1. Click the Setup tab, and then click Static Routes. The Static Routes screen appears. It consists of an Enable IP Forwarding panel and a Static Routes List. 2.
Page 38: Delete A Static Route
Delete a Static Route To delete a static route: Click the Setup tab, and then click Static Routes. The Static Routes screen appears. It consists of an Enable IP Forwarding panel and a Static Routes List. Go the Static Routes List and click the checkbox next to the route you want to delete. Click Delete.
Page 39: Chapter 5: User Profiles And Groups
5: U HAPTER ROFILES AND ROUPS Chapter 5: User Profiles and Groups This chapter explains how to create and manage user profiles and user groups. Managing User Profiles User profiles serve two purposes: • To provide users with a username and password to log into the DSX •...
Page 40: Figure 19 New User Screen
Click Add New User. The New User screen appears. Type a login name in the Username field. This is the name the user enters to log into the DSX. This field is required. • You can enter any number of characters up to a maximum of 255. •...
Page 41: Modify A User Profile
5: U HAPTER ROFILES AND ROUPS Tip: If the user group you want has not yet been created, you can create it and then return to the user profile and select it. For now, keep the default. Decide whether or not to activate this profile immediately. By default, the Active checkbox is selected.
Page 42: Display A List Of User Groups
Display a List of User Groups To display a list of existing user groups, click the User Management tab, and then click User Group List. The Group List screen appears (Figure 20). The Group List screen shows every user group created to date, and for each one gives the group’s name and class.
Page 43: Modify A User Group
5: U HAPTER ROFILES AND ROUPS • Observer Users associated with the Observer class have read-only access to the console window, and cannot change any system configuration parameters except their own password. Select the ports that the users associated with this group are permitted to access. You can select all ports, or you can select any combination of individual ports.
Page 44 SX U OMINION UIDE...
Page 45: Chapter 6: Remote Authentication
6: R HAPTER EMOTE UTHENTICATION Chapter 6: Remote Authentication This chapter explains how to configure RADIUS, LDAP, and TACACS+ authentication. Tip: If you are setting up remote authentication, it is a good idea to still keep local authentication enabled. When an authentication request reaches the DSX, it looks to authenticate the user remotely first, and then looks to authenticate the user locally.
Page 46: Configuring Ldap
Configuring LDAP You can use the Lightweight Directory Access Protocol (LDAP) to authenticate DSX users instead of local authentication. To configure LDAP: Click the Setup tab, and then click Remote Authentication. The Remote Authentication screen appears. It contains an LDAP panel. In the LDAP panel, click the LDAP button to enable LDAP authentication.
Page 47: Configuring Tacacs
6: R HAPTER EMOTE UTHENTICATION If you are using a modem to connect to the LDAP server, type a dialback string in the Dialback Query String field. If you have a backup LDAP server, enter the same information in the Secondary LDAP fields.
Page 48: Ominion Sx User Uide
SX U OMINION UIDE...
Page 49: Chapter 7: Port Configuration And Port Access Application
7: P HAPTER ONFIGURATION AND Chapter 7: Port Configuration and Port Access Application Port configuration allows Administrators to define the serial/console port settings in order to communicate with remote target devices. Note: You can access the Raritan Serial Console (RSC) from the Port screen. See the Raritan Serial Console section of this chapter for RSC information.
Page 50: Port Configuration
Port Configuration To configure one or more ports: Click the Setup tab, and then click Port Configuration. The Port Configuration screen appears. Figure 26 Port Configuration Screen Select the port(s) you want to configure. You can select one port or several ports, so long as the port configurations are all the same.
Page 51: Figure 27 Edit Port Screen
7: P HAPTER ONFIGURATION AND The Edit Port screen appears. Make sure the port values match the target system’s serial port configuration for the first three values. • Select the Baud Rate from the Baud Rate drop-down menu. Note: The minimum baud rate supported for local port access is 9600. •...
Page 52: Direct Port Access
Select the escape mode. The default is None. Change as follows: • Select Control from the drop-down menu in the Escape Mode field. • Type the Escape Character. The default for the Dominion SX is ] (closed bracket ). Select the terminal emulation type from the drop-down menu in the Emulation field. The choices are: •...
Page 53: Anonymous Port Access
7: P HAPTER ONFIGURATION AND Anonymous Port Access Anonymous port access allows users to access DPA configured ports without entering a password. To enable the feature: 1. Click the Security tab, and then click Login Settings. The Login Settings screen appears (Figure 54).
Page 54: Raritan Serial Client Requirements For Java
Raritan Serial Client Requirements for Java The Raritan Serial Client (RSC) requires a PC of minimum 1.0 GHz CPU speed with 512 MB RAM. Java must be installed to access targets (managed devices) before you can use the RSC. Java Runtime Environment (JRE) The RSC will function with JRE version 1.4.2_05 or later (except for JRE version 1.5.0_02) .
Page 55: Table 2 Java Runtime Parameters
7: P HAPTER ONFIGURATION AND ESCRIPTION ALUES YNTAX Sets the initial size -Xms<Size> in bytes of the Java heap. Sets the initial Java -Xmn<Size> in bytes heap size for the Eden generation. Sets the maximum -Xmx<Size> in bytes size to which the Java heap can grow.
Page 56: Raritan Serial Client Interface
Raritan Serial Client Interface Important: The Raritan Serial Client (Console) Screen usually window in back of the Port Screen. screen opens in front of the Port Screen. Minimize the Port Access screen to access the Raritan Serial Console screen. The RSC contains drop-down menus that provide the user with the ability to: •...
Page 57: Emulator
7: P HAPTER ONFIGURATION AND Emulator 1. Change the default user Idle Timeout setting before launching the RSC for the first time or it will timeout in 10 minutes and display a host termination message. See the Security section of the Dominion SX User Guide for changing the Idle Timeout setting.. 2.
Page 58: Figure 34 General Settings Window
Note: If the RSC Idletimeout expires, the Dominion SX Idletimeout period begins. Settings Note: Terminal emulation settings are set with the port by an Administrator using the Setup->Port Configuration menu. 1. On the Emulator menu, click Settings. The Settings screen displays the General tab with the default settings.
Page 59: Figure 35 Display Settings Window
7: P HAPTER ONFIGURATION AND Display Settings 1. Return to the Emulator menu, select Settings and then click the Display tab. Figure 35 Display Settings Window 2. Click Default to accept the Default settings. Then click Ok to close the Display Settings window;...
Page 60: Figure 36 Display Settings: Gui Font Properties
6. Click on the GUI Font Properties tab and accept the default of Monospaced or choose a font from the GUI Font Properties scrolling list. Figure 36 Display Settings: GUI Font Properties 7. Choose the following from their drop-down menus: •...
Page 61 7: P HAPTER ONFIGURATION AND Get History History information can be useful when debugging, troubleshooting, or administering a target device. The Get History feature: • Allows you to view the recent history of console sessions by displaying the console messages to and from the target device. •...
Page 62: Figure 37 Connected Users Window
Connected Users The Connected Users command allows you to view a list of other users who are currently connected on the same port. 1. Click Connected Users to view the connected users on the Emulator menu. Figure 37 Connected Users Window A check mark appears in the Write Access column after the name of the User who has Write Access to the console.
Page 63: Edit
7: P HAPTER ONFIGURATION AND Edit Use the Copy, Paste, and Select All text commands to relocate and/or re-use important text. Figure 38 Edit Commands - Copy, Paste, and Select All Text Copy and Paste All Text: 1. Click Select All on the Edit menu. 2.
Page 64: Tools
SX U OMINION UIDE Tools 1. Click on the Tools drop-down menu to display a list of topics. Figure 39 Tools Menu...
Page 65: Figure 40 Start Logging Command Window
7: P HAPTER ONFIGURATION AND Start Logging The Start Logging function allows you to collect raw console data from the target device and save it to a file in your computer. When you start the RSC, the Logging indicator on the status bar indicates whether logging is on or off.
Page 66: Chat
Send Keystroke 1. On the Tools menu, click Send Keystroke. A Send Keystroke screen appears: 2. Enter the keystroke combinations that you want and select a Key Code name from the drop- down menu. 3. Send the keystroke combinations. Send Text File 1.
Page 67: Help
7: P HAPTER ONFIGURATION AND To use Chat: 1. Click Chat on the Chat menu. Figure 42 SecureChat Command and User Chat Window 2. Type a message in the Message text field. 3. Click Send or press ENTER to send the message. 4.
Page 68: Standalone Raritan Serial Console Installation
To Access ‘About’ Information: 1. Click About Raritan Serial Console on the Help menu. An About Raritan Serial Console message appears on top of the Raritan Serial Console drop-down menu: Figure Sample of the About Raritan Serial Console Window 2. Click OK to close the About Raritan Serial Console window. Standalone Raritan Serial Console Installation Note: You can download the Standalone Raritan Serial Client from the Raritan support Web site:...
Page 69: Setting Windows Os Variables
7: P HAPTER ONFIGURATION AND • Ensure that Java can be started from the command line. To do this, environment variables must be configured. Make a note of the exact path where Java was installed. (The path information will be used later.) Setting Windows OS Variables Open the Start menu, and then open the Control Panel and choose System.
Page 70: Figure 45 Windows Os: New System Variable
Click OK. Figure Select the PATH variable and click Edit. Add %JAVA_HOME%\bin to the end of the current Variable value. Ensure a semicolon (;) separates the new value from the last value in the string. Windows OS: New System Variable SX U OMINION UIDE...
Page 71: Figure 46 Windows Os: Edit System Variable
7: P HAPTER ONFIGURATION AND Click OK. Figure Select the CLASSPATH variable and click Edit. Ensure the CLASSPATH Variable value is configured properly; that is, its value must have a period(.) in it. If, for any reason, there is no CLASSPATH variable defined, create one. Figure CCESS PPLICATION...
Page 72: Setting Linux Os Variables
Setting Linux OS Variables If you want to set Java for this user only, open and edit .profile file located in the /home/Username folder. If you want to set Java for all users, open .profile file in your /etc folder Find the line where you set your PATH Example: export PATH=$PATH:/home/username/somefolder Before that line you must set your JAVA_HOME and then modify your PATH to include it.
Page 73: Installing Standalone Rsc For Windows
7: P HAPTER ONFIGURATION AND Installing Standalone RSC for Windows You must have administrative privileges to install RSC. Log on to a Windows machine. Download, or copy from a known location, the RSC-installer.jar installation file. Double-click on the executable file to start the installer program. The splash screen appears. Click Next.
Page 74: Launching Rsc On Windows Systems
Click Next. The Windows shortcut screen appears. Figure 50 RSC Windows Shortcut Screen Specify the desired Program Group for the Shortcut. Click Next. The installation finished screen appears. Click Done. Launching RSC on Windows Systems Double-click on the shortcut or use Start Programs to launch the standalone RSC. The Raritan Serial Console Login connection properties window appears.
Page 75: Installing Rsc For Sun Solaris
7: P HAPTER ONFIGURATION AND Enter the Dominion SX IP address, account information, and the desired target (port). Click Start. The RSC opens with a connection to the port. Figure 52 Standalone RSC Connected to Port Window Note: In case of unrecognized characters or blurry screens that might appear in RSC window due to localization support, please try changing the font to Courier New.
Page 76: Launching Rsc On Sun Solaris
The Set Installation Path screen appears. a) Select the directory where you want to install RSC and click Next. b) Click Browse to navigate to a non-default directory. c) Click Next when the installation is complete. d) Click Next again. The installation is complete. The final screen indicates where you will find an uninstaller program, and allows the option of generating an automatic installation script.
Page 77: Chapter 8: Security
8: S HAPTER ECURITY Chapter 8: Security There are a number of elements to consider when addressing security for console servers. The following are some of the Security aspects: • Encrypting the data traffic sent between the operator console and the DSX unit. •...
Page 78: Login Settings
Login Settings Click Login Settings on the Security Settings screen to access the Login Settings screen, which contains the Local Authentication, Login Handling, and Strong Password Settings panels.. Local Authentication Go to the Local Authentication panel and click the Enable Local Authentication checkbox. The system displays these defaults in the following fields: •...
Page 79: Strong Password Settings
8: S HAPTER ECURITY Strong Password Settings To enable strong passwords, go to the Strong Password panel and select the requirements for a strong password. This includes maximum and minimum length and special character requirements. Configure Kerberos Click Enable Kerberos. Type the name of the file you want for your Hosts File in the Hosts File field or click on the Browse drop-down menu and select your file.
Page 80: Generate A Certificate Signing Request
Generate a Certificate Signing Request To generate a Certificate Signing Request (CSR): Click the Security tab, and then click Certificate. The Certificate screen appears. Figure 56 Certificate Signing Request Click the checkbox labeled Generate a Certificate Signing Request. Click on the drop-down menu in the Bits field. Keep the 1024 default or change it to 512. Type the following in the corresponding fields: •...
Page 81: Install A User Key
8: S HAPTER ECURITY Install a User Key To install a user key on the DSX: Click the Security tab, and then click Certificate. The Certificate screen appears. Click the checkbox labeled Install User Key. Type the following information in the corresponding fields: •...
Page 82: Ssl Client Certificate
Click the checkbox labeled Install User Certificate. Type the following information in the corresponding fields: • The IP address of the host with the certificate • A login and password on the host • The path and name of the file containing the certificate Click OK.
Page 83: Figure 59 Ssl Client Certificate Screen
8: S HAPTER ECURITY Figure 59 SSL Client Certificate Screen...
Page 84: Enabling Client Certificate Authentication
Enabling Client Certificate Authentication: To enable Client Certificate Authentication: Click Enable SSL Client Certification. 2. Click OK to enable the Client Certificate authentication. Installing a New Trusted To install a new trusted Certificate Authority (CA) to the DSX, the CA certificate must be on an accessible FTP server.
Page 85: Viewing A Certificate Revocation List
8: S HAPTER ECURITY Viewing a Certificate Revocation List To view a CRL: 1. Click View Certificate Revocation List. 2. Click OK to retrieve the list of CRLs. Banner Dominion SX optionally supports a customizable (maximum 5000 words, 8 words per row) welcome banner that is displayed after login.
Page 86: Security Profiles
Security Profiles The DSX provides three security profiles that you can use. They simplify the assigning of permissions to users and groups by defining basic permissions that automatically apply to all users. About Security Profiles The three security profiles are: Standard ─...
Page 87: Figure 62 Edit Custom Security Profile Screen
8: S HAPTER ECURITY Click the Edit Custom Profile link. The Edit Custom Security Profile screen appears. Figure 62 Edit Custom Security Profile Screen Check one or all of the following fields. • Telnet Access • Strong Password Required • Single Login Per User •...
Page 88: Firewall
Firewall The DSX provides a firewall function to provide protection for the IP network and to control access between the internal router and the LAN 1, LAN 2 and the dial modem interfaces. Enable the Firewall To enable the firewall: Click the Security tab, and then click Firewall.
Page 89: Chapter 9: Logging
9: L HAPTER OGGING Chapter 9: Logging This chapter explains how to enable and configure the various DSX logs. Configuring Local Event Logging To configure the local log settings, click the Setup tab, and then click Log. The Log Settings screen appears.
Page 90: Enable Port Logging
Click OK. Enable Port Logging You need to configure port logging after you have enabled NFS logging (see “Configuring NFS Logging” below). This feature enables port data to be logged to a Network File System (NFS) server. This allows you to save and access the log files over a network. NFS supports file sharing, which means you can store the files on the network that you want other people to access, while keeping your secure files on the DSX unit.
Page 91: Figure 67 Sample Output File
9: L HAPTER OGGING Mon Nov 06-2006 13:46:20 -------- admin connected to port-------- Mon Nov 06-2006 13:46:21 -------- admin got write access -------- Password: Authentication failure. Username: admin Password: Authentication successful. ---------------------------------------------------------------------- Welcome to the DominionSX. UnitName:sx181 FirmwareVersion:3.0.1.5.1 IP Address:192.168.51.181 Port Port Port Port Name...
Page 92: Configure Input Port Logging
Configure Input Port Logging To enable input port logging: Go to the Input Port Logging panel and click the Enable Input Port Logging checkbox. (To turn this feature off, clear this checkbox.) Figure 68 Input Port Logging Panel Type a directory for input in the In Directory field. Click OK.
Page 93: Configuring Smtp Logging
9: L HAPTER OGGING Configuring SMTP Logging To configure SMTP logging, click the Setup tab, and then click Events. The SMTP Logging screen appears. This screen contains and SMTP Settings panel and a New SMTP Event panel. Enable SMTP Logging To enable SMTP logging: Go to the SMTP Settings panel and click the Enable SMTP Server checkbox to enable SMTP logging.
Page 94: Test The Smtp Logging
Available events include: • event.amp.notice.port.connection • event.amp.notice.user.logoff • event.amp.notice.backup • event.amp.notice.restore • event.amp.notice.config.directaccesslockout • event.amp.notice.reboot • event.amp.notice.boot • event.amp.notice.config.datacom • event.amp.notice.config • event.amp.notice.upgrade • event.amp.keyword • event.amp.strongpasssword • event.amp.banner • event.amp.firewall • event.amp.iptablesaved • event.amp.security.clientauth • event.amp.security.clientcert.ca • event.amp.security.clientcert.crl.expired • event.amp.security.clientcert.crl.updated Type the email address to send the event in the Destination field.
Page 95: Figure 72 Nfs Settings Screen
9: L HAPTER OGGING Note: The NFS server must have the exported directory with write permission for the port logging to work. To configure NFS Logging: Click the Setup tab, and then click NFS. The NFS Settings screen appears. Click the Enable NFS checkbox to enable NFS logging. Type the IP address of the NFS server in the Primary IP field, and then enter the path to the log file in the Primary Directory field.
Page 96: Configuring Snmp Logging
Configuring SNMP Logging The DSX supports Simple Network Management Protocol (SNMP) traps and logging. Enable SNMP Logging To enable SNMP logging: Click the Setup tab, and then click SNMP. The SNMP screen appears. Go to the SNMP Setting panel and click the Enable SNMP checkbox to enable the SNMP feature.
Page 97: Chapter 10: Maintenance
10: M HAPTER AINTENANCE Chapter 10: Maintenance The Dominion SX maintenance features presented in this chapter allow the administrator perform the following tasks: • Manage event logs. • View configuration report. • Backup and restore the SX unit settings. • Upgrade firmware and track upgrade history.
Page 98: Send The Event Log
Send the Event Log To send the contents of the event log to a remote FTP server: Click the Maintenance tab, and then click Send Event Log. The Send Event Log screen appears. Enter the IP address of the FTP server in the IP address field. Enter a login name and password on the FTP server in the Login and Password fields.
Page 99: Backing Up And Restoring The Dsx
10: M HAPTER AINTENANCE Backing Up and Restoring the DSX When you back up the DSX, the system makes a copy of the DSX configuration (without network settings) and writes the copy to an FTP server. The file can be recovered using a Restore operation, if necessary.
Page 100: Restoring The Dsx
Restoring the DSX Restoring the DSX retrieves a copy of the DSX configuration from the FTP server where it has been backed up and writes the file to the DSX. To perform a restore operation Click the Maintenance tab, and then click Restore. The Restore screen appears. In the IP Address field, type the IP address of the source FTP server system from which the restore data will be retrieved.
Page 101: Display The Current Firmware Version
10: M HAPTER AINTENANCE Display the Current Firmware Version To display the current version of firmware running on a DSX unit, click the Maintenance tab, and then click Firmware Version. The Firmware Version screen appears. This screen shows the firmware version, RSC, kernel, and PMON. Upgrade the Firmware Before you perform a firmware upgrade, you must: Download the upgrades file(s), which are in WinZip format onto a folder on the local FTP...
Page 102: Display A Firmware Upgrade History
To perform the upgrade: Click the Maintenance tab, and then click Firmware Upgrade. The Firmware Upgrade screen appears. Figure 80 Firmware Upgrade Screen Type the IP Address of the FTP server in the IP Address field. Type your login name in the Login field. Type your password in the Password field.
Page 103: Performing A Factory Reset On The Dsx
10: M HAPTER AINTENANCE Performing a Factory Reset on the DSX Performing a factory Reset returns the DSX unit to its default factory settings. Be very careful when doing this, because it will erase all the data and settings on the DSX unit and return it to the state in which it was originally shipped.
Page 105: Chapter 11: Diagnostics
11: D HAPTER IAGNOSTICS Chapter 11: Diagnostics The Diagnostics function provides the administrator with the tools to test the network and monitor processes. Select the Diagnostics tab to display the Diagnostics screen. It provides links to Network Infrastructure Tools and Administrator Tools. Network Infrastructure Tools Network infrastructure tools allow you to view the status of the active network interfaces and important network statistics.
Page 106: Network Statistics
Network Statistics Click Network Statistics on the Diagnostics screen. The system displays network statistics. By default, all statistics are shown. To show specific statistics, select an entry from the drop- down menu in the Options field. Your choices are: o Route o Interfaces o Groups o Statistics...
Page 107: Ping Host
11: D HAPTER IAGNOSTICS Ping Host Click Ping Host on the Diagnostics screen. The Ping Host screen appears. Type the IP address of the host to be pinged in the IP Address field. Click Ping. The screen displays the results of the ping. Trace Route to Host Click Trace Route to Host on the Diagnostics screen.
Page 108: Administrator Tools ─ Process Status
Administrator Tools ─ Process Status Click Process Status in the Diagnostics Screen. The screen displays the results of your request. Click Refresh to update the information. Figure 87 Process Status SX U OMINION UIDE...
Page 109: Chapter 12: Command Line Interface
12: C HAPTER OMMAND NTERFACE Chapter 12: Command Line Interface Command Line Interface Overview The Dominion SX Serial Console supports all serial devices such as: • Servers, including Windows Server 2003 when using the Emergency Management Console (EMS-) Special Administration Console, or SAC with BIOS redirection in the server BIOS.
Page 110 ldap ldaps getservercert removeservercert viewservercert primaryldap secondaryldap radius primaryradius secondaryradius tacacsplus primarytacacs secondarytacacs CLI Command Overview – Part 1 network events ethernetfailover interface delete smtp ipforwarding name ports cleareventlog route eventlogfile routeadd eventsyslog routedelete nfsgetkey nfssetkey portlog sendeventlog vieweventlog ports modem config keywordadd...
Page 111 Connect Diagnostics (port sub-menu, reached using escape key sequence) ifconfig netstat clearhistory close gethistory traceroute getwrite return sendbreak writelock writeunlock CLI Command Overview – Part 2 history Maintenance ipmi backup cleareventlog ipmidiscover factoryreset ipmitool firmware listports logoff password reboot restore sendeventlog upgrade upgradehistory...
Page 112: Accessing The Dominion Sx Using Cli
The following common commands can be used from all levels of the CLI to the preceding figure: top, history, logout, quit, show, and help. Accessing the Dominion SX Using CLI Access the Dominion SX by using one of the following methods: •...
Page 113: Telnet Connection To The Dominion Sx
12: C HAPTER OMMAND NTERFACE Telnet Connection to the Dominion SX Due to the lack of security, username, password and all traffic is in clear-text on the wire, Telnet access is disabled by default. Enabling Telnet If you wish to use Telnet to access the DSX, first access the DSX from the CLI or a browser. 1.
Page 114: Local Port Connection To The Dominion Sx
Local Port Connection to the Dominion SX The local port of the Dominion SX must be connected to the COM port of a computer system, a terminal, or some other serial capable device using a null modem cable with DB-9F null on both ends.
Page 115: Figure 88 Sample Administrator Login
12: C HAPTER OMMAND NTERFACE The welcome message displays. You are now logged in as an Administrator. login as: admin Password: Authentication successful ----------------------------------------------------------------- Welcome to the DominionSX UnitName:DominionSX IP Address:192.168.51.194 ----------------------------------------------------------------- Port Port Name - Port1 [U] - Port3 [U] Current Time: Wed Sep 20 16:17:15 2006 admin >...
Page 116: Navigation Of The Cli
Navigation of the CLI Before using the CLI, it is important to understand CLI navigation and syntax; additionally, there are combinations of keystrokes that simplify CLI use. Completion of Command The CLI supports the completion of partially entered commands. After entering the first few characters of an entry, hit the Tab key;...
Page 117: Common Commands For All Command Line Interface Levels
12: C HAPTER OMMAND NTERFACE Common Commands for all Command Line Interface Levels Table 3 lists the commands that are available at all CLI levels. These commands also help navigate through the CLI. Table 3 Commands Common to All CLI Levels OMMANDS ESCRIPTION Return to the top level of the CLI hierarchy, or the “username”...
Page 118: Setting Parameters
Once the preceding parameters are set, the following areas can be configured from either the local console port or over the network: • service • security • users • serial ports Setting Parameters To set parameters the user must be logged in with administrative privileges. At the top level the user will see the “Username”...
Page 119: Cli Prompts
12: C HAPTER OMMAND NTERFACE CLI Prompts The Command Line Interface prompt indicates the current command level. The root portion of the prompt is the login name; admin is the root portion in the following command: admin > Config > Port > CLI Commands Table 4 lists and describes all available CLI commands.
Page 120: Security Issues
Switch to the security menu. security sendeventlog Sends the local event log to a remote FTP server. Show configuration options. show tacacsplus Switch to the TACACS+ Configuration Menu. Enable telnet communication and specify the port. telnet Return to the root menu. Print the route to a remote system traceroute upgrade...
Page 121: Configuring Users And Groups
12: C HAPTER OMMAND NTERFACE Configuring Logging and Alerts As part of the security capabilities of the Dominion SX, facilities are provided to log data and to provide alerts based on activities between the users, Dominion SX and the target device. These facilities provide an audit trail allowing the authority responsible to review what has happened in the system and determine who implemented what action and when.
Page 122: Set Escape Sequence
Set Escape Sequence To set the Escape sequence, ensure that the default Escape sequence set on the Dominion SX server does not conflict with a key sequence required by either the Access Client or the host operating system. The Escape key sequence is user-configurable. Console sub-mode should be displayed when the default escape key sequence ^] (programmable) is pressed.
Page 123: Ldap Configuration Menu
12: C HAPTER OMMAND NTERFACE • Idle time out for inactive users • User defined certificates • Security profiles. Table 5 Configuration: Authentication Commands: ldap Command Description ldaps getservercert removecert viewcert primaryldap secondaryldap radius primaryradius secondaryradius tacacsplus primarytacacs secondarytacacs Note: When configuring the LDAP server, the query string format on the server should contain the name of a group configured on the SX.
Page 124: Radius Command
ldaps Switches to the ldaps menu which includes the following commands: getservercert – FTP Retrieval of ldap certificate removecert – Remove LDAPS Certificate viewcert – View LDAPS Certificate Used to configure the primary ldap settings. primaryldap Used to configure the secondary ldap settings. secondaryldap LDAP Command Example admin >...
Page 125: Configuring Log
12: C HAPTER OMMAND NTERFACE Events Menu Command Examples admin > Config > events admin > Config > events > add admin > Config > events > smtp Configuring Log Configuration log command provides the administrator with the following commands to manage the logging features of the Dominion SX server: •...
Page 126: Nfsgetkey Command
eventsyslog [enable <true|false>] [] [secondary ip <ip>] The eventsyslog command options are described in Table 9. OMMAND PTION ESCRIPTION Enable or disable the system event log logging. enable <true|false> Primary FTP server address primary ip <ip> Secondary FTP server address secondary ip <ip>...
Page 127: Nfs Encryption Enable Command
12: C HAPTER OMMAND NTERFACE Note: aes128 is not supported in 3.0. Command Example admin > Config > Log > nfssetkey type aes128 key D2F05B5ED6144138CAB920CD NFS Encryption Enable Command Enable port logging and encryption of data: admin > Config > Log > portlog enable true encrypt true Portlog Command The portlog command enables and configures the logging of port data.
Page 128: Decrypting Encrypted Log On Linux-Based Nfs Server
Portlog Settings : Enable : false File Prefix: domSX-NFS File Size : 65535 UpdateFrequency : 20 TimestampFrequency : 20 Input Log Enable : false Input Log Directory: input Output Log Directory: output Encrypted : false Decrypting Encrypted Log on Linux-based NFS Server To decrypt nfs encryption on Linux platform, follow the instructions stated below: Retrieve the current nfs encryption key: admin >...
Page 129: Vieweventlog Command
12: C HAPTER OMMAND NTERFACE Vieweventlog Command The vieweventlog command displays the local log file. The syntax of the vieweventlog command is: vieweventfile Vieweventlog Command Example admin > Config > Log > vieweventlog Configuring Modem The modem menu provides access to commands used to configure modem access. Callback (dialback) occurs when the originator of a call is immediately called back in a second call as a response to the first dialin.
Page 130 Group :Admin Active : 1 Dialin and Dialback should be enabled on the device used for modem communication. When this configuration is set, the modem connection could be established. The user may use various types of modem dial-up clients to accomplish a successful modem connection to the SX device.
Page 131: Configuring Network
12: C HAPTER OMMAND NTERFACE The Remote LDAP Server user’s configuration should be: Dialback with remote TACACS user. (Tacacs+ v.4.0.3a) Dialin and Dialback should be enabled on the device used for modem communication. Primary (or/and Secondary) Tacacs Server Settings should be configured correctly and enabled on the SX device: Primary Server Enabled - true...
Page 132: Interface Command
Interface Command The interface command is used to configure the Dominion SX network interface. When the command is accepted, the unit will automatically reboot and drop the connection. You must then reconnect using the new IP address and the username admin and password newp/w entered in the resetting factory default password section.
Page 133: Ports Command
12: C HAPTER OMMAND NTERFACE OMMAND PTION name Command Example The following command sets the network name: admin > Config > Network > name Ports Command The ports command is used to configure the network ports. The syntax of the ports is: ports <>...
Page 134: Routedelete Command
OMMAND PTION Routeadd Command Example The following command adds a route to the route table: admin > Config > Network > routeadd Routedelete Command The routedelete command is used to remove a route from the kernel routing table. The syntax of the routedelete is: routedelete <>...
Page 135: Configuring Ports
12: C HAPTER OMMAND NTERFACE Command Example The following command displays the current NFS settings: admin > Config > NFS > nfs NFS Settings : Enable : 0 Primary IP : 0.0.0.0 Pimary Directory: Secondary IP : 0.0.0.0 Secondary Directory: Use the following command to enable remote NFS logging and configure the NFS Server: admin >...
Page 136 Port flowcontrol type flowcontrol <none|hw|sw> hw = hardware flow control sw =X on / X off) Enable/Disable detection of port connection detect <true|false> Use Ctrl-key (escapemode=control) or single key escapemode (escapemode=none) as escape sequence; for example, <none|control> Ctrl-] => escapemode=control, escapechar=] Escape character.
Page 137: Ports Keywordadd Command
12: C HAPTER OMMAND NTERFACE 1. The following example configures DPA port settings when the Administrator chooses DPA mode TCPPort. The Administrator needs to set the SSH or Telnet port value assigned for direct port access: admin > Config > Port > config port 1 ssh 7700 telnet 8800 Port 1: Configuration Saved changes will...
Page 138: Configuring Services
Command Example admin > ports > keywordadd Configuring Services The following commands provide the ability to configure the Dominion SX server services: • • Encryption • HTTP • HTTPS • Logout • • • Telnet dpa Command The permitted TCP Port Range is 1024-65535. When run without the mode parameter, the system displays the current dpa type.
Page 139 12: C HAPTER OMMAND NTERFACE ssh/telnet. port_range A block of contiguous IP addresses. base_dpaip Sstarting value for the block of contiguous IP addresses. IP address If IP Address = 0.0.0.0 is specified for a port, then the IP access is disabled for that particular port.
Page 140: Encryption Command
admin > Config > User > editgroup name Anonymous class op ports 1,2,3,4,5 Editing group... Group Anonymous: Configuration Saved The 'Anonymous' group is successfully configured. DPA Anonymous access: The DPA is already configured. (See the DPA configuration settings section.) DPA Mode is IP, IP 10.0.13.240 is assigned to port 1. When accessing the serial port with Anonymous port access, the user name should be “Anonymous”...
Page 141: Table 29 Http Command
12: C HAPTER OMMAND NTERFACE The syntax of the http command is: http [enable <true|false>] [port value] [redirect <true|false>] The http command options are described in Table 29. OMMAND PTION enable <true|false> port value redirect <true|false> HTTP Command Example The example below enables http access and redirection to https, and sets the default port to 2. admin >...
Page 142: Https Command
HTTPS Command The https command is used to control https access and define the port. The syntax of the https command is: https [enable <true|false>] [port value] The https command options are described in the following table. OMMAND PTION enable <true|false> port value HTTPS Command Example admin >...
Page 143: Ssh Command
12: C HAPTER OMMAND NTERFACE SSH Command The syntax of the ssh command is: ssh [enable <true|false>] [port value] The ssh command options are described in Table 31. OMMAND PTION ESCRIPTION Enable or disable SSH access. enable <true|false> SSH server tcp listen port port value SSH Command Example: admin >...
Page 144: Snmp Delete Command
The syntax of the add command is: add [dest ipaddress] [port value] The add command options are described in Table 33. OMMAND PTION ESCRIPTION SNMP destination IP address dest ipaddress SNMP destination port port value SNMP Add Command Example admin > Config > SNMP > add 72.236.162.33 78 SNMP Delete Command The SNMP delete command deletes trap recipients.
Page 145: Clock Command
12: C HAPTER OMMAND NTERFACE • clock • • timezonelist Clock Command The clock command lets the administrator set the time and date for the server. The syntax of the clock command is: clock [tz tz] [datetime datetime] [timezonelist] The clock command options are described in Table 36. OMMAND PTION ESCRIPTION...
Page 146: Configuring Users
The syntax of the command is: timezonelist Configuring Users The following commands provided the administrators with the ability to manager users: • addgroup • adduser • deletegroup • deleteuser • editgroup • edituser • groups • users Addgroup Command The addgroup command creates a group with common permissions. The syntax of the addgroup command is: addgroup [name groupname] [class <op|ob>] [ports <number|range|*>] The addgroup command options are described in Table 38.
Page 147: Deletegroup Command
12: C HAPTER OMMAND NTERFACE password Miscellaneous user information info user- information Activate/Deactivate user account active <true|false> Adduser Command Example The following example shows how to add a user. admin > Config > User > adduser user jjones fullname John-Jones group unix dialback 12146908003 password 123abc info AP-Systems active true Deletegroup Command...
Page 148: Edituser Command
OMMAND PTION Group name name groupname Group user class <op>erator or <ob>server class <op|ob> Port(s) assigned to the group. Single port or range of ports (1-n ports <number|range|*> or 1,3,4 or * for all ports) Command Example admin > Config > User > editgroup name unixgroup class op ports 1,4 Edituser Command The edituser command is used to manage information about a specified user.
Page 149: Users Command
12: C HAPTER OMMAND NTERFACE Users Command The users command shows the details of existing users. The syntax of the users command is: users Users Command Example admin > Config > User > users Connect Commands The connect commands provide a means to access ports and their history.. OMMAND ESCRIPTION Connect to a port.
Page 150: Ipmitool
• Only users belonging to the Administrator group are able to configure the support of IPMI. The supported IPMI version 2.0. The ipmidiscover tool syntax is: ipmidiscover [OPTIONS] startIP endIP All discovered targets supporting IPMI version 2.0 will be listed, allowing the user to select one and execute the IPMI operations.
Page 151 12: C HAPTER OMMAND NTERFACE Increase verbose output level. This option may be specified multiple times to increase the level of debug output. If given three times you will get hexdumps of all incoming and outgoing packets. Display version information. Selects IPMI interface to use.
Page 152 raw – Send a RAW IPMI request and print response <command> i2c – Send an I2C Master Write-Read command and print response lan – Configure LAN Channels chassis – Get chassis status and set power state power – Shortcut to chassis power commands event –...
Page 153: Listports Command
12: C HAPTER OMMAND NTERFACE Listports Command Command Description List accessible ports. listports admin > listports Port Port Name - Port1 [U] - Port3 [U] Port names up to 23 characters are displayed. Longer portnames are truncated to 22 characters, with a $ sign at the end The letter after the port name describes the state of each port.
Page 154: Cleareventlog Command
OMMAND PTION ESCRIPTION IP address of the target system where the backup will be written. [ip IP] Username of the account on the system where the backup will be <login LOGIN> stored. Password of the account on the system where the backup will be <passwd PASSWD>...
Page 155: Firmware Command
12: C HAPTER OMMAND NTERFACE Gateway : 192.168.0.192 Failover : true Do you wish to commit these settings (no/yes) (default: no) Firmware Command The firmware command provides the versions of the firmware. The syntax of the firmware command is: firmware Firmware Command Example admin >...
Page 156: Restore Command
Do you want to proceed with the reboot? (no/yes) (default: no) Restore Command The restore command retrieves a copy of the Dominion SX system from a system and writes the file to the Dominion SX server. The syntax of the restore command is: restore [ip IP] <login LOGIN>...
Page 157: Upgrade Command
12: C HAPTER OMMAND NTERFACE Sendeventlog Command Example admin > Config > Log > sendeventlog 72.236.162.187 login acy password pasraritansword path sxlogfile file log 32 Upgrade Command Note: in order to perform an upgrade, there should be a configured remote ftp server. The upgrade command upgrades one version of the system to another version, for example v2.5 to v3.0.
Page 158: Security Commands
The vieweventlog command displays the local log file. The syntax of the vieweventlog command is: vieweventfile Vieweventlog Command Example admin > Config > Log > vieweventlog Security Commands Dominion SX controls the ability to hack into the system by using random logins. The following security command menus provide access to the commands needed to configure the Dominion SX security features: •...
Page 159: Certificate Command Menu
12: C HAPTER OMMAND NTERFACE password password FTP Server password path pathname banner.txt. for example,/ftphome/banner.txt Command Example admin > Security > Banner> ftpgetbanner ip 72.236.162.171 login raritan password acy path /ftphome/banner.txt Certificate Command Menu The certificate command menu provides the client and server commands to create and manage security certificates.
Page 160: Firewall Command
Server Command Example admin > Security > certificate > server Firewall Command The firewall command provides control for the turning on or off the firewall. The syntax of the firewall command is: firewall [enable <true|false>] The firewall command options are described in the following table. OMMAND PTION ESCRIPTION...
Page 161 12: C HAPTER OMMAND NTERFACE Load a match extension module. -m state The protocol of the traffic. Source address Save the IP Tables. -save --state NEW <enter rule to trigger here> -t filter iptables Command Examples Iptables can be configured in a plethora of ways that is outside the scope of this document. The examples below show some simple configuration options created with iptables.
Page 162: Kerberos Command
To view the current iptables ruleset admin > Security >firewall >iptables –list Clear the iptables rules To clear the iptables rules. admin > Security >firewall >iptables --flush Save the configured settings To save the iptables rules into the local database. admin >...
Page 163: Loginsettings Commands
12: C HAPTER OMMAND NTERFACE • The above 3 machines should be pingable by FQDN. Get the hosts file using gethostnamefile from the Kerberos menu. • Use klist to check the ticket expiration. Most of the kadmin error messages are associated with ticket expiration •...
Page 164: Inactiveloginexpiry Command
idletimeout [number value] time idletimeout Command Example admin > Security > LoginSettings > idletimeout time 99 Inactiveloginexpiry Command The inactiveloginexpiry command sets the number of days before an account will expire due to inactivity. The syntax of the inactiveloginexpiry command is: inactiveloginexpiry [days value] The inactiveloginexpiry command options are described in Table 63.
Page 165: Singleloginperuser Command
12: C HAPTER OMMAND NTERFACE The lockoutperiod command options are described in Table 65. OMMAND PTION ESCRIPTION time time Period of time (in minutes) for which the user cannot login after account deactivation. Command Example admin > Security > LoginSettings > lockoutperiod time 120 Singleloginperuser Command The singleloginperuser command enables or disables multiple logins per user..
Page 166: Unauthorizedportaccess Command
Table 67 Strongpassword Command OMMAND PTION StrongPasswordRulesEnable true/false PWUppercaseRequired PWLowercaseRequired PWNumberRequired PWSymbolRequired PasswordValidityPeriod PasswordHistoryDepth MinPasswordLength MaxPasswordLength Strongpassword Command Example The following example sets the Strong Password rules in effect: • Uppercase is required. • Lowercase is not required. • Numbers are required. •...
Page 167: Securityprofiles Commands
12: C HAPTER OMMAND NTERFACE Securityprofiles Commands The securityprofiles command menu provides access to the commands used to configure and control security profiles. The securityprofiles commands are listed in the table below. OMMAND ESCRIPTION profiledata View or modify a Security Profile. securityprofiles Enable and select a Security Profile.
Page 168 SX U OMINION UIDE...
Page 169: Chapter 13: Intelligent Platform Management Interface
13: I HAPTER NTELLIGENT LATFORM ANAGEMENT Chapter 13: Intelligent Platform Management Interface The Intelligent Platform Management Interface (IPMI lets you manage the IPMI functions of a remote system. The following topics are covered in this chapter: • Discover IPMI Devices •...
Page 170: Ipmi Configuration
IPMI Configuration IPMI configuration lets you manage the IPMI functions of a remote system. These functions include printing FRU information, LAN configuration, sensor readings, and remote chassis power control. Click on the IPMI Configuration section of the IPMI screen to get IPMI configuration information.
Page 171 13: I HAPTER NTELLIGENT LATFORM ANAGEMENT Interfaces: open Linux OpenIPMI Interface [default] Intel IMB Interface IPMI v1.5 LAN Interface Commands: Send a RAW IPMI request and print response Send an I2C Master Write-Read command and print response Configure LAN Channels chassis Get chassis status and set power state power...
Page 172 SX U OMINION UIDE...
Page 173: Chapter 14: Power Control
14: P HAPTER OWER ONTROL Chapter 14: Power Control Power Control lets you manage the power functions. The following topics are covered in this chapter: • Power Control • Associations Power Control • Power Strip Power Control • Power Strip Status Port Power Associations You can associate one or more outlets on a powerstrip connected to the DSX to specific DSX ports.
Page 174: Delete A Port Power Association
locked from any control. Note: Power control is not supported on the last port of the DSX unit. The last port of the unit can be used for non-power control device. Delete a Port Power Association To delete a port power association: Click the Setup tab, and then click Port Power Association List.
Page 175: Power Association Groups
14: P HAPTER OWER ONTROL Power Association Groups To create a power associations group: Click the Setup tab, and then click Power Association Groups List. 16. Click Add. The Power Association Groups screen appears. Figure 95 Power Association Group Screen 17.
Page 176: Associations Power Control
Associations Power Control Click Associations Power Control on the Power Control menu to access the tool to manage power control associations. Figure 97 Associations Power Control Note: When executing power on/off operation, about ~5 seconds are added to the configured sequential interval, resulting in an operational delay time (minimum amount of time to operate).
Page 177: Power Strip Power Control
14: P HAPTER OWER ONTROL Power Strip Power Control Click Power Strip Power Control on the Power Control menu to access the tool to manage power strips. Figure 98 Power Strip Power Control...
Page 178: Power Strip Status
Power Strip Status Click Power Strip Status on the Power Control menu to check power strip status. CLI Command for Power Control CLI Port Power Association Description: Power Control menu – Associate a power strip outlet to a DSX port Scenario #1 Port Power Association –...
Page 179 14: P HAPTER OWER ONTROL Scenario #3 Port Power Association – Associate 6 Outlets to one port spread across two PDUs. Pre-condition Administrator user is logged in via CLI. Two Power Strip devices (DPX) are physically connected and configured to the DSX, respectively named PowerStr1 and PowerStr2. User is in power menu.
Page 180: Remove Port Power Association
Pre-condition Administrator user is logged in via CLI. 6 Power Strip devices (DPX) are physically connected and configured to DSX. User is in power menu. Action Enter Command to associate Port1 to Outlet1 of PowerStr1. Press Enter. Repeat steps 1 and 2 to associate Port1 with Outlet1 from each of the other PDUs.
Page 181: Cli Power Association Group
14: P HAPTER OWER ONTROL Administrator is in power menu. Action Enter command. Press Enter. CLI Input setpowerport name PowerStr1 type DPCS12 port 1 Scenario #3 Power Strip Configuration after factory reset Pre-condition Power strip device (DPX) named PowerStr1 is physically connected to Port1 of DSX.
Page 182: Cli Power Strip Power Control
Scenario #5 Delete Power Group Pre-condition Administrator user is logged in via CLI. Power strip device (DPX) named PowerStr1 is physically connected to Port1 of DSX. Administrator is in Power Action Enter Command. Press Enter. CLI Input Command: deletepowergroup name “Test Group” CLI Power Strip Power Control Description: Power Control Menu Scenario #1...
Page 183: Cli Association Power Control - Port Association
14: P HAPTER OWER ONTROL Power Strip device (DPX) named PowerStr1 is physically connected to Port1 of DSX. Administrator is in power menu. Action Enter command to set sequence interval. Press Enter. Enter command to switch off group of outlets. Press Enter.
Page 184: Cli Association Power Control - Group Association
Scenario #2 Association Power Control – Recycle Port Association (Target is associated to Two Outlets from one Power Strip) Pre-condition Administrator user is logged in via CLI. Power Strip device (DPX) named PowerStr1 is physically connected to Port1 of DSX. Port Power Association named Target2 is already created and available in the list.
Page 185 14: P HAPTER OWER ONTROL Target1 Target2 PowrStr1 Scenario #1 Turn ON Group Association Pre-condition Administrator user is logged in via CLI. Administrator is in power menu. Group Association named Group1 (shown in Fg.1) is already created. Action Enter Command. Press Enter.
Page 186: Cli Power Strip Status
⋅ CLI Input powerdelay sequence 2 cycle 5 ⋅ cycle nodegroup Group1 Scenario #6 Recycle Group Association (outlets in association are with different statuses) Pre-condition Administrator user is logged in via CLI. Administrator is in power menu. Group Association named Group1 (shown in Fg.1) is already created. Outlets in Group1 are with different statuses.
Page 187 14: P HAPTER OWER ONTROL Scenario #1 Power Strip Status Pre-condition Administrator user is logged in via CLI. Power strip device (DPX) named PowerStr1 is physically connected to Port1 of DSX. Administrator is in Power menu. Action Enter Command. Press Enter. CLI Input Command: powerstrip name PowerStr1 Result...
Page 188 Pre-condition Administrator user is logged in via CLI. Power strip device (DPX) named PowerStr1 is physically connected to Port1 of DSX. Group association named Group1 is created. Outlet1 and Outlet2 are with status “ON”. Administrator is in Power menu. Action Check the current status of outlets –...
Page 189: Chapter 15: Top-10 Use Cases
15: P HAPTER OWER ONTROL Chapter 15: Top-10 Use Cases This chapter includes 10 of the mostly common cases to help familiarize users quickly with practical operation on DSX unit. Please note that data entered in the case are created as examples, and could vary upon different situations.
Page 190: Case 4. Configuring Ldap
RSC). The icon on status line will display Write Access (Lock) now, meaning now all users can only view the port connection. 6. Log in the device connected to the port, and try interacting with the device using the RSC panel.
Page 191: Case 7. Managing User Profiles On Dsx
15: P HAPTER OWER ONTROL Select Maintenance Factory Reset. You will be prompted to confirm your decision. Do not power off DSX unit as it reboots with default configuration. You will be re-directed to the login page after the unit is rebooted. If you try to log in for the first time after reset, you’ll be advised on the screen that you’re now in the factory default mode, and promoted for changing password after logging in with default username and password.
Page 192: Case 10. Cli / Ssh Connection To Sx Port
Case 10. CLI / SSH Connection to SX Port Purpose: To access SX unit itself and SX ports using text-based command lines. SSH access from a Windows PC Launch the SSH client software (such as Plink or PuTTY). Enter IP address of DSX server (e.g. 192.168.0.192) and the TCP port if applicable. Select SSH (using default configuration port 22), and click the Open button.
Page 193: Appendix A: Specifications
A: S PPENDIX PECIFICATIONS Appendix A: Specifications This appendix contains sections describing: • DSX models and specifications • Requirements and tested browser requirements • DSX hardware for connecting DSX to common vendor models • DSX Serial RJ-45 pinouts • DB9 and DB25 Nulling Serial Adapter Pinouts •...
Page 194: Table 72 Dominion Sx Dimensions And Weight
The following table lists the Dominion SX models, their dimensions, and weight. Table 72 Dominion SX Dimensions and Weight MODEL DIMENSIONS (W) x (D) x (H) DSX4 11.41"x 10.7"x 1.75"; 290x 270 x 44mm DSXB-4-M 11.41"x 10.7"x 1.75"; 290x 270 x 44mm DSXB-4-DC 11.41"x 10.7"x 1.75";...
Page 195: Requirements
A: S PPENDIX PECIFICATIONS Requirements The following table lists the requirements for the DSX. Table 73 Dominion SX Requirements EQUIREMENTS Power 110/220V auto-switching: 50-60 Hz or -36 to -72V DC for DC-powered models Operating Temperature 32° to 104° F (0° to 40° C) Operating Humidity 20% - 85% RH non-condensing Operating altitude...
Page 196: Connectivity
Connectivity The following table lists the necessary Dominion SX hardware (adapters and/or cables) for connecting the DSX to common Vendor/Model combinations. VENDOR DEVICE Checkpoint Firewall Cisco PIX Firewall Cisco Catalyst Cisco Router Hewlett Packard UNIX Server Silicon Graphics Origin SPARCStation Netra T1 Cobalt Various...
Page 197: Dominion Sx Serial Rj-45 Pinouts
A: S PPENDIX PECIFICATIONS Dominion SX Serial RJ-45 Pinouts To provide maximum port density and to enable simple UTP (Category 5) cabling, Dominion SX provides its serial connections via compact RJ-45 ports. However, no widely adopted industry- standard exists for sending serial data over RJ-45 connections. The following tables list the RJ-45 pinouts for the RJ-45 connector, which is on the back of the DSX.
Page 198: Db9M Nulling Serial Adapter Pinouts
DB9M Nulling Serial Adapter Pinouts Table 78 DB9M Nulling Serial Adapter Pinouts RJ-45 (F DB25F Nulling Serial Adapter Pinouts Table 79 DB25F Nulling Serial Adapter Pinouts RJ-45 (F DB25M Nulling Serial Adapter Pinouts Table 80 DB25M Nulling Serial Adapter Pinouts RJ-45 (F Dominion SX Terminal Ports All Dominion SX models, except the DSX16 and DSX32, have the same pinouts on the two...
Page 199: Table 81 Dominion Sx Terminal Port Pinouts-First Port
A: S PPENDIX PECIFICATIONS serial port. The DSX16 and DSX32 models have only one external DB9M serial port (labeled TERMINAL). Both ports support a VT100 terminal or equivalent (PC running VT100 emulation software, for example, HyperTerminal, or Linux Minicom). Local port access must be enabled and set to the same speed as the managed device for it to work.
Page 200: Dominion Sx16 And Sx32 Terminal Ports
Dominion SX16 and SX32 Terminal Ports A modem should not be connected to the DSX16 and DSX32 terminal port because the Ring Indicator (RI) signal is not present. These models have a built-in modem that can be enabled or disabled. The modem is disabled by default. Table 83 Dominion SX16 and SX32 Terminal Port Pinouts DB9M PIN Here is some additional information about the Dominion SX16 and SX32 Terminal Ports:...
Page 201: Appendix B: System Defaults
B: S PPENDIX YSTEM EFAULTS Appendix B: System Defaults This appendix contains the system defaults and directions for port access. Table 84 Dominion SX System Defaults IP Address Subnet Mask CSC Port Address (TCP) Port address for CC discovery (UDP) Factory default username Factory default password Direct Port Access (DPA)
Page 202: Table 85 Initiating Port Access
Use the following information for initiating port access: INITIATE PORT ACCESS ORTS USING HTTP Ports 80, 443 and 5000 must be kept open in the firewall for the unit to operate. Port 5000 can be configured. HTTPS SSL(S) only TCP port 443 needs to be open; port 80 can be closed TCP port 22 needs to be open Telnet...
Page 203: Appendix C: Certificates
C: C PPENDIX ERTIFICATES Appendix C: Certificates This appendix contains sections describing Certificates and Certificate Authority and provides directions about how to: • Install Dominion SX CA Certificate to a Browser Certificate • Install SX Server Certificate for IE Browsers •...
Page 204: Install The Dominion Sx Server Certificate In Internet Explorer
Install the Dominion SX Server Certificate In Internet Explorer By installing the Dominion SX Server certificate in IE, you can prevent the Security Alert window from appearing whenever you access the Dominion SX Unit. This step will have to be performed for each SX unit that you wish to access.
Page 205: Remove An Accepted Certificate In Internet Explorer
C: C PPENDIX ERTIFICATES Remove an Accepted Certificate In Internet Explorer Removing a certificate that you have previously accepted from the unit is the same process whether removing a Raritan default certificate or a user-installed third-party certificate. Launch IE and on the Tools menu, click Internet Options. The Internet Options window appears.
Page 206: Accept A Certificate (Session-Based)
Accept a Certificate (Session-Based) On initially connecting to a Dominion SX unit will be presented with a certificate warning screen. This certificate by default will be signed by the local SX unit's CA as described above and you will have to accept this certificate to continue. To eliminate the appearance of this window for this Dominion SX unit permanently, you must install the server certificate in your browser.
Page 207: Install A Third-Party Root Certificate
C: C PPENDIX ERTIFICATES Select the Web Sites tab and select the certificate name that is the common name of the IP address of the Dominion SX, and select the Delete button. Click OK on the “Delete Web Site Certificates” window to confirm the deletion of the certificate.
Page 208: Installing A Third-Party Root Certificate To Netscape Navigator
Installing a Third-Party Root Certificate to Netscape Navigator On the CA Web site, click on the root certificate link and the New Certificate Authority window will appear. Click Next, and Next in the following screen. The Certificate Fingerprint will appear, providing information about the CA and the root certificate you are downloading.
Page 209: Install Client Root Certificate Into The Sx
C: C PPENDIX ERTIFICATES Select the Install User Key radio button. Insert the ftp parameters to retrieve the CA Public key file. Click OK. The SX will show “User Key Installed” at top of pane. Select the Install User Certificate radio button. Fill in the ftp parameters to retrieve the CA signed Certificate.
Page 210 SX U OMINION UIDE...
Page 211: Appendix D: Server Configuration
D: S PPENDIX ERVER ONFIGURATION Appendix D: Server Configuration This appendix contains sections describing the steps to configure Dominion SX units and authentication servers for the following authentication protocols: • Microsoft Internet Authentication Service (IAS) RADIUS Server • Cisco Access Control Server (ACS) Radius Server •...
Page 212: Create An Ias Policy
Create an IAS Policy The following section describes the steps to create a policy to allow Radius users to access the Dominion SX. The example in this section requires two conditions, the client source IP address of the Dominion SX and the UserID is a member of the SX User Group: •...
Page 213: Cisco Acs Radius Server
D: S PPENDIX ERVER ONFIGURATION 15. Move the new policy so it appears as the first (top) policy in the Policy List. Note: If required, create a policy to allow dialup access to all users that are members of a group (Windows may already have a default Policy in place to permit access by any user with Dial In enabled, so this new policy would be optional.
Page 214 11. To add new users and configure RADIUS (IETF) attributes, click User Setup in the left panel of the screen. 12. Type the user’s name and click Add/Edit. 13. To edit existing users, click User Setup in the left panel of the screen and click List All Users.
Page 215: Tacacs+ Server Configuration
D: S PPENDIX ERVER ONFIGURATION TACACS+ Server Configuration The Dominion SX unit has the capability to use Terminal Access Controller Access-Control System Plus (TACACS+) for authentication services. The Dominion SX requires a new service to be added and two argument-value pairs to be returned by the server.
Page 216: Figure 101 Cisco Acs Interface Configuration
SX U OMINION UIDE 2. Select Interface Configuration. Figure 101 Cisco ACS Interface Configuration 3. Select TACACS+ (Cisco IOS). 4. Add dominionsx service under the heading New Services. Figure 102 TACACS+ Properties...
Page 217: Active Directory
D: S PPENDIX ERVER ONFIGURATION 5. When adding or editing a user or group, the dominionsx service will appear under the heading TACACS+ Settings. The service can be enabled per user or per group by selecting the dominionsx and Custom Attributes check boxes. Add the attributes (user- type) and the appropriate values to the text box.
Page 218 SX U OMINION UIDE...
Page 219: Appendix E: Modem Configuration
E: M PPENDIX ODEM ONFIGURATION Appendix E: Modem Configuration Client Dial-Up Networking Configuration Configuring Microsoft Windows Dial-Up Networking for use with Dominion SX allows configuration of a PC to reside on the same (Define?)PPP network as the Dominion SX. After the dial-up connection is established, connecting to a Dominion SX is achieved by pointing the web browser to the PPP Server IP.
Page 220: Figure 104 New Phone Entry Display
The New Phonebook Entry window allows you to configure the details of this connection. Figure 104 New Phone Entry Display 3. Click on the Basic tab and complete the following fields: o Entry name: Name of the Dominion SX connection o Phone number: Phone number of the line attached to the Dominion SX unit o Dial using: Modem being used to connect to Dominion SX;...
Page 221: Windows 2000 Dial-Up Networking Configuration
E: M PPENDIX ODEM ONFIGURATION 6. Click OK to return to the main Dial screen. Figure 105 Dial-Up Security Display 7. Click Dial. See the Windows NT Users Guide if you receive any error message. Windows 2000 Dial-Up Networking Configuration 1.
Page 222: Figure 107 Network Connection Type
4. Click the Dial-up to private network radio button and click Next. Figure 107 Network Connection Type 5. Select the check box before the modem that you want to use to connect to the Dominion SX unit and then click Next. 6.
Page 223: Figure 109 Phone Number To Dial
E: M PPENDIX ODEM ONFIGURATION 8. Click Next. Connection Availability Screen appears. 1. Click on the Only for myself radio button in the Connection Availability screen. 2. Click Next. The Network Connection has been created 3. Type the name of the Dial-up connection. 4.
Page 224: Windows Xp Dial-Up Networking Configuration
Windows XP Dial-Up Networking Configuration 1. Select Start → Programs → Accessories → Communications → New Connection Wizard. 2. Click Next and follow the steps in the New Connection Wizard to create custom dialup network profiles. 3. Click the Connect to the Internet radio button and click Next. Figure 111 Network Connection Type 4.
Page 225: Figure 113 Internet Connection
E: M PPENDIX ODEM ONFIGURATION 5. Click on the radio button before Connect using a dial-up modem and click Next. Figure 113 Internet Connection 6. Type a name to identify this particular connection in the ISP Name field and click Next. Figure 114 Connection Name...
Page 226: Figure 115 Phone Number To Dial
7. Type the phone number of this connection in the Phone number field and click Next. 8. Type your ISP information; type the User name and Password in the appropriate fields, and retype the password to confirm it. 9. Click on the checkbox before the appropriate option below the fields and click Next. Figure 116 Internet Account Information 10.
Page 227: Appendix F: Troubleshooting
F: T PPENDIX ROUBLESHOOTING Appendix F: Troubleshooting The following tables describe problems and suggested solutions for the problems. Page Access Table 86 Troubleshooting Page Access ROBLEM Cannot login – what are username: admin (all lower case) factory defaults? (only for password: raritan (all lower case) Dominion SX units running firmware version...
Page 228: Firewall
ROBLEM Number of Users The unit has a security measure that allows only a specific number Exceeded of login pages to be authenticated at any given time. Should this number be reached when attempting to login to the unit, a pop-up window displays indicating that the maximum number of users is exceeded.
Page 229: Login
F: T PPENDIX ROUBLESHOOTING Login ROBLEM Login Failure To provide additional security, the unit login screen expires after three minutes. Therefore, all login attempts after this time period will fail. Reload the browser to reset this timer. Hold down the SHIFT key and click Reload in your browser. This will refresh the login screen from the unit itself (not from a local cache) and allow login to the unit.
Page 230: Upgrade
Upgrade Table 90 Troubleshooting Upgrade ROBLEM FTP - Server Unreachable If FTP server specified in the upgrade panel is unreachable or incorrect, the upgrade process halts until a response is received from the FTP server or until a timeout occurs. Wait and allow the FTP Server Unreachable message to appear.
Page 231: Modem
F: T PPENDIX ROUBLESHOOTING Figure 118 Firmware Upgrade – Connection Fail Figure 119 Firmware Upgrade – Auto Logout Modem ROBLEM Login Failure The unit supports Web-browser access through the modem at connection speeds of 28.8K bps or greater. If the baud rate is insufficient, the user may be unable to log on to the unit via the modem.
Page 232: Ominion Dsx User Uide
SX U OMINION UIDE...
Page 233 U.S./Canada/Latin America Monday - Friday 8 a.m. - 8 p.m. ET Phone: 800 724-8090 or 732-764-8886 For CommandCenter NOC: Press 6, then Press 1 For CommandCenter Secure Gateway: Press 6, then Press 2 Fax: 732 764-8887 Email for CommandCenter NOC: tech-ccnoc@raritan.com Email for all other products: tech@raritan.com Europe Monday - Friday...

This manual is also suitable for:

Dominion sx series Dominion sx16

Raritan DOMINION DSX-0N-E User Manual

Preface

Chapter 1: Introduction

Chapter 2: Installation

Chapter 3: Initial Software Configuration

Chapter 4: Network Settings and Services

Chapter 5: User Profiles and Groups

Chapter 6: Remote Authentication

Chapter 7: Port Configuration and Port Access Application

Figure 27 Edit Port Screen

Chapter 8: Security

Chapter 9: Logging

Chapter 10: Maintenance

Chapter 11: Diagnostics

Chapter 12: Command Line Interface

Quick Links

User Guide

Troubleshooting

Related Manuals for Raritan DOMINION DSX-0N-E

Summary of Contents for Raritan DOMINION DSX-0N-E