Home > Tripp Lite > Switch > Tripp Lite 0 Idades Manual

Tripp Lite 0 Idades Manual

    Download as PDF Print this page Share this page

    Have a look at the manual Tripp Lite 0 Idades Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 7 Tripp Lite manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.

    							21
    A Welcome screen, which lists initial installation configuration steps, will be\
     displayed. These steps are:  
    • Change default administration password (System/Administration page. Ref\
    er Chapter 3.2)
    • Configure the local network settings (System/IP page. Refer Chapter 3\
    .3)
    To configure Console Server features:
    • Configure serial ports settings (Serial & Network/Serial Port page. Refer Chapter 4)
    • Configure user port access (Serial & Network/Users page. Refer Chapte\
    r 4)
    After completing each of the above steps, you can return to the config\
    uration list by clicking the Tripp Lite logo in the top left corner 
    of the screen:
    Chapter 3: Initial System Configuration
    • At the Management Console menu select System: Administration
    Note: If you are not able to connect to the Management Console at 192.168.0.\
    1 or  if the default Username / Password were 
    not accepted then reset your Console Server (refer Chapter 10) 
    3.1.3   Initial B092-016 connection
    You can configure the B092-016 Console Server using a connected compute\
    r and browser connection as described in the two 
    sections above, or you can configure it directly. To do this you will need to connect a console (keyboard, mouse and displ\
    ay) or 
    a KVM switch directly to its mouse, keyboard and VGA ports. When you ini\
    tially power on the B092-016, you will be prompted 
    on your directly connected video console to log in
    • Enter the default administration username and password (Username: root Password: default). The B092-016 control 
    panel will be displayed
    • Click the Configure button on the control panel. This will load the Firefox browser and ope\
    n the B092-016 Management Console 
       
    						
    							22
    Chapter 3: Initial System Configuration
    3.2 Administrator Password
    For security reasons, only the administration user named root can initially log into your Console Server. Only those people who 
    know the root password can access and reconfigure the Console Server i\
    tself.
    However, anyone who correctly guesses the root password (and the default root \
    password which is default) could gain access. 
    It is therefore essential that you enter and confirm a new root passwo\
    rd before giving the Console Server any access to, or 
    control of, your computers and network appliances.  
    • Select Change default administration password from the Welcome page, which will take you to Serial & Network:  
     Users & Groups 
    • Select Edit for the user root 
    • Add a new Password and then re-enter it in Confirm. This is the new password for root, the main administrative user 
     account, so it is important that you choose a complex password, and keep\
     it safe
    Note: There are no restrictions on the characters that can be used in the Sy\
    stem Password (which can contain up to 254 
    characters). However, only the first eight Password characters are used to make the passwo\
    rd hash. 
    • Click Apply
    Note: If the Console Server has flash memory you will be given the option t\
    o Save Password across firmware erases. 
    Checking this will save the password hash in the non-volatile configur\
    ation partition, which does not get erased on firmware 
    reset. However take care as if this password is lost, the device will ne\
    ed to be firmware recovered.
    • Select System: Administration  
    						
    							23
    Chapter 3: Initial System Configuration
    • You may now wish to enter a System Name and System Description for the Co\
    nsole Server to give it a unique ID and  
     make it simple to identify
    Note: The System Name can contain from 1 to 64 alphanumeric characters (howe\
    ver you can also use the special characters 
    “-” “_” and “.” ). There are no restrictions on the c\
    haracters that can be used in the System Description (which can contain up 
    to 254 characters).
    • The MOTD Banner can be used to display a “message of the day” text\
     to authenticating users when the ssh, ftp or web  
     access the Console Server
    • Click Apply. As you have changed the password you will be prompted to log in again.\
     This time use the new password
    Note: If you are not confident your Console Server has been supplied with \
    the current release of firmware, you can upgrade. 
    Refer to Upgrade Firmware - Chapter 10
    3.2.1   Set up new administrator
    It is also recommended that you set up a new Administrator user as soon \
    as convenient and log-in as this new user for all 
    ongoing administration functions (rather than root). 
    This Administrator can be configured in the admin group with full access privileges through the Serial & Network: Users & 
    Groups menu (refer to Chapter 4 for details)  
    						
    							24
    Chapter 3: Initial System Configuration
    3.3 Network IP Address
    It is time to enter an IP address for the principal 10/100 LAN port on the Console Server; or enable its DHCP client so that it 
    automatically obtains an IP address from a DHCP server on the network to\
     which it is to be connected. 
    • On the System: IP menu select the Network Interface page then check DHCP or Static for the Configuration Method
    • If you select Static you must manually enter the new IP Address, Subnet Mask, Gateway and DNS server details. This 
    selection automatically disables the DHCP client 
     
    • If you selected DHCP the Console Server will look for configuration details from a DHCP se\
    rver on your management LAN. 
    This selection automatically disables any static address. The Console Se\
    rver MAC address can be found on a label on the 
    base plate
    Note: In its factory default state (with no Configuration Method selected\
    ) the Console Server has its DHCP client enabled, so 
    it automatically accepts any network IP address assigned by a DHCP serve\
    r on your network. In this initial state, the Console 
    Server will then respond to both its Static address (192.168.0.1) and \
    its newly assigned DHCP address
    • By default the Console Server LAN port auto detects the Ethernet connect\
    ion speed. However you can use the Media 
    menu to lock the Ethernet to 10 Mb/s or 100Mb/s and to Full Duplex (FD) or Half Duplex (HD)
    Note: If you have changed the Console Server IP address, you may need to recon\
    figure your PC/workstation so it has an IP 
    address that is in the same network range as this new address  (as deta\
    iled in an earlier note in this chapter)
    • Click Apply
    • You will need to reconnect the browser on the PC/workstation that is conn\
    ected to the Console Server by entering  
    http://new IP address  
    						
    							25
    Chapter 3: Initial System Configuration
    3.3.1  IPv6 configuration
    By default, the Console Server Ethernet interfaces support IPv. However, they can also be configured for IPv6 operation:
    • On the System: IP menu select General Settings page and check Enable IPv6
     
    • You will then need to configure the IPv6 parameters on each network int\
    erface page   
    						
    							26
    3.3.2 Dynamic DNS (DDNS) configuration
    Dynamic DNS (DDNS) enables a Console Server with a dynamically assigne\
    d IP address (that may change from time to time) 
    to be located using a fixed host or domain name.
    • The first step in enabling DDNS is to create an account with the suppo\
    rted DDNS service provider of your choice. 
    Supported DDNS providers include:
      o DyNS www.dyns.cx 
      o dyndns.org www.dyndns.org
      o GNUDip gnudip.cheapnet.net 
      o ODS www.ods.org 
      o TZO www.tzo.com 
      o 3322.org (Chinese provider) www.3322.org 
    Upon registering with the DDNS service provider, you will select a username and password, as well as a hostname that 
    you will use as the DNS name (to allow external access to your machine \
    using a URL).
    The Dynamic DNS service providers allow the user to choose a hostname UR\
    L and set an initial IP address to 
    correspond to that hostname URL. Many Dynamic DNS providers offer a sele\
    ction of URL hostnames available for free 
    use with their service. However, with a paid plan, any URL hostname (including your own registered dom\
    ain name) can 
    be used. 
    You can now enable and configure DDNS on any of the Ethernet or cellula\
    r network connections on the Console Server (by 
    default DDNS is disabled on all ports): 
    •  Select the DDNS service provider from the drop down Dynamic DNS list on the System:IP or System:Dial menu
     
    • In DDNS Hostname enter the fully qualified DNS hostname for your console server e.g. your-hostname.dyndns.org
    • Enter the DDNS Username and DDNS Password for the DDNS service provider account 
    • Specify the Maximum interval between updates - in days. A DDNS update will be sent even if the address has not chang\
    ed
    • Specify the Minimum interval between checks for changed addresses - in seconds. Updates will still only be sent if \
    the 
    address has changed 
    • Specify the Maximum attempts per update i.e. the number of times to attempt an update before giving up (defaul\
    ts to 3)
    Chapter 3: Initial System Configuration  
    						
    							27
    3.4 System Services and Service Access
    Service Access specifies which access protocols/services can be used t\
    o access the Console Server (and connected serial ports). 
    The Administrator can access and configure the Console Server (and co\
    nnected devices) using a range of access protocols/
    services – and for each such access, the particular service must be r\
    unning with access through the firewall enabled. 
    By default HTTP, HTTPS, Telnet and SSH services are running, and these services are enabled on all network i\
    nterfaces. However, 
    again by default, only HTTPS and SSH access to the Console Server is enabled, while HTTP and Telnet access is disabled. 
    For other services, such as SNMP/Nagios NRPE/NUT, the service must first be started on the relevant network interface \
    using 
    Service Settings. Then the Service Access can be set to allow or block a\
    ccess.
    To enable and configure a service:
    • Select the Service Settings tab on the System: Services page and enable required services
    Chapter 3: Initial System Configuration
    To change the access settings:
    • Select the Service Access tab on the System: Services page. This will display the service currently enabled for the 
    Console Server’s network interfaces.
      o Network interface (for the principal Ethernet connection)
      o Dial out (V90 and cellular modem)
      o Dial in (internal or external V90 modem) 
      o WiFi (802.11 wireless)
      o OoB Failover (second Ethernet connections)
      o VPN (IPSec or Open VPN connection over any network interface)  
    •  Check/uncheck for each network which service access is to be enabled /di\
    sabled
    In the example shown below local Administrators on local Network Interfa\
    ce LAN do not have Telnet access to the Console 
    Server itself (only SSH and HTTPS access) but they do have Telnet access to the serial console devices attached to the 
    Console Server. 
       
    						
    							28
    The Services Access settings specify which services the Administrator ca\
    n use over which network interface to access the 
    console server. It also nominates the enabled services that the Administrator and the \
    User can use to connect through the 
    Console Server to attached serial and network connected devices.
    •  The following general service access options can be specified:
    HTTPSThis ensures the Administrator has secure browser access to all the Management Console menus on the Co\
    nsole 
    Server. It also allows appropriately configured Users secure browser access \
    to selected Manage menus.  For 
    information on certificate and user client software configuration re\
    fer Chapter 9 - Authentication. By default 
    HTTPS is enabled, and it is recommended that only HTTPS access be used if the Console Server is to be 
    managed over any public network (e.g. the Internet). 
    HTTPThe HTTP service allows the Administrator basic browser access to the Manageme\
    nt Console. It is recommended 
    the HTTP service be disabled if the Console Server is to be remotely accessed \
    over the Internet. 
    TelnetThis gives the Administrator telnet access to the system command line sh\
    ell (Linux commands). While this may 
    be suitable for a local direct connection over a management LAN, it is r\
    ecommended this service be disabled if 
    the Console Server is to be remotely administered. This service may also\
     be useful for local Administrator and the 
    User access to selected serial consoles
    SSHThis service provides secure SSH access.  It is recommended you choose SSH as the protocol where the 
    Administrator connects to the Console Server over the Internet or any ot\
    her public network. This will provide 
    authenticated communications between the SSH client program on the remote PC/workstation and the SSH sever 
    in the Console Server. For more information on SSH configuration refer Chapter 9 - Authentication.  
    •  There are also a number of related service options that can be configu\
    red at this stage:
    SNMP This will enable netsnmp in the Console Server, which will keep a remote log of all posted information. SNMP is 
    disabled by default. To modify the default SNMP settings, the Administrator must make the edit\
    s at the command 
    line as described in Chapter 15 – Advanced Configuration
    TFTP/
    FTP  
    If a USB flash card or internal flash is detected on the Console Ser\
    ver, then enabling this service will set up 
    default tftp and ftp servers on the USB flash. These server are used to store config fi\
    les, maintain access and 
    transaction logs etc. Files transferred using tftp will be stored under /var/tmp/usbdisk/tftpboot
    Ping This allows the Console Server to respond to incoming ICMP echo requests\
    . Ping is enabled by default, however 
    for security reasons this service should generally be disabled post init\
    ial configuration
    Nagios  Access to the NUT UPS monitoring and Nagios NRPE monitoring daemons 
    NUT  Access to the NUT UPS monitoring and Nagios NRPE monitoring daemons
    •  And there are some serial port access parameters that can be configure\
    d on this menu:
    Base The Console Server uses specific default ranges for the TCP/IP ports for the various access services that Users 
    and Administrators can use to access devices attached to serial ports (\
    as covered in Chapter 4 – Configuring 
    Serial Ports). The Administrator can also set alternate ranges for these services, \
    and these secondary ports will 
    then be used in addition to the defaults.  
    The default TCP/IP base port address for telnet access is 2000, and the range for telnet is IP Address: Port (2000 
    + serial port #) i.e. 2001 – 2048. So if the Administrator were to s\
    et 8000 as a secondary base for telnet then 
    serial port #2 on the Console Server can be telnet accessed at IP Addres\
    s:2002 and at IP Address:8002. The 
    default base for SSH is 3000; for Raw TCP is 4000; and for RFC2217 it is 5000 
    RAW/
    Direct 
    You can also specify that serial port devices can be accessed from nomina\
    ted network interfaces using Raw TCP, 
    direct Telnet/SSH, unauthenticated Telnet services etc
    • Click Apply. As you apply your services selections, the screen will be updated with\
     a confirmation message:
     Message Changes to configuration succeeded
    Chapter 3: Initial System Configuration  
    						
    							29
     
    • The B092-016 Console Server with PowerAlert also presents some additional service and configuration opti\
    ons:
    VNC The B092-016 Console Server has an internal VNC server. When enabled, it allows remote users to connect 
    to the Console Server and run the PowerAlert software and any other embedded thin client programs as if the\
    y 
    were plugged in locally to the KVM connectors on the B092-016 (refer to\
     Chapter 16 for more details). Users 
    connect using port 5900 and need to run a VNC client applet
    Secure 
    VNC
    This enables a secure encrypted remote connection using VNC over SSL on port 5800 to the B092-016 
    Console Server (refer to Chapter 16)
    PowerAlert This configuration option will automatically start the PowerAlert application on the B092-016 and display 
    the console as soon as you log into the local display or VNC session (r\
    efer to Chapter 16). The complete 
    PowerAlert manual can be downloaded at www.tripplite.com/EN/support/PowerAlert/Downloads.cfm 
    Chapter 3: Initial System Configuration  
    						
    							30
    Chapter 3: Initial System Configuration
    3.4.1  Brute force protection
    Brute force protection (Micro Fail2ban) temporarily blocks source IPs that show malicious signs, such as too many password 
    failures. This may help mitigate scenarios where the appliance’s netw\
    ork services are exposed to an untrusted network such 
    as the public WAN, and scripted attacks or software worms are attempting to guess (bru\
    te force) user credentials and gain 
    unauthorized access.
    Brute Force Protection may be enabled for the listed services. Once protection \
    is enabled, 3 or more failed connection 
    attempts within 60 seconds from a specific source IP trigger it to be \
    banned from connecting for the next 60 seconds. Active 
    Bans are also listed and may be refreshed by reloading the page.
    Note: When an appliance is running on an untrusted network, it is recommended \
    that a variety of strategies are used to lock 
    down remote access.  This includes strong passwords (or even better, SSH public key authentication), VPN, and using Firewall 
    Rules to whitelist remote access from trusted source networks only.  
    						
    All Tripp Lite manuals Comments (0)

    Related Manuals for Tripp Lite 0 Idades Manual