Black Box ACS120 Guia do Utilizador

BLACK BOX®Advanced Console ServerVersion 2.1.4 Revision 1a - User Guide

Table of Contents10 BLACK BOX ® Advanced Console ServerAppendix H- Web User ManagementIntroduction . . . . . . . . . . . . .

Authentication100 BLACK BOX ® Advanced Console ServerAuthenticationAuthentication is the process of identifying an individual, usually based on a user

Chapter 3 - Additional FeaturesUser Guide 101all.authtype (cont.)• kerberos (authentication is performed using a kerberos server. The IP address and o

Authentication102 BLACK BOX ® Advanced Console ServerConfiguration for CAS, TS, and Dial-in Accessvi MethodThe parameters described above must be chan

Chapter 3 - Additional FeaturesUser Guide 103Step 3: Click the Submit button.At this point, the configuration file is written in the RAMdisk.Step 4:

Authentication104 BLACK BOX ® Advanced Console ServerWizard MethodStep 1: Bring up the wizard.At the command prompt, type the following to bring up t

Chapter 3 - Additional FeaturesUser Guide 105Screen 2:********************************************************************CONFIGURATION WIZARD********

Authentication106 BLACK BOX ® Advanced Console ServerALL.AUTHHOST1 - This IP address indicates where theRadius or TacacsPlus authentication server is

Chapter 3 - Additional FeaturesUser Guide 107Screen 5:********************************************************************CONFIGURATION WIZARD********

Authentication108 BLACK BOX ® Advanced Console ServerScreen 7:********************************************************************CONFIGURATION WIZARD

Chapter 3 - Additional FeaturesUser Guide 109Typing 'c' leads to Screen 8, typing 'q' leads to Screen 9. Screen 8:***************

Table of ContentsUser Guide 11Appendix K - Wiz Application ParametersBasic Parameters (wiz). . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Authentication110 BLACK BOX ® Advanced Console ServerScreen 10:********************************************************************CONFIGURATION WIZAR

Chapter 3 - Additional FeaturesUser Guide 111To configure authhost2: config configure line <serial port number> authhost2<string>To config

Authentication112 BLACK BOX ® Advanced Console ServerNIS ClientNIS (Network Information System) provides simple and generic client-server database acc

Chapter 3 - Additional FeaturesUser Guide 113You will need to configure the NIS server.Command : vi /etc/yp.confExample : NIS server has IP address 19

Authentication114 BLACK BOX ® Advanced Console Servernsswitch.conf file formatThe /etc/nsswitch.conf file has the following format:<database> :

Chapter 3 - Additional FeaturesUser Guide 115shadow: nis [UNAVAIL=continue TRYAGAIN=continue] files group: nis [UNAVAIL=continue TRYAGAIN=continue] fi

CAS Port Pool116 BLACK BOX ® Advanced Console Serverserial port from the pool and that port will be assigned to connection. If there is no serial port

Chapter 3 - Additional FeaturesUser Guide 117s4.tty ttyS4s4.protocol socket_sshs4.socket_port 7004 // TCP port # for specific allocations4.pool_socket

Clustering118 BLACK BOX ® Advanced Console ServerClusteringClustering is available for the BLACK BOX ® Advanced Console Server 2.1.0 and up allows the

Chapter 3 - Additional FeaturesUser Guide 119Parameters Involved and Passed ValuesThe Master BLACK BOX ® Advanced Console Server must contain referenc

Table of Contents12 BLACK BOX ® Advanced Console ServerThis page has been left intentionally blank.

Clustering120 BLACK BOX ® Advanced Console Servers33.ipno This parameter must be created in the Master BLACK BOX ® Advanced Console Server file for ev

Chapter 3 - Additional FeaturesUser Guide 121The Slave BLACK BOX ® Advanced Console Servers do not need to know they are being accessed through the Ma

Clustering122 BLACK BOX ® Advanced Console ServerTo access ports from the remote management workstation, use telnet with the secondary IP address:teln

Chapter 3 - Additional FeaturesUser Guide 123one central server. This file, in our example shown in Figure 17: Example of Centralized Man-agement, is

Clustering124 BLACK BOX ® Advanced Console Serverconf.include /etc/portslave/TScommon.confFor the /etc/hostname file in unit 3:unit3For the plsave.con

Chapter 3 - Additional FeaturesUser Guide 125Step 3: Create, save, and download the common configuration.Create and save the common configuration fil

Clustering126 BLACK BOX ® Advanced Console ServerNew Parameters and CommandsA new parameter, conf.nat_clustering_ip allows you to enable or disable th

Chapter 3 - Additional FeaturesUser Guide 127iptables -t nat -F post_nat_clusteriptables -t nat -F pre_nat_clusteriptables -t nat -X pre_nat_clusterip

Clustering128 BLACK BOX ® Advanced Console ServerHow it worksThe Master box (BLACK BOX ® Advanced Console Server) will perform two translation for eac

Chapter 3 - Additional FeaturesUser Guide 129ssh -l <username1> <slave1_port1_ip>ssh -l <username2> <slave2_port1_ip>General C

PrefaceUser Guide 13PrefacePurposeThe purpose of this guide is to provide instruction for users to independently install, config-ure, and maintain the

Clustering130 BLACK BOX ® Advanced Console Server#conf.eth_ip 64.186.161.108conf.eth_mask 255.255.255.0conf.eth_mtu 1500## Secondary ethernet IP addre

Chapter 3 - Additional FeaturesUser Guide 131# Remote CAS serial ports, slave-2 (32 socket_server ports)#s65.tty 192.168.170.3:7101s66.tty 192.168.170

Clustering132 BLACK BOX ® Advanced Console ServerSlave-2 box Configuration## Primary ethernet IP address#conf.eth_ip 192.168.170.3conf.eth_mask 255.25

Chapter 3 - Additional FeaturesUser Guide 133Example of starting CAS session commandsThe serverfarm, socket_port, or tty must be provided to select wh

CronD134 BLACK BOX ® Advanced Console ServerCronDCronD is a service provided by the BLACK BOX ® Advanced Console Server system that allows automatic,

Chapter 3 - Additional FeaturesUser Guide 135Configuration for CAS, TS, and Dial-in Accessvi MethodThe files Crontab and shell script are created and

CronD136 BLACK BOX ® Advanced Console ServerStep 2: Log in as root and type the Web root password configured by the Web server.This will take you to

Chapter 3 - Additional FeaturesUser Guide 137Data BufferingIntroductionData buffering can be done in local files or in remote files through NFS. When

Data Buffering138 BLACK BOX ® Advanced Console ServerLinear vs. Circular BufferingFor local data buffering, this parameter allow users to buffer data

Chapter 3 - Additional FeaturesUser Guide 139conf.nfs_data_buffering This is the Remote Network File System where data cap-tured from the serial port

Preface14 BLACK BOX ® Advanced Console ServerEach configuration task will be separated into a section (a clickable link on the PDF file) for each user

Data Buffering140 BLACK BOX ® Advanced Console ServerConfiguration for CASvi MethodFiles to be modified:• pslave.conf • syslog-ng.confall.syslog_sess

Chapter 3 - Additional FeaturesUser Guide 141Browser MethodTo configure Data Buffering with your browser:Step 1: Point your browser to the Console Se

Data Buffering142 BLACK BOX ® Advanced Console ServerStep 6: Click the Submit button.Step 7: Select the General link.Click on the General link on th

Chapter 3 - Additional FeaturesUser Guide 143Screen 1:********************************************************************CONFIGURATIONWIZARD*********

Data Buffering144 BLACK BOX ® Advanced Console ServerScreen 3: ********************************************************************CONFIGURATION WIZAR

Chapter 3 - Additional FeaturesUser Guide 145ALL.DONT_SHOW_DBMENU - When 0, a menu with databuffering options is shown when a non-empty databuffering

Data Buffering146 BLACK BOX ® Advanced Console ServerSyslog Buffering Feature' section under Generating Alarmsin Chapter 3 of the system's m

Chapter 3 - Additional FeaturesUser Guide 147If you type 'n'Type 'c' to go back and CORRECT these parameters or 'q' toQU

Data Buffering148 BLACK BOX ® Advanced Console ServerScreen 9:********************************************************************CONFIGURATION WIZARD

Chapter 3 - Additional FeaturesUser Guide 149Do you want to save your configurations to flash? (y/n) [n] :CLI MethodTo configure certain parameters fo

PrefaceUser Guide 15• Appendix H- Web User Management covers default and optional configuration, and the addition/deletion of users, groups, and acces

DHCP150 BLACK BOX ® Advanced Console ServerStep 2: Activate and Save.To activate your new configurations and save them to flash, type:config write(Th

Chapter 3 - Additional FeaturesUser Guide 151• Comment all other parameters related to the Ethernet Interface (conf.eth_ip, etc.).• Add the necessary

DHCP152 BLACK BOX ® Advanced Console ServerThe options available that can be used on this command line are:Configuration for CAS, TS, and Dial-in Acce

Chapter 3 - Additional FeaturesUser Guide 153Step 2: Log in as root and type the Web root password configured by the Web server.This will take you to

Dual Power Management154 BLACK BOX ® Advanced Console ServerDual Power ManagementThe BLACK BOX ® Advanced Console Server comes with two power supplies

Chapter 3 - Additional FeaturesUser Guide 155Configuration for TSvi MethodSame as for CAS.Configuration for Dial-in Accessvi MethodSame as for CAS.

Filters and Network Address Translation156 BLACK BOX ® Advanced Console ServerFilters and Network Address TranslationThe Filter feature is available f

Chapter 3 - Additional FeaturesUser Guide 157called when a rule which is matched by the packet points to the chain. Each table has a par-ticular set o

Filters and Network Address Translation158 BLACK BOX ® Advanced Console ServerCommandOnly one command can be specified on the command line unless othe

Chapter 3 - Additional FeaturesUser Guide 159-Z- - zeroZero the packet and byte counters in all chains. It is legal to specify the -L, --list (list)

Preface16 BLACK BOX ® Advanced Console ServerGlossary EntriesTerms that can be found in the glossary are underlined and slightly larger than the rest

Filters and Network Address Translation160 BLACK BOX ® Advanced Console ServerRule Specification OptionsThe following additional options can be specif

Chapter 3 - Additional FeaturesUser Guide 161Match Extensions-i - -in-interface[!][name]Optional name of an interface via which a packet is received (

Filters and Network Address Translation162 BLACK BOX ® Advanced Console ServerIptables can use extended packet matching modules. These are loaded in t

Chapter 3 - Additional FeaturesUser Guide 163UDP ExtensionThese extensions are loaded if the protocol udp is specified or “-m udp” is specified. It pr

Filters and Network Address Translation164 BLACK BOX ® Advanced Console ServerTarget ExtensionsIptables can use extended target modules. The following

Chapter 3 - Additional FeaturesUser Guide 165DNAT (nat table only)This target is only valid in the nat table, in the PREROUTING and OUTPUT chains, and

Filters and Network Address Translation166 BLACK BOX ® Advanced Console Serversend the packet to the machine itself (locally-generated packets are map

Chapter 3 - Additional FeaturesUser Guide 167Step 3: Select the IPTables link.On the Configuration section of this page, select the IPTables link. Th

Filters and Network Address Translation168 BLACK BOX ® Advanced Console ServerStep 5: Edit the chain listIf the user needs to define new chains, writ

Chapter 3 - Additional FeaturesUser Guide 169Figure 25: IP Tables Append Rule (table: filter, chain: INPUT)Note: For many parameters, there is a che

PrefaceUser Guide 17Example: ls [OPTION]... [FILE]...PipesThe pipe (|) indicates that one of the words separated by this character should be used in t

Filters and Network Address Translation170 BLACK BOX ® Advanced Console ServerStep 8: Configure the rule and click the Submit button. If there is an

Chapter 3 - Additional FeaturesUser Guide 171Step 11: Click on the link [IP Tables] if the nat table must be edited.Select the nat table and click on

Generating Alarms172 BLACK BOX ® Advanced Console ServerGenerating Alarms This feature helps the administrator to manage the servers. It filters the m

Chapter 3 - Additional FeaturesUser Guide 173Step 3: Select the General link. Click on the General link on the Link Panel to the left of the page in

Generating Alarms174 BLACK BOX ® Advanced Console ServerWizard MethodThe Alarm Generation custom wizard configures the ALL.ALARM parameter.Step 1: Br

Chapter 3 - Additional FeaturesUser Guide 175Screen 2:********************************************************************CONFIGURATION WIZARD********

Generating Alarms176 BLACK BOX ® Advanced Console ServerScreen 4:********************************************************************CONFIGURATION WIZ

Chapter 3 - Additional FeaturesUser Guide 177Screen 5:********************************************************************CONFIGURATION WIZARD********

Generating Alarms178 BLACK BOX ® Advanced Console ServerScreen 7:********************************************************************CONFIGURATION WIZ

Chapter 3 - Additional FeaturesUser Guide 179Step 2: Activate and Save.To activate your new configurations and save them to flash, type:config write(

Preface18 BLACK BOX ® Advanced Console ServerNote Box IconsNote boxes contain instructional or cautionary information that the reader especially needs

Generating Alarms180 BLACK BOX ® Advanced Console Server# of this unit and the message that was received from thesource.destination d_mail1 {pipe(&quo

Chapter 3 - Additional FeaturesUser Guide 181log { source(sysl); filter(f_kpanic); destination(d_mail1);destination(d_trap); };# To send e-mail and pa

Generating Alarms182 BLACK BOX ® Advanced Console Serverlog (source(sysl); filter(f_kpanic); destination(d_pager);};To send e-mail: destination d_mail

Chapter 3 - Additional FeaturesUser Guide 183Synopsis:sendmail -t <name>[,<name>] [-c <name> [,<name>]] [-b <name>[,<

Generating Alarms184 BLACK BOX ® Advanced Console ServerSendsmsThe sendsms is the Linux command line client for the SMSLink project. It accepts comman

Chapter 3 - Additional FeaturesUser Guide 185-d dest (cont.) If there are any doubts, please contact the SMS server administrator for your network. Pl

Generating Alarms186 BLACK BOX ® Advanced Console ServerCOPYRIGHT: SMSLink is (c) Les Ateliers du Heron, 1998 by Philippe Andersson.Example to send a

Chapter 3 - Additional FeaturesUser Guide 187where: If the network entity has an error processing the request packet, an error packet will be returned

Help188 BLACK BOX ® Advanced Console ServerHelpHelp Wizard InformationSynopsis: wiz [--OPTIONS] [--port <port number>]Note: To directly configu

Chapter 3 - Additional FeaturesUser Guide 189Step 1: Bring up the wizard.At the command prompt, type the following to bring up the Help custom wizard

Introduction and OverviewUser Guide 19Chapter 1 - Introduction and OverviewThe BLACK BOX® Advanced Console ServerThe BLACK BOX ® Advanced Console Serv

Help190 BLACK BOX ® Advanced Console ServerTable 11: Help CLI Options - Synopsis 1Option Actual Parameter Modifiedaccthost1 <string> accthost1ac

Chapter 3 - Additional FeaturesUser Guide 191ipno <string> ipnoissue <string> issuelf <number> lf_suppressmodbus <string> modb

Help192 BLACK BOX ® Advanced Console Server(Refer to Appendix C for more info on the parameters.)Synopsis 2 - Configuration of Network-related Paramet

Chapter 3 - Additional FeaturesUser Guide 193(Refer to Appendix C for more info on the parameters.)Synopsis 3 - Configuration of other Conf. Parameter

Help194 BLACK BOX ® Advanced Console ServerRequesting Help for the CLIThere are two methods for requesting help for the CLI: • To obtain general help

Chapter 3 - Additional FeaturesUser Guide 195NTPThe ntpclient is a Network Time Protocol (RFC-1305) client for UNIX- and Linux-based com-puters. In or

NTP196 BLACK BOX ® Advanced Console ServerConfiguration for CAS, TS, and Dial-in Accessvi MethodFiles to be changed: /etc/ntpclient.confBrowser Method

Chapter 3 - Additional FeaturesUser Guide 197PCMCIASupported CardsThe BLACK BOX ® Advanced Console Server supports the 16-bit PC Cards. The 32-bit Car

PCMCIA198 BLACK BOX ® Advanced Console Servercardclt eject 1 for the upper slotPCMCIA Network ConfigurationThe onboard Ethernet device has the eth0 na

Chapter 3 - Additional FeaturesUser Guide 199Remove the # in the beginning of the line, and change the IPs to suit your network configura-tion. For in

BLACK BOX® Advanced Console Server User Guide Version 2.1.4 Revision 1a September, 2003Copyright © Black Box Corporation, 2003We believe the informati

Introduction and Overview20 BLACK BOX ® Advanced Console ServerWhat’s in the boxThere are several models of the BLACK BOX ® Advanced Console Server. B

PCMCIA200 BLACK BOX ® Advanced Console ServerThere is a generic sample in the end of the wireless.opts file that explains all possible settings. For m

Chapter 3 - Additional FeaturesUser Guide 201When a modem card is detected, cardmgr starts a script which loads mgetty for the modem device automatica

PCMCIA202 BLACK BOX ® Advanced Console ServerStep 6: Save /etc/ppp/options.ttyS33 in flash. Step 7: Create an entry in /etc/config_files. It should

Chapter 3 - Additional FeaturesUser Guide 203Server Side BLACK BOX ® Advanced Console Server SetupStep 1: Enable authentication.Enable the desired au

PCMCIA204 BLACK BOX ® Advanced Console ServerStep B: If you want to limit myUserName to getting ONLY PPP access and NOT shell access to the server, ed

Chapter 3 - Additional FeaturesUser Guide 205Client Side SetupStep 1: Activate Show Terminal Window option.(From Win2000) Go to your Connection windo

PCMCIA206 BLACK BOX ® Advanced Console Server• Log in through character mode: Log in with username and password. You will get the BLACK BOX ® Advanced

Chapter 3 - Additional FeaturesUser Guide 207/etc/pcmcia/isdn stop ippp0/etc/pcmcia/isdn start ippp0Step 6: You can dial from the remote system to th

PCMCIA208 BLACK BOX ® Advanced Console ServerStep 7: To hangup the connection from the BLACK BOX ® Advanced Console Server side, just issue:isdnctrl

Chapter 3 - Additional FeaturesUser Guide 209Step 4: Make sure the CALLBACK is set to “in” in /etc/pcmcia/isdn.opts.CALLBACK="in" # "

Introduction and OverviewUser Guide 21Figure 3: The BLACK BOX ® Advanced Console Server 32-Port, its cables, connectors and other box contentsNote:

PCMCIA210 BLACK BOX ® Advanced Console Server“mary” Properties, select the Callback tab and make sure the option “Do not allow callback” is selected.

Chapter 3 - Additional FeaturesUser Guide 211Step 1.2: Configure the DIALIN_REMOTENUMBER.If your ISDN line supports caller id, it is recommended that

PCMCIA212 BLACK BOX ® Advanced Console ServersaveconfStep 6: Activate the changes by stopping and starting the isdn script:/etc/pcmcia/isdn stop ippp

Chapter 3 - Additional FeaturesUser Guide 213Ports Configured as Terminal ServersThere are TS-specific parameters that are required to be configured w

Ports Configured as Terminal Servers214 BLACK BOX ® Advanced Console ServerPress ENTER to continue...Screen 2:****************************************

Chapter 3 - Additional FeaturesUser Guide 215placing a '!' before users' login name, then using theirnormal password. This is useful if

Ports Configured as Terminal Servers216 BLACK BOX ® Advanced Console ServerScreen 6:******************************************************************

Chapter 3 - Additional FeaturesUser Guide 217Screen 8:********************************************************************CONFIGURATION WIZARD********

Ports Configured as Terminal Servers218 BLACK BOX ® Advanced Console ServerCLI MethodTo configure certain parameters for a specific serial port:Step 1

Chapter 3 - Additional FeaturesUser Guide 219Serial SettingsThis feature controls the speed, data size, parity, and stop bits of all ports. It also se

Introduction and Overview22 BLACK BOX ® Advanced Console ServerFigure 4: The BLACK BOX ® Advanced Console Server16-port, its cables, connectors and o

Serial Settings220 BLACK BOX ® Advanced Console ServerConfiguration for CASBrowser MethodStep 1: Point your browser to the Console Server. In the add

Chapter 3 - Additional FeaturesUser Guide 221Step 3: Select the Serial Ports link.Click on the Serial Ports link on the Link Panel to the left of the

Serial Settings222 BLACK BOX ® Advanced Console ServerScreen 1:********************************************************************CONFIGURATION WIZAR

Chapter 3 - Additional FeaturesUser Guide 223all.sttyCmd : #Set to defaults? (y/n) [n] :Screen 3:*****************************************************

Serial Settings224 BLACK BOX ® Advanced Console ServerScreen 5:********************************************************************CONFIGURATION WIZAR

Chapter 3 - Additional FeaturesUser Guide 225ALL.STTYCMD - Tty settings after a socket connection tothat serial port is established. The tty is progra

Serial Settings226 BLACK BOX ® Advanced Console ServerType 'c' to CONTINUE to set these parameters forspecific ports or 'q' to QUI

Chapter 3 - Additional FeaturesUser Guide 227Screen 9:********************************************************************CONFIGURATIONWIZARD*********

Serial Settings228 BLACK BOX ® Advanced Console ServerCLI MethodTo configure line parameters for a specific serial port.Step 1: At the command prompt

Chapter 3 - Additional FeaturesUser Guide 229Step 2: Activate and Save.To activate your new configurations and save them to flash, type:config write(

Introduction and OverviewUser Guide 23 Safety InstructionsRead all the following safety guidelines to protect yourself and your BLACK BOX ® Advanced C

Serial Settings230 BLACK BOX ® Advanced Console ServerScreen 6:********************************************************************CONFIGURATION WIZAR

Chapter 3 - Additional FeaturesUser Guide 231Screen 7:********************************************************************CONFIGURATION WIZARD********

Serial Settings232 BLACK BOX ® Advanced Console ServerScreen 9:********************************************************************CONFIGURATION WIZAR

Chapter 3 - Additional FeaturesUser Guide 233To configure parity:configure line <serial port number> parity <string>To configure flow: con

Serial Settings234 BLACK BOX ® Advanced Console ServerCLI MethodTo configure line parameters for a specific serial port:Step 1: At the command prompt

Chapter 3 - Additional FeaturesUser Guide 235Session SniffingVersions 2.1.0 and laterYou can open more than one common and sniff session at the same p

Session Sniffing236 BLACK BOX ® Advanced Console Server** * * ttySN is being used by(<first_user_name>) !!!*1 - Initiate a regular session2 - In

Chapter 3 - Additional FeaturesUser Guide 237Only for the administrator users:Typing all.escape_char or sN.escape_char from the sniff session or “se

Session Sniffing238 BLACK BOX ® Advanced Console ServerConfiguration for CASvi MethodOnly the file /etc/portslave/pslave.conf has to be changed. Brows

Chapter 3 - Additional FeaturesUser Guide 239Step 5: Scroll down to the Sniff Session section.You can configure the appropriate values here.Figure 26

Introduction and Overview24 BLACK BOX ® Advanced Console ServerWorking inside the BLACK BOX ® Advanced Console Server Do not attempt to service the BL

Session Sniffing240 BLACK BOX ® Advanced Console ServerScreen 1:********************************************************************CONFIGURATION WIZA

Chapter 3 - Additional FeaturesUser Guide 241Screen 3:********************************************************************CONFIGURATION WIZARD********

Session Sniffing242 BLACK BOX ® Advanced Console ServerScreen 4:********************************************************************CONFIGURATION WIZA

Chapter 3 - Additional FeaturesUser Guide 243If you type 'N'Type 'c' to go back and CORRECT these parametersor 'q' to QU

Session Sniffing244 BLACK BOX ® Advanced Console ServerScreen 7:********************************************************************CONFIGURATIONWIZAR

Chapter 3 - Additional FeaturesUser Guide 245CLI MethodTo configure certain parameters for a specific serial port:Step 1: At the command prompt, type

SNMP246 BLACK BOX ® Advanced Console ServerSNMPShort for Simple Network Management Protocol: a set of protocols for managing complex networks. The fir

Chapter 3 - Additional FeaturesUser Guide 247You can configure the /etc/snmp/snmpd.conf file as indicated later in this section.1. Snmp version 1• RF

SNMP248 BLACK BOX ® Advanced Console Server• Black Box LS1032A-xx Remote Management Object Tree (blackbox.4). This MIB permits you to get informations

Chapter 3 - Additional FeaturesUser Guide 249SyslogThe syslog-ng daemon provides a modern treatment to system messages. Its basic function is to read

Introduction and OverviewUser Guide 25BatteryWARNING: There is the danger of explosion if the battery is replaced incorrectly. Replace the battery on

Syslog250 BLACK BOX ® Advanced Console ServerPort Slave Parameters Involved with syslog-ngConfiguration for CAS, TS, and Dial-in Accessvi MethodTo cha

Chapter 3 - Additional FeaturesUser Guide 251Step 3: Click Syslog on the Configuration section.Select the Syslog link. The following page will appear

Syslog252 BLACK BOX ® Advanced Console ServerScreen 1 will appear.Screen 1:********************************************************************CONFIGU

Chapter 3 - Additional FeaturesUser Guide 253Screen 3:********************************************************************CONFIGURATION WIZARD********

Syslog254 BLACK BOX ® Advanced Console ServerScreen 4:********************************************************************CONFIGURATION WIZARD********

Chapter 3 - Additional FeaturesUser Guide 255Screen 6:********************************************************************CONFIGURATION WIZARD********

Syslog256 BLACK BOX ® Advanced Console ServerStep 2: Activate and Save.To activate your new configurations and save them to flash, type:config write(

Chapter 3 - Additional FeaturesUser Guide 257time_reopen(n) The time to wait before a dead connection is reestablished.time_reap(n) The time to wait b

Syslog258 BLACK BOX ® Advanced Console ServerTask 2: Define sources.To define sources use this statement: source <identifier> { source-driver([p

Chapter 3 - Additional FeaturesUser Guide 259Some Examples of Defining Sources1) To read from a file: source <identifier> {file(filename);};Exam

Introduction and Overview26 BLACK BOX ® Advanced Console ServerFCC Warning StatementThe BLACK BOX ® Advanced Console Server has been tested and found

Syslog260 BLACK BOX ® Advanced Console ServerExample to listen to messages from one client (IP address=10.0.0.1) on UDP port 999:source s_udp_10 { udp

Chapter 3 - Additional FeaturesUser Guide 261Examples:filter f_daemon { facility(daemon); };filter f_kern { facility(kern); };filter f_debug { not fac

Syslog262 BLACK BOX ® Advanced Console Server5) To eliminate sshd debug messages:filter f_sshd_debug { not program('sshd') or not level(debu

Chapter 3 - Additional FeaturesUser Guide 263Available macros in filename expansion: HOST - The name of the source host where the message originated f

Syslog264 BLACK BOX ® Advanced Console ServerSome Examples of Defining Actions1) To send e-mail:destination <ident> { pipe(‘/dev/cyc_alarm’ temp

Chapter 3 - Additional FeaturesUser Guide 265Example to send e-mail to [email protected] (SMTP's IP address 10.0.0.2) from the e-mail address [email protected]

Syslog266 BLACK BOX ® Advanced Console Serverdestination d_pager {pipe(‘/dev/cyc_alarm’template(‘sendsms -d 123 -m \’$FULLDATE $HOST $MSG\’ 10.0.0.1’)

Chapter 3 - Additional FeaturesUser Guide 267template("snmptrap -v 1 -c public 10.0.0.1 \"\" \"\" 2 0 \"\" \.1.3.6.

Syslog268 BLACK BOX ® Advanced Console Serverdestination(D1); destination(D2);...};where : Examples:1) To send all messages received from local syslog

Chapter 3 - Additional FeaturesUser Guide 269log { source(sysl); source(s_udp); filter(f_kern); destination(d-udp1); };Syslog-ng Configuration to use

Introduction and OverviewUser Guide 27¡Peligro! Asegurarse que el equipo este conectado a tierra, para prevenir un shock eléctrico. El cable eléctric

Syslog270 BLACK BOX ® Advanced Console Serversource src { unix-stream("/dev/log"); };# remote server1-IPaddress 10.0.0.1 port defaultdestina

Chapter 3 - Additional FeaturesUser Guide 271Terminal AppearanceYou can change the format of the login prompt and banner that is issued when a connect

Terminal Appearance272 BLACK BOX ® Advanced Console ServerConfiguration for CAS, TS, and Dial-in AccessBrowser MethodStep 1: Point your browser to th

Chapter 3 - Additional FeaturesUser Guide 273Step 8: Click on the link Administration > Load/Save Configuration.Step 9: Click the Save Configurat

Terminal Appearance274 BLACK BOX ® Advanced Console ServerPress ENTER to continue...Screen 2:*********************************************************

Chapter 3 - Additional FeaturesUser Guide 275Screen 4:********************************************************************CONFIGURATION WIZARD********

Terminal Appearance276 BLACK BOX ® Advanced Console Serverall.auto_answer_output[#] :Screen 6:********************************************************

Chapter 3 - Additional FeaturesUser Guide 277Screen 7:********************************************************************CONFIGURATION WIZARD********

Terminal Appearance278 BLACK BOX ® Advanced Console Serverfar will still be in the memory of the system even after youreboot it. If you don't sav

Chapter 3 - Additional FeaturesUser Guide 279Step 2: Activate and Save.To activate your new configurations and save them to flash, type:config write(

Introduction and Overview28 BLACK BOX ® Advanced Console ServerTrabajar dentro del BLACK BOX ® Advanced Console ServerNo intente dar servicio al BLACK

Time Zone280 BLACK BOX ® Advanced Console ServerTime ZoneThe content of the file /etc/TIMEZONE can be in one of two formats. The first format is used

Chapter 3 - Additional FeaturesUser Guide 281In the example below:GST+7DST+6M4.1.0/14:30.M10.5.6/10Daylight Savings Time starts on the first Sunday of

Time Zone282 BLACK BOX ® Advanced Console ServerThis page has been left intentionally blank.

Appendix A - New User Background InformationUser Guide 283Appendix A - New User Background InformationUsers and PasswordsA username and password are n

Appendix A - New User Background Information284 BLACK BOX ® Advanced Console ServerLinux File StructureThe Linux file system is organized hierarchical

Appendix A - New User Background InformationUser Guide 285Basic File Manipulation CommandsThe basic file manipulation commands allow the user to copy,

Appendix A - New User Background Information286 BLACK BOX ® Advanced Console ServerShortcuts:The vi EditorTo edit a file using the vi editor, type:vi

Appendix A - New User Background InformationUser Guide 287Having arrived at the location where text should be changed, use these commands to modify th

Appendix A - New User Background Information288 BLACK BOX ® Advanced Console ServerThe Routing TableThe BLACK BOX ® Advanced Console Server has a stat

Appendix A - New User Background InformationUser Guide 289Secure Shell SessionSsh is a command interface and protocol often used by network administra

Introduction and OverviewUser Guide 29Batería.¡Peligro! Una batería nueva puede explotar, si no esta instalada correctamente. Remplace la batería cu

Appendix A - New User Background Information290 BLACK BOX ® Advanced Console Serverssh -t -l mycompany:10.0.0.116-portssh -t -l mycompany:7001 16-port

Appendix A - New User Background InformationUser Guide 291UsePrivilegedPort yes• One of these:hostname or ipaddress in /etc/hosts.equiv or/etc/ssh/sho

Appendix A - New User Background Information292 BLACK BOX ® Advanced Console Servercat /tmp/known_hosts >> /etc/ssh/ssh_known_hosts or ~/.ssh/kn

Appendix A - New User Background InformationUser Guide 293The Process TableThe process table shows which processes are running. Type ps -a to see a ta

Appendix A - New User Background Information294 BLACK BOX ® Advanced Console ServerTS Menu ScriptThe ts_menu script can be used to avoid typing long t

Appendix A - New User Background InformationUser Guide 295accessed. This is used when there is clustering (one BLACK BOX ® Advanced Console Server mas

Appendix A - New User Background Information296 BLACK BOX ® Advanced Console Server1 192.168.1.101 2 192.168.1.102 3 192.168.1.103 4 192.168.1.1045 19

Appendix B - Cabling, Hardware, & ElectricalUser Guide 297Appendix B - Cabling, Hardware, and Electrical SpecificationsGeneral Hardware Specificat

Appendix B - Cabling, Hardware, & Electrical298 BLACK BOX ® Advanced Console ServerThe following section has all the information you need to quick

Appendix B - Cabling, Hardware, & ElectricalUser Guide 299Rear Panel LEDsThe Advanced Secure Console Port Server rear panel has connectors (serial

Table of ContentsUser Guide 3PrefacePurpose . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Introduction and Overview30 BLACK BOX ® Advanced Console ServerThis page has been left intentionally blank.

Appendix B - Cabling, Hardware, & Electrical300 BLACK BOX ® Advanced Console ServerThe RS-232 StandardRS-232C, EIA RS-232, or simply RS-232 refer

Appendix B - Cabling, Hardware, & ElectricalUser Guide 301transmission speeds range between 9,600 bps and 19,200bps (used in most automation and c

Appendix B - Cabling, Hardware, & Electrical302 BLACK BOX ® Advanced Console ServerConnectorsThe connector traditionally used with RS-232 is the 2

Appendix B - Cabling, Hardware, & ElectricalUser Guide 303Straight-Through vs. Crossover CablesThe RS-232 interface was originally intended to con

Appendix B - Cabling, Hardware, & Electrical304 BLACK BOX ® Advanced Console ServerCable DiagramsBefore using the following cable diagrams refer t

Appendix B - Cabling, Hardware, & ElectricalUser Guide 305Cable #1: Black Box RJ-45 to DB-25 Male, straight-throughApplication: This cable connect

Appendix B - Cabling, Hardware, & Electrical306 BLACK BOX ® Advanced Console ServerCable #3: Black Box RJ-45 to DB-9 Female, crossoverThis cable c

Appendix B - Cabling, Hardware, & ElectricalUser Guide 307Cable #5: Black Box/Sun Netra CableThis Adapter attaches to a Cat 3 or Cat 5 network cab

Appendix B - Cabling, Hardware, & Electrical308 BLACK BOX ® Advanced Console ServerBlack Box\Sun Netra AdapterThis Adapter attaches to a Cat 3 or

Appendix B - Cabling, Hardware, & ElectricalUser Guide 309RJ-45 Female to DB-25 Female AdapterThe following adapter may be necessary. It is includ

Chapter 2 - Installation, Configuration, UsageUser Guide 31Chapter 2 - Installation, Configuration, and UsageIntroductionThis chapter will allow you t

Appendix B - Cabling, Hardware, & Electrical310 BLACK BOX ® Advanced Console ServerThis page has been left intentionally blank.

Appendix C - The pslave Configuration FileUser Guide 311Appendix C - The pslave Configuration FileIntroductionThis chapter begins with a table contain

Appendix C - The pslave Configuration File312 BLACK BOX ® Advanced Console Serverconf.facility The local facility sent to syslog-ng from PortSlave.1 -

Appendix C - The pslave Configuration FileUser Guide 313all.dcd DCD signal (sets the tty parameter CLOCAL). Valid values are 0 or 1. If all.dcd=0, a

Appendix C - The pslave Configuration File314 BLACK BOX ® Advanced Console Serverall.issue This text determines the format of the login banner that i

Appendix C - The pslave Configuration FileUser Guide 315all.syswtmp It defines whether portslave must write login records.yes/noall.sttyCmd The TTY i

Appendix C - The pslave Configuration File316 BLACK BOX ® Advanced Console Serverall.utmpfrom It allow the administrator to customize the field "

Appendix C - The pslave Configuration FileUser Guide 317all.accthost1 This address indicates the location of the Radius/TacacsPlus accounting server,

Appendix C - The pslave Configuration File318 BLACK BOX ® Advanced Console Serverall.authtype Configured in Task 4: Edit the pslave.conf file in Chapt

Appendix C - The pslave Configuration FileUser Guide 319• local/radius (authentication is per-formed locally first, switching to Radius if unsuccessfu

Chapter 2 - Installation, Configuration, Usage32 BLACK BOX ® Advanced Console ServerThe following table shows the different hardware required for vari

Appendix C - The pslave Configuration File320 BLACK BOX ® Advanced Console Serverall.radretries Defines the number of times each Radius/ TacacsPlus se

Appendix C - The pslave Configuration FileUser Guide 321CAS ParametersYou can configure additional CAS features with the parameters given on the follo

Appendix C - The pslave Configuration File322 BLACK BOX ® Advanced Console Serverconf.nat_clustering_ip IP address of any BLACK BOX ® Advanced Console

Appendix C - The pslave Configuration FileUser Guide 323all.lf_suppress This can be useful because telneting (from DOS) from some OS such as Windows 9

Appendix C - The pslave Configuration File324 BLACK BOX ® Advanced Console Serverall.auto_answer_outputThis parameter works in conjunction with all.au

Appendix C - The pslave Configuration FileUser Guide 325all.socket_port In the CAS profile, this defines an alternative labeling system for the BLACK

Appendix C - The pslave Configuration File326 BLACK BOX ® Advanced Console Serverall.data_buffering A non zero value activates data buffering (local o

Appendix C - The pslave Configuration FileUser Guide 327all.DB_mode When configured as cir for circular format, the buffer works like a revolving fil

Appendix C - The pslave Configuration File328 BLACK BOX ® Advanced Console Serverall.syslog_buffering When non zero, the contents of the data buffer a

Appendix C - The pslave Configuration FileUser Guide 329all.alarm When non zero, all data received from the port are captured and sent to syslog-ng w

Chapter 2 - Installation, Configuration, UsageUser Guide 33Pre-Install ChecklistThere are several things you will need to confirm prior to installing

Appendix C - The pslave Configuration File330 BLACK BOX ® Advanced Console Serverall.multiple_sessions Allows users to open more than one common and s

Appendix C - The pslave Configuration FileUser Guide 331TS ParametersThe following parameters are unique to a TS setup except where indicated.s1.pool_

Appendix C - The pslave Configuration File332 BLACK BOX ® Advanced Console Serverconf.ssh Location of the ssh utility. /bin/sshconf.locallogins This

Appendix C - The pslave Configuration FileUser Guide 333Dial-in Access ParametersThe following parameters are unique to a Dial-in setup except where i

Appendix C - The pslave Configuration File334 BLACK BOX ® Advanced Console Serverall.initchat Modem initialization string. TIMEOUT 10 "" \d

Appendix C - The pslave Configuration FileUser Guide 335all.pppopt all.pppopt PPP options when user has already been authenticated.%i:%j novj \proxyar

Appendix C - The pslave Configuration File336 BLACK BOX ® Advanced Console ServerThis page has been left intentionally blank.

Appendix D - Linux-PAMUser Guide 337Appendix D - Linux-PAMIntroductionLinux-PAM (Pluggable Authentication Modules for Linux) is a suite of shared libr

Appendix D - Linux-PAM338 BLACK BOX ® Advanced Console ServerFigure 38: Data flow diagram of Linux-PAM The left of the figure represents the applicat

Appendix D - Linux-PAMUser Guide 339The Linux-PAM Configuration FileLinux-PAM is designed to provide the system administrator with a great deal of fle

Chapter 2 - Installation, Configuration, Usage34 BLACK BOX ® Advanced Console ServerTask ListThere are eight key tasks that you will need to perform t

Appendix D - Linux-PAM340 BLACK BOX ® Advanced Console ServerService-name The name of the service associated with this entry. Frequently the ser-vice

Appendix D - Linux-PAMUser Guide 341The Linux-PAM library interprets these keywords in the following manner:Control-flag The control-flag is used to i

Appendix D - Linux-PAM342 BLACK BOX ® Advanced Console ServerNewest SyntaxThe more elaborate (newer) syntax is much more specific and gives the admini

Appendix D - Linux-PAMUser Guide 343Module PathModule Path is the path-name of the dynamically loadable object file--the pluggable module itself. If t

Appendix D - Linux-PAM344 BLACK BOX ® Advanced Console Serverpam_env This module allows the (un)setting of environment variables. The use of previousl

Appendix D - Linux-PAMUser Guide 345pam_rootok This module is for use in situations where the superuser wishes to gain access to a service without hav

Appendix D - Linux-PAM346 BLACK BOX ® Advanced Console ServerArgumentsThe arguments are a list of tokens that are passed to the module when it is invo

Appendix D - Linux-PAMUser Guide 347Directory-based ConfigurationIt is possible to configure libpam via the contents of the /etc/ pam.d/ directory. Th

Appendix D - Linux-PAM348 BLACK BOX ® Advanced Console ServerThe only difference between the two is that the service-name is not present. The service-

Appendix D - Linux-PAMUser Guide 349OTHER auth required pam_warn.soOTHER password required pam_warn.soHaving two “OTHER auth” lines is an example of s

Chapter 2 - Installation, Configuration, UsageUser Guide 35• DomainBasic Wizard access is covered in the Quick Start in this chapter and also in Confi

Appendix D - Linux-PAM350 BLACK BOX ® Advanced Console ServerIn addition to the normal applications: login, su, sshd, passwd, and pppd. Black Box also

Appendix D - Linux-PAMUser Guide 351# If Kerberos server is down, uses the local service#kerberosdownlocal auth requisite pam_securetty.sokerberosdown

Appendix D - Linux-PAM352 BLACK BOX ® Advanced Console Serverldapdownlocal auth requiredpam_unix2.soldapdownlocal account \[ success=done new_authtok_

Appendix D - Linux-PAMUser Guide 353radius account required pam_radius_auth.soradius session required pam_radius_auth.sos_radius auth requisite pam_se

Appendix D - Linux-PAM354 BLACK BOX ® Advanced Console Server## The PAM configuration file for the `login' service#loginauth requisite pam_secure

Appendix D - Linux-PAMUser Guide 355#sambaauth required pam_unix2.sosambaaccount required pam_unix2.so## The PAM configuration file for the `su'

Appendix D - Linux-PAM356 BLACK BOX ® Advanced Console Server#ippp auth optional pam_auth_srv.so#ippp account required pam_radius_auth.so conf=/etc/ra

Appendix E - Upgrades and TroubleshootingUser Guide 357Appendix E - Software Upgrades and TroubleshootingUpgradesUsers should upgrade the BLACK BOX ®

Appendix E - Upgrades and Troubleshooting358 BLACK BOX ® Advanced Console Serverftp> open server> user admin> Password: adminpw> cd /tftpb

Appendix E - Upgrades and TroubleshootingUser Guide 359TroubleshootingFlash Memory LossIf the contents of flash memory are lost after an upgrade, plea

Chapter 2 - Installation, Configuration, Usage36 BLACK BOX ® Advanced Console ServerQuick StartThis Quick Start gives you all the necessary informatio

Appendix E - Upgrades and Troubleshooting360 BLACK BOX ® Advanced Console ServerIf the BLACK BOX ® Advanced Console Server booted properly, the interf

Appendix E - Upgrades and TroubleshootingUser Guide 361/etc/ssh/ssh_host_key.pub sshd/etc/ssh/sshd_config sshd/etc/ssh/ssh_config ssh client/etc/ssh/

Appendix E - Upgrades and Troubleshooting362 BLACK BOX ® Advanced Console ServerHardware TestA hardware test called tstest is included with the BLACK

Appendix E - Upgrades and TroubleshootingUser Guide 363 <- Packets -> <- Errors ->From To Sent Received P

Appendix E - Upgrades and Troubleshooting364 BLACK BOX ® Advanced Console ServerFirst, type Ctrl-D to see the X in the DTR column move position, then

Appendix E - Upgrades and TroubleshootingUser Guide 365zimage at: 00008100 0006827Erelocated to: 00DB7000 00E1717Einitrd at: 0006827E 0024F814relocate

Appendix E - Upgrades and Troubleshooting366 BLACK BOX ® Advanced Console Serveryour system. If your ftp server is on the same network as the BLACK BO

Appendix E - Upgrades and TroubleshootingUser Guide 367Firmware boot from ((F)lash or (N)etwork) [F]Boot type ((B)ootp,(T)ftp or Bot(H)) [T]Boot File

Appendix E - Upgrades and Troubleshooting368 BLACK BOX ® Advanced Console ServerCPU LEDNormally the CPU status LED should blink consistently one secon

Appendix F - Certificate for HTTP SecurityUser Guide 369Appendix F - Certificate for HTTP SecurityIntroductionThe following configuration will enable

Chapter 2 - Installation, Configuration, UsageUser Guide 37Step 2: Power on the BLACK BOX ® Advanced Console Server.After the BLACK BOX ® Advanced Co

Appendix F - Certificate for HTTP Security370 BLACK BOX ® Advanced Console ServerThe other requested information can be skipped. The certificate signi

Appendix F - Certificate for HTTP SecurityUser Guide 371Step E: Save the configuration in flash.#saveconfStep F: The certification will be effective

Appendix F - Certificate for HTTP Security372 BLACK BOX ® Advanced Console ServerThis page has been left intentionally blank.

Appendix G - IPSECUser Guide 373Appendix G - IPSECIntroductionThis document contains some information that Technical Support may need to help custom-e

Appendix G - IPSEC374 BLACK BOX ® Advanced Console ServerUsing IPsec to create a VPNA VPN, or Virtual Private Network lets two networks communicate se

Appendix G - IPSECUser Guide 375The software partsThe IPsec software has three main parts:IPSec ConfigurationThe configuration fileIPsec uses a config

Appendix G - IPSEC376 BLACK BOX ® Advanced Console Server3. All other non-comment lines of a section must be indented.4. Blank lines separate sections

Appendix G - IPSECUser Guide 377The variables set here are:interfaces Tells the IPsec code in the Linux kernel which network interface to use. The int

Appendix G - IPSEC378 BLACK BOX ® Advanced Console ServerConnection defaultsThere is a special name %default that lets you define things that apply to

Appendix G - IPSECUser Guide 379# Some will override this with auto=startauto=addVariables set here are:Editing a connection descriptionA sample conne

Chapter 2 - Installation, Configuration, Usage38 BLACK BOX ® Advanced Console Server• Gateway IP• Network Mask (if DHCP is disabled)After you input th

Appendix G - IPSEC380 BLACK BOX ® Advanced Console Server# left security gateway (public-network address)left=10.0.0.1# next hop to reach rightleftnex

Appendix G - IPSECUser Guide 381For each left* parameter, there is a corresponding right* parameter.Note that a connection to a subnet behind left doe

Appendix G - IPSEC382 BLACK BOX ® Advanced Console ServerExample file for BLACK BOX ® Advanced Console Server-to-network connectionFor an BLACK BOX ®

Appendix G - IPSECUser Guide 383interfaces="%defaultroute"klipsdebug=noneplutodebug=noneplutoload=%searchplutostart=%search# defaults that a

Appendix G - IPSEC384 BLACK BOX ® Advanced Console Serverrightsubnet=192.168.0.0/24IPsec UsageThe IPsec DaemonThe IPsec daemon (PLUTO) is the program

Appendix G - IPSECUser Guide 385Starting and Stopping a ConnectionAll the connections can be negotiated at boot time if these connections have the aut

Appendix G - IPSEC386 BLACK BOX ® Advanced Console ServerGenerating an RSA key pairThe Console Server doesn't have an RSA key pair by default. If

Appendix G - IPSECUser Guide 387ipsec0->eth0 mtu=16260(1443)->[email protected] ESP_3DES_HMAC_MD5: dir=outsrc=64.186.161.96 iv_bi

Appendix G - IPSEC388 BLACK BOX ® Advanced Console Server000 "teste": ike_life: 3600s; ipsec_life: 28800s; rekey_margin:540s; rekey_fuzz: 10

Appendix G - IPSECUser Guide 389Applications of IPsecBecause IPsec operates at the network layer, it is remarkably flexible and can be used to secure

Chapter 2 - Installation, Configuration, UsageUser Guide 39Configuration using a Web browserThe BLACK BOX ® Advanced Console Server comes with DHCP cl

Appendix G - IPSEC390 BLACK BOX ® Advanced Console Server• If Network Address Translation (NAT) is applied between the two IPsec Gateways, this breaks

Appendix G - IPSECUser Guide 391ever he might be. We refer to the remote machines as “Road Warriors.” For purposes of IPsec, anyone with a dynamic IP

Appendix G - IPSEC392 BLACK BOX ® Advanced Console ServerSetup on the Road Warrior machineSimply add a connection description us-to-Console Server, wi

Appendix G - IPSECUser Guide [email protected]=0s1LgR7/oUM...BLACK BOX ® Advanced Console Server-to-network VPNOften it may be

Appendix G - IPSEC394 BLACK BOX ® Advanced Console Serverrightnexthop=10.88.77.66rightsubnet=192.168.0.0/24auto=start# This line is only for RSA signa

Appendix G - IPSECUser Guide 395Generating an RSA key pairThe Console Server doesn't have an RSA key pair by default. It will be generated on the

Appendix G - IPSEC396 BLACK BOX ® Advanced Console ServerThe Configuration FileDescriptionThe ipsec.conf file specifies most configuration and control

Appendix G - IPSECUser Guide 397begin with white space too. There may be only one section of a given type with a given name. Lines within the section

Appendix G - IPSEC398 BLACK BOX ® Advanced Console ServerConn SectionsA conn section contains a connection specification, defining a network connectio

Appendix G - IPSECUser Guide 399Conn Parameters: Automatic KeyingThe following parameters are relevant only to automatic keying, and are ignored in ma

Table of Contents4 BLACK BOX ® Advanced Console ServerTask 1: Connect the BLACK BOX ® Advanced Console Server to the Network

Chapter 2 - Installation, Configuration, Usage40 BLACK BOX ® Advanced Console ServerFigure 5: Login page of the Web Configuration ManagerStep 4: Ent

Appendix G - IPSEC400 BLACK BOX ® Advanced Console Serverauto What operation, if any, should be done automatically at IPsec startup; cur-rently-accept

Appendix G - IPSECUser Guide 401Conn Parameters: Manual KeyingThe following parameters are relevant only to manual keying, and are ignored in automati

Appendix G - IPSEC402 BLACK BOX ® Advanced Console ServerConfig SectionsAt present, the only config section known to the IPsec software is the one nam

Appendix G - IPSECUser Guide 403Parameters are optional unless marked “required.” The currently-accepted parameter names in a config setup section are

Appendix G - IPSEC404 BLACK BOX ® Advanced Console ServerThe IPsec Daemon The ipsec daemon is automatically initialized when you first boot your Conso

Appendix H - Web User ManagementUser Guide 405Appendix H- Web User ManagementIntroductionIn the BLACK BOX ® Advanced Console Server Web server, the us

Appendix H - Web User Management406 BLACK BOX ® Advanced Console ServerFigure 43: Access Limit List default page

Appendix H - Web User ManagementUser Guide 407How Web User Management worksWhen a user logs in, the username and the password are encrypted and stored

Appendix H - Web User Management408 BLACK BOX ® Advanced Console ServerTask 2: Read the Username and the PasswordThis is done when the page must be ac

Appendix H - Web User ManagementUser Guide 409Changing the Root PasswordThe first thing to do after logging into a Web session the first time must be

Chapter 2 - Installation, Configuration, UsageUser Guide 41This page gives a brief description of all menu options. A menu of links is provided along

Appendix H - Web User Management410 BLACK BOX ® Advanced Console ServerStep 4: Click on the Submit button. A confirmation message will appear.Step 5:

Appendix H - Web User ManagementUser Guide 411Adding and Deleting User GroupsThe default configuration already comes with four user groups, and, for m

Appendix H - Web User Management412 BLACK BOX ® Advanced Console ServerStep 3: If there are more groups to be deleted, repeat the steps 1 and 2.Step

Appendix H - Web User ManagementUser Guide 413Step 3: Configure the new access limit.Type the URL (or the subdirectory), and select the access privil

Appendix H - Web User Management414 BLACK BOX ® Advanced Console ServerThis page has been left intentionally blank.

Appendix I - Connect to Serial Ports from WebUser Guide 415Appendix I - Connect to Serial Ports from WebIntroductionDepending on how the serial port i

Appendix I - Connect to Serial Ports from Web416 BLACK BOX ® Advanced Console ServerOn WindowsFrom Internet ExplorerGo to Tools → Internet Options → A

Appendix I - Connect to Serial Ports from WebUser Guide 417Step-by-Step ProcessStep 1: Point your browser to the Console Server.In the address field

Appendix I - Connect to Serial Ports from Web418 BLACK BOX ® Advanced Console ServerFigure 45: SSH User Authentication Popup WindowStep 6: Enter com

Appendix J - Examples for Config TestingUser Guide 419Appendix J - Examples for Configuration TestingIntroductionThe following three examples are just

Chapter 2 - Installation, Configuration, Usage42 BLACK BOX ® Advanced Console ServerClick on the Administration > Run Configuration link, check the

Appendix J - Examples for Config Testing420 BLACK BOX ® Advanced Console Server The following diagram, shows additional scenarios for the BLACK BOX ®

Appendix J - Examples for Config TestingUser Guide 421Step 1: Create a new user.Run the adduser <username> to create a new user in the local da

Appendix J - Examples for Config Testing422 BLACK BOX ® Advanced Console ServerStep 6: Activate the changes.Now continue on to Task 5: Activate the c

Appendix J - Examples for Config TestingUser Guide 423No authentication is used in the example shown above and rlogin is chosen as the protocol. After

Appendix J - Examples for Config Testing424 BLACK BOX ® Advanced Console ServerDial-in Access The BLACK BOX ® Advanced Console Server can be configure

Appendix J - Examples for Config TestingUser Guide 425Step 2: Confirm that the Radius server is reachable.From the console, ping 200.200.200.2 to mak

Appendix J - Examples for Config Testing426 BLACK BOX ® Advanced Console ServerThis page has been left intentionally blank.

Appendix K - Wiz Application ParametersUser Guide 427Appendix K - Wiz Application ParametersBasic Parameters (wiz)• Hostname• System IP• Domain Name•

Appendix K - Wiz Application Parameters428 BLACK BOX ® Advanced Console Server• web_WinEMS• translation(TS profile)• Protocol• Socket_port• Userauto•

Appendix K - Wiz Application ParametersUser Guide 429• SecretData Buffering Parameters (wiz --db)• Data_buffering• Conf.nfs_data_buffering• Syslog_buf

Chapter 2 - Installation, Configuration, UsageUser Guide 43Table 3: Configuration SectionLink Name Description of Page ContentsConfiguration This sect

Appendix K - Wiz Application Parameters430 BLACK BOX ® Advanced Console ServerSerial Settings Parameters (wiz --sset <type>)(CAS profile)• Speed

Appendix K - Wiz Application ParametersUser Guide 431Sniffing Parameters (wiz --snf)• Admin_users• Sniff_mode• Escape_char• Multiple_sessionsSyslog Pa

Appendix K - Wiz Application Parameters432 BLACK BOX ® Advanced Console ServerTerminal Server Profile Other Parameters (wiz --tso)• Host• Term• Conf.l

Appendix L - CopyrightsUser Guide 433Appendix L - CopyrightsReferencesThe Advanced Secure Console Port Server is based in the HardHat Linux distributi

Appendix L - Copyrights434 BLACK BOX ® Advanced Console ServerFlexFlex version [email protected]: This product includes software developed

Appendix L - CopyrightsUser Guide 435NTPNTP client http://doolittle.faludi.com/ntpclient/OpenSSHOpenSSH version 3.5p1http://www.openssh.orgCOPYRIGHT:

Appendix L - Copyrights436 BLACK BOX ® Advanced Console ServerTinyloginTinyLogin version 0.80 ftp://ftp.lineo.com/pub/tinylogin/WEBSGoAhead WEBS versi

List of FiguresUser Guide 437List of Figures1. Cable Package #1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

List of Figures438 BLACK BOX ® Advanced Console Server23. IP Tables Chains Table (table filter) . . . . . . . . . . . . . . . . . . . . . . . . . . .

List of FiguresUser Guide 43947. Terminal Server diagram . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .422

Chapter 2 - Installation, Configuration, Usage44 BLACK BOX ® Advanced Console ServerTable 4: Administration SectionLink Name Description of Page Conte

List of Figures440 BLACK BOX ® Advanced Console ServerThis page has been left intentionally blank.

List of TablesUser Guide 441List of Tables1. Hardware vs. Configuration Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .32

List of Tables442 BLACK BOX ® Advanced Console Server24. Which cable to use . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

GlossaryUser Guide 443GlossaryAuthenticationAuthentication i

Glossary444 BLACK BOX ® Advanced Console ServerIP packet filteringThis is a set of facilities in network equipment that al

GlossaryUser Guide 445RISCReduced Instruction Set Computer. T

Glossary446 BLACK BOX ® Advanced Console ServerTerminal ServerA terminal server has one Ethernet LAN port and many RS-232

IndexUser Guide 447IndexAAccess Method 73Alarm 181Authentication

Index448 BLACK BOX ® Advanced Console ServerNNetmask 34NTP 195PPasswords 283Port Test 362RRadius authentication 424Routing Table 288RS-232 Standard 30

This page has been left intentionally blank.

Chapter 2 - Installation, Configuration, UsageUser Guide 45Table 6: Information SectionLink Name Description of Page ContentsInterfaceStatisticsShows

1000 Park Drive Lawrence,PA 15055-1018 724-746-5500 Fax: 724-746-0746

Chapter 2 - Installation, Configuration, Usage46 BLACK BOX ® Advanced Console ServerConfiguration using TelnetThe BLACK BOX ® Advanced Console Server

Chapter 2 - Installation, Configuration, UsageUser Guide 47Step 4: Enter root as login name and tslinux as password.Step 5: Type wiz and press Enter

Chapter 2 - Installation, Configuration, Usage48 BLACK BOX ® Advanced Console ServerGateway : eth0Network Mask : 255.255.255.0If the parameters are co

Chapter 2 - Installation, Configuration, UsageUser Guide 49The Installation and Configuration ProcessTask 1: Connect the BLACK BOX ® Advanced Console

Table of ContentsUser Guide 5Configuration for CAS, TS, and Dial-in Access . . . . . . . . . . . . . . . . . . . . 135Data Buffering . . . . . . . . .

Chapter 2 - Installation, Configuration, Usage50 BLACK BOX ® Advanced Console ServerNew UsersIf you are using a PC, you will be using HyperTerminal to

Chapter 2 - Installation, Configuration, UsageUser Guide 51Step 1: Plug the power cable into the BLACK BOX ® Advanced Console Server.Insert the femal

Chapter 2 - Installation, Configuration, Usage52 BLACK BOX ® Advanced Console ServerTask 2: Configure the COM Port Connection and Log InStep 1: Selec

Chapter 2 - Installation, Configuration, UsageUser Guide 53Figure 9: Port SettingsStep 3: Power on the BLACK BOX ® Advanced Console Server.Step 4:

Chapter 2 - Installation, Configuration, Usage54 BLACK BOX ® Advanced Console ServerTask 3: Modify the System FilesWhen the BLACK BOX ® Advanced Conso

Chapter 2 - Installation, Configuration, UsageUser Guide 55Figure 10: The /etc/hostname file with hostname typed inStep 4: Modify /etc/hosts.This fi

Chapter 2 - Installation, Configuration, Usage56 BLACK BOX ® Advanced Console ServerStep 6: Modify /etc/network/st_routes.The fourth file defines sta

Chapter 2 - Installation, Configuration, UsageUser Guide 57Step E: Remove the temporary user boo. # deluser booStep F: Change the password for all u

Chapter 2 - Installation, Configuration, Usage58 BLACK BOX ® Advanced Console ServerThere are three basic types of parameters in this file: • conf.* p

Chapter 2 - Installation, Configuration, UsageUser Guide 59all.authtype This parameter controls the authentication required by the BLACK BOX ® Advance

Table of Contents6 BLACK BOX ® Advanced Console ServerEstablishing a Callback with your ISDN PC Card. . . . . . . . . . . . .

Chapter 2 - Installation, Configuration, Usage60 BLACK BOX ® Advanced Console ServerThe Authentication featureSee Authentication in Chapter 3 - Additi

Chapter 2 - Installation, Configuration, UsageUser Guide 61While still in the DOS window, type the following and then press Enter:telnet <IP assign

Chapter 2 - Installation, Configuration, Usage62 BLACK BOX ® Advanced Console ServerAccessing the Serial PortsThere are four ways to access the serial

Chapter 2 - Installation, Configuration, UsageUser Guide 63CAS database or in a Radius/Tacacs/LDAP/Kerberos, etc database.<Server> can be just t

Chapter 2 - Installation, Configuration, Usage64 BLACK BOX ® Advanced Console Serverz suspend telnetb send breakt toggle binarye exit telnetStep 2: P

Chapter 3 - Additional FeaturesUser Guide 65Chapter 3 - Additional FeaturesIntroductionAfter the Configuration Wizard section in this chapter, each of

Configuration Wizard - Basic Wizard66 BLACK BOX ® Advanced Console ServerConfiguration Wizard - Basic WizardThe configuration wizard application is a

Chapter 3 - Additional FeaturesUser Guide 673) Press ESC if you want to exit.NOTE: For some parameters, if there is nothing withinthe brackets, it wil

Configuration Wizard - Basic Wizard68 BLACK BOX ® Advanced Console ServerStep 4: Enter Hostname and then press the Enter key.This is an alias for you

Chapter 3 - Additional FeaturesUser Guide 69Step 6: If DHCP client is disabled, enter IP Address of your BLACK BOX ® Advanced Console Server and then

Table of ContentsUser Guide 7Appendix B - Cabling, Hardware, and Electrical SpecificationsGeneral Hardware Specifications. . . . . . . . . . . . . . .

Configuration Wizard - Basic Wizard70 BLACK BOX ® Advanced Console Server********************************************************************CONFIGURA

Chapter 3 - Additional FeaturesUser Guide 71********************************************************************CONFIGURATION WIZARD******************

Configuration Wizard - Basic Wizard72 BLACK BOX ® Advanced Console ServerUsing the Wizard through your BrowserThe Web interface supports wizards for s

Chapter 3 - Additional FeaturesUser Guide 73For TS:• Port Speed• First RADIUS/TacacsPlus Authentication Server• First Accounting Server• RADIUS/Tacacs

Access Method74 BLACK BOX ® Advanced Console Serverall.ipno This is the default IP address of the BLACK BOX ® Advanced Console Server's serial po

Chapter 3 - Additional FeaturesUser Guide 75vi MethodThe parameters described above must be changed by directly editing the /etc/portslave/plsave.conf

Access Method76 BLACK BOX ® Advanced Console ServerStep 2: Log in as root and type the Web root password configured by the Web server.This will take

Chapter 3 - Additional FeaturesUser Guide 77Step 5: Click the CAS profile button.Click the CAS profile button in the wizards section. The default CAS

Access Method78 BLACK BOX ® Advanced Console ServerStep 11: Click on the Serial Port Groups link on the Link Panel.Click the Add Group button that ap

Chapter 3 - Additional FeaturesUser Guide 79This will bring up Screen 1:Screen 1:********************************************************************C

Table of Contents8 BLACK BOX ® Advanced Console ServerAppendix E - Software Upgrades and TroubleshootingUpgrades. . . . . . .

Access Method80 BLACK BOX ® Advanced Console Serverall.poll_interval : #all.tx_interval : #all.idletimeout : #conf.group : #Set to defaults? (y/n) [n]

Chapter 3 - Additional FeaturesUser Guide 81Screen 4:********************************************************************CONFIGURATION WIZARD*********

Access Method82 BLACK BOX ® Advanced Console Serverthe connection is still up. If not configured, default is1000ms. If set to 0, line status messages

Chapter 3 - Additional FeaturesUser Guide 83Screen 7:********************************************************************CONFIGURATION WIZARD*********

Access Method84 BLACK BOX ® Advanced Console ServerScreen 8:********************************************************************CONFIGURATION WIZARD**

Chapter 3 - Additional FeaturesUser Guide 85Screen 10:********************************************************************CONFIGURATION WIZARD********

Access Method86 BLACK BOX ® Advanced Console ServerCLI MethodTo configure certain parameters for a specific serial port:Step 1: At the command prompt

Chapter 3 - Additional FeaturesUser Guide 87To configure idletimeout: config configure line <serial port number> idletimeout <num-ber>To c

Access Method88 BLACK BOX ® Advanced Console ServerConfiguration for TSParameters and Passed ValuesFor TS configuration, you will need to configure th

Chapter 3 - Additional FeaturesUser Guide 89Browser MethodStep 1: Follow the steps 1 to 4 in the section titled Configuration for CAS, “Browser Metho

Table of ContentsUser Guide 9IPsec Usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 384T

Access Method90 BLACK BOX ® Advanced Console ServerScreen 1:********************************************************************CONFIGURATIONWIZARD***

Chapter 3 - Additional FeaturesUser Guide 91Screen 3:********************************************************************CONFIGURATIONWIZARD**********

Access Method92 BLACK BOX ® Advanced Console ServerALL.USERAUTO - Username used when connected to a Unixserver from the user's serial terminal.al

Chapter 3 - Additional FeaturesUser Guide 93Type 'c' to CONTINUE to set these parameters for specificports or 'q' to QUIT :Typing

Access Method94 BLACK BOX ® Advanced Console ServerScreen 7:********************************************************************CONFIGURATION WIZARD**

Chapter 3 - Additional FeaturesUser Guide 95CLI MethodTo configure certain parameters for a specific serial port:Step 1: At the command prompt, type

Access Method96 BLACK BOX ® Advanced Console ServerConfiguration for Dial-in AccessParameters and Passed Values The parameters that need to be configu

Chapter 3 - Additional FeaturesUser Guide 97vi Method The parameters described above must be changed by directly editing the /etc/portslave/pslave.con

Access Method98 BLACK BOX ® Advanced Console ServerStep 3: Scroll down to the Profile section.You can change the settings for all.ipno and all.protoc

Chapter 3 - Additional FeaturesUser Guide 99CLI MethodTo configure certain parameters for a specific serial port:Step 1: At the command prompt, type