Page 4
Safety Guidelines To avoid potentially fatal shock hazard and possible damage to Raritan equipment: • Do not use a 2-wire power cord in any product configuration. • Test AC outlets at your computer and monitor for proper polarity and grounding. •...
Page 6
Chapter 7: Port Configuration and Port Access Application...31 Port Keywords... 31 Port Configuration ... 32 Direct Port Access... 34 Anonymous Port Access ... 35 Raritan Serial Console ... 35 Raritan Serial Client Requirements for Java ... 36 Java Runtime Environment (JRE)...36 Java Applets and Memory Considerations ...36 Raritan Serial Client Interface ...
Page 7
ONTENTS Test the SMTP Logging ...76 Configuring NFS Logging ... 76 Configuring SNMP Logging... 78 Enable SNMP Logging ...78 Create a New SNMP Destination ...78 Chapter 10: Maintenance...79 Managing the Local Event Log... 79 Display the Local Event Log ...79 Clear the Event Log ...79 Send the Event Log ...80 Displaying a Configuration Report ...
Preface The Dominion SX User Guide provides the information needed to install, set up and configure, access devices such as routers, servers, switches, VPNs, and power strips, manage users and security, and maintain and diagnose the Dominion SX secure console server. Audience The primary audiences for this guide are infrastructure administrators and installers who are responsible for installing and setting up devices such as secure console servers.
REFACE XIII CRONYM EANING Virtual Private Network Notices Important: cautionary information that warns of possible affects on the users, corruption risks, and actions that may affect warranty and service coverage. Note: general information that is supplemental to the text.
1: I HAPTER NTRODUCTION Chapter 1: Introduction Dominion SX Overview The Dominion SX Series of Serial over IP Console Servers offers convenient and secure, remote access and control through LAN/WAN, Internet, or Dial-up modem to all networking devices. The Dominion SX: •...
Product Features Comprehensive Console Management • Remote Management: Access, monitor, administer, and troubleshoot up to 48 target devices (depending on the model) via Secure Socket Shell (SSH), Telnet, Local Port or Web browser with only one IP address. • Direct Port Access via TCP/IP address per port; or one IP address and TCP Port numbers. •...
1: I HAPTER NTRODUCTION Package Contents Each Dominion SX ships with the following: • (1) Dominion SX unit with mounting kit (Rack-mount kit is optional on some units) • (1) Raritan Dominion SX User Guide CD-ROM, which contains the installation and operations information for the Dominion SX •...
Page 22
SX U OMINION UIDE This page intentionally left blank.
2: I HAPTER NSTALLATION Chapter 2: Installation There are two ways of completing the initial network installation of the Dominion SX: • Using a serial cable with a VT100/equivalent, such as a PC with HyperTerminal. • Using Ethernet (with an installation computer). This section describes the steps necessary to configure Dominion SX for use on a local area network (LAN).
Hardware Installation Figure 2 Rear Panel of the DSXA-32 Physical Installation of Dominion SX for Initial Configuration 1. Use a computer with a network card and crossover network cable. This computer will be referred to as the ‘installation computer.’ 2. Physically mount the unit in an ergonomically sound manner. The unit is designed to be easily rack-mounted, and rack mounting is recommended.
2: I HAPTER NSTALLATION Initial Configuration Using the Graphical User Interface (GUI) To initially configure the Dominion SX unit from the Graphical User Interface, follow the steps below. Network Access 1. Ensure that the installation computer has the route for 192.168.0.192 and that it can communicate with IP address 192.168.0.192.
The login screen appears after you finish viewing the security alerts and the Certification Information screen. 7. Log in with the default username admin and password raritan. Use all lowercase letters. A Restricted Service Agreement Screen appears: Figure 5 Restricted Service Agreement Screen Note: Once you click Accept after login, the Dominion SX prompts you to change the default password.
2: I HAPTER NSTALLATION Initial Configuration Using the Command Line Interface To initially configure the Dominion SX unit from the Command Line Interface, follow the steps below. 1. Connect the serial port of your Installation Computer to the Terminal serial port on your Dominion SX.
1. Type Configuration to change the unit’s configuration. 2. Type Network to select the network configuration. 3. Type: admin > Config > Network > interface enable true if lan1 ip 192.16.151.12 mask 255.255.255 gw 192.168.51.12 .Upon successfully entering the data, a report will display the new network configuration and you will be prompted to reboot the unit.
3: I HAPTER NITIAL OFTWARE ONFIGURATION Chapter 3: Initial Software Configuration After the hardware installation, perform the initial software configuration. Do this by logging onto the Dominion SX from either a browser or through a Command Line Interface (See Chapter 12: Command Line Interface for CLI information.) Dominion SX Initial Software Configuration 1.
Important: After you complete each configuration task, you must return to the Setup tab to perform the next configuration task. Date / Time Configuration 1. Click the Date / Time in the Configuration section of the Setup Screen. The Date / Time Configuration screen appears.
3: I HAPTER NITIAL OFTWARE ONFIGURATION Network Configuration 1. Click Network in the Configuration section of the Setup screen. The Network Configuration Screen appears. Note: If you have a dual LAN model, there is an Eth Failover checkbox that is selected by default, but can be turned off.
Deployment 1. You can remotely access the Dominion SX through a: LAN connection or a modem connection (optional). 2. The Dominion SX can access target devices only through a serial connection. LAN Connection After the initial software configuration phase, configure the DSX unit for operation on the LAN. Ensure that you have an Ethernet cable connected to the network for use with the unit.
4: N HAPTER ETWORK ETTINGS AND ERVICES Chapter 4: Network Settings and Services This chapter explains how to configure the basic network settings for the DSX, and how to configure the various access protocols (SSH, telnet, etc.) It also explains how to configure the DSX for modem access, and how to enable IP forwarding and create static routes.
Change the Discovery Ports The DSX has two discovery ports: • TCP 5000 Common Socket Connection (CSC) discovery • UDP 5000 Command Center (CC) discovery If either of these ports is used by another application, you can change the discovery port number in the DSX in the appropriate field and click OK.
4: N HAPTER ETWORK ETTINGS AND ERVICES To change any of these network service settings: Click the Setup tab, and then click Services. The Network Service Settings screen appears. Figure 13 Network Service Settings Make any necessary changes to the appropriate fields. Click OK.
Configuring Modem Access You can access the DSX via a modem. To set this up: Click the Setup tab, and then click Modem. The Modem Settings screen appears. Figure 14 Modem Settings Screen Click the checkbox labeled Enable Modem to enable modem access. Type the IP addresses of the Point-to-Point (PPP) server in the PPP Server IP field.
4: N HAPTER ETWORK ETTINGS AND ERVICES Add a New Static Route To add a new Static Route: 1. Click the Setup tab, and then click Static Routes. The Static Routes screen appears. It consists of an Enable IP Forwarding panel and a Static Routes List. 2.
Delete a Static Route To delete a static route: Click the Setup tab, and then click Static Routes. The Static Routes screen appears. It consists of an Enable IP Forwarding panel and a Static Routes List. Go the Static Routes List and click the checkbox next to the route you want to delete. Click Delete.
5: U HAPTER ROFILES AND ROUPS Chapter 5: User Profiles and Groups This chapter explains how to create and manage user profiles and user groups. Managing User Profiles User profiles serve two purposes: • To provide users with a username and password to log into the DSX •...
Click Add New User. The New User screen appears. Type a login name in the Username field. This is the name the user enters to log into the DSX. This field is required. • You can enter any number of characters up to a maximum of 255. •...
5: U HAPTER ROFILES AND ROUPS Tip: If the user group you want has not yet been created, you can create it and then return to the user profile and select it. For now, keep the default. Decide whether or not to activate this profile immediately. By default, the Active checkbox is selected.
Display a List of User Groups To display a list of existing user groups, click the User Management tab, and then click User Group List. The Group List screen appears (Figure 20). The Group List screen shows every user group created to date, and for each one gives the group’s name and class.
5: U HAPTER ROFILES AND ROUPS • Observer Users associated with the Observer class have read-only access to the console window, and cannot change any system configuration parameters except their own password. Select the ports that the users associated with this group are permitted to access. You can select all ports, or you can select any combination of individual ports.
6: R HAPTER EMOTE UTHENTICATION Chapter 6: Remote Authentication This chapter explains how to configure RADIUS, LDAP, and TACACS+ authentication. Tip: If you are setting up remote authentication, it is a good idea to still keep local authentication enabled. When an authentication request reaches the DSX, it looks to authenticate the user remotely first, and then looks to authenticate the user locally.
Configuring LDAP You can use the Lightweight Directory Access Protocol (LDAP) to authenticate DSX users instead of local authentication. To configure LDAP: Click the Setup tab, and then click Remote Authentication. The Remote Authentication screen appears. It contains an LDAP panel. In the LDAP panel, click the LDAP button to enable LDAP authentication.
6: R HAPTER EMOTE UTHENTICATION If you are using a modem to connect to the LDAP server, type a dialback string in the Dialback Query String field. If you have a backup LDAP server, enter the same information in the Secondary LDAP fields.
7: P HAPTER ONFIGURATION AND Chapter 7: Port Configuration and Port Access Application Port configuration allows Administrators to define the serial/console port settings in order to communicate with remote target devices. Note: You can access the Raritan Serial Console (RSC) from the Port screen. See the Raritan Serial Console section of this chapter for RSC information.
Port Configuration To configure one or more ports: Click the Setup tab, and then click Port Configuration. The Port Configuration screen appears. Figure 26 Port Configuration Screen Select the port(s) you want to configure. You can select one port or several ports, so long as the port configurations are all the same.
7: P HAPTER ONFIGURATION AND The Edit Port screen appears. Make sure the port values match the target system’s serial port configuration for the first three values. • Select the Baud Rate from the Baud Rate drop-down menu. Note: The minimum baud rate supported for local port access is 9600. •...
Select the escape mode. The default is None. Change as follows: • Select Control from the drop-down menu in the Escape Mode field. • Type the Escape Character. The default for the Dominion SX is ] (closed bracket ). Select the terminal emulation type from the drop-down menu in the Emulation field. The choices are: •...
7: P HAPTER ONFIGURATION AND Anonymous Port Access Anonymous port access allows users to access DPA configured ports without entering a password. To enable the feature: 1. Click the Security tab, and then click Login Settings. The Login Settings screen appears (Figure 54).
Raritan Serial Client Requirements for Java The Raritan Serial Client (RSC) requires a PC of minimum 1.0 GHz CPU speed with 512 MB RAM. Java must be installed to access targets (managed devices) before you can use the RSC. Java Runtime Environment (JRE) The RSC will function with JRE version 1.4.2_05 or later (except for JRE version 1.5.0_02) .
7: P HAPTER ONFIGURATION AND ESCRIPTION ALUES YNTAX Sets the initial size -Xms<Size> in bytes of the Java heap. Sets the initial Java -Xmn<Size> in bytes heap size for the Eden generation. Sets the maximum -Xmx<Size> in bytes size to which the Java heap can grow.
Raritan Serial Client Interface Important: The Raritan Serial Client (Console) Screen usually window in back of the Port Screen. screen opens in front of the Port Screen. Minimize the Port Access screen to access the Raritan Serial Console screen. The RSC contains drop-down menus that provide the user with the ability to: •...
7: P HAPTER ONFIGURATION AND Emulator 1. Change the default user Idle Timeout setting before launching the RSC for the first time or it will timeout in 10 minutes and display a host termination message. See the Security section of the Dominion SX User Guide for changing the Idle Timeout setting.. 2.
Note: If the RSC Idletimeout expires, the Dominion SX Idletimeout period begins. Settings Note: Terminal emulation settings are set with the port by an Administrator using the Setup->Port Configuration menu. 1. On the Emulator menu, click Settings. The Settings screen displays the General tab with the default settings.
7: P HAPTER ONFIGURATION AND Display Settings 1. Return to the Emulator menu, select Settings and then click the Display tab. Figure 35 Display Settings Window 2. Click Default to accept the Default settings. Then click Ok to close the Display Settings window;...
6. Click on the GUI Font Properties tab and accept the default of Monospaced or choose a font from the GUI Font Properties scrolling list. Figure 36 Display Settings: GUI Font Properties 7. Choose the following from their drop-down menus: •...
Page 61
7: P HAPTER ONFIGURATION AND Get History History information can be useful when debugging, troubleshooting, or administering a target device. The Get History feature: • Allows you to view the recent history of console sessions by displaying the console messages to and from the target device. •...
Connected Users The Connected Users command allows you to view a list of other users who are currently connected on the same port. 1. Click Connected Users to view the connected users on the Emulator menu. Figure 37 Connected Users Window A check mark appears in the Write Access column after the name of the User who has Write Access to the console.
7: P HAPTER ONFIGURATION AND Edit Use the Copy, Paste, and Select All text commands to relocate and/or re-use important text. Figure 38 Edit Commands - Copy, Paste, and Select All Text Copy and Paste All Text: 1. Click Select All on the Edit menu. 2.
7: P HAPTER ONFIGURATION AND Start Logging The Start Logging function allows you to collect raw console data from the target device and save it to a file in your computer. When you start the RSC, the Logging indicator on the status bar indicates whether logging is on or off.
Send Keystroke 1. On the Tools menu, click Send Keystroke. A Send Keystroke screen appears: 2. Enter the keystroke combinations that you want and select a Key Code name from the drop- down menu. 3. Send the keystroke combinations. Send Text File 1.
7: P HAPTER ONFIGURATION AND To use Chat: 1. Click Chat on the Chat menu. Figure 42 SecureChat Command and User Chat Window 2. Type a message in the Message text field. 3. Click Send or press ENTER to send the message. 4.
To Access ‘About’ Information: 1. Click About Raritan Serial Console on the Help menu. An About Raritan Serial Console message appears on top of the Raritan Serial Console drop-down menu: Figure Sample of the About Raritan Serial Console Window 2. Click OK to close the About Raritan Serial Console window. Standalone Raritan Serial Console Installation Note: You can download the Standalone Raritan Serial Client from the Raritan support Web site:...
7: P HAPTER ONFIGURATION AND • Ensure that Java can be started from the command line. To do this, environment variables must be configured. Make a note of the exact path where Java was installed. (The path information will be used later.) Setting Windows OS Variables Open the Start menu, and then open the Control Panel and choose System.
Click OK. Figure Select the PATH variable and click Edit. Add %JAVA_HOME%\bin to the end of the current Variable value. Ensure a semicolon (;) separates the new value from the last value in the string. Windows OS: New System Variable SX U OMINION UIDE...
7: P HAPTER ONFIGURATION AND Click OK. Figure Select the CLASSPATH variable and click Edit. Ensure the CLASSPATH Variable value is configured properly; that is, its value must have a period(.) in it. If, for any reason, there is no CLASSPATH variable defined, create one. Figure CCESS PPLICATION...
Setting Linux OS Variables If you want to set Java for this user only, open and edit .profile file located in the /home/Username folder. If you want to set Java for all users, open .profile file in your /etc folder Find the line where you set your PATH Example: export PATH=$PATH:/home/username/somefolder Before that line you must set your JAVA_HOME and then modify your PATH to include it.
7: P HAPTER ONFIGURATION AND Installing Standalone RSC for Windows You must have administrative privileges to install RSC. Log on to a Windows machine. Download, or copy from a known location, the RSC-installer.jar installation file. Double-click on the executable file to start the installer program. The splash screen appears. Click Next.
Click Next. The Windows shortcut screen appears. Figure 50 RSC Windows Shortcut Screen Specify the desired Program Group for the Shortcut. Click Next. The installation finished screen appears. Click Done. Launching RSC on Windows Systems Double-click on the shortcut or use Start Programs to launch the standalone RSC. The Raritan Serial Console Login connection properties window appears.
7: P HAPTER ONFIGURATION AND Enter the Dominion SX IP address, account information, and the desired target (port). Click Start. The RSC opens with a connection to the port. Figure 52 Standalone RSC Connected to Port Window Note: In case of unrecognized characters or blurry screens that might appear in RSC window due to localization support, please try changing the font to Courier New.
The Set Installation Path screen appears. a) Select the directory where you want to install RSC and click Next. b) Click Browse to navigate to a non-default directory. c) Click Next when the installation is complete. d) Click Next again. The installation is complete. The final screen indicates where you will find an uninstaller program, and allows the option of generating an automatic installation script.
8: S HAPTER ECURITY Chapter 8: Security There are a number of elements to consider when addressing security for console servers. The following are some of the Security aspects: • Encrypting the data traffic sent between the operator console and the DSX unit. •...
Login Settings Click Login Settings on the Security Settings screen to access the Login Settings screen, which contains the Local Authentication, Login Handling, and Strong Password Settings panels.. Local Authentication Go to the Local Authentication panel and click the Enable Local Authentication checkbox. The system displays these defaults in the following fields: •...
8: S HAPTER ECURITY Strong Password Settings To enable strong passwords, go to the Strong Password panel and select the requirements for a strong password. This includes maximum and minimum length and special character requirements. Configure Kerberos Click Enable Kerberos. Type the name of the file you want for your Hosts File in the Hosts File field or click on the Browse drop-down menu and select your file.
Generate a Certificate Signing Request To generate a Certificate Signing Request (CSR): Click the Security tab, and then click Certificate. The Certificate screen appears. Figure 56 Certificate Signing Request Click the checkbox labeled Generate a Certificate Signing Request. Click on the drop-down menu in the Bits field. Keep the 1024 default or change it to 512. Type the following in the corresponding fields: •...
8: S HAPTER ECURITY Install a User Key To install a user key on the DSX: Click the Security tab, and then click Certificate. The Certificate screen appears. Click the checkbox labeled Install User Key. Type the following information in the corresponding fields: •...
Click the checkbox labeled Install User Certificate. Type the following information in the corresponding fields: • The IP address of the host with the certificate • A login and password on the host • The path and name of the file containing the certificate Click OK.
Enabling Client Certificate Authentication: To enable Client Certificate Authentication: Click Enable SSL Client Certification. 2. Click OK to enable the Client Certificate authentication. Installing a New Trusted To install a new trusted Certificate Authority (CA) to the DSX, the CA certificate must be on an accessible FTP server.
8: S HAPTER ECURITY Viewing a Certificate Revocation List To view a CRL: 1. Click View Certificate Revocation List. 2. Click OK to retrieve the list of CRLs. Banner Dominion SX optionally supports a customizable (maximum 5000 words, 8 words per row) welcome banner that is displayed after login.
Security Profiles The DSX provides three security profiles that you can use. They simplify the assigning of permissions to users and groups by defining basic permissions that automatically apply to all users. About Security Profiles The three security profiles are: Standard ─...
8: S HAPTER ECURITY Click the Edit Custom Profile link. The Edit Custom Security Profile screen appears. Figure 62 Edit Custom Security Profile Screen Check one or all of the following fields. • Telnet Access • Strong Password Required • Single Login Per User •...
Firewall The DSX provides a firewall function to provide protection for the IP network and to control access between the internal router and the LAN 1, LAN 2 and the dial modem interfaces. Enable the Firewall To enable the firewall: Click the Security tab, and then click Firewall.
9: L HAPTER OGGING Chapter 9: Logging This chapter explains how to enable and configure the various DSX logs. Configuring Local Event Logging To configure the local log settings, click the Setup tab, and then click Log. The Log Settings screen appears.
Click OK. Enable Port Logging You need to configure port logging after you have enabled NFS logging (see “Configuring NFS Logging” below). This feature enables port data to be logged to a Network File System (NFS) server. This allows you to save and access the log files over a network. NFS supports file sharing, which means you can store the files on the network that you want other people to access, while keeping your secure files on the DSX unit.
9: L HAPTER OGGING Mon Nov 06-2006 13:46:20 -------- admin connected to port-------- Mon Nov 06-2006 13:46:21 -------- admin got write access -------- Password: Authentication failure. Username: admin Password: Authentication successful. ---------------------------------------------------------------------- Welcome to the DominionSX. UnitName:sx181 FirmwareVersion:3.0.1.5.1 IP Address:192.168.51.181 Port Port Port Port Name...
Configure Input Port Logging To enable input port logging: Go to the Input Port Logging panel and click the Enable Input Port Logging checkbox. (To turn this feature off, clear this checkbox.) Figure 68 Input Port Logging Panel Type a directory for input in the In Directory field. Click OK.
9: L HAPTER OGGING Configuring SMTP Logging To configure SMTP logging, click the Setup tab, and then click Events. The SMTP Logging screen appears. This screen contains and SMTP Settings panel and a New SMTP Event panel. Enable SMTP Logging To enable SMTP logging: Go to the SMTP Settings panel and click the Enable SMTP Server checkbox to enable SMTP logging.
9: L HAPTER OGGING Note: The NFS server must have the exported directory with write permission for the port logging to work. To configure NFS Logging: Click the Setup tab, and then click NFS. The NFS Settings screen appears. Click the Enable NFS checkbox to enable NFS logging. Type the IP address of the NFS server in the Primary IP field, and then enter the path to the log file in the Primary Directory field.
Configuring SNMP Logging The DSX supports Simple Network Management Protocol (SNMP) traps and logging. Enable SNMP Logging To enable SNMP logging: Click the Setup tab, and then click SNMP. The SNMP screen appears. Go to the SNMP Setting panel and click the Enable SNMP checkbox to enable the SNMP feature.
10: M HAPTER AINTENANCE Chapter 10: Maintenance The Dominion SX maintenance features presented in this chapter allow the administrator perform the following tasks: • Manage event logs. • View configuration report. • Backup and restore the SX unit settings. • Upgrade firmware and track upgrade history.
Send the Event Log To send the contents of the event log to a remote FTP server: Click the Maintenance tab, and then click Send Event Log. The Send Event Log screen appears. Enter the IP address of the FTP server in the IP address field. Enter a login name and password on the FTP server in the Login and Password fields.
10: M HAPTER AINTENANCE Backing Up and Restoring the DSX When you back up the DSX, the system makes a copy of the DSX configuration (without network settings) and writes the copy to an FTP server. The file can be recovered using a Restore operation, if necessary.
Restoring the DSX Restoring the DSX retrieves a copy of the DSX configuration from the FTP server where it has been backed up and writes the file to the DSX. To perform a restore operation Click the Maintenance tab, and then click Restore. The Restore screen appears. In the IP Address field, type the IP address of the source FTP server system from which the restore data will be retrieved.
10: M HAPTER AINTENANCE Display the Current Firmware Version To display the current version of firmware running on a DSX unit, click the Maintenance tab, and then click Firmware Version. The Firmware Version screen appears. This screen shows the firmware version, RSC, kernel, and PMON. Upgrade the Firmware Before you perform a firmware upgrade, you must: Download the upgrades file(s), which are in WinZip format onto a folder on the local FTP...
To perform the upgrade: Click the Maintenance tab, and then click Firmware Upgrade. The Firmware Upgrade screen appears. Figure 80 Firmware Upgrade Screen Type the IP Address of the FTP server in the IP Address field. Type your login name in the Login field. Type your password in the Password field.
10: M HAPTER AINTENANCE Performing a Factory Reset on the DSX Performing a factory Reset returns the DSX unit to its default factory settings. Be very careful when doing this, because it will erase all the data and settings on the DSX unit and return it to the state in which it was originally shipped.
11: D HAPTER IAGNOSTICS Chapter 11: Diagnostics The Diagnostics function provides the administrator with the tools to test the network and monitor processes. Select the Diagnostics tab to display the Diagnostics screen. It provides links to Network Infrastructure Tools and Administrator Tools. Network Infrastructure Tools Network infrastructure tools allow you to view the status of the active network interfaces and important network statistics.
Network Statistics Click Network Statistics on the Diagnostics screen. The system displays network statistics. By default, all statistics are shown. To show specific statistics, select an entry from the drop- down menu in the Options field. Your choices are: o Route o Interfaces o Groups o Statistics...
11: D HAPTER IAGNOSTICS Ping Host Click Ping Host on the Diagnostics screen. The Ping Host screen appears. Type the IP address of the host to be pinged in the IP Address field. Click Ping. The screen displays the results of the ping. Trace Route to Host Click Trace Route to Host on the Diagnostics screen.
Administrator Tools ─ Process Status Click Process Status in the Diagnostics Screen. The screen displays the results of your request. Click Refresh to update the information. Figure 87 Process Status SX U OMINION UIDE...
12: C HAPTER OMMAND NTERFACE Chapter 12: Command Line Interface Command Line Interface Overview The Dominion SX Serial Console supports all serial devices such as: • Servers, including Windows Server 2003 when using the Emergency Management Console (EMS-) Special Administration Console, or SAC with BIOS redirection in the server BIOS.
The following common commands can be used from all levels of the CLI to the preceding figure: top, history, logout, quit, show, and help. Accessing the Dominion SX Using CLI Access the Dominion SX by using one of the following methods: •...
12: C HAPTER OMMAND NTERFACE Telnet Connection to the Dominion SX Due to the lack of security, username, password and all traffic is in clear-text on the wire, Telnet access is disabled by default. Enabling Telnet If you wish to use Telnet to access the DSX, first access the DSX from the CLI or a browser. 1.
Local Port Connection to the Dominion SX The local port of the Dominion SX must be connected to the COM port of a computer system, a terminal, or some other serial capable device using a null modem cable with DB-9F null on both ends.
12: C HAPTER OMMAND NTERFACE The welcome message displays. You are now logged in as an Administrator. login as: admin Password: Authentication successful ----------------------------------------------------------------- Welcome to the DominionSX UnitName:DominionSX IP Address:192.168.51.194 ----------------------------------------------------------------- Port Port Name - Port1 [U] - Port3 [U] Current Time: Wed Sep 20 16:17:15 2006 admin >...
Navigation of the CLI Before using the CLI, it is important to understand CLI navigation and syntax; additionally, there are combinations of keystrokes that simplify CLI use. Completion of Command The CLI supports the completion of partially entered commands. After entering the first few characters of an entry, hit the Tab key;...
12: C HAPTER OMMAND NTERFACE Common Commands for all Command Line Interface Levels Table 3 lists the commands that are available at all CLI levels. These commands also help navigate through the CLI. Table 3 Commands Common to All CLI Levels OMMANDS ESCRIPTION Return to the top level of the CLI hierarchy, or the “username”...
Once the preceding parameters are set, the following areas can be configured from either the local console port or over the network: • service • security • users • serial ports Setting Parameters To set parameters the user must be logged in with administrative privileges. At the top level the user will see the “Username”...
12: C HAPTER OMMAND NTERFACE CLI Prompts The Command Line Interface prompt indicates the current command level. The root portion of the prompt is the login name; admin is the root portion in the following command: admin > Config > Port > CLI Commands Table 4 lists and describes all available CLI commands.
Switch to the security menu. security sendeventlog Sends the local event log to a remote FTP server. Show configuration options. show tacacsplus Switch to the TACACS+ Configuration Menu. Enable telnet communication and specify the port. telnet Return to the root menu. Print the route to a remote system traceroute upgrade...
12: C HAPTER OMMAND NTERFACE Configuring Logging and Alerts As part of the security capabilities of the Dominion SX, facilities are provided to log data and to provide alerts based on activities between the users, Dominion SX and the target device. These facilities provide an audit trail allowing the authority responsible to review what has happened in the system and determine who implemented what action and when.
Set Escape Sequence To set the Escape sequence, ensure that the default Escape sequence set on the Dominion SX server does not conflict with a key sequence required by either the Access Client or the host operating system. The Escape key sequence is user-configurable. Console sub-mode should be displayed when the default escape key sequence ^] (programmable) is pressed.
12: C HAPTER OMMAND NTERFACE • Idle time out for inactive users • User defined certificates • Security profiles. Table 5 Configuration: Authentication Commands: ldap Command Description ldaps getservercert removecert viewcert primaryldap secondaryldap radius primaryradius secondaryradius tacacsplus primarytacacs secondarytacacs Note: When configuring the LDAP server, the query string format on the server should contain the name of a group configured on the SX.
ldaps Switches to the ldaps menu which includes the following commands: getservercert – FTP Retrieval of ldap certificate removecert – Remove LDAPS Certificate viewcert – View LDAPS Certificate Used to configure the primary ldap settings. primaryldap Used to configure the secondary ldap settings. secondaryldap LDAP Command Example admin >...
12: C HAPTER OMMAND NTERFACE Events Menu Command Examples admin > Config > events admin > Config > events > add admin > Config > events > smtp Configuring Log Configuration log command provides the administrator with the following commands to manage the logging features of the Dominion SX server: •...
eventsyslog [enable <true|false>] [] [secondary ip <ip>] The eventsyslog command options are described in Table 9. OMMAND PTION ESCRIPTION Enable or disable the system event log logging. enable <true|false> Primary FTP server address primary ip <ip> Secondary FTP server address secondary ip <ip>...
12: C HAPTER OMMAND NTERFACE Note: aes128 is not supported in 3.0. Command Example admin > Config > Log > nfssetkey type aes128 key D2F05B5ED6144138CAB920CD NFS Encryption Enable Command Enable port logging and encryption of data: admin > Config > Log > portlog enable true encrypt true Portlog Command The portlog command enables and configures the logging of port data.
12: C HAPTER OMMAND NTERFACE Vieweventlog Command The vieweventlog command displays the local log file. The syntax of the vieweventlog command is: vieweventfile Vieweventlog Command Example admin > Config > Log > vieweventlog Configuring Modem The modem menu provides access to commands used to configure modem access. Callback (dialback) occurs when the originator of a call is immediately called back in a second call as a response to the first dialin.
Page 130
Group :Admin Active : 1 Dialin and Dialback should be enabled on the device used for modem communication. When this configuration is set, the modem connection could be established. The user may use various types of modem dial-up clients to accomplish a successful modem connection to the SX device.
12: C HAPTER OMMAND NTERFACE The Remote LDAP Server user’s configuration should be: Dialback with remote TACACS user. (Tacacs+ v.4.0.3a) Dialin and Dialback should be enabled on the device used for modem communication. Primary (or/and Secondary) Tacacs Server Settings should be configured correctly and enabled on the SX device: Primary Server Enabled - true...
Interface Command The interface command is used to configure the Dominion SX network interface. When the command is accepted, the unit will automatically reboot and drop the connection. You must then reconnect using the new IP address and the username admin and password newp/w entered in the resetting factory default password section.
12: C HAPTER OMMAND NTERFACE OMMAND PTION name Command Example The following command sets the network name: admin > Config > Network > name Ports Command The ports command is used to configure the network ports. The syntax of the ports is: ports <>...
OMMAND PTION Routeadd Command Example The following command adds a route to the route table: admin > Config > Network > routeadd Routedelete Command The routedelete command is used to remove a route from the kernel routing table. The syntax of the routedelete is: routedelete <>...
12: C HAPTER OMMAND NTERFACE Command Example The following command displays the current NFS settings: admin > Config > NFS > nfs NFS Settings : Enable : 0 Primary IP : 0.0.0.0 Pimary Directory: Secondary IP : 0.0.0.0 Secondary Directory: Use the following command to enable remote NFS logging and configure the NFS Server: admin >...
Page 136
Port flowcontrol type flowcontrol <none|hw|sw> hw = hardware flow control sw =X on / X off) Enable/Disable detection of port connection detect <true|false> Use Ctrl-key (escapemode=control) or single key escapemode (escapemode=none) as escape sequence; for example, <none|control> Ctrl-] => escapemode=control, escapechar=] Escape character.
12: C HAPTER OMMAND NTERFACE 1. The following example configures DPA port settings when the Administrator chooses DPA mode TCPPort. The Administrator needs to set the SSH or Telnet port value assigned for direct port access: admin > Config > Port > config port 1 ssh 7700 telnet 8800 Port 1: Configuration Saved changes will...
Command Example admin > ports > keywordadd Configuring Services The following commands provide the ability to configure the Dominion SX server services: • • Encryption • HTTP • HTTPS • Logout • • • Telnet dpa Command The permitted TCP Port Range is 1024-65535. When run without the mode parameter, the system displays the current dpa type.
Page 139
12: C HAPTER OMMAND NTERFACE ssh/telnet. port_range A block of contiguous IP addresses. base_dpaip Sstarting value for the block of contiguous IP addresses. IP address If IP Address = 0.0.0.0 is specified for a port, then the IP access is disabled for that particular port.
admin > Config > User > editgroup name Anonymous class op ports 1,2,3,4,5 Editing group... Group Anonymous: Configuration Saved The 'Anonymous' group is successfully configured. DPA Anonymous access: The DPA is already configured. (See the DPA configuration settings section.) DPA Mode is IP, IP 10.0.13.240 is assigned to port 1. When accessing the serial port with Anonymous port access, the user name should be “Anonymous”...
12: C HAPTER OMMAND NTERFACE The syntax of the http command is: http [enable <true|false>] [port value] [redirect <true|false>] The http command options are described in Table 29. OMMAND PTION enable <true|false> port value redirect <true|false> HTTP Command Example The example below enables http access and redirection to https, and sets the default port to 2. admin >...
HTTPS Command The https command is used to control https access and define the port. The syntax of the https command is: https [enable <true|false>] [port value] The https command options are described in the following table. OMMAND PTION enable <true|false> port value HTTPS Command Example admin >...
12: C HAPTER OMMAND NTERFACE SSH Command The syntax of the ssh command is: ssh [enable <true|false>] [port value] The ssh command options are described in Table 31. OMMAND PTION ESCRIPTION Enable or disable SSH access. enable <true|false> SSH server tcp listen port port value SSH Command Example: admin >...
The syntax of the add command is: add [dest ipaddress] [port value] The add command options are described in Table 33. OMMAND PTION ESCRIPTION SNMP destination IP address dest ipaddress SNMP destination port port value SNMP Add Command Example admin > Config > SNMP > add 72.236.162.33 78 SNMP Delete Command The SNMP delete command deletes trap recipients.
12: C HAPTER OMMAND NTERFACE • clock • • timezonelist Clock Command The clock command lets the administrator set the time and date for the server. The syntax of the clock command is: clock [tz tz] [datetime datetime] [timezonelist] The clock command options are described in Table 36. OMMAND PTION ESCRIPTION...
The syntax of the command is: timezonelist Configuring Users The following commands provided the administrators with the ability to manager users: • addgroup • adduser • deletegroup • deleteuser • editgroup • edituser • groups • users Addgroup Command The addgroup command creates a group with common permissions. The syntax of the addgroup command is: addgroup [name groupname] [class <op|ob>] [ports <number|range|*>] The addgroup command options are described in Table 38.
12: C HAPTER OMMAND NTERFACE password Miscellaneous user information info user- information Activate/Deactivate user account active <true|false> Adduser Command Example The following example shows how to add a user. admin > Config > User > adduser user jjones fullname John-Jones group unix dialback 12146908003 password 123abc info AP-Systems active true Deletegroup Command...
OMMAND PTION Group name name groupname Group user class <op>erator or <ob>server class <op|ob> Port(s) assigned to the group. Single port or range of ports (1-n ports <number|range|*> or 1,3,4 or * for all ports) Command Example admin > Config > User > editgroup name unixgroup class op ports 1,4 Edituser Command The edituser command is used to manage information about a specified user.
12: C HAPTER OMMAND NTERFACE Users Command The users command shows the details of existing users. The syntax of the users command is: users Users Command Example admin > Config > User > users Connect Commands The connect commands provide a means to access ports and their history.. OMMAND ESCRIPTION Connect to a port.
• Only users belonging to the Administrator group are able to configure the support of IPMI. The supported IPMI version 2.0. The ipmidiscover tool syntax is: ipmidiscover [OPTIONS] startIP endIP All discovered targets supporting IPMI version 2.0 will be listed, allowing the user to select one and execute the IPMI operations.
Page 151
12: C HAPTER OMMAND NTERFACE Increase verbose output level. This option may be specified multiple times to increase the level of debug output. If given three times you will get hexdumps of all incoming and outgoing packets. Display version information. Selects IPMI interface to use.
Page 152
raw – Send a RAW IPMI request and print response <command> i2c – Send an I2C Master Write-Read command and print response lan – Configure LAN Channels chassis – Get chassis status and set power state power – Shortcut to chassis power commands event –...
12: C HAPTER OMMAND NTERFACE Listports Command Command Description List accessible ports. listports admin > listports Port Port Name - Port1 [U] - Port3 [U] Port names up to 23 characters are displayed. Longer portnames are truncated to 22 characters, with a $ sign at the end The letter after the port name describes the state of each port.
OMMAND PTION ESCRIPTION IP address of the target system where the backup will be written. [ip IP] Username of the account on the system where the backup will be <login LOGIN> stored. Password of the account on the system where the backup will be <passwd PASSWD>...
12: C HAPTER OMMAND NTERFACE Gateway : 192.168.0.192 Failover : true Do you wish to commit these settings (no/yes) (default: no) Firmware Command The firmware command provides the versions of the firmware. The syntax of the firmware command is: firmware Firmware Command Example admin >...
Do you want to proceed with the reboot? (no/yes) (default: no) Restore Command The restore command retrieves a copy of the Dominion SX system from a system and writes the file to the Dominion SX server. The syntax of the restore command is: restore [ip IP] <login LOGIN>...
12: C HAPTER OMMAND NTERFACE Sendeventlog Command Example admin > Config > Log > sendeventlog 72.236.162.187 login acy password pasraritansword path sxlogfile file log 32 Upgrade Command Note: in order to perform an upgrade, there should be a configured remote ftp server. The upgrade command upgrades one version of the system to another version, for example v2.5 to v3.0.
The vieweventlog command displays the local log file. The syntax of the vieweventlog command is: vieweventfile Vieweventlog Command Example admin > Config > Log > vieweventlog Security Commands Dominion SX controls the ability to hack into the system by using random logins. The following security command menus provide access to the commands needed to configure the Dominion SX security features: •...
12: C HAPTER OMMAND NTERFACE password password FTP Server password path pathname banner.txt. for example,/ftphome/banner.txt Command Example admin > Security > Banner> ftpgetbanner ip 72.236.162.171 login raritan password acy path /ftphome/banner.txt Certificate Command Menu The certificate command menu provides the client and server commands to create and manage security certificates.
Server Command Example admin > Security > certificate > server Firewall Command The firewall command provides control for the turning on or off the firewall. The syntax of the firewall command is: firewall [enable <true|false>] The firewall command options are described in the following table. OMMAND PTION ESCRIPTION...
Page 161
12: C HAPTER OMMAND NTERFACE Load a match extension module. -m state The protocol of the traffic. Source address Save the IP Tables. -save --state NEW <enter rule to trigger here> -t filter iptables Command Examples Iptables can be configured in a plethora of ways that is outside the scope of this document. The examples below show some simple configuration options created with iptables.
To view the current iptables ruleset admin > Security >firewall >iptables –list Clear the iptables rules To clear the iptables rules. admin > Security >firewall >iptables --flush Save the configured settings To save the iptables rules into the local database. admin >...
12: C HAPTER OMMAND NTERFACE • The above 3 machines should be pingable by FQDN. Get the hosts file using gethostnamefile from the Kerberos menu. • Use klist to check the ticket expiration. Most of the kadmin error messages are associated with ticket expiration •...
idletimeout [number value] time idletimeout Command Example admin > Security > LoginSettings > idletimeout time 99 Inactiveloginexpiry Command The inactiveloginexpiry command sets the number of days before an account will expire due to inactivity. The syntax of the inactiveloginexpiry command is: inactiveloginexpiry [days value] The inactiveloginexpiry command options are described in Table 63.
12: C HAPTER OMMAND NTERFACE The lockoutperiod command options are described in Table 65. OMMAND PTION ESCRIPTION time time Period of time (in minutes) for which the user cannot login after account deactivation. Command Example admin > Security > LoginSettings > lockoutperiod time 120 Singleloginperuser Command The singleloginperuser command enables or disables multiple logins per user..
Table 67 Strongpassword Command OMMAND PTION StrongPasswordRulesEnable true/false PWUppercaseRequired PWLowercaseRequired PWNumberRequired PWSymbolRequired PasswordValidityPeriod PasswordHistoryDepth MinPasswordLength MaxPasswordLength Strongpassword Command Example The following example sets the Strong Password rules in effect: • Uppercase is required. • Lowercase is not required. • Numbers are required. •...
12: C HAPTER OMMAND NTERFACE Securityprofiles Commands The securityprofiles command menu provides access to the commands used to configure and control security profiles. The securityprofiles commands are listed in the table below. OMMAND ESCRIPTION profiledata View or modify a Security Profile. securityprofiles Enable and select a Security Profile.
13: I HAPTER NTELLIGENT LATFORM ANAGEMENT Chapter 13: Intelligent Platform Management Interface The Intelligent Platform Management Interface (IPMI lets you manage the IPMI functions of a remote system. The following topics are covered in this chapter: • Discover IPMI Devices •...
IPMI Configuration IPMI configuration lets you manage the IPMI functions of a remote system. These functions include printing FRU information, LAN configuration, sensor readings, and remote chassis power control. Click on the IPMI Configuration section of the IPMI screen to get IPMI configuration information.
Page 171
13: I HAPTER NTELLIGENT LATFORM ANAGEMENT Interfaces: open Linux OpenIPMI Interface [default] Intel IMB Interface IPMI v1.5 LAN Interface Commands: Send a RAW IPMI request and print response Send an I2C Master Write-Read command and print response Configure LAN Channels chassis Get chassis status and set power state power...
14: P HAPTER OWER ONTROL Chapter 14: Power Control Power Control lets you manage the power functions. The following topics are covered in this chapter: • Power Control • Associations Power Control • Power Strip Power Control • Power Strip Status Port Power Associations You can associate one or more outlets on a powerstrip connected to the DSX to specific DSX ports.
locked from any control. Note: Power control is not supported on the last port of the DSX unit. The last port of the unit can be used for non-power control device. Delete a Port Power Association To delete a port power association: Click the Setup tab, and then click Port Power Association List.
14: P HAPTER OWER ONTROL Power Association Groups To create a power associations group: Click the Setup tab, and then click Power Association Groups List. 16. Click Add. The Power Association Groups screen appears. Figure 95 Power Association Group Screen 17.
Associations Power Control Click Associations Power Control on the Power Control menu to access the tool to manage power control associations. Figure 97 Associations Power Control Note: When executing power on/off operation, about ~5 seconds are added to the configured sequential interval, resulting in an operational delay time (minimum amount of time to operate).
14: P HAPTER OWER ONTROL Power Strip Power Control Click Power Strip Power Control on the Power Control menu to access the tool to manage power strips. Figure 98 Power Strip Power Control...
Power Strip Status Click Power Strip Status on the Power Control menu to check power strip status. CLI Command for Power Control CLI Port Power Association Description: Power Control menu – Associate a power strip outlet to a DSX port Scenario #1 Port Power Association –...
Page 179
14: P HAPTER OWER ONTROL Scenario #3 Port Power Association – Associate 6 Outlets to one port spread across two PDUs. Pre-condition Administrator user is logged in via CLI. Two Power Strip devices (DPX) are physically connected and configured to the DSX, respectively named PowerStr1 and PowerStr2. User is in power menu.
Pre-condition Administrator user is logged in via CLI. 6 Power Strip devices (DPX) are physically connected and configured to DSX. User is in power menu. Action Enter Command to associate Port1 to Outlet1 of PowerStr1. Press Enter. Repeat steps 1 and 2 to associate Port1 with Outlet1 from each of the other PDUs.
14: P HAPTER OWER ONTROL Administrator is in power menu. Action Enter command. Press Enter. CLI Input setpowerport name PowerStr1 type DPCS12 port 1 Scenario #3 Power Strip Configuration after factory reset Pre-condition Power strip device (DPX) named PowerStr1 is physically connected to Port1 of DSX.
Scenario #5 Delete Power Group Pre-condition Administrator user is logged in via CLI. Power strip device (DPX) named PowerStr1 is physically connected to Port1 of DSX. Administrator is in Power Action Enter Command. Press Enter. CLI Input Command: deletepowergroup name “Test Group” CLI Power Strip Power Control Description: Power Control Menu Scenario #1...
14: P HAPTER OWER ONTROL Power Strip device (DPX) named PowerStr1 is physically connected to Port1 of DSX. Administrator is in power menu. Action Enter command to set sequence interval. Press Enter. Enter command to switch off group of outlets. Press Enter.
Scenario #2 Association Power Control – Recycle Port Association (Target is associated to Two Outlets from one Power Strip) Pre-condition Administrator user is logged in via CLI. Power Strip device (DPX) named PowerStr1 is physically connected to Port1 of DSX. Port Power Association named Target2 is already created and available in the list.
Page 185
14: P HAPTER OWER ONTROL Target1 Target2 PowrStr1 Scenario #1 Turn ON Group Association Pre-condition Administrator user is logged in via CLI. Administrator is in power menu. Group Association named Group1 (shown in Fg.1) is already created. Action Enter Command. Press Enter.
⋅ CLI Input powerdelay sequence 2 cycle 5 ⋅ cycle nodegroup Group1 Scenario #6 Recycle Group Association (outlets in association are with different statuses) Pre-condition Administrator user is logged in via CLI. Administrator is in power menu. Group Association named Group1 (shown in Fg.1) is already created. Outlets in Group1 are with different statuses.
Page 187
14: P HAPTER OWER ONTROL Scenario #1 Power Strip Status Pre-condition Administrator user is logged in via CLI. Power strip device (DPX) named PowerStr1 is physically connected to Port1 of DSX. Administrator is in Power menu. Action Enter Command. Press Enter. CLI Input Command: powerstrip name PowerStr1 Result...
Page 188
Pre-condition Administrator user is logged in via CLI. Power strip device (DPX) named PowerStr1 is physically connected to Port1 of DSX. Group association named Group1 is created. Outlet1 and Outlet2 are with status “ON”. Administrator is in Power menu. Action Check the current status of outlets –...
15: P HAPTER OWER ONTROL Chapter 15: Top-10 Use Cases This chapter includes 10 of the mostly common cases to help familiarize users quickly with practical operation on DSX unit. Please note that data entered in the case are created as examples, and could vary upon different situations.
RSC). The icon on status line will display Write Access (Lock) now, meaning now all users can only view the port connection. 6. Log in the device connected to the port, and try interacting with the device using the RSC panel.
15: P HAPTER OWER ONTROL Select Maintenance Factory Reset. You will be prompted to confirm your decision. Do not power off DSX unit as it reboots with default configuration. You will be re-directed to the login page after the unit is rebooted. If you try to log in for the first time after reset, you’ll be advised on the screen that you’re now in the factory default mode, and promoted for changing password after logging in with default username and password.
Case 10. CLI / SSH Connection to SX Port Purpose: To access SX unit itself and SX ports using text-based command lines. SSH access from a Windows PC Launch the SSH client software (such as Plink or PuTTY). Enter IP address of DSX server (e.g. 192.168.0.192) and the TCP port if applicable. Select SSH (using default configuration port 22), and click the Open button.
A: S PPENDIX PECIFICATIONS Appendix A: Specifications This appendix contains sections describing: • DSX models and specifications • Requirements and tested browser requirements • DSX hardware for connecting DSX to common vendor models • DSX Serial RJ-45 pinouts • DB9 and DB25 Nulling Serial Adapter Pinouts •...
The following table lists the Dominion SX models, their dimensions, and weight. Table 72 Dominion SX Dimensions and Weight MODEL DIMENSIONS (W) x (D) x (H) DSX4 11.41"x 10.7"x 1.75"; 290x 270 x 44mm DSXB-4-M 11.41"x 10.7"x 1.75"; 290x 270 x 44mm DSXB-4-DC 11.41"x 10.7"x 1.75";...
A: S PPENDIX PECIFICATIONS Requirements The following table lists the requirements for the DSX. Table 73 Dominion SX Requirements EQUIREMENTS Power 110/220V auto-switching: 50-60 Hz or -36 to -72V DC for DC-powered models Operating Temperature 32° to 104° F (0° to 40° C) Operating Humidity 20% - 85% RH non-condensing Operating altitude...
A: S PPENDIX PECIFICATIONS Dominion SX Serial RJ-45 Pinouts To provide maximum port density and to enable simple UTP (Category 5) cabling, Dominion SX provides its serial connections via compact RJ-45 ports. However, no widely adopted industry- standard exists for sending serial data over RJ-45 connections. The following tables list the RJ-45 pinouts for the RJ-45 connector, which is on the back of the DSX.
DB9M Nulling Serial Adapter Pinouts Table 78 DB9M Nulling Serial Adapter Pinouts RJ-45 (F DB25F Nulling Serial Adapter Pinouts Table 79 DB25F Nulling Serial Adapter Pinouts RJ-45 (F DB25M Nulling Serial Adapter Pinouts Table 80 DB25M Nulling Serial Adapter Pinouts RJ-45 (F Dominion SX Terminal Ports All Dominion SX models, except the DSX16 and DSX32, have the same pinouts on the two...
A: S PPENDIX PECIFICATIONS serial port. The DSX16 and DSX32 models have only one external DB9M serial port (labeled TERMINAL). Both ports support a VT100 terminal or equivalent (PC running VT100 emulation software, for example, HyperTerminal, or Linux Minicom). Local port access must be enabled and set to the same speed as the managed device for it to work.
Dominion SX16 and SX32 Terminal Ports A modem should not be connected to the DSX16 and DSX32 terminal port because the Ring Indicator (RI) signal is not present. These models have a built-in modem that can be enabled or disabled. The modem is disabled by default. Table 83 Dominion SX16 and SX32 Terminal Port Pinouts DB9M PIN Here is some additional information about the Dominion SX16 and SX32 Terminal Ports:...
B: S PPENDIX YSTEM EFAULTS Appendix B: System Defaults This appendix contains the system defaults and directions for port access. Table 84 Dominion SX System Defaults IP Address Subnet Mask CSC Port Address (TCP) Port address for CC discovery (UDP) Factory default username Factory default password Direct Port Access (DPA)
Use the following information for initiating port access: INITIATE PORT ACCESS ORTS USING HTTP Ports 80, 443 and 5000 must be kept open in the firewall for the unit to operate. Port 5000 can be configured. HTTPS SSL(S) only TCP port 443 needs to be open; port 80 can be closed TCP port 22 needs to be open Telnet...
C: C PPENDIX ERTIFICATES Appendix C: Certificates This appendix contains sections describing Certificates and Certificate Authority and provides directions about how to: • Install Dominion SX CA Certificate to a Browser Certificate • Install SX Server Certificate for IE Browsers •...
Install the Dominion SX Server Certificate In Internet Explorer By installing the Dominion SX Server certificate in IE, you can prevent the Security Alert window from appearing whenever you access the Dominion SX Unit. This step will have to be performed for each SX unit that you wish to access.
C: C PPENDIX ERTIFICATES Remove an Accepted Certificate In Internet Explorer Removing a certificate that you have previously accepted from the unit is the same process whether removing a Raritan default certificate or a user-installed third-party certificate. Launch IE and on the Tools menu, click Internet Options. The Internet Options window appears.
Accept a Certificate (Session-Based) On initially connecting to a Dominion SX unit will be presented with a certificate warning screen. This certificate by default will be signed by the local SX unit's CA as described above and you will have to accept this certificate to continue. To eliminate the appearance of this window for this Dominion SX unit permanently, you must install the server certificate in your browser.
C: C PPENDIX ERTIFICATES Select the Web Sites tab and select the certificate name that is the common name of the IP address of the Dominion SX, and select the Delete button. Click OK on the “Delete Web Site Certificates” window to confirm the deletion of the certificate.
Installing a Third-Party Root Certificate to Netscape Navigator On the CA Web site, click on the root certificate link and the New Certificate Authority window will appear. Click Next, and Next in the following screen. The Certificate Fingerprint will appear, providing information about the CA and the root certificate you are downloading.
C: C PPENDIX ERTIFICATES Select the Install User Key radio button. Insert the ftp parameters to retrieve the CA Public key file. Click OK. The SX will show “User Key Installed” at top of pane. Select the Install User Certificate radio button. Fill in the ftp parameters to retrieve the CA signed Certificate.
D: S PPENDIX ERVER ONFIGURATION Appendix D: Server Configuration This appendix contains sections describing the steps to configure Dominion SX units and authentication servers for the following authentication protocols: • Microsoft Internet Authentication Service (IAS) RADIUS Server • Cisco Access Control Server (ACS) Radius Server •...
Create an IAS Policy The following section describes the steps to create a policy to allow Radius users to access the Dominion SX. The example in this section requires two conditions, the client source IP address of the Dominion SX and the UserID is a member of the SX User Group: •...
D: S PPENDIX ERVER ONFIGURATION 15. Move the new policy so it appears as the first (top) policy in the Policy List. Note: If required, create a policy to allow dialup access to all users that are members of a group (Windows may already have a default Policy in place to permit access by any user with Dial In enabled, so this new policy would be optional.
Page 214
11. To add new users and configure RADIUS (IETF) attributes, click User Setup in the left panel of the screen. 12. Type the user’s name and click Add/Edit. 13. To edit existing users, click User Setup in the left panel of the screen and click List All Users.
D: S PPENDIX ERVER ONFIGURATION TACACS+ Server Configuration The Dominion SX unit has the capability to use Terminal Access Controller Access-Control System Plus (TACACS+) for authentication services. The Dominion SX requires a new service to be added and two argument-value pairs to be returned by the server.
D: S PPENDIX ERVER ONFIGURATION 5. When adding or editing a user or group, the dominionsx service will appear under the heading TACACS+ Settings. The service can be enabled per user or per group by selecting the dominionsx and Custom Attributes check boxes. Add the attributes (user- type) and the appropriate values to the text box.
E: M PPENDIX ODEM ONFIGURATION Appendix E: Modem Configuration Client Dial-Up Networking Configuration Configuring Microsoft Windows Dial-Up Networking for use with Dominion SX allows configuration of a PC to reside on the same (Define?)PPP network as the Dominion SX. After the dial-up connection is established, connecting to a Dominion SX is achieved by pointing the web browser to the PPP Server IP.
The New Phonebook Entry window allows you to configure the details of this connection. Figure 104 New Phone Entry Display 3. Click on the Basic tab and complete the following fields: o Entry name: Name of the Dominion SX connection o Phone number: Phone number of the line attached to the Dominion SX unit o Dial using: Modem being used to connect to Dominion SX;...
E: M PPENDIX ODEM ONFIGURATION 6. Click OK to return to the main Dial screen. Figure 105 Dial-Up Security Display 7. Click Dial. See the Windows NT Users Guide if you receive any error message. Windows 2000 Dial-Up Networking Configuration 1.
4. Click the Dial-up to private network radio button and click Next. Figure 107 Network Connection Type 5. Select the check box before the modem that you want to use to connect to the Dominion SX unit and then click Next. 6.
E: M PPENDIX ODEM ONFIGURATION 8. Click Next. Connection Availability Screen appears. 1. Click on the Only for myself radio button in the Connection Availability screen. 2. Click Next. The Network Connection has been created 3. Type the name of the Dial-up connection. 4.
Windows XP Dial-Up Networking Configuration 1. Select Start → Programs → Accessories → Communications → New Connection Wizard. 2. Click Next and follow the steps in the New Connection Wizard to create custom dialup network profiles. 3. Click the Connect to the Internet radio button and click Next. Figure 111 Network Connection Type 4.
E: M PPENDIX ODEM ONFIGURATION 5. Click on the radio button before Connect using a dial-up modem and click Next. Figure 113 Internet Connection 6. Type a name to identify this particular connection in the ISP Name field and click Next. Figure 114 Connection Name...
7. Type the phone number of this connection in the Phone number field and click Next. 8. Type your ISP information; type the User name and Password in the appropriate fields, and retype the password to confirm it. 9. Click on the checkbox before the appropriate option below the fields and click Next. Figure 116 Internet Account Information 10.
ROBLEM Number of Users The unit has a security measure that allows only a specific number Exceeded of login pages to be authenticated at any given time. Should this number be reached when attempting to login to the unit, a pop-up window displays indicating that the maximum number of users is exceeded.
F: T PPENDIX ROUBLESHOOTING Login ROBLEM Login Failure To provide additional security, the unit login screen expires after three minutes. Therefore, all login attempts after this time period will fail. Reload the browser to reset this timer. Hold down the SHIFT key and click Reload in your browser. This will refresh the login screen from the unit itself (not from a local cache) and allow login to the unit.
Upgrade Table 90 Troubleshooting Upgrade ROBLEM FTP - Server Unreachable If FTP server specified in the upgrade panel is unreachable or incorrect, the upgrade process halts until a response is received from the FTP server or until a timeout occurs. Wait and allow the FTP Server Unreachable message to appear.
F: T PPENDIX ROUBLESHOOTING Figure 118 Firmware Upgrade – Connection Fail Figure 119 Firmware Upgrade – Auto Logout Modem ROBLEM Login Failure The unit supports Web-browser access through the modem at connection speeds of 28.8K bps or greater. If the baud rate is insufficient, the user may be unable to log on to the unit via the modem.
Page 233
U.S./Canada/Latin America Monday - Friday 8 a.m. - 8 p.m. ET Phone: 800 724-8090 or 732-764-8886 For CommandCenter NOC: Press 6, then Press 1 For CommandCenter Secure Gateway: Press 6, then Press 2 Fax: 732 764-8887 Email for CommandCenter NOC: tech-ccnoc@raritan.com Email for all other products: tech@raritan.com Europe Monday - Friday...