Black Box Value-Line and Advanced Console Servers - Manual

INDEX INTRODUCTION 13 INSTALLATION 18 2.1 Models 18 2.1.1 Kit components LES1508A Console Server 19 2.1.2 Kit components LES1308A- LES1348A and LES1408A - LES1448A Advanced Console Servers 19 2.1.3 Kit components LES1208A-R2, LES1216A-R2, LES1232A and LES1248A-R2 Advanced Console Servers 20 2.1.4 Ki...

4.1.8 Cisco USB console connection 56 4.2 Add/ Edit Users 56 4.3 Authentication 60 4.4 Network Hosts 60 4.5 Trusted Networks 61 4.6 Serial Port Cascading 62 4.6.1 Automatically generate and upload SSH keys 62 4.6.2 Manually generate and upload SSH keys 63 4.6.3 Configure the slaves and their serial ...

6.2.1 SDT Connector installation 104 6.2.2 Configuring a new console server gateway in the SDT Connector client 105 6.2.3 Auto-configure SDT Connector client with the user’s access privileges 106 6.2.4 Make an SDT connection through the gateway to a host 107 6.2.5 Manually adding hosts to the SDT Co...

8.1 Remote Power Control (RPC) 149 8.1.1 RPC connection 149 8.1.2 RPC access privileges and alerts 152 8.1.3 User power management 152 8.1.4 RPC status 153 8.2 Uninterruptible Power Supply Control (UPS) 153 8.2.1 Managed UPS connections 154 8.2.2 Remote UPS management 157 8.2.3 Controlling UPS power...

11.3 Configure Date and Time 197 11.4 Configuration Backup 198 11.5 Delayed Configuration Commit 201 11.6 FIPS Mode 202 STATUS REPORTS 203 12.1 Port Access and Active Users 203 12.2 Statistics 203 12.3 Support Reports 204 12.4 Syslog 204 12.5 Dashboard 205 12.5.1 Configuring the Dashboard 205 12.5.2...

APPENDIX A. CLI Commands and Source Code B. Hardware Specification C. Safety and Certifications D. Connectivity and Serial I/O E. Terminology F. End User License Agreement G. Service and Warranty _____________________________________________________________________ 724-746-5500 | blackbox.com Page 1...

Chapter 1 Introduction INTRODUCTION This Manual This User’s Manual walks you through installing and configuring your Black Box Console Server (LES1108A, LES1116A, LES1132A, LES1148A, LES1508A) or Advanced Console Server (LES1208A-R2, LES1216A-R2, LES1232A, LES1248A-R2, LES1308A, LES1316A, LES1332A, ...

10. Nagios Integration Describes how to set Nagios central management with SDT extensions and configure the console server as a distributed Nagios server. 11. System Management Covers access to and configuration of services that will run on the console server. 12. Status Reports View a dashboard sum...

ports and serially connected devices, network connected hosts, and connected power devices; and to view associated logs and configure alerts. A User can also use the Management Console, but has limited menu access to control select devices, review their logs and access them using the built-in java t...

Date Revision Update details September 2011 1.1 Prerelease October 2011 2.0 Release for V2.8 firmware and later December 2012 3.0 Release for V3.5 firmware and later _____________________________________________________________________ 724-746-5500 | blackbox.com Page 16

Copyright ©Black Box Corporation 2011. All Rights Reserved. Information in this document is subject to change without notice and does not represent a commitment on the part of Black Box. Black Box provides this document “as is,” without warranty of any kind, either expressed or implied, including, b...

Chapter 2 Installation INSTALLATION Introduction This chapter describes how to install the console server hardware and connect it to controlled devices. To avoid physical and electrical hazards please read Appendix C on Safety. 2.1 Models There are multiple console server models, each with a differe...

DB9F-RJ45S straight and DB9F-RJ45S cross-over connectors USB micro-AB adapter cable Antenna with 10 foot extension cable Dual IEC AC power cords Printed Quick Start Guide and User’s Manual on CD-ROM 2.1.3 Kit components LES1208A-R2, LES1216A-R2, LES1232A and LES1248A-R2 Advanced Console Servers LES1...

2.1.4 Kit components LES1116A, LES1132A and LES1148A Console Servers LES1116A, LES1132A or LES1148A Console Server (2) UTP CAT5 blue cables DB9F-RJ45S straight and DB9F-RJ45S cross-over connectors IEC AC power cord Printed Quick Start Guide and User’s Manual on CD-ROM 2.1.5 Kit components LES1108A C...

2.2.4 LES1108A power The LES1108A includes an external DC power supply unit. This unit accepts an AC input voltage between 100 and 250 VAC with a frequency of 50Hz or 60Hz. The DC power supply has an IEC AC power socket, which accepts a conventional IEC AC power cord. The power cord for North Americ...

PIN SIGNAL DEFINITION DIRECTION 1 RTS Request To Send Output 2 DSR Data Set Ready Input 3 DCD Data Carrier Detect Input 4 RXD Receive Data Input 5 TXD Transmit Data Output 6 GND Signal Ground NA 7 DTR Data Terminal Ready Output 8 CTS Clear To Send Input The LES1208A-R2, LES1216A-R2, LES1232A, LES124...

− connecting to USB consoles of Managed Devices (e.g. for managing UPS supplies) − attaching other external USB peripherals (e.g. an external USB memory stick or modem) − adding supported Sierra Wireless cellular USB modems − plugging in USB hubs to provide additional ports The USB1.1 port is best r...

Chapter 3 Initial System Configuration SYSTEM CONFIGURATION Introduction This chapter provides step-by-step instructions for the console server’s initial configuration, and for connecting it to the Management or Operational LAN. The Administrator must:  Activate the Management Console.  Change the...

 You will be prompted to log in. Enter the default administration username and administration password: Username: root Password: default Note Console server s are factory configured with HTTPS access enabled and HTTP access disabled. A Welcome screen, which lists initial installation configuration ...

After completing each of the above steps, you can return to the configuration list by clicking in the top left corner of the screen on the Black Box logo. Note If you are not able to connect to the Management Console at 192.168.0.1 or if the default Username/Password were not accepted, then reset yo...

 Click Apply . Since you have changed the password you will be prompted to log in again. This time, use the new password. Note If you are not confident that your console server has the current firmware release, you can upgrade. Refer to Upgrade Firmware—Chapter 10 . 3.2.1 Set up new administrator I...

The next step is to enter an IP address for the principal Ethernet ( LAN/Network/Network1 ) port on the console server ; or enable its DHCP client so that it automatically obtains an IP address from a DHCP server on the network it will connect to.  On the System: IP menu, select the Network Interfa...

3.4 System Services The Administrator can access and configure the console server (and connected devices) using a range of access protocols/services – and for each such access, the particular service must be running with access through the firewall enabled. Service Access specifies which access prot...

The Services Access settings specify which services the Administrato r can use over which network interface to access the console server. It also nominates the enabled services that the Administrato r and the User can use to connect through the console server to attached serial and network connected...

in rackmount models. To modify the default SNMP settings, the Administrator must make the edits at the command line as described in Chapter 15—Advanced Configuration. TFTP This service will set up the default tftp server on the USB flash card (and is relevant to LES1508A, LES1408A, LES1416A, LES1432...

 To enable a service check Enable . For some servces you will be asked to specify the TCP/IP port to be used for thie service.  There are also some serial port access parameters that you can configure on this menu: Base The console server uses specific default ranges for the TCP/IP ports for the v...

 To use PuTTY for an SSH terminal session from a Windows client, enter the console server ’s IP address as the ”Host Name (or IP address).”  To access the console server command line, select “SSH” as the protocol, and use the default IP Port 22.  Click “Open” and the console server login prompt w...

3.6.1 Enable the Management LAN The LES1508A, LES1408A, LES1416A, LES1432A, LES1448A, LES1308A, LES1316A, LES1332A, LES1348A, LES1208A-R2, LES1216A-R2, LES1232A and LES1248A-R2 console serve rs provide a firewall, router, and DHCP server. You need to connect an external LAN switch to Network 2 to at...

Note You can configure the second Ethernet port as either a gateway port or as an OOB/Failover port (but not both). Make sure you did not allocate Network 2 as the Failover Interface when you configured the principal Network connection on the System: IP menu. The management gateway function is now e...

 Click Apply . You have selected the failover method. It is not active until you specify the external sites to be probed to trigger failover, and set up the failover ports themselves. This is covered in Chapter 5 . Note You can configure the second Ethernet port as either a gateway port or as an OO...

Chapter 4 Serial Port, Host, Device & User Configuration SERIAL PORT AND NETWORK HOST Introduction The Black Box console server enables access and control of serially attached devices and network attached devices ( hosts ). The Administrator must configure access privileges for each of these dev...

1) Console Server Mode is the default and this enables general access to serial console port on the serially attached devices. 2) Device Mode sets the serial port up to communicate with an intelligent serial controlled PDU, UPS, or Environmental Monitor Device (EMD). 3) SDT Mode enables graphical co...

 Specify a label for the port.  Select the appropriate Baud Rate , Parity , Data Bits , Stop Bits, and Flow Control for each port. (Note: The RS-485/RS-422 option is not relevant for console server s.)  Before proceeding with further serial port configuration, connect the ports to the serial devi...

If the remote communications are tunneled with SDT Connector , then you can use Telnet to securely access these attached devices (refer to the Note below). Note In Console Server mode, Users and Administrators can use SDT Connector to set up secure Telnet connections that are SSH tunneled from their...

PuTTY can be downloaded at http://www.tucows.com/preview/195286.html SSH We recommend that you use SSH as the protocol where the User or Administrator connects to the console server (or connects through the console server to the attached serial consoles) over the Internet or any other public network...

For example, if the computer attached to serial port 3 should never send anything out on its serial console port, the Administrator can set the Facility for that port to local0 ( local0 .. local7 are for site local values), and the Priority to critical . At this priority, if the console server syslo...

Users can be authorized to access specified console server serial ports and specified network-attached hosts. These users can also be given full Administrator status (with full configuration and management and access privileges). To simplify user set up, they can be configured as members of Groups. ...

3. If a user is set up with pptd, dialin, ftp or pmshell group membership they will have restricted user shell access to the nominated managed devices but they will not have any direct access to the console server itself. To add this the users must also be a member of the "users" or "adm...

Note The User Name can contain from 1 to 127 alphanumeric characters (you can also use the special characters “-”, “_”, and “.” ). There are no restrictions on the characters that you can use in the user Password (each can contain up to 254 characters). Only the first eight Password characters are u...

 If the console server has been configured with distributed Nagios monitoring enabled, then you will also be presented with Nagios Settings options to enable nominated services on the Host to be monitored (refer to Chapter 10— Nagios Integration ).  Click Apply. This will create the new Host and a...

Network Mask 255.255.255.255  If, however, you want to allow all the users operating from within a specific range of IP addresses (for example, any of the thirty addresses from 204.15.5.129 to 204.15.5.158) to be permitted connection to the nominated port: Host /Subnet Address 204.15.5.128 Subnet M...

 Select System: Administration on Master’s Management Console.  Check Generate SSH keys automatically and click Apply. Next, you must select whether to generate keys using RSA and/or DSA (if unsure, select only RSA). Generating each set of keys will require approximately two minutes, and the new k...

Next, you must register the Public Key as an Authorized Key on the Slave. In a case that has only one Master with multiple Slaves, you only need to upload the one RSA or DSA public key for each Slave. Note Using key pairs can be confusing since one file (Public Key) fulfills two roles— Public Key an...

Once you have added all the Slave console server s, you can assign and access the Slave serial ports and the connected devices from the Master’s Management Console menu. You can also access them through the Master’s IP address.  Select the appropriate Serial & Network: Serial Port and Edit to c...

This serial port redirector software is loaded in your desktop PC, and it allows you to use a serial device that’s connected to the remote console server as if it were connected to your local serial port. 4.8 Managed Devices Managed Devices presents a consolidated view of all the connections to a de...

Note To set up a new serially connected RPC UPS or EMD device, configure the serial port, designate it as a Device, then enter a Name and Description for that device in the Serial & Network: RPC Connections (or UPS Connections or Environmental ). When applied, this will automatically create a co...

o If Server has been selected , enter the IP Pool Network address and the IP Pool Network mask for the IP Pool. The network defined by the IP Pool Network address/mask is used to provide the addresses for connecting clients.  Click Apply to save changes  To enter authentication certificates and fi...

4.11 PPTP VPN The LES1508A, LES1408A, LES1416A, LES1432A, LES1448A, LES1308A, LES1316A, LES1332A, LES1348A, LES1208A-R2, LES1216A-R2, LES1232 and LES1248A-R2 console server s include a PPTP (Point-to-Point Tunneling Protocol) server. PPTP is typically used for communications over a physical or virtu...

Chapter 5 Firewall, Failover and OoB Dial Access FIREWALL, FAILOVER AND OoB DIAL-IN Introduction The console server has a number of fail-over and out-of-band access capabilities to make sure it’s available if there are difficulties accessing the console server through the principal network path. The...

external modem via a serial cable to the DB9 port, and you can configure the second Ethernet port for broadband OoB access. Make sure you unplug the console server power before installing the modem. When it next boots, it will detect the modem and a PC Card Modem tab will appear under System -> D...

Note: The User name and Password to be used for the dial-in PPP link are setup when the User is initially set up with dialin Group membership. The dialin Group supports multiple dial-in users. Any dial-back phone numbers are also configured when the User is set up. Note Chapter 15—Advanced Configura...

 Enter the PPP User name and Password you set up for the console server. 5.1.4 Set up earlier Windows clients  For Windows 2000, the PPP client set up procedure is the same as above, except you get to the Dial-Up Networking Folder by clicking the Start button and selecting Settings. Then, click Ne...

active broadband access paths to the console server , if you are unable to access it through the primary management network ( Network or Network1 ), you can still access it through the alternate broadband path (for example, a T1 link).  On the System: IP menu select Network 2 and configure the IP A...

5.4.2 Failover dial-out The console server modem can be configured so a dial-out PPP connection is automatically set up in the event of a disruption in the principal management network.  When configuring the principal network connection in System: IP specify the Failover Interface that will be used...

Note: Your 3G carrier may have provided you with details for configuring the connection including APN (Access Point Name), Pin Code (optional PIN code which may be required to unlock the SIM card), Phone Number (the sequence to dial to establish the connection, defaults to *99***1#), Username/ Passw...

5.7 Cellular Operation When set up as a console server the 3G cellular modem can be set up to connect to the carrier in either: - Failover mode . In this case a dial-out cellular connection is only established in event of a ping failure - OOB mode . In this mode the dial-out connection to the carrie...

5.8 Firewall & Forwarding The console server has routing, NAT, packet filtering and port forwarding support on all physical and virtual network interfaces. This enables the console server to function as an Internet or external network gateway: − Network Forwarding allows the network packets on o...

Source Address : This allows the user to restrict access to a port forward to a specific address. In most cases, this should be left blank Input Port Range : The range of ports to forward to the destination IP. These will be the port(s) specified when accessing the port forward. These ports need not...

 Click New Firewall Rule  Fill in the following fields: Name: Name the rule. This name should describe the policy the firewall rule is being used to implement (e.g. block ftp, Allow Tony) Interface: Select the interface that the firewall rule will be applied to (i.e. Any, Dialout/Cellular, VPN, Ne...

Protocol: TCP Direction: Egress Action: Block The firewall rules are processed in a set order- from top to bottom. So rule placement is important. For example with the following rules, all traffic coming in over the Network Interface is blocked except when it comes from two nominated IP addresses ( ...

Chapter 6 Secure SSH Tunneling & SDT Connector SECURE SSH TUNNELING AND SDT CONNECTOR Introduction Each Black Box console server has an embedded SSH server and uses SSH tunneling so remote users can securely connect through the console server to Managed Devices—using text-based console tools (su...

 Using SDT Connector to Telnet or SSH connect to devices that are serially attached to the console server ( Section 6.4 ). The chapter then covers more advanced SDT Connector and SSH tunneling topics:  Using SDT Connector for out-of-band access ( Section 6.5 ).  Automatic importing and exporting ...

6.2.1 SDT Connector installation  The SDT Connector set up program ( SDTConnector Setup-1.n.exe or sdtcon-1.n.tar.gz ) is included on the CD supplied with your Black Box console server .  Run the set-up program. Note For Windows clients, the SDTConnectorSetup-1.n.exe application will install the S...

configure clients to run on the PC that will use the service to connect to the hosts and serial port devices (refer to Section 6.2.7 and 6.2.9 ). You can also set up SDT Connector to connect out-of-band to the console server (refer to Section 6.2.9 ). 6.2.2 Configuring a new console server gateway i...

 Or, enter a Descriptive Name to display instead of the IP or DNS address, and any Notes or a Description of this gateway (such as its firmware version, site location, or anything special about its network configuration).  Click OK and an icon for the new gateway will now appear in the SDT Connect...

 configure access to network connected Hosts that the user is authorized to access and set up (for each of these Hosts) the services (for example, HTTPS, IPMI2.0) and the related IP ports being redirected.  configure access to the console server itself (this is shown as a Local Services host).  c...

Note SDT Connector can also tunnel UDP services. SDT Connector tunnels the UDP traffic through the TCP SSH redirection, so it is a “tunnel within a tunnel.” Enter the UDP port where the service is running on the host. This will also be the local UDP port that SDT Connector binds as the local endpoin...

 Click OK. 6.2.8 Dial in configuration If the client PC is dialing into Local/Console port on the console server, you will need to set up a dial-in PPP link:  Configure the console server for dial-in access (following the steps in the Configuring for Dial-In PPP Access section in Chapter 5 , Confi...

 Click the HTTP or HTTPS Services icon to access the Management Console, and/or click SSH or Telnet to access the command line console. Note: To enable SDT access to the console, you must also configure the console server to allow the port forwarded network access to itself:  Browse to the console...

Description, and Password/Confirm . Select 127.0.0.1 from Accessible Host (s) and select Port 2 from Accessible Port(s). Click Apply. 6.5 Using SDT Connector for out-of-band connection to the gateway You can also set up SDT Connector to connect to the console server (gateway) out-of-band (OoB). OoB ...

where network_connection is the name of the network connection as displayed in Control Panel -> Network Connections , login is the dial-in username, and password is the dial-in password for the connection.  To initiate a pre-configured dial-up connection under Linux, use the following Start Comm...

To enable the distribution of pre-configured client config files, SDT Connector has an Export/Import facility:  To save a configuration.xml file (for backup or for importing into other SDT Connector clients) select File -> Export Preferences and select the location where you want to save the con...

6.8 Setting up SDT for Remote Desktop access The Microsoft Remote Desktop Protocol (RDP) enables the system manager to securely access and manage remote Windows computers—to reconfigure applications and user profiles, upgrade the server’s operating system, reboot the machine, etc. Black Box’s Secure...

 To set the user(s) who can remotely access the system with RDP, click Add on the Remote Desktop Users dialog box. Note If you need to set up new users for Remote Desktop access, open User Accounts in the Control Panel and follow the steps to nominate the new user’s name, password, and account type...

 In Computer , enter the appropriate IP Address and Port Number:  Where there is a direct local or enterprise VPN connection, enter the IP Address of the console server , and the Port Number of the SDT Secure Tunnel for the console server serial port that you attach to the Windows computer you wan...

 Click Connect. Note The Remote Desktop Connection software is pre-installed with Windows XP, Vista and Server 2003/2008. For earlier Windows PCs, you need to download the RDP client:  Go to the Microsoft Download Center site http://www.microsoft.com/downloads/details.aspx?familyid=80111F21-D48D-4...

Note The rdesktop client is supplied with Red Hat 9.0:  rpm -ivh rdesktop-1.2.0-1.i386.rpm For Red Hat 8.0 or other distributions of Linux; download source, untar, configure, make, make, then install. rdesktop currently runs on most UNIX based platforms with the X Window System and can be downloade...

6.9 SDT SSH Tunnel for VNC With SDT and Virtual Network Computing (VNC), Users and Administrators can securely access and control Windows 98/NT/2000/XP/2003, Linux, Macintosh, Solaris, and UNIX computers. There’s a range of popular free and commercial VNC software available (UltraVNC, RealVNC, Tight...

 To set up a persistent VNC server on Red Hat Enterprise Linux 4: o Set a password using vncpasswd o Edit /etc/sysconfig/vncservers o Enable the service with chkconfig vncserver on o Start the service with service vncserver start o Edit /home/ username /.vnc/xstartup if you want a more advanced ses...

Note For general background reading on Remote Desktop and VNC access we recommend the following:  The Microsoft Remote Desktop How-To.  http://www.microsoft.com/windowsxp/using/mobility/getstarted/remoteintro.mspx  The Illustrated Network Remote Desktop help page. http://theillustratednetwork.mvp...

 Specify which Users will be allowed to use this connection. This should be the same Users who were given Remote Desktop access privileges in the earlier step. Click Next.  On the Network Connection screen select TCP/IP and click Properties.  Select Specify TCP/IP addresses on the Incoming TCP/IP...

Or, you can set the advanced connection and access on the Windows computer to use the console server defaults:  Specify 10.233.111.254 as the From: address  Select Allow calling computer to specify its own address Also, you could use the console server default username and password when you set up...

C. For earlier version Windows computers, follow the steps in Section B. above. To get to the Make New Connection button:  For Windows 2000, click Start, and select Settings . At the Dial-Up Networking Folder, click Network and Dial-up Connections, and click Make New Connection. You may need to fir...

6.10.3 Set up SDT Connector to SSH port forward over the console server Serial Port In the SDT Connector software running on your remote computer, specify the gateway IP address of your console server and a username/password for a user you set up on the console server that has access to the desired ...

Destination as portXX:3389 (where XX is the SDT enabled serial port number). For example, if port 4 is on the console server is to carry the RDP traffic, then specify port04:3389 Note http://www.jfitz.com/tips/putty_config.html has useful examples on configuring PuTTY for SSH tunneling .  Select Lo...

Chapter 7 Alerts, Auto-response and Logging ALERTS AND LOGGING Introduction This chapter describes the automated response, alert generation and logging features of the console server . The new Auto-Response facility (in firmware V3.5.1 and later) extends on the basic Alert facility available in earl...

7.2 Check Conditions To configure the condition that will trigger the Auto-Response:  Click on the Check Condition type (e.g. Environmental , UPS Status or ICMP ping ) to be configured as the trigger for this new Auto-Response in the Auto-Response Settings menu 7.2.1 UPS / Power Supply To use the p...

 Click on Custom Check as the Check Condition  Create an executable trigger check script file e.g. /etc/config/test.sh #!/bin/sh logger "A test script" logger Argument1 = $1 logger Argument2 = $2 logger Argument3 = $3 logger Argument4 = $4 if [ -f /etc/config/customscript.0 ]; then rm /etc...

Note: The SMS command trigger condition can only be set if there is an internal or external USB cellular modem detected 7.3 Trigger Actions To configure the sequence of actions that is to be taken in the event of the trigger condition:  For a nominated Auto-Response - with a defined Check Condition...

 Specify the Recipient Email Address to send this email to and the Subject of the email. For multiple recipients you can enter comma separated addresses  Edit the Email Text message to send and click Save New Action Note An SMS alert can also be sent via an SMTP (email) gateway. You will need to s...

 Click Save New Action Note: To notify the central Nagios server of Alerts, NSCA must be enabled under System: Nagios and Nagios must be enabled for each applicable host or port 7.4 Resolve Actions Actions can also be scheduled to be taken a trigger condition has been resolved:  For a nominated Au...

Note All console server s have the snmptrap daemon to send traps/notifications to remote SNMP servers on defined trigger events as detailed above. LES1408A, LES1416A, LES1432A, LES1448A, LES1308A, LES1316A, LES1332A, LES1348A, LES1208A-R2, LES1216A-R2, LES1232 and LES1248A-R2 console server s also e...

Chapter 8 Power & Environmental Management POWER & ENVIRONMENTAL MANAGEMENT Introduction Black Box console server s manage embedded software that you can use to manage connected Power Distribution Systems (PDUs), IPMI devices, and Uninterruptible Power Supplies (UPSs) supplied by a number of...

 Select the appropriate RPC Type for the PDU (or IPMI) being connected:  If you are connecting to the RPC via the network, you will be presented with the IPMI protocol options and the SNMP RPC Types currently supported by the embedded Network UPS Tools.  If you are connecting to the RPC by a seri...

 Enter the Username and Password used to login into the RPC (Note that these login credentials are not related to the Users and access privileges you configured in Serial & Networks: Users & Groups ).  If you selected SNMP protocol, enter the SNMP v1 or v2c Community for Read/Write access ...

Turn OFF Cycle Status You will only be presented with icons for those operations that are supported by the Target you have selected. 8.1.4 RPC status You can monitor the current status of your network and serially connected PDUs and IPMI RPCs.  Select the Status: RPC Status menu and a table with th...

8.2.1 Managed UPS connections A Managed UPS is a UPS that is directly connected as a Managed Device to the console server . You can connect it via serial or USB cable or by the network. The console server becomes the master of this UPS, and runs a upsd server to allow other computers that are drawin...

Note : These login credentials are not related to the Users and access privileges you configured in Serial & Networks: Users & Groups.  If you have multiple UPSes and require them to be shut down in a specific order, specify the Shutdown Order for this UPS. This is a whole positive number, ...

 Enter the Name of the particular remote UPS that you want to remotely monitor. This name must be the name that the remote UPS was configured with on the remote console server (because the remote console server may itself have multiple UPSes attached that it manages locally with NUT). Optionally, e...

on battery. In contrast, more critical servers may not be shut down until a low battery warning is received). Refer to the online NUT documentation for details on how to do this: http://eu1.networkupstools.org/doc/2.2.0/INSTALL.html http://linux.die.net/man/5/upsmon.conf http://linux.die.net/man/8/u...

 The latest release of NUT (2.4) also controls PDU systems. It can do this either natively using SNMP or through a binding to Powerman (open source software from Livermore Labs that also is embedded in Black Box console server s). These NUT clients and servers all are embedded in each Black Box con...

Chapter 9 Authentication AUTHENTICATION Introduction The console server is a dedicated Linux computer with a myriad of popular and proven Linux software modules for networking, secure access (OpenSSH), and communications (OpenSSL), and sophisticated user authentication (PAM, RADIUS, TACACS+ and LDAP...

 In addition to multiple remote servers, you can also enter separate lists of Authentication/ Authorization servers and Accounting servers. If no Accounting servers are specified, the Authentication/Authorization servers are used instead.  Enter and confirm the Server Password . Then select the me...

 Enter the Server Address (IP or host name) of the remote Authentication server. Multiple remote servers may be specified in a comma-separated list. Each server is tried in succession.  Enter the Server Password. Note To interact with LDAP requires that the user account exist on our console server...

9.1.5 RADIUS/TACACS User Configuration Users may be added to the local console server appliance. If they are not added and they log in via remote AAA, a user will be added for them. This user will not show up in the Black Box configurators unless they are specifically added, at which point they are ...

 Select Serial & Network: Authentication  Select the relevant Authentication Method  Check the Use Remote Groups button 9.1.7 Remote groups with RADIUS authentication  Enter the RADIUS Authentication and Authorization Server Address and Server Password  Click Apply.  Edit the Radius user’s...

For example, in an existing Active Directory setup, a group of users may be part of the “ UPS Admin ” and “ Router Admin ” groups. On the console server , these users will be required to have access to a group “ Router_Admin ”, with access to port 1 (connected to the router), and another group “ UPS...

If there is already a Framed-Filter-Id, simply add the list of group_names after the existing entries, including the separating colon “:”. 9.3 SSL Certificate The console server uses the Secure Socket Layer (SSL) protocol for encrypted network traffic between itself and a connected user. When establ...

Key length This is the length of the generated key in bits. 1024 Bits are supposed to be sufficient for most cases. Longer keys may result in slower response time of the console server when establishing connection.  Once this is done, click on the button Generate CSR which will initiate the Certifi...

Chapter 10 Nagios Integration NAGIOS INTEGRATION Introduction Nagios is a powerful, highly extensible open source tool for monitoring network hosts and services. The core Nagios software package will typically be installed on a server or virtual server, the central Nagios server. Console server s op...

 Select Users & Groups from the Serial & Network menu.  Click Add User.  In Username , enter: sdtnagiosuser , then enter and confirm a Password.  In Accessible Hosts click the IP address/DNS name of the IIS server, and in Accessible Ports click the serial port that has the router console...

 When NRPE and NSCA are both enabled, NSCA is preferred method for communicating with the upstream Nagios server— check Prefer NRPE to use NRPE whenever possible (that is, for all communication except for alerts). 10.3.2 Enable NRPE monitoring Enabling NRPE allows you to execute plug-ins (such as c...

10.3.6 Configure the upstream Nagios monitoring host Refer to the Nagios documentation (http://www.nagios.org/docs/) for configuring the upstream server:  The section entitled Distributed Monitoring steps through what you need to do to configure NSCA on the upstream server (under Central Server Con...

Time No encryption 3DES SSH tunnel NSCA for single check ~ ½ second ~ ½ second ~ ½ second NSCA for 100 sequential checks 100 seconds 100 seconds 100 seconds NSCA for 10 sequential checks, batched upload 1 ½ seconds 2 seconds 1 second NSCA for 100 sequential checks, batched upload 7 seconds 11 second...

II. Remote site In this scenario, configure the console server NRPE server or NSCA client to actively check configured services and upload the checks to the Nagios server that’s waiting passively. You can also configure it to service NRPE commands to perform checks on demand. In this situation, the ...

Remote site with no network access In this scenario the console server allows dial-in access for the Nagios server. Periodically, the Nagios server will establish a connection to the console server and execute any NRPE commands, before dropping the connection. _______________________________________...

Chapter 11 System Management SYSTEM MANAGEMENT Introduction This chapter describes how the Administrator can perform a range of general console server system administration and configuration tasks such as:  Applying Soft and Hard Resets to the gateway.  Re-flashing the Firmware.  Configuring the ...

 Select the System: Date & Time menu option.  Manually set the Year , Month , Day , Hour and Minute using the Date and Time selection boxes, then click Set Time. The gateway can synchronize its system time with a remote time server using the Network Time Protocol (NTP). Configuring the NTP tim...

 To backup to the USB, enter a brief Description of the backup in the Local Configuration Backups menu and select Save Backup.  The Local Configuration Backup menu will display all the configuration backup files you have stored onto the USB flash.  To restore a backup from the USB simply select R...

11.5 Delayed Configuration Commit With Advanced Console Servers (LES1208A-R2, LES1216A-R2, LES1232A, LES1248A-R2), a Delayed Config Commit mode is available which allows the grouping or queuing of configuration changes and the simultaneous application of these changes to a specific device. For examp...

 Click Apply to run the systemsettings configurator The Commit Config button will no longer be displayed in the top right-hand corner of the screen and configurations will no longer be queued. 11.6 FIPS Mode The Advanced Console Servers (LES1208A-R2, LES1216A-R2, LES1232A, LES1248A-R2) all use an e...

Chapter 12 Status Reports STATUS REPORTS Introduction This chapter describes the dashboard feature and the status reports that are available:  Port Access and Active Users  Statistics  Support Reports  Syslog  Dashboard Other status reports that are covered elsewhere include:  UPS Status ( Cha...

 Select the Status: Statistics  You can find detailed statistics reports by selecting the various submenus. 12.3 Support Reports The Support Report provides useful status information that will assist the Black Box Technical Support team to solve any problems you may experience with your console se...

 Enter the remote Syslog Server Address and Syslog Server Port details and click Apply. The console maintains a local Syslog. To view the local Syslog file:  Select Status: Syslog To make it easier to find information in the local Syslog file, use the provided pattern matching filter tool.  Speci...

 Select System: Configure Dashboard and select the user (or group) you are configuring this custom dashboard layout for.  Click Next. Note: You can configure a custom dashboard for any admin user or for the admin group or you can reconfigure the default dashboard. The Status:Dashboard screen is th...

Note: The Alerts widget is a new screen that shows the current alerts status. When an alert gets triggered, a corresponding .XML file is created in /var/run/alerts/. The dashboard scans all these files and displays a summary status in the alerts widget. When an alert is deleted, the corresponding .X...

12.5.2 Creating custom widgets for the Dashboard T o run a custom script inside a dashboard widget: Create a file called " widget-<name>.sh " in the folder /etc/config/scripts/ where < name > can be anything. You can have as many custom dashboard files as you want. Inside this fi...

Chapter 13 Management MANAGEMENT Introduction The console server has a small number of Manage reports and tools that are available to both Administrator s and Users :  Access and control authorized devices.  View serial port logs and host logs for those devices.  Use SDT Connector or the Web term...

13.2 Port and Host Logs Administrators and Users can view logs of data transfers to connected devices.  Select Manage: Port Logs and the serial Port # to be displayed.  To display Host logs, select Manage: Host Logs and the Host to be displayed. 13.3 Serial Port Terminal Connection There are two m...

13.4 Power Management Administrators and Users can access and manage the connected power devices.  Select Manage: Power _____________________________________________________________________ 724-746-5500 | blackbox.com Page 212

Chapter 14 Command Line Configuration CONFIGURATION FROM THE COMMAND LINE Introduction For those who prefer to configure their console server at the Linux command line level (rather than use a browser and the Management Console), this chapter describes how to use command line access and the config t...

o If you are connecting over the LAN, then you will need to interconnect the Ethernet ports and direct your terminal emulator program to the IP address of the console server (192.168.0.1 by default).  Log on to the console server by pressing “return” a few times. The console server will request a u...

Note: The config command does not verify whether the nodes edited/added by the user are valid. This means that any node may be added to the tree. If a user runs the following command: # /bin/config -s config.fruit.apple=sweet The configurator will not complain, but this command is useless. When the ...

Console server mode The command to set the port in portmanager mode: # config -s config.ports.port5.mode=portmanager To set the following optional config elements for this mode: Data accumulation period 100 ms Escape character % (default is ~) log level 2 (default is 0) Shell power command menu Enab...

Terminal server mode Enable a TTY login for a local terminal attached to serial port 5: # config -s config.ports.port5.mode=terminal # config -s config.ports.port5.terminal=[vt220 | vt102 | vt100 | linux | ansi] The default terminal is vt220. Serial bridge mode Create a network connection to a remot...

14.3 Adding and Removing Users First, determine the total number of existing Users (if you have no existing Users you can assume this is 0): # config -g config.users.total This command should display config.users.total 1 . Note that if you see config.users.total this means you have 0 Users configure...

# config -s config.sdt.hosts.host5.users.user1=John # config -s config.sdt.hosts.host5.users.total=1 (total number of users having access to host) To give another user called “Peter” access to the same host: # config -s config.sdt.hosts.host5.users.user2=Peter # config -s config.sdt.hosts.host5.user...

Attention: The rmuser script is a generic script to remove any config element from config.xml correctly. However, any dependencies or references to this group will not be affected. Only the group details are deleted. The Administrator is responsible for going through config.xml and removing group de...

14.6 Network Hosts To determine the total number of currently configured hosts: # config -g config.sdt.hosts.total Assume this value is equal to 3. If you add another host, make sure you increment the total number of hosts from 3 to 4: # config -s config.sdt.hosts.total=4 If the output is config.sdt...

# config -s config.cascade.slaves.slave1.address=192.168.0.153 # config -s "config.cascade.slaves.slave1.description=CM in office 42" # config -s config.cascade.slaves.slave1.label=les1116-5 # config -s config.cascade.slaves.slave1.ports=16 The total number of slaves must also be incremented...

Make sure to increment the total monitors: # config -s config.ups.monitors.total=1 The five commands below will add the UPS to Managed devices. Assuming there are already two managed devices configured: # config -s "config.devices.device3.connections.connection1.name=My UPS" # config -s "...

Error Notice Warning Assume the remote log server needs a username 'name1' and password 'secret': # config -s config.eventlog.server.username=name1 # config -s config.eventlog.server.password=secret To set the remote path as '/Black Box/logs' to save logged data: # config -s config.eventlog.server.p...

# config -s config.alerts.alert2.signal=[ DSR | DCD | CTS ] # config -s config.alerts.alert2.type=signal Pattern Match Alert To trigger an alert if the regular expression '.*0.0% id' is found in serial port 10's character stream. # config -s "config.alerts.alert2.pattern=.*0.0% id" # config ...

# config -s config.alerts.alert2.enviro.high.critical=300 # config -s config.alerts.alert2.enviro.high.warning=280 # config -s config.alerts.alert2.enviro.hysteresis=20 # config -s config.alerts.alert2.enviro.low.critical=50 # config -s config.alerts.alert2.enviro.low.warning=70 # config -s config.a...

Chapter 15 Advanced Configuration ADVANCED CONFIGURATION Introduction Black Box console server s run the embedded Linux operating system. So Administrator class users can configure the console server and monitor and manage attached serial console and host devices from the command line using Linux co...

# dos2unix /etc/config/rc.local Another scenario would be to call another custom script from the /etc/config/rc.local file, making sure that your custom script will run whenever the system is booted. 15.1.2 Running custom scripts when alerts are triggered Whenever an alert gets triggered, specific s...

15.1.3 Example script - Power Cycling on Pattern Match For example, we have an RPC (PDU) connected to port 1 on a console server and also have some telecommunications device connected to port 2 (which is powered by the RPC outlet 3). Now assume the telecom device transmits a character stream "EM...

delete-node is a general script for deleting any node you desire (users, groups, hosts, UPSes, etc.) from the command line. The script deletes the specified node and shuffles the remainder of the node values. For example, if we have five users configured and we use the script to delete user 3, then ...

config -g $ROOTNODE.$LASTFIELDTEXT$((NUMBER+COUNTER)) \ | while read LINE do config -s \ "`echo "$LINE" | sed -e "s/$LASTFIELDTEXT$((NUMBER+ \ COUNTER))/$LASTFIELDTEXT$((NUMBER+COUNTER-1))/" \ -e 's/ /=/'`" done let COUNTER++ done # deleting last user config -d $ROOTNODE.$LAS...

15.1.7 Running custom scripts when a configurator is invoked A configurator is responsible for reading the values in /etc/config/config.xml and making the appropriate changes live. Some changes made by the configurators are part of the Linux configuration itself, such as user passwords or ipconfig ....

To save the configuration: # /etc/scripts/backup-usb save config-20May To check if the backup was saved correctly: # /etc/scripts/backup-usb list If this command does not display "* config-20May" then there was an error saving the configuration. The set-default command takes an input file as...

This will extract the contents of the previously created backup to /tmp , and then synchronize the /etc/config directory with the copy in /tmp . One problem that can crop up here is that there is not enough room in /tmp to extract files to. The following command will temporarily increase the size of...

- The portmanager will attempt to execute /etc/config/scripts/portXX.alert (where XX is the port number, e.g. 08) - The script is run with STDIN containing the data which triggered the alert, and STDOUT redirected to /dev/null, NOT to the serial port. If you want to communicate with the port, use pm...

system. - Rules are added which explicitly allow network traffic to access enabled services , for example, TTP, SNMP , etc. - Rules are added that explicitly allow traffic network traffic access to serial ports over enabled protocols e.g. Telnet, SSH and raw TCP. If the standard system firewall conf...

sysname Not defined (edit /etc/default/snmpd.conf) syslocation Not defined (edit /etc/default/snmpd.conf) Simply change the values of sysdescr, syscontact, sysname and syslocation to the desired settings and restart snmpd . The snmpd.conf provides is extremely powerful and too flexible to completely...

then the authorized_keys file will contain a copy of all of the public keys. RSA and DSA keys may be freely mixed in the authorized_keys file. For example, assume we already have one server, called bridge_server , and two sets of keys, for the control_room and the plant_entrance : $ ls /home/user/ke...

15.8.3 Installing the key and certificate We recommend that you use an SCP (Secure Copying Protocol) client to copy files securely to the console server unit. The scp utility is distributed with OpenSSH for most Unix distributions, while Windows users can use something like the PSCP command line uti...

15.9.1 The PowerMan tool PowerMan provides power management in a data center or compute cluster environment. It performs operations such as power on, power off, and power cycle via remote power controller (RPC) devices. Synopsis powerman [-option] [targets] pm [-option] [targets] Options -1, --on Po...

should not be confused with regular expression character classes (also denoted by ''[]''). For example, foo[19] does not represent foo1 or foo9, but rather represents a degenerate range: foo19. This range syntax is meant only as a convenience on clusters with a prefix NN naming convention and specif...

-A < authtype > Specify an authentication type to use during IPMIv1.5 lan session activation. Supported types are NONE, PASSWORD, MD5, or OEM. -c Present output in CSV (comma separated variable) format. This is not available with all commands. -C < ciphersuite > The remote server authent...

channels session Print session information exec Run list of commands from file set Set runtime variable for shell and exec ipmitool chassis help Chassis Commands: status, power, identify, policy, restart_cause, poh, bootdev ipmitool chassis power help chassis power Commands: status, on, off, cycle, ...

Appendix A Linux Commands & Source Code The console server platform is a dedicated Linux computer, optimized to provide monitoring and secure access to serial and network consoles of critical server systems and their supporting power and networking infrastructure. Black Box console server s are ...

sync * Flush file system buffers sysctl Configure kernel parameters at runtime syslogd System logging utility tar * The tar archiving utility tc Show traffic control settings tcpdump Dump traffic on a network telnetd Telnet protocol server tftp Client to transfer a file from/to tftp server tftpd Tri...

Appendix B Hardware Specifications FEATURE VALUE Dimensions LES1408A/16A/32A/48A, LES1308A/16A/32A/48A, LES1208A- R2/16A-R2/32A/48A-R2: 17 x 12 x 1.75 in (43.2 x 31.3. x 4.5 cm) LES1116A/32A/48A: 17 x 8.5 x 1.75 in (43.2 x 21x 4.5 cm) LES1108A: 8.2 x 4.9 x 1.2 in (20.8 x 12.6 x 4.5 cm) Weight LES140...

Appendix C Safety & Certifications Please take care to follow the safety precautions below when installing and operating the console server : - Do not remove the metal covers. There are no operator serviceable components inside. Opening or removing the cover may expose you to dangerous voltage w...

Appendix F End User License Agreement READ BEFORE USING THE ACCOMPANYING SOFTWARE YOU SHOULD CAREFULLY READ THE FOLLOWING TERMS AND CONDITIONS BEFORE USING THE ACCOMPANYING SOFTWARE, THE USE OF WHICH IS LICENSED FOR USE ONLY AS SET FORTH BELOW. IF YOU DO NOT AGREE TO THE TERMS AND CONDITIONS OF THIS...

Sale of Goods is hereby excluded in its entirety and does not apply to this EULA. If you acquired this Software in a country outside of the United States, that country’s laws may apply. In any action or suit to enforce any right or remedy under this EULA or to interpret any provision of this EULA, t...

2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. The names of the authors may not be used to endorse or promote products derived from this s...

724-746-5500 | blackbox.com About Black Box Black Box Network Services is your source for an extensive range of networking and infrastructure products. You’ll find everything from cabinets and racks and power and surge protection products to media converters and Ethernet switches all supported by fr...