Raritan DOMINION SX - Betriebsanweisung

Copyright © 2010 Raritan, Inc. DSX-v3.2-0T-E December 2010 255-60-2000-00 Dominion SX User Guide 3.2.0

Contents x Adduser Command ... 169 Deletegr

Chapter 9: Security 81 Configure Kerberos 1. Click Enable Kerberos. 2. Type the name of the file you want for your Hosts File in the Hosts Fil

Chapter 9: Security 82 Generate a Certificate Signing Request To generate a Certificate Signing Request (CSR): 1. Choose Security > Certific

Chapter 9: Security 83  Email address 5. To view the default certificate or the CSR, click the appropriate radio buttons. 6. Click OK. The CS

Chapter 9: Security 84 Note: If the Dominion SX is not used to generate the certificate signing request and an external certificate is used instea

Chapter 9: Security 85 SSL Client Certificate SSL Security certificates are used in browser access to ensure that the device to which you are att

Chapter 9: Security 86 Enable Client Certificate Authentication To enable Client Certificate Authentication: 1. Select the Enable SSL Client

Chapter 9: Security 87 Install a New Trusted Certificate Authority To install a new trusted Certificate Authority (CA) to the SX, the CA certific

Chapter 9: Security 88 Delete a Certificate Revocation List from the SX To delete a CRL from the SX: 1. Select the Delete Certificate Revocatio

Chapter 9: Security 89 Banner Dominion SX optionally supports a customizable welcome banner of maximum 5000 words, 8 words per row, that appears

Chapter 9: Security 90 5. Click OK. Security Profiles The SX provides three security profiles for your use. The profiles simplify the task of as

Contents xi Chapter 14 Intelligent Platform Management Interface 200 Discover IPMI Devices ...

Chapter 9: Security 91 Edit the Custom Profile To edit the Custom profile: 1. Choose Security > Security Profiles. The Security Profiles

Chapter 9: Security 92 Enable the Firewall To enable the firewall: 1. Choose Security > Firewall. The Firewall page opens, displaying the

Chapter 9: Security 93 Note: Rules are added using the IPTables command to the kernel. These rules take effect immediately but persist permanentl

94 This chapter explains how to enable and configure the various SX logs. In This Chapter Configuring Local Event Logging ...

Chapter 10: Logging 95 Enable System Logging This feature sends event log messages to a remote Syslog server. The messages from the Dominion SX u

Chapter 10: Logging 96 Note: If no specific IPs are entered for the port data destination servers, port logs are sent to the Syslog server configu

Chapter 10: Logging 97 3. Type the maximum file size allowed in the Size field. Once this size is reached, a new file is created to store the po

Chapter 10: Logging 98 Configure Encryption To configure encryption: 1. Go to the Encryption panel and select the Encryption checkbox. To turn

Chapter 10: Logging 99 Enable SMTP Logging To enable SMTP logging: 1. Go to the SMTP Settings panel and select the Enable SMTP Server checkbox

Chapter 10: Logging 100 Available events include:  event.amp.notice.port.connection  event.amp.notice.user.logoff  event.amp.notice.backup 

Contents xii Dominion SX Terminal Ports ... 236

Chapter 10: Logging 101 Configuring NFS Logging Network File System (NFS) logging allows you to log all port activity to an NFS shared directory.

Chapter 10: Logging 102 Configuring SNMP Logging The SX supports Simple Network Management Protocol (SNMP) traps and logging. Enable SNMP Logging

Chapter 10: Logging 103 Create a New SNMP Destination SNMP destinations determine which SNMP management stations receive SNMP traps. To creat

104 The Dominion SX maintenance features presented in this chapter allow the administrator perform the following tasks:  Manage event logs  Vie

Chapter 11: Maintenance 105 Display the Local Event Log To display the contents of the local event log, choose Maintenance > View Event Log.

Chapter 11: Maintenance 106 Clear the Event Log To clear the event log: 1. Choose Maintenance > Clear Event Log. You are prompted to conf

Chapter 11: Maintenance 107 Displaying a Configuration Report The Configuration Report provides detailed information about the SX unit. To displa

Chapter 11: Maintenance 108 3. Type the login name of the account on the system where the backup will be stored in the Login field. 4. Type the

Chapter 11: Maintenance 109 7. Click OK. Upgrading the SX Firmware You can display the version of the firmware currently running on the SX, upg

Chapter 11: Maintenance 110 Note: Many upgrades can be performed "anonymously" from the FTP server. To perform the upgrade: 1. Choose M

Contents xiii TACACS+ Server Configuration ... 259 C

Chapter 11: Maintenance 111 Display a Firmware Upgrade History To display the firmware upgrade history for an SX unit, choose Maintenance > Fi

112 The Diagnostics function provides the administrator with the tools to test the network and to monitor processes. Click the Diagnostics tab to d

Chapter 12: Diagnostics 113 Network Statistics 1. Choose Diagnostics > Network Statistics. The Network Statistics page opens. 2. By defa

Chapter 12: Diagnostics 114  Interfaces  Groups  Statistics  Program 3. Click Refresh to update the information. Ping Host 1. Choose Di

Chapter 12: Diagnostics 115 Administrator Tools - Process Status 1. Choose Diagnostics > Process Status. The Process Status page opens. 2

116 In This Chapter Command Line Interface Overview ... 117 Accessing the Dominion SX Using CLI

Chapter 13: Command Line Interface 117 Command Line Interface Overview The Dominion SX Serial Console supports all serial devices, including: 

Chapter 13: Command Line Interface 118 Accessing the Dominion SX Using CLI Access the Dominion SX using one of these methods:  TELNET via IP con

Chapter 13: Command Line Interface 119 SSH Access from a UNIX/Linux Workstation To open an SSH session from a UNIX®/Linux® workstation and log

Chapter 13: Command Line Interface 120 Telnet Connection to the Dominion SX Due to the lack of security, user name, password and all traffic is in

xiv This chapter includes 10 of the most common cases to help quickly familiarize users with practical operation on Dominion SX units. Note that da

Chapter 13: Command Line Interface 121 Local Port Connection to the Dominion SX If your Dominion SX's terminal port uses an RJ45 jack, a spe

Chapter 13: Command Line Interface 122 Navigation of the CLI Before using the CLI, it is important to understand CLI navigation and syntax. There

Chapter 13: Command Line Interface 123 Commands Description top Return to the top level of the CLI hierarchy, or the “username” prompt history Di

Chapter 13: Command Line Interface 124 Show Command The show command displays various configuration settings and is available at all levels. The s

Chapter 13: Command Line Interface 125 RSC Version: 1.0.0.1.16 Supporting software: OpenSSH_4.3p2, OpenSSL 0.9.7i 14 Oct 2005 HTTP Server ver

Chapter 13: Command Line Interface 126 Date and Time Configuration Note: It is important to set the date and time correctly to ensure that log ent

Chapter 13: Command Line Interface 127 CLI Prompts The Command Line Interface prompt indicates the current command level. The root portion of the

Chapter 13: Command Line Interface 128 Command Description backup System command to backup the console server settings. ipmi IPMI Configuration co

Chapter 13: Command Line Interface 129 Command Description backup System command to backup the console server settings. top Return to the root me

Chapter 13: Command Line Interface 130 Defining SSL Security Certificates SSL Security certificates are used in browser access to ensure that the

How to - Dominion SX Essentials xv 3. Edit the DPA SSH TCP Port to which SSH client will connect, and then click OK. 4. Log in to Dominion SX

Chapter 13: Command Line Interface 131 Command Language Interface Permissions Administrators can execute all commands. Operators and Observers ca

Chapter 13: Command Line Interface 132 Set Escape Sequence To set the Escape sequence, ensure that the default Escape sequence set on the Dominion

Chapter 13: Command Line Interface 133 secondaryldap radius primaryradius secondaryradius tacacsplus primarytacacs secondarytacacs Note: When c

Chapter 13: Command Line Interface 134 LDAP Command Description primaryldap Used to configure the primary ldap settings. secondaryldap Used to c

Chapter 13: Command Line Interface 135 RADIUS Command The RADIUS menu provides access to commands used to configure access to a RADIUS server. Sy

Chapter 13: Command Line Interface 136 TACACS+ Command The TACACS+ menu offers commands used to configure access to a TACACS+. Syntax primarytaca

Chapter 13: Command Line Interface 137 smtp Configure the SMTP server settings. Events Menu Command Examples admin > Config > events admin

Chapter 13: Command Line Interface 138 eventlogfile Command Description logging. size value Maximum size of local log file (in bytes). style <

Chapter 13: Command Line Interface 139 portsyslog Command Description to remote a NFS server and also to the Syslog server. primaryip ipaddress

Chapter 13: Command Line Interface 140 nfssetkey Command Description key string Provide key string to be used for encryption Note: aes128 is n

Chapter 1: How to - Dominion SX Essentials xvi 3. Click OK. See Configuring LDAP (on page 39) for details. Case 5. Creating Power Association

Chapter 13: Command Line Interface 141 portlog Command Description SX port. encrypt <true|false> Enable/Disable Encryption of log data se

Chapter 13: Command Line Interface 142 6. Decrypt the file using the command: ./decrypt -f <portlogfile> -e <keyfilename> -o <out

Chapter 13: Command Line Interface 143 Configuring a Modem The Modem menu offers commands used to configure modem access. Callback (dialback) occ

Chapter 13: Command Line Interface 144 Modem Menu Command Examples admin > Config > modem > dialin enable true serverip 10.0.13.211 clien

Chapter 13: Command Line Interface 145 RADIUS Server Settings ---------------------------------------- Primary Server Enabled - true

Chapter 13: Command Line Interface 146 The Remote LDAP Server user's configuration should be: Dialback with remote TACACS user (Tacacs+ v.4.

Chapter 13: Command Line Interface 147 Commands Description routeadd Add route to kernel routing table routedelete Delete route of kernel routing

Chapter 13: Command Line Interface 148 interface Command Description gw ipaddress Gateway IP Address obtained from the IP administrator. mode &l

Chapter 13: Command Line Interface 149 Ports Command The ports command is used to configure the network ports. Syntax ports [discoveryport v

Chapter 13: Command Line Interface 150 Routeadd Command The routeadd command is used to add a route to the kernel routing table. Syntax routeadd

How to - Dominion SX Essentials xvii Case 6. Performing Factory Reset on SX To set SX configuration back to factory defaults through the GUI:

Chapter 13: Command Line Interface 151 Getconfig Command The getconfig command retrieves the script from an FTP server. This command appears only

Chapter 13: Command Line Interface 152 nfs Command Description enable <true|false> Enable or disable NFS logging. primaryip primaryip IP a

Chapter 13: Command Line Interface 153 Configuring Ports Ports Configuration Menu Target serial ports are configured from the CLI using the ports

Chapter 13: Command Line Interface 154 ports config Command Description escapemode <none|control> Use Ctrl-key (escapemode=control) or sin

Chapter 13: Command Line Interface 155 ports config Command Example admin > ports >config port 1 name ld1 bps 115200 parity odd flowcontrol

Chapter 13: Command Line Interface 156 Port 1: Configuration Saved. After entering the password, you have direct access to port 1, using the newly

Chapter 13: Command Line Interface 157 In both cases above, port 1 will have ssh port 7000 and telnet port 8000 assigned for direct port access,

Chapter 13: Command Line Interface 158 Configuring Services These commands provide the ability to configure the Dominion SX server services:  DP

Chapter 13: Command Line Interface 159 dpa Command The permitted TCP Port Range is 1024-64510. When run without the mode parameter, the system di

Chapter 13: Command Line Interface 160 Note: There is currently no way to set the device back to the default DPA IP of 0.0.0.0. dpa Command Exampl

Chapter 1: How to - Dominion SX Essentials xviii 2. Choose the Port Access Tab, and click the port name you wish to access, for example, Port 1.

Chapter 13: Command Line Interface 161 Enable: 1 Group Settings: Name: Anonymous Class: Operator Ports: To config

Chapter 13: Command Line Interface 162 If option suppress is "none", authentication credentials are shown (username: password:). configu

Chapter 13: Command Line Interface 163 http Command Description enable <true|false> Enable/Disable HTTP access port value HTTP server def

Chapter 13: Command Line Interface 164 LPA Command The lpa command is used to display and set local port access configuration. Dominion SX units h

Chapter 13: Command Line Interface 165 Telnet Command Syntax telnet [enable <true|false>] [port value] telnet Command Description ena

Chapter 13: Command Line Interface 166 SMNP Add Command The add command adds trap recipients. A recipient is an IP address with an optional space-

Chapter 13: Command Line Interface 167 public community-string Community string snmp Command Example admin > Config > SNMP > snmp enable

Chapter 13: Command Line Interface 168 ntp Command Description enable Enable or disable the use of NTP. primip primip The primary NTP server to

Chapter 13: Command Line Interface 169 addgroup Command Description name groupname Group name class <op|ob> Group user class <op>er

Chapter 13: Command Line Interface 170 Deletegroup Command The deletegroup command deletes an existing group. Syntax deletegroup [name groupname

How to - Dominion SX Essentials xix e. The console will display all the ports on the SX unit with port numbers. f. Enter a port number at the

Chapter 13: Command Line Interface 171 editgroup Command Description assigned to the group. sharing <true|false> Indicate whether port ac

Chapter 13: Command Line Interface 172 Users Command The users command shows the details of existing users. Syntax users users Command Example a

Chapter 13: Command Line Interface 173 Command Description associate Associate a Power Strip outlet to a Dominion SX Port. association View Cur

Chapter 13: Command Line Interface 174 uptime Print the current system uptime information IPMI Commands IPMIDiscover and IPMITool commands allow

Chapter 13: Command Line Interface 175 IPMITOOL This command lets you manage the IPMI functions of a remote system, including printing FRU inform

Chapter 13: Command Line Interface 176 ipmitool Command Description [-o <oemtype>] Select OEM type to support. This usually involves minor h

Chapter 13: Command Line Interface 177 ipmitool Command Description shell - Launch interactive IPMI shell exec - Run list of commands from file s

Chapter 13: Command Line Interface 178 Command Description listports List accessible ports. admin > listports Port no. Port name 1 Port1 [U]

Chapter 13: Command Line Interface 179 Maintenance Commands The maintenance commands allow you to perform maintenance-related tasks on the Domini

Chapter 13: Command Line Interface 180 [ip ipaddress] IP address of the target system where the backup will be written. <login login> Userna

This document contains proprietary information that is protected by copyright. All rights reserved. No part of this document may be photocopied, repro

1 The Dominion SX User Guide provides the information needed to install, set up and configure, access devices such as routers, servers, switches, V

Chapter 13: Command Line Interface 181 Syntax factoryreset factoryreset Command Example admin > Maintenance > factoryreset Network Settin

Chapter 13: Command Line Interface 182 Reboot Command The reboot command restarts the Dominion SX console server. This command is only available

Chapter 13: Command Line Interface 183 restore Command Example In this example, the console server data is being retrieved from a system at IP ad

Chapter 13: Command Line Interface 184 login login FTP Server login name password password FTP Server password path pathname FTP server path. For

Chapter 13: Command Line Interface 185 Security Commands Dominion SX controls the ability to hack into the system by using random logins. These s

Chapter 13: Command Line Interface 186 password password FTP Server password path pathname FTP server path for the banner file banner.txt. for exa

Chapter 13: Command Line Interface 187 viewcrl View Client CA CRL Certificate Certificate Client Command Example Enable SSL Client Certificates:

Chapter 13: Command Line Interface 188 Server Command Example Install User Certificate: admin > Security > certificate > installusercer

Chapter 13: Command Line Interface 189 IPtables Command The iptables command is an administration tool for IPv4 packet filtering and Network Addr

Chapter 13: Command Line Interface 190 iptables Command Examples Iptables can be configured in a plethora of ways that is outside the scope of thi

Chapter 1: Preface 2 Acronym Meaning CSC Common Socket Connection DPA Direct Port Access HTTP Hypertext Transfer Protocol HTTPS HTTP Secure (over

Chapter 13: Command Line Interface 191 View the current iptables To view the current iptables rule: admin > Security > firewall > iptabl

Chapter 13: Command Line Interface 192 Kerberos and Dominion SX The Dominion SX can use Kerberos authentication with the following steps and as a

Chapter 13: Command Line Interface 193 Diagnostic Tips:  Use the name command in the network menu to set the FQDN for the Dominion SX.  Disab

Chapter 13: Command Line Interface 194 Command Description retries. localauth Configure local authentication. lockoutperiod Lockout period on inva

Chapter 13: Command Line Interface 195 Invalidloginretries Command The invalidloginretries command specifies the number of failed invalid login a

Chapter 13: Command Line Interface 196 Singleloginperuser Command The singleloginperuser command enables or disables multiple logins per user. Syn

Chapter 13: Command Line Interface 197 strongpassword Command Description uppercase <true|false> If true, force uppercase characters in p

Chapter 13: Command Line Interface 198 Portaccess Command Syntax portaccess <share|private> portaccess Command Description portacces

Chapter 13: Command Line Interface 199 profiledata Command Description [name <Standard|Secure|Custom>] Specifies the type of security pro

200 The Intelligent Platform Management Interface (IPMI) lets you manage the IPMI functions of a remote system. The following topics are covered in

3 In This Chapter Dominion SX Overview ... 3 Product Features ...

Chapter 14: Intelligent Platform Management Interface 201 Discover IPMI Devices To discover IPMI servers on the network: 1. Choose IPMI > D

Chapter 14: Intelligent Platform Management Interface 202 IPMI Configuration IPMI configuration allows you to manage the IPMI functions of a remot

Chapter 14: Intelligent Platform Management Interface 203 -H hostname Remote host name for LAN interface -p port Re

Chapter 14: Intelligent Platform Management Interface 204 power Shortcut to chassis power commands event Send

205 Power Control allows you to manage power functions. The following topics are covered in this chapter:  Power Control  Associations Power Co

Chapter 15: Power Control 206 2. Click Add. The Port Power Association page opens. 3. Select the port from the drop-down menu in the Port field

Chapter 15: Power Control 207 2. Click Add. The Port Power Association page opens. 3. Select the association in the Outlet Association list. 4.

Chapter 15: Power Control 208 2. Click Add. The Power Association Groups page opens. 3. Type a name and description in the Group Name and Descr

Chapter 15: Power Control 209 Associations Power Control Choose Power Control > Associations Power Control to access the tool to manage power

Chapter 15: Power Control 210 Power Strip Power Control Choose Power Control > Power Strip Power Control to access the Outlet Control page, whe

Chapter 2: Introduction 4 Product Features Comprehensive Console Management  Remote Management: Access, monitor, administer, and troubleshoot up

Chapter 15: Power Control 211 Power Strip Status Choose Power Control > Power Strip Status to check power strip status. CLI Command for Powe

Chapter 15: Power Control 212 Scenario #2 Port power association - associate 6 outlets to one port Pre-condition Administrator user is logged in v

Chapter 15: Power Control 213 Scenario #4 Port power association - associate one outlet to two ports Power Strip device (DPX) is physically conne

Chapter 15: Power Control 214 Scenario #7 Port power association - associate outlets from 6 different power strips to one port Pre-condition Admin

Chapter 15: Power Control 215 Scenario #1 Remove port power association Action Enter command. Press Enter. CLI Input Command: unassociate port 1

Chapter 15: Power Control 216 Scenario #2 Power strip configuration after factory reset CLI Input Command: factoryreset CLI Power Association Gro

Chapter 15: Power Control 217 CLI Input Command: addpowergroupport name "test Group" port port 2-4,10 Scenario #4 Remove group member

Chapter 15: Power Control 218 Scenario #2 Switch on/off all Outlets Pre-condition Administrator user is logged in via CLI. Power Strip device (DPX

Chapter 15: Power Control 219 Scenario #5 Sequence interval for switch off operation Press Enter. Enter command to switch off group of outlets. P

Chapter 15: Power Control 220 Scenario #1 Association Power Control - Recycle Port Association (Target is associated to One Outlet) Pre-cond

Chapter 2: Introduction 5 Strong Security and User-Authentication  SSHv2 Support  Encryption Security: 128-bit SSL handshake protocol and RC4

Chapter 15: Power Control 221 Scenario #3 Association Power Control - Recycle Port Association (Target is associated to Two Outlets from two d

Chapter 15: Power Control 222 Scenario #1 Turn ON Group Association Administrator is in power menu. Group Association named Group1 (shown in Fg.1)

Chapter 15: Power Control 223 Scenario #4 Turn OFF Group Association (outlets in association are with different statuses) CLI Input Command: off

Chapter 15: Power Control 224 Scenario #8 Turn OFF Group and Port Association simultaneously Pre-condition Administrator user is logged in via CLI

Chapter 15: Power Control 225 Scenario #1 Power Strip Status CLI Input Command: powerstrip name PowerStr1 Result Status of PDU should correctly d

Chapter 15: Power Control 226 Scenario #4 Power Strip Status - Outlet status when port association is removed Pre-condition Administrator user is

227 This appendix contains sections describing:  SX models and specifications  Requirements and tested browser requirements  SX hardware for

Appendix A: Specifications 228 Model Ports Built-In Modem # of Local Ports # of Ethernet Ports Power Supply DSXA-16-DL 16 No 2 2 Dual AC DSXA-16

Appendix A: Specifications 229 MODEL DIMENSIONS (W) x (D) x (H) WEIGHT DSXA-48 17.32" x 11.41" x 1.75"; 440 x 290 x 44 mm 8.97lbs;

Appendix A: Specifications 230 Only RoHS and WEEE compliant units are available in the EU and other selected areas. RoHS and WEEE compliant units

Chapter 2: Introduction 6 Package Contents Each Dominion SX ships with the following:  (1) Dominion SX unit with mounting kit (rack-mount kit is

Appendix A: Specifications 231 Requirements The following table lists the requirements for the SX. Requirements Description Form factor 1U, rack

Appendix A: Specifications 232 PLATFORM BROWSER WIN XP Professional SP2 - SUN JRE™ 1.5.0_06 Internet Explorer® 6.0 Internet Explorer 7.0 Firefox

Appendix A: Specifications 233 Vendor Device Console Connector Serial Connection SX-48 models that have this connector to another Dominion SX. Ci

Appendix A: Specifications 234 7 DSR 8 CTS See http://www.raritan.com/support for the latest information about the Dominion SX serial pinouts (RJ

Appendix A: Specifications 235 RJ-45 (female) DB25 (female) 1 5 2 6, 8 3 3 4 1 5 7 6 2 7 20 8 4 DB25M Nulling Serial Adapter Pinouts RJ-45 (fe

Appendix A: Specifications 236 Dominion SX Terminal Ports All Dominion SX models, except the DSX16 and DSX32, have the same pinouts on the two DB9

Appendix A: Specifications 237 DB9M PIN SIGNAL 3 TxD 4 DTR (H) 5 GND 6 7 RTS (H) 8 9 Dominion SX16 and SX32 Terminal Ports A modem should no

Appendix A: Specifications 238 Additional information about the Dominion SX16 and SX32 Terminal Ports:  Pins 1 and 9 are used to factory reset u

239 This appendix contains the system defaults and directions for port access. Item Default IP Address 192.168.0.192 Subnet Mask 255.255.255.0

Appendix B: System Defaults 240 Item Default Logging to NFS Serial Ports Baud Rate 9600 Parity None Flow Control None In This Chapter Initiate

7 There are two ways of completing the initial network installation of the Dominion SX:  Using a serial cable with a VT100/equivalent, such as a

Appendix B: System Defaults 241 You may have to open additional ports when NFS logging, LDAP servers, and so forth. These ports may vary from ins

Appendix B: System Defaults 242 Field Type Character Length Power Cycle Delay 5-60 Power Strip Name 64 Power Strip Description 255 Power Associati

243 This appendix contains information on Certificates and Certificate Authorities and provides directions to:  Install Dominion SX CA Certificat

Appendix C: Certificates 244 Default SX Certificate Authority Settings The Server Certificate generated in the Dominion SX unit must be installed

Appendix C: Certificates 245 Remove an Accepted Certificate Removing a previously accepted certificate from a Dominion SX unit uses the same proc

Appendix C: Certificates 246 4. Select the Web Sites tab, select the certificate name that is the common name of the IP address of the Dominion S

Appendix C: Certificates 247 VeriSign Incorporated http://www.verisign.com/ http://www.verisign.com/ Note: Some CAs will provide the root c

Appendix C: Certificates 248 Generate a CSR for a Third Party CA to Sign To have a third party CA certificate (for example, Verisign) installed

Appendix C: Certificates 249 5. Send the generated CSR to a third party CA to get it signed. 6. CA returns a Signed Certificate built from the

Appendix C: Certificates 250 Install Client Root Certificate into the DominionSX In order for Client Certificates to be recognized as valid by the

Chapter 3: Installation 8 Pre-Installation Ensure that you have the correct cabling ready to connect to the serial consoles of the target server(s

Appendix C: Certificates 251 6. If the certificate is ASCII encoded, select ASCII. If it is a binary certificate file, select binary. 7. Enter

Appendix C: Certificates 252 Import Certificates from Dominion SX via CLI A user with Administrator privileges can do the following to import cert

Appendix C: Certificates 253 D4:1D:8C:D9:8F:00:B2:04:E9:80:09:98:EC:F8:42:7E Fingerprint (SHA1): DA:39:A3:EE:5E:6B:4B:0D:32:55:BF:EF:95:60:18:90:

254 This appendix contains sections describing the steps to configure Dominion SX units and authentication servers for the following authentication

Appendix D: Server Configuration 255 3. Highlight Networking Services then click the Details... button. 4. Select the Internet Authentication S

Appendix D: Server Configuration 256 4. The Policy Conditions dialog appears. Click the Add... button. 5. Select the NAS-IP-Address name and cli

Appendix D: Server Configuration 257 Note: If required, create a policy to allow dialup access to all users that are members of a group (Windows®

Appendix D: Server Configuration 258 4. Click Network Configuration in the left panel of the page and select Add Entry to add/edit an AAA Client.

Appendix D: Server Configuration 259 Note: If there is more then one Radius user requiring the same authorization on the Dominion SX, the Filter-

Appendix D: Server Configuration 260 CiscoSecure ACS These instructions are written for CiscoSecure ACS version 3.2. Note: See the following URL:

Chapter 3: Installation 9 5. Connect the female end of the external power cord to the back of the chassis. 6. Connect the male end of the exter

Appendix D: Server Configuration 261 2. Select Interface Configuration. 3. Select TACACS+ (Cisco IOS). 4. Add dominionsx service under the he

Appendix D: Server Configuration 262 5. When adding or editing a user or group, the dominionsx service will appear under the heading TACACS+ Sett

Appendix D: Server Configuration 263 Active Directory Microsoft Active Directory® uses the LDAP protocol natively, and can function as an LDAP se

264 If you are connecting to HyperTerminal via modem and are using a Dominion SX prior to version 3.1.7, do not disconnect from HyperTerminal witho

Appendix E: Modem Configuration 265 2. Click New in the Dial-Up Networking dialog. The New Phonebook Entry dialog allows you to configure the de

Appendix E: Modem Configuration 266  Dial using - Modem being used to connect to Dominion SX; if there is no entry here, there is no modem inst

Appendix E: Modem Configuration 267 5. Click the "Accept any authentication including clear text" radio button. 6. Click OK to retur

Appendix E: Modem Configuration 268 2. Double-click the Make New Connection icon when the Network and Dial-Up Connections window appears. 3. Cl

Appendix E: Modem Configuration 269 4. Click the Dial-up to private network radio button and click Next. 5. Select the checkbox before the mod

Appendix E: Modem Configuration 270 7. Click the Country/region code drop-down arrow and select the country or region from the list. 8. Click N

Chapter 3: Installation 10  UNIX (including Sun Solaris) system: route add 192.168.0.192 <CLIENT_HOST IP ADDRESS> -interface. [Example:

Appendix E: Modem Configuration 271 10. Click Next. The Network Connection has been created. 11. Type the name of the Dial-up connection. 12. Cli

Appendix E: Modem Configuration 272 Windows XP Dial-Up Networking Configuration 1. Choose Start > Programs > Accessories > Communication

Appendix E: Modem Configuration 273 4. Click the "Set up my connection manually" radio button and click Next.

Appendix E: Modem Configuration 274 5. Click the "Connect using a dial-up modem" radio button and click Next.

Appendix E: Modem Configuration 275 6. Type a name to identify this particular connection in the ISP Name field and click Next.

Appendix E: Modem Configuration 276 7. Type the phone number for the connection in the Phone number field and click Next. 8. Type your ISP info

Appendix E: Modem Configuration 277 9. Select the checkbox before the appropriate option below the fields and click Next. 10. Click Finish. 11.

278 The following tables describe problems and suggested solutions for the problems. In This Chapter Page Access ...

Appendix F: Troubleshooting 279 Problem Solution DNS error and reading that the server is unreachable. Remove any installed Dominion SX certifica

Appendix F: Troubleshooting 280 Problem Solution SSL Security Warnings The unit embeds its Internet Address (IP) in its SSL certificate. Should th

iii To avoid potentially fatal shock hazard and possible damage to Raritan equipment:  Do not use a 2-wire power cord in any product configuratio

Chapter 3: Installation 11 6. If you click View Certificate on the Security Alert-Certificate page, a Certificate dialog appears. See Security

Appendix F: Troubleshooting 281 change port access rights to a user who is already logged in to the unit. Upgrade Problem Solution FTP - Serve

Appendix F: Troubleshooting 282

Appendix F: Troubleshooting 283 Problem Solution Upgrade failed in dual-LAN units While upgrading dual-LAN units from 2.5.x versions, an error

Appendix F: Troubleshooting 284 Modem Problem Solution Login Failure The unit supports Web-browser access through the modem at connection speed

Appendix F: Troubleshooting 285 resolve. This problem seems to stem from the Vista's implementation of TCP auto tuning. Vista's Enter

Appendix F: Troubleshooting 286 Lines are Overwritten after Column 80 in Linux The default Linux® terminal setting is to display 80 columns at a t

287 A About Security Profiles • 90 Accept a Certificate (Session-Based) • 244 Accessing Telnet from a Windows PC • 120 Accessing the Dominion SX Us

Index 288 Configuring Logging and Alerts • 130 Configuring Modem Access • 26 Configuring Network • 146 Configuring NFS • 151 Configuring NFS Loggi

Index 289 G Generate a Certificate Signing Request • 82 Generate a CSR for a Third Party CA to Sign • 248 Getconfig Command • 151 Give the Domini

Index 290 Microsoft IAS RADIUS Server • 254 Modem • 284 Modem Configuration • 21, 264 Modem Connection (Optional) • 21 Modify a User Group • 37 Mo

Chapter 3: Installation 12 The login dialog appears after you finish viewing the security alerts and the Certification Information screen. Log in

Index 291 SMNP Add Command • 166 SNMP Command • 166 SNMP Delete Command • 166 Specifications • iii, 227 SSH Access from a UNIX/Linux Workstation

U.S./Canada/Latin America Monday - Friday 8 a.m. - 6 p.m. ET Phone: 800-724-8090 or 732-764-8886 For CommandCenter NOC: Press 6, then P

Chapter 3: Installation 13 5. Type a new password, and then retype it (Remember this password). A page opens, showing the Dominion SX unit'

Chapter 3: Installation 14 Network Configuration 1. Type Configuration to change the unit's configuration. 2. Type Network to select the ne

Chapter 3: Installation 15  <group name> is the user's assigned group  <password> is the user's password  <info

16 After the hardware installation, perform the initial software configuration. Log in to the Dominion SX from either a browser or through a Comm

Chapter 4: Initial Software Configuration 17 2. Click the Setup tab. The Setup page opens, containing links to the Configuration and Logging pag

Chapter 4: Initial Software Configuration 18 Date / Time Configuration 1. Choose Setup > Date / Time. The Date / Time Configuration page op

Chapter 4: Initial Software Configuration 19 After you click OK, the system displays one of the following pages:  A confirmation page, which co

Chapter 4: Initial Software Configuration 20 3. Select the Mode from the Mode drop-down menu. Default is Auto. 4. Type the Domain Name in the Do

iv Contents How to - Dominion SX Essentials xiv Case 1. Upgrading SX Firmware via Web Browser ...

Chapter 4: Initial Software Configuration 21 Note: The login display should appear verifying that the unit has been properly configured and can b

22 This chapter explains how to configure the basic network settings for the SX and how to configure the various access protocols (SSH, telnet, and

Chapter 5: Network Settings and Services 23 Configure the Network Settings of Dominion SX To configure the network settings: 1. Select either

Chapter 5: Network Settings and Services 24 Service Default Setting HTTPS Enabled. The default port is 443. This can be changed. Encryption is set

Chapter 5: Network Settings and Services 25 Change Network Service Settings 1. Choose Setup > Services. The Network Service Settings page

Chapter 5: Network Settings and Services 26 3. Fixed TCP Window is checked by default, enabling SSH connection to work under the Windows Vista® o

Chapter 5: Network Settings and Services 27 c. Select Console Only to allow only console connections. Allows only CLI access through a terminal

Chapter 5: Network Settings and Services 28 Add a New Static Route To add a new Static Route: 1. Choose Setup > Static Routes. The Static

Chapter 5: Network Settings and Services 29 4. Type the IP address, subnet mask, and gateway of the destination host in the Destination, Mask, a

30 This chapter explains how to create and manage user profiles and user groups. In This Chapter Managing User Profiles ...

Contents v Chapter 4 Initial Software Configuration 16 Dominion SX Initial Software Configuration ...

Chapter 6: User Profiles and Groups 31  Dialback number (if one has been defined)  User group 3. The User List page also indicates whether t

Chapter 6: User Profiles and Groups 32 4. Type the user's full name in the Full Name field. This field is required. 5. Type the user's

Chapter 6: User Profiles and Groups 33 Delete a User Profile To delete an existing user profile: 1. Choose User Management > User List.

Chapter 6: User Profiles and Groups 34 2. Click Add New User Group. The New Group page opens.

Chapter 6: User Profiles and Groups 35

Chapter 6: User Profiles and Groups 36 3. Type a group name in the Group Name field.  You can enter any number of characters up to a maximum o

Chapter 6: User Profiles and Groups 37 6. Select the ports that the users associated with this group are permitted to access. You can select all

38 This chapter explains how to configure RADIUS, LDAP, and TACACS+ authentication. Tip: If you are setting up remote authentication, it is a good

Chapter 7: Remote Authentication 39 2. In the RADIUS panel, click the RADIUS button to enable RADIUS authentication. 3. Under Primary Radius, t

Chapter 7: Remote Authentication 40 5. Type the 'root' point to bind to the server in the Base DN field. This is the same as Directory

Contents vi Chapter 7 Remote Authentication 38 Configuring RADIUS ...

Chapter 7: Remote Authentication 41 Configuring TACACS+ You can use the Terminal Access Controller Access-Control System Plus (TACACS+) to authen

42 Port configuration allows Administrators to define the serial/console port settings in order to communicate with remote target devices. Note: Yo

Chapter 8: Port Configuration and Port Access Application 43 Port Keywords You can create port keywords and associate them with:  Events  Loc

Chapter 8: Port Configuration and Port Access Application 44 Port Configuration To configure one or more ports: 1. Choose Setup > Port Confi

Chapter 8: Port Configuration and Port Access Application 45 Change as follows:  Select control from the drop-down menu in the Escape Mode fiel

Chapter 8: Port Configuration and Port Access Application 46 Note: Anonymous access should be enabled for DPA to succeed. 13. Select from the Mult

Chapter 8: Port Configuration and Port Access Application 47 9. Reboot the SX unit. This is necessary for the direct port access settings to tak

Chapter 8: Port Configuration and Port Access Application 48 Raritan Serial Console Use the following steps to launch the Raritan Serial Console (

Chapter 8: Port Configuration and Port Access Application 49 Java Runtime Environment (JRE) The RSC will function with JRE™ version 1.4.2_05 or l

Chapter 8: Port Configuration and Port Access Application 50  Java Tab in JRE 1.5 2. Locate Java Runtime Settings. 3. Insert the values of th

Contents vii View a Certificate Authority ... 87 Mana

Chapter 8: Port Configuration and Port Access Application 51 Command Example: -Xms128M -Xmn128M -Xmx512M See the following links for additional

Chapter 8: Port Configuration and Port Access Application 52 Emulator 1. Click the Emulator drop-down menu to display a list of topics. IMPORTA

Chapter 8: Port Configuration and Port Access Application 53 1. Change the default Idle Timeout setting and then launch the RSC. Note: If the RS

Chapter 8: Port Configuration and Port Access Application 54 3. The Show Confirmation Dialog on Exit checkbox is selected by default, but you can

Chapter 8: Port Configuration and Port Access Application 55 2. Click Default to accept the Default settings, and then click Ok to close the Dis

Chapter 8: Port Configuration and Port Access Application 56 3. Choose the following from their respective drop-down menus:  Foreground Color 

Chapter 8: Port Configuration and Port Access Application 57 Get Write Access Only Administrators and Operators can get write access. The user wi

Chapter 8: Port Configuration and Port Access Application 58 Connected Users The Connected Users command allows you to view a list of other users

Chapter 8: Port Configuration and Port Access Application 59 Edit Use the Copy, Paste, and Select All text commands to relocate and/or re-use imp

Chapter 8: Port Configuration and Port Access Application 60 Note: The copy-paste limit of text in Raritan Serial Console is 9999 lines. Keyboard

Contents viii Performing a Factory Reset on the SX ... 111 Rebo

Chapter 8: Port Configuration and Port Access Application 61 Start Logging The Start Logging function allows you to collect raw console data from

Chapter 8: Port Configuration and Port Access Application 62 Stop Logging Choose Tools > Stop Logging. The logging stops. Send Keystroke 1. Ch

Chapter 8: Port Configuration and Port Access Application 63 Toggle Power The Toggle Power function lets you power on or off the device that is c

Chapter 8: Port Configuration and Port Access Application 64 Chat When using browser access over SSL, an interactive chat feature called Chat allo

Chapter 8: Port Configuration and Port Access Application 65 Help Help Topics include online assistance for operating the Raritan Serial Console

Chapter 8: Port Configuration and Port Access Application 66 Standalone Raritan Serial Client Requirements The following requirements must be met

Chapter 8: Port Configuration and Port Access Application 67 2. Click the Advanced tab and then click Environment Variables. 3. In the System

Chapter 8: Port Configuration and Port Access Application 68 4. In the New System Variable dialog, add JAVA_HOME to the Variable name block and t

Chapter 8: Port Configuration and Port Access Application 69 8. Click OK. 9. Select the CLASSPATH variable and click Edit. 10. Ensure the CLAS

Chapter 8: Port Configuration and Port Access Application 70 Setting Linux OS Variables To set Java™ for a specific user, open and edit the .profi

Contents ix Administering the Dominion SX Console Server Configuration Commands ... 136 Configuring Events ...

Chapter 8: Port Configuration and Port Access Application 71  These commands can either be typed at the terminal each time you log in, or you c

Chapter 8: Port Configuration and Port Access Application 72 Note: The standalone version of RSC is available from the Raritan Support website: ht

Chapter 8: Port Configuration and Port Access Application 73 7. Click Next. The Windows shortcut page opens. 8. Select the Program Group for t

Chapter 8: Port Configuration and Port Access Application 74 Launching RSC on Windows Systems 1. Double-click the shortcut or use Start Programs

Chapter 8: Port Configuration and Port Access Application 75 3. Click Start. The RSC opens with a connection to the port. Note: In case of unre

Chapter 8: Port Configuration and Port Access Application 76 d. Click Next again. The installation is complete. The final page indicates where yo

77 There are a number of elements to consider when addressing security for console servers, including  Encrypting the data traffic sent between

Chapter 9: Security 78 Security Settings Choose the Security tab to view security-related tools. The Security Settings page opens.

Chapter 9: Security 79 Login Settings Choose Security > Login Settings. This panel includes Local Authentication, Login Handling, and Strong P

Chapter 9: Security 80  Lockout Period on Invalid Login (minutes): 5 3. Accept the system defaults or type your own. Login Handling 1. Go