Black Box 1101 - Manual

Table of Contents 724-746-5500 | blackbox.com 5 5 Table of Contents 1. Specifications.......................................................................................................................................................................................................... 9 2. Overvie...

Chapter 1: Specifications 724-746-5500 | blackbox.com 9 1. Specifications CPU: MIcrel KS8695P controller Memory: 16 MB SDRAM, 8 MB Flash Serial Baud Rates: 2400 to 115,200 bps Connectors: LES1101A: (1) DB9 RS-232 serial, (1) RJ-45 10/100BASE-T Ethernet; LES1102A: (2) DB9 RS-232 serial, (1) RJ-45 10/...

1101 and 1102 Secure Device Servers 724-746-5500 | blackbox.com 10 2. Overview 2.1 Introduction This User’s Manual walks you through installing and configuring your Black Box Secure Device Servers (LES1101A or LES1102A). Each of these products is referred to generically in this manual as a “ console...

Chapter 2: Overview 724-746-5500 | blackbox.com 11 devices; and control these devices using the specified services (for example, Telnet, HHTPS, RDP, IPMI, Serial over LAN, Power Control). An authorized User also has a limited view of the Management Console and can only access authorized configured d...

Chapter 3: Installation 724-746-5500 | blackbox.com 15 3. Installation Make sure you have everything listed in Chapter 2, Section 2.6 for your 1101 or 1102 Secure Device Server. 3.1 Power Connection The LES1101A or LES1102A models are each supplied with an external DC wall mount power supply. This p...

1101 and 1102 Secure Device Servers 724-746-5500 | blackbox.com 16 Table 3-1. RS-232 DB9 connector pinouts. Signal Pin Definition CD 1 Received Line Signal Detector RXD 2 Received Data TXD 3 Transmitted Data DTR 4 Data Terminal Ready GND 5 Signal Ground DSR 6 Data Set Ready RTS 7 Request To Send CTS...

Chapter 3: Installation 724-746-5500 | blackbox.com 17 Web management console. Two short cable loops are also required between the RX+/TX+ pins and RX-/TX- pins. This is because the LES1102A uses universal differential transceivers that support 4-wire (RS-422) and 2-wire (RS-485) operation. In RS-48...

1101 and 1102 Secure Device Servers 724-746-5500 | blackbox.com 18 4. System Configuration This chapter provides step-by-step instructions for the console server’s initial configuration, and for connecting it to the Management or Operational LAN. The Administrator must: • Activate the Management Con...

Chapter 4: System Configuration 724-746-5500 | blackbox.com 19 Figure 4-1. Run screen. Now add a static entry to the ARP table and ping the console server to assign the IP address to the console server. In the example below, a console server has a MAC Address 00:13:C6:00:02:0F (designated on the lab...

1101 and 1102 Secure Device Servers 724-746-5500 | blackbox.com 20 You will be prompted to log in. Enter the default administration username and administration password: Username: root Password: default Figure 4-2. Login screen. NOTE: Console server s are factory configured with HTTPS access enabled...

Chapter 4: System Configuration 724-746-5500 | blackbox.com 21 Figure 4-4. System: Administration screen. 1. Select System: Administration. 2. Enter a new System Password then re-enter it in Confirm System Password. This is the new password for root, the main administrative user account, so choose a...

1101 and 1102 Secure Device Servers 724-746-5500 | blackbox.com 24 • Base: The console server uses specific default ranges for the TCP/IP ports for the various access services that Users and Administrators can use to access devices attached to serial ports (as covered in Chapter 4—Configuring Serial...

1101 and 1102 Secure Device Servers 724-746-5500 | blackbox.com 26 5. Serial Port, Host, Device, and User Configuration The Black Box LES1101A and LES1102A console server enables access and control of serially attached devices and network attached devices ( hosts ). The Administrator must configure ...

Chapter 5: Serial Port, Host, Device, and User Configuration 724-746-5500 | blackbox.com 27 Figure 5-2. Serial port screen. Select Serial & Network: Serial Port and you will see the current labels, modes, logging levels, and RS-232 protocol options that are currently set up for each serial port....

1101 and 1102 Secure Device Servers 724-746-5500 | blackbox.com 28 Before proceeding with further serial port configuration, connect the ports to the serial devices they will be controlling, and make sure they have matching settings. NOTE: The serial ports are all set at the factory to RS-232: 9600 ...

Chapter 5: Serial Port, Host, Device, and User Configuration 724-746-5500 | blackbox.com 29 Figure 5-5. Windows features screen. If the remote communications are tunneled with SDT Connector , then you can use Telnet to securely access these attached devices (refer to the Note below). NOTE: In Consol...

1101 and 1102 Secure Device Servers 724-746-5500 | blackbox.com 30 Figure 5-6. PuTTY Configuration screen. PuTTY can be downloaded at http://www.tucows.com/preview/195286.html SSH: We recommend that you use SSH as the protocol where the User or Administrator connects to the console server (or connec...

1101 and 1102 Secure Device Servers 724-746-5500 | blackbox.com 32 Figure 5-9. SDT settings. For configuration details, refer to Chapter 6.4—Using SDT Connector to Telnet or SSH connect to devices that are serially attached to the console server . 5.1.4 Device (RPC, UPS, EMD) Mode This mode configur...

1101 and 1102 Secure Device Servers 724-746-5500 | blackbox.com 34 5.2 Add/ Edit Users The Administrator uses this menu selection to set up, edit, and delete users, and to define the access permissions for each of these users. Figure 5-15. Users and Groups screen. Users can be authorized to access s...

Chapter 5: Serial Port, Host, Device, and User Configuration 724-746-5500 | blackbox.com 35 Figure 5-16. Add a new user screen. Click Add User to add a new user. Add a Username and a confirmed Password for each new user. You may also include information related to the user (for example, contact deta...

1101 and 1102 Secure Device Servers 724-746-5500 | blackbox.com 36 5.3 Authentication Refer to Chapter 9.1—Authentication Configuration for authentication configuration details. 5.4 Network Hosts To access a locally networked computer or device (referred to as a Host ), you must identify the Host an...

Chapter 5: Serial Port, Host, Device, and User Configuration 724-746-5500 | blackbox.com 37 5.5 Trusted Networks The Trusted Networks facility gives you an option to nominate specific IP addresses where users ( Administrators and Users ) must be located to access console server serial ports. Select ...

1101 and 1102 Secure Device Servers 724-746-5500 | blackbox.com 38 Figure 5-19. Serial Port redirection. This serial port redirector software is loaded in your desktop PC, and it allows you to use a serial device that’s connected to the remote console server as if it were connected to your local ser...

1101 and 1102 Secure Device Servers 724-746-5500 | blackbox.com 40 6. Secure SSH Tunneling and SDT Connector Each Black Box console server has an embedded SSH server and uses SSH tunneling so remote users can securely connect through the console server to Managed Devices—using text-based console too...

Chapter 6: Secure SSH Tunneling and SDT Connector 724-746-5500 | blackbox.com 41 • Using SDT to IP connect to hosts that are serially attached to the console server (Section 6.10). 6.1 Configuring for SSH Tunneling to Hosts To set up the console server to SSH tunnel to access a network attached host...

1101 and 1102 Secure Device Servers 724-746-5500 | blackbox.com 42 Once the installer completes you will have a working SDT Connector client installed on your machine and an icon on your desktop: Figure 6-3. SDT connector icon. Click the SDT Connector icon on your desktop to start the client. NOTE: ...

1101 and 1102 Secure Device Servers 724-746-5500 | blackbox.com 44 Figure 6-7. Hosts. NOTE: The Retrieve Hosts function will auto-configure all user classes (that is, they can be members of user or admin or some other group or no group. SDT Connector will not auto-configure the root (and we recommen...

Chapter 6: Secure SSH Tunneling and SDT Connector 724-746-5500 | blackbox.com 45 Figure 6-9. New SDT Host screen. Enter the IP or DNS Host Address of the host (if this is a DNS address, it must be able to be resolved by the gateway). Select which Services to use to access the new host. A range of se...

Chapter 6: Secure SSH Tunneling and SDT Connector 724-746-5500 | blackbox.com 47 Figure 6-13. Edit port redirection. NOTES: SDT Connector can also tunnel UDP services. SDT Connector tunnels the UDP traffic through the TCP SSH redirection, so it is a “tunnel within a tunnel.” Enter the UDP port where...

Chapter 6: Secure SSH Tunneling and SDT Connector 724-746-5500 | blackbox.com 49 6.3 SDT Connector to Management Console You can also configure SDT Connector for browser access to the console server’s Management Console —and for Telnet or SSH access to the command line. For these connections to the ...

Chapter 6: Secure SSH Tunneling and SDT Connector 724-746-5500 | blackbox.com 51 Figure 6-19. Out-of-band access. To configure SDT Connector for OoB access: When adding a new Gateway or editing an existing Gateway select the Out Of Band tab. Enter the secondary, OoB IP address of the gateway (for ex...

1101 and 1102 Secure Device Servers 724-746-5500 | blackbox.com 52 Figure 6-20. OoB connection using SDT connector. When you connect to a service on a host behind the console server, or to the console server itself, SDT Connector will initiate the OoB connection using the provided Start Command. The...

Chapter 6: Secure SSH Tunneling and SDT Connector 724-746-5500 | blackbox.com 53 SDT Connector will now use public key authentication when connecting through the SSH gateway (console server). You may have to restart SDT Connector to shut down any existing tunnels that were established using password...

1101 and 1102 Secure Device Servers 724-746-5500 | blackbox.com 54 Figure 6-23. Remote Desktop Users dialog box. To set the user(s) who can remotely access the system with RDP, click Add on the Remote Desktop Users dialog box. NOTE: If you need to set up new users for Remote Desktop access, open Use...

Chapter 6: Secure SSH Tunneling and SDT Connector 724-746-5500 | blackbox.com 55 In Computer, enter the appropriate IP Address and Port Number: Where there is a direct local or enterprise VPN connection, enter the IP Address of the console server, and the Port Number of the SDT Secure Tunnel for the...

1101 and 1102 Secure Device Servers 724-746-5500 | blackbox.com 56 You can use GUI front end tools like the GNOME Terminal Services Client tsclient to configure and launch the rdesktop client. (Using tsclient also enables you to store multiple configurations of rdesktop for connection to many server...

Chapter 6: Secure SSH Tunneling and SDT Connector 724-746-5500 | blackbox.com 57 RealVNC http://www.realvnc.com is fully cross-platform, so a desktop running on a Linux machine may be displayed on a Windows PC, on a Solaris machine, or on any number of other architectures. There is a Windows server,...

1101 and 1102 Secure Device Servers 724-746-5500 | blackbox.com 62 NOTES (continued): The console server default Username is portXX where XX is the serial port number on the console server. The default Password is portXX To use the defaults for a RDP connection to the serial port 2 on the console se...

Chapter 7: Alerts and Logging 724-746-5500 | blackbox.com 67 7. Alerts and Logging This chapter describes the alert generation and logging features of the console server . The Alert facility monitors the serial ports, all logins, and the power status, and sends emails, SMS, Nagios, or SNMP alerts wh...

1101 and 1102 Secure Device Servers 724-746-5500 | blackbox.com 68 You may also enter a Username and Password if the SMTP server requires authentication. You can specify the specific Subject Line that will be sent with the email. Click Apply to activate SMTP. 7.1.2 SMS Alerts The console server uses...

Chapter 7: Alerts and Logging 724-746-5500 | blackbox.com 69 To configure for SNMP v3, you will need to enter an ID and authentication password and contact information for the local Administrator (in the Security Name ). Click Apply to activate SNMP. Figure 7-3. SNMP alerts. NOTE: All console server...

Chapter 7: Alerts and Logging 724-746-5500 | blackbox.com 71 Figure 7-6. General alert types. Serial Port Signal Alert —This alert will be triggered when the specified signal changes state and applies to serial ports only. You must specify the particular Signal Type (DSR, DCD or CTS) trigger conditi...

1101 and 1102 Secure Device Servers 724-746-5500 | blackbox.com 72 Figure 7-8. Serial port pattern match alert. UPS Power Status Alert — This alert will be triggered when the UPS power status changes between on line, on battery, and low battery. This status will only be monitored on the Applicable U...

Chapter 7: Alerts and Logging 724-746-5500 | blackbox.com 73 7.3 Remote Log Storage Before activating Serial or Network Port Logging on any port or UPS logging, you must specify where those logs are to be saved: Select the Alerts & Logging: Port Log menu option and specify the Server Type to use...

1101 and 1102 Secure Device Servers 724-746-5500 | blackbox.com 74 Level 2 Logs all data transferred to and from the port. Click Add then click Apply.

Chapter 8: Power Management 724-746-5500 | blackbox.com 75 8. Power Management Black Box console server s manage embedded software that you can use to manage connected Power Distribution Systems (PDUs), IPMI devices, and Uninterruptible Power Supplies (UPSs) supplied by a number of vendors. 8.1 Remo...

1101 and 1102 Secure Device Servers 724-746-5500 | blackbox.com 78 The outlet status is displayed and you can initiate the Action you want to take by selecting the appropriate icon: Turn ON Turn OFF Cycle Status You will only be presented with icons for those operations that are supported by the Tar...

Chapter 8: Power Management 724-746-5500 | blackbox.com 79 Figure 8-5. Connecting to remote UPS. 8.2.1 Managed UPS Connections A Managed UPS is a UPS that is directly connected as a Managed Device to the console server . You can connect it via serial or USB cable or by the network. The console serve...

Chapter 8: Power Management 724-746-5500 | blackbox.com 81 Figure 8-8. Add managed UPS screen. Select if the UPS will be Connected Via USB, over a pre-configured serial port, or via SNMP/HTTP/HTTPS over the preconfigured network Host connection. When you select a network UPS connection, then the cor...

1101 and 1102 Secure Device Servers 724-746-5500 | blackbox.com 82 Click New Options in Driver Options if you need to set driver-specific options for your selected NUT driver and hardware combination (more details at http://www.networkupstools.org/doc ). Figure 8-9. New option screen. Check Log Stat...

Chapter 8: Power Management 724-746-5500 | blackbox.com 83 Enter the IP Address or DNS name of the remote console server * that is managing the remote UPS. (*This may be another Black Box console server or it may be a generic Linux server running Network UPS Tools.) NOTE: An example where centrally ...

1101 and 1102 Secure Device Servers 724-746-5500 | blackbox.com 84 Figure 8-11. UPS graph. Click on any particular All Data for any UPS System in the table for more status and configuration information about the selected UPS System. Select UPS Logs and you will be presented with the log table of the...

Chapter 8: Power Management 724-746-5500 | blackbox.com 85 Figure 8-13. NUT. NUT is built on a networked model with a layered scheme of drivers, server and clients: The driver programs talk directly to the UPS equipment and run on the same host as the NUT network server ( upsd ). Drivers are provide...

Chapter 9: Authentication 724-746-5500 | blackbox.com 87 9. Authentication The console server is a dedicated Linux computer with a myriad of popular and proven Linux software modules for networking, secure access (OpenSSH), and communications (OpenSSL), and sophisticated user authentication (PAM, RA...

1101 and 1102 Secure Device Servers 724-746-5500 | blackbox.com 90 Example 2: User Ben is only defined on the TACACS server, which says he has access to ports 5 and 6. When he attempts to log in, a new user will be created for him, and he will be able to access ports 5 and 6. If the TACACS server is...

Chapter 9: Authentication 724-746-5500 | blackbox.com 91 9.3 SSL Certificate The console server uses the Secure Socket Layer (SSL) protocol for encrypted network traffic between itself and a connected user. When establishing the connection, the console server has to expose its identity to the user’s...

Chapter 9: Authentication 724-746-5500 | blackbox.com 93 Figure 9-6. Upload button. After completing these steps, the console server has its own certificate that is used for identifying the console server to its users. NOTE: You can find information on issuing certificates and configuring HTTPS from...

1101 and 1102 Secure Device Servers 94 10. Nagios Integration Nagios is a powerful, highly extensible open source tool for monitoring network hosts and services. The core Nagios software package will typically be installed on a server or virtual server, the central Nagios server. Console server s op...

Chapter 10: Nagios Integration 724-746-5500 | blackbox.com 95 10.2 Central Management and Setting Up SDT for Nagios The Black Box Nagios solution has three parts: the Central Nagios server, Distributed Black Box console server s, and the SDT for Nagios software. Figure 10-2. Nagios setup. Central Na...

1101 and 1102 Secure Device Servers 724-746-5500 | blackbox.com 96 2. Run the SDT for Nagios Configuration Wizard on the central Nagios server (Section 10.2.1— Set up SDT Nagios on central Nagios server) and perform any additional configuration tasks. 3. Install SDT Connector on each client. . 10.2....

Chapter 10: Nagios Integration 724-746-5500 | blackbox.com 97 Click Apply. Next, you must configure the attached Window network host and specify the services you will be checking with Nagios (HTTP and HTTPS): Select Network Hosts from the Serial & Network menu and click Add Host. Enter the IP Ad...

1101 and 1102 Secure Device Servers 724-746-5500 | blackbox.com 98 Finally, you need to add a User for the client running SDT Connector: Select Users & Groups from the Serial & Network menu. Click Add User. In Username, enter: sdtnagiosuser , then enter and confirm a Password. In Accessible ...

1101 and 1102 Secure Device Servers 724-746-5500 | blackbox.com 100 Refer to the sample Nagios configuration section below for some examples of configuring specific NSCA checks. 10.3.4 Configure Selected Serial Ports for Nagios Monitoring The individual Serial Ports connected to the console server t...

1101 and 1102 Secure Device Servers 724-746-5500 | blackbox.com 104 10.4.4 Distributed Monitoring Usage Scenarios Below are a number of distributed monitoring Nagios scenarios: Local office In this scenario, the console server is set up to monitor each managed device’s console. Configure it to make ...

Chapter 10: Nagios Integration 724-746-5500 | blackbox.com 105 Remote site with restrictive firewall In this scenario, the role of the console server will vary. One aspect may be to upload check results through NSCA. Another may be to provide an SSH tunnel to allow the Nagios server to run NRPE comm...

1101 and 1102 Secure Device Servers 724-746-5500 | blackbox.com 106 11. System Management This chapter describes how the Administrator can perform a range of general console server system administration and configuration tasks such as: • Applying Soft and Hard Resets to the gateway. • Re-flashing th...

Chapter 11: System Management 724-746-5500 | blackbox.com 107 The hard erase will clear all custom settings and return the unit back to factory default settings ( i.e. the IP address will be reset to 192.168.0.1). You will be prompted to log in and must enter the default administration username and ...

1101 and 1102 Secure Device Servers 724-746-5500 | blackbox.com 108 Click Apply and the console server appliance will perform a soft reboot and start upgrading the firmware. This process will take several minutes. After the firmware upgrade completes, click here to return to the Management Console. ...

Chapter 11: System Management 724-746-5500 | blackbox.com 109 Figure 11-6. Configuration backup screen. With all console server s, you can save the backup file remotely on your PC and you can restore configurations from remote locations: Click Save Backup in the Remote Configuration Backup menu. The...

1101 and 1102 Secure Device Servers 724-746-5500 | blackbox.com 110 12. Status Reports This chapter describes the dashboard feature and the status reports that are available: • Port Access and Active Users • Statistics • Support Reports • Syslog • Dashboard Other status reports that are covered else...

Chapter 12: Status Reports 724-746-5500 | blackbox.com 111 Figure 12-2. Statistics status. You can find detailed statistics reports by selecting the various submenus. 12.3 Support Reports The Support Report provides useful status information that will assist the Black Box Technical Support team to s...

1101 and 1102 Secure Device Servers 724-746-5500 | blackbox.com 112 12.4 Syslog The Linux System Logger in the console server maintains a record of all system messages and errors: Select Status: Syslog You can redirect the syslog record to a remote Syslog Server: Enter the remote Syslog Server Addre...

Chapter 12: Status Reports 724-746-5500 | blackbox.com 113 12.5.1 Configuring the Dashboard Only users who are members of the admin group (and the root user) can configure and access the dashboard. To configure a custom dashboard: Select System: Configure Dashboard and select the user (or group) you...

1101 and 1102 Secure Device Servers 724-746-5500 | blackbox.com 114 To configure what is to be displayed by each widget: Go to the Configure widgets panel and configure each selected widget (for example, specify which UPS status is to be displayed on the ups widget or the maximum number of Managed D...

Chapter 13: Management 724-746-5500 | blackbox.com 115 13. Management The console server has a small number of Manage reports and tools that are available to both Administrator s and Users : • Access and control authorized devices. • View serial port logs and host logs for those devices. • Use SDT C...

1101 and 1102 Secure Device Servers 724-746-5500 | blackbox.com 116 Figure 13-3. Port logs. To display Host logs, select Manage: Host Logs and the Host to be displayed. 13.3 Serial Port Terminal Connection Administrator and Users can communicate directly with the console server command line and with...

Chapter 13: Management 724-746-5500 | blackbox.com 117 NOTE: You must install SDT Connector on the computer you are browsing from and add and the console server as a gateway as detailed in Chapter 6. The alternate to using SDT Connector and your local telnet client is to run the open source jcterm j...

1101 and 1102 Secure Device Servers 724-746-5500 | blackbox.com 118 14. Configuration from the Command Line For those who prefer to configure their console server at the Linux command line level (rather than use a browser and the Management Console), this chapter describes how to use command line ac...

Chapter 14: Configuration from the Command Line 724-746-5500 | blackbox.com 119 The config tool Syntax config [ -ahv ] [ -d id ] [ -g id ] [ -p path ] [ -r configurator ] [ -s id=value ] [ -P id ] Description The config tool is designed to perform multiple actions from one command if needed, so opti...

1101 and 1102 Secure Device Servers 724-746-5500 | blackbox.com 120 The registered configurators are: alerts auth cascade console dhcp dialin eventlog hosts ipaccess ipconfig nagios power serialconfig services slave systemsettings time ups users There are three ways to delete a config element value....

Chapter 14: Configuration from the Command Line 724-746-5500 | blackbox.com 121 NOTE: Supported serial port baud-rates are ‘50’, ‘75’, ‘110’, ‘134’, ‘150’, ‘200’, ‘300’, ‘600’, ‘1200’, ‘1800’, ‘2400’, ‘4800’, ‘9600’, '19200', '38400', '57600', '115200', and '230400'. Supported parity values are 'Non...

1101 and 1102 Secure Device Servers 724-746-5500 | blackbox.com 122 # config -s config.ports.port5.sdt.ssh=on To configure a username and password when accessing this port with Username = user1 and Password = secret: # config -s config.ports.port#.sdt.username=user1 # config -s config.ports.port#.sd...

1101 and 1102 Secure Device Servers 724-746-5500 | blackbox.com 124 14.4 Adding and Removing User Groups The console server is configured with a few default user groups (even though only two of these groups are visible in the Management Console GUI). To find out how many groups are already present: ...

Chapter 14: Configuration from the Command Line 724-746-5500 | blackbox.com 125 To configure TACACS authentication: # config -s config.auth.tacacs.auth_server='comma separated list' (list of remote authentiction and authorization servers.) # config -s config.auth.tacacs.acct_server='comma separated ...

1101 and 1102 Secure Device Servers 724-746-5500 | blackbox.com 126 Add other network host To add any other type of network host with the following details: IP address/ DNS name 192.168.3.10 Host name OfficePC Description MyPC Allowed sevices ssh port 22,https port 443 log level for services 1 Issue...

Chapter 14: Configuration from the Command Line 724-746-5500 | blackbox.com 127 The following command will synchronize the live system with the new configuration: # config -r serialconfig 14.8 Cascaded Ports To add a new slave device with the following settings: IP address/DNS name 192.168.0.153 Des...

Chapter 14: Configuration from the Command Line 724-746-5500 | blackbox.com 129 # config -s config.ports.port2.power.type=APC 7900 # config -s config.ports.port2.power.name=MyRPC # config -s "config.ports.port2.power.description=RPC in room 5" # config -s config.ports.port2.power.username=rp...

1101 and 1102 Secure Device Servers 724-746-5500 | blackbox.com 130 Notice Warning Assume the remote log server needs a username 'name1' and password 'secret': # config -s config.eventlog.server.username=name1 # config -s config.eventlog.server.password=secret To set the remote path as '/Black Box/l...

Chapter 14: Configuration from the Command Line 724-746-5500 | blackbox.com 131 # config -s "config.alerts.alert2.pattern=.*0.0% id" # config -s config.alerts.alert2.port10=on # config -s config.alerts.alert2.sensor=temp # config -s config.alerts.alert2.signal=DSR # config -s config.alerts.a...

1101 and 1102 Secure Device Servers 724-746-5500 | blackbox.com 132 # config -s config.system.smtp.subject=SMTP alerts To set-up an SMTP SMS server with the same details as above: # config -s config.system.smtp.server2=mail. Black Box .com # config -s config.system.smtp.encryption2=SSL (can also be ...

Chapter 14: Configuration from the Command Line 724-746-5500 | blackbox.com 133 # config -s config.interfaces.wan.mode=static # config -s config.interfaces.wan.media=[ Auto | 100baseTx-FD | 100baseTx-HD | 10baseT-HD ] 10baseT-FD To enable bridging between all interfaces: # config -s config.system.br...

1101 and 1102 Secure Device Servers 724-746-5500 | blackbox.com 134 The following command will synchronize the live system with the new configuration: # config -r time 14.19 DHCP Server To enable the DHCP server on the console management LAN, with settings: Default lease time 200000 seconds Maximum ...

Chapter 14: Configuration from the Command Line 724-746-5500 | blackbox.com 135 The following command will synchronize the live system with the new configuration: # config –a 14.21 NAGIOS To configure NAGIOS with the following settings: NAGIOS host name console at R3 (Name of this system) NAGIOS hos...

1101 and 1102 Secure Device Servers 724-746-5500 | blackbox.com 136 Black Box console server s run the embedded Linux operating system. So Administrator class users can configure the console server and monitor and manage attached serial console and host devices from the command line using Linux comm...

Chapter 15: Advanced Configuration 724-746-5500 | blackbox.com 137 For power and alarm sensor alerts (power load, and battery charge alerts): /etc/scripts/environmental-alert For an interface failover alert: /etc/scripts/interface-failover-alert All of these scripts do a check to see whether you hav...

1101 and 1102 Secure Device Servers 724-746-5500 | blackbox.com 138 email to more than one email address, find the lines in the script responsible for invoking the alert-email script, then add the following lines below the existing lines: export TOADDR="[email protected]" /bin/sh /etc/...

Chapter 15: Advanced Configuration 724-746-5500 | blackbox.com 141 sleep 30s fi if [ "$COUNTER" -eq 5 ] then COUNTER=0 "$@" sleep 2s fi done ! A configurator is responsible for reading the values in /etc/config/config.xml and making the appropriate changes live. Some changes made by ...

1101 and 1102 Secure Device Servers 724-746-5500 | blackbox.com 142 To save the configuration: # /etc/scripts/backup-usb save config-20May To check if the backup was saved correctly: # /etc/scripts/backup-usb list If this command does not display "* config-20May" then there was an error savi...

Chapter 15: Advanced Configuration 724-746-5500 | blackbox.com 143 Black Box’s portmanger program manages the console server serial ports. It routes network connection to serial ports, checks permissions, and monitors and logs all the data flowing to/from the ports. pmshell The pmshell command acts ...

1101 and 1102 Secure Device Servers 724-746-5500 | blackbox.com 144 portmanager daemon There is normally no need to stop and restart the daemon. To restart the daemon normally, just run the command: # portmanager Supported command line options are: Force portmanager to run in the foreground: --nodae...

Chapter 15: Advanced Configuration 724-746-5500 | blackbox.com 147 To set the Username field (SNMP version 3 only): config --set config.system.snmp.username2=yourusername .. replacing yourusername with the username config.system.snmp.username2 (3 only) To set the Engine ID field (SNMP version 3 only...

1101 and 1102 Secure Device Servers 724-746-5500 | blackbox.com 148 The key fingerprint is: 28:aa:29:38:ba:40:f4:11:5e:3f:d4:fa:e5:36:14:d6 user@server $ Create a new directory to store your generated keys. You can also name the files after the device they will be used for. For example: $ mkdir keys...

1101 and 1102 Secure Device Servers 724-746-5500 | blackbox.com 150 http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1 http://www openbsd.org/cgi-bin/man.cgi?query=sshd. ! This section describes how to generate and configure SSH keys using Windows. First create a new user from the Black ...

Chapter 15: Advanced Configuration 724-746-5500 | blackbox.com 151 Use WinSCP to copy this "authorized_keys" file into the users home directory: e.g. /etc/config/users/testuser/.ssh/authorized_keys of the Black Box gateway which will be the SSH server. You will need to make sure this file is...

1101 and 1102 Secure Device Servers 724-746-5500 | blackbox.com 152 If the host key has been legitimately changed, it can be removed from the ~/.ssh/known_hosts file and the new fingerprint added. If it has not changed, this indicates a serious problem that should be investigated immediately. You ha...

Chapter 15: Advanced Configuration 724-746-5500 | blackbox.com 153 Figure 16-6. Keys. To generate the keys using OpenBSD's OpenSSH suite, we use the ssh-keygen program: $ ssh-keygen -t [rsa|dsa] Generating public/private [rsa|dsa] key pair. Enter file in which to save the key (/home/user/.ssh/id_[rs...

1101 and 1102 Secure Device Servers 724-746-5500 | blackbox.com 154 Each client will then need its own set of keys uploaded through the same page. Take care to ensure that the correct type of keys (DSA or RSA) go in the correct spots, and that the public and private keys are in the correct spot. (*&...

Chapter 15: Advanced Configuration 724-746-5500 | blackbox.com 155 To create a 1024 bit RSA key and a self-signed certificate, issue the following openssl command from the host you have openssl installed on: openssl req -x509 -nodes -days 1000 \ -newkey rsa:1024 -keyout ssl_key.pem -out ssl_cert.pem...

1101 and 1102 Secure Device Servers 724-746-5500 | blackbox.com 158 The console server includes the ipmitool utility for managing and configuring devices that support the Intelligent Platform Management Interface (IPMI) version 1.5 and version 2.0 specifications. IPMI is an open standard for monitor...

Chapter 15: Advanced Configuration 724-746-5500 | blackbox.com 159 -p < port > Remote server UDP port to connect to. Default is 623. -P < password > Remote server password is specified on the command line. If supported, it will be obscured in the process list. Note! Specifying the passwo...

Appendix A: Linux Commands and Source Code 724-746-5500 | blackbox.com 161 Appendix A. Linux Commands and Source Code The console server platform is a dedicated Linux computer, optimized to provide monitoring and secure access to serial and network consoles of critical server systems and their suppo...

1101 and 1102 Secure Device Servers 724-746-5500 | blackbox.com 162 ip6tables Administration tool for IPv6 packet filtering iptables-restore Restore IP Tables iptables-save Save IP Tables kill * Send a signal to a process to end gracefully ln * Make links between files login Begin session on the sys...

Appendix A: Linux Commands and Source Code 724-746-5500 | blackbox.com 163 sleep * Delay for a specified amount of time smbmnt Helper utility for mounting SMB file systems smbmount Mount an SMBFS file system smbumount SMBFS umount for normal users snmpd SNMP daemon snmptrap Sends an SNMP notificatio...