DL manuals
Raritan
Network Hardware
SX32
Installation And Operation Manual

Raritan SX32 Installation And Operation Manual - Chapter 1: Introduction

Other manuals for SX32: Installation And Operation Manual

Installation And Operation Manual - (page 1)

Installation And Operation Manual - (page 2)

Installation And Operation Manual - (page 3)

Installation And Operation Manual - (page 4)

Installation And Operation Manual - (page 5)

Installation And Operation Manual - (page 6)

Installation And Operation Manual - (page 7)

Installation And Operation Manual - (page 8)

Installation And Operation Manual - (page 9)

Installation And Operation Manual - (page 10)

Installation And Operation Manual - (page 11)

Installation And Operation Manual - (page 12)

Installation And Operation Manual - (page 13)

Installation And Operation Manual - (page 14)

Installation And Operation Manual - (page 15)

Installation And Operation Manual - (page 16)

Installation And Operation Manual - (page 17)

Installation And Operation Manual - (page 18)

Installation And Operation Manual - (page 19)

Installation And Operation Manual - (page 20)

Installation And Operation Manual - (page 21)

Installation And Operation Manual - (page 22)

Installation And Operation Manual - (page 23)

Installation And Operation Manual - (page 24)

Installation And Operation Manual - (page 25)

Installation And Operation Manual - (page 26)

Installation And Operation Manual - (page 27)

Installation And Operation Manual - (page 28)

Installation And Operation Manual - (page 29)

Installation And Operation Manual - (page 30)

Installation And Operation Manual - (page 31)

Installation And Operation Manual - (page 32)

Installation And Operation Manual - (page 33)

Installation And Operation Manual - (page 34)

Installation And Operation Manual - (page 35)

Installation And Operation Manual - (page 36)

Installation And Operation Manual - (page 37)

Installation And Operation Manual - (page 38)

Installation And Operation Manual - (page 39)

Installation And Operation Manual - (page 40)

Installation And Operation Manual - (page 41)

Installation And Operation Manual - (page 42)

Installation And Operation Manual - (page 43)

Installation And Operation Manual - (page 44)

Installation And Operation Manual - (page 45)

Installation And Operation Manual - (page 46)

Installation And Operation Manual - (page 47)

Installation And Operation Manual - (page 48)

Installation And Operation Manual - (page 49)

Installation And Operation Manual - (page 50)

Installation And Operation Manual - (page 51)

Installation And Operation Manual - (page 52)

Installation And Operation Manual - (page 53)

Installation And Operation Manual - (page 54)

Installation And Operation Manual - (page 55)

Installation And Operation Manual - (page 56)

Installation And Operation Manual - (page 57)

Installation And Operation Manual - (page 58)

Installation And Operation Manual - (page 59)

Installation And Operation Manual - (page 60)

Installation And Operation Manual - (page 61)

Installation And Operation Manual - (page 62)

Installation And Operation Manual - (page 63)

Installation And Operation Manual - (page 64)

Installation And Operation Manual - (page 65)

Installation And Operation Manual - (page 66)

Installation And Operation Manual - (page 67)

Installation And Operation Manual - (page 68)

Installation And Operation Manual - (page 69)

Installation And Operation Manual - (page 70)

Installation And Operation Manual - (page 71)

Installation And Operation Manual - (page 72)

Installation And Operation Manual - (page 73)

Installation And Operation Manual - (page 74)

Installation And Operation Manual - (page 75)

Installation And Operation Manual - (page 76)

Installation And Operation Manual - (page 77)

Installation And Operation Manual - (page 78)

Installation And Operation Manual - (page 79)

Installation And Operation Manual - (page 80)

Installation And Operation Manual - (page 81)

Installation And Operation Manual - (page 82)

Installation And Operation Manual - (page 83)

Installation And Operation Manual - (page 84)

Installation And Operation Manual - (page 85)

Installation And Operation Manual - (page 86)

Installation And Operation Manual - (page 87)

Installation And Operation Manual - (page 88)

Installation And Operation Manual - (page 89)

Installation And Operation Manual - (page 90)

Installation And Operation Manual - (page 91)

Installation And Operation Manual - (page 92)

Installation And Operation Manual - (page 93)

Installation And Operation Manual - (page 94)

Installation And Operation Manual - (page 95)

Installation And Operation Manual - (page 96)

Installation And Operation Manual - (page 97)

Installation And Operation Manual - (page 98)

Installation And Operation Manual - (page 99)

Page of 178

Download

Print this page

Bookmark us

HAPTER

NTRODUCTION

Chapter 1: Introduction

Dominion SX Overview

The Dominion SX Series of Serial over IP Console Servers offers convenient and secure, remote access and

control via LAN/WAN, Internet or Dial-up modem of all networking devices. Dominion SX connects to

any networking device (servers, firewalls, load balancer, etc.) via the serial port and provides the ability to

remotely and securely manage the device using any Web browser. Dominion SX provides a non-intrusive

solution for managing network elements and does not require any software agents to be installed on the

target device.

Product Photos

Dominion SX is a fully configured stand-alone product in a standard 1U high 19” rack mount chassis.

Figure 1 Dominion SX32 Unit

Product Features

Comprehensive Console Management

•

Remote Management: Access, monitor, administer, and troubleshoot up to 48 target devices

(depending on model) from any SSH-client Web browser while consuming only one IP address.

•

Scripting: Create, store and execute scripts either on demand or on a continuous basis.

•

Notification: Create notification messages via email alerts.

•

Collaborative Management and Training: Access ports simultaneously; up to 10 users per port at any

time.

•

SecureChat™: “Instant message” other SSL users securely and collaborate on device management,

troubleshooting, and training activities.

•

Get History: Get up to 64 KB of recent console history to assist with debugging.

•

VT100 Console Window: View VT100/ANSI terminal emulation including copy/paste and

record/playback functionality.

•

Local port access

•

Telnet

•

SNMP traps

•

SYSLOG

•

Logging to NFS Server

•

Three Levels of User Access:

−

Administrator

: Has read and write access to the console window; can modify the configuration of

unit.

−

Operator

: Has read and write access to the console window; cannot modify the configuration of

unit (except own password).

« ‹ Prev 8 9 10 11 12 13 14 Next › »

Summary of SX32

Page 1
Installation and operations manual dominion sx series raritan computer inc. 400 cottontail lane somerset, nj 08873 usa tel. 1-732-764-8886 fax. 1-732-764-8887 e-mail: sales@raritan.Com http://www.Raritan.Com raritan computer europe, b.V. Eglantierbaan 16 2908 lv capelle aan den ijssel the netherland...
Page 2
This page intentionally left blank..
Page 3
Copyright and trademark information this document contains proprietary information that is protected by copyright. All rights reserved. No part of this document may be photocopied, reproduced, or translated into another language without express prior written consent of raritan computer, inc. ©copyri...
Page 4
This page intentionally left blank..
Page 5: Contents
C ontents i contents chapter 1: introduction .................................................................. 1 dominion sx overview ..............................................................................................................1 product photos..........................................
Page 6
Ii c ontents chapter 5: using the command line interface with secure shell and telnet..................................................................................... 69 secure shell (ssh) access .......................................................................................................
Page 7
C ontents iii appendix g: modem configuration............................................. 131 client dialup networking configuration .................................................................................131 windows nt dialup networking configuration .........................................
Page 8: Figures
Iv f igures figures figure 1 dominion sx32 unit...........................................................................................................................1 figure 2 rear panel of 32-port single power supply model ..........................................................................
Page 9
F igures v figure 52 view self-signed certificate display..............................................................................................50 figure 53 activating default certificate ............................................................................................................
Page 10
Vi f igures figure 106 unit selection display per user .................................................................................................129 figure 107 ldap configuration screen .......................................................................................................130 ...
Page 11: Chapter 1: Introduction
C hapter 1: i ntroduction 1 chapter 1: introduction dominion sx overview the dominion sx series of serial over ip console servers offers convenient and secure, remote access and control via lan/wan, internet or dial-up modem of all networking devices. Dominion sx connects to any networking device (s...
Page 12
2 d ominion sx i nstallation and o perations m anual − observer : has read-only access to the console window; cannot modify the configuration of unit (except own password). Strong security and user-authentication • sshv2 support. • encryption security: 128-bit secure socket layer (ssl) handshake pro...
Page 13: Chapter 2: Installation
C hapter 2: i nstallation 3 chapter 2: installation beginning with the dominion sx release 2.5, there are two ways of completing the initial network installation of the dominion sx – via ethernet (with an installation computer), and via a serial cable with a vt100/equivalent, e.G., a pc with hyperte...
Page 14
4 d ominion sx i nstallation and o perations m anual hardware installation figure 2 rear panel of 32-port single power supply model physical installation of dominion sx for initial configuration: 1. Obtain a computer with a network card and crossover network cable. This computer will be referred to ...
Page 15
C hapter 2: i nstallation 5 example: route add 192.168.0.192 15.128.122.12 -interface 8. On the command line interface, type: ping 192.168.0.192. A. If this command successfully produces a reply from the dominion sx unit, please proceed to step 9. B. If this does not produce a reply, verify that the...
Page 16
6 d ominion sx i nstallation and o perations m anual initial configuration 1. Disable proxies in the installation computer web browser. Use “no proxies” or temporarily add 192.168.0.192 to the list of urls for which no proxy is configured. 2. Enable java applet execution in the installation computer...
Page 17
C hapter 2: i nstallation 7 dominion sx initial configuration can also be performed through cli; please see chapter 4: console features, factory reset for additional information. 1. Initially, you must change the administrator password. Access the unit through your web browser on an installation com...
Page 18
8 d ominion sx i nstallation and o perations m anual 4. Click on the [ configuration ] button in the left navigation panel to view the configuration screens, and then click on the time tab to configure the current date and time. Features such as certificate generation depend on the correct timestamp...
Page 19
C hapter 2: i nstallation 9 11. Click on the [ save ] button. A confirmation window will appear; click [ ok ] to accept all data, or click [ cancel ] to return to the configuration screens. Figure 9 confirm save window 12. If you click [ok], dominion sx must reboot. A confirmation window will appear...
Page 20
10 d ominion sx i nstallation and o perations m anual deployment after the initial software configuration phase, a dominion sx unit is configured for operation on the lan. Figure 10 deployment 1. Ensure that you have an ethernet cable connected to the network for use with the unit. 2. Physically mou...
Page 21: Chapter 3: Operation
C hapter 3: o peration 11 chapter 3: operation overview once the dominion sx unit has been deployed in its final destination, you can access the console of the target device. This chapter explains the normal operational procedures. Accessing the remote device the remote device can be accessed in one...
Page 22
12 d ominion sx i nstallation and o perations m anual 3. When the login screen appears, enter your login name and password, and click on the [ login ] button. Please note that multiple logins using the same login name are permitted. Figure 12 login display 4. When the main display page appears, clic...
Page 23
C hapter 3: o peration 13 security dialog for console display raritanconsole, an applet included with your dominion sx unit, is designed to enable access to your computer’s resources, including the default code set preferences. Internet explorer before the raritanconsole window appears, a security w...
Page 24
14 d ominion sx i nstallation and o perations m anual netscape navigator raritanconsole loads without displaying a security warning window. When actions that require user permissions are performed, a security dialog will appear. Each operation requires a unique permission. Once permissions are grant...
Page 25: Chapter 4: Console Features
C hapter 4: c onsole f eatures 15 chapter 4: console features there are six drop-down menus available in the menu bar of the console window: • emulator • edit • chat • tools • script • help emulator settings the settings window displays the terminal type and cursor type for the console window. • the...
Page 26
16 d ominion sx i nstallation and o perations m anual history the history feature allows you to view the recent history of console sessions by displaying the console messages to and from the target device. This function displays up to 64 kilobytes of recent console message history, allowing a user t...
Page 27
C hapter 4: c onsole f eatures 17 write access the user with write access can send commands to the target device. Write access can be transferred among users working in raritanconsole via the get write access command from the emulator drop-down menu. To obtain write access: 1. Click on emulator in t...
Page 28
18 d ominion sx i nstallation and o perations m anual sending a break/null to get access to a certain commands, sun solaris servers require a null character (break) to be sent from the console to get to an ok prompt. This is the equivalent of issuing a stop-a from the sun keyboard. Only users with o...
Page 29
C hapter 4: c onsole f eatures 19 user list the user list command allows you to view a list of other users who are accessing the same port. An asterisk (*) appears before the user who has write access to the console. To view the user list: 1. Click on emulator in the main menu. 2. Select user list f...
Page 30
20 d ominion sx i nstallation and o perations m anual close to close raritanconsole: 1. Click on emulator in the main menu. 2. Select close from the drop-down menu. Figure 23 close command.
Page 31
C hapter 4: c onsole f eatures 21 edit use the copy, paste , and select all text commands to relocate and / or re-use important text. Figure 24 edit commands - copy, paste, and select all text to copy and paste all text: 1. Click on edit in the main menu. 2. Select select all text from the drop-down...
Page 32
22 d ominion sx i nstallation and o perations m anual tools raw console data from the target device can be logged to a file in your computer. The logging indicator on the status bar indicates whether logging is on or off. Start logging 1. Click on tools in the main menu. 2. Select start logging from...
Page 33
C hapter 4: c onsole f eatures 23 stop logging 1. Click on tools in the main menu. 2. Select stop logging from the drop-down menu. Figure 26 stop logging command logging is on until the stop logging command is executed..
Page 34
24 d ominion sx i nstallation and o perations m anual script raritanconsole supports tcl version 7.0, an industry standard scripting engine. Using tcl scripting capabilities, system administrators can create their own conditions for event detection, and generate customer-specific notifications and a...
Page 35
C hapter 4: c onsole f eatures 25 securechat when using ssl (browser access), a real-time interactive chat feature called securechat provides you and other users who are accessing the console port of the target device to conduct an online dialog for training or collaborative diagnostic activities. T...
Page 36
26 d ominion sx i nstallation and o perations m anual help help topics include on-line assistance for operating raritanconsole and the console window, and release information about raritanconsole. Help topics to access help topics: 1. Click on help in the main menu. 2. Select help topics from the dr...
Page 37
C hapter 4: c onsole f eatures 27 about raritanconsole the ‘about’ window displays version information (name and revision number) for the console terminal emulation software, and copyright information. When contacting raritan for technical support when performing a software upgrade, etc., you may be...
Page 38
28 d ominion sx i nstallation and o perations m anual direct port access this approach provides a quick and direct method of connecting to the console port in order to access unit programmability or the console of the target device directly. There are two ways to access the target device console dir...
Page 39
C hapter 4: c onsole f eatures 29 url with port number 1. Type the following url into the browser's location bar: https:///dpa.Htm − ipaddress : this is the ip address of the unit. This can be either the actual ip address of the unit or ipaddress assigned for a modem. − “ portnumber ”: port number f...
Page 40
30 d ominion sx i nstallation and o perations m anual exit the application click on the [ exit ] button in the left panel of the dominion sx window to exit dominion sx. If changes to the configuration have been made but not saved, a screen will prompt you to save changes and log out of the unit. Cli...
Page 41
C hapter 4: c onsole f eatures 31 a confirmation screen will indicate disconnection from the unit. Figure 37 unit disconnection display.
Page 42
32 d ominion sx i nstallation and o perations m anual dominion sx management some advanced features are configured through a command line interface (cli) using ssh (and telnet, if enabled). Aside from providing the capability to manage a remote target device, dominion sx has a number of powerful bui...
Page 43
C hapter 4: c onsole f eatures 33 • configuration tabs : displays several screens in which the user configures different elements of the application • configuration save commands : used to save or ignore changes made to configuration configuration lock and the configuration save commands dominion sx...
Page 44
34 d ominion sx i nstallation and o perations m anual note: when you make changes to network settings on this screen, a warning message alerts you that the system will automatically reboot when you save your changes. Changing modem settings does not require a system reboot. 8. A success message appe...
Page 45
C hapter 4: c onsole f eatures 35 configuration report overview the report configuration screen displays detailed information on how the dominion sx has been configured, which can be useful if debugging or troubleshooting. This information is accessible only by administrators. • system time and date...
Page 46
36 d ominion sx i nstallation and o perations m anual network overview the network configuration screen provides an area for administrators to define both the network and modem (optional) settings for the unit. Figure 40 sample of network configuration display some dominion sx units come equipped wi...
Page 47
C hapter 4: c onsole f eatures 37 tcp/ip network may be set to listen to broadcasts on this address; if this is the case, it can be configured to use another port address. However, this port address must match the port address specified by the cc administrator; otherwise the dominion sx unit will no...
Page 48
38 d ominion sx i nstallation and o perations m anual modem usage dial-up connection support for the unit allows users to access the connected target device when normal network connectivity to dominion sx is not available. Once the ppp connection is established between the client computer and the un...
Page 49
C hapter 4: c onsole f eatures 39 figure 43 port editing display configure port parameters • name : name that associates the serial port with the connected target device; can be up to 64 characters in length and must be unique from the other port names (only 20 characters are displayed on port acces...
Page 50
40 d ominion sx i nstallation and o perations m anual users overview the users configuration screen provides a place to define a user list with appropriate unit access permissions. There are three classes of users, each with different rights: • administrators : can view and modify all configuration ...
Page 51
C hapter 4: c onsole f eatures 41 • password : authentication password; alphanumeric text, 6 – 16 characters in length (mandatory) • ports : list of ports that the user can access; by default, administrators are given access to all ports, and can assign ports to operators and observers • configure i...
Page 52
42 d ominion sx i nstallation and o perations m anual edit existing user information only administrators can edit all user information (except login name ). Observers and operators cannot change any user information, except their own passwords, which they can change using cli. If the user is logged ...
Page 53
C hapter 4: c onsole f eatures 43 ip acl important: please make absolutely certain that all ip addresses have been entered correctly before enabling ip acl. If not, you may be locked out of the unit and be unable to access the unit in the future; the only way to restore access to the unit is to perf...
Page 54
44 d ominion sx i nstallation and o perations m anual browser – graphical user interface (gui) the dominion sx gui provides a front end to the iptables. Figure 47 inserting a rule into the browser-based ip acl configuration screen. Figure 48 gui user interface we recommend the following link for lea...
Page 55
C hapter 4: c onsole f eatures 45 the dominion sx gui command buttons assist in editing the dominion sx configuration: insert insert a new rule, e.G., rule 0 denies access from all ip addresses in the range 192.168.2.10 to 192.168.2.255, and will not log the activity. Append allows administrator to ...
Page 56
46 d ominion sx i nstallation and o perations m anual ssh/telnet – command line interface (cli) user interface for configuring ip-acls important: Æ make certain that the ip address from which you are connected to the dominion sx is not accidentally entered into the ip acl deny list (“allow=no”); if ...
Page 57
C hapter 4: c onsole f eatures 47 aclcfg clear remove all the ipacl rules current in the list. Aclcfg move move the ipacl rule at to . Aclcfg delete [pos2] delete can have one or two parameters, if there is one parameter, then this command will delete the rule at . If there are two parameters, then ...
Page 58
48 d ominion sx i nstallation and o perations m anual certificate overview the certificate configuration screen provides an area for administrators to define security parameters. Dominion sx supports certificate-based server authentication to establish an encrypted ssl session and to assure the user...
Page 59
C hapter 4: c onsole f eatures 49 • user certificate and active default certificate. • pending csr and active default certificate figure 50 certificate configuration display default certificate the unit ships with a 1024-bit self-signed certificate signed by raritan. When a user powers up the unit f...
Page 60
50 d ominion sx i nstallation and o perations m anual generate default certificate this function is used when the certificate has expired and a new one is needed. 1. Click on the [ generate default certificate ] button. 2. When the confirmation window appears, confirm that the correct date is displa...
Page 61
C hapter 4: c onsole f eatures 51 activate default certificate this button is active only when a user certificate is installed and active on the unit. When you click on the [ activate default certificate ] button, the default certificate generated by raritan becomes active. The unit will reboot and ...
Page 62
52 d ominion sx i nstallation and o perations m anual figure 55 csr configurable parameters the first three fields in this screen are required; the other fields are optional: • key strength : 512, 1024, or 2048 • certificate validity period : in days, two years maximum • common name : fully qualifie...
Page 63
C hapter 4: c onsole f eatures 53 user certificate (install server certificate) this function allows the user to install a certificate from various certificate authorities (ca) such as verisign, thawte, and baltimore. If you do not want to use the certificate generated by the unit, you can obtain on...
Page 64
54 d ominion sx i nstallation and o perations m anual radius overview the radius configuration screen allows administrators to modify information regarding radius, or the remote authentication dial-in user service, an access server authentication, authorization, and accounting protocol developed by ...
Page 65
C hapter 4: c onsole f eatures 55 radius users are treated differently from local users only until authentication comes from the radius server. Once the radius server authenticates a particular user, this radius user enjoys the same privileges as any other local user. When radius, ldap, or tacacs ar...
Page 66
56 d ominion sx i nstallation and o perations m anual enabling radius every unit has to be configured for radius communication to obtain authentication from the radius server. Administrators should log on to the unit as any non-radius user, and then configure the unit following these steps to obtain...
Page 67
C hapter 4: c onsole f eatures 57 usage once you are logged on to the unit as a radius user, you can check your login name in the current users list in the left panel. This list contains a list of radius and as well as non-radius users currently logged-in to the unit. Figure 62 current users list if...
Page 68
58 d ominion sx i nstallation and o perations m anual time overview the time configuration screen is important for modifying the time, date, time zone, and ntp server address in the dominion sx unit. Some features in dominion sx, for example, certificate generation, depend on the correct timestamp, ...
Page 69
C hapter 4: c onsole f eatures 59 notification overview the notification configuration screen allows an administrator to set up notification schemes based on events that occur on the target device. Notification events are sent out as email messages. It is possible to convert the email service to a p...
Page 70
60 d ominion sx i nstallation and o perations m anual add a new notification 1. Click on the [ new ] button. 2. Select the desired event from the event name drop-down list, for which an email is to be generated. The event list contains events predefined by raritan. To subscribe to a user-defined eve...
Page 71
C hapter 4: c onsole f eatures 61 edit a notification entry 1. Select the entry to be modified. 2. Click on the [ edit ] button. 3. Make changes to the entry in the fields that appear in the lower portion of the screen. 4. Click on the [ update ] button. 5. Click on the [ save ] button. Figure 66 ed...
Page 72
62 d ominion sx i nstallation and o perations m anual dominion sx standard notification events the following is a list of standard events with their descriptions. Event name description event.Amp event.Amp.Notice event.Amp.Notice.Boot unit has successfully booted. Event.Amp.Notice.Reboot unit has be...
Page 73
C hapter 4: c onsole f eatures 63 upgrade the upgrade feature allows an administrator to upgrade the dominion sx unit's firmware/application to a newer version of firmware. Firmware and application upgrades preserve user-defined settings, so the unit does not need to be re-configured after the upgra...
Page 74
64 d ominion sx i nstallation and o perations m anual to upgrade the application: dominion sx has the ability to run different applications on each port; raritan has a library of applications available for purchase, please contact us for more information. To load these applications into the unit for...
Page 75
C hapter 4: c onsole f eatures 65 reset soft reset only an administrator can execute a soft reset by clicking on the [ reset ] button in the left panel of the main window. This resets the unit, logs off all the logged-in users and exits the application. A list of logged-in users who will be logged o...
Page 76
66 d ominion sx i nstallation and o perations m anual factory reset you may want to perform a factory reset, or hard reset, to the dominion sx unit to revert the configuration to known defaults. This is useful if the ip address of the unit is no longer known. Using the following procedure, the netwo...
Page 77
C hapter 4: c onsole f eatures 67 the procedure for performing a factory reset varies depending on the model. For sx16 and sx32 units, the procedure is as outlined below. (for sx4, sx8, and other models with a reset switch, please see the paragraph that follows): 1. Power off the dominion sx unit. 2...
Page 78
68 d ominion sx i nstallation and o perations m anual.
Page 79: With Secure Shell and Telnet
C hapter 5: u sing the c ommand l ine i nterface with s ecure s hell and t elnet 69 chapter 5: using the command line interface with secure shell and telnet secure shell (ssh) access using a secure shell (ssh) client, you can connect and get direct access to the remote target device’s console ports....
Page 80
70 d ominion sx i nstallation and o perations m anual administrators have access to the following commands currently supported with ssh. Please note that the commands are case sensitive: 1. Console_cmd : connect to a serial console target. This command accepts a port number to which the user wants t...
Page 82
72 d ominion sx i nstallation and o perations m anual quit: leave the current command context. Dominion:command>port dominion:port> help detect: enable/disable the port disconnection detection. [] help: display help for all commands or one in particular. [command] quit: leave the current command con...
Page 84
74 d ominion sx i nstallation and o perations m anual escape character is ctrl-\ user [admin] is now master [write access allowed] for this port. [now user can access serial target connected to port 2 of dominion sx] user name [test] type [help] for all commands test:command>? Console_cmd [w] list_p...
Page 86
76 d ominion sx i nstallation and o perations m anual warning: time of day goes back (-8553us), taking countermeasures. 64 bytes from 192.168.50.66: icmp_seq=1 ttl=64 time=4.79 ms 64 bytes from 192.168.50.66: icmp_seq=2 ttl=64 time=0.691 ms 64 bytes from 192.168.50.66: icmp_seq=3 ttl=64 time=0.692 m...
Page 87
C hapter 5: u sing the c ommand l ine i nterface with s ecure s hell and t elnet 77 phone: get/set a user's dial-back phone number (in digits only). Pre-requisite modem is enabled and dialback is also enabled. Login [phone number] modem: enable/disable modem and ppp settings. [][server ip] [client i...
Page 88
78 d ominion sx i nstallation and o perations m anual admin:network> ? Etherspeed: force the network speed [] failover: enable/disable network failover [enable/disable] network: get/set network parameters. [name name] [domain name] [ip ip] [mask mask] [gw gateway] [port port] [discover port] help: d...
Page 89
C hapter 5: u sing the c ommand l ine i nterface with s ecure s hell and t elnet 79 port# portname [1] port1 [2] port2-sun [3] port3 [4] port4 [5] port5 [6] port6 serial port 2 connected. Escape character is ctrl-\ user [admin] is now master [write access allowed] for this port. Note: after the seri...
Page 90
80 d ominion sx i nstallation and o perations m anual.
Page 91
C hapter 6: a uthentication and a uthorization 81 chapter 6: authentication and authorization if you selected ldap as your remote authentication protocol, use the steps in the following section, implementing ldap remote authentication, to complete fields in the ldap tab. 1. Before starting the confi...
Page 92
82 d ominion sx i nstallation and o perations m anual tacacs+ server configuration • the dominion sx requires a new service to be added and two argument-value pairs to be returned by the server. The new service is called dominionsx . The valid authorization parameters are port-list and user-type . •...
Page 93
C hapter 6: a uthentication and a uthorization 83 cisco secure acs: these instructions have been written for version 3.2. Please refer also to the following url: http://cisco.Com/en/us/products/sw/secursw/ps2086/products_user_guide_chapter09186a008007cd49.Html #12231 1. Allow new services. A. Select...
Page 94
84 d ominion sx i nstallation and o perations m anual.
Page 95: Chapter 7: Logging
C hapter 7: l ogging 85 chapter 7: logging nfs per port logging configuration usage name nfsportlog enable/disable/status > [ [ ] ] description set the configuration parameters for logging all port activity to a nfs shared directory. All user activity and user port login/logouts are logged. Nfsportl...
Page 96
86 d ominion sx i nstallation and o perations m anual nfs server setup the nfs server must have the exported directory with write permission for the port logging to work. Because the per-port logging application runs at a privileged level, the nfs server used must also be set up to allow root access...
Page 98
88 d ominion sx i nstallation and o perations m anual tanaka:command> snmp del 10.0.0.56 78 any snmp configuration changes require rebooting to take effect. Tanaka:command> snmp enabled: n community: public trap destinations: 10.0.0.125 6.6.6.6 tanaka:command> snmp enable any snmp configuration chan...
Page 100
90 d ominion sx i nstallation and o perations m anual note: if the user issues the command lpa enable after changing the default port speed, the next time the command lpa enable is used without the optional port speed parameter, the port speed last set, e.G., 38400, will be used as a default; to ove...
Page 101
C hapter 9: s ystem c onfiguration 91 example: tanaka:command> service telnet enabled: no ssh enabled: yes tanaka:command> service telnet enable the system will need to be rebooted for changes to take effect. Tanaka:command> service ssh disable the system will need to be rebooted for changes to take...
Page 102
92 d ominion sx i nstallation and o perations m anual.
Page 103: Appendix A: Specifications
A ppendix a: s pecifications 93 appendix a: specifications item dimensions (w) x (d) x (h) weight power sx4 11.34” x 10.7” x 1.75” 288 x 270 x 44mm 4.61 lbs (2.08 kg) 110/220v auto-switching: 50-60 hz dsxb-4- dc 11.34" x 10.7" x 1.75" 288 x 270 x 44mm 4.61 lbs (2.08 kg) dsxb-4- dcm 11.34" x 10.7" x ...
Page 104
94 d ominion sx i nstallation and o perations m anual browser requirements (tested) platform browser netscape 7.0 win 2k - sun jre 1.4.2 netscape 7.1 win 2k - sun jre 1.4.2 mozilla 1.6 win 2k - sun jre 1.4.2 ie 6.0 win xp - ms vm netscape 7.0 win xp - sun jre 1.4.2 netscape 7.1 win xp - sun jre 1.4....
Page 105
A ppendix a: s pecifications 95 dominion sx serial pinouts the rj45 connector on the rear of the unit has the following pinout: rj45 pin signal 1 rts 2 dtr 3 txd 4 gnd 5 signal gnd 6 rxd 7 dsr 8 cts.
Page 106
96 d ominion sx i nstallation and o perations m anual.
Page 107: Appendix B: System Defaults
A ppendix b: s ystem d efaults 97 appendix b: system defaults dominion sx system defaults, as shipped from raritan, are defined in the table below. I tem d efault ip address 192.168.0.192 subnet mask 255.255.255.0 port address 51000 port address for cc discovery 5000 factory default username admin f...
Page 108
98 d ominion sx i nstallation and o perations m anual.
Page 109: Appendix C: Certificates
A ppendix c: c ertificates 99 appendix c: certificates certificate a certificate is an electronic document that is used to identify an individual, a server, or some other entity and to associate that identity with the public key. Certificate contents this section discusses certificate contents and t...
Page 110
100 d ominion sx i nstallation and o perations m anual certificate authority certificates are issued by certificate authorities (cas), such as verisign, thawte, baltimore, and others. These certificate authorities validate the identity of the individual/entity before issuing the certificate. A certi...
Page 111
A ppendix c: c ertificates 101 installing dominion sx ca-root certificate to a browser the ca root certificate generated in the dominion sx unit must be installed in the browser in order for the browser to trust the server certificate . When the user connects to the dominion sx unit by entering the ...
Page 112
102 d ominion sx i nstallation and o perations m anual installing ca root for ie browsers each time you access an ssl-enabled dominion sx unit, you will see a new site certificate window. Eliminate this window’s appearance by either accepting a session certificate permanently or by installing the ap...
Page 113
A ppendix c: c ertificates 103 6. Open the ca_root.Cer file by double-clicking on it. This will open the certificate. Figure 76 view of ca_root.Cer 7. Click on the [ install certificate ] button to start the certificate manager import wizard. Figure 77 certificate manager import wizard 8. Click on t...
Page 114
104 d ominion sx i nstallation and o perations m anual 9. Select the certificate store , the system area where the certificates are stored. If you do not want the certificate manager to select the certificate store automatically, click on the place all certificates into the following store radio but...
Page 115
A ppendix c: c ertificates 105 remove an accepted certificate removing a certificate that you have previously accepted from the unit is the same process whether removing an raritan default certificate or a user-installed third-party certificate. 1. Open ie and select tools Æ internet options from th...
Page 116
106 d ominion sx i nstallation and o perations m anual install ca root for netscape navigator each time you access an ssl-enabled dominion sx unit, you will see a new site certificate window. Eliminate this window’s appearance by either accepting a session certificate permanently or by installing th...
Page 117
A ppendix c: c ertificates 107 install the dominion sx root certificate install the raritan root certificate in netscape navigator to eliminate the new site certificate window from appearing whenever you access any ssl-secured dominion sx unit. 1. Open netscape navigator and connect to the unit. Ent...
Page 118
108 d ominion sx i nstallation and o perations m anual c. Mime type : enter application/x-x509-ca-cer d. Application to use : click on the [ browse ] button and locate the netscape navigator executable, netscape.Exe , on your hard drive. Select this executable and click on the [ open ] button. The p...
Page 119
A ppendix c: c ertificates 109 remove an accepted certificate removing a previously accepted certificate from a dominion sx unit uses the same process whether removing a raritan default certificate or removing a user-installed third-party certificate. 1. Open netscape navigator and click on either t...
Page 120
110 d ominion sx i nstallation and o perations m anual install a third-party root certificate if you have installed a third-party certificate on the unit, you can obtain its corresponding root certificate from the certificate authority that provided you with a certificate. These instructions can be ...
Page 121
A ppendix c: c ertificates 111 5. Return to the ca’s website and try to download the root certificate again. Note: if an error message appears, it indicates that the certificate deleted from the list in the netscape security settings may not have been the correct one. Please go back to the list and ...
Page 122
112 d ominion sx i nstallation and o perations m anual.
Page 123: Appendix D: Radius Server
A ppendix d: radius s erver 113 appendix d: radius server note: this section has been provided for reference only. Please consult your local system administrator for exact implementation details. Overview the details of installing and configuring the radius server software will depend on the server ...
Page 124
114 d ominion sx i nstallation and o perations m anual − if the radius server is not configured for vendor-specific type or it fails to follow the above specifications, the value specified for the service-type will determine the privileges to be given to the user. In this case, the user will be give...
Page 125
A ppendix d: radius s erver 115 d. Register radius client the client file installed in the radius server must be modified. This flat file stores information about radius clients, including ip addresses and shared secrets; the shared secrets must be protected from casual access. Every client trying t...
Page 126
116 d ominion sx i nstallation and o perations m anual (1) click on the [ advanced ] button and add vendor-specific for raritan . Please use vendor code = 8267 and enter string in the following format: (a) ip address of the dominion sx unit separated by a ‘:’. (b) privileges to be given to the user ...
Page 127
A ppendix d: radius s erver 117 f. Select requests to be logged 1. Open ias. 2. In the console tree, click on remote access logging . 3. In the details pane, right-click on local file and select properties . 4. Click on the settings tab and select one or more check boxes for recording authentication...
Page 128
118 d ominion sx i nstallation and o perations m anual h. Enable the routing and remote access service if this server is a member of a windows 2000 active directory domain and you are not a domain administrator, your domain administrator must add the computer account of this server to the ras and ia...
Page 129
A ppendix d: radius s erver 119 k. Add a user account 1. Open active directory users and computers. 2. In the console tree, double-click on the domain node. 3. In the details pane, right-click on the organizational unit to which you want to add the user, point to new and select user . 4. In the firs...
Page 130
120 d ominion sx i nstallation and o perations m anual g. Click on the [ add ] button. H. Click on the appropriate group and click on the [ ok ] button. After these steps are executed, a new user can connect to the nas device and ias will look at the user name, find the group in which it is a member...
Page 131: Server
A ppendix e: c onfiguring c isco acs radius s erver 121 appendix e: configuring cisco acs radius server use the following procedure to configure the cisco radius server so that you can work with dominion sx. It is assumed here that administrators are familiar with setting up and configuring the radi...
Page 132
122 d ominion sx i nstallation and o perations m anual 3. Click on the [ interface configuration ] button in the left panel of the screen. Figure 93 interface configuration display 4. Click on the radius (ietf) link to edit properties. Under the user heading, click on the check boxes before service-...
Page 133
A ppendix e: c onfiguring c isco acs radius s erver 123 6. To edit existing users, click on the [user setup] button in the left panel of the screen. Click on the [ list all users ] button and select a user from the list. Figure 95 new user display 7. Once you have selected a user, on the user proper...
Page 134
124 d ominion sx i nstallation and o perations m anual.
Page 135
A ppendix f: rsa ace/s erver c onfiguration 125 appendix f: rsa ace/server configuration this section provides guidelines for configuring the rsa ace/server 5.0 so that secureid can be used as the authentication mechanism. Users in an ace server native database can log on to dominion sx units instal...
Page 136
126 d ominion sx i nstallation and o perations m anual 3. Define and configure all dominion sx units. Figure 99 add agent host display a. Name : name of the agent host; must be a primary name or alias listed in the local host file or dns server. If an alias is entered, the primary name of the agent ...
Page 137
A ppendix f: rsa ace/s erver c onfiguration 127 4. Select profile → add profile in the main menu. Figure 101 add profile selection 5. In the add profile window, assign an appropriate name to identify the desired profile, such as raritan- administrator. Figure 102 add profile display 6. Scroll throug...
Page 138
128 d ominion sx i nstallation and o perations m anual 7. Click on the [ ok ] button to save the changes, then click on the [ ok ] button in the add profile window to return to the main menu. Figure 103 add attribute display note: only the user’s role can be controlled on the dominion sx units using...
Page 139
A ppendix f: rsa ace/s erver c onfiguration 129 9. Click on the [ assign profile ] button and select the appropriate profile from the select profile window. Only one profile can be assigned to each user. Click on the [ ok ] button. Figure 105 profile selection display 10. To control access to specif...
Page 140
130 d ominion sx i nstallation and o perations m anual lightweight directory access protocol (ldap) using dominion sx software revision 2.1 or higher, your dominion sx unit can authenticate users via ldap/s (ldap secure). If your dominion sx unit does not have revision 2.1, upgrade via the upgrade f...
Page 141
A ppendix g: m odem c onfiguration 131 appendix g: modem configuration client dialup networking configuration configuring microsoft windows dialup networking for use with dominion sx allows configuration of a pc to reside on the same ppp network as the dominion sx. After the dial-up connection is es...
Page 142
132 d ominion sx i nstallation and o perations m anual 3. The new phonebook entry window allows you to configure the details of this connection. Click on the basic tab and complete the following fields: a. Entry name : name of the dominion sx connection b. Phone number : phone number of the line att...
Page 143
A ppendix g: m odem c onfiguration 133 windows 98 dialup networking configuration 1. Select start → programs → accessories → communications → dialup networking . 2. Double-click on the make new connection icon in the dialup networking window to launch it. Figure 111 configuring windows 98 dialup net...
Page 144
134 d ominion sx i nstallation and o perations m anual f. The next window will inform you that you have successfully created the dialup networking connection. Figure 113 make new connection – complete g. Click on the [ finish ] button and an icon will appear in the dialup networking window. 4. Doubl...
Page 145
A ppendix g: m odem c onfiguration 135 windows 2000 dialup networking configuration 1. Select start → programs → accessories → communications → network and dial-up connections . 2. When the network and dial-up connections window appears, double-click on the make new connection icon. Figure 115 windo...
Page 146
136 d ominion sx i nstallation and o perations m anual 4. Click on the dial-up to private network radio button and click on the [ next ] button. Figure 117 network connection type 5. Click on the check box before the modem that you want to use to connect to the dominion sx unit and then click on the...
Page 147
A ppendix g: m odem c onfiguration 137 6. Click in the use dialing rules check box and enter the area code and phone number you wish to dial in the fields. Click on the [ next ] button. Figure 119 phone number to dial 7. In the connection availability screen, click on the only for myself radio butto...
Page 148
138 d ominion sx i nstallation and o perations m anual 8. The network connection has been created, and you can complete set-up of the dial-up connection by entering the name of the dial-up connection. Figure 121 network connection wizard completion 9. Click on the [ finish ] button. 10. To connect t...
Page 149
A ppendix h: tcl p rogramming g uide 139 appendix h: tcl programming guide disclaimer: the information contained in this section is subject to change without notice. Raritan shall not be liable for errors contained herein or for incidental or consequential damages in connection with the furnishing, ...
Page 150
140 d ominion sx i nstallation and o perations m anual − internal buffers are circular buffers; 64kbytes. − the buffer uses the fifo storage method. − a data stream methodology for data retrieval is used and there is no random access capability. Extensions have been made to the tcl framework to enab...
Page 151
A ppendix h: tcl p rogramming g uide 141 amppermission, amplisten and ampresponse are commands to enable a tcl script to interact with other tcl users. • amppermission − on will enforce permission checking. − off will allow observers and operators to access tcl. • amplisten − remember who sent the c...
Page 152
142 d ominion sx i nstallation and o perations m anual cd change the current directory to the new directory specified. This command will take a relative path or an absolute path. /ata and system related directories are not accessible. Del delete specified file name tcl commands the tcl interpreter i...
Page 153
A ppendix h: tcl p rogramming g uide 143 accessing tcl window the tcl interpreter can be accessed through raritanconsole using the script menu selection, as described in chapter 4: console features . The tcl prompt is “%”. The command(s) to be executed must be entered after the prompt. The result wi...
Page 154
144 d ominion sx i nstallation and o perations m anual the prompt does not return if the script contains forever-loops, but the shell is active (listening) and will take input if the script is designed to accept them. Automatic execution of a tcl script upon power up for a tcl script to be executed ...
Page 155
A ppendix h: tcl p rogramming g uide 145 generating a user event tcl scripts are a powerful tool for performing true device management, in the form of customer-defined monitoring and notification of events. A sample script is shown below: #this script performs the monitoring of http servers. Proc ps...
Page 156
146 d ominion sx i nstallation and o perations m anual extensions to tcl various extensions have been incorporated into tcl to support functions to interact with the raritanconsole unit. The command info comm amp (executed in a script shell window) lists all the commands that are supported. Ampsetco...
Page 157
A ppendix h: tcl p rogramming g uide 147 possible error condition: % ampsetconfiguration network portaddress 2398 tcl cannot write to the configuration: locked by john smith this denotes that there is a user that is viewing/modifying the configuration of the unit and the command cannot modify the co...
Page 158
148 d ominion sx i nstallation and o perations m anual ampadduser creates a new user account or edit an existing user account. The last argument is optional. Usage: ampadduser [information] • loginname : user login name • function : type of user (administrator, operator, observer) • user_name : name...
Page 159
A ppendix h: tcl p rogramming g uide 149 ampreset reboots the unit. All users are disconnected. Usage: ampreset ampupgrade upgrades the unit. Ip_address specifies the server to obtain the file specified by file_path. If the login and password are specified they are used by ftp. If they are not speci...
Page 160
150 d ominion sx i nstallation and o perations m anual ampsetipacl add adds an ip address to the ip acl list. Usage: ampsetipacl add • ip_address : ip address to be added to the list • subnet_mask : subnet mask % ampsetipacl add 10.0.1.120 255.255.0.0 set ip acl successful % ampsave save complete % ...
Page 161
A ppendix h: tcl p rogramming g uide 151 ampgetsubscription returns a string listing all user-defined subscriptions. Ampaddsubscription creates a subscription for the url to the event specified. The url encapsulates the service to be used for notification, and any parameters required by that service...
Page 162
152 d ominion sx i nstallation and o perations m anual ampdelay pauses the tcl script a number of seconds equal to the integer argument. Amptriggerevent generates an event with the appropriate associated message. The event may not begin with the amp prefix. Events that begin with the amp prefix may ...
Page 163
A ppendix h: tcl p rogramming g uide 153 ampopensocket [ip_address port_number] opens a socket to a specific port on a device with a given ip address. The command returns a unique socket id. If the command fails or the arguments are improperly formatted, the command will return an error message. The...
Page 164
154 d ominion sx i nstallation and o perations m anual ampreadsocket [socket_id length timeout] a non-blocking call: reads from the socket represented by the socket id until either the length or timeout is reached. Timeout is specified in microseconds; a timeout of zero indicates the socket will be ...
Page 165
A ppendix h: tcl p rogramming g uide 155 basic tcl server example while (1) { amppermission off set s "" set s [amplisten] if {[string length $s] !=0} { puts $s ampresponse } if {[string length $s] == 5} { amppermision on break } } script function description: this tcl server will echo back any stri...
Page 166
156 d ominion sx i nstallation and o perations m anual basic cpu utilization monitoring example #description: this tcl script checks the cpu utilization for each port connected # to a hp-ux server. It alerts the subscribed user that the threshold # limit has reached through e-mail notification. This...
Page 167
A ppendix h: tcl p rogramming g uide 157 #clear any previous data in the read buffer ampclear $port #write to the console ampwrite "vmstat -n" $port #ignore the first 8 lines to read the cpu usage params. For {set i 0 } {$i set cpu [ampread 1 "" $port] } #unlock the console ampunlock $port #set ...
Page 168
158 d ominion sx i nstallation and o perations m anual initevents #main loop starts here... While { 1>0 } { cpuutil $ports ampdelay $intr set rval [listencmds] if { $rval == 1} { delevents unset $ports unset $noofports unset $thr unset $intr unset $mailid break } incr ports 1 if { $ports > $noofport...
Page 169
A ppendix h: tcl p rogramming g uide 159 tcl server designed to interact with a tcl user amppermission off amplock 1 ampclear 1 set val1 0.0 set val2 0.0 set val3 0.0 while { 1 } { set s [amplisten] if {[string length $s] > 0}{ if {$s == “data”}{ puts [format “mach value = %f; voltage value = %f; cu...
Page 170
160 d ominion sx i nstallation and o perations m anual puts “a tcl script is running.\rinputs accepted are data/read1/read2/read3/console/quit" ampresponse } } } input received is not as per expectation. Remind user what the expected inputs are..
Page 171: Appendix I: Troubleshooting
A ppendix i: t roubleshooting 161 appendix i: troubleshooting problems and suggested solutions page access p roblem s olution cannot login – what are factory defaults? (only for dominion sx units running firmware version 2.5 or higher) username: admin (all lower case) password: raritan (all lower ca...
Page 172
162 d ominion sx i nstallation and o perations m anual firewall p roblem s olution unable to access the web page firewalls must allow access on port 80 and 443 in order for the unit to operate through a firewall. Contact your system administrator and request port 80 and 443 access. Login failure fir...
Page 173
A ppendix i: t roubleshooting 163 port access p roblem s olution port access refresh the unit does not automatically refresh the port access list. It is refreshed only when the user clicks on the [ port access ] button, therefore, it is possible that a user will have permissions revoked and these ch...
Page 174
164 d ominion sx i nstallation and o perations m anual.
Page 175: Appendix J: Technical Faqs
A ppendix j: t echnical faq s 165 appendix j: technical faqs q uestion a nswer what are the browsers (and versions) supported? Netscape 7.0 or greater (but not 6.0), mozilla firefox 1.0 or higher, or internet explorer 6.0 with java microsoft vm or sun jre 1.4.2 or higher. Is the status of the unit l...
Page 176
166 d ominion sx i nstallation and o perations m anual q uestion a nswer once i have assigned the unit a unique ip address, how do i access the unit in the future? Open your supported web browser, enter the ip address you have assigned to that unit into the address field, and press the enter > key. ...
Page 177
A ppendix j: t echnical faq s 167.
Page 178
168 d ominion sx i nstallation and o perations m anual 255-60-2000