Tripp Lite 0 Idades Manual

							1
1111 W. 35th Street, Chicago, IL 60609 USA • www.tripplite.com/support
Owner’s Manual
Console Server Management Switch
Models: 
B096-016 / B096-032 / B096-048
Console Server with PowerAlert
Model: 
B092-016
Console Server
Models: 
B095-004-1E / B095-003-1E-M / B094-008-2E-M-F / B094-008-2E-V
Copyright © 2016 Tripp Lite. All rights reserved. All trademarks are the property of their\
 respective owners. 
PROTECT YOUR INVESTMENT!
Register your product for quicker service and ultimate peace of mind. 
You could also win an ISOBAR6ULTRA surge protector—a $100 value!
www.tripplite.com/warranty 
						

							Please take care to follow the safety precautions below when installing \
and operating the Console Server:
• Do not remove the metal covers. There are no operator-serviceable components inside. Opening or 
removing the cover may expose you to dangerous voltage which may cause fi\
re or electric shock. Refer all 
service to Tripp Lite qualified personnel
• To avoid electric shock the power cord protective grounding conductor mus\
t be connected through to ground
• Always pull on the plug, not the cable, when disconnecting the power cor\
d from the socket
• Do not connect or disconnect the Console Server during an electrical sto\
rm
• Also it is recommended you use a surge suppressor or UPS to protect the \
equipment from transients
FCC Information, Class A
This device complies with part 15 of the FCC Rules. Operation is subject\
 to the following two conditions: (1) This device may 
not cause harmful interference, and (2) this device must accept any in\
terference received, including interference that may 
cause undesired operation.
Note: This equipment has been tested and found to comply with the limits\
 for a Class A digital device, pursuant to part 15 of 
the FCC Rules. These limits are designed to provide reasonable protectio\
n against harmful interference when the equipment 
is operated in a commercial environment. This equipment generates, uses,\
 and can radiate radio frequency energy and, if 
not installed and used in accordance with the instruction manual, may ca\
use harmful interference to radio communications. 
Operation of this equipment in a residential area is likely to cause har\
mful interference in which case the user will be required 
to correct the interference at his own expense. The user must use shield\
ed cables and connectors with this equipment. Any 
changes or modifications to this equipment not expressly approved by T\
ripp Lite could void the user’s authority to operate this 
equipment.
RoHS
This product is RoHS compliant.
User Notice
All information, documentation and specifications contained in this ma\
nual are subject to change without prior notification by 
the manufacturer. The manufacturer makes no representations or warranties, either expres\
sed or implied, with respect to the 
contents hereof and specifically disclaims any warranties as to mercha\
ntability or fitness for any particular purpose. Any of the 
manufacturer's software described in this manual is sold or licensed `as\
 is'. Should the programs prove defective following 
their purchase, the buyer (and not the manufacturer, its distributor, or its dealer), assumes the entire cost of all necessary 
servicing, repair and any incidental or consequential damages resulting \
from any defect in the software.
The manufacturer of this system is not responsible for any radio and/or \
TV interference caused by unauthorized modifications 
to this device. It is the responsibility of the user to correct such int\
erference. The manufacturer is not responsible for any 
damage incurred in the operation of this system if the correct operation\
al voltage setting was not selected prior to operation.  
						

							3
Introduction 10
Installation 14
2.1 Models 14
2.1.1 Kit components: B096-048, B096-032 and B096-016 Console Server Managemen\
t Switch  14
2.1.2 Kit components: B092-016 Console Server with PowerAlert  15
2.1.3 Kit components: B095-004-1E and B095-003-1E-M Console Server  15
2.1.4 Kit components: B094-008-2E-M-F and B094-008-2E-V Console Server  16
2.2 Power Connection  17
2.2.1 Power: Console Server Management Switch  17
2.2.2 Power: Console Server with PowerAlert  17
2.2.3 Power: Console Server  17
2.3 Network Connection  17
2.4 Serial Port Connection  18
2.5 USB Port Connection  18
2.6 Rackmount Console / KVM Connection (B092-016 only)  18
Initial System Configuration  19
3.1 Management Console Connection  19
3.1.1  Connected computer set up  19
3.1.2  Browser connection  20
3.1.3  Initial B092-016 connection  21
3.2 Administrator Password  22
3.2.1  Set up new administrator  23
3.3 Network IP Address  24
3.3.1  IPv6 configuration  25
3.3.2 Dynamic DNS (DDNS) configuration  26
3.4 System Services and Service Access  27
3.4.1 Brute force protection  30
3.5 Communications Software  31
3.5.1 SDT Connector  31
3.5.2  PuTTY  31
3.5.3  SSHTerm  32
3.6 Management Network Configuration  33
3.6.1 Enable the Management LAN  33
3.6.2 Configure the DHCP server  34
3.6.3  Select Failover or broadband OOB  35
3.6.4 Bridging the network ports  35
3.6.5 Wireless LAN  36
3.6.6  Static routes  37
Serial Port, Device & User Configuration  38
4.1 Configuring Serial Ports  38
4.1.1 Common Settings  39
4.1.2 Console Server Mode  40
4.1.3 SDT Mode  44
4.1.4 Device (RPC, UPS, EMD) Mode  44
4.1.5 Terminal Server Mode  44
4.1.6 Serial Bridging Mode  45
4.1.7 Syslog  45
4.2 Add/ Edit Users  46
4.3 Authentication  48
4.4 Network Hosts  48
Table of Contents  
						

							4
4.5 Trusted Networks  49
4.6 Serial Port Cascading  50
4.6.1  Automatically generate and upload SSH keys  50
4.6.2  Manually generate and upload SSH keys  51
4.6.3  Configure the slaves and their serial ports  52
4.6.4  Managing the slaves  52
4.7 Serial Port Redirection  53
4.7.1  Install VirtualPort client  53
4.7.2  Configure the VirtualPort client  54
4.7.3 To remove a configured port  56
4.7.4 Configure the remote serial device connection  56
4.8 Managed Devices  57
4.9 IPsec VPN  58
4.9.1 Enable the VPN gateway  58
4.10 OpenVPN  60
4.10.1 Enable the OpenVPN  61
4.10.2 Configure as Server or Client  62
4.10.3 Windows OpenVPN Client and Server set up  64
4.11 PPTP VPN  67
4.11.1 Enable the PPTP VPN server  68
4.11.2 Add a PPTP user  69
4.11.3 Set up a remote PPTP client  70
4.12 IP Passthrough  71
4.12.1 Downstream router setup   71
4.12.2 IP Passthrough pre-configuration   71
4.12.3 IP Passthrough configuration   72
4.12.4 Service intercepts   72
4.12.5 IP Passthrough status   72
4.12.6 Caveats   72
Firewall, Failover & Out-of-Band  73
5.1 OoB Dial-In Access  73
5.1.1 Configure dial-in PPP  74
5.1.2 Using SDT Connector client for dial-in  75
5.1.3 Set up Windows XP/2003/Vista/7 client for dial-in  75
5.1.4 Set up earlier Windows clients for dial-in  76
5.1.5 Set up Linux clients for dial-in  76
5.2 OoB Broadband Access  77
5.3  Broadband Ethernet Failover  77
5.4 Dial-Out Access  78
5.4.1 Always-on dial-out  78
5.4.2 Dial-Out Failover  79
5.5 Firewall & Forwarding  80
5.5.1 Configuring network forwarding and IP masquerading  80
5.5.2 Configuring client devices  82
5.5.3 Port/Protocol Forwarding  83
5.5.4 Firewall Rules  84 
5.6 Internal Cellular Modem Connection   85
5.6.1 Connecting to a 4G LTE carrier network  85
5.6.2 Verifying the cellular connection  86
5.6.3 Cellular modem watchdog  87
Table of Contents  
						

							5
5.7 Cellular Operation  88
5.7.1 OOB access set up  88
5.7.2 Cellular failover setup  89
5.7.3 Cellular routing  89
Secure SSH Tunneling & SDT Connector  90
6.1 Configuring for SDT Tunneling to Hosts  91
6.2 SDT Connector Configuration  92
6.2.1 SDT Connector client installation  92
6.2.2 Configuring a new gateway in the SDT Connector client  93
6.2.3 Auto-configure SDT Connector client with the user’s access privileg\
es  94
6.2.4 Make an SDT connection through the gateway to a host  95
6.2.5 Manually adding hosts to the SDT Connector gateway  96
6.2.6 Manually adding new services to the new hosts  97
6.2.7 Adding a client program to be started for the new service  99
6.2.8 Dial-in configuration  100
6.3 SDT Connector to Management Console  101
6.4 SDT Connector - Telnet or SSH Serial Device Connection  102
6.5 SDT Connector OoB Connection  103
6.6 Importing (and Exporting) Preferences  104
6.7 SDT Connector Public Key Authentication  105
6.8 Setting up SDT for Remote Desktop Access  106
6.8.1  Enable Remote Desktop on the target Windows computer to be accessed  106
6.8.2  Configure the Remote Desktop Connection client  107
6.9 SDT SSH Tunnel for VNC  110
6.9.1 Install and configure the VNC Server on the computer to be accessed  110
6.9.2  Install, configure and connect the VNC Viewer  111
6.10 SDT IP Connection to Hosts  113
6.10.1 Establish a PPP connection between the host COM port and Console Server  113
6.10.2 Set up SDT Serial Ports on Console Server  116
6.10.3 Set up SDT Connector to SSH port forward over the Console Server Serial Port  116
6.11  SSH Tunneling using other SSH clients (e.g. PuTTY)  117
Alerts, Automated Response and Logging  120
7.1 Set Up Auto-Response and Configure Check Conditions  120
7.1.1 Environmental Check  121
7.1.2 Alarms and Digital Inputs  122
7.1.3  UPS/Power Supply  122
7.1.4  UPS Status  122
7.1.5  Serial Login/Logout  123
7.1.6  ICMP Ping  123
7.1.7  Cellular Data  123
7.1.8  Custom Check  124
7.1.9  SMS Command  124 
7.1.10 Log In/Log Out  125 
7.1.11 Network Interface Event  125
7.1.12 Routed data usage check  126
Table of Contents  
						

							6
7.2 Trigger and Resolve Actions  127
7.2.1  Send Email on Trigger  127
7.2.2  Send SMS on Trigger  127
7.2.3  Perform RPC Action on Trigger  127
7.2.4  Run Custom Script on Trigger  128
7.2.5  Send SNMP Trap on Trigger  128
7.2.6  Send Nagios Event on Trigger  128
7.2.7  Perform Interface Action   128
7.2.8 Resolve Actions  129
7.2.9  Send Email alerts on Resolution  129
7.2.10  Send SMS Alerts on Resolution  129
7.2.11  Send SNMP Trap alerts on Resolution  130
7.2.12  Send Nagios Event alerts on Resolution  131
7.3 Remote Log Storage  132
7.4 Serial Port Logging  132
7.5 Network TCP or UDP Port Logging  133
7.6 Auto-Response Event Logging  133
7.7 Power Device Logging  133
Power and Environment  134
8.1 Remote Power Control (RPC)  134
8.1.1 RPC connection  134
8.1.2 RPC alerts  136
8.1.3 RPC status  136
8.1.4 User power management  137
8.2 Uninterruptible Power Supply Control (UPS)  138
8.2.1 Managed UPS connections  138
8.2.2 Configure UPS powering the Console Server  140
8.2.3 Configuring powered computers to monitor a Managed UPS  141
8.2.4 UPS alerts  142
8.2.5 UPS status  142
8.2.6 Overview of Network UPS Tools (NUT)  143
8.3 Environmental Monitoring  144
8.3.1 Connecting the EMD  145
8.3.2 Environmental alerts  146
8.3.3 Environmental status  146
Authentication 147
9.1 Authentication Configuration  147
9.1.1 Local authentication  147
9.1.2 TACACS authentication  148
9.1.3 RADIUS authentication  149
9.1.4 LDAP authentication  150
9.1.5 RADIUS/TACACS user configuration  152
9.1.6 Group support with remote authentication  152
9.1.7 Remote groups with RADIUS authentication  152
9.1.8 Remote groups with LDAP authentication  154
9.1.9 Idle timeout  155
9.1.10 Kerberos authentication  156
9.1.11 Authentication testing  156
9.2 PAM (Pluggable Authentication Modules)  156
9.3 Secure Management Console Access  157
9.4 SSL Certificate  158
Table of Contents  
						

							7
Nagios Integration 160
10.1  Nagios Overview  160
10.2 Central management and setting up SDT for Nagios  161
10.2.1 Set up central Nagios server  161
10.2.2 Set up distributed Console Servers  162
10.3 Configuring Nagios distributed monitoring  164
10.3.1  Enable Nagios on the Console Server  164
10.3.2  Enable NRPE monitoring  165
10.3.3  Enable NSCA monitoring  166
10.3.4 Configure selected Serial Ports for Nagios monitoring  167
10.3.5 Configure selected Network Hosts for Nagios monitoring  167
10.3.6 Configure the upstream Nagios monitoring host  168
10.4 Advanced Distributed Monitoring Configuration  169
10.4.1 Sample Nagios configuration  169
10.4.2 Basic Nagios plug-ins  172
10.4.3 Additional plug-ins  172
System Management  173
11.1 System Administration and Reset  173
11.2 Upgrade Firmware  174
11.3 Configure Date and Time  175
11.4 Configuration Backup  176
11.5 Delayed Configuration Commit  177
11.6 FIPS Mode  178
Status Reports  179
12.1 Port Access and Active Users  179
12.2 Statistics  180
12.3 Support Reports  180
12.4 Syslog  181
12.5 Dashboard 181
12.5.1 Configuring the Dashboard  182
12.5.2 Creating custom widgets for the Dashboard  183
Management 184
13.1 Device Management  184
13.2 Port and Host Log Management  185
13.3 Terminal Connection  185
13.3.1  Web Terminal  185
13.3.1.1  Web Terminal to Command Line  185
13.3.1.2 Web Terminal to Serial Device  186
13.3.2  SDTConnector access  186
13.4 Power Management  187
13.5  Remote Console Access (B092-016 only)  187
Command Line Configuration  188
14.1 Accessing config from the command line  188
14.1.1 Serial Port configuration  190
14.1.2 Adding and removing Users  193
14.1.3 Adding and removing user Groups  194
14.1.4 Authentication  195
14.1.5 Network Hosts  196
14.1.6 Trusted Networks  197
14.1.7 Cascaded Ports  197
Table of Contents  
						

							8
14.1.8 UPS Connections  198
14.1.9 RPC Connections  199
14.1.10 Environmental  200
14.1.11 Managed Devices  200
14.1.12 Port Log  201
14.1.13 Alerts  202
14.1.14 SMTP & SMS  203
14.1.15 SNMP  205
14.1.16 Administration 205
14.1.17 IP settings  205
14.1.18 Date & Time settings  206
14.1.19 Dial-in settings  206
14.1.20 DHCP server  207
14.1.21 Services  208
14.1.22 NAGIOS 208
14.2  General Linux command usage  209
Advanced Configuration  211
15.1  Custom Scripting  211
15.1.1  Custom script to run when booting  211
15.1.2  Running custom scripts when alerts are triggered  212
15.1.3  Example script - Power cycling on pattern match  213
15.1.4  Example script - Multiple email notifications on each alert  213
15.1.5  Deleting configuration values from the CLI  214
15.1.6  Power cycle any device upon a ping request failure  217
15.1.7  Running custom scripts when a configurator is invoked  218
15.1.8  Backing-up the configuration and restoring using a local USB stick  218
15.1.9  Backing-up the configuration off-box  219
15.2  Advanced Portmanager  220
15.2.1  Portmanager commands  220
15.2.2  External Scripts and Alerts  223
15.3  Raw Access to Serial Ports  224
15.3.1  Access to serial ports  224
15.3.2  Accessing the console/modem port  224
15.4  IP- Filtering  225
15.5  SNMP Status Reporting and Traps  225
15.5.1  Retrieving status information using SNMP  225
15.5.2  Check firewall rules  225
15.5.3  Enable SNMP service  226
15.5.4  /etc/config/snmpd.conf  229
15.5.5  Adding multiple remote SNMP managers  229
15.6 Secure Shell (SSH) Public Key Authentication  230
15.6.1  SSH Overview  230
15.6.2  Generating Public Keys (Linux)  231
15.6.3  Installing the SSH Public/Private Keys (Clustering)  231
15.6.4  Installing SSH Public Key Authentication (Linux)  232
15.6.5  Generating public/private keys for SSH (Windows)  233
15.6.6  Fingerprinting  234
15.6.7  SSH tunneled serial bridging  235
15.6.8  SDT Connector Public Key Authentication  237
15.7  Secure Sockets L ayer (SSL) Support  238
Table of Contents  
						

							9
15.8  HTTPS  238
15.8.1  Generating an encryption key  238
15.8.2  Generating a self-signed certificate with OpenSSL  238
15.8.3  Installing the key and certificate  239
15.8.4  Launching the HTTPS Server  239
15.9  Power Strip Control  240
15.9.1 PowerMan  240
15.9.2 pmpower 241
15.9.3 Adding new RPC devices  241
15.10  IPMItool  243
15.11  Scripts for Managing Slaves  245
15.12  SMS Server Tools  246
15.13  Multicast  246
15.14  Zero Touch Provisioning  247
15.14.1  Preparation  247
15.14.2  Example ISC DHCP server configuration  247
15.14.3  Setup for an untrusted LAN  247
15.14.4  How it works  248
15.14.5  Setup a USB key for authenticated restore  249
Thin Client (B092-016)  252
16.1 Local Client Service Connections  252
16.1.1 Connect: Serial Terminal  253
16.1.2 Connect: Browser  254
16.1.3 Connect: VNC  255
16.1.4 Connect: SSH  256
16.1.5 Connect: IPMI  257
16.1.6 Connect: Remote Desktop (RDP)  258
16.1.7 Connect: Citrix ICA  259
16.1.8 Connect: PowerAlert  259
16.2 Advanced Control Panel  260
16.2.1 System: Terminal  260
16.2.2 System: Shutdown / Reboot  260
16.2.3 System: Logout  260
16.2.4 Custom  260
16.2.5 Status 260
16.2.6 Logs 260
16.3 Remote Control  261
Appendix A: Hardware Specification  262
Appendix B: Serial Port Connectivity 263
Appendix C: End User License Agreements 265
Appendix D: Service and Warranty 272
Table of Contents  
						

							10
This User Manual is provided to help you get the most from your B096-016\
 / B096-032 / B096-048 Console Server 
Management Switch, B092-016 Console Server with PowerAlert or B095-004-1E / B095-003-1E-M / B094-008-2E-M-F / 
B094-008-2E-V Console Server product. These products are referred to generically in \
this manual as Console Servers. 
Once configured, you will be able to use your Console Server to secure\
ly monitor, access and control the computers, 
networking devices, telecommunications equipment, power supplies and ope\
rating environment in your data center, branch 
office or communications room. This manual guides you in managing this\
 infrastructure locally (at the rack side or across your 
operations or management LAN or through the local serial console port),\
 and remotely (across the Internet, private network or 
via dial up).
Manual Organization 
This manual contains the following chapters:
1. Introduction  An overview of the features of the Console Server and information on thi\
s manual
2. Installation Details physical installation of the Console Server and the interconnect\
ion of controlled  
 devices
3. System Configuration  Describes the initial installation and configuration using the Managem\
ent Console of the  
 Console Server on the network and the services that will be supported 
4. Serial and Network Covers configuring serial ports and connected network hosts, and setti\
ng up Users and  
 Groups
5. Failover and OoB dial-in Describes setting up the high-availability access features of the Consol\
e Server 
6. Secure Tunneling (SDT)  Covers secure remote access using SSH and configuring for RDP, VNC, HTTP, HTTPS, etc.  
 access to network and serially connected devices
7. Alerts and Logging Explains the setting up of local and remote event/ data logs and trigger\
ing SNMP and email  
 alerts 
8. Power & Environment Management of USB, serial and network attached Power Distribution units and UPS units  
 including Network UPS Tool (NUT) operation and IPMI power control. EMD environmental  
 sensor configuration
9. Authentication All access to the Console Server requires usernames and passwords which \
are locally or  
 externally authenticated
10. Nagios Integration Setting Nagios central management with SDT extensions and configuring \
the Console Server  
 as a distributed Nagios server
11. System Management Covers access to and configuration of services to be run on the Consol\
e Server
12. Status Reports View the status and logs of serial and network connected devices (ports\
, hosts, power and  
 environment) 
13. Management  Includes port controls and reports that can accessed by Users 
14. Basic Configuration Command line installation and configuration using the config command\
15. Advanced Config More advanced command line configuration activities where you will nee\
d to use Linux  
 commands
16. Thin Client Configuration and use of the thin client and other applications (incl\
uding PowerAlert)  
 embedded in the Console Server with PowerAlert (B092-016) product
Chapter 1: Introduction