Casio ACS V6000- Manuals

Page 4 - T A B L E O F C O N T E N T S; Introduction

T A B L E O F C O N T E N T S Introduction 1 Features and Benefits 1 Access options 1 Web Manager 2 IPv4 and IPv6 support 2 Flexible users and groups 2 Security 3 Authentication 3 VPN based on IPSec with NAT traversal 3 Packet filtering 3 SNMP 3 Data logging, notifications, alarms and data buffe...

Page 5 - ACS v6000 Installation/Administration/User Guide

Settings 22 Devices 22 IPv4 and IPv6 static routes 22 Hosts 23 Firewall 23 IPSec(VPN) 25 SNMP Configuration 27 Ports 28 Serial ports 28 CAS Profile 32 Authentication 35 Appliance authentication 36 Authentication servers 36 Users Accounts and User Groups 38 Local accounts 39 User groups 40 Event Noti...

Page 6 - Features and Benefits; Access options; Secure access is available through the following options:

Introduction 1 1 The Avocent ACS v6000 virtual advanced console server serves as a single point for access andadministration of connected virtual machines. Virtual console servers support secure remote datacenter management and out-of-band management of IT assets from any location worldwide. Multipl...

Page 7 - Web Manager; Accessing a Virtual Console Server via the Web; IPv4 and IPv6 support; admin

Web Manager Users and administrators can perform most tasks through the web manager (accessed with HTTPor HTTPS). The web manager runs in the Microsoft ® Internet Explorer ® 6.0 and 7.0 internet browser, and the Mozilla ® Firefox ® 2 and 3 internet browser on any supported computer that has network ...

Page 8 - Security; Security profiles; Authentication; Chapter 1: Introduction

administrator can assign to custom user groups. For more information, see Users Accounts and User Groups on page 38. Security Security profiles determine which network services are enabled on the virtual console server.Administrators can either allow all users to access enabled ports or allow the co...

Page 10 - Installation; ACS v6000 virtual console server requirem ents; To create the virtual machine using the vSphere client:

Installation 2 5 ACS v6000 virtual console server requirem ents The virtual console server runs as a virtual machine and it requires a VMware ® ESX ® or ESXi ® server running version 4.1 and one vCenter server. A client PC running the VMwareinfrastructure client software (vSphere ® ) is also necess...

Page 11 - To install the virtual console server onto the virtual machine:; Enter

7. In the Number of NICs field, type 1 . Confirm the network is VM Network and the adaptor is Flexible, then click Next . 8. Confirm the Disk Size is 2 GB, then click Next . 9. Click Finish to complete the configuration of the virtual console server on the ESX or ESXi server. 10. In the Side Navigat...

Page 12 - ACSID; Using Telnet or SSH

3. Click Edit Virtual Machine Settings from the Getting Started tab. 4. Click Add , click Serial Port and then click Next. 5. Click Connect Via Network in the Select Port Type field, then click Next . 6. Click Project . In the Port URI field, enter the serial port on the virtual console server the ...

Page 13 - To use Telnet to connect to a device through a serial port:; hostname; To close a Telnet session:; quit; To use SSH to connect to a device through a serial port:

To use Telnet to connect to a device through a serial port: For this procedure, you need the username configured to access the serial port, the port name(for example, 14-35-60-p-1), device name (for example, ttyS1), TCP port alias (for example,7001) or IP port alias (for example, 100.0.0.100) and th...

Page 14 - To close an SSH session:; . Or, enter the text session hotkey for the CLI prompt and then enter

-or- ssh -l username:TCP_Port_Alias [ hostname | IP_address] -or- ssh -l username IP_Port_Alias To close an SSH session: At the beginning of a line, enter the hotkey defined for the SSH client followed by a period.The default is ~ . Or, enter the text session hotkey for the CLI prompt and then enter...

Page 16 - W eb M anager O verview for Adm inistrators; To log into the web manager:; Log in as either

Accessing a Virtual Console Servervia the Web Manager 3 11 Once you’ve connected your ACS v6000 virtual console server to a network, you can access thevirtual console server via the web manager. The web manager provides direct access to the virtualconsole server via a graphical user interface instea...

Page 17 - W izard M ode

Figure 3.1: Administrator Web Manager Screen Number Description 1 Top option bar. The name of the appliance and of the logged in user appear onthe left side. Refresh, Print, Logout and Help buttons appear on the right. 2 Tab bar. Displays whether the admin is in Expert or Wizard mode. 3 Side Navigat...

Page 18 - To configure security parameters and select a Security Profile:; Select the

CAS Profile and set the Security Profile, Network, Users Settings and add licenses using theWizard. By default, the first time an administrator accesses the virtual console server through the WebManager, the Wizard will be displayed. Subsequent log-ins will open in Expert mode, and oncethe virtual c...

Page 20 - To configure users and change the default user passwords:; Expert M ode; To view and connect to devices using the web manager:

5. Click Next to configure users or click on the Network , Security, License or Users link to open the appropriate screen. To configure users and change the default user passwords: WARNING: For security reasons, it is recommended you change the default password for both root and admin users. 1. Sele...

Page 21 - System Tools; System

is authorized to access. 2. Select Serial Viewer from the Action column. A Java applet viewer appears. In a gray area at the top of the viewer, the Connected to message shows the IP address of the virtual console server followed by the default port number or alias. 3. Log in if prompted. The followi...

Page 22 - To configure the Security Profile:; To configure DSView 3 software security settings:

• Allow all users to access enabled ports or allow the configuration of group authorizationsto restrict access • Enable or disable BootP Configuration Retrieval and/or Live Configuration Retrieval • Select a Security Profile, which defines: • Enabled services (FTP, ICMP, IPSec and Telnet) • SSH and ...

Page 23 - Date and Time; To set the time and date using NTP:; Help and Language

Date and Time The virtual console server provides two options for setting the date and time. It can retrieve thedate and time from a network time protocol (NTP) server or you can set the date and timemanually so that the virtual console server’s internal clock is used to provide time and dateinforma...

Page 24 - Online help; Information; VM Serial Ports; To add an association by Virtual Machine ID:

web server in the Online Help URL field. Click Save . Online help When the online help feature is configured for your virtual console server, clicking the Help button from any form on the web manager opens a new window and redirects its content to theconfigured path for the online help product docum...

Page 26 - Save; To power control targets using the web manager:; Access; License; Add; Netw ork; Network

NOTE: Without the configuration of vCenter, the configuration of associations via the virtual console server and the power action of targets via the virtual console server will not be available. The password will be encrypted andstored in the appliance. The virtual console server will be registered ...

Page 27 - To configure a network device:; IPv4 and IPv6 static routes; To add static routes:

Settings Click Network - Settings to make changes to the configured network settings. Devices An administrator can select, enable and configure the IP addresses assigned to the networkinterfaces and view the MAC address. To configure a network device: 1. Select Network - Devices . The Devices screen...

Page 28 - Configuring the firewall

4. Enter the IP address of the gateway in the Gateway field. 5. Enter the number of hops to the destination in the Metric field, then click Save. Hosts An administrator can configure a table of host names, IP addresses and host aliases for the localnetwork. To add a host: 1. Select Network - Hosts ....

Page 29 - Protocol options

If LOG is selected from the Target pull-down menu, the administrator can configure a Log Level, a Log Prefix and whether the TCP sequence, TCP options and IP options are logged inthe Log Options Section. If REJECT is selected from the Target pull-down menu, the administrator can select an option fro...

Page 30 - To change the policy for a default chain:

NOTE: Spaces are not allowed in the chain name. 6. Add one or more rules to complete the chain configuration. To change the policy for a default chain: NOTE: User-defined chains cannot be edited. To rename a user-added chain, delete it and create a new one. 1. Select Network - Firewall . 2. Select e...

Page 32 - SNM P Configuration

Field Name Definition Remote (Right) Side - and - Local(Left) Side Enter the required address or text for each of the four fields for both RemoteSide and Local Side: ID: This is the hostname that a local system and aremote system use for IPSec negotiation and authentication. It can be a fullyqualifi...

Page 33 - Ports; Serial ports; To enable or disable one or more serial ports:

6. If the required SNMP version is v1 or v2, click the Version v1, v2 button, then enter the source (valid entry is the subnet address). -or- If the required SNMP version is v1 or v2 using an IPv6 network, click the Version v1,v2 for IPv6 network button, then enter the source (valid entry is the sub...

Page 36 - Chapter 3: Accessing a Virtual Console Server via the Web Manager

Parameter Description DTR Off Interval Interval in seconds used by DTR Mode Off Interval in milliseconds.Default: 100. Line Feed Suppression Enables the suppression of the LF character after the CR character.Default: Disabled. Null After CRSuppression Enables the suppression of the NULL character af...

Page 37 - To copy/clone the configuration of one port to other ports:; To reset one or more serial ports to their factory configuration:; Select; CAS Profile; Auto discovery

To copy/clone the configuration of one port to other ports: 1. Select Ports - Serial Ports . 2. Click the checkbox for the serial port you want to clone. 3. Click the Clone button. 4. Enter the serial port(s) to be configured in the Copy Configuration To field and click Save . NOTE: If the selected ...

Page 38 - hsagdfjhagfxxxTARGETyyyyyy à resulting: TARGET; To configure the strings for probe/match used by auto discovery:

The match strings are regular expressions where “%H” is a placeholder for the target name youwant to detect, such as: “ \\(.*\\)(%H)\\(.*\\)” or just “xxx%Hyyy”. The first one will extract target name from things such as: nanana(myTarget): à results: myTarget jhdsgjhas(tg2)kjafja à results: tg2 But ...

Page 39 - Pool of CAS ports; To configure a pool of CAS ports:

To delete an auto input and output string, select the checkbox next to the string youwant to delete. Click Delete , then click Save . Pool of CAS ports An administrator can create a pool of serial ports where each serial port in the pool shares apool name, TCP Port Alias, IPv4 Alias and IPv6 Alias. ...

Page 40 - Fallback mechanisms of the following types are available:

Parameter Description Pool Name The name of the pool. The pool name is mandatory and should follow hostnameguidelines, not exceed 64 characters and start with a letter. TCP PortAlias The TCP Port Alias where the pool responds. This parameter is optional. Pool IPv4Alias The IPv4 address used by the p...

Page 41 - Appliance authentication; To set authentication for the console server:; Authentication - Appliance Authentication.; Authentication servers; To configure a RADIUS authentication server:; Authentication - Authentication Servers - RADIUS

authentication method that is configured for the virtual console server or the ports is used forauthentication of any user who attempts to log in through Telnet, SSH or the web manager. Appliance authentication The virtual console server authenticates for the virtual console server and the ports, ei...

Page 42 - To configure a TACACS+ authentication server:; Enable User-Level attribute to specify the authorization group

4. Enter your secret word or passphrase in the Secret field (applies to both first and secondauthentication and accounting servers), then re-enter the secret word or passphrase in theConfirm Secret field. 5. Enter the desired number of seconds for server time-out in the Timeout field. 6. Enter the d...

Page 43 - To configure a Kerberos authentication server:; To configure an NIS authentication server:; broadcast; To configure a DSView authentication server:; Users Accounts and User G roups

6. Enter your Database Password, then re-type the database password in the Confirm Passwordfield. 7. Enter your desired Login Attributes. 8. Click Save . To configure a Kerberos authentication server: 1. Select Authentication - Authentication Servers - Kerberos. 2. Enter the IP address (Realm) of th...

Page 44 - Local accounts; avocent

Local accounts The admin and root are equivalent users but named differently to address users familiar witheither Avocent or Cyclades™ appliances. Regular users can be granted permissions byadministrators at any time. The virtual console server has three user account types: • admin: Performs the ini...

Page 45 - To configure password rules:; Check Password Complexity; User groups; admin group

• Warning Days: Enter the number of days that a warning is issued to the user prior toexpiration. Entering 0 will cause the warning to be issued on the expiration day. A negative value or no value means that no warning will be issued. 7. Enter the desired Account Expiration date ( YYYY-MM-DD ). 8. C...

Page 46 - To view admin Appliance Access Rights:; Access Rights - Appliance

configure ports and add users. NOTE: The only configuration allowed for the admin group is adding or deleting members. To view admin Appliance Access Rights: 1. Click Users - Authorization - Groups . The Group Names screen is displayed, showing the three default user groups along with any groups tha...

Page 47 - To add members to a user group:

appliance-admin group Members of the appliance-admin group have access restricted to tasks for managing only theappliance. Appliance-admin user group members have no access to the serial ports, and share allof the appliance access rights as admin except for Configure User Accounts and Shell Access,w...

Page 49 - To add access to serial ports for a user group:

Command Description -i6 Displays local IPv6 assigned to the serial port -u <name> Username to be used in the target session -e <[^]char> Escape character used to close the target session. Default value: Ctrl-X -l Sorted lists ports and exit -ro Read-Only mode <portname> Connect dir...

Page 50 - To configure a group in a TACACS+ authentication server:; On the server, add raccess service to the user configuration.; To configure a group in a RADIUS authentication server:; Then, configure the user special with the following attribute:

To configure a group in a TACACS+ authentication server: 1. On the server, add raccess service to the user configuration. 2. Define which group(s) the user belongs to in the raccess service following this syntax: group_name = <Group1>[,<Group2,...,GroupN>]; For example: In the virtual co...

Page 51 - To configure group an LDAP authentication server:; Event Notifications; Event List; Events and Logs - Events; Event Destinations; To configure Event Destinations:; Event and Logs - Event Destinations

During the authentication phase, the console server will receive the attribute FramedFIlterIDfrom the RADIUS server. The user regina belongs to authorization group RADIUS_1 andRADIUS_2. and the user special belongs to authorization group admin. To configure group an LDAP authentication server: On th...

Page 52 - Data Buffering; To configure Data Buffering:

3. Select Remote Server - IPv4 to enable syslog messages to be sent to one or more remote IPv4 syslog servers, and enter the IPv4 Address or Hostname . Separate multiple server addresses by commas. -or- Select Remote Server - IPv6 to enable syslog messages to be sent to one or more remote IPv6 syslo...

Page 53 - Appliance Logging; To configure Appliance Logging:; Active Sessions; To kill an active session:; M onitoring

4. To configure data buffer storage on a syslog server in the Syslog Data Buffering Settingssection; select a facility number from the drop-down menu: Log Local 0, Log Local 1, LogLocal 2, Log Local 3, Log Local 4 or Log Local 5. 5. Click Save . Appliance Logging To configure Appliance Logging: 1. C...

Page 54 - Change Passw ord; An admin or user can change their password from this screen.; To change your own password:; W eb M anager O verview for Regular Users

Screen Name Definition Network - Devices Shows Ethernet ports and PC card Device Name, Status (enabled/disabled),IPv4 Address, IPv4 Mask and IPv6 Address. Network - IPv4 Routing Table Shows Destination, Gateway, Genmask, Flags, Metric, Ref, Use and lface. Network - IPv6 Routing Table Shows Destinati...

Page 56 - Appendix A: BootP Configuration Retrieval; A P P E N D I C E S

51 Appendix A: BootP Configuration Retrieval The BootP Configuration Retrieval option allows the entire unit configuration to be retrievedover BootP/TFTP during boot and during DHCP renewal. There are two ways to push a configuration during a DHCP request/renewal. The configurationcan be sent as fil...

Page 57 - Appendix B: Technical Support; Search the knowledge base or use the online service request

Appendix B: Technical Support Our Technical Support staff is ready to assist you with any installation or operational issuesyou encounter with your Avocent product. If an issue should develop, follow the steps belowfor the fastest possible service. To resolve an issue: 1. Check the pertinent section...

Page 58 - For Technical Support:

590-1034-501B For Technical Support: www.avocent.com/support