Tripp Lite 0 Idades Manual

							31
Chapter 3: Initial System Configuration
3.5 Communications Software 
You need to configure the access protocols that the communications soft\
ware on the Administrator and User Computer will 
use when connecting to the Console Server (and when connecting to seria\
l devices and network hosts which are attached to 
the Console Server). 
This section provides an overview of the communications software tools t\
hat can be used on the remote computer. Tripp Lite 
recommends the SDT Connector software tool that is provided with the Console Server; however, generic tools such as PuTTY 
and SSHTerm may also be used.
3.5.1  SDT Connector
We recommend using the SDT Connector communications software for all communications with Console Servers. Ea\
ch 
Console Server is supplied with an unlimited number of SDT Connector licenses to use with that Console Server.
SDT Connector is a lightweight tool that enables Users and Administrators to securely\
 access the Console Server, and the 
various computers, network devices and appliances that may be serially o\
r network- connected to the Console Server. SDT 
Connector can be installed on Windows 2000, XP, 2003, Vista and on most Linux, UNIX and Solaris computers as detailed \
in 
Chapter 6.
3.5.2 PuTTY
Communications packages like PuTTY can be also used to connect to the Console Server command line (and to\
 connect to 
serially attached devices as covered in Chapter 4). PuTTY is a freeware implementation of Telnet and SSH for Win32 and UNIX 
platforms. It runs as an executable application without needing to be in\
stalled onto your system. PuTTY (the Telnet and SSH 
client itself) can be downloaded at http://www.tucows.com/preview/195286.html
• To use PuTTY for an SSH terminal session from a Windows client,    
 enter the Console Server’s IP address as the ‘Host Name (or IP    
 address)’ 
• To access the Console Server command line, select ‘SSH’ as the    
 protocol and use the default IP Port 22
• Click ‘Open’ and the Console Server login prompt will appear. (You    
 may also receive a ‘Security Alert’ that the host’s key is not \
   
 cached.  Choose ‘yes’ to continue.) 
• Using the Telnet protocol is similarly simple, but you need to use    
 the default port 23  
						

							32
Chapter 3: Initial System Configuration
3.5.3   SSHTerm 
Another common communications package that may be useful is SSHTerm. This is an open source package that can be 
downloaded from http://sourceforge.net/projects/sshtools
  
• To use SSHTerm for an SSH terminal session from a Windows Client, simply Select  
 the ‘File’ option and click on ‘New Connection’. 
• A new dialog box will appear for your ‘Connection Profile’. Type in the host name or  
 IP address (for the Console Server unit) and the TCP port that the SSH session will  
 use (port 22). Then type in your username and choose password authenti\
cation and  
 click Connect. 
•  A message may appear about the host key fingerprint. You will need to select ‘Yes’ 
or ‘Always’ to continue. 
• The next step is password authentication. You will be prompted for your username 
and password from the remote system. You will then be logged on to the Console 
Server  
						

							33
Chapter 3: Initial System Configuration
3.6 Management Network Configuration 
The  B096-048/032/016 Console Server Management Switches and B094-008-2E\
-M-F / B094-008-2E-V Console Server 
each have an additional network port that can be configured as a Manag\
ement LAN port or as a failover/ OOB access port.  
3.6.1  Enable the Management L AN
The B096-048/032/016 Console Server Management Switches and B094-008-2E-\
M-F / B094-008-2E-V Console Server 
have dual Ethernet ports which can be configured to provide a manageme\
nt LAN gateway. With this configuration, the  
B096-048/032/016 and B094-008-2E-M-F / B094-008-2E-V provide firewall, router and DHCP server features and you can 
connect managed hosts to this management LAN. 
 These features are all disabled by default. To configure the Management LAN gateway:
• Select the Management L AN Interface page on the System: IP menu and uncheck Disable
• Configure the IP Address and Subnet Mask for the Management LAN (but leave the DNS fields blank)
• Click Apply 
 
Note: With the B094-008-2E-M-F, B096-048, B094-008-2E-V, B096-032 and B096-016 the second Ethernet port can 
be configured as either a gateway port or it can be configured as an\
 OOB/Failover port - but not both. So ensure you did not 
allocate the Management LAN as the Failover Interface when you configured the principal Network connection on the 
System: IP menu  
						

							34
Chapter 3: Initial System Configuration
The management gateway function is now enabled with default firewall a\
nd router rules. By default these rules are configured 
so the Management LAN can only be accessible by SSH port forwarding. This ensures the remote and local connections to 
Managed Devices on the Management LAN are secure. 
3.6.2 Configure the DHCP server 
The Console Servers also host a DHCP server which by default is disabled\
.  The DHCP server enables the automatic 
distribution of IP addresses to devices on the Network Interface or the \
Management LAN. To enable the DHCP server:
• On the System: IP menu select the Management L AN Interface page and click the Disabled label in the DHCP Server 
field (or go to the System: DHCP Server menu and check Enable DHCP Server) 
 
• Enter the Gateway address that is to be issued to the DHCP clients. If this field is le\
ft blank, the Console Server’s  IP 
address will be used
• Enter the Primary DNS and Secondary DNS address to issue the DHCP clients. Again if this field is left blank,\
 Console 
Server’s IP address is used, so leave this field blank for automati\
c DNS server assignment
• Optionally enter a Domain Name suffix to issue DHCP clients
• Enter the Default Lease time and Maximum Lease time in seconds. The lease time is the time that a dynamically 
assigned IP address is valid before the client must request it again
• Click Apply
The DHCP server will sequentially issue IP addresses from a specified \
address pool(s): 
• Click Add in the Dynamic Address Allocation Pools field
• Enter the DHCP Pool Start Address and End Address and click Apply  
						

							35
Chapter 3: Initial System Configuration
 
The DHCP server also supports pre-assigning IP addresses to be allocated\
 only to specific MAC addresses and reserving IP 
addresses to be used by connected hosts with fixed IP addresses.  To reserve an IP addresses for a particular host: 
• Click Add in the Reserved Addresses field
• Enter the Hostname, the Hardware Address (MAC) and the Statically Reserved IP address for the DHCP client and 
click Apply 
 
When DHCP has initially allocated hosts addresses it is recommended to c\
opy these into the pre-assigned list so the same IP 
address will be reallocated in the event of a reboot.  
3.6.3   Select Failover or broadband OOB
The Console Servers provide a failover option so in the event of a probl\
em using the main LAN connection for accessing the 
Console Server; an alternate access path is automatically used.         \
  
• By default the failover is not enabled. To enable, select the Network Interface page on the System: IP menu
• Now select the Failover Interface to be used in the event of an outage on the main network. This can be:
  o a second Ethernet connection on the B094-008-2E-M-F / B094-008-2E-V or B096-048/032/016  
  o the B094-008-2E-M-F / B094-008-2E-V or B096-048/032/016 internal modem
  o an external modem device connected to the Console Server 
• Click Apply. You have selected the failover method. However it is not active until you\
 have specified the external sites to 
be probed to trigger failover, and set up the failover ports themselves. This is covered in Chapter 5.   
Note: The second Ethernet port on the B094-008-2E-M-F / B094-008-2E-V or B096-048/032/016 can be configured as 
either a Management LAN gateway port or it can be configured as an OoB\
/Failover port - but not both. So ensure you did not 
configure this port as the Management LAN on the System: IP menu
3.6.4  Bridging the network ports
By default the B096-048/032/016 Console Server's Management LAN network \
port can only be accessed using SSH 
tunneling /port forwarding or by establishing an IPsec VPN tunnel to the Console Server. 
However the network ports on the Console Servers can be bridged.
• Select Enable Bridging on the System: IP General Settings menu  
						

							36
Chapter 3: Initial System Configuration
With bridging enabled:
• the Ethernet ports are transparently interconnected at the data link lay\
er (layer 2)
• the Ethernet ports are configured collectively using the Network Interface menu
• network traffic is forwarded between all Ethernet ports with no fire\
wall restrictions
• the Management L AN Interface and Out-of-Band/Failover Interface functions are removed and the DHCP Server is 
disabled
An alternate to bridging is to use the firewall/routing functions (pa\
cket filtering, port forwarding, masquerading) functions 
detailed in chapter 5. This can provide firewalled remote IP access to\
 devices on the Management LAN.
3.6.5  Wireless L AN
Console Servers can be fitted externally with an external 802.11 wirel\
ess USB dongle. The wireless device will then be auto-
detected on power up and you will be presented with a Wireless L AN Interface menu in the System: IP menu
• The wireless LAN is deactivated by default so to activate it first unc\
heck Disable
To configure the IP settings of the wireless LAN:
• Select DHCP or Static for the Configuration Method
   o If you selected Static then manually enter the new IP Address, Subnet Mask, Gateway and DNS server details.  
    This selection automatically disables the DHCP client 
  o If you selected DHCP the Console Server will look for configuration details from a DHCP se\
rver on your  
    management LAN. This selection automatically disables any static address\
. The Console Server MAC address can  
   be found on a label on the base plate
• The wireless LAN when enabled will operate as the main network connectio\
n to the console server so failover is available 
(though it not enabled by default). Use Failover Interface to select the device to failover to in case of wireless outage 
and specify Probe Addresses of the peers to probed for connectivity detection
• Configure the Wireless Client to select the local wireless network which will serve as \
the main network connection to the 
Console Server.
  o Enter the appropriate SSID (Set Service Identifier) of the wireless access point to connect to\
 
  o  Select the Wireless Network Type where Infrastructure is used to connect to an access point and Ad-hoc to  
    connect directly to a computer
 o  Select the Wireless Security mode of the wireless network (WEP, WPA etc) and enter the required  
    Key/ Authentication/ Encryption settings
Note: The Wireless screen in Status: Statistics will display all the locally accessible wireless LANs (with SSID and Encryption/
Authentication settings). You can also use this screen to confirm you have successfully connected\
 to the selected access point. 
The Console Server enables access and control of serially-attached devices and network-attached devices (hosts). The 
Administrator must configure access privileges for each of these devic\
es, and specify the services that can be used to control 
the devices. The Administrator can also set up new users and specify eac\
h user’s individual access and control privileges.   
This chapter covers each of the steps in configuring hosts and seriall\
y attached devices:
• Configure Serial Ports – setting up the protocols to be used in accessing  serially-connected devices 
• Users & Groups – setting up users and defining the access permissions for each of\
 these users  
						

							37
Chapter 3: Initial System Configuration
• Authentication – this is covered in more detail in Chapter 9
• Network Hosts – configuring access to local network connected computers or applia\
nces (hosts)
• Configuring Trusted Networks - nominate specific IP addresses that trusted users access from
• Cascading and Redirection of Serial Console Ports
• Connecting to Power (UPS PDU and IPMI) and Environmental Monitoring (\
EMD) devices 
• Serial Port Redirection – using the VirtualPort windows and Linux clients
• Managed Devices - presents a consolidated view of all the connections
• IPSec – enabling IPSec VPN connection
• OpenVPN - enabling IPSec OpenVPN connection
• PPTP – setting up point to point connection
3.6.6 Static routes 
Firmware 3.4 and later support static routes which provide a very quick \
way to route data from one subnet to another. You 
can hard code a path that specifies to the console server/router which\
 path to take to get to a particular subnet. This may be 
useful for remotely accessing various subnets at a remote site when usin\
g the cellular OoB connection.
To add to the static route to the route table of the system: 
• Select the Route Settings tab on the System: IP General Settings menu
• Enter a meaningful Route Name for the route 
• In the Destination Network/Host field, enter the IP address of the destination network/host that the \
route provides access to
• Enter a value in the Destination netmask field that identifies the destination network or host. Use any numb\
er between 
0 and 32. A subnet mask of 32 identifies a host route.
• In the Route Gateway field, enter the IP address of a router that will route packets to th\
e destination network (can be left 
blank)
•  Select the Interface to use to reach the destination (may be left as None) 
•  Enter a value in the Metric field that represents the metric of this connection. This generally o\
nly has to be set if two or 
more routes conflict or have overlapping targets. Any number equal to \
or greater than 0
•  Click Apply 
Note: The route details page provides a list of network interfaces and modems\
 to which a route can be bound. In the case of 
a modem, the route will be attached to any dialup session which is estab\
lished via that device. A route can be specified with 
a gateway, an interface or both. If the specified interface is not active for w\
hatever reason, then routes configured for that 
interface will not be active.  
						

							38
4.1 Configuring Serial Ports 
To configure a serial port you must first set the Common Settings (C\
hapter 4.1.1) that are to be used for the data connection 
to that port (e.g. baud rate) and the mode the port is to operate in. \
Each port can be set to support one of six operating 
modes:
i. Disabled Mode is the default, the serial port is inactive
ii. Console Server Mode (Chapter 4.1.2) enables general access to the serial console port on \
serially attached devices
iii. Device Mode (Chapter 4.1.3) sets the serial port up to communicate with an intelligent serial con\
trolled PDU, UPS or 
Environmental Monitor Devices (EMD)
iv. SDT Mode (Chapter 4.1.4) enables graphical console access (with RDP, VNC, HTTPS etc) to hosts that are serially 
connected
v. Terminal Server Mode (Chapter 4.1.5) sets the serial port to await an incoming terminal login session
vi. Serial Bridge Mode (Chapter 4.1.6) enables the transparent interconnection of two serial port devices ov\
er a network
To select the serial port to configure: 
•  Select Serial & Network: Serial Port and click Edit on the port to be reconfigured 
Note: If you wish to set the same protocol options for multiple serial ports\
 at once, click Edit Multiple Ports and select which 
ports you wish to configure as a group 
 
• When you have configured the common settings and the mode for each por\
t, set up any remote syslog (Chapter  4.1.7), 
then click Apply 
• If the Console Server has been configured with distributed Nagios moni\
toring enabled then you will also be presented 
with Nagios Settings options to enable nominated services on the Host to be monitored (refe\
r to Chapter 10 – Nagios 
Integration)
Chapter 4: Serial Port, Device and User Configuration  
						

							39
Chapter 4: Serial Port, Device and User Configuration
4.1.1 Common Settings 
There are a number of common settings available for each serial port. Th\
ese are independent of the mode in which the port 
is being used. These serial port parameters must be set so they match th\
e serial port parameters on the device which is 
attached to that port.
 
• Select Serial & Network: Serial Port and click Edit
• Specify a label for the port
• Select the appropriate Baud Rate, Parity, Data Bits, Stop Bits and Flow Control for each port (and ensure they \
match the 
settings for serial device that is connected). The Signaling Protocol i\
s hard configured to be RS232 
Note: The serial ports are all set at the factory to RS232 9600 baud, no par\
ity, 8 data bits, 1 stop bit and Console Server 
Mode. The baud rate can be changed to 2400 – 230400 baud using the ma\
nagement console. Lower baud rates (50, 75, 
110, 134, 150, 200, 300, 600, 1200, 1800 baud) can be configured from\
 the command line as detailed in Chapter 14
   
						

							40
Chapter 4: Serial Port, Device and User Configuration
4.1.2 Console Server Mode 
Select Console Server Mode to enable remote management access to the serial console that is attach\
ed to the serial port:
 
Logging Level  This specifies the level of information to be logged and monitored (r\
efer to Chapter 7 - Alerts and Logging)  
Telnet   Check to enable Telnet access to the serial port. When enabled, a Telnet client on a User or Administrator’s 
computer can connect to a serial device attached to this serial port on \
the Console Server. The default port 
address is IP Address _ Port (2000 + serial port #) i.e. 2001 – 2048
  Telnet communications are unencrypted, so this protocol is generally reco\
mmended for local connections 
only. However, if the remote communications are being tunneled with SDT Connector, then Telnet can be 
used to securely access these attached devices (see Note below).
 With Win2000/XP/NT you can run Telnet from the command prompt (cmd.exe). Vista comes with a Telnet 
client and server but they are not enabled by default. To enable Telnet, simply: 
     • Log in as Admin and go to Start/ Control Panel/Programs and Features
      • Select Turn Windows Features On or Off, check the Telnet Client and click OK