Tripp Lite 0 Idades Manual
Here you can view all the pages of manual Tripp Lite 0 Idades Manual. The Tripp Lite manuals for Switch are available online for free. You can easily download all the documents as PDF.
Page 151
![Page 151
151
Chapter 9: Authentication
Perform the following procedure to configure the LDAP authentication me\
thod to be used whenever the Console Server or any
of its serial ports or hosts is accessed:
• Select Serial and Network: Authentication and check LDAP or LocalLDAP or LDAPLocal or LDAPDownLocal
• Enter the Server Address (IP or host name) of the remote Authentication server. Multiple remote servers may be
specified in a comma-separated list. Each server is tried in successio\
n.
• Enter the Server...](http://img.usermanuals.tech/thumb/78/104985/w300_0-idades-manual-1526563141_d-150.png "Page 151
151
Chapter 9: Authentication
Perform the following procedure to configure the LDAP authentication me\
thod to be used whenever the Console Server or any
of its serial ports or hosts is accessed:
• Select Serial and Network: Authentication and check LDAP or LocalLDAP or LDAPLocal or LDAPDownLocal
• Enter the Server Address (IP or host name) of the remote Authentication server. Multiple remote servers may be
specified in a comma-separated list. Each server is tried in successio\
n.
• Enter the Server...")
151 Chapter 9: Authentication Perform the following procedure to configure the LDAP authentication me\ thod to be used whenever the Console Server or any of its serial ports or hosts is accessed: • Select Serial and Network: Authentication and check LDAP or LocalLDAP or LDAPLocal or LDAPDownLocal • Enter the Server Address (IP or host name) of the remote Authentication server. Multiple remote servers may be specified in a comma-separated list. Each server is tried in successio\ n. • Enter the Server...
Page 152
![Page 152
152
Chapter 9: Authentication
9.1.5 RADIUS/TACACS user configuration
Users may be added to the local Console Server appliance. If they are no\
t added and they log in via remote AAA, a user will
be added for them. This user will not show up in the configurators unl\
ess they are specifically added, at which point they are
transformed into a completely local user. The newly added user must authenticate via the remote AAA server, and will not have
any access if it is down.
If a local user logs in, they...](http://img.usermanuals.tech/thumb/78/104985/w300_0-idades-manual-1526563141_d-151.png "Page 152
152
Chapter 9: Authentication
9.1.5 RADIUS/TACACS user configuration
Users may be added to the local Console Server appliance. If they are no\
t added and they log in via remote AAA, a user will
be added for them. This user will not show up in the configurators unl\
ess they are specifically added, at which point they are
transformed into a completely local user. The newly added user must authenticate via the remote AAA server, and will not have
any access if it is down.
If a local user logs in, they...")
152 Chapter 9: Authentication 9.1.5 RADIUS/TACACS user configuration Users may be added to the local Console Server appliance. If they are no\ t added and they log in via remote AAA, a user will be added for them. This user will not show up in the configurators unl\ ess they are specifically added, at which point they are transformed into a completely local user. The newly added user must authenticate via the remote AAA server, and will not have any access if it is down. If a local user logs in, they...
Page 153
![Page 153
153
Chapter 9: Authentication
attribute, in the following format:
:group_name=testgroup1,users:
The above example sets the remote user as a member of testgroup1 and use\
rs if groups with those names exist on the
Console Server. Any groups which do not exist on the Console Server are ignored.
When setting the Framed-Filter-Id, the system may also remove the leading colon for an empty field. \
To work around this, add
some dummy text to the start of the string. For example:...](http://img.usermanuals.tech/thumb/78/104985/w300_0-idades-manual-1526563141_d-152.png "Page 153
153
Chapter 9: Authentication
attribute, in the following format:
:group_name=testgroup1,users:
The above example sets the remote user as a member of testgroup1 and use\
rs if groups with those names exist on the
Console Server. Any groups which do not exist on the Console Server are ignored.
When setting the Framed-Filter-Id, the system may also remove the leading colon for an empty field. \
To work around this, add
some dummy text to the start of the string. For example:...")
153 Chapter 9: Authentication attribute, in the following format: :group_name=testgroup1,users: The above example sets the remote user as a member of testgroup1 and use\ rs if groups with those names exist on the Console Server. Any groups which do not exist on the Console Server are ignored. When setting the Framed-Filter-Id, the system may also remove the leading colon for an empty field. \ To work around this, add some dummy text to the start of the string. For example:...
Page 154
![Page 154
154
Chapter 9: Authentication
9.1.8 Remote groups with LDAP authentication
Unlike RADIUS, LDAP has built in support for group provisioning, which m\
akes setting up remote groups easier. The console
server will retrieve a list of all the remote groups that the user is a \
direct member of, and compare their names with local
groups on the Console Server.
Note: Any spaces in the group name will be converted to underscores.
For example, in an existing Active Directory setup, a group of users may \
be...](http://img.usermanuals.tech/thumb/78/104985/w300_0-idades-manual-1526563141_d-153.png "Page 154
154
Chapter 9: Authentication
9.1.8 Remote groups with LDAP authentication
Unlike RADIUS, LDAP has built in support for group provisioning, which m\
akes setting up remote groups easier. The console
server will retrieve a list of all the remote groups that the user is a \
direct member of, and compare their names with local
groups on the Console Server.
Note: Any spaces in the group name will be converted to underscores.
For example, in an existing Active Directory setup, a group of users may \
be...")
154 Chapter 9: Authentication 9.1.8 Remote groups with LDAP authentication Unlike RADIUS, LDAP has built in support for group provisioning, which m\ akes setting up remote groups easier. The console server will retrieve a list of all the remote groups that the user is a \ direct member of, and compare their names with local groups on the Console Server. Note: Any spaces in the group name will be converted to underscores. For example, in an existing Active Directory setup, a group of users may \ be...
Page 155
![Page 155
155
• Ensure the LDAP service is operational and group names are correct withi\
n the Active Directory
Chapter 9: Authentication
9.1.9 Idle timeout
You can specify amount of time in minutes the console server waits before\
it terminates an idle ssh, pmshell or web connection.
• Select Serial and Network: Authentication
• Web Management Session Timeout specifies the browser console session id\
le timeout in minutes. The default setting is
20 minutes
• CLI Management Session Timeout specifies the...](http://img.usermanuals.tech/thumb/78/104985/w300_0-idades-manual-1526563141_d-154.png "Page 155
155
• Ensure the LDAP service is operational and group names are correct withi\
n the Active Directory
Chapter 9: Authentication
9.1.9 Idle timeout
You can specify amount of time in minutes the console server waits before\
it terminates an idle ssh, pmshell or web connection.
• Select Serial and Network: Authentication
• Web Management Session Timeout specifies the browser console session id\
le timeout in minutes. The default setting is
20 minutes
• CLI Management Session Timeout specifies the...")
155 • Ensure the LDAP service is operational and group names are correct withi\ n the Active Directory Chapter 9: Authentication 9.1.9 Idle timeout You can specify amount of time in minutes the console server waits before\ it terminates an idle ssh, pmshell or web connection. • Select Serial and Network: Authentication • Web Management Session Timeout specifies the browser console session id\ le timeout in minutes. The default setting is 20 minutes • CLI Management Session Timeout specifies the...
Page 156
![Page 156
156
Chapter 9: Authentication
9.1.10 Kerberos authentication
The Kerberos authentication can be used with UNIX and Windows (Active Directory) Kerberos servers. This form of authentication
does not provide group information, so a local user with the same userna\
me must be created, and permissions set.
Note: Kerberos is very sensitive to time differences between the Key Distrib\
ution Center (KDC) authentication server and the
client device. Please make sure that NTP is enabled, and the time zone i\
s...](http://img.usermanuals.tech/thumb/78/104985/w300_0-idades-manual-1526563141_d-155.png "Page 156
156
Chapter 9: Authentication
9.1.10 Kerberos authentication
The Kerberos authentication can be used with UNIX and Windows (Active Directory) Kerberos servers. This form of authentication
does not provide group information, so a local user with the same userna\
me must be created, and permissions set.
Note: Kerberos is very sensitive to time differences between the Key Distrib\
ution Center (KDC) authentication server and the
client device. Please make sure that NTP is enabled, and the time zone i\
s...")
156 Chapter 9: Authentication 9.1.10 Kerberos authentication The Kerberos authentication can be used with UNIX and Windows (Active Directory) Kerberos servers. This form of authentication does not provide group information, so a local user with the same userna\ me must be created, and permissions set. Note: Kerberos is very sensitive to time differences between the Key Distrib\ ution Center (KDC) authentication server and the client device. Please make sure that NTP is enabled, and the time zone i\ s...
Page 157
![Page 157
157
Chapter 9: Authentication
TACACS Example:
user = tim {
service = raccess {
priv-lvl = 11
port1 = xxxxx/port02
port2 = 192.168.254.145/port05
}
global = cleartext mit
}
RADIUS Example:
paul Cleartext-Password := "luap"
Service-Type = Framed-User,
Fall-Through = No,
Framed-Filter-Id=":group_name=admin"
The list of groups may include any number of entries separated by a comm\
a. If the admin group is included, the user will...](http://img.usermanuals.tech/thumb/78/104985/w300_0-idades-manual-1526563141_d-156.png "Page 157
157
Chapter 9: Authentication
TACACS Example:
user = tim {
service = raccess {
priv-lvl = 11
port1 = xxxxx/port02
port2 = 192.168.254.145/port05
}
global = cleartext mit
}
RADIUS Example:
paul Cleartext-Password := \"luap\"
Service-Type = Framed-User,
Fall-Through = No,
Framed-Filter-Id=\":group_name=admin\"
The list of groups may include any number of entries separated by a comm\
a. If the admin group is included, the user will...")
157
Chapter 9: Authentication
TACACS Example:
user = tim {
service = raccess {
priv-lvl = 11
port1 = xxxxx/port02
port2 = 192.168.254.145/port05
}
global = cleartext mit
}
RADIUS Example:
paul Cleartext-Password := "luap"
Service-Type = Framed-User,
Fall-Through = No,
Framed-Filter-Id=":group_name=admin"
The list of groups may include any number of entries separated by a comm\
a. If the admin group is included, the user will...
Page 158
![Page 158
158
Chapter 9: Authentication
9.4 SSL Certificate
The Console Server uses the Secure Socket Layer (SSL) protocol for encrypted network traffic between itself and a conne\
cted
user. During the connection establishment the Console Server has to expose i\
ts identity to the user’s browser using a
cryptographic certificate. The default certificate that comes with t\
he Console Server device upon delivery is for testing purpose
only and should not be relied on for secured global access.
The System...](http://img.usermanuals.tech/thumb/78/104985/w300_0-idades-manual-1526563141_d-157.png "Page 158
158
Chapter 9: Authentication
9.4 SSL Certificate
The Console Server uses the Secure Socket Layer (SSL) protocol for encrypted network traffic between itself and a conne\
cted
user. During the connection establishment the Console Server has to expose i\
ts identity to the user’s browser using a
cryptographic certificate. The default certificate that comes with t\
he Console Server device upon delivery is for testing purpose
only and should not be relied on for secured global access.
The System...")
158 Chapter 9: Authentication 9.4 SSL Certificate The Console Server uses the Secure Socket Layer (SSL) protocol for encrypted network traffic between itself and a conne\ cted user. During the connection establishment the Console Server has to expose i\ ts identity to the user’s browser using a cryptographic certificate. The default certificate that comes with t\ he Console Server device upon delivery is for testing purpose only and should not be relied on for secured global access. The System...
Page 159
![Page 159
159
Common name This is the network name of the Console Server once it is installed in t\
he network (usually
the fully
qualified domain name). It is identical to the name that is used to a\
ccess the Console Server
with a web browser (without the “http://” prefix). In case the\
name given here and the actual
network name differ, the browser will pop up a security warning when the Console Server is \
accessed using HTTPS
Organizational Unit This field is used for specifying to which department...](http://img.usermanuals.tech/thumb/78/104985/w300_0-idades-manual-1526563141_d-158.png "Page 159
159
Common name This is the network name of the Console Server once it is installed in t\
he network (usually
the fully
qualified domain name). It is identical to the name that is used to a\
ccess the Console Server
with a web browser (without the “http://” prefix). In case the\
name given here and the actual
network name differ, the browser will pop up a security warning when the Console Server is \
accessed using HTTPS
Organizational Unit This field is used for specifying to which department...")
159 Common name This is the network name of the Console Server once it is installed in t\ he network (usually the fully qualified domain name). It is identical to the name that is used to a\ ccess the Console Server with a web browser (without the “http://” prefix). In case the\ name given here and the actual network name differ, the browser will pop up a security warning when the Console Server is \ accessed using HTTPS Organizational Unit This field is used for specifying to which department...
Page 160
![Page 160
160
Chapter 10: Nagios Integration
Nagios is a powerful, highly extensible open source tool for monitoring \
network hosts and services. The core Nagios software
package will typically be installed on a server or virtual server, the central Nagios server.
Tripp Lite Console Servers can operate in conjunction with a central/upst\
ream Nagios server to provide distributing monitoring
of attached network hosts and serial devices. The Console Servers can em\
bed the NSCA (Nagios Service Checks Acceptor)...](http://img.usermanuals.tech/thumb/78/104985/w300_0-idades-manual-1526563141_d-159.png "Page 160
160
Chapter 10: Nagios Integration
Nagios is a powerful, highly extensible open source tool for monitoring \
network hosts and services. The core Nagios software
package will typically be installed on a server or virtual server, the central Nagios server.
Tripp Lite Console Servers can operate in conjunction with a central/upst\
ream Nagios server to provide distributing monitoring
of attached network hosts and serial devices. The Console Servers can em\
bed the NSCA (Nagios Service Checks Acceptor)...")
160 Chapter 10: Nagios Integration Nagios is a powerful, highly extensible open source tool for monitoring \ network hosts and services. The core Nagios software package will typically be installed on a server or virtual server, the central Nagios server. Tripp Lite Console Servers can operate in conjunction with a central/upst\ ream Nagios server to provide distributing monitoring of attached network hosts and serial devices. The Console Servers can em\ bed the NSCA (Nagios Service Checks Acceptor)...