Contents CS03 Certification - DSX2-16 and DSX2-48 Chapter 1 Features and Benefits Package Contents .......................... 8 SX II Models ........................... 9 SX II Appliance Diagram ........................ 9 Supported Serial Devices ......................10 SX II Access Clients ........................11 Chapter 2 Configure SX II for the First Time Default Login Information ......................
Page 4
Standalone Raritan Serial Console Requirements ..............48 Set Windows OS Variables and Install Standalone Raritan Serial Console (RSC) ..48 Set Linux OS Variables and Install Standalone Raritan Serial Console (RSC) for Linux . 51 Setting UNIX OS Variables ....................52 Launching RSC on Windows Systems ................
Page 5
Contents Configure SNMP Traps from the Remote Console ............126 Configure Event Management - Destinations ..............130 Enable SMTP Notifications from the Remote Console ............ 131 Configure and Test SMTP Server Settings ..............132 Configure Modem Settings from the Remote Console ............ 134 Power Supply Setup ......................
Page 6
Contents Chapter 7 Connect a Rack PDU to SX II and Configure Power Control Options Connecting the SX II to the PX2 Serial Port ................234 Connecting the SX II to the PX2 FEATURE Port ..............235 Appendix A Specifications SX II Dimensions and Physical Specifications ................
Page 7
CS03 Certification - DSX2-16 and DSX2-48 To avoid potentially fatal shock hazard and possible damage to Raritan equipment: • Do not use a 2-wire power cord in any product configuration. • Test AC outlets at your computer and monitor for proper polarity and grounding.
Chapter 1 Features and Benefits Next-Generation Console Server The Dominion SX II is Raritan's next-generation Serial Console Raritan's Next-Generation Serial Server (also known as Terminal Server) that provides IT and network Console Server administrators secure IP access and control of serial devices, anytime, anywhere.
Page 9
Dual stack IPv4 and Models IPv6 networking. The Dominion SX II has four USB 2.0 ports, three on the back panel Five USB Ports and one on the front panel. These are available for local keyboard/mouse, 3G/4G cellular modem and for automatic configuration via USB drive.
Page 10
Telephone modem access for emergency access, business Access continuity and disaster recovery. With the Dominion SX II, you get multiple types of local access Innovative At-the-Rack Access at-the-rack. This includes: (1) Traditional RJ45 serial port, (2) Mini-USB port for laptop connection, and (3) DVI & USB-based KVM console for connection to a rackmount keyboard tray or even a KVM switch.
Page 11
US-ASCII (ISO 646); ISO 8859-1 (Latin-1); ISO 8859-15 (Latin-9); UTF-8 and others. Raritan rack PDU's (PX, PX2, PX3, RPC) can be connected to the Remote Power Control of Raritan Dominion SX II for remote power control of the equipment connected PDU’s (With Power Control...
Page 12
TACACS protocols. This allows Dominion SX II to use pre-existing Directory username/password databases for security and convenience. SecureID is supported via RADIUS for added security. Customers can upload to the Dominion SX II digital certificates (self- Upload Customer-Provided SSL signed or certificate authority provided) for enhanced authentication Certificates and secure communication.
Page 13
Multiple User Interfaces freedom to use the interface best suited for the job at hand. This includes remote access via Raritan or third party serial client via CLI, Raritan graphical user interface (GUI), at-the-rack access or via CommandCenter. Convenient direct port access methods available.
Page 14
Chapter 1: Features and Benefits Easy to Install and Manage The SX II offers complete CLI administration and management via Full CLI-based Configuration and SSH, Telnet and web-based user interface. Two script-based Management automatic configuration methods are available for a fast installation and for subsequent configuration changes.
Chapter 1: Features and Benefits Raritan CommandCenter® Management and Scalability Like the rest of the Dominion series, Dominion SX II features Raritan’s CommandCenter complete CommandCenter Secure Gateway integration, Centralized Management allowing users to consolidate all Dominion SX II and other...
Chapter 1: Features and Benefits SX II Models The following SX II models are available. Models with an M include an internal modem in addition to the standard features that are provided on all SX II models. For a list of standard features, see Introduction (see...
Chapter 1: Features and Benefits Appliance diagram key USB port LED port indicators Power status (Note SX II 48 port models have their power status located above the front-panel USB port.) Supported Serial Devices • Routers • LAN switches • Rack PDUs •...
Chapter 1: Features and Benefits SX II Access Clients Raritan Serial Console (RSC) (RSC) Access RSC by connecting from the Remote Console or use standalone RSC to access targets directly. Raritan Serial Console (RSC) Help (on page 47) Direct Port Access Direct Port Access allows users to bypass having to use the SX II's Login dialog and Port Access page.
IP netmask - 255.255.255.0 • Username - admin (all lowercase) • Password - raritan (all lowercase) Important: For backup and business continuity purposes, it is strongly recommended you create a backup administrator username and password. Keep the information in a secure location.
Page 20
Press the Enter key on your keyboard. 3. When the Login prompt appears, enter the default username admin and password raritan. Use all lowercase letters. 4. You are prompted to change the default password. Do so now, and be sure to remember this password for future login. When creating a password via CLI, it cannot begin with a space or end with a space.
Chapter 2: Configure SX II for the First Time 10. Enter top to return to the top level prompt. 11. Next, enter config and then enter ports at the next prompt. You can now configure each server port that has a target device connected to it.
The console sub-mode should be displayed when the default escape key sequence ^] is pressed. Raritan recommends that you do not use [ or Ctrl-[. Either of these may cause unintended commands, such as invoking the Escape Command unintentionally. This key sequence is also triggered by the arrow keys on...
Chapter 3 Access and Use Remote Console Features The Remote Console is a browser-based interface accessed when you log in to SX II via a network connection. Administrator Functions in the Remote Console Administrators perform SX II configuration and maintenance functions from the Remote Console, such as configuring network access, adding and managing users, managing device IP addresses and so on.
Chapter 3: Access and Use Remote Console Features Allow Pop-Ups Regardless of the browser you are using, you must allow pop-ups in order to launch the SX II Remote Console. Security Warnings and Validation Messages When logging in to SX II, security warnings and application validation message may appear.
When logging in to SX II, Java prompts you to validate SX II, and to allow access to the application. Raritan recommends installing an SSL certificate in each SX II device in order to reduce Java warnings, and enhance security. SSL Certificates...
Chapter 3: Access and Use Remote Console Features Additional Security Warnings Even after an SSL certificate is installed in the SX II, depending on your browser and security settings, additional security warnings may be displayed when you log in to SX II. It is necessary to accept these warnings to launch the SX II Remote Console.
Note: Check the pin definition of the RJ45 port on the target. It should match the pin definition on SX II. If needed, connect a Raritan Nulling Serial Adapter to the serial port on your target, then plug a standard Cat5 cable into the adapter.
Chapter 3: Access and Use Remote Console Features Installing a Certificate You may be prompted by the browser to accept and validate the SX II's SSL certificate. Depending on your browser and security settings, additional security warnings may be displayed when you log in to SX II. It is necessary to accept these warnings to launch the SX II Remote Console.
Page 29
Chapter 3: Access and Use Remote Console Features Note: If you are not prompted by the browser, manually select Tools > Internet Options to open the Internet Options dialog. 1. Click the Content tab. 2. Click Certificates. The Certificate Import Wizard opens and walks you through each step.
Chapter 3: Access and Use Remote Console Features Example 2: Add the SX II to Trusted Sites and Import the Certificate In this example, the SX II's URL is added as a Trusted Site, and the Self Signed Certificate is added as part of the process. 1.
Page 31
Chapter 3: Access and Use Remote Console Features Next, import the Certificate. 1. Open an IE browser, then log in to SX II. 2. Click More Information on the first Java ™ security warning. 3. Click View Certificate Details on the More Information dialog. You are prompted to install the certificate.
Chapter 3: Access and Use Remote Console Features Converting a Binary Certificate to a Base64-Encoded DER Certificate (Optional) SX II requires an SSL certificate in either Base64-Encoded DER format or PEM format. If you are using an SSL certificate in binary format, you cannot install it. However, you can convert your binary SSL certificate.
Page 33
Chapter 3: Access and Use Remote Console Features 3. Click "Copy to File...". 4. The Certificate Export Wizard opens. Click Next to start the Wizard. 5. Select "Base-64 encoded X.509" in the second Wizard dialog. 6. Click Next to save the file as a Base-64 encoded X.509. You can now install the certificate on your SX II.
Chapter 3: Access and Use Remote Console Features Log In to SX II 1. Launch a supported web browser. 2. Enter the SX II HTTP, HTTPS or DNS address provided to you by your Administrator. Note: You are always redirected to the IP address from HTTP to HTTPS.
Chapter 3: Access and Use Remote Console Features SX II Port Access Page After a successful login, the Port Access page opens listing all ports along with their status and availability.
Chapter 3: Access and Use Remote Console Features Ports are numbered from 1 up to the total number of ports available for the SX II. For example, Port_1 - Port_64, Port_1 - Port_32. "SerialPort"_"Port #" are what make up the default name the physical port until a name is configured for the port.
Page 37
Chapter 3: Access and Use Remote Console Features Information Description Displayed when? State The current state of the application, either idle or Always active. If idle, the application tracks and displays the amount time the session has been idle. Your IP The IP address used to access SX II.
Page 38
Chapter 3: Access and Use Remote Console Features Collapse the left panel and then expand it again by clicking on the blue arrow located along the right edge of the panel.
Chapter 3: Access and Use Remote Console Features Enable Favorites Enable the Favorites feature and display a list of favorite, frequently accessed SX II devices by clicking Enable in the Favorite Devices section of the left panel of the SX II interface. Accept security warnings if they are displayed.
The SX II Remote Console automatically discovers the SX II devices, and any other Raritan device, in the subnet of the SX II. To discover devices on the device subnet: 1. Choose Manage > Discover Devices - SX II Subnet.
Page 41
Chapter 3: Access and Use Remote Console Features To add devices to your Favorites List: 1. Select the checkbox next to the device name/IP address. 2. Click Add. To access a discovered device: • Click the device name or IP address for that device. A new browser opens to that device.
From the Port Access page, use the Port Action menu to connect, disconnect, or control power of targets and power strips that are connected to SX II. Once connected, you can manage a target with the Raritan Serial Console (RSC). See Raritan Serial Console (RSC) Help (on page 47).
Page 43
Strip" on page 41) You can then connect via Raritan Serial Console (RSC). When you connect to a target, the RSC opens in a new window. See Raritan Serial Console (RSC) Help. Alternatively, you can connect via Direct Port Access, if SX II is configured for Direct Port Access.
Connect to a Target Creates a new connection to the target device. From the SX II Remote Console, Raritan Serial Console (RSC) opens in a new window and you manage the target from there. If you are connected to the target from the Local Console port, you access the target via command line interface.
Disconnect menu option is available in the Port Action menu. Clicking on the Disconnect option disconnects from a target or power strip, and closes the Raritan Serial Console (RSC) window. You can also click the X icon on the window or use the Exit menu option.
This option is visible only when there are one or more power associations to the target, and when you have permission to manage the target's power. You can also perform these actions through Raritan Serial Console (RSC) and command line interface. See Raritan Serial Console (RSC)
• you have permission to manage the power You can also perform these actions through Raritan Serial Console (RSC) and command line interface. See Raritan Serial Console (RSC)
• you have permission to manage the power You can also perform these actions through Raritan Serial Console (RSC) and command line interface. See Raritan Serial Console (RSC)
Page 49
Chapter 4: Access Targets Connect a keyboard tray or KVM console to the DVI-D and USB ports. Connect a laptop to the Mini-USB Admin port.
Page 50
1280x1024@60Hz. Note that you can connect to targets using the Remote Console and manage them using Raritan Serial Console (RSC). See Raritan Serial Console (RSC) Help (on page 47) and...
Chapter 4: Access Targets Send a break to the connected target. admin > [portname] > sendbreak Lock write access to this port. admin > [portname] > writelock Unlock write access to this port. admin > [portname] > writeunlock Query Power status of this port. admin >...
Chapter 4: Access Targets Command Line Interface Partial Searches Enter the first few characters of command and press the Tab key on your keyboard in order to locate a specific command. The command line interface (CLI) completes the entry if the characters form an exact match.
Chapter 4: Access Targets Command Line Interface High-Level Commands The CLI is menu based. Some commands move to a menu with a different command set. The following common commands can be used at all levels of the command line interface (CLI): •...
Chapter 5 Raritan Serial Console (RSC) Help Use Raritan Serial Console (RSC) to connect to serial targets from the SX II Remote Console. Alternatively, install RSC as a standalone-client. The RSC stand-alone client uses the SX II IP address and the target's port number to connect directly to the target, so you do not have to connect to the Remote Console and then connect to the target.
Chapter 5: Raritan Serial Console (RSC) Help Standalone Raritan Serial Console Requirements The following requirements must be met to support the Raritan Serial Console (RSC): • Minimum 1 GHz PC with 512 MB RAM. • ™ Java See SX II release notes for the required version.
Page 56
Chapter 5: Raritan Serial Console (RSC) Help 3. In the System variables section, click New. 4. Write down the installed Java path. 5. In the Variable value block field of the New System Variable dialog, add JAVA_HOME to the Variable name block and the Java path you wrote down earlier.
Page 57
4. Click Next. The installation path page opens. 5. Change the path, if desired. 6. Click Next. The installation progress page opens. Note: The standalone version of RSC is available from the Raritan Support website: http://www.raritan.com/support/sup_upgrades.aspx (http://www.raritan.com/support/sup_upgrades.aspx)
PATH to include it by adding the following lines: export JAVA_HOME=/home/username/j2sdk1.6/ export PATH=$PATH:$JAVA_HOME/bin 3. Save the file. You must have administrative privileges to install Raritan Serial Console (RSC). 1. Log in to your Linux ™ machine. 2. Download, or copy from a known location, the RSC-installer.jar installation file.
Chapter 5: Raritan Serial Console (RSC) Help Setting UNIX OS Variables ™ ™ To check the latest JRE version on Sun Solaris 1. Launch a terminal window on the Sun Solaris desktop. 2. Type java-version in the command line and press Enter. The ™...
1. Double-click the shortcut or use Start Programs to launch the standalone Raritan Serial Console (RSC). The RSC Login connection properties dialog appears. 2. Enter the Dominion SX II IP address, account information, and the desired target (port). 3. Click Start. RSC opens with a connection to the port.
Page 61
Chapter 5: Raritan Serial Console (RSC) Help Change the default Idle Timeout setting and then launch the RSC. See Login Limitations (on page 163) for details on changing the Idle Timeout setting. Access Emulator Options 1. Select the Emulator drop-down menu to display a list of options.
Page 62
Chapter 5: Raritan Serial Console (RSC) Help Note: An Administrator can set Terminal emulation settings using Setup > Port Configuration. 1. Choose Emulator > Settings. The Settings screen displays the General tab with the default settings. 2. The Main Menu Shortcut default is None; accept this, or choose one of the following from the Main Menu Shortcut drop-down menu: ...
Page 63
Chapter 5: Raritan Serial Console (RSC) Help 1. Choose Emulator > Settings and click the Display tab. 2. Click Default to accept the Default settings, and then click Ok to close the Display Settings window. To change the settings, follow these steps: a.
Page 64
Chapter 5: Raritan Serial Console (RSC) Help c. The default font property is Monospace, or you can choose a font from the GUI Font Properties scrolling list. Note: For Simplified Chinese characters, RSC supports EUC-CN encoding system. 3. Choose the following from their respective drop-down menus: ...
Page 65
Chapter 5: Raritan Serial Console (RSC) Help Korean Chinese Bulgarian 6. Click Ok to close the Display Settings window. If you changed the Language setting, the RSC changes to that language when the Display Settings window is closed.
Page 66
Chapter 5: Raritan Serial Console (RSC) Help Get Write Lock Write lock prevents other users from taking the write access while you are using it. 1. To get write lock, choose Emulator > Get Write Lock. 2. If Get Write Lock is not available, a request rejected message appears.
Chapter 5: Raritan Serial Console (RSC) Help 2. A check mark appears in the Write Access column after the name of the User who has Write Access to the console. 3. Click Close to close the Connected Users window. Exit 1.
• Use Ctrl+V to paste text. Start and Stop Logging When you start Raritan Serial Console (RSC), the Logging indicator on the status bar indicates whether logging is on or off. Start Logging The Start Logging function allows you to collect raw console data from the target device and save it to a file on your computer.
Page 69
Chapter 5: Raritan Serial Console (RSC) Help 3. Click Save after selecting or creating a file. Stop Logging • Choose Tools > Stop Logging.
Chapter 5: Raritan Serial Console (RSC) Help The logging stops. Send a Text File 1. Select Tools > Send Text File. A Send Text File screen appears. 2. Open the directory of the Text file. 3. Click on or enter the file name of the text file.
Chapter 5: Raritan Serial Console (RSC) Help When you click Open, Raritan Serial Console (RSC) sends whatever file you selected directly to the port. If there is currently no target connected, nothing is visible on the screen. ®...
Power On a Target Use this option to power on a target from Raritan Serial Console (RSC). This option is visible only when there are one or more power associations to the target, and when you have permission to manage the target's power.
2. Click Yes when prompted to confirm. Power Off a Target Use this option to power off a target from Raritan Serial Console (RSC). This option is visible only when there are one or more power associations to the target, and when you have permission to manage the target's power.
Chapter 5: Raritan Serial Console (RSC) Help 2. Click Yes when prompted to confirm. Power Cycle a Target Power cycling allows you to turn a target off and then back on through the outlet it is plugged into. This option is visible only when - •...
Page 75
Chapter 5: Raritan Serial Console (RSC) Help 2. Click Yes when prompted to confirm.
Chapter 5: Raritan Serial Console (RSC) Help Chat When using browser access over SSL, an interactive chat feature called Chat allows you and other users on the same port to communicate. The maximum length of a chat message is 300 characters.
Chapter 5: Raritan Serial Console (RSC) Help Help and About Help Topics include online assistance for operating the Raritan Serial Console (RSC) and release information about RSC. Help Topics • Choose Help > Help Topics. Help is displayed in a secondary window.
You can control Raritan PX rack PDU outlets (power strips) and Baytech rack PDU power strip outlets that are connected to SX II. For information on setting up a PX, see the Raritan PX Online Help. For details on how to connect a PX to SX II, see...
Page 79
Chapter 6: SX II Administration If no power strips are connected to SX II, a message stating "No power strips found" is displayed in the Powerstrip Device section of page. If power strips are down or cannot be reached, the message "Cannot communicate with power strip or outlet number not match, please check!"...
Page 80
Chapter 6: SX II Administration The currently selected powerstrip's outlet names, their current state, and their associated ports, if applicable, are displayed below the powerstrip information. Use the On, Off and Cycle buttons on the page to control each of the powerstrip's outlets.
Page 81
SX II Port Configuration page. A special Raritan cable or CSCSPCS -1 Rev.0C adapter is required to connect an SX II port to the Feature port of rack PDU. Only Raritan rack PDUs are supported.
Page 82
Chapter 6: SX II Administration 4. change the port name, if needed. 5. Click OK. SX II attempts to communicate with the power strip. If communication is successful, the port is configured as a power port. Note: If the power strip is in not in support mode, a communication failure occurs.
Chapter 6: SX II Administration 2. Associate the active target to the disconnected power port. This will break the disconnected target's power association. 3. Finally, associate the active target to the correct power port. Configure and Manage Users and Groups from the Remote Console Note: These functions can also be performed using command line interface.
Page 84
Chapter 6: SX II Administration User group Users belong to a group and groups have privileges. Organizing the various users of your SX II into groups saves time by allowing you to manage permissions for all users in a group at once, instead of managing permissions on a user-by-user basis.
Page 85
Chapter 6: SX II Administration Any newly created user is automatically put in this group until they are assigned to another group. • Individual Group An individual group is essentially a "group" of one. That is, the specific user is in its own group and not affiliated with other groups. Use an individual group when you need a user account can have the same rights as a group.
Page 86
Chapter 6: SX II Administration User profiles serve two purposes: • To provide users with a username and password to log in to SX II. • To associate the user with a user group. The user group determines which functions and ports the user can access. SX II is shipped with one user profile built in, the Admin user.
Page 87
Chapter 6: SX II Administration 2. Type a descriptive name for the new user group into the Group Name field. Set Group Permissions 3. Select the permissions to assign to the group. Device Access While Under CC-SG Management - Allows users and user groups with this permission to directly access the SX II while it is under CC-SG management.
Page 88
Chapter 6: SX II Administration User authentication is performed based on SX II authentication settings. Note: The Admin user group has this permission by default. Device Settings - Network settings, date/time settings, port configuration, event management (SNMP, Syslog), and so on. ...
Page 89
Chapter 6: SX II Administration 4. Select the access permissions the group has to server ports and power control. The default is Deny. Select each port individually, or use the checkboxes at the bottom of the page to apply permissions to all ports. ...
Page 90
Chapter 6: SX II Administration This feature limits a user's access to the SX II by allowing you to assign them to a group that can only access the device through specific IP addresses. This feature applies only to users belonging to the specific group. This is unlike the IP Access Control List feature that applies to all access attempts to the device.
Page 91
Chapter 6: SX II Administration 3. Choose the action from the Action drop-down list. 4. Click Insert and then click OK. If the rule number you just typed equals an existing rule number, the new rule is placed ahead of the exiting rule and all rules are moved down in the list.
Page 92
Chapter 6: SX II Administration 4. Type a password in the Password field, and then type it again in the Confirm Password field. Required The password is case sensitive. Note: If the strong password feature is enabled, there are other password requirements.
Page 93
Chapter 6: SX II Administration Add SSH Client Certificates for Users Note: This function can also be performed using command line interface. Configure User Authorization and Authentication Services Using CLI (on page 200). If needed, SSH (Secure Shell) Client Authentication keys can be added to a user.
Page 94
Chapter 6: SX II Administration Edit or Deactivate a User Note: This function can also be performed using command line interface. Configure and Manage Users and User Groups Using CLI page 197). 1. Choose User Management > User List. The User List page opens. It looks exactly like the New User page.
Page 95
Chapter 6: SX II Administration View Users by Port The User By Ports page lists all authenticated local and remote users and ports they are being connected to. • If the same user is logged on from more than one client, their username appears on the page for each connection they have made.
Page 96
Disconnect a User from a Port You can disconnect a user from a specific port without logging them off of SX II. For example, if a user is connected to Serial Port 1 via Raritan Serial Console (RSC), you can disconnect them from the port.
Page 97
Chapter 6: SX II Administration Log a User Off of SX II (Force Logoff) If you are an administrator or have user management permissions, you are able to log off any authenticated user who is logged on to SX II. Users can also be disconnected at the port level.
Chapter 6: SX II Administration Configure User Authentication from the Remote Console SX II requires users be authenticated to access the appliance. Authentication is the process of verifying that a user is who he says he is. Once a user is authenticated, the user's group is used to determine his system and port permissions.
Page 99
Chapter 6: SX II Administration Enable Local User Authentication Users are validated based on their username and password from a local database. Note that if a remote authentication is enabled but the user is not found, SX II checks the local authentication database as well. 1.
Page 100
Chapter 6: SX II Administration Enable LDAP/LDAPS Authentication Note: When configuring the LDAP server, the query string format on the server should contain the name of the group configured on SX II. You can use the Lightweight Directory Access Protocol (LDAP) to authenticate SX II users instead of local authentication.
Page 101
Chapter 6: SX II Administration Server Configuration 3. In the Primary LDAP Server field, type the IP address or host name of your LDAP/LDAPS remote authentication server. 4. Optional In the Secondary LDAP Server field, type the IP address or host name of your backup LDAP/LDAPS server (up to 256 characters).
Page 102
LDAP database you want to begin searching for user information. An example base search value might be: cn=Users,dc=raritan,dc=com. Consult your authentication server administrator for the appropriate values to enter into these fields. Complete this field if your LDAP server only allows administrators to search user information using the Administrative User role.
Page 103
Chapter 6: SX II Administration 10. The default Secure LDAP Port is 636. Either use the default port or specify another port. This field is only used when the Enable Secure LDAP checkbox is selected. 11. Select the "Enable LDAPS Server Certificate Validation" checkbox to use the previously uploaded root CA certificate file to validate the certificate provided by the server.
Page 104
Enable RADIUS Authentication Note: When configuring the RADIUS server, the Filter-ID format for the users on the server should have the following format "raritan:G{GroupOnSX}:D{DialbackNumber}". You can use Remote Authentication Dial-In User Service (RADIUS) to authenticate SX II users instead of local authentication.
Page 105
Chapter 6: SX II Administration 10. Choose the Global Authentication Type from among the options in the drop-down list: PAP - With PAP, passwords are sent as plain text. PAP is not interactive. The user name and password are sent as one data package once a connection is established, rather than the server sending a login prompt and waiting for a response.
Page 106
12. Click the Add... button. The RADIUS attributes list appears. 13. Select Filter-Id Name and click the Add button. Click Add in the Attribute values section. Type the attribute value: Raritan:G{Admin}. 14. Click OK. 15. The value in G{} is the name of a group locally on the SX II, in this...
Page 107
1234567890 is the phone number for dial back. The value Raritan:G{Admin} must match with the local group on the SX II. The SX II comes from the factory with the default Admin group.
Page 108
Chapter 6: SX II Administration 2. Click Add/Remove Windows Components. 3. Highlight Networking Services then click the Details... button. 4. Select the Internet Authentication Service checkbox and then click 5. Click Next> and continue with the wizard steps. IAS Active Directory Access If using a Domain Controller, set IAS to access the Active Directory ®...
Page 109
RADIUS Attribute: Filter-ID Attribute Type: String Attribute Value: Raritan:G{Serial_Admin} (where Serial_Admin is group name created locally on SX II). Case sensitive. • Configure Session Conditions (Date and Time) (Required) - Policy Elements > Session Conditions > Date and Time •...
Page 110
Chapter 6: SX II Administration Attribute Data NAS-IP-Address (4) The IP address for the SX II. User-Name (1) The user name entered at the login screen. Acct-Session-ID (44) Session ID for accounting. User-Password(2) The encrypted password. Accounting-Request(4) Acct-Status (40) Start(1) - Starts the accounting. NAS-Port-Type (61) VIRTUAL (5) for network connections.
Page 111
Chapter 6: SX II Administration 2. Click the TACACS+ radio button to enable the TACACS+ section of the page. The section expands. If it does not, click the section header to expand it. 3. Under Primary TACACS+, type the IP address of the TACACS+ server and the port on which it is listening (default is 49) in the IP Address and Port fields.
Page 112
SX II policies and user group privileges that are applied locally to AD user groups. IMPORTANT: If you are an existing Raritan, Inc. customer, and have already configured the Active Directory server by changing the AD schema, the SX II still supports this configuration and you do not need to perform the following operations.
Page 113
Your remote RADIUS server can provide these user group names by returning an attribute, implemented as a RADIUS FILTER-ID. The FILTER-ID should be formatted as follows: Raritan:G{GROUP_NAME} where GROUP_NAME is a string denoting the name of the group to which the user belongs.
Chapter 6: SX II Administration Configure SX II Network Settings from the Remote Console The configuration settings described in Initial SX II Configuration from the Remote Console (on page 19) are the same that apply when making any changes. Reset Network Settings to Factory Defaults 1.
Chapter 6: SX II Administration Enable Auto Script from the Remote Console for Use with TFTP or a USB Stick Use this feature to copy the same settings to each of your SX IIs. To do this, a configuration script file with the SX II's settings is created. Example Script config localport...
Page 116
Chapter 6: SX II Administration • Save the file to USB stick. The file can then be brought to each appliance and used to configure it. 1. Access and configure the SX II you want to create a configuration file from.
Page 117
Chapter 6: SX II Administration 3. Click OK to create the script. A success message is displayed on the page. Enable automatic script configuration via TFTP server: 1. Select the "Enable Automatic Script Configuration via TFTP Stick" checkbox. 2. The TFTP Auto Script Settings section is enabled. 3.
Page 118
Chapter 6: SX II Administration Retrieve TFTP IP Address via DHCP - Note that to do this, IP auto configuration must set to DHCP and enabled on the SX II. See Disable or Enable DHCP in SX II. Set TFTP IP Address Manually - enter the IP address in the field provided.
Page 119
Chapter 6: SX II Administration 4. Create a script file named <Device_Type>_<Serial_Number_Of_Device>.autoscript containing all of the scripts that need to be executed on the appliance to configure it. 5. Copy all above files to the top directory of the USB stick. 6.
Chapter 6: SX II Administration Configure Device Settings from the Remote Console Enable SSH Access (Optional) SSH is enabled by default. For information on required open ports and port protocols, see Port Access Protocol Requirements (on page 238). Note that SSH can be disabled or enabled via Remote Console or command line interface (CLI).
Page 121
Chapter 6: SX II Administration Enable Telnet (Optional) Due to the lack of security, the username, password and all traffic is in clear-text on the wire. Telnet must be enabled before it can be used; is disabled by default. Note that Telnet can be disabled or enabled via Remote Console or command line interface (CLI).
Page 122
Chapter 6: SX II Administration Change HTTP and HTTPS Port Settings If needed, change HTTP and/or HTTPS ports used by SX II. For example, if you are using the default HTTP port 80 for another purpose, changing the port ensures the appliance does not attempt to use it. For information on required open ports and port protocols, see Port Access Protocol Requirements...
Page 123
Chapter 6: SX II Administration Change the TCP Discovery Port SX II discovery occurs over a single, configurable TCP Port. The default is Port 5000, but you can change it to use any TCP port except 80 and 443. To access SX II from beyond a firewall, your firewall settings must enable two-way communication through the default Port 5000 or a non- default port configured on this page.
Page 124
Chapter 6: SX II Administration Enable Direct Port Access Direct Port Access allows users to bypass having to use the SX II's Login dialog and Port Access page. There are three methods to access ports directly. Note that Direct Port Access can be configured via Remote Console or command line interface (CLI).
Page 125
Chapter 6: SX II Administration 3. Locate the port in the table below the checkboxes, then enter the IP address you want to assign to the port. 4. Click OK to apply the settings. Enable Direct Port Access via Username for SSH/Telnet This feature provides the ability to access DPA through a username and port combination without requiring a unique IP address or TCP port.
Page 126
Chapter 6: SX II Administration IP Forwarding and Static Routes Enable IP forwarding, or create static routes if SX II has two LAN ports or is configured for modem access. To enable IP forwarding: 1. Select Device Settings > Static Routes. The Static Routes page opens.
Page 127
Chapter 6: SX II Administration The Route fields are displayed. 3. Select the one you want to configure from the drop-down menu in the Interface field. LAN1 = eth0 LAN2 = eth1 4. Type the IP address, subnet mask, and gateway of the destination host in the Destination, Mask, and Gateway fields.
Page 128
Chapter 6: SX II Administration To delete a static route: 1. Select Device Settings > Static Routes. The Static Routes page opens. 2. Go the Static Routes List and select the checkbox next to the route you want to delete. 3.
Chapter 6: SX II Administration Note: IPv6 addresses cannot exceed 80 characters in length for the host name. • Click Reset to Defaults at the bottom of the page to remove the setting. Configure Date and Time Settings from the Remote Console Use the Date/Time Settings page to specify the date and time for the SX II.
Page 130
Chapter 6: SX II Administration 6. Click OK.
Chapter 6: SX II Administration Configure SNMP Agents from the Remote Console SNMP-compliant devices, called agents, store data about themselves in Management Information Bases (MIBs) and return this data to the SNMP managers. See Viewing the SX II MIB (on page 130) for information on viewing the SX II MIB.
Page 132
Chapter 6: SX II Administration Community - the appliance's community string Community Type - grant either Read-Only or Read-Write access to the community users Note: An SNMP community is the group to which appliances and management stations running SNMP belong. It helps define where information is sent.
Chapter 6: SX II Administration Configure SNMP Traps from the Remote Console Simple Network Management Protocol (SNMP) is a protocol governing network management and the monitoring of network devices and their functions. SNMP provides the ability to send traps, or notifications, over a network to gather information.
Page 134
Chapter 6: SX II Administration Trap Description networkFailure An Ethernet interface of the product can no longer communicate over the network. networkParameterChanged A change has been made to the network parameters. networkParameterChangedv2 A change has been made to network parameters when working in dual LAN isolation mode.
Page 135
Chapter 6: SX II Administration Trap Description userConnectionLost A user with an active session has experienced an abnormal session termination. userDeleted A user account has been deleted. userForcedLogout A user was forcibly logged out by Admin userLogin A user has successfully logged into the SX II and has been authenticated.
Page 136
Chapter 6: SX II Administration 4. Complete the following fields for SNMP v1/v2c (as needed): Destination IP/Hostname - the IP or hostname of the SNMP destination. Up to five (5) SNMP trap destinations can be created. Note: IPv6 addresses cannot exceed 80 characters in length for the host name.
Chapter 6: SX II Administration Next, configure where the SNMP trap events are sent and logged. Destinations are configured on the Event Management - Destination page. See Configuring Event Management - Destinations. SX II supports SNMP logging for SNMP v1/v2c and/or v3. SNMP v1/v2c defines message formats and protocol operations when SNMP logging is enabled.
Chapter 6: SX II Administration Tip: Enable or disable entire categories by checking or clearing the Category checkboxes, respectively. 3. Click OK. To reset to factory defaults: • Click Reset To Defaults. WARNING: When using SNMP traps over UDP, it is possible for the SX II and the router that it is attached to fall out of synchronization when the SX II is rebooted, preventing the reboot completed SNMP trap from being logged.
Chapter 6: SX II Administration 2. Go to the SMTP Settings panel and select the Enable SMTP Server checkbox. 3. Type the email address of the SMTP subscriber in the New Email Subscriber Address field and then click Add. 4. Click OK. Configure and Test SMTP Server Settings Enter the information required for a connection to your SMTP server on the SMTP Server Settings page.
Page 140
Chapter 6: SX II Administration 4. Click Apply. Configu It is important that the SMTP server information be accurate so that the SX II appliance can send messages using that SMTP server. This test sends an email using the settings displayed on the page in the SMTP Settings pane.
Chapter 6: SX II Administration Configure Modem Settings from the Remote Console Configure modem settings for SX II models with internal, analog modems on the Modem Settings page. You can also configure modem settings via command line interface. See Configure a Modem Using CLI page 204).
Page 142
Chapter 6: SX II Administration Note: The Enable Broadband Modem feature is specific to use of an external, wireless modem. See Connect and Enable Global Access to an External Modem (see "Connect and Enable Global Access to an External Broadband Modem"...
Page 143
Chapter 6: SX II Administration Dialback occurs when the originator of a call is immediately called back in response to the first dial-in. 6. Click OK to commit your changes or click Reset to Defaults to return the settings to their defaults. Assign User Groups Modem Access Permissions...
Page 144
Chapter 6: SX II Administration • If needed, assign users to a group with Modem Access permissions. Modem Access permission is assigned to a user group on the Group page, and the user is then assigned to the group on the User page. For more information, see Configure and Manage Users and Groups from the Remote Console...
Page 145
Chapter 6: SX II Administration GX440 must have at least ALEOS Software Version 4.4.1.014 Raritan has tested this configuration with the Verizon Wireless MC7750 Radio Module using firmware version 3.05.10.13. Connect the External, Wireless Modem USB Connection Use either a Micro A or Micro B to USB Type A cable to connect the GX440 to the SX II.
Page 146
Chapter 6: SX II Administration For security reasons, Raritan recommends you change the default Admin account username to a new name before using the GX440.. Assign User Groups Modem Access Permissions Following are settings applied in SX II. • Modem Access permission is assigned to a user group on the Group page, and the user is then assigned to the group on the User page.
Page 147
Chapter 6: SX II Administration Use this feature to enable or disable access to an external GX440 modem. Broadband is disabled by default. Since this is a global-level feature, it is disabled for all users. Once it is enabled, only users who belong to a user group with Modem Access permissions can access SX II via the GX440 modem.
Page 148
Chapter 6: SX II Administration The connection event is logged in the SX II audit log. Once the devices are on and the connection is active, the gateway IP address is displayed in the Remote Console in the left panel under the Network section.
Chapter 6: SX II Administration Power Supply Setup SX II provides dual power supplies, and can automatically detect and provide notification regarding the status of these power supplies. When both power supplies are used, SX II automatically detects them and notifies you of their status. Additionally, both the Powerln1 and Powerln2 Auto Detect checkboxes are automatically selected on the Power Supply Setup page.
Page 150
Chapter 6: SX II Administration 2. If you are plugging power input into power supply number one (left- most power supply at the back of the unit), then select the Powerln1 Auto Detect option. 3. If you are plugging power input into power supply number two (right- most power supply at the back of the unit), then select the Powerln2 Auto Detect option.
Chapter 6: SX II Administration Configure Local Port Settings from the Remote Console Configure Local Console port settings on this page. Some changes you make to the settings on the Local Port Settings page restart the local terminals. If a local terminal restart occurs when a setting is changed, it is noted here.
Page 152
Chapter 6: SX II Administration US Portuguese (Portugal) US/International Norwegian (Norway) United Kingdom Swedish (Sweden) French (France) Danish (Denmark) German (Germany) Belgian (Belgium) German (Switzerland) Hungarian Simplified Chinese ...
Chapter 6: SX II Administration Changing the Default GUI Language Setting from the Remote Console The SX II web-based interface defaults to English, but also supports the following localized languages. These languages are not applied to the Local Console. • Japanese •...
Page 154
Chapter 6: SX II Administration If needed, make changes to the default timestamp interval and/or the logging update frequency. Timestamp represents the interval between two timestamp messages. Enter a time in seconds between 0 – 99999. Note that entering 0 disables timestamps for port logging.
Page 155
Chapter 6: SX II Administration Enable the Port Log Local File to capture data for each port locally on SX Log files are stored on SX II's internal flash drive. For 8 and 16 port models, there is 2GB internal flash drive. All other models have 8GB flash drive.
Page 156
Chapter 6: SX II Administration This feature sends event log messages to a remote Syslog server. The messages from the SX II appliance are sent to the LOCAL0 channel of the Syslog server for more efficient parsing. Since all messages are sent from the LOCAL0 channel on the syslog server, all port output resides in the same file.
Page 157
Chapter 6: SX II Administration You must also enable port logging. For more information on port logging, see Enable Port Logging. Note: The NFS server must have the exported directory with write permission for the port logging to work. 1. Select the Enable NFS checkbox to enable NFS logging. 2.
Chapter 6: SX II Administration If the re-mount succeeds, logging continues; otherwise, further logging events are inhibited. Manage Port Logging - Local Files from the Remote Console To delete log files: 1. Select checkbox for log files. 2. Click "Delete Log File".
Chapter 6: SX II Administration To retrieve a log file: • Click the Download link for a log file's "OutputFile" or "InputFile". Note that power string data is not saved in port log files. For information on configuring local log files for ports, see Configure Port Logging - Settings (see...
Page 160
Chapter 6: SX II Administration Configure Powerstrips 1. If you selected Power Strip, change the Power Strip Name and click OK. If a power strip is detected, you are returned to the Port Configuration page. 2. Select the port again to edit it and its outlet names, if desired. Outlet names default to the outlet number.
Page 161
Port Access page. To use this feature, you need Raritan remote rack PDU(s). 3. Select the Power Strip Name and associate an name with each of the power strip's outlets by selecting from the Outlet Name drop- down.
Page 162
Chapter 6: SX II Administration 5. To allow direct port access to the target's port, enter the port's IP address, and the SSH port and Telnet port. Configure Port Settings Configure the remaining port settings, as needed or required. 1. Select the terminal emulation type from the drop-down menu in the Emulation field.
Page 163
Chapter 6: SX II Administration 2. Set Encoding if you want Raritan Serial Console (RSC) to always use a specific character encoding for this port. Encoding overrides the global RSC setting for the port to whatever value you set. The choices are: DEFAULT,US-ASCII,ISO8859-1, ISO8859-15,UTF- 8, Shift-JIS, EUC-JP, EUC-CN, EdUC-KR.
Page 164
14. Type the character in the Escape Character field. The default for the SX II is ] (closed bracket). Raritan recommends that you do not use [ or Ctrl-[. Either of these may cause unintended commands, such as invoking the Escape Command unintentionally.
Page 165
Chapter 6: SX II Administration 17. Click OK. Apply Settings to Other Ports...
Page 166
Chapter 6: SX II Administration Once finished, you can apply the same port settings to other ports. 1. Select the ports from the Apply Serial Port Settings To Other Ports" section of the page by selecting them individually or using the selection buttons at the bottom of the page.
Page 167
Chapter 6: SX II Administration Port Keyword List Port keywords work as a filter. You can create port keywords and associate them with - • Events • Local/remote syslog messages • SNMP traps If a keyword is detected - • A corresponding message is logged in a local/NFS port log.
Page 168
Chapter 6: SX II Administration The Serial Alert event is selected from the Event Management - Destinations page. 1. Choose Device Settings > Port Keywords. The Port Keyword List page opens.
Page 169
Chapter 6: SX II Administration 2. Click Add at the bottom of list on the page. The Keyword page opens. 3. Type a keyword in the Keyword field. 4. Select the Port(s) you want to associate with that keyword. 5. Click Add to add them to the Selected box. 6.
Chapter 6: SX II Administration Configure Security Settings from the Remote Console Login Limitations Using login limitations, you can specify restrictions for single login, password aging, and the logging out idle users. Login limitations are configured on the Security Settings page. •...
Page 171
Chapter 6: SX II Administration The Idle Timeout field is used to set the amount of time (in minutes) after which an idle user will be logged out. This field is enabled when the Log Out Idle Users option is selected. Up to 365 minutes can be entered as the field value •...
Page 172
Chapter 6: SX II Administration Lockout Time - The amount of time for which the user will be locked out. The valid range is 1 - 1440 minutes and the default is 5 minutes. Note: Users in the role of Administrator are exempt from the timer lockout settings.
Page 173
Chapter 6: SX II Administration To enforce this use of a special character, select "Enforce at least one printable special character". "Number of restricted passwords based on history" enforces the number of prior passwords that cannot be repeated. The range is 1-12 and the default is 5.
Page 174
Chapter 6: SX II Administration RC4 - Secures user names, passwords and data using the RSA RC4 encryption method. This is a 128 - bit Secure Sockets Layer (SSL) protocol that provides a private communications channel between the SX II device and the Remote PC during initial connection authentication.
Page 175
Chapter 6: SX II Administration Enable Local Admin Password Reset - Resets the local administrator password only. The password is reset to raritan. Disable All Local Resets - No reset action is taken. Resets the local administrator password only. The password is reset to raritan.
Page 176
Chapter 6: SX II Administration FIPS 140-2 Support Requirements The SX II supports the use of FIPS 140-2 approved encryption algorithms. This allows an SSL server and client to successfully negotiate the cipher suite used for the encrypted session when a client is configured for FIPS 140-2 only mode.
Page 177
Chapter 6: SX II Administration Enable FIPS 140-2 For government and other high security environments, enabling FIPS 140-2 mode may be required. The SX II uses an embedded FIPS 140-2-validated cryptographic module running on a Linux ® platform per FIPS 140-2 Implementation Guidance section G.5 guidelines.
Page 178
Chapter 6: SX II Administration Firewall The SX II has a firewall function to provide protection for the IP network and to control access between the internal router and LAN 1, LAN 2, and the modem interfaces. 1. Choose Security > Firewall. The Firewall page opens, displaying the existing IPTables rules.
Page 179
Chapter 6: SX II Administration 4. Enter a rule in the IPTables Rule field the click Apply. Add as many rules as are needed. 5. Click Save. The rule is displayed on the screen. 6. You can delete some or all of the default rules if you choose to. SSL Certificates SX II uses the Secure Socket Layer (SSL) protocol for any encrypted network traffic between itself and a connected client.
Page 180
Chapter 6: SX II Administration a. Common name - The network name of the SX II once it is installed on your network (usually the fully qualified domain name). The common name is identical to the name used to access the SX II with a web browser, but without the prefix “http://”.
Page 181
Chapter 6: SX II Administration d. A confirmation dialog is displayed. Click OK to close it. e. Reboot the SX II to activate the self-signed certificate. To generate a CSR to send to the CA for certification: a. Click Create. b.
Page 182
Chapter 6: SX II Administration back! In case you deleted it by mistake, you have to repeat the three steps as described above. To avoid this, use the download function so you will have a copy of the CSR and its private key. Converting a Binary Certificate to a Base64-Encoded DER Certificate (Optional) SX II requires an SSL certificate in either Base64-Encoded DER format...
Page 183
Chapter 6: SX II Administration 3. Click "Copy to File...". 4. The Certificate Export Wizard opens. Click Next to start the Wizard. 5. Select "Base-64 encoded X.509" in the second Wizard dialog. 6. Click Next to save the file as a Base-64 encoded X.509. You can now install the certificate on your SX II.
Page 184
Chapter 6: SX II Administration Security Banner SX II provides you with the ability to add a security banner to the SX II login process. This feature requires users to either accept or decline a security agreement before they can access the SX II. The information provided in a security banner will be displayed in a Restricted Service Agreement dialog after users access SX II using their login credentials.
Page 185
Chapter 6: SX II Administration b. Upload the information from .txt file by selecting the Restricted Services Banner File radio button and using the Browse feature to locate and upload the file. Click OK. Once the file is uploaded, the text from the file will appear in the Restricted Services Banner Message text box.
Chapter 6: SX II Administration Configure Maintenance Settings from the Remote Console Audit Log A log is created of SX II system events. The audit log can contain up to approximately 2000 lines worth of data before it starts overwriting the oldest entries. To avoid losing audit log data, export the data to a syslog server or SNMP manager.
Page 187
Chapter 6: SX II Administration 5. To page through the audit log, use the [Older] and [Newer] links.
Page 188
Chapter 6: SX II Administration Device Information Selection Maintenance > Device Information to view information specific to your SX II. This is useful for support. Backup and Restore From the Backup/Restore page, you can backup and restore the settings and configuration for your SX II. In addition to using backup and restore for business continuity purposes, you can use this feature as a time-saving mechanism.
Page 189
Chapter 6: SX II Administration 2. Click Backup. A File Download dialog appears that contains an Open button. Do not click Open. In IE 7 (and later), IE is used as the default application to open files, so you are prompted to open the file versus save the file. To avoid this, you must change the default application that is used to open ®...
Page 190
Chapter 6: SX II Administration Full Restore - A complete restore of the entire system. Generally used for traditional backup and restore purposes. Protected Restore - Everything is restored except appliance- specific information such as IP address, name, and so forth. With this option, you can setup one SX II and copy the configuration to multiple SX II appliances.
Page 191
Chapter 6: SX II Administration 1. Choose Maintenance > Firmware Upgrade. The Firmware Upgrade page opens. 2. Click the Show Latest Firmware link to locate the appropriate Raritan firmware distribution file (*.RFP) on the Raritan website on the Firmware Upgrades web page.
Page 192
Chapter 6: SX II Administration Upgrade History The SX II provides information about upgrades performed on the SX II and attached devices. • Choose Maintenance > Upgrade History to view the upgrade history. Information is provided about the SX II upgrade(s) that have been run, the final status of the upgrade, the start and end times, and the previous and current firmware versions.
Page 193
Chapter 6: SX II Administration To reboot your SX II: 1. Choose Maintenance > Reboot. The Reboot page opens. 2. Click Reboot. You are prompted to confirm the action. Click Yes to proceed with the reboot.
Page 194
Chapter 6: SX II Administration Reset the SX II Using the Reset Button on the Appliance On the back panel of the appliance, there is a Reset button. It is recessed to prevent accidental resets, so you need a pointed object to press this button.
Chapter 6: SX II Administration 4. While continuing to hold the Reset button, power the SX II device back on. Continue holding the Reset button until you hear a beep that is about one second long. Once the device is successfully reset, two (2) beeps are emitted from the appliance.
Page 196
Chapter 6: SX II Administration 4. Select the interface in the Network Interface drop-down box to ping on a specified interface. Optional Trace Route to Host Page Trace route is a network tool used to determine the route taken to the provided hostname or IP address.
Page 197
Chapter 6: SX II Administration 5. Select the interface in the Network Interface drop-down box to trace route on a specified interface. Optional...
Page 198
Chapter 6: SX II Administration Execute a Diagnostics Script and Create a Diagnostics File Note: This page is for use by Raritan Field Engineers or when you are directed by Raritan Technical Support. Use this feature to download diagnostic information from the SX II to the client machine.
Page 199
Chapter 6: SX II Administration 4. To create a diagnostics file to send to Raritan Technical Support, click Save to File and save the file locally from the Save As dialog. 5. Email this file as directed by Raritan Technical Support.
Page 200
Chapter 6: SX II Administration Network Interface Page The SX II provides information about the status of your network interface. To view information about your network interface: • Choose Diagnostics > Network Interface. The Network Interface page opens. The following information is displayed: •...
Page 201
Chapter 6: SX II Administration Statistics - Produces a page similar to the one displayed here. Interfaces - Produces a page similar to the one displayed here.
Chapter 6: SX II Administration Route - Produces a page similar to the one displayed here. Administering SX II Using command line interface This section is specific to tasks performed using command line interface. For information on performing tasks in the SX II Remote Console, see Administering SX II from the Remote Console (on page 71).
Chapter 6: SX II Administration Command Description Parameters new password password Create a new password, if needed. Configure Power Strips Using CLI Note: These functions can also be managed from the Remote Console. Configure Power Strips from the Remote Console (on page 71).
Chapter 6: SX II Administration Command Description Parameters <port number> - SX port number to unassociate Remove a power outlet unassociate association from a SX II <powerstrip name> - Name of power strip to access port. <outlet number> - Outlet number on power strip to unassociate ...
Page 205
Chapter 6: SX II Administration Command Description Parameters pcshare <true | false> PC-Share Access - Indicate whether users in the group are allowed to access a port that already has users connected to it if the port access mode is set to Share. Permitted (true), denied (false).
Page 206
Chapter 6: SX II Administration Command Description Parameters <group name> - Group to display. Shows the details of existing showgroup user groups. If there is no group specified, the command displays all groups in the system. <group name> - Group to delete. deletegroup Deletes an existing user group.
Chapter 6: SX II Administration Command Description Parameters See addgroup parameters. edituser Update information for a specified user. user <loginname> - User to delete Delete a specified user. deleteuser user <loginname> - User to display showuser Displays the details for an existing user.
Page 208
Chapter 6: SX II Administration Command Description Parameters Set the authentication mode. mode <local|ldap|radius|tacacs> authmode LDAP Configuration The LDAP configuration menu offers commands to set up LDAP and LDAPS. Enter admin > Config > Authentication > ldap to access the menu.
Page 209
Raritan Update RADIUS users to use the new attribute in the users file, which is usually located at /etc/raddb/. Raritan-Vendor-Specific = "G{Administrator}" Note: If a filter ID and a vendor specific attribute are present, the vendor specific attribute is used.
Page 210
Chapter 6: SX II Administration Command Description Parameters ip <ipaddress | hostname> - IP Address Access to configure the primary primaryradius RADIUS settings. secret <value> - RADIUS authentication secret authport <value> - RADIUS authentication port acctport <value> - RADIUS accounting port ...
• On the Remote RADIUS Server, the user's configuration should contain the following line. Filter-Id = "raritan:G{<local user group>}:D{<number for dialback>}" The LDAP server user's configuration should contain the dialback number in the attribute that is configured as the 'dialback search string' on SX II.
Chapter 6: SX II Administration Command Description Parameters provided by DHCP or manually set tftp address <ipaddress | hostname> - TFTP server address enable <true/false> - enable (true), disable autoconfigusb Set/Get Automatic Script via USB (false) Configuration. Enter admin > to access the menu. Command Description Parameters...
Page 214
Chapter 6: SX II Administration Command Description Parameters enable <true/false> - Ethernet failover enable Used to enable and ethernetfailover (true), disable (false) disable the ability to failover from one LAN to another. ipauto <none | dhcp> - Enable DHCP as ip Configure network interface configuration...
Page 216
Chapter 6: SX II Administration Command Description Parameters enable <true | false> - Enable or disable Telnet Enable or disable Telnet telnet access, enable (true), disable (false) access. port <value> - Telnet server tcp listen port Due to the lack of security, the username, password and all traffic is in clear-text on the wire.
Note: SNMP traps can also be configured from the Remote Console. Configure SNMP Traps from the Remote Console (on page 126). SX II supports sending SNMP alerts to a predefined SNMP server. The Raritan SNMP MIB can be found in Viewing the SX II MIB (on page 130).
Page 218
Chapter 6: SX II Administration Command Description Parameters dest <ipaddress | hostname>- Destination Add trap recipients. addv3 IP/hostname A recipient is an IP address with an port <port number> - Destination port optional space- separated port name <name> - Security name number.
Chapter 6: SX II Administration Command Description Parameters Used to find the number timezonelist code that corresponds to your time zone. enable <true | false> - enable or disable the use of Use this command if you are NTP, enable (true), disable (false) synchronizing SX II with an NTP server.
Chapter 6: SX II Administration Configure SMTP Events and Notifications Using CLI Note: This setting can also be configured from the Remote Console. Enable SMTP Notifications from the Remote Console (on page 131). Use the log > smtp menu to access to the options that can be used to configure the SMTP server and destination email addresses.
If the event log file size exceeds the available flash memory on your SX II model, the event is not saved. To avoid this, Raritan recommends you set the file size to greater than 1024 but less than 10000000. Note: Each SX II has a different amount of available flash memory.
Page 223
Chapter 6: SX II Administration Command Description Parameters event <index of event> - Event Index, use 'eventlist' eventdest Event configuration. to see index and current configurations audit <true | false> - Audit Logging, enable (true), disable (false) snmp <true | false> - SNMP Logging, enable (true), disable (false) ...
Page 224
Chapter 6: SX II Administration Command Description Parameters enable <true|false> - Logging of port data to remote Configure the logging of port nfsportlog NFS server, enable (true), disable (false) data. primaryip <primaryip> - Primary Portlog Syslog Server secondaryip <secondip> - Secondary Portlog Syslog Server ...
Chapter 6: SX II Administration Command Description Parameters enable (true), disable (false) port <number> - Ports to delete log of serialportlogdel Delete serial port log file. port <number> - Ports to modify serialportlogview View serial port log file. Decrypt Encrypted Log on Linux-based NFS Server ®...
Page 226
(escapemode=none) as escape sequence; for example, Ctrl- => escapemode=control, escapechar= escapechar char-Escape character Raritan recommends that you do not use or Ctrl- as the Escape command. Either of these may cause unintended commands, such as opening a menu, instead of invoking the Escape Command.
Page 227
Chapter 6: SX II Administration Command Description Parameters example, config port 1 exitstring logout (execute logout on exit) config port 1 exitstring #0 (disable exit string for the port). The delay is the amount of time to wait after writing the command to the target. Number in seconds up to 60.
Page 228
Chapter 6: SX II Administration Command Description Parameters escapechar - Escape character encoding - <DEFAULT/US-ASCII/ISO- 8859-1/ISO-8859-15/UTF-8/Shift-JIS/EUC- JP/EUC-CN/EUC-KR> - Target encoding type telnet - TCP port assigned for DPA via Telnet (1..65535) multiwrite <true/false> - Port set in multiple writer mode ...
Chapter 6: SX II Administration In both cases above, port 1 will have an IP assigned as 10.0.13.200, while port 2 will have 10.0.13.201, port 3 10.0.13.203, and so on. The following example configures DPA port settings for SSH and Telnet by TCP port.
Chapter 6: SX II Administration Command Description Parameters (true), disable (false) auth <common|none> - Local User Authentication: common-(Local/LDAP/RADIUS/TACACS+); none- (No authentication) (common/none) ignorecc <true/false> - Ignore CC managed mode on local port, enable (true), disable (false) kbd - Keyboard Type Configure Security Settings Using CLI Note: These settings can also be configured from the Remote Console.
Page 231
Chapter 6: SX II Administration Command Description Parameters statement can be configured using the (default 21) above command maintained on an path <path to file> - Path to Banner external FTP site. file to retrieve user <FTP username> - FTP Username ...
Page 232
Chapter 6: SX II Administration Command Description Parameters and examples Save IP Tables (v4 and v6) to iptables-save make firewall rules persistent. Enter admin > Security > loginsettings to access the menu and menu options. Command Description Parameters idletimeout Specify the amount of idle time enable <true | false>...
Page 233
Chapter 6: SX II Administration Command Description Parameters userblocking Configure user lockout mode - parameters. <disabled/timer_lockout/deactivate_userid > Set User Blocking mode (disabled/timer_lockout/deactivate_userid) timerattempts <timerattempts> - Timer Lockout Attempts lockouttime <lockouttime> - Timer Lockout Time deactivateattempts <value> - Deactivate UserID Attempts Enter admin >...
Page 234
Chapter 6: SX II Administration Command Description Parameters Generate certificate signing bits <1024 | 2048> - Bit Strength of generatecsr request. Certificate Key name <name> - Common Name (CN) country <code> - 2 Character ISO Country Code (C) state <state> - State/Province (ST) locality <locality>...
Chapter 6: SX II Administration Command Description Parameters View the certificate signing request viewcsrkey key. Delete the current certificate deletecsr signing request. Addressing Security Issues Consider doing the following in order to enhance security for console servers. SX II supports each of these, but they must be configured prior to general use.
Page 236
Chapter 6: SX II Administration Command Description Parameters Provides information about the SX deviceinfo II appliance such as build and so Displays a list of all users who are userlist logged in, as well as their source IP addresses and any ports to which they are connected.
Page 237
Chapter 6: SX II Administration Command Description Parameters address <ipaddress | hostname> - Get the audit log and store on FTP auditlogftp Address of FTP Server server. port <FTP port> - Port of FTP server (1..65535) path <path name> - FTP server path for audit log file.
Chapter 6: SX II Administration Command Description Parameters user <loginname> - Close all sessions Log a user off SX II (terminate their logoff for the specified user by name. session). session <id | all> - Close the session by identifier number or all sessions (ID/all) ...
Page 239
Chapter 6: SX II Administration Command Description Parameters Network Interface Info netif type <stats | interfaces | route> - stats interfaces Get Network Statistics netstat route ip <ipaddress | hostname> - IP Address/Hostname Ping a remote system to ping to Ping ensure it is reachable.
Page 240
Chapter 6: SX II Administration Command Description Parameters vflag <vflag> - Verbose flag (timestamp/module/thread/fileline) verbose <on|off> - Verbose control (on/off) module <module> - Module name viewstats View module status...
1. Connect an ASCSDB9F adapter to the PX2 DB9 console/modem port. Note: The adapter is purchased from Raritan. It does not come with PX or SX II appliances. 2. Plug a Cat5 cable into the ASCSDB9F adapter, then plug the other...
Chapter 7: Connect a Rack PDU to SX II and Configure Power Control Options 3. Power on the PX2 (if it is not already). The command line interface (CLI) interface appears. PX appliance SX II Connecting the SX II to the PX2 FEATURE Port In this configuration, the PX is managed from the SX II interface like any other powerstrip.
Page 243
Chapter 7: Connect a Rack PDU to SX II and Configure Power Control Options You can now add the PX as a managed power strip to the SX II. See Configure Power Strips from the Remote Console (on page 71) Configure Power Strips Using CLI (on page 196).
Appendix A Specifications In This Chapter SX II Dimensions and Physical Specifications ........237 Supported Remote Connections ............237 Supported Number of Ports and Remote Users per SX II Model ..238 Maximum Number of Users Session ............. 238 Maximum Number of Support Users Per Port ........238 Port Access Protocol Requirements ............
Appendix A: Specifications • TCP/IP • HTTP • HTTPS • RADIUS • LDAP/LDAPS • • Telnet • TACACS+ • • SNTP Supported Number of Ports and Remote Users per SX II Model Model Number of ports SX2-04 and SX2-04M SX2-08 and SX2-08M SX2-16 and SX2-16M SX2-32 and SX2-32M SX2-48 and SX2-48M...
Page 246
Port 5000 This port is used to discover other Dominion devices and for communication between Raritan devices and systems, including CC-SG for devices that CC-SG management is available. By default, this is set to Port 5000, but you may configure it to use any TCP port not currently in use.
Page 247
Appendix A: Specifications Protocol Port Communication direction RADIUS Port 1812 Outgoing If SX II is configured to remotely authenticate user logins via the RADIUS protocol, port 1812 is used and must be open. However, but the system can also be configured to use any port of your designation.
Appendix A: Specifications You may have to open additional ports when NFS logging, using LDAP servers, and so forth. These ports may vary from installation-to-installation depending on network topologies, virtual Local Area Networks (VLANs), and firewall configurations. Contact your network administrator for site-specific information and settings.
Appendix A: Specifications SX II Supported Local Port DVI Resolutions Following are the resolutions supported when connecting to a DVI monitor from the SX II local port. • 1920x1080@60Hz • 1280x720@60Hz • 1024x768@60Hz (default) • 1024x768@75Hz • 1280x1024@60Hz • 1280x1024@75Hz •...
When you physically disconnect a target from a port on an SX II, the port channel's LED turns off. • When you log in to SX II and connect to a target via either Raritan Serial Console (RSC), SSH or the Local Console, the port channel's LED blinks.
Appendix B Updating the LDAP Schema In This Chapter Returning User Group Information ............246 Setting the Registry to Permit Write Operations to the Schema ... 247 Creating a New Attribute ............... 247 Adding Attributes to the Class ............... 248 Updating the Schema Cache..............
Appendix B: Updating the LDAP Schema Setting the Registry to Permit Write Operations to the Schema To allow a domain controller to write to the schema, you must set a registry entry that permits schema updates. To permit write operations to the schema: 1.
Appendix B: Updating the LDAP Schema 3. Click New and then choose Attribute. When the warning message appears, click Continue and the Create New Attribute dialog appears. 4. Type rciusergroup in the Common Name field. 5. Type rciusergroup in the LDAP Display Name field. 6.
Page 256
Appendix B: Updating the LDAP Schema 2. Scroll to the user class in the right pane and right-click it. 3. Choose Properties from the menu. The user Properties dialog appears. 4. Click the Attributes tab to open it. 5. Click Add.
Appendix B: Updating the LDAP Schema 6. Choose rciusergroup from the Select Schema Object list. 7. Click OK in the Select Schema Object dialog. 8. Click OK in the User Properties dialog. Updating the Schema Cache To update the schema cache: ®...
Page 258
Appendix B: Updating the LDAP Schema 3. Go to the directory where the support tools were installed. Run adsiedit.msc. The ADSI Edit window opens. 4. Open the Domain. 5. In the left pane of the window, select the CN=Users folder.
Page 259
Appendix B: Updating the LDAP Schema 6. Locate the user name whose properties you want to adjust in the right pane. Right-click the user name and select Properties. 7. Click the Attribute Editor tab if it is not already open. Choose rciusergroup from the Attributes list.
Page 261
SX. The exact price difference varies model by model. Some SX II models are even less expensive than the current SX models! The Dominion SX II will replace the current What are the end-of-life plans Dominion SX. In the 4th quarter of 2015,...
Page 262
Appendix C: FAQs Dominion SX II Overview continue software support for the current SX for two years from the end-of-sales announcement date; after that there will be no more firmware releases for the current SX. CommandCenter support will likely continue past the end-of- support date.
Page 263
DTE pinout (Pin/ Signal): 1/RTS, 3/TXD, the SX II's local admin port? 4/GND, 5/GND, 6/RXD, 8/CTS. You can connect to a DB9 port on a laptop using the Raritan ASCSDB9F RJ-45(female) to DB9 (female) adapter with a Cat5 cable.
Page 264
In addition the modem itself has a firewall capability. The Dominion SX II provides multiple types How can I access the SX II when I am of at-the-rack access. To connect to a in the data center? laptop or PC you can connect to its RJ45 serial port or USB mini-B port.
Page 265
CLI. Dominion SX release 3.0 or higher supports What code-sets does the terminal VT100/VT220/VT320 and ANSI with the emulator in Dominion SX II support? following code-sets: default, US-ASCII, ISO- 8859-1, ISO-8859-15, UTF-8, Shift-JIS, EUC-JP, EUC-CN, and EUC-KR. A group of users can simultaneously access How many serial devices can be all the serial devices connected to a SX II.
Page 266
To connect to RJ45 console ports, a regular Cat5 cable can be Are adapters required? used with no adapter. Raritan also sells male and female DB9 and DB25 adapters for devices with these types of serial ports. Adapters are also available to connect to Raritan PX intelligent Rack PDU's.
Page 268
SX II. The SX II SNMP MIB is available from the Where can I get a copy of the Dominion SX II Support Page on raritan.com. It SNMP MIB for Dominion SX? is also available from the Event Management - Settings page on the web GUI.
Page 269
Appendix C: FAQs Security Yes, the Dominion SX II has rock-solid security Is the Dominion SX II secure? with military grade security features such as 256 bit AES encryption with a FIPS 140-2 mode and encryption module. The SX II has a long list of security features and each release is tested with a vulnerability scanner.
Page 270
Appendix C: FAQs User Interface & Documentation The Dominion SX II Graphical User Interface is What type of web-based user similar to the other Dominion products, providing interface does the Dominion SX II a common look-and-feel across the Dominion SX have? II, KX, KSX and KX2-101-V2.
SX II Online Help SX II online help is considered your primary help resource. Raritan Serial Console (RSC) help is provided as part of SX II online help. To use online help, Active Content must be enabled in your browser.
Contact the Documentation directly with any questions or feedback related to the online help or user guides . Email us at documentation@raritan.com, or directly from online help by doing one of the following - Use the "Send Feedback" feature in online help: •...