Tripp Lite 0 Idades Manual
Have a look at the manual Tripp Lite 0 Idades Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 7 Tripp Lite manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
71 Chapter 4: Serial Port, Device and User Configuration 4.12 IP Passthrough IP Passthrough is used to make a modem connection (e.g. the Appliance’s \ internal cellular modem) appear like a regular Ethernet connection to a third-party downstream router, allowing the downstream router to use the Appliance’s modem connection as a primary or backup WAN interface. The appliance provides the modem IP address and DNS details to the downs\ tream device over DHCP and transparently passes network traffic to and from the modem and router. While IP Passthrough essentially turns an Appliance into a modem-to-Ethernet half \ bridge, some specific layer 4 services (HTTP/HTTPS/SSH) may still be terminated at the Appliance (Service Intercepts). Also, services running on the Appliance can initiate outbound cellular connections independent of the downstream rou\ ter. This allows the Appliance to continue to be used for out-of-band management and alerting while in IP Passthrough mode. 4.12.1 Downstream router setup To use failover connectivity on the downstream router (aka Failover to Cellular or F2C), it must have two or more WAN interfaces. Note: Failover in IP Passthrough context is performed entirely by the downstrea\ m router, and the built-in out-of-band failover logic on the Appliance itself is not available while in IP Passthrough m\ ode. Connect an Ethernet WAN interface on the downstream router to the Appliance’s Network Inte\ rface or Management LAN port with an Ethernet cable. Configure this interface on the downstream router to receive its netwo\ rk settings via DHCP. If failover is required, configure the downstream router for failover between its primary interface and the Eth\ ernet port connected to the Appliance. 4.12.2 IP Passthrough pre-configuration Prerequisite steps to enable IP Passthrough are: • Configure the Network Interface and where applicable Management LAN interfaces with static network settings o Click Serial & Network: IP o For Network Interface and where applicable Management L AN, select Static for the Configuration Method and enter the network settings (see the section entitled Network Configuration for detailed instructions) o For the interface connected to the downstream router, you may choose any dedicated private network – this network will only exist between the Appliance and downstream router and will not\ normally be accessible o For the other interface, configure it as you would per normal on the lo\ cal network o For both interfaces, leave Gateway blank • Configure the Appliance modem in Always On Out-of-band mode o For a cellular connection, click System: Dial: Internal Cellular Modem o Select Enable Dial-Out and enter carrier details such as APN (see the section entitled Cellular Modem Connection for detailed instructions)
72 Chapter 4: Serial Port, Device and User Configuration 4.12.3 IP Passthrough configuration To configure IP Passthrough: • Click Serial & Network: IP Passthrough and check Enable • Select the Appliance Modem to use for upstream connectivity • Optionally, enter the MAC Address of downstream router’s connected interface Note: If MAC address is not specified, the Appliance will passthrough to the\ first downstream device requesting a DHCP address. • Select the Appliance Ethernet Interface to use for connectivity to the downstream router • Click Apply 4.12.4 Service intercepts These allow the Appliance to continue to provide services for out-of-band management when in IP Passthrough mode. Connections to the modem address on the specified intercept port(s) \ will be handled by the Appliance, rather than being passed through to the downstream router. • For the required service of HTTP, HTTPS or SSH, check Enable • Optionally, modify the Intercept Port to an alternate port (e.g. 8443 for HTTPS). This is useful if you want to continue to allow the downstream router to remain accessible via its regular port 4.12.5 IP Passthrough status Refresh the page to view the Status section. It displays the modem’s External IP Address being passed through, the Internal MAC Address of the downstream router (only populated when the downstream router ac\ cepts the DHCP lease), and the overall running status of the IP Passthrough service. Additionally, you may be alerted to the failover status of the downstream router by \ configuring a Routed Data Usage Check under Alerts & Logging: Auto-Response. 4.12.6 Caveats Some downstream routers may be incompatible with the gateway route. This\ may happen when IP Passthrough is bridging a 3G cellular network where the gateway address is a point-to-point destin\ ation address and no subnet information is available. The Appliance sends a DHCP netmask of 255.255.255.255. Devices will norm\ ally correctly construe this as a “single host route” on the interface, but as this is an unusual setting for Ethern\ et, some older downstream devices may have issues. Intercepts for local services will not work if the Appliance is using a \ default route other than the modem. As per normal operation, they will also not work unless the service is enabled and acc\ ess to the service is enabled (see System: Services: Service Access: Dialout/Cellular). Outbound connections originating from Appliance to remote services are s\ upported (e.g. sending SMTP email alerts, SNMP traps, getting NTP time, IPSec tunnels). However, there is a miniscule risk of connection failure should both the Applia\ nce and the downstream device try to access the same UDP or TCP port on the same remote host at the same time where they have randomly chosen the same originating local port number.
73 Chapter 5: Firewall, Failover and Out-of-Band The Console Server has a number of failover and out-of-band access capabilities to ensure availability in the event there are difficulties in accessing the Console Server through the principal net\ work path. This chapter covers: • Out-of-band (OoB) access from a remote location using dial-up modem • Out-dial failover • OoB access using an alternate broadband link • Broadband failover The Console Server can also provide basic routed firewall facilities w\ ith NAT (Network Address Translation), packet filtering and port forwarding support on all network interfaces. 5.1 OoB Dial-In Access To enable OoB dial-in access, first set up the Console Server configu\ ration for dial-in PPP access. Once the Console Server is so configured, it will wait for an incoming connection from a dial-in \ at a remote site. Then remote Administrator’s must be configured to dial-in and must \ establish a network connection to the Console Server. Note: The B094-008-2E-M-F, B096-048/032/016 and BO095-003-M Console Servers have an internal modem for dial-up OoB access. The B092-016 Console Server needs an external modem to be at\ tached via a serial cable to its DB9 port. With the B095-004 Console Server the four serial ports are by default all con\ figured as RJ serial Console Server ports. However Port 1 can be configured to be the Local Console/Modem port for an ext\ ernal modem to be attached.
74 Chapter 5: Firewall, Failover and Out-of-Band 5.1.1 Configure dial-in PPP To enable dial-in PPP access on the Console Server modem port/ internal m\ odem: • Select the System: Dial menu option and the port to be configured (Serial DB9 Port or Internal Modem Port) Note: The Console Server’s console/modem serial port is set by default to\ 115200 baud, No parity, 8 data bits and 1 stop bit, with software (Xon-Xoff) flow control enabled. You can modify the baud rate and flow control using the Management Console. You can further configure the console/modem port settings by editing /etc/mgetty.config files as described in Chapter 14. • Select the Baud Rate and Flow Control that will communicate with the modem • Check the Enable Dial-In Access box • Enter the User name and Password to be used for the dial-in PPP link • In the Remote Address field, enter the IP address to be assigned to the dial-in client. You can select any address for the Remote IP Address. However, it and the Local IP Address must both be in the same network range (e\ .g. 200.100.1.12 and 200.100.1.67) • In the Local Address field, enter the IP address for the Dial-In PPP Server. This is the IP address that will be used by the remote client to access Console Server once the modem connection is esta\ blished. Again, you can select any address for the Local IP Address but both must be in the same network range as the R\ emote IP Address • The Default Route option enables the dialed PPP connection to become the default route fo\ r the Console Server • The Custom Modem Initialization option allows a custom AT string modem initialization string to be entered (e.g. AT&C1&D3&K3) • Then select the Authentication Type to be applied to the dial-in connection. The Console Server uses authen\ tication to challenge Administrators who dial-in to the Console Server. (For dial-in access, the username and password received from the dial-in client are verified against the local authentication datab\ ase stored on the Console Server). The Administrator must also have their client computer configured to use the selected au\ thentication scheme. Select PA P CHAP MSCHAPv2 or None and click Apply
75 None With this selection, no username or password authentication is required f\ or dial-in access. This is not recommended. PA P Password Authentication Protocol (PAP) is the usual method of user authentication used on the internet: sending a username and password to a server where they are compared with\ a table of authorized users. Whilst most common, PAP is the least secure of the authentication options. CHAP Challenge-Handshake Authentication Protocol (CHAP) is used to verify a\ user's name and password for PPP Internet connections. It is more secure than PAP, the other main authentication protocol. MSCHAPv2 Microsoft Challenge Handshake Authentication Protocol (MSCHAP) is auth\ entication for PPP connections between a computer using a Microsoft Windows operating system and a network access server. It is more secure than PAP or CHAP, and is the only option that also supports data encryption • Console Servers all support dial-back for additional security. This is configured per-user in Serial & Network: Users & Groups Edit. Check the Enable Dial-Back box and enter the phone number to be called to re-establish an OoB link \ once a dial-in connection has been logged 5.1.2 Using SDT Connector client for dial-in Administrators can use their SDT Connector client to set up secure OoB d\ ial-in access to all their remote Console Servers. With a point and click you can initiate a dial-up connection. Refer to Ch\ apter 6.5. 5.1.3 Set up Windows XP/ 2003/Vista/7 client for dial-in • Open Network Connections in Control Panel and click the New Connection Wizard • Select Connect to the Internet and click Next • On the Getting Ready screen select Set Up My Connection Manually and click Next • On the Internet Connection screen select Connect Using a Dial-Up Modem and click Next • Enter a Connection Name (any name you choose) and the dial-up Phone Number that will connect thru to the Console Server modem Chapter 5: Firewall, Failover and Out-of-Band
76 • Enter the PPP User Name and Password for have set up for the Console Server 5.1.4 Set up earlier Windows clients for dial-in • For Windows 2000, the PPP client set up procedure is the same as above, excep\ t you get to the Dial-Up Networking Folder by clicking the Start button and selecting Settings. Then click Network and Dial-up Connections and click Make New Connection • Similarly, for Windows 98, you double-click My Computer on the Desktop, then open Dial-Up Networking and double click Make New Connection and proceed as above 5.1.5 Set up Linux clients for dial-in The online tutorial http://www.yolinux.com/TUTORIALS/LinuxTutorialPPP.html presents a selection of methods for establishing a dial up PPP connection: • Command line PPP and manual configuration (which works with any Linux\ distribution) • Using the Linuxconf configuration tool (for Red Hat compatible distributions). This con\ figures the scripts ifup/ifdown to start and stop a PPP connection • Using the Gnome control panel configuration tool - • WVDIAL and the Redhat "Dialup configuration tool" • GUI dial program X-isp. Download/Installation/Configuration Note: For all PPP clients: • Set the PPP link up with TCP/IP as the only protocol enabled • Specify that the Server will assign IP address and do DNS • Do not set up the Console Server PPP link as the default for Internet co\ nnection Chapter 5: Firewall, Failover and Out-of-Band
77 5.2 OoB Broadband Access The B096-048/032/016 Console Server Management Switch has a second Ether\ net network port that can be configured for alternate and OoB (out-of-band) broadband access. With two active broadband access paths to the Console Server, in the event you are unable to access through the primary management network, y\ ou may still have access through the alternate broadband path (e.g. a T1 link). • On the System: IP menu, select Management L AN Interface and configure the IP Address, Subnet Mask, Gateway and DNS with the access settings that relate to the alternate link • Ensure that when configuring the principal Network Interface connection, you set the Failover Interface to None 5.3 Broadband Ethernet Failover The second Ethernet port on the B096-048/032/016 Console Server Manageme\ nt Switch can also be configured for failover to ensure transparent high availability. Chapter 5: Firewall, Failover and Out-of-Band • When configuring the principal network connection on the System: IP Network Interface menu, select Management L AN (eth1) as the Failover Interface to be used when a fault has been detected with main Network Interface (\ eth0)
78 • Specify the Probe Addresses of two sites (the Primary and Secondary) that the B096-048/032/016 is to ping to determine if Network (eth0) is still operational • Then configure Management L AN Interface (eth1) with the same IP setting that you used for the main Network Interface (eth0) to ensure transparent redundancy In this mode, Network 2 (eth1) is available as the transparent back-up\ port to Network 1 (eth0) for accessing the management network. Network 2 will automatically and transparently take \ over the work of Network 1, in the event Network 1 becomes unavailable for any reason. By default, the Console Server supports automatic failure-recovery back \ to the original state prior to failover. The Console Server continually pings probe addresses whilst in original and failover\ states. The original state will automatically be set as a priority and re-established following three successful pings of the pr\ obe addresses during failover. The failover state will be removed once the original state has been re-established. Chapter 5: Firewall, Failover and Out-of-Band 5.4 Dial-Out Access The internal or externally attached modem on the Console Servers can be \ set up either o in Failover mode, where a dial-out connection is only established in event of a ping failure, or o with the dial-out connection always on In both of the above cases, in the event of a disruption in the dial-out\ connection, the Console Server will endeavor to re- establish the connection. 5.4.1 Always-on dial-out The Console Server modem can be configured for out-dial to be always o\ n, with a permanent external dial-up ppp connection. • Select the System: Dial menu option and check Enable Dial-Out to allow outgoing modem communications • Select the Baud Rate and Flow Control that will communicate with the modem • In the Dial-Out Settings - Always On Out-of-Band field enter the access details for the remote PPP server to be called Override DNS is available for PPP Devices such as modems. Override DNS allows the us\ e of alternate DNS servers from those provided by your ISP. For example, an alternative DNS may be required for OpenDNS used for cont\ ent filtering. • To enable Override DNS, check the Override returned DNS Servers box. Enter the IP of the DNS \ servers into the spaces provided.
79 5.4.2 Dial-Out Failover The Console Servers can also be configured for dial-out failover— s\ o a dial-out PPP connection is automatically set up in the event of a disruption in the principal management network: • When configuring the principal network connection in System: IP, specify Internal Modem (or the Dial Serial DB9 if using an external modem on the Console port) as the Failover Interface to be used when a fault has been detected with Network1 (eth0) • Specify the Probe Addresses of two sites (the Primary and Secondary) that the Console Server is to ping to determine if Network1 is still operational • Select the System: Dial menu option and the port to be configured (Serial DB9 Port or Internal Modem Port) • Select the Baud Rate and Flow Control that will communicate with the modem Note: You can further configure the console/modem port (e.g. to include modem init strings) by editing /etc/mgetty.config files as described in Chapter 13. • Check the Enable Dial-Out Access box and enter the access details for the remote PPP server to be called\ Note: Both SSH and HTTPS access is enabled for dial-out failover, do the administrator can SSH (or HTTPS) connect to the console server (and its Managed Devices) and fix the problem Override DNS is available for PPP Devices such as modems. Override DNS allows the u\ se of alternate DNS servers from those provided by your ISP. For example, an alternative DNS may be required for OpenDNS used for cont\ ent filtering. • To enable Override DNS, check the Override returned DNS Servers box. Enter the IP of the DNS servers into the spaces provided Note: By default, the Console Server supports automatic failure-recovery bac\ k to the original state prior to failover. The Console Server continually pings probe addresses whilst in original and \ failover states. The original state will automatically be set as a priority and reestablished following three successful pings of \ the probe addresses during failover. The failover state will be removed once the original state has been re-established. Chapter 5: Firewall, Failover and Out-of-Band
80 Chapter 5: Firewall, Failover and Out-of-Band 5.5 Firewall & Forwarding Console Servers provide basic firewalled routing, NAT (Network Address Translation), packet filtering and port forwarding support on all network interfaces. 5.5.1 Configuring network forwarding and IP masquerading To use a Console Server as an Internet or external network gateway requir\ es establishing an external network connection and then setting up forwarding and masquerading. Note: Network forwarding allows the network packets on one network interface (i.e. LAN1/ eth0)\ to be forwarded to another network interface (i.e. LAN2/eth1 or dial-out/cellular) so that locall\ y networked devices can connect to IP through the Console Server to devices on remote networks. IP masquerading is used to allow all the devices on your local private network to hide behind and share the one public IP address when connecting to a public n\ etwork. This type of translation is only used for connections originating within the private network destined for the outs\ ide public network, and each outbound connection is maintained by using a different source IP port number. By default, all Console Server models are configured so that they will\ not route traffic between networks. To use the Console Server as an Internet or external network gateway, forwarding must be enabled so that traffic can be routed from the in\ ternal network to the Internet/external network: • Navigate to the System: Firewall page, and then click on the Forwarding &Masquerading tab