Tripp Lite 0 Idades Manual
Have a look at the manual Tripp Lite 0 Idades Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 7 Tripp Lite manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
31 Chapter 3: Initial System Configuration 3.5 Communications Software You need to configure the access protocols that the communications soft\ ware on the Administrator and User Computer will use when connecting to the Console Server (and when connecting to seria\ l devices and network hosts which are attached to the Console Server). This section provides an overview of the communications software tools t\ hat can be used on the remote computer. Tripp Lite recommends the SDT Connector software tool that is provided with the Console Server; however, generic tools such as PuTTY and SSHTerm may also be used. 3.5.1 SDT Connector We recommend using the SDT Connector communications software for all communications with Console Servers. Ea\ ch Console Server is supplied with an unlimited number of SDT Connector licenses to use with that Console Server. SDT Connector is a lightweight tool that enables Users and Administrators to securely\ access the Console Server, and the various computers, network devices and appliances that may be serially o\ r network- connected to the Console Server. SDT Connector can be installed on Windows 2000, XP, 2003, Vista and on most Linux, UNIX and Solaris computers as detailed \ in Chapter 6. 3.5.2 PuTTY Communications packages like PuTTY can be also used to connect to the Console Server command line (and to\ connect to serially attached devices as covered in Chapter 4). PuTTY is a freeware implementation of Telnet and SSH for Win32 and UNIX platforms. It runs as an executable application without needing to be in\ stalled onto your system. PuTTY (the Telnet and SSH client itself) can be downloaded at http://www.tucows.com/preview/195286.html • To use PuTTY for an SSH terminal session from a Windows client, enter the Console Server’s IP address as the ‘Host Name (or IP address)’ • To access the Console Server command line, select ‘SSH’ as the protocol and use the default IP Port 22 • Click ‘Open’ and the Console Server login prompt will appear. (You may also receive a ‘Security Alert’ that the host’s key is not \ cached. Choose ‘yes’ to continue.) • Using the Telnet protocol is similarly simple, but you need to use the default port 23
32 Chapter 3: Initial System Configuration 3.5.3 SSHTerm Another common communications package that may be useful is SSHTerm. This is an open source package that can be downloaded from http://sourceforge.net/projects/sshtools • To use SSHTerm for an SSH terminal session from a Windows Client, simply Select the ‘File’ option and click on ‘New Connection’. • A new dialog box will appear for your ‘Connection Profile’. Type in the host name or IP address (for the Console Server unit) and the TCP port that the SSH session will use (port 22). Then type in your username and choose password authenti\ cation and click Connect. • A message may appear about the host key fingerprint. You will need to select ‘Yes’ or ‘Always’ to continue. • The next step is password authentication. You will be prompted for your username and password from the remote system. You will then be logged on to the Console Server
33 Chapter 3: Initial System Configuration 3.6 Management Network Configuration The B096-048/032/016 Console Server Management Switches and B094-008-2E\ -M-F / B094-008-2E-V Console Server each have an additional network port that can be configured as a Manag\ ement LAN port or as a failover/ OOB access port. 3.6.1 Enable the Management L AN The B096-048/032/016 Console Server Management Switches and B094-008-2E-\ M-F / B094-008-2E-V Console Server have dual Ethernet ports which can be configured to provide a manageme\ nt LAN gateway. With this configuration, the B096-048/032/016 and B094-008-2E-M-F / B094-008-2E-V provide firewall, router and DHCP server features and you can connect managed hosts to this management LAN. These features are all disabled by default. To configure the Management LAN gateway: • Select the Management L AN Interface page on the System: IP menu and uncheck Disable • Configure the IP Address and Subnet Mask for the Management LAN (but leave the DNS fields blank) • Click Apply Note: With the B094-008-2E-M-F, B096-048, B094-008-2E-V, B096-032 and B096-016 the second Ethernet port can be configured as either a gateway port or it can be configured as an\ OOB/Failover port - but not both. So ensure you did not allocate the Management LAN as the Failover Interface when you configured the principal Network connection on the System: IP menu
34 Chapter 3: Initial System Configuration The management gateway function is now enabled with default firewall a\ nd router rules. By default these rules are configured so the Management LAN can only be accessible by SSH port forwarding. This ensures the remote and local connections to Managed Devices on the Management LAN are secure. 3.6.2 Configure the DHCP server The Console Servers also host a DHCP server which by default is disabled\ . The DHCP server enables the automatic distribution of IP addresses to devices on the Network Interface or the \ Management LAN. To enable the DHCP server: • On the System: IP menu select the Management L AN Interface page and click the Disabled label in the DHCP Server field (or go to the System: DHCP Server menu and check Enable DHCP Server) • Enter the Gateway address that is to be issued to the DHCP clients. If this field is le\ ft blank, the Console Server’s IP address will be used • Enter the Primary DNS and Secondary DNS address to issue the DHCP clients. Again if this field is left blank,\ Console Server’s IP address is used, so leave this field blank for automati\ c DNS server assignment • Optionally enter a Domain Name suffix to issue DHCP clients • Enter the Default Lease time and Maximum Lease time in seconds. The lease time is the time that a dynamically assigned IP address is valid before the client must request it again • Click Apply The DHCP server will sequentially issue IP addresses from a specified \ address pool(s): • Click Add in the Dynamic Address Allocation Pools field • Enter the DHCP Pool Start Address and End Address and click Apply
35 Chapter 3: Initial System Configuration The DHCP server also supports pre-assigning IP addresses to be allocated\ only to specific MAC addresses and reserving IP addresses to be used by connected hosts with fixed IP addresses. To reserve an IP addresses for a particular host: • Click Add in the Reserved Addresses field • Enter the Hostname, the Hardware Address (MAC) and the Statically Reserved IP address for the DHCP client and click Apply When DHCP has initially allocated hosts addresses it is recommended to c\ opy these into the pre-assigned list so the same IP address will be reallocated in the event of a reboot. 3.6.3 Select Failover or broadband OOB The Console Servers provide a failover option so in the event of a probl\ em using the main LAN connection for accessing the Console Server; an alternate access path is automatically used. \ • By default the failover is not enabled. To enable, select the Network Interface page on the System: IP menu • Now select the Failover Interface to be used in the event of an outage on the main network. This can be: o a second Ethernet connection on the B094-008-2E-M-F / B094-008-2E-V or B096-048/032/016 o the B094-008-2E-M-F / B094-008-2E-V or B096-048/032/016 internal modem o an external modem device connected to the Console Server • Click Apply. You have selected the failover method. However it is not active until you\ have specified the external sites to be probed to trigger failover, and set up the failover ports themselves. This is covered in Chapter 5. Note: The second Ethernet port on the B094-008-2E-M-F / B094-008-2E-V or B096-048/032/016 can be configured as either a Management LAN gateway port or it can be configured as an OoB\ /Failover port - but not both. So ensure you did not configure this port as the Management LAN on the System: IP menu 3.6.4 Bridging the network ports By default the B096-048/032/016 Console Server's Management LAN network \ port can only be accessed using SSH tunneling /port forwarding or by establishing an IPsec VPN tunnel to the Console Server. However the network ports on the Console Servers can be bridged. • Select Enable Bridging on the System: IP General Settings menu
36 Chapter 3: Initial System Configuration With bridging enabled: • the Ethernet ports are transparently interconnected at the data link lay\ er (layer 2) • the Ethernet ports are configured collectively using the Network Interface menu • network traffic is forwarded between all Ethernet ports with no fire\ wall restrictions • the Management L AN Interface and Out-of-Band/Failover Interface functions are removed and the DHCP Server is disabled An alternate to bridging is to use the firewall/routing functions (pa\ cket filtering, port forwarding, masquerading) functions detailed in chapter 5. This can provide firewalled remote IP access to\ devices on the Management LAN. 3.6.5 Wireless L AN Console Servers can be fitted externally with an external 802.11 wirel\ ess USB dongle. The wireless device will then be auto- detected on power up and you will be presented with a Wireless L AN Interface menu in the System: IP menu • The wireless LAN is deactivated by default so to activate it first unc\ heck Disable To configure the IP settings of the wireless LAN: • Select DHCP or Static for the Configuration Method o If you selected Static then manually enter the new IP Address, Subnet Mask, Gateway and DNS server details. This selection automatically disables the DHCP client o If you selected DHCP the Console Server will look for configuration details from a DHCP se\ rver on your management LAN. This selection automatically disables any static address\ . The Console Server MAC address can be found on a label on the base plate • The wireless LAN when enabled will operate as the main network connectio\ n to the console server so failover is available (though it not enabled by default). Use Failover Interface to select the device to failover to in case of wireless outage and specify Probe Addresses of the peers to probed for connectivity detection • Configure the Wireless Client to select the local wireless network which will serve as \ the main network connection to the Console Server. o Enter the appropriate SSID (Set Service Identifier) of the wireless access point to connect to\ o Select the Wireless Network Type where Infrastructure is used to connect to an access point and Ad-hoc to connect directly to a computer o Select the Wireless Security mode of the wireless network (WEP, WPA etc) and enter the required Key/ Authentication/ Encryption settings Note: The Wireless screen in Status: Statistics will display all the locally accessible wireless LANs (with SSID and Encryption/ Authentication settings). You can also use this screen to confirm you have successfully connected\ to the selected access point. The Console Server enables access and control of serially-attached devices and network-attached devices (hosts). The Administrator must configure access privileges for each of these devic\ es, and specify the services that can be used to control the devices. The Administrator can also set up new users and specify eac\ h user’s individual access and control privileges. This chapter covers each of the steps in configuring hosts and seriall\ y attached devices: • Configure Serial Ports – setting up the protocols to be used in accessing serially-connected devices • Users & Groups – setting up users and defining the access permissions for each of\ these users
37 Chapter 3: Initial System Configuration • Authentication – this is covered in more detail in Chapter 9 • Network Hosts – configuring access to local network connected computers or applia\ nces (hosts) • Configuring Trusted Networks - nominate specific IP addresses that trusted users access from • Cascading and Redirection of Serial Console Ports • Connecting to Power (UPS PDU and IPMI) and Environmental Monitoring (\ EMD) devices • Serial Port Redirection – using the VirtualPort windows and Linux clients • Managed Devices - presents a consolidated view of all the connections • IPSec – enabling IPSec VPN connection • OpenVPN - enabling IPSec OpenVPN connection • PPTP – setting up point to point connection 3.6.6 Static routes Firmware 3.4 and later support static routes which provide a very quick \ way to route data from one subnet to another. You can hard code a path that specifies to the console server/router which\ path to take to get to a particular subnet. This may be useful for remotely accessing various subnets at a remote site when usin\ g the cellular OoB connection. To add to the static route to the route table of the system: • Select the Route Settings tab on the System: IP General Settings menu • Enter a meaningful Route Name for the route • In the Destination Network/Host field, enter the IP address of the destination network/host that the \ route provides access to • Enter a value in the Destination netmask field that identifies the destination network or host. Use any numb\ er between 0 and 32. A subnet mask of 32 identifies a host route. • In the Route Gateway field, enter the IP address of a router that will route packets to th\ e destination network (can be left blank) • Select the Interface to use to reach the destination (may be left as None) • Enter a value in the Metric field that represents the metric of this connection. This generally o\ nly has to be set if two or more routes conflict or have overlapping targets. Any number equal to \ or greater than 0 • Click Apply Note: The route details page provides a list of network interfaces and modems\ to which a route can be bound. In the case of a modem, the route will be attached to any dialup session which is estab\ lished via that device. A route can be specified with a gateway, an interface or both. If the specified interface is not active for w\ hatever reason, then routes configured for that interface will not be active.
38 4.1 Configuring Serial Ports To configure a serial port you must first set the Common Settings (C\ hapter 4.1.1) that are to be used for the data connection to that port (e.g. baud rate) and the mode the port is to operate in. \ Each port can be set to support one of six operating modes: i. Disabled Mode is the default, the serial port is inactive ii. Console Server Mode (Chapter 4.1.2) enables general access to the serial console port on \ serially attached devices iii. Device Mode (Chapter 4.1.3) sets the serial port up to communicate with an intelligent serial con\ trolled PDU, UPS or Environmental Monitor Devices (EMD) iv. SDT Mode (Chapter 4.1.4) enables graphical console access (with RDP, VNC, HTTPS etc) to hosts that are serially connected v. Terminal Server Mode (Chapter 4.1.5) sets the serial port to await an incoming terminal login session vi. Serial Bridge Mode (Chapter 4.1.6) enables the transparent interconnection of two serial port devices ov\ er a network To select the serial port to configure: • Select Serial & Network: Serial Port and click Edit on the port to be reconfigured Note: If you wish to set the same protocol options for multiple serial ports\ at once, click Edit Multiple Ports and select which ports you wish to configure as a group • When you have configured the common settings and the mode for each por\ t, set up any remote syslog (Chapter 4.1.7), then click Apply • If the Console Server has been configured with distributed Nagios moni\ toring enabled then you will also be presented with Nagios Settings options to enable nominated services on the Host to be monitored (refe\ r to Chapter 10 – Nagios Integration) Chapter 4: Serial Port, Device and User Configuration
39 Chapter 4: Serial Port, Device and User Configuration 4.1.1 Common Settings There are a number of common settings available for each serial port. Th\ ese are independent of the mode in which the port is being used. These serial port parameters must be set so they match th\ e serial port parameters on the device which is attached to that port. • Select Serial & Network: Serial Port and click Edit • Specify a label for the port • Select the appropriate Baud Rate, Parity, Data Bits, Stop Bits and Flow Control for each port (and ensure they \ match the settings for serial device that is connected). The Signaling Protocol i\ s hard configured to be RS232 Note: The serial ports are all set at the factory to RS232 9600 baud, no par\ ity, 8 data bits, 1 stop bit and Console Server Mode. The baud rate can be changed to 2400 – 230400 baud using the ma\ nagement console. Lower baud rates (50, 75, 110, 134, 150, 200, 300, 600, 1200, 1800 baud) can be configured from\ the command line as detailed in Chapter 14
40 Chapter 4: Serial Port, Device and User Configuration 4.1.2 Console Server Mode Select Console Server Mode to enable remote management access to the serial console that is attach\ ed to the serial port: Logging Level This specifies the level of information to be logged and monitored (r\ efer to Chapter 7 - Alerts and Logging) Telnet Check to enable Telnet access to the serial port. When enabled, a Telnet client on a User or Administrator’s computer can connect to a serial device attached to this serial port on \ the Console Server. The default port address is IP Address _ Port (2000 + serial port #) i.e. 2001 – 2048 Telnet communications are unencrypted, so this protocol is generally reco\ mmended for local connections only. However, if the remote communications are being tunneled with SDT Connector, then Telnet can be used to securely access these attached devices (see Note below). With Win2000/XP/NT you can run Telnet from the command prompt (cmd.exe). Vista comes with a Telnet client and server but they are not enabled by default. To enable Telnet, simply: • Log in as Admin and go to Start/ Control Panel/Programs and Features • Select Turn Windows Features On or Off, check the Telnet Client and click OK