Cyclades-TS User Guide Version 1.3.4 Release 1
Contents
1. RTS4 Figure 38 Cable 2 Cyclades RJ 45 to DB 25 Female Male Crossover Cable 3 Cyclades R 45 to DB 9 Female Crossover This cable connects Cyclades products serial ports to console ports terminals printers and other DTE RS 232 devices After connecting the appropriate adaptor to the RJ 45 straight through cable you will essentially have the cable shown in this picture RJ 45 DB 9 Custom Female TxD 3 RxD 2 RxD 6 TxD 3 Gnd4 Gnd 5 RJ 45 DTR2 _ DSR6 DSR 8 amp 8 4 DCD 1 E DCD 7 DTR4 RTS 1 CTS8 CTS 5 RTS7 Figure 39 Cable 3 Cyclades RJ 45 to DB 9 Female Crossover 232 Cyclades TS Appendix B Cabling Hardware amp Electrical Cable 4 Cyclades R 45 to Cyclades R 45 straight through This cable is the main cable that you will use After configuration it can be used with the same adapter to connect to the server It can also be used to connect two ports of a Cyclades product loopback for testing purposes RJ 45 Male RxD 6 TxD 3 Gnd 4 DSR 8 DCD 7 DTR 2 CTS 5 RTS 1 Figure 40 Cable 4 Cyclades RJ 45 to Cyclades RJ 45 Crossover Loop Back Connector for Hardware Test The use of the following DB 25 connector is explained in the Troubleshooting chapter Figure 41 Loop Back Connector User Guide 233 Appendix2. Step E Remove the temporary user boo deluser boo Step F Change the password for all users and add the new ones needed passwd lt username gt or adduser lt username gt Step G Edit etc config files and add a line with etc shadow Task 4 Edit the pslave conf file This is the main configuration file etc portslave pslave conf that contains most product parameters and defines the functionality of the Cyclades TS Only three parameters need to be modified or confirmed for a basic configuration e confeth ip all authtype all protocol Tip You can do a find for each of these parameters in vi once you open this file by typing your string to search the file downward for the string specified after the A listing of the pslave conf file with all possible parameters as well as the files used to create other configurations from parameters in this file is provided in Appendix C The pslave Con User Guide 53 Chapter 2 Installation and Configuration figuration File Additional optional modifications made to this file will depend on the config uration desired There are three basic types of parameters in this file conf parameters are global or apply to the Ethernet interface all parameters are used to set default parameters for all ports s parameters change the default port parameters for individual ports An all parameter can be overridden by as parame
3. If you changed your ethernet IP you will lose your connection You will need to use your browser to connect to the new IP The new configuration will be valid and running The Cyclades TS is now config ured as a CAS with its new IP address with no authentication and accepting telnet to the serial ports You can telnet the CAS IP serial port 1 with the following com mand telnet IP you assigned 7001 Note Serial port 1 is configured as 9600 8N1 by default The server connected to this serial port has to have the same configuration for its serial port To explore the Cyclades TS features either continue configuration using your brow ser use the vi editor from the console or use CLI if appropriate How to change the Password Web Method Step 1 Click on the link Web User Management gt Users Step 2 Select the user root Step 3 Click on the Change Password button Step 4 Type the new password twice Step 5 Submit the request The next page will require a new login Step 6 Type root and the new password User Guide 39 Chapter 2 Installation and Configuration Table 2 Configuration Section Link Name Description of Page Contents General Description Ethernet DNS Name Service Access Data Buffering Syslog Configuration for the syslog ng Serial Ports Configuration for the Portslave package Connect to Telnet SSH connection to Portslave See Note Box below
4. 0 0 0 cece eee eee eens 213 Trevi Editor aaea ewe rA ie ato ds ape pas uae AC 214 qheRouting Tablg erous uoo ded aoe rtr pce er dta rt ape epo ate toa RR Pues 216 Secure Shell Session 2 HH 217 THE Process Table o e cte e Rt C CR occa 221 dS Menu SCHIDU scu tec n erra eise aene or ei AGE angu Sed oes 222 Appendix B Cabling Hardware and Electrical Specifications General Hardware Specifications ene 225 Thie RS232 Standalqd sss oma oes qs deat dert est eee s oti dde Du 226 Cable Lendiss of secede m terr ene S her ec oe et pe C ONUS 228 nnpIIdop cL n 228 Straight Through vs Crossover Cables cece eens 229 Which cable should be used 1 tte 230 Cable Diagrams ore ERR ees 231 TS100 only cabling information ocea resis sisse 237 The RS485 Standard cnt sahara Re RU EIAS 237 TS100 Connectors tees 237 6 Cyclades TS Table of Contents Cable dia ame Te s ew eere epe RE eet RN UE 238 Appendix C The pslave Configuration File Rito dU CEIO T 25d het toto y eR SUR Neh a tti e aee 241 Configuration Parameters arianna i a n 241 Additional Cyclades TS Options for a CAS cee eee eee 241 TS Parameters me pei eta aad et dhs chant sted bates Pe b eyes 257 Dialin Access Parameters es 259 Appendix D Linux PAM Hatrodu ctor et ef kd e ROUGE ede aes 262 The Linux PAM Configuration File lee 264 Configuration File Syntaks eeraa a a A nnn 264 Newest Syntax u s sanananan anaran tees 267 Mo
5. 0c ee eae 291 How to connect to serial ports from the browser 0000 292 CPRUSEED ate entem eb Vut Ee ea de a ede a 297 Appendix G Certificate for HTTP Security Introduction opo Sand a ETA bees qi da Hn RH ees 298 Proced le zc sete ee eu ta de tae es srl o td 298 List of Wiz Application Parameters Basic ParametersWI2 esent Ree RE x y PER EVE Re gee wg E 301 Authentication Parameters wiz auth 0 eee ees 301 Terminal Appearance Parameters wiz tl 0 ec eee es 302 Alarm Parameter wiz al 0 cece nn 302 Data Buffering Parameters wiz db 1 cee ees 302 Sniffing Parameters wiz snf ssseseesee teens 303 Syslog Parameters wiz Sl 0 cece n 303 Terminal Server Profile Other Parameters Wiz tS0 0 0 cece cece aes 303 Access Method Parameters wiz ac lt type gt 0 0 cece eee 304 Serial Settings Parameters wiz sset lt type gt 0 eee eee 305 SOF FEE acte patct abe abe dre deoa aee 300 LIS SOL TADES acus soe ole berba dpa e tob AUS GIOSSA aos oar eara wwe Er OL ETE 8 Cyclades TS Table of Contents This page has been left intentionally blank Preface The purpose of this guide is to provide instruction for users to independently install config ure and maintain the Cyclades TS This manual should be read in the order written with exceptions given in the text Whether or not you are a UNIX user we strongly recommend that you follow the steps giv
6. Step 4 Confirm routing Also make sure that the computer is configured to route console data to its serial console port Console Redirection Step 5 Telnet the server connected to port 1 From a server on the LAN not from the console try to telnet to the server connected to the first port of the Cyclades TS using the following command 256 Cyclades TS Appendix C The pslave Configuration File telnet 200 200 200 1 7001 For both telnet and ssh sessions the servers can be reached by either 1 Ethernet IP of the Cyclades TS and assigned socket port or 2 Individual IP assigned to each port If everything is configured correctly a telnet session should open on the server connected to port 1 If not check the configuration follow the steps above again and check the troubleshooting appendix Step 6 Activate the changes Now continue on to Task 5 Activate the changes through Task 8 Reboot the Cyclades TS listed in Chapter 2 Installation and Configuration off the shelf packages Although Cyclades is not liable for those packages successful tests were done using at least one of them From the application s view point running on a Microsoft station the remote serial port works like a regular COM port All the I O with the serial device attached to the Cyclades TS is done through socket connections opened by these packages and a COM port is emulated to the application gt Note It is possible to
7. Syslog 32 Cyclades TS Chapter 2 Installation and Configuration Terminal Appearance TS Setup Wizard These are additional configuration parameters applied only to the TS profile special requirements and instructions Be sure to read Special Configuration for the Cyclades TS100 at the end of this chapter Important If you are installing and configuring the Cyclades TS100 there are This Quick Start gives you all the necessary information to quickly configure and start using the Cyclades TS as a Console Access Server CAS The complete version of this process is listed later in this chapter under The Installation and Configuration Process New Users may wish to follow the latter instruction set as this Quick Start does not contain a lot of assumed know ledge and could be confusing to the New User You can configure the Cyclades TS by any one of four methods Console Browser Telnet CLI Command Line Interface If you have a serial port that you can use as a console port use the Console method If you have access to telnet you can use this method while New Users may prefer the Browser method for its user friendliness Important Take care when changing the IP address of the Cyclades TS AN Confirm the address you are changing it to You may want to write it down User Guide 33 Chapter 2 Installation and Configuration Configuration using a Console Step 1
8. User Guide 10 Preface How to use this Guide This guide is organized into the following sections 11 Chapter 1 Introduction and Overview contains an explanation of the product and its default CAS setup It also includes safety guidelines to be followed Chapter 2 Installation and Configuration explains how the Cyclades TS should be con nected and what each cable is used for It describes the basic configuration process to get the Cyclades TS up and running for its most common uses Chapter 3 Additional Features is dedicated to users wanting to explore all available fea tures of the Cyclades TS It provides configuration instructions for syslog data buffers authentication filters DHCP NTP SNMP clustering and sniffing Appendix A New User Background Information contains information for those who are new to Linux UNIX Appendix B Cabling Hardware and Electrical Specifications has detailed information and pinout diagrams for cables used with the Cyclades TS Appendix C The pslave Configuration File contains example files for the various config urations as well as the master file Appendix D Linux PAM enables the local system administrator to choose how to authen ticate users Appendix E Customization and the Cyclades Developer Kit provides instruction for those who wish to create their own applications Appendix F Software Upgrades and Troubleshooting includes solutions and
9. Additional Features m message msgfile u user p port server 141 Required Use one and only one of m or f The text of the message to be sent Unless made up of asingle word it will have to be quoted for obvious reasons Maximum length is 160 char acters A longer message will be truncated you will be warned about it but the message will still be sent At the present time only 7bit ASCII is supported for the message text Required use one and only one of m or f The name of a text file where the message to send is to be read from This file can contain multiple lines of text they will be concatenated but its total length can t exceed 160 characters A longer text will be truncated you will be warned about it but the message will still be sent The special file means that input will be read from stdin At the present time only 7 bit ASCII is supported for the message text Optional The server module requires the user to identify her himself for logging purposes No authentication is performed on this information however If this parameter is omitted sendsms will send the UNIX username of the current user This parameter allows you to override this default behavior might be useful in the case of automated sending Optional Communication port on the target server If provided here this value will be used to connect to the server If omitted the client will query the local sys
10. Conf locallogins User Guide 303 List of Wiz Application Parameters Access Method Parameters wiz ac type CAS profile Ipno Socket port Protocol Modbus smode Users Poll interval Tx interval Idletimeout Conf group lt sN gt serverfarm TS profile Protocol Socket_port Userauto User Guide 304 List of Wiz Application Parameters Serial Settings Parameters wiz sset type CAS profile Speed Datasize Stopbits Parity Flow Dcd SttyCmd DTR reset TS profile Speed Datasize Stopbits Parity Flow Dcd User Guide 305 List of Figures 1 Console Access Server diagram 1 6 cette 17 2 CAS diagram with various authentication methods cece eee eee 18 3 The Cyclades TS3000 and cables 1 1 cece eet 19 4 TheCyclades TS2000 and cables cece nn 20 5 TheCycladesTS1000 and cables s sss 21 6 TheCyclades TS800 and cables 1 0 cic cette ees 22 7 The Cyclades TS400 and cables 23 8 TheCyclades TS100 and cables ssseeee nn 24 9 Theinitial wizard configuration screen 1 ee enn 34 10 Login page of Web Configuration Manager 000s cece eens 37 11 Configuration amp Administration Menu page cece eens 37 12 General Page vasa scue bored odio I yi ged ac eed on ud Sra atus 38 13 The initial wizard configuration screen liie 44 14 Choose afree COM port iiisussseessssesee ees 48 15 Port SeltelnQs eden d
11. Screen 6 KKKKKKKKKKKKKKKKKKKKKKK kckck kc ck ck kck ck kck ck kck ck kck ck ck ck ck ck ck ck ck ck k ck ck k ck k k kk XX CONFIGURATION WIZARD exeexx KKKKKKKKKKKKKKKKKKKKKKK kckck kc ck ck kck ck kck ck ok ck ck kck ck ck ck ck ck ck ck ck ck k ck ck k ck k kk kk You have 8 available ports on this system 119 Cyclades TS Chapter 3 Additional Features Type q to quit a valid port number 1 8 or anything lse to refresh Screen 7 KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK KKK KKK kck ck ckck ck ck ck ck ck ck ck ck ck k ck k k kk X x CONFIGURATION WIZARD eeqdqexx CK CKCk ck ckCck ck ckck ck ckck kckck ck ckck kckck ck kckck kckck kck ck kck ck kck ck ck ck ck ckck ck ck ck ck ck ck k ck ck k ck k k kk Flash refers to a type of memory that can be erased and reprogrammed in units of memory known as blocks rather than one byte at a time thus making updating to memory easier If you choose to save to flash your configurations thus far will still be in the memory of the system even after you reboot it If you don t save to flash and if you were to reboot the system all your new configurations will be lost and you will have to reconfigure the system Do you want to save your configurations to flash Y N N Tip If you did not type something greater than 0 for data buffering that means data buffering isn t ON so the wizard goes directly to Screen 3 Tip In all dont show DBmenu the
12. Serial Ports Serial Port User Groups in Serial Ports Configuration Groups Host Table Table of hosts in etc hosts Static Routes Static routes defined in etc network st_routes IP Chains Shows IP Chains entries Filter Boot Configuration of parameters used in the boot process Configuration Edit Text File Tool to read and edit a configuration file System Users Management of system users defined in etc password System Groups Management of system groups defined in etc groups Table 3 Web User Management Section Link Name Description of Page Contents Users List of users allow ed to access the Web server Groups List of possible access groups Access Limits List of access limits for specific URLs 40 Cyclades TS Chapter 2 Installation and Configuration Link Name Description of Page Contents Load Save Configuration Load Save Web user configuration in etc websum conf Table 4 Administration Section Link Name Description of Page Contents Logout Exits the Web Manager Reboot Resets the equipment Send Message Sends messages to users logged into a serial port Port Conversation Initiates a port conversation through a serial port Download Upload Image Uses an FTP server to load and save a kernel image Load Save Configuration Uses flash memory or an
13. all authhost1 200 200 200 2 93 Cyclades TS Chapter 3 Additional Features Screen 3 Ck C C CK Ck CK KKK KK KK KKK KKK KKK KKK KK KKK KKK Ck Ck Ck Ck Ck Kk Ck Ck kk Sk KK KKK KKK KK X h CONFIGURATION WIZARD x x KKEKKKKKKK C Ck CK C Ck C C C CC Ck CK Ck CC Ck CK Ck Ck Ck Ck Ck Ck Ck Kk Ck Ck kk Ck Kk E kx A KG k amp kx kx X INSTRUCTIONS You can 1 Enter the appropriate information for your system and press ENTER Enter if you want to deactivate that parameter or 2 Press ENTER if you are satisfied with the value within the brackets and want to go on to the next parameter or 3 Press ESC if you want to exit o ALL ACCTHOST1 This IP address indicates where the Radius or TacacsPlus accounting server is located The accounting Server can be used to track how long users are connected after being authorized by the authentication server all accthost1 200 200 200 3 ALL AUTHHOST2 This IP address indicates where the SECOND Radius or TacacsPlus authentication server is located all authhost2 200 200 200 2 Screen 4 Ck C C CK C Ck CC Ck CK Ck C CC Ck Ck CK Ck Ck CK Ck CC Ck CK Ck Ck Ck Ck CK Sk Ck Ck Kk Ck Ck Sk Sk Kk E kx kx A kx ko KK xoceeekeexe oc O NOE T G UR A TION WE ZA R D eee kk C Ck CK C Ck CK Ck Ck CK Ck Ck SC Ck C CK Ck Ck CK Ck CC Ck CK Ck CC Ck CK Sk Ck Ck Ck Ck Ck Sk Sk Kk Sk ke kx KG k amp kx KK INSTRUCTIONS You can 1 Ente
14. destination d maill destination d pager User Guide 136 Chapter 3 Additional Features Alarm Sendmail Sendsms and Snmptrap Alarm This feature is available only for the Console Server Application The TS sends messages using pager e mail or snmptrap if the serial port receives messages with specific string To config ure this feature Step 1 Activate alarm in Portslave configuration file Parameter all alarm 0 inactive or lt gt 0 active Step 2 Configure filters in the syslog ng configuration file filter f alarm facility local 0 conf DB_facility and level info and match ALARM and match lt your string F Example to filter the ALARM message with the string kernel panic conf DB_facility is con figured with value 1 filter f kpanic facility locall and level info and match ALARM and match kernel panic Example to filter the ALARM message with the string root login filter f root facility locall and level info and match ALARM and match root login Step 3 Configure actions in syslog ng configuration file See more details in syslog ng examples Example alarm is active and if the serial port receives the string kernel panic one message will be sent to the pager log source sysl filter f kpanic destination d pager 137 Cyclades TS Chapter 3 Additional Features To send e mail destination d mail pipe dev c
15. e g login requests username and password rlogin receives username from the system and requests a password etc all protocol rlogin ALL SOCKET PORT This defines the port s to be used by the protocols telnet and socket client For these two protocols a default value of 23 is used when no value is configured all socket port 23 Screen 3 KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK X CONFIGURATION WIZARD exeaocek KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK INSTRUCTIONS YOU can 1 Enter the appropriate information for your system and press ENTER Enter if you want to deactivate that parameter or User Guide 84 Chapter 3 Additional Features 2 Press ENTER if you are satisfied with the value within the brackets and want to go on to the next parameter or 3 Press ESC if you want to exit ALL USERAUTO Username used when connected to a Unix server from the user s serial terminal all userauto Screen 4 KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK KKK KKK KKK X CONFIGURATION WIZARD e Oexx Ck Ck Ck C C CK Ck Ck C Ck CK Ck Ck K KKK KKK KKK KKK KKK KKK KKKKKKKKKKKKKKKKKKKKKKKK Your current configuration parameters are The ones with the means it s not activated all protocol rlogin all socket port 23 all userauto Are these configuration s all correct Y es o
16. on page 257 The Dialin configuration settings are in Table 32 Dial in configuration Parameters on page 259 socket server User Guide 243 Appendix C The pslave Configuration File Table 29 Parameters Common to CAS TS amp Dial in Access Value for this Parameter Description Example all break sequence This parameter isthe string that is used to send a break break to the TTY It is only valid if TTY protocol is socket_ssh s1 tty The device name for the port is set to the value ttyS1 given in this parameter If a device name is not provided for a port it will not function In addition to the above parameters which are common to all local and remote access scenar ios you can also configure the following parameters for additional options Many of the parameters are unique to CAS but some also apply to TS and Dial in port profiles This is indi cated in these instances 244 Cyclades TS Appendix C The pslave Configuration File Parameter conf nfs data buffering Table 30 Mostly CAS specific Parameters Description Remote Network File System where data captured from the serial port will be written instead of the default directory var run DB The directory tree to which the file will be written must be NFS mounted If data buffering is turned on for port 1 for example the data will be stored in the file ttyS1 data or lt serverfarm1 gt data if sl serverf
17. rated by commas r lt name gt Reply To Optional Use the Reply To field to make sure the destination user can send a reply to a regular mailbox lt name gt From Required s ext Subject Required m text body The message body h lt SMIP server Required IP address or name of the SMTP server p lt SMIP port Optional The port number used in the connection with the server Default 25 lt name gt Any email address lt text gt A text field As this kind of field can contain blank spaces please use the quotation marks to enclose the text For example to send e mail to Z none com SMTP s IP address 10 0 0 2 from the e mail address a none com with subject sendmail test sendmail t z none com f a none com s sendmail test m Send mail test n Is it OK h 10 0 0 2 Sendsms The sendsms is the Linux command line client for the SMSLink project It accepts command line parameters that define the message to be sent and transmits them to the SMS server pro cess running on the designated server The sendsms was developed specifically for easy call ing from shell scripts or similar situations 139 Cyclades TS Chapter 3 Additional Features Synopsis sendsms r g v d dest m message or f msgfile u user p port server where T Reporting Additional info will be included in the message printed on stderr namely the device name used by t
18. vi Method This is done exactly as for CAS 123 Cyclades TS Chapter 3 Additional Features This feature is only available for firmware versions 1 2 x and above The Cyclades TS uses the Linux utility ipchains to filter IP packets entering leaving and passing through its interfaces An iptables tutorial is beyond the scope of this manual For more information on iptables see the iptables man page not included with the Cyclades TS or the how to http w w w netfilter filew atcher org ipchains HOWTO html Parameters Involved and Passed Values The syntax of the ipchains command is ipchains command chain s source d destination p protocol j target i interface where command is one of the following A Add a condition or rule to the end of the chain Note that the order in which a condition appears in a chain can modify its application and the first rule added to a chain is processed first etc D Delete a condition from the chain The condition must match exactly with the command s arguments to be deleted R Replace a condition in the chain I Insert a condition in a specified location in the chain L List all conditions in the chain F Flush remove all conditions in the chain N Create a new chain X Deletes a user created chain User Guide 124 Chapter 3 Additional Features P Policy applied for default handling Chain is one of the following input Filters incoming packets output fi
19. 3 3 7 4 2 20 Figure 44 RJ45 Female to DB 25 Female Adapter RJ 45 Female to DB 9 Male Adapter The following adapter may be necessary User Guide DB9F 8 RJ45 RTS 1 DTR 2 e TXD 3 GND 4 CTS 5 RxD 6 DCD 7 f j DSR 8 1 6 2 5 7 3 CTS DCD BSE RxD GND RTS TxD 4 DTR Figure 45 RJ45 Female to DB 9 Male Adapter CTS DSR beb RxD GND RTS TxD DTR 235 Appendix B Cabling Hardware amp Electrical Rj 45 Female to DB 9 Female Adapter The following adapter may be necessary RJ45 DB9F RTS 1 8 CTS DTR 2 1 DCD i _ BSK TXD 3 2 RxD GND 4 5 GND CTS 5 7 RTS RxD 6 3 TxD DCD 7 DSR 8 4 DTR Figure 46 RJ45 Female to DB 9 Female Adapter DB 25 Male to DB 9 Female Adapter The following adapter may be necessary DB 25 DB 9 2 3 3 2 4 7 5 8 6 6 7 5 8 1 20 4 22 9 Figure 47 DB 25 Male to DB 9 Female Adapter 236 Cyclades TS Appendix B Cabling Hardware amp Electrical TS100 only cabling information The RS 485 Standard The RS485 is another standard for serial communication and is available only in the Cyclades TS100 Different from the RS 232 the RS485 uses fewer wires either two wires one twisted pair for half duplex communication or four wires two twisted pairs for full duplex commu nication Another RS
20. Automatic User Step 4 Click the Submit button At this point the configuration file is written in the RAMdisk Step 5 Make changes effective Go to the link Administration gt Restart Processes and restart the cy_ras process Step 6 Save it in the flash Go to the link Administration gt Load Save Configuration and click the Save Configuration in flash button Wizard Method Step 1 Bring up the wizard At the command prompt type the following to bring up the Access Method custom wizard wiz ac ts Screen 1 will appear Screen 1 KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK KKK KKK KKK X CONFIGURATION WIZARD eeqkdeex KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK Set to defaults y n N 83 Cyclades TS Chapter 3 Additional Features Screen 2 KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK X CONFIGURATION WIZARD eeeqeex KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK INSTRUCTIONS You can 1 Enter the appropriate information for your system and press ENTER Enter if you want to deactivate that parameter or 2 Press ENTER if you are satisfied with the value within the brackets and want to go on to the next parameter or 3 Press ESC if you want to exit ALL PROTOCOL Users can access the servers through the serial port using ssh ssh2 telnet login rlogin or Socket client
21. Example to listen to messages from one client IP address 10 0 0 1 on UDP port 999 source s udp 10 udp ip 10 0 0 1 port 999 Task 3 Define filters To define filters use this statement filter identifier expression where identifier Has to uniquely identify this given filter expresion Boolean expression using internal functions which has to evaluate to true for the message to pass User Guide 193 Chapter 3 Additional Features The following internal functions are available a facility lt facility Selects messages based on their facility code code gt b level lt level code or Selects messages based on their priority priority level code gt C program lt string gt Tries to match the string to the program name field of the log message d host lt string gt Tries to match the string to the hostname field of the log message e match lt string gt Tries to match the string to the message itself Some Examples of Defining Filters 1 To filter by facility filter f facilty facility facility name gt Examples filter f daemon facility daemon filter f kern facility kern filter f debug not facility auth authpriv 2 To filter by level filter f level level level name Examples filter f messages level info warn filter f emergency level emerg filter f alert level alert
22. KKKKKKKKKKKKKKKKKKKKKKKKKKKKK kck ck kck ck kck ck kck ck ckck ck ck ck ck ck ck k ck ck k ck k k kk X CONFIGURATION WIZARD eex kx CK CKCk kk Ck ck ck ck ck ckck ck ckck kckck ckckck ck ck ckck kck ck kck ck kck ck kck ck kck ck ck ck ck ck ck ck ck ck k ck ck k ck k kk kk You have 8 available ports on this system Type q to quit a valid port number 1 8 or anything lse to refresh Note The number of available ports depends on the system you are on Typing in a valid port number repeats this program except this time it s configuring for the port number you have chosen Typing q leads to Screen 8 Screen 8 KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK kckck kck ck kck ck ckck ck ck ck ck ck ck k ck ck k ck k kk kk X CONFIGURATION WIZARD exk skxx CK CKCk kk Ck ck kck ck ckck ck ckck kk ck ckckck ck kckck kck ck kck ck KKK kck ck kck ck ck ck ck ckck ck ck ck k ck ck k ck k kk kk Flash refers to a type of memory that can be erased and reprogrammed in units of memory known as blocks rather than one byte at a time thus making updating to memory easier If you choose to save to flash your configurations thus far will still be in the memory of the system even after you reboot it If you don t save to flash and if you were to reboot the system all your new configurations will be lost and you will have to reconfigure the system Do you want to save your configurations to flash Y N N
23. Mask BISE oec t peer E Mf Ne Le p Me URS annette faites ate 31 The WIZatd unt ete Re xe te e EC oto hte taf 32 endorse 33 Configuration using a Console 0 eects 34 Configuration using a Web browser sssaaa aaaea 36 Configuration using Telnet llle 42 The Installation and Configuration Process isses eee eese 45 Task 1 Connect the Cyclades TS to the Network and other Devices 45 Task 2 Configure the COM Port Connection and Login 48 User Guide Table of Contents Task 3 Modify the System Files 0 cece eee eee 50 Task 4 Edit the pslave conf file sese 53 Task 5 Activate the changeS 0 cece ete 56 Task 6 Test the configuration ccc eee eens 56 Task 7 Save the changes aaa 57 Task 8 Reboot the Cyclades TS cece cee eee ees 57 Special Configuration for the Cyclades TS100 cece eee 58 TS100 specific background information 0 0 cece eee eee 58 Configuring the Cyclades TS100 for the first time lisse 58 Chapter 3 Additional Features I itrod ctlonicus vau ne dre Ede eere REA Ge oe es ERU 60 Configuration Wizard Basic Wizard 00 0 cece een 61 Using the Wizard through your BrowSer 0 0 scene eee eee 65 Access Methodo irer oraes ieman tet hers aa a Cab PH dee tea de 66 Parameters Involved and Passed Values 0 0 eee ee areas 67 Configuration for CAS lisse 68 Conflg ratlondOF WSs esses e RS doque we ert EP AER
24. Never kill cy ras with the signals 9 or SIGKILL 221 Cyclades TS Appendix A New User Background Information TS Menu Script Thets menu script can be used to avoid typing long telnet or ssh commands It presents a short menu with the names of the servers connected to the serial ports of the Cyclades TS The server is selected by its corresponding number ts menu must be executed from a local session via console telnet ssh dumb terminal connected to a serial port etc Only ports configured for console access protocols socket server or socket ssh will be presented To start having familiarity with this application run ts menu h gt ts menu h USAGE ts menu options p Display Ethernet Ip and Tcp port i Display local Ip assigned to the serial port u name Username to be used in ssh telnet command U Allows choosing of different usernames for different ports h print this help message ts menu Master and Slaves Console Server Connection Menu 1 TSJen800 2 edson r4 Cyclades com 3 az84 Cyclades com 4 64 186 190 85 5 az85 Cyclades com Type q to quit a valid option 1 5 or anything else to refresh User Guide 222 Appendix A New User Background Information By selecting 1 in this example the user will access the local serial ports on that Cyclades TS If the user selects 2 through 5 remote serial ports will be accessed This is used when there is clustering one Cycl
25. Table 30 Mostly CAS specific Parameters Value for this Parameter Description Example all ipno This is the default IP address of the Cyclades T S s 192 168 1 10 CAS and Dial in serial ports The indicates that the first port 1 configuration should be addressed as 192 168 1 101 and the following ports should have consecutive values Any host can access a port using its IP address as long as a path to the address exists in the host s routing table all poll interval Valid only for protocols socket server and raw data 0 When not set to zero this parameter sets the wait for a TCP connection keep alive timer If no traffic passes through the Cyclades TS for this period of time the Cyclades TS will send a line status message to the remote device to see if the connection is still up If not configured 1000 ms is assumed the unit for this parameter is ms If set to zero line status messages will not be sent to the socket client User Guide 247 Appendix C The pslave Configuration File Table 30 Mostly CAS specific Parameters ix Value for this Parameter Description Example all socket port In the CAS profile this defines an alternative labeling 7001 CAS and TS system for the Cyclades TS ports The after the numerical value causes the serial interfaces to be numbered consecutively In this example serial interface 1 is assigned the port value 7001 serial interface 2 is assigned the po
26. Webopedia Break Signal A break signal is generated in an RS 232 serial line by keeping the line in zero for longer than a character time Breaks at a serial console port are interpreted by Sun servers as a signal to suspend operation and switch to monitor mode Console Access Server CAS A CAS has an Ethernet LAN connection and many RS 232 serial ports It connects to the con sole ports of servers and networking equipment and allows convenient and secure access from asingle location Console Port Most of the equipment in a data center servers routers switches UPS PBX etc has a serial console port for out of band management purposes Cluster A cluster is a group of one or more computers working as a group to execute a certain task From the user standpoint a cluster acts as a large computer system Flash Flash refers to atype of memory that can be erased and reprogrammed in units of memory known as blocks rather than one byte at a time thus making updating to memory easier In band network management In a computer network when the management data is accessed using the same network that carries the data this is called in band management User Guide 311 Glossary IP packet filtering This is a set of facilities in network equipment that allows the filtering of data packets based on source destination addresses protocol TCP port number and other parameters Packet fil tering is one of the main functi
27. pslave conf file 241 R Radius authentication 153 RJ 45 19 Routing Table 216 RS232 Standard 226 RS485 Standard 237 S Secure Shell Session 217 Sendmail 137 Sendsms 137 User Guide serial ports 19 SNMP 182 Snmptrap 137 Sun Netra Crossover cable 19 Syslog n 190 System Requirements 29 T Telnet 40 Terminal Appearance 204 Time Zone 209 TS100 Connectors 237 U Upgrades 281 Using 65 Using the Wizard through your Browser 65 W Wizard 32 316
28. ssh t username TS ip or Serial port ip or ssh t lt username alias gt lt TS ip Configuring sshd s client authentication using SSH Protocol version 2 Only Passw dAuthentication yes in sshd config DSA Authentication is the default Make sure the parameter PubkeyAuthentication is enabled Client DSA identity created by ssh keygen d and its public part ssh id_dsa pub cop ied into the TS s ssh authorized_keys2 file User Guide 220 Appendix A New User Background Information e Password Authentication is performed if DSA key is not known to the TS Client start up command ssh 2 t TS ip or Serial_port_ip gt Note All files or ssh must be owned by the user and readable only by others All files created or updated must have their full path and file name inside the file config_files and the command saveconf must be executed before rebooting the TS The Process Table The process table shows which processes are running Type ps a to see a table similar to that below Table 17 Process table PID UID State Command 1 root S sbin inetd 31 root S sbin sshd 32 root S sbin cy ras 36 root S sbin cy wdt led w dt led 154 root R ps a To restart the cy_ras process use its process ID or execute the command signal ras hup This executes the ps command searches for the cy ras process id then sends the signal hup to the process all in one step
29. that serial port is established The tty is programmed to work as a CAS profile and this user specific configuration is applied over that serial port Parameters must be separated by space e g all sttyCmd igncr onlcr opost icrnl igncr tells the terminal not to ignore the carriage return on input onlcr means do not map newline character to a carriage return newline character sequence on output opost represents post process output icrnl means do not map carriage return to a newline character on input all sttyCmd Screen 6 KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK CONFIGURATIONWIZAR D eeeeeeee KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK Your current configuration parameters are The ones with the means it s not activated l speed 9600 l datasize 8 l stopbits 1 l parity none l flow none l dcd 0 l DTR reset 100 l sttyCmd 4 9omomomonmoosnsgostmv Are these configuration s all correct Y es or N o N If you type N Type c to go back and CORRECT these parameters or q to QUIT Typing c repeats the application typing q exits the entire wiz application User Guide 166 Chapter 3 Additional Features If you type Y Type c to CONTINUE to set these parameters for Specific ports or q to QUIT Typing c leads to Screen 7 typing q leads to Screen 8 Screen 7
30. 1 Bring up the wizard At the command prompt type the following to bring up the CAS Terminal Settings custom wizard wiz sset cas Screen 1 will appear User Guide 162 Chapter 3 Additional Features Screen 1 KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK X CONFIGURATION WIZARD eexdex x KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK Set to defaults y n N Screen 2 KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK X x CONFIGURATION WIZARD ekqex x KKEKKKKKKKKKKKKKKKKKK CC Ck CK Ck CC Ck CK Ck Ck Ck Ck Ck Ck Ck Kk Ck Ck kk Sk Kk Sk kx kx A kx kx o INSTRUCTIONS You can 1 Enter the appropriate information for your system and press ENTER Enter if you want to deactivate that parameter or 2 Press ENTER if you are satisfied with the value within the brackets and want to go on to the next parameter or 3 Press ESC if you want to exit ALL SPEED The data speed in bits per second bps of all ports all speed 9600 ALL DATASIZE The data size in bits per character of all ports all datasize 8 163 Cyclades TS Chapter 3 Additional Features Screen 3 KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK X x CONFIGURATION WIZARD eeeeex KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK INSTRUCTIONS You
31. 7065 is being used in the last example to access port 7301 in Slave 2 Ssh can also be used from the remote management workstation ssh 1 lt username gt Server_on_slave2_serial_s3 209 81 55 110 to access the third port of Slave 2 or ssh l lt username gt 7069 209 81 55 110 to access the fifth port of Slave 2 Centralized Management The Include File The Cyclades TS allows centralized management through the use of a master pslave conf file Administrators should consider this approach to configure multiple Cyclades TS Using this feature each unit has a simplified pslave conf file where a master include file is cited This common configuration file contains information for all units properly divided in separate sec tions and would be stored on one central server This file in our example shown in Figure 24 Example of Centralized Management is etc portslave TScommon conf It must be down loaded to each Cyclades TS 103 Cyclades TS Chapter 3 Additional Features Cyclades TS Cyclades TS Unit 3 Unit 2 IP address Cyclades TS IP address 10 0 0 3 8 Unit 1 10 0 0 2 8 IP address 10 0 0 1 8 Server where master configuration file is stored letc portslave TScommon conf Figure 24 Example of Centralized Management The abbreviated pslave conf and etc hostname files in each unit for the example are For the etc hostname file in unit 1 uniti For the plsave conf file in unit 1 conf eth i
32. 80 Configuration for Dial in Access 0 a 87 AuthientleatlOh ase Ao paa eee PERRO REEL d eb es 90 Parameters Involved and Passed Values sssssiesieessss 90 Configuration for CAS cei cao fared ein beatae da ex e es 92 Configuration for TS eie ae eataa n eaaa ae eiie eine aA 98 Configuration for Dial in Access 0 eee es 98 Cl sterIng euo eT CREE estet ede Pd 99 Parameters Involved and Passed Values issisiiisieesess 100 Centralized Management The Include File 0c eee eee 103 CRON Dir Stites Bee Eee Be Matt PRLMIS 107 Parameters Involved and Passed Values 00 0 a 107 Contiguration TOP CAS sx hance see x Medea bag e MAR 107 Conflguratlon fOr TS cura etre atero recte EA a prec eed 109 Configuration for Dial in Access 0 eee eee 110 Data Bufferlng e ev re Cy ea e E ete a te T SCR ed 110 I itFOd QCtlO Diss sotto et ws est e PRU DUE asl Ge AS 110 Linear vs Circular Buffering 0 0 cece eee eee ees 111 Parameters Involved and Passed Values 0 cece eee aeeaes 111 Configuration for CAS 113 DE GP D PEE 121 Parameter Involved and Passed Values 00 cece eise 121 4 Cyclades TS Table of Contents Configuration for CAS lisse 123 Configuration Tor Toara erret etre repr sie Vrae E eee 123 Configuration for Dial in Access lies 123 cfe ccr m 124 Parameters Involved and Passed Values 00 000 cece a 124 Configuration for CAS isses n 127 C
33. DB mode all syslog_ buffering User Guide Remote Network File System where data captured from the serial port will be written instead of being written to the default directory var run DB The directory tree to which the file will be written must be NFS mounted If data buffering is turned on for port 1 for example the data will be stored in the file ttyS1 data or lt serverfarm1 gt data if sl serverfarm was configured in the directory indicated by this variable The remote host must have NFS installed and the administrator must create export and allow reading writing to this directory The size of this file is not limited by the value of the parameter sl data buffering though the value cannot be zero since a zero value turns off data buffering The size of the file is dependent on the NFS server only hard drive partition size etc Valid only when there is NO session telnet ssh raw estab lished to the serial port when a session is established to the serial port the data is always kept in a circular file When configured as cir for circular format the buffer is like a revolving file that is overwritten whenever the limit of the buffer size as configured in all data buffering or s n data buffering is reached When configured as lin for linear format once 4k bytes of the Rx buffer in the ker nel is reached a flow control stop RTS off or XOFF depending on how all flow or s lt n gt flow is set is issued to prev
34. Features Step 3 Step 4 Step 5 Step 6 Step 7 Create save and download the common configuration Create and save the common configuration file on the server then download it probably using scp to each unit Make sure to put it in the directory set in the pslave conf file etc portslave in the example Execute the command signal ras hup on each unit again Test each unit If everything works add the line etc portslave TScommon conf to the etc config files file Save the file and close it Execute the saveconf command Note The included file etc portslave TScommon conf cannot contain another include file i e the parameter conf include must not be defined Also max ports of TS N is done same way as Serial port Browser Method To configure Clustering with your brow ser Step 1 Step 2 Step 3 Point your browser to the TS In the address field of your browser type 192 168 1060 10 Log in Log in asroot pwd istslinux This will take you to the Configuration and Administration page Select the Serial Ports link Click on the Serial Ports link on the Link Panel to the left of the page or in the Configuration section of the page This will take you to the Port Selection page User Guide 106 Chapter 3 Additional Features Step 4 Select port s On the Port Selection page choose all ports or an individual port to configure from the dropdown menu Click the Sub
35. Framework 4 Private UCD SNMP mib extensions enterprises 2021 Information about memory utilization proc meminfo Information about system status vmstat Information about net snmp packet 5 Private Cyclades Vendor MIB enterprises 2925 Cyclades ACSxx Remote Management Object Tree cyclades 4 This MIB permits you to get informations about the product to read w rite some configuration items and to do some administration commands For more details see the cyclades mib file Configuration for CAS vi Method Files to be changed etc snmp snmpd conf This file has information about configuring for SNMP Browser Method To configure SNMP with your browser Step 1 Point your browser to the TS In the address field of your browser type 192 168 160 10 Step 2 Log in Log in as root pwd is tslinux This will take you to the Configuration and Administration page 183 Cyclades TS Chapter 3 Additional Features Step 3 Click on the Edit Text File link Click on this link on the Link Panel or on the Configuration section of the Configuration and Administration page See Figure 18 Configuration and Administration page You can then pull up the appropriate file and edit it Configuration for TS vi Method Same as for CAS Configuration for Dial in Access vi Method Same as for CAS Syslog The syslog ng daemon provides a modern treatment to system messages Its basic function is to read and
36. Settings involve the following parameters the first four are physical parameters all speed The speed for all ports Example value 9600 all datasize The data size for all ports Example value 8 all stopbits The number of stop bits for all ports Example value 1 all parity The parity for all ports Example value none User Guide 160 Chapter 3 Additional Features all flow This sets the flow control to hardware software or none Example value hard all dcd DCD signal sets the tty parameter CLO CAL Valid values are 0 or 1 In a socket session if all dcd 0 a connection request telnet or ssh will be accepted regardless of the DCD signal and the connection will not be closed if the DCD signal is set to DOWN In a socket connection if all dcd 1 a connection request will be accepted only if the DCD signal is UP and the connection telnet or ssh will be closed if the DCD signal is set to DOWN Example value 0 all sttycmd for CASonly Tty settings after a socket connection to that serial port is established The tty is programmed to work as a CAS configuration and this user specific configuration is applied over that serial port Parameters must be separated by a space The following example sets igncr which tells the terminal not to ignore the carriage return on input onlcr do not map newline character to a carriage return new line character sequence on output opost post process output icrni do not map carriage ret
37. The cb proxyarp modem asyncmap script parameter defines the file 000A0000 used for callback and enables noipx noccp login auth require pap negotiation with the callback refusechap server Callback is available in mtu 9 amp mru t combination with Radius Server cb script etc portslave cb script authentication When a plugin usr lib libpsr so registered user calls the TS it will disconnect the user then call the user back The following three parameters must be configured in the Radius Server attribute Service type 6 Callback Framed attribute Framed Protocol 7 PPP attribute Callback Number 19 the dial number example 50903300 all pppopt all pppopt PPP options when 96 96 novj user has already been proxyarp modem asyncmap authenticated 000A0000 noipx noccp mtu t mru t netmask m Y idle l maxconnect T plugin usr lib libpsr so all protocol For the Dial in configuration the ppp available protocols are PPP SLIP and CSLIP 32 tty See the s1 tty entry in the CAS ttyS32 section User Guide 260 Appendix C The pslave Configuration File This page has been left intentionally blank Appendix D Linux PAM Linux PAM Pluggable Authentication Modules for Linux is a suite of shared libraries that enable the local system administrator to choose how applications authenticate users In other words without rewriting and recompiling a PAM aware application it is possible to switch between the authentication mec
38. The new configuration will be valid The Cyclades TS is now configured as a CAS with its new IP address with no authenti cation and accepting telnet to the serial ports You can telnet the CAS IP serial port 1 with the following command telnet IP you assigned 7001 44 Cyclades TS Chapter 2 Installation and Configuration Note Serial port 1 is configured as 9600 8N1 by default The server connected to this serial port has to have the same configuration for its serial port After you confirm the basic parameters you will be presented with the shell prompt From there either select to continue configuration using the vi editor or continue using a browser For additional configuration see Chapter 3 Additional Features in this guide The Installation and Configuration Process Task 1 Connect the Cyclades TS to the Network and other Devices Power Users Connect a PC or terminal to the Cyclades TS using the console cable If using a PC HyperTer minal can be used in the Windows operating system and Kermit or Minicom in the UNIX operating system When the Cyclades TS boots properly alogin banner will appear Log in as root default passw ord is tslinux A new password should be created as soon as possible The terminal parameters should be set as follows Serial Speed 9600 bps e Data Length 8 bits e Parity None e Stop Bits 1 stop bit Flow Control none ANSI emulation You may now skip to
39. Which cable to use To Connect To DCE DB 25 Female standard Analog Modems ISDN Terminal Adapters Use Cable Cable 1 RJ 45 to DB 25 M straight through Custom This custom cable can be ordered from Cyclades or other cable vendors A sample is included with the product straight through DTE RJ 45 Cyclades custom All Cyclades Console Ports Cable 2 RJ 45 to RJ 45 crossover custom A sample is included with the product straightthrough This custom cable can be ordered from Cyclades or other cable vendors using the provided wiring diagram DTE DB 25 to DB 9 Cyclades custom For the Cyclades TS100 Cable 3 DB 9 Female to DB 25 Female crossover This connects the Cyclades T S100 serial port to terminals printers and other DTE RS 232 devices 230 Cyclades TS Appendix B Cabling Hardware amp Electrical Before using the following cable diagrams refer to the tables above to select the correct cable for your application Sometimes crossover cables are wired slightly differently depending on the application A complete crossover cable would connect the TxD with RxD DTR with DCD DSR and RTS with CTS across both sides A simplified crossover cable would cross TxD and RxD and locally short circuit DTR with DCD DSR and RTS with CTS Most of the diagrams in this document show the complete version of the crossover cables with support for modem control signals and har
40. access the serial ports from Microsoft stations using some TS Parameters The following parameters are unique to aTS setup except where indicated Table 31 TS Parameters ar Value for this Parameter Description Example conf telnet Location of the telnet utility bin telnet conf ssh Location of the ssh utility bin ssh User Guide 257 Appendix C The pslave Configuration File Parameter conf locallogins Table 31 TS Parameters Description This parameter is only necessary when authentica tion is being performed for a port When set to one it is possible to log in to the Cyclades TS directly by placing a before your login name then using your normal password This is useful if the Radius authentication server is down Value for this Example all host The IP address of the host to which the terminals 200 200 200 3 will connect all term This parameter defines the terminal type assumed vt100 when performing rlogin or telnet to other hosts all userauto Username used when connected to a UNIX server from the user s serial terminal all dcd See description in CAS section CAS and TS all protocol for For the terminal server configuration the possible rlogin TS protocols are login which requests username and password rlogin receives username from the TS and requests a passw ord telnet ssh ssh2 or socket client See all socket port definition to see when all
41. administrator with a great deal of flexibility in configuring the privilege granting applications of their system The local configuration of those aspects of system security controlled by Linux PAM is contained in one of two places either the single system file etc pam conf or the etc pam d directory In this section we dis cuss the correct syntax of and generic options respected by entries to these files Configuration File Syntax The reader should note that the Linux PAM specific tokens in this file are case insensitive The module paths how ever are case sensitive since they indicate a file s name and reflect the case dependence of typical Linux file systems The case sensitivity of the arguments to any given module is defined for each module in turn In addition to the lines described below there are two special characters provided for the convenience of the system administrator comments are preceded by a and extend to the next end of line Module specification lines may be extended with a V escaped new line A general configuration line of the etc pam conf file has the following form Service name module type control flag module path arguments The meaning of each of these tokens is explained below The second and more recently adopted way of configuring Linux PAM is viathe contents of the etc pam d directory After the meaning of the above tokens is explained the method will be described Servicename The name of the s
42. all poll interval 1000 ALL TX INTERVAL Valid for protocols socket server and raw data This parameter defines the delay in milli seconds before transmission to the Ethernet of data received through a serial port If not configured 100ms is assumed If set to 0 or a value above 1000 no buffering will take place all tx interval 100 Screen 5 KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK KKK ko ko ko k oko X CONFIGURATION WIZARD eeqkeex KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK INSTRUCTIONS You can 1 Enter the appropriate information for your system and press ENTER Enter if you want to deactivate that parameter or 2 Press ENTER if you are satisfied with the value within the brackets and want to go on to the next parameter or 3 Press ESC if you want to exit ALL IDLETIMEOUT This parameter specifies how long in minutes a connection can remain inactive before it is cut off If set to 0 the default the connection will not time out all idletimeout 0 CONF GROUP Used to combine users into a group This simplifies the parameter all users You can define more than one group e g groupName userl user2 User Guide 76 Chapter 3 Additional Features conf group sales john jane Would you like to create another group y n N Screen 6 KKKKKKKKKKKKKKKKKKKKKKKKKKKKK
43. auth required pam unix so auth optional pam group so account requisite pam time so account required pam unix so password required pam unix so md5 use authtok Session required pam unix so Session required pam limits so The PAM configuration file for the passwd service passwd password required pam unix so md5 User Guide 276 Appendix D Linux PAM The samba samba The PAM configuration file for the samba service auth required pam unix so account required pam unix so PAM configuration file for the su service su auth required pam wheel so su auth sufficient pam rootok so su auth required pam unix so Su account required pam unix so su session required pam unix so Information for the PPPD process with the pep auth required pam_nologin so pep auth required pam_unix so pep account required pam_unix so pep session required pam_unix so The other other 277 login PAM configuration file for the other servic auth required pam_warn so auth required pam_deny so option Cyclades TS Appendix D Linux PAM other account required pam deny so other password required pam warn so other password required pam deny so other session required pam deny so Reference The Linux PAM System Administrators Guide Copyright c Andrew G Morgan 1996 9 All rights reserved Email morgan linu
44. browser Step 1 Point your browser to the TS In the address field of your browser type 192 168 160 10 Step 2 Log in Log in as root pwd is tslinux This will take you to the Configuration and Administration page Favoiles Tools Help Search attempting to connect to Yahoo Cyclades TS Web Management Service DES Ser i al pr Configuration General Configuration Syslog Pee inan Ports Serial Ports This section contains the configuration tools inks SE Pon Oruna General Unit description Ethernet DNS Name Service Access Data Buffering L lost Table Static Routes Syslog Configuration for the syslog ng IP Chains Serial Ports Configuration of Portslave package Boot Configuration Edit Text File Serial Port Groups Configuration of User Groups for Serial Ports System Users Host Table Table of hosts in Jeteshosts ieee aber Static Routes Static Routes defined in etcinetworkist routes Administration Logout IP Chains Static Filter Chains in fetcinetworkiipchains atap Boot Configuration Configuration of parameters used in the boot process Send Message L k Port Conor setion Edit Tex File Tool to edit any configuration file In Download Upload System Users Management of system users defined in etcipasswa Image Pa n el Load Save System Groups Management of system groups defined in etcig
45. configure the protocol lt string gt is the type of protocol desired configure line lt serial port number gt protocol lt string gt To configure the poll_interval configure line lt serial port number gt interval lt number gt To configure the socket_port configure line lt serial port number gt socket lt number gt Tip You can configure all the parameters for a serial port in one line configure line serial port number tty lt string gt protocol string interval number socket number Step 3 79 To exit the CLI Type exit or quit after the CLI prompt Cyclades TS Chapter 3 Additional Features Step 4 To activate your new configurations type signal_ras hup Configuration for TS Parameters and Passed Values For TS configuration you will need to configure the following parameters all host all protocol all socket_port all userauto unique to TS User Guide The IP address of the host to which the terminals will connect Example value 200 200 200 3 For the terminal server configuration the possible protocols are login which requests username and password rlogin receives username from the TS and requests a password telnet ssh ssh2 or socket client See all socket port definition to see when all protocol should be configured as socket client Example value rlogin The socket port is the TCP port number of the application that will accept connec
46. diagram Figure 2 CAS diagram with various authentication methods shows additional scenarios for the Cyclades T S both remote and local authentication data buffering and remote access 1 Remote Data Buffering Tocil Cyclades TS Authentication Access Methods Telnet ssh custom application Router DS L a Figure 2 CAS diagram with various authentication methods User Guide 18 Introduction and Overview What s in the box There are several models of the Cyclades TS with differing numbers of serial ports The fol lowing figures show the main units and accessories included in each package The RJ 45 straight through cable is the main cable that you will use After configuration it can be used with the same adapter to connect to the server Four adapters are included two RJ 45 to DB 9 male and female and two RJ 45 to DB 25 male and female Select the adapter appropriate to your COM port A power cable a modem cable manual and mounting kit are also included in the box The Sun Netra Crossover cable is included with the TS3000 TS2000 TS1000 TS800 and TS400 The loop back connector is provided for convenience in case hardware tests are necessary Back View On Off Switch T IE Loop back Connector Mounting Kit i IW el i RJ 45 to DB 9 M amp Fadapter
47. first take the following precautions Turn the Cyclades TS off Ground yourself by touching an unpainted metal surface on the back of the equipment before touching anything inside it Replacing the Battery A coin cell battery maintains date and time information The TS100 does not have the battery so the date and time must be kept up to date by ntpclient If you have to repeatedly reset time and date information after turning on your Cyclades TS replace the battery User Guide 26 Introduction and Overview DANGER A new battery can explode if it is incorrectly installed Replace the 3 M 7 Volt CR2032 battery only with the same or equivalent type recommended by A the battery manufacturer Discard used batteries according to the battery man ufacturer s instructions FCC Warning Statement The Cyclades TS has been tested and found to comply with the limits for Class A digital devices pursuant to Part 15 of the FCC rules These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the Installation amp Service Manual may cause harm ful interference to radio communications Operation of this equipment in a residential area is likely to cause harmful interference in which case the user is required to correct th
48. following line active root etc tst cron src and the etc tst cron src file contains the following line 0 59 Vete test cron sh CronD will execute the script listed in test cron sh with root privileges each minute Example files are in the etc directory Step 3 Update the system The next step is to update the system with the modified data in the files above Make sure the file named etc config files contains the names of all files that should be saved to flash User Guide 108 Chapter 3 Additional Features Step 4 Run saveconf The command saveconf which reads the etc config files file should then be run saveconf copies all the files listed in the file etc config files from the ramdisk to proc flash script Step 5 Reboot the Cyclades TS Browser Method To configure CronD with your browser Step 1 Point your browser to the TS In the address field of your browser type 192 168 160 10 Step 2 Log in Log in as root pwd is tslinux This will take you to the Configuration and Administration page Step 3 Click on the Edit Text File link Click on this link on the Link Panel or on the Configuration section of the Configuration and Administration page See Figure 18 Configuration and Administration page You can then pull up the appropriate file and edit it Edit Text File File Name Submit Figure 25 Edit Text File page Configuration for TS vi Method This is done ex
49. given message params Each destination driver may take parameters Some of them required some of them are optional The following destination drivers are available a file filename options This is one of the most important destination drivers in syslog ng It allows you to output log messages to the named file The destination filename may include macros by prefixing the macro name with a sign which gets expanded when the message is written Since the state of each created file must be tracked by syslog ng it consumes some memory for each file If no new messages are written to a file within 60 seconds controlled by the time reap global option it s closed and its state is freed Available macros in filename expansion HOST The name of the source host where the message originated from FACILITY The name of the facility the message is tagged as coming from PRIORITY or LEVEL The priority of the message PROGRAM The name of the program the message was sent by YEAR MONTH DAY HOUR MIN SEC The year month day hour min sec of the mes sage was sent TAG Equals FACILITY LEVEL FULLHOST The name of the source host and the source driver lt source driver gt lt hostname gt MSG or MESSAGE The message received FULLDATE The date of the message was sent Available options log fifo size number The number of entries in the output file sync freq number The file is synced when this number of mes
50. gt e file Opens the file named lt file gt The Routing Table The Cyclades TS has a static routing table that can be seen using the commands route or netstat rn The file etc network st routes is the Cyclades TS s method for configuring static routes Routes should be added to the file which is a script run when the Cyclades TS is initialized or at the prompt for temporary routes using the following syntax route add del net host target netmask nt msk gw gt way interf add del One of these tags must be present Routes can be either added or deleted net host Net is for routes to a network and host is for routes to a single host target Target is the IP address of the destination host or network User Guide 216 Appendix A New User Background Information netmask The tag netmask and nt mask are necessary only when subnetting is used nt msk otherwise a mask appropriate to the target is assumed nt msk must be specified in dot notation gw gt way Specifies a gateway when applicable gt way is the IP address or hostname of the gatew ay interf The interface to use for this route Must be specified if a gateway is not When a gatew ay is specified the operating system determines which inter face is to be used Secure Shell Session Ssh isa command interface and protocol often used by network administrators to connect securely to a remote computer Ssh replaces its non secure counterp
51. in avalid port number repeats this program except this time it s configuring for the port number you have chosen Typing q leads to Screen 5 Screen 5 KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK X CONFIGURATION WIZARD eeeeex KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK Flash refers to a type of memory that can be erased and reprogrammed in units of memory known as blocks rather than one byte at a time thus making updating to memory easier If you choose to save to flash your configurations thus far will still be in the memory of the system even after you reboot it If you don t save to flash and if you were to reboot the system all your new configurations will be lost and you will have to reconfigure the system Do you want to save your configurations to flash Y N N User Guide 208 Chapter 3 Additional Features The content of the file etc TIMEZONE can be in one of two formats The first format is used when there is no daylight savings time in the local time zone std offset The std string specifies the name of the time zone and must be three or more alphabetic char acters The offset string immediately follows std and specifies the time value to be added to the local time to get Coordinated Universal Time UTC The offset is positive if the local time zone is west of the Prime Meridian and negative if it is east The hour must be between 0 and 24 and t
52. is tried only when the Radius server is down local TacacsPlus authentication is performed locally first switch ing to TacacsPlus if unsuccessful 90 Chapter 3 Additional Features all authhost1 all accthost1 all authhost2 all accthost2 all radtimeout all radretries all secret 91 JacacsPlus local the opposite of the previous option and T cacsPlusDownLlocal local authentication is tried only when the TacacsPlus server is down Note that this parameter controls the authentication required by the Cyclades TS The authentication required by the device to which the user is connecting is controlled separately Example value radius This address indicates the location of the Radius TacacsPlus authentication server and is only necessary if this option is chosen in the previous parameter A second Radius TacacsPlus authentication server can be configured with the parameter all authhost2 Example value 200 200 200 2 This address indicates the location of the Radius TacacsPlus accounting server which can be used to track how long users are connected after being authorized by the authentication server Its use is optional If this parameter is not used accounting will not be performed If the same server is used for authentication and accounting both parameters must be filled with the same address A second Radius TacacsPlus accounting server can be configured with the parameter all accthost2 Example v
53. machine readable form without the prior written consent of Cyclades Corporation 41829 Albrae Street Fremont CA 94538 USA Tele phone 510 770 9727 Fax 510 770 0355 ww w cyclades com Software Release 1 3 4 Document Revision Number 1 3 4 Draft 10 1 Table of Contents Preface PUFpOoSez seo aeons RAVCRIXURIWERMEMEENATRENR MEE EE EVA EU 10 Audience and User Levels ouuu 10 New Sere cue Ak M A otto LAS LEA eL LEA A LE LE 10 Power USerS ev ovre a E e Wena e eta ERR Ra S Ha 10 How to usethisGuldes xo a RR aap E dai ahh eae 11 Additional Documentation and Help cece ees 12 Conventions and Symbols aaa tees 12 FONTS eee readied Tete bet aes Oy ere DER OD aia ea ace diae 12 Hypertext LINKSics Lorem eR i IR RSEN IEEE 12 Glossary Ehntr185 5 cu urit rey er rq Tes AER ER dot f a ERE 12 Note BOX ICONS erii e e a a ae eee 13 QUICK Steps ioana ta PSS Pete Va ees Bente aa OEA 14 Chapter 1 Introduction and Overview Introducing Cyclades 0 0 cece tees 16 The Cyclades TSi ion saa Pete hh bid ih ee ae Pu wA E 16 Console ACCESS SErVer oo eee 17 What s Intheiboxs s de id eme cb Rind Re ia RR Aad 19 Safety Instructions E EEEE TERETERE hh 25 Replacing the Battery eona anra ea naD eh 26 FCC Warning Statement 27 Chapter 2 Installation and Configuration MOJU pm Pr cM EPUM 29 System Requirements 0 cece cee hens 29 Default Configuration Parameters 30 Predristall CheckllsU o RR a a es tacente i eg eoe od a 31
54. method is how a user accesses a server connected with one of the serial ports on the Cyclades TS You can access through telnet SSH raw data or modbus The first three meth ods are CASrelated Modbus is dedicated towards industrial automation Access method also refers to users access to the serial port based on common users and administrative users Accessing the Cyclades TS with a browser allows for both telnet and ssh methods User Guide 66 Chapter 3 Additional Features Parameters Involved and Passed Values The parameters involved in configuring Access Method for CAS are as follows allipno all socket port all protocol all users 67 This is the default IP address of the Cyclades TS s serial ports Any host can access a port using its IP address as long as a path to the address exists in the host s routing table An example value would be 192 168 1 101 The indicates that the first port should be addressed as 192 168 1 101 and the following ports should have consecutive values In the CAS profile this defines an alternative labeling system for the Cyclades TS ports An example value would be 7001 The after the numerical value causes the serial interfaces to be numbered consecutively In this example serial interface 1 is assigned the port value 7001 serial interface 2 is assigned the port value 7002 etc One example on how this could be used is in the case of all proto col or s lt n gt protocol s
55. of information concerning the opening or closing of some data exchange with a user mounting directories etc Password This last module type is required for updating the authentication token associated with the user Typically there is one module for each challenge response based authentication auth moduletype The control flag is used to indicate how the PAM library will react to the success or failure of the module it is associated with Since modules can be stacked modules of the same type execute in series one after another the control flags determine the relative importance of each module The application is not made aware of the individual success or failure of modules listed in the etc pam conf file Instead it receives a summary of success or fail responses from the Linux PAM library The order of execution of these modules is that of the entries in the etc pam conf file earlier entries are executed before later ones The control flag can be defined with one of two syntaxes The simpler and historical syntax for the control flag is a single keyword defined to indicate the severity of concern associated with the success or failure of a specific module There are four such keywords required requisite sufficient and optional Cyclades TS Appendix D Linux PAM The Linux PAM library interprets these keywords in the following manner Required Requisite Sufficient Optional User Guide This indicates
56. or raw_data and depending on how it is configured to be authenticated log in by typing into the terminal or use the command line input field to send input into the terminal Step 6 Enter command Enter commands directly in the terminal or into the command line input field and hit Enter Step 7 To send a break to the terminal Click on the SendBreak button Step 8 Disconnect connection Click on the Disconnect button Make sure the Status bar shows an Offline status Step 9 To reconnect to port Either refresh the current page or enter in the CycladesTS IP address and the port into the IP and port field Then hit the Connect button For ssh connection the port number should be 22 To connect to another serial port and or Cyclades TS first make sure that you have disconnected from your current session Then enter in the IP and port number into the appropriate fields and hit Connect If you refresh the page now the new connection will be lost and you will be returned to the original connection User Guide 296 Appendix F Upgrades and Troubleshooting CPU LED Normally the CPU status LED should blink consistently one second on one second off If this is not the case an error has been detected during the boot The blink pattern can be inter preted via the following table Table 36 CPU LED Code Interpretation Event CPU LED Morse code Normal Operation S short short short Flash Memory
57. process is running by executing the command ps If it is not type bin webs amp to start it If the bin w ebs process is not being initialized during boot change the file etc inittab How to restore the Default Configuration of the Web Configuration Manager This would be required only when the root password was lost or the configuration file etc websum conf was damaged From a console or telnet session edit the file etc config files Find the reference to etc w ebsum conf and delete it Save the modified etc config files file Execute the command saveconf Reboot the system Enter into the Web Con figuration Manager with the default username and password root tslinux Edit the file etc config files and insert the reference to etc w ebsum conf Recover access to the Cyclades TS100 console port There is no dedicated console port available in the Cyclades TS100 As factory default the serial port is set to work as a console port to allow initial product configuration After that changes can still be made through the Ethernet port and a Telnet command If for some rea son this access is lost usually misconfiguration the product can only be configured if the steps bellow are follow ed Step 1 Power the Cyclades TS100 off Step 2 Connect the Cyclades TS100 to a terminal configured to work at 9600 bps with 8 bits no parity and 1 stop bit 290 Cyclades TS Appendix F Upgrades and Troubleshooting Step 3 Press and ho
58. protocol should be configured as socket client all issue CAS and TS See description in CAS section all prompt CAS and TS See description in CAS section all socket port The socket port isthe TCP port number of the application that will accept connection requested by this serial port That application usually is telnet 23 258 Cyclades TS Appendix C The pslave Configuration File Table 31 TS Parameters ee Value for this s16 tty TS See the s1 tty entry in the CAS section ttyS16 Dial in Access Parameters The following parameters are unique to a Dial in setup except where indicated Table 32 Dial in configuration Parameters Parameter Description Value for this Example conf pppd Location of the ppp daemon with usr local sbin Radius pppd conf facility See description in CAS section CAS and Dial in all ipno See description in CAS section CAS and Dial in all initchat Modem initialization string TIMEOUT 10 d I dATZ V OK r n ATZ OK r n ATMO OK R N Y TIMEOUT 3600 RING STATUS Incoming p HANDSHAKE ATA TIMEOUT 60 CONNECTQ STATUS Connected p 1 HANDSHAKE User Guide 259 Appendix C The pslave Configuration File Table 32 Dial in configuration Parameters Parameter Description Value for this Example all autoppp all autoppp PPP options to auto 96 novj detect a ppp session
59. test proce dures for typical problems Appendix G Certificate for HTTP Security provides configuration information that will enable you to obtain a Signed Digital Certificate The Glossary provides definitions for commonly used terms in this manual Cyclades TS Preface Additional Documentation and Help There are other Cyclades documents that contain background information about Console Port Management and the Cyclades product line These are e The Cyclades Console Port Management Guide The Cyclades Product Catalog For the most updated version of Cyclades documentation use the following Web address http w ww cyclades com support dow nloads php Conventions and Symbols This section explains the significance of each of the various fonts formatting and icons that appear throughout this guide Fonts This guide uses a regular text font for most of the body text and Courier for data that you would input such as a command line instruction or data that you would receive back such as an error message An example of this would be telnet 200 200 200 1 7001 Hypertext Links References to another section of this manual are hypertext links that are underlined and are also blue in the PDF version of the manual When you click on them in the PDF version of the manual you will be taken to that section Glossary Entries Terms that can be found in the glossary are underlined and slightly larger than the re
60. that the success of the module is required for the module type facility to succeed Failure of this module will not be apparent to the user until all of the remaining modules of the same module type have been executed This is similar to required However in the case that such a module returns a failure control is directly returned to the application The return value is that associated with the first required or requisite module to fail Note that this flag can be used to protect against the possibility of a user getting the opportunity to enter a passw ord over an unsafe medium It is conceivable that such behavior might inform an attacker of valid accounts on a system This possibility should be weighed against the significant concerns of exposing a sensitive password in a hostile environment The success of this module is deemed sufficient to satisfy the Linux PAM library that this moduletype has succeeded in its purpose In the event that no previous required module has failed no more stacked modules of this type are invoked Note in this case subsequent required modules are not invoked A failure of this module is not deemed as fatal to satisfying the application As its name suggests this control flag marks the module as not being critical to the success or failure of the user s application for service In general Linux PAM ignores such a module when determining if the module stack will succeed or fail However in the abse
61. the code of the state Locality Name e 9 city Enter the name of your city Organization Name e g company Internet Widgits Ltd Organization that you work for or want to obtain the certificate for Organizational Unit Name e g section Department or section where you work Common Name e g your name or your server s hostname Name of the machine where the certificate must be installed User Guide 298 Appendix G Certificate for HTTP Security Table 37 Required information for the OpenSSL package Parameter Description Email Address Your email address or the administrator s email address The other requested information can be skipped The certificate signing request CSR generated by the command above contains some personal or corporate information and its public key Step 2 Submit CSR to the CA The next step is to submit the CSR and some personal data to the CA This service can be requested by accessing the CA Web site and is not free There is a list of CA s at the following URL pki page org The request will be analyzed by the CA for policy approval and to be signed Step 3 Upon receipt install certificate After the approval the CA will send a certificate file to the origin which we will call Cert cer for example purposes The certificate is also stored on a directory server The certificate must be installed in the GoAhead
62. the following to bring up the Syslog custom wizard wiz sl Screen 1 will appear Screen 1 KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK CONFIGURATION WIZARD eexqxex CK CK CK Ck Ck Ck Kk CK Ck CIC CK CIC KC KC KC C Kk Sk A KG Kk kA ko ko ko ko Set to defaults y n N Screen 2 KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK X CONFIGURATION WIZARD e ex Ck C Ck CK Ck Ck Ck Ck CK Ck Ck C Ck Ck CK Ck Ck CK Ck Ck CC Ck CK Ck Ck Ck Ck Ck Ck Ck Sk Ck Ck kk Sk Pk Sk Sk Pk Mk kx kx x X INSTRUCTIONS You can 1 Enter the appropriate information for your system and press ENTER Enter if you want to deactivate that parameter or 2 Press ENTER if you are satisfied with the value within the brackets and want to go on to the next parameter or 3 Press ESC if you want to exit CONF FACILITY This value 0 7 is the Local facility sent to the syslog The file etc syslog ng syslog ng conf contains a mapping between the facility number and the action Please see the Syslog ng Configuration to use with Syslog Buffering Feature section under Generating Alarms in User Guide 187 Chapter 3 Additional Features Chapter 3 the system s manual for the syslog ng configuration file conf facility 7 CONF DB FACILITY This value 0 7 is the Local facility sent to the syslog with the data when syslog buffering is activ
63. tranmission betw een the remote device and the serial port ceases once the 4k bytes Rx buffer in the ker nel is reached Then if a session is established to the serial port the data in the buffer is shown dont show DBmenu must be 2 cleared and data transmission is resumed Linear buffering is impossible if flow control is set to none Default is cir Parameters Involved and Passed Values Data Buffering uses the following parameters all data_buffering A non zero value activates data buffering local or remote according to what was configured in the parameter conf nfs_data_buffering If local data buffering a file is created on the Cyclades TS if remote a file is created through NFS in a remote server All data received from the port is captured in this file If local data buffering this parameter means the maximum file size in bytes If remote this parameter is just a flag to activate greater than zero or deactivate data buffering When local data buffering is used each time the maximum is reached the oldest 1096 of stored data is discarded releasing space for new data FIFO system circular file When remote data buffering is used there s no maximum file size other than the one imposed by the remote server linear file This file can be viewed using the normal UNIX tools cat vi more etc Sizeisin bytes not kilobytes Example value 0 111 Cyclades TS Chapter 3 Additional Features confnfs data_buffering all
64. want to go on to the next parameter or 3 Press ESC if you want to exit CONF LOCALLOGINS This parameter is only necessary when authentication is being performed for a port When set to 1 it is possible to log into the system directly by placing a before users login name then using their normal password This is useful if the Radius authentica tion server is down conf locallogins 0 Screen 4 KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK X CONFIGURATION WIZARD eex Ck Ck kk Ck CK Ck Ck CK Ck Ck CK Ck Ck Ck Ck Ck CC Ck CK Ck Ck Ck Ck Ck CK Ck Ck Ck Ck CK kk Ck Sk Ck Ck Sk Sk Pk Sk kx Pk A kx kx o Your current configuration parameters are The ones with the means it s not activated User Guide 158 Chapter 3 Additional Features all host 200 200 200 3 all term vt100 conf locallogins 0 Are these configuration s all correct Y es or N o N If you type N Type c to go back and CORRECT these parameters or q to QUIT Typing c repeats the application typing q exits the entire wiz application If you type Y Type c to CONTINUE to set these parameters for Specific ports or q to QUIT Typing c leads to Screen 5 typing q leads to Screen 6 Screen 5 KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK Y CONFIGURATION WIZARD x x CC CK Ck Ck Ck Ck C C00 C Ck Ck Ck CSS C Ck Ck Ck CC C Ck Ck Ck ck Ck Ck C
65. when called viathe pam open seesion function and completes it when pam close session is called This module can also display a line of information about the last login of the user If an application already performs these tasks it is not necessary to use this module This module through the Linux PAM open session hook sets limits on the system resources that can be obtained in a user session Its actions are dictated more explicitly through the configuration file discussed below The listfile module provides a way to deny or allow services based on an arbitrary file This module outputs the motd file etc motd by default upon successful login Provides standard Unix nologin authentication This module should be used with extreme caution Its action is to always permit access It does nothing else Provides Radius server authentication and accounting This module is for use in situations where the superuser wishes to gain access to a service without having to enter a password Provides standard UNIX securetty checking Running a well regulated system occasionally involves restricting access to certain services in a selective manner This module offers some time control for access to services offered by a system Its actions are deter mined with a configuration file This module can be configured to deny access to individual users based on their name the time of day the day of week the service they are applying for and the
66. with your browser Step 1 Follow the steps 1 to 4 in the section titled Configuration for CAS Browser Method on page 69 Step 2 Click the RAS Profile button in the Wizard section Step 3 Scroll down to the Profile section You can change the settings for all ipno and all protocol in this section Step 4 Scroll to the modem Section You can configure the parameter all initchat here Step 5 Scroll to the PPP Section You can configure the parameter all autoppp and all pppopt here User Guide 88 Chapter 3 Additional Features Step 6 Click on the Serial Port Groups link on the Link Panel Click the Add Group button that appears A Serial Ports Users Group Table Entry page appears Step 7 Configure socket TTY You can configure the socket profile of the s32 tty parameter in the Profile section CLI Method To configure certain parameters for a specific serial port Step 1 Bring up the CLI At the command prompt type the following to bring up the CLI config This will show the CLI prompt config hostname gt gt Step 2 Type the following after the CLI prompt To activate the serial port lt string gt should be ttyS lt serial port number gt configure line lt serial port number gt tty lt string gt To configure the protocol lt string gt is the type of protocol desired configure line lt serial port number gt protocol lt string gt Tip You can configure all the parameters for
67. 0 0 0 0 0 23 j DENY ipchains A input p tcp s 200 200 200 4 d 200 200 200 1 7001 7032 j DENY ipchains A input p tcp s 200 200 200 4 d 0 0 0 0 0 22 j DENY Configuration for CAS Browser Method To configure filtering via your Web browser Step 1 Point your browser to 192 168 130 10 Enter the TS s IP address in your browser s address field 127 Cyclades TS Chapter 3 Additional Features Step 2 Log in Log in as root with tslinux as a password This will take you to the Configuration and Administration page Step 3 Click IP Chains link On the Configuration section of this page select the IP Chains link The following page will appear 3 Cyclades T 1000 Filter Chain Table Microsoft Internet Explorer File Edit View Favorites Tools Help Ea Address je http 192 158 150 10 goform ListChainT able Go Wes E a 1216616010 search gt attempting to connect to Yahoo Cyclades TS Web Management Service Configuration General Syslog Filter Chain Table Serial Ports Name Default Target Serial Port Groups Host Table C 1 linput ACCEPT Static Routes IP Chains Boot Configuration C 3 output ACCEPT Edit Text File System Users System Groups List rules Edit chain Delete chain Add chain jName Administration C 2 forward ACCEPT Figure 29 Page 1 of IP Chain filtering Step 4 Ente
68. 0 00 a m How to set Date and Time The date command prints or sets the system date and time Format of command date MMDDhhmm CC YY A AR aA A AOA AR A A AAW year century minute hour day month For example date 101014452002 produces Thu Oct 10 14 45 00 DST 2002 The DST is because it was specified in etc TIMEZONE User Guide 210 Chapter 3 Additional Features This page has been left intentionally blank User Guide Appendix A New User Background Information A username and password are necessary to log in to the Cyclades TS The user root is pre defined with a password tslinux A password should be configured as soon as possible to avoid unauthorized access Type the command passwd to create a password for the root user To create a regular user without root privileges use the commands adduser user name passwd user password To log out type logout at the command prompt Linux File Structure The Linux file system is organized hierarchically with the base or root directory repre sented by the symbol All folders and files are nested within each other below this base directory The directories located just below the base directory are home Contains the work directories of system users bin Contains applications and utilities used during system initialization dev Contains files for devices and ports etc Contains configuration files sp
69. 167 Cyclades TS Chapter 3 Additional Features CLI Method To configure certain parameters for a specific serial port Step 1 Bring up the CLI At the command prompt type the following to bring up the CLI config This will show the CLI prompt config hostname gt gt Step 2 Type the following after the CLI prompt To activate the serial port lt string gt should be ttyS lt serial port number gt configure line lt serial port number gt tty lt string gt To configure speed configure line lt serial port To configure datasize configure line lt serial port To configure stopbits configure line lt serial port To configure parity configure line lt serial port number gt number gt number gt number gt speed lt number gt datasize lt number gt stopbits lt number gt parity lt string gt lt string gt Tip You can configure all the parameters for a serial port in one line configure line serial port number tty string speed number datasize number stopbits number parity User Guide 168 Chapter 3 Additional Features Step 3 To exit the CLI Type exit or quit after the CLI prompt Step 4 To activate your new configurations type signal_ras hup Configuration for TS Browser Method See the browser method for the CAS earlier in this section Wizard Method Step 1 Bring up the wizard At the command prompt
70. 192 168 1 103 4 192 168 1 104 5 192 168 1 105 6 192 168 1 106 Type q to quit a valid option 1 6 or anything else to refresh u name Username to be used in the ssh telnet command The default username is that used to log onto the Cyclades TS h Lists script options User Guide 224 Appendix B Cabling Hardware amp Electrical General Hardware Specifications The power requirements environmental conditions and physical specifications of the Cyclades TS are listed below Power Specifications Table 18 Cyclades TS power requirements TS100 TS400 TS800 TS1000 TS2000 TS3000 Input External External External Internal Internal 100 Internal 100 Voltage Universal Input Universal Input Universal Input 100 240VAC 240VAC 240VAC R Desktop Power Desktop Power Desktop Power autorange autorange autorange ange Supply 100 Supply 100 Supply 100 48VDC 48VDC option 240VAC auto 240VAC auto 240VAC auto option available range input range input range input available 5VDC output 5VDC output 5VDC output Input 50 60H 50 60H 50 60H 50 60H 50 60H 50 60H Frequency Range Power 5 W max 5 W max 6 W max 22 W 26 W max 11 W max 120VAC max Power 6 W max 6 W max 8 W max 28W 37 W max 17 W max 9220 VAC max Table 19 Cyclades TS environmental conditions Environmental Information TS100 TS400 TS800 TS1000 TS2000 TS3000 Operating 50F to 112F 50F to 112F 50
71. 2 KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK X CONFIGURATION WIZARD exeqeex KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK INSTRUCTIONS You can 1 Enter the appropriate information for your system and press ENTER Enter if you want to deactivate that parameter or 2 Press ENTER if you are satisfied with the value within the brackets and want to go on to the next parameter or 3 Press ESC if you want to exit ALL IPNO This is the default IP address of the system s serial ports The indicates that the first port should be addressed as 192 168 1 101 and the following ports should have consecutive values Any host can access a port using its IP address as long as a path to the address exists in the host s routing table all ipno 192 168 1 101 ALL SOCKET PORT This defines an alternative labeling system for the system ports The after the numerical value causes the interfaces or ports to be numbered consecutively 73 Cyclades TS Chapter 3 Additional Features e g interface 1 of your system is assigned port 7001 interface 2 has the value 7002 etc all socket_port 7001 Screen 3 KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK X CONFIGURATION WIZARD eeeeeex KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK INSTRUCTIONS You can 1
72. 3 Cyclades TS Chapter 3 Additional Features e SN escape char valid only for port N this parameter will be used to present the menus below to the user Only characters from a to z i e CTRL A to CTRL Z will be accepted If it is not defined it will assume the value of all escape char When no multiple sessions are allowed for one port the behavior of the Cyclades TS when someone connects to it will be as described for version 1 3 2 and earlier Otherwise it will be as follow s 1 The first user to connect to the port will open a common session 2 Fromthe second connection on only admin users will be allowed to connect to that port The Cyclades TS will send the following menu to these administrators defined by the parameter all admin users or sN admin users in the file pslave conf ttySN is being used by first user name 1 Initiate a regular session 2 Initiate a sniff session 3 Send messages to another user 4 Kill session s 5 Quit Enter your option If the user selects 1 Initiate a regular session s he will share that serial port with the users that were previously connected S he will read everything that is received by the serial port and will also be able to write to it If the user selects 2 Initiate a sniff session s he will start reading everything that is sent and or received by the serial port according to the parameter all sniff mode or SN sniff mode that can
73. 485 characteristic is the termination In a network that uses the RS 485 standard the equipment is connected one to the other in a cascade arrangement A termina tion is required from the last equipment to set the end of this network TS100 Connectors Although the RS 485 can be provided in different kinds of connectors the Cyclades TS100 uses a 9 pin D shaped connector DB 9 and a block connector with the pin assignment described below Table 28 TS100 Connector pin assignment RS 485 Signal Name Function DB 9 pins sonar pins Chassis Safety Ground 1 TXD Transmit Data A 7 2 TXD Transmit Data B 3 3 RXD Receive Data B 2 4 RXD Receive Data A 8 5 Chassis Safety Ground 6 User Guide 237 Appendix B Cabling Hardware amp Electrical Figure 48 Pin assignment control Notice that if the Cyclades TS100 is configured to use RS 485 the RS 485 signals will be avail able in both DB 9 and block connector In this case the DB 9 pins used in an RS 232 connec tion can be considered not connected Cable diagrams Cable 1 DB 9 Female to DB 9 Female Crossover half duplex Application It connects the Cyclades TS100 serial port DTE RS 485 devices with half duplex communication DB 9 Female RxD 8 DB 9 Female DB 9 Female TxD 7 RxD 2 TxD 3 DB 9 Female _ tT RxD 8 TxD 7 RD 2 L TxD 3 F
74. Address http 192 168 160 10 qoform E ditT exFile flename etc syslog ng syslog na conf x Go Wes la 19216816010 Search attempting to connect to Yahoo m mmm Cyclades TS Web Management Se Configuration Gi l cel Edit File fetcisyslog ng syslog ng conf Sadi Bt The syslog ng reads from sources files TCP UDP cc PME H filters the messages and takes an action writes in file Host Table jf or syslogs Static Routes Ht IP Chains You ll need to define sources filters and actions dest Boot Configuration Bt them as explained below Edit Text File ht System Users H To define sources use this statement System Groups HE source identifier source driver params Administration lt Logout Ht Some examples Reboot 1 To read from a file source identifier file filenam Send Message fF Example to read messages from temp file1 file Port Conversation ia source file1 filecstemp file1 Download Upload Example to receive messages from kernel Image y TS iq source s kernel file iproc kmsg Configuration f 2 To receive messages from local syslogd clients E Done dep Internet Figure 36 Syslog page 1 Step 4 Click the Edit Text File link on the Link Panel Enter the filename and begin editing the file User Guide 186 Chapter 3 Additional Features Wizard Method Step 1 Bring up the wizard At the command prompt type
75. B Cabling Hardware amp Electrical CAT 5e Inline Coupler Sun Netra Adapter This Adapter attaches to the Cyclades RJ 45 to Cyclades RJ 45 Crossover cable It is usually used in console management applications to connect Cyclades products to a Sun Netra server or to a Cisco product At one end of the adapter is the black CAT 5e Inline Coupler box with a female RJ 45 terminus from which a 3 inchJong black Sun Netra Jabeled cord extends terminating in an RJ 45 male connector JACK PLUG RTS 1 8 DSR DTR 2 7 DCD iH TXD 3 6 RxD EN n INLINE COUPLER GND 4 4 GND 5 CTS CTS 5 1 RTS RxD 6 3 TxD DCD 7 2 DTR Figure 42 CAT 5e Inline Coupler Sun Netra Adapter Adapters The following four adapters are included in the product box A general diagram is provided below and then a detailed description is included for each adapter R 45 Female to DB 25 Male Adapter The following adapter may be necessary RJ45 DB25M RTS 1 5 CTS DTR 2 6 DSR D b TXD 3 3 RxD GND 4 7 GND CTS 5 4 RTS RxD 6 2 TxD DCD 7 _ DSR 8 20 DTR Figure 43 RJ45 Female to DB 25 Male Adapter 234 Cyclades TS Appendix B Cabling Hardware amp Electrical RJ 45 Female to DB 25 Female Adapter The following adapter may be necessary RTS DTR TXD GND CTS RxD DCD DSR RJ45 NP ON OQU FW DB25F 5 6
76. Connect the console cable Connect the console cable created from the RJ 45 straight through cable and the ap propriate adapter to the port labeled Console on the Cyclades TS with the RJ 45 connector end and to your PC s available COM port with the adapter s serial port end Step 2 Power on the Cyclades TS After the Cyclades TS finishes booting you will see alogin prompt on the console screen Step 3 Enter root as login name and tslinux as password Step 4 Type wiz and press Enter A wizard configuration screen will appear asking you a series of questions g Michele HyperTerminal iof x File Edit View Call Transfer Help Dae e4 00 e JE JE 3 3 3 3 JE 3 3 JE 3 3 3 3 JE 3 3 3 3 3 3 JE JE 3 3 3 JE 3 3 3 3 3 3 3 3 3 3 3 3 JE 3 3 3 JE 3 3 3 3 3 3 3 3 3 3 3 pxexxxxexx W IZARD CONFIGURA T I O N 222 JE JE 3 3 3 3 3 3 J 3 3 3 JE 3 3 3 3 JE JE 3 JE 3 JE 3 JE 3 JE JE 3 JE 3 3 JE 3 3 3 3 3 3 3 3 JE 3 3 3 3 3 3 3 3 3 3 3 OK let s get started I need some basic information about the TS so that it can know about where it is located within the network and know about its local environment Set to defaults y n N Figure 9 The initial wiz
77. Cyclades 1S User Guide Version 1 3 4 Release 1 This document contains proprietary information of Cyclades and is not to be disclosed or used except in accordance with applicable contracts or agreements Cyclades Corporation 2002 Cyclades TS Version 1 3 4 Release 1 User Guide October 2002 Copyright Cyclades Corporation 2002 We believe the information in this manual is accurate and reliable However we assume no responsibility financial or otherwise for any consequences of the use of this product or man ual This manual is published by Cyclades Corporation which reserves the right to make improvements or changes in the products described in this manual as well as to revise this publication at any time and without notice to any person of such revision or change The operating system covered in this manual is v1 3 4 All brand and product names mentioned in this publication are trademarks or registered trademarks of their respective holders Cyclades Cyclades TS3000 Cyclades TS2000 Cyclades TS1000 Cyclades T S800 Cyclades T S400 and Cyclades TS100 are registered trademark of Cyclades Corporation Microsoft Windows 95 98 XP ME NT and 2K are trademarks of Microsoft Corporation UNIX is atrademark of UNIX System Laboratories Inc Linux is a registered trademark of Linus Torvald All rights reserved This document may not in whole or part be copied photocopied repro duced translated or converted to any electronic or
78. Enter the appropriate information for your system and press ENTER Enter if you want to deactivate that parameter or 2 Press ENTER if you are satisfied with the value within the brackets and want to go on to the next parameter or 3 Press ESC if you want to exit ALL PROTOCOL The possible protocols are telnet sshl ssh2 raw data or modbus e g socket server telnet protocol socket ssh sshl ssh2 protocol raw data used to exchange data in transparent mode similar to socket server mode but without telnet negotiation breaks to serial ports modbus an application layer messaging protocol for client server communication widely used for industrial automation etc all protocol socket server Note The modbus option only applies if you are using a TS100 Entering mod bus for your protocol displays the all modbus smode parameter User Guide 74 Chapter 3 Additional Features ALL MODBUS SMODE Communication mode through the serial ports If not configured ASCII mode will be assumed e g ascii normal TX RX mode rtu Remote Transmission mode where sometimes constraints are observed between characters while transmitting a frame all modbus_smode ALL USERS Restricts access to ports by user name Only the users listed can access the port or using a all but the users listed can access the port A single comma and spaces tabs may be used between names A
79. Error Code L long long long Flash Memory Error Configuration S L Ethernet Error SSL No Interface Card Detected 5 5 5 L Network Boot Error 5 5 5 5 L Real Time Clock Error 5 5 5 5 S L be ignored Note The Ethernet error mentioned in the above table will occur automati cally if the Fast Ethernet link is not connected to an external hub during the boot If the Fast Ethernet is not being used or is connected later this error can User Guide 297 Appendix G Certificate for HTTP Security The following configuration will enable you to obtaining a Signed Digital Certificate A certifi cate for the HTTP security is created by a CA Certificate Authority Certificates are most commonly obtained through generating public and private keys using a public key algo rithm like RSA or X509 The keys can be generated by using a key generator software Procedure Step 1 Enter OpenSSL command On aLinux computer key generation can be done using the OpenSSL package through the following command openssl req new nodes keyout private key out public csr If this command is used the following information is required Table 37 Required information for the OpenSSL package Parameter Country Name 2 letter code AU Description The country code consisting of two letters State or Province Name full name Some State Provide the full name not
80. F to 112F 50F to 112F 50F to 112F 50F to 112F Temp 10 C to 10 C to 10 C to 50 C 10 C to 50 C 10 C to 10 C to erature 50 C 50 C 50 C 50 C Relative 10 90 10 9096 10 9096 10 9096 10 9096 10 9096 Humidity non non non non non non condensing condensing condensing condensing condensing condensing 225 Cyclades TS Appendix B Cabling Hardware amp Electrical Table 21 Cyclades TS physical specifications Physical Information TS100 TS400 TS800 TS1000 TS2000 TS3000 External 2 76 x 3 35 8 5 in x 8 5 in x 17 in x 8 5 17 in x 8 5 17 in x 8 5 Dimensions in x 1 18 in 4 75 in x 4 75 in x in x 1 75 in in x 1 75 in in x 1 75 in lin lin Weight 0 3 Ib 1 5 Ib 1 6 Ib 6 Ib 6 2 Ib 8 Ib Table 22 Cyclades TS safety specifications Safety Information TS100 TS400 TS800 TS1000 TS2000 TS3000 Approvals FCC and CE Class A This section has all the information you need to quickly and successfully purchase or build cables to the Cyclades TS It focuses on information related to the RS 232 interface which applies not only to the Cyclades TS but also to any RS 232 cabling At the end of this chapter you will also find some information about the RS 485 interface which is available for the Cyclades TS100 model only The R amp 232 Standard RS 232C EIA RS 232 or simply RS 232 refer to a standard defined by the Electronic Industries Associat
81. FTP server to load or save the TS s configuration Set Date Time Set the TS s date and time Active Sessions Shows the active sessions and allow s the administrator to kill them Process Status Shows the running processes and allows the administrator to kill them Restart Processes Allows the administrator to start or stop some processes Table 5 Information Section Link Name Description of Page Contents Interface Statistics Shows statistics for all active interfaces User Guide 41 Chapter 2 Installation and Configuration Link Name Description of Page Contents DHCP client Shows the DHCP client information Serial Ports Shows the status of all serial ports Routing Table Shows the routing table and allows the administrator to add or delete routes ARP Cache Shows the ARP cache IP Chains Shows IP Chains entries IP Rules Shows Firewall NAT and IP Accounting rules IP Statistics Shows IP protocol statistics ICMP Statistics Shows ICMP protocol statistics TCP Statistics Shows TCP protocol statistics UDP Statistics Shows UDP protocol statistics RAM Disk Usage Shows the TS file system System Information Shows information about the kernel time CPU and memory Configuration using Telnet The Cyclades TS box comes with an IP address preconfigured on its Eth
82. Guide 203 Chapter 3 Additional Features You can change the format of the login prompt and banner that is issued when a connection is made to the system Prompt and banner appearance can be port specific as well Parameters Involved and Passed Values Terminal Appearance involves the following parameters all prompt This text defines the format of the login prompt Expansion characters can be used here Example value h login allissue This text determines the format of the login banner that is issued when a connection is made to the Cyclades TS n represents a new line and r represents a carriage return Expansion characters can be used here Value for this Example r n Welcome to terminal server Sh port S p n r n r n Customer Support 510 770 9727 www cyclades com n r n Browser Method Step 1 Point your browser to the TS In the address field of your browser type 192 168 160 10 Step 2 Log in Log in as root pwd is tslinux This will take you to the Configuration and Administration page User Guide 204 Chapter 3 Additional Features Step 3 Select the Serial Ports link Click on the Serial Ports link on the Link Panel to the left of the page or in the Configuration section of the page This will take you to the Port Selection page Step 4 Select port s On the Port Selection page choose all ports or an individual port to configure from the dropdown menu Click the Submit button This
83. KKKKKKKKKKKKKKKKKKKKKKKK KKK KKK x xxxxxx xx CONFIGURATION WIZARD eeeqeex KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK KKK KK KKK ok Your current configuration parameters are The ones with the means it s not activated all ipno 192 168 1 101 all socket port 7001 all protocol socket server all modbus smode 4 all users all poll interval 1000 all tx interval 100 all idletimeout O0 conf group Are these configuration s all correct Y es or N o N If you type N Type c to go back and CORRECT these parameters or q to QUIT Typing c repeats the application typing q exits the entire wiz application If you type Y Type c to CONTINUE to set these parameters for specific ports or q to QUIT Typing c leads to Screen 7 typing q leads to Screen 8 77 Cyclades TS Chapter 3 Additional Features Screen 7 KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK KKK KKK ck ck ck ck ck k ck ck k ck k k kk x xxxxxx xx CONFIGURATION WIZARD eeexx CK CK Ck ck ck Ck ck ckck ck ckck ck ckck kk ck ckckck ck kCckck kckck kCck ck kck ck kck ck ckck ck ckck ck ck ck kckck k ck ck k ck kk kk You have 8 available ports on this system Type q to quit a valid port number 1 8 or anything lse to refresh Note The number of available ports depends on the system you are on Typing in a valid port number repeats this program except this time it s configuring for th
84. KKKKKKKKKKKKKKKKKKKKKKKKKK X CONFIGURATION WIZARD eeeqeex KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK Set to defaults y n N Screen 2 KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK X CONFIGURATION WIZARD eeqqse KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK ko ko ko KKK INSTRUCTIONS You can 1 Enter the appropriate information for your system and press ENTER Enter if you want to deactivate that parameter or 2 Press ENTER if you are satisfied with the value within the brackets and want to go on to the next parameter or 3 Press ESC if you want to exit User Guide 132 Chapter 3 Additional Features ALL ALARM When non zero all data received from the port are captured and sent to syslog ng with DAEMON facility and ALERT level The syslog ng conf file should be set accordingly for the syslog ng to take some action Please see the Syslog ng Configuration to use with Alarm Feature section under Generating Alarms in Chapter 3 of the system s manual for the syslog ng configuration file all alarm 0 Note conf DB facility is configured under the syslog parameters wiz sl Screen 3 KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK X x CONFIGURATION WIZARD Dk Ck Ck C C CK C Ck CK C Ck CK Ck Ck Ck KC Ck Ck KKK KKK KKK KKK KKK KK KKK Ck Ck
85. KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK CONFIGURATION WIZARD x x CC CK Ck Ck Ck Ck C C00 Ck Ck Ck CCS CC Ck Ck Ck cC C Ck Ck Ck c cC Ck Ck ck ko Sk A A Pk Sk Sk ko Ax kx x X You have 8 available ports on this system Type q to quit a valid port number 1 8 or anything lse to refresh NOTE The number of available ports depends on the system you are on Typing in a valid port number repeats this program except this time it s configuring for the port number you have chosen Typing q leads to Screen 6 Screen 6 KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK X x CONFIGURATION WIZARD xkx Dk Ck KC CK CK C Ck CK C Ck CK Ck Ck Ck CC Ck CC C Ck CK KKK KKK KKK KK KKK Ck Ck Kk Ck Ck Sk Sk Kk ke kx kx Mk kx ko ko Flash refers to a type of memory that can be erased and reprogrammed in units of memory known as blocks rather than one byte at a time thus making updating to memory easier If you choose to save to flash your configurations thus far will still be in the memory of the system even after you reboot it If you don t save to flash and if you were to reboot the system all your new configurations will be lost and you will have to reconfigure the system Do you want to save your configurations to flash Y N N 181 Cyclades TS Chapter 3 Additional Features SNMP Short for Simple Network Management Protocol a set of protocols for managing complex n
86. Kk Ck Ck kk Sk Pk ke Sk kx Mk ko ko ko Your current configuration parameters are The ones with the means it s not activated all alarm 0 Are these configuration s all correct Y es or N o N If you type N Type c to go back and CORRECT these parameters or q to QUIT Typing c repeats the application typing q exits the entire wiz application If you type Y Type c to CONTINUE to set these parameters for specific ports or q bo QUIT 133 Cyclades TS Chapter 3 Additional Features Typing c leads to Screen 4 typing q leads to Screen 5 Screen 4 KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK KKK KKK kck ck ck ck ck ck ck k ck ck k ck k k kk Yk CONFIGURATION WIZARD x Cc KC Ck Ck Ck c KKK KEK Ck Ck Ck KKK KKK KKK Ck Ck ck ck ck Ck Ck ck Ck ck ck ck ck ck ck ck ko Sk Pk Sk ck ko A kx Ax X You have 8 available ports on this system Type q to quit a valid port number 1 8 or anything lse to refresh Note The number of available ports depends on the system you are on Typing in a valid port number repeats this program except this time it s configuring for the port number you have chosen Typing q leads to Screen 5 Screen 5 KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK kck ck ck ck ck kck ck ck ck ck ck ck k ck ck k ck k k kk X x CONFIGURATION WIZARD exeo ockk CK CKCk ck ckCck ck ckck ck ckck kckck ck ckck kckck ck kCckck kckck kck ck kck ck kck ck ck ck ck kck ck c
87. NDSHAKE Options to auto detect a ppp session The cb script parameter defines the file used for callback and enables negotiation with the callback server Callback is available in combination with Radius Server authentication When a registered user callsthe TS it will disconnect the user then call the user back The following three parameters must be configured in the Radius Server attribute Service type 6 Callback Framed attribute Framed Protocol 7 PPP attribute Callback Number 19 the dial number example 50903300 Example value novj proxyarp modem asyncmap 000A0000 noipx noccp login auth require pap refusechap mtu t mru 9 amp cb script etc portslave cb_script plugin usr lib libpsr so Cyclades TS Chapter 3 Additional Features all pppopt PPP options when user has already been authenticated Example value 968 96j novj proxyarp modem asyncmap 000A0000 noipx noccp mtu 9 amp mru t netmask m Vidle maxconnect T plugin usr lib libpsr so all protocol For the Dial in configuration the available protocols are PPP SLIP and CSLIP Example value ppp 32 tty Example value ttyS32 Tip Documentation about PPP options can be found on the Linux pppd man page vi Method The parameters described above must be changed by directly editing the etc portslave pslave conf file Browser Method For the serial ports you would have all the parameters described above but conf To config ure Access Method
88. ONFIGURATION WIZARD eex KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK Set to defaults y n N User Guide 92 Chapter 3 Additional Features Screen 2 KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK KKK KKK ckck ck ck ck ck ck ck k ck ck k ck k k kk x xxxxxx xx CONFIGURATION WIZARD exee KKKKKKKK KKK KKK KKK KK ck ckck ck ck ckck kck ck KKK kck ck ok ck ck kck ck ckck ck ck ck ck ck ck k ck ck k ck k kk kk INSTRUCTIONS You can 1 Enter the appropriate information for your system and press ENTER Enter if you want to deactivate that parameter or 2 Press ENTER if you are satisfied with the value within the brackets and want to go on to the next parameter or 3 Press ESC if you want to exit ALL AUTHTYPE This parameter controls the authentication required by the system Users access to the server through the serial port is granted through the check of username and password locally or remotely e g none local TacacsPlus note the capital T in TacacsPlus radius etc all authtype none Note If authtype is configured as none or local the application will skip immediately to the summary screen because the rest of the parameters pertain only if the system is configured to use a Radius or TacacsPlus server ALL AUTHHOST1 This IP address indicates where the Radius or TacacsPlus authentication server is located
89. S Configuration of User Groups for Serial Ports System Users Host Table Table of hosts in Jetc hosts essi bein Static Routes defined in Jetcinetworkdst routes Administration Logout IP Chains Static Filter Chains in etcnetworldipchains Reboot Static Routes Boot Configuration Configuration of parameters used in the boot process Send Message Bact Conse ER dom Edit Text File Tool to edit any configuration file sd Download Upload System Users Management of system users defined in etcipasswa i Leet Gove System Groups Management of system groups defined in fetc groups H Srpen Administration L k fi Set Date Time In or Active Sessions This section constains the administration tools FroS099 statis Logout Exits the Web Management Service C a n n Restart Processes we Reboot Resets the equipment assw or d Management Send Message Send messages to the users logged or to a determined serial port p po Port Conversation Does a Port Conversation through a determined serial port ded Ies dea niana te In eTo ta lanat mal mm y Figure 11 Configuration amp Administration Menu page This page gives a brief description of all menu options and allows you to change your pass word User Guide 37 Chapter 2 Installation and Configuration Security Issue Change the root password as soon as possible The user data base for the Web Configuration Manager is differ
90. TS100 Block Connector to Block Connector Crossover full duplex User Guide 240 Appendix C The pslave Configuration File This chapter begins with the complete table for all parameters and their descriptions The pslave conf file with all possible parameters and their descriptions follows You can find sam ples of the pslave configuration files pslave conf cas ts and ras in the etc portslave directory in the TS box Configuration Parameters Additional Cyclades TS Options for a CAS You can configure additional features with the parameters given on the following tables Table 29 Parameters Common to CAS TS amp Dial in Access Value for this Parameter Description Example conf eth ip Configured in Task 4 Edit the pslave conf file in 200 200 200 1 Chapter 2 Installation and Configuration This is the IP address of the Ethernet interface This parameter along with the next two is used by the Cy ras program to OVERWRITE the file etc network ifcfg ethO as soon as the command signal ras hup is executed The file etc network ifcfg ethO should not be edited by the user unlessthe cy ras configuration is not going to be used conf eth mask The mask for the Ethernet network 255 255 255 0 conf eth mtu The Maximum Transmission Unit size which 1500 determines whether or not packets should be broken up User Guide 241 Appendix C The pslave Configuration File Table 29 Parameters Commo
91. Task 4 Edit the pslave conf file User Guide 45 Chapter 2 Installation and Configuration To save in Flash run saveconf see Task 7 Save the changes To validate acti vate a configuration run signal ras hup see Task 5 Activate the changes Important Any configuration change must be saved in flash once validated Note If your terminal does not have ANSI emulation select vt100 then on the TS log in as root and switch to vt100 by typing TERM vt100 export TERM Tip We strongly recommend to use 9600 bps console speed In case you need to use another speed please check Appendix F Softw are Upgrades and Trou bleshooting Important Always complete ALL the steps for your chosen configuration AN before testing or switching to another configuration New Users If you are using a PC you will be using HyperTerminal to perform the initial configuration of the Cyclades TS directly through your PC s COM port connected with the Cyclades TS con sole port HyperTerminal which comes with Windows 95 98 Me NT 2K and XP is often located under Start gt Program gt Accessories HyperTerminal emulates a dumb terminal when your PC connects to the serial port console port of the Cyclades TS After the initial configuration through the HyperTerminal connection you will be connecting your PC or another terminal to the Cyclades TS via an Ethernet connection in order t
92. User Guide news mail 194 Chapter 3 Additional Features 3 To filter by matching one string in the received message filter f match match string Example to filter by matching the string named filter f named match named 4 To filter ALARM messages note that the following three examples should be one line filter f alarm facility l1ocal 0 conf DB facility and level info and match ALARM and match lt your string Example to filter ALARM message with the string kernel panic filter f kpanic facility local 0 lt conf DB_facility gt and level info and match ALARM and match kernel panic Example to filter ALARM message with the string root login filter f root facility l1ocal 0 conf DB facility and level info and match ALARM and match root login 5 To eliminate sshd debug messages filter f sshd debug not program sshd or not level debug 6 To filter the syslog buffering filter f syslog buf facility local 0 lt conf DB_facility gt and level notice Task 4 Define Actions To define actions use this statement note that the statement should be one line destination identifier destination driver params destination driver param User Guide 195 Chapter 3 Additional Features where identifier Has to uniquely identify this given destination destination driver Is a method of outputting a
93. Web server by following these instructions Step A Open a Cyclades Terminal Server session and do the login Step B Join the certificate with the private key into the file web server pem cat Cert cer private key gt web server pem Step C Copy the certificate to the file web cert pem cp Cert cer web cert pem Step D Include the files web server pem and web cert pem in etc config files 299 Cyclades TS Appendix G Certificate for HTTP Security Step E Save the configuration in flash Step F The certification will be effective in the next reboot 300 List of Wiz Application Parameters Basic Parameters wiz Hostname System IP Domain Name DNS Server Gatew ay IP Network Mask Authentication Parameters wiz auth Authtype Authhost1 Accthost1 Authhost2 Accthost2 Radtimeout Radretries Secret User Guide 301 List of Wiz Application Parameters Terminal Appearance Parameters wiz tl Issue Prompt Alarm Parameter Wiz al Alarm Data Buffering Parameters wiz db Data_buffering Conf nfs_data_buffering Syslog_buffering Dont_show_DBmenu DB_timestamp DB_mode 302 Cyclades TS List of Wiz Application Parameters Sniffing Parameters wiz snf Admin users Sniff mode Escape char Multiple sessions Syslog Parameters wiz sl Conf facility e Conf DB facility Terminal Server Profile Other Parameters wiz tso Host Term
94. a serial port in one line configure line serial port number tty lt string gt protocol lt string gt Step 3 To exit the CLI Type exit or quit after the CLI prompt Step 4 To activate your new configurations type signal_ras hup 89 Cyclades TS Chapter 3 Additional Features Authentication Authentication is the process of identifying an individual usually based on a username and password In security systems authentication is distinct from authorization which is the pro cess of giving individuals access to system objects based on their identity Authentication merely ensures that the individual is who he or she claims to be but says nothing about the access rights of the individual With the Cyclades TS authentication can be performed locally or with aremote Radius or Tacacs database Parameters Involved and Passed Values The authentication feature utilizes the following parameters all authtype Type of authentication used There are several authentication type options User Guide local authentication is performed using the etc passwd file radius authentication is performed using a Radius authentication server TacacsPlus authentication is performed using a TacacsPlus authen tication server none local radius authentication is performed locally first switching to Radius if unsuccessful radius local the opposite of the previous option RadiusDownLocal local authentication
95. actly as for CAS 109 Cyclades TS Chapter 3 Additional Features Configuration for Dial in Access vi Method This is done exactly as for CAS Data Buffering Introduction Data buffering can be done in local files or in remote files through NFS When using remote files the limitation is imposed by the remote Server disk partition space and the data is kept in linear sequential files in the remote Server When using local files the limitation is imposed by the size of the available ramdisk You may wish to have data buffering done in file syslog or both For syslog all syslog buffering and con DB facility are the parameters to be dealt with and syslog ng conf file should be set accordingly please see Syslog for the syslog ng configuration file For the file pslave conf all data_buffering is the parameter to be dealt with Conf nfs_dat_buffering is the max file size per port When commented it indicates local data buffering This parameter is a remote network file system where data buffering will be writ ten instead of using the default directory var run The directory tree to which the file will be written must be NFS mounted If data buffering is turned on for port 1 for example the data will be stored in the file ttyS1 data or lt serverfarm1 gt data if sl serverfarm was config ured in the directory and server indicated by this variable The remote host must have NFS installed and the administrator must create expor
96. ades RJ 45 to DB 25 Male Straight Through 5 231 38 Cable 2 Cyclades RJ 45 to DB 25 Female Male Crossover 00 eee 232 39 Cable 3 Cyclades RJ 45 to DB 9 Female Crossover 0 cece cece eee 232 40 Cable 4 Cyclades RJ 45 to Cyclades RJ 45 Crossover ccc eee eee 233 41 Loop Back Connector cua sesqibvs nee he a D ERR RI ee Wake sew PIE es 233 42 CAT 5e Inline Coupler Sun NetraAdapter 0 00 0 cece eee 234 43 RJ 45 Female to DB 25 Male Adapter 0 c cece eee 234 44 RJ 45 Female to DB 25 Female Adapter 00 00 c cece eee ee 235 45 RJ 45 Female to DB 9 Male Adapter 0 00 c eect eee 235 46 RJ 45 Female to DB 9 Female Adapter 0 0 cece eee 236 47 DB 25 Male to DB 9 Female Adapter 00 cece cette 236 AS Pin assignimient Control esos veniente A esteem anew M DURAS bea ge ee 238 307 Cyclades TS List of Figures 49 Cable 1 for TS100 DB 9 Female to DB 9 Female Crossover half duplex 238 50 Cable 2 for T5100 DB 9 Female to DB 9 Female Crossover full duplex 239 51 Cable 2 for TS100 Block Connector to Block Connector Crossover half duplex 239 52 Cable 4 for T5100 Block Connector to Block Connector Crossover full duplex 240 53 Data flow diagram of Linux PAM 0 ccc cette eens 263 54 Anlltial test cares o Ee RC e EORR a Re de as he du he et Ae 287 55 Second screen showing changed positions 0 c
97. ades TS master box and one or more Cyclades TS slave boxes If the user selects 1 the following screen is displayed Serial Console Server Connection Menu for your Master Terminal Server 1 ttyS1 2 ttyS2 3 s3serverfarm Type q to quit b to return to previous menu a valid option 1 3 or anything else to refresh Options 1 to 3 in this case are serial ports configured to work as a CAS profile Serial port 3 is presented as an alias name s3serverfarm When no name is configured in pslave conf ttyS lt N gt is used instead Once the serial port is selected the username and password for that port in case there is a per user access to the port and U is passed as parameter will be pre sented and access is granted To access remote serial ports the presentation will follow a similar approach to the one used for local serial ports Thets menu script has the following line options p Displays Ethernet IP Address and TCP port instead of server names Cyclades TS Serial Console Server Connection menu 1 209 81 55 79 7001 2 209 81 55 79 7002 3 209 81 55 79 7003 4 209 81 55 79 7004 5 209 81 55 79 7005 6 209 81 55 79 7006 Type q to quit a valid option 1 6 or anything else to refresh 4 Displays Local IP assigned to the serial port instead of server names Cyclades TS Serial Console Server Connection menu 223 Cyclades TS Appendix A New User Background Information L 192 168 1 101 2 192 168 1 102 3
98. all multiple sessions is configured as no then only two users can connect to the same port simultaneously If it is configured as yes User Guide 178 Additional Features Chapter 3 more Simultaneous users can sniff the session or have read write permissions Please see details in Session Sniffing in Chapter 3 of the system s manual all admin_users 3 ALL SNIFF MODE This parameter determines what other users connected to the very same port can see of the Session of the Second session first connected user main session The is called a sniff session and this feature is activated whenever the protocol is set to Socket ssh or socket server e g in shows data written to the port out shows data received from the port i o shows both streams all sniff mode out Screen 3 KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK A KG KK ko ko ko kockok X CONFIGURATION WIZARD exeeex KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK INSTRUCTIONS You can 1 Enter the appropriate information for your system and press ENTER Enter if you want to deactivate t hat parameter or 2 Press ENT within the b ER if you are satisfied with the value rackets and want to go on to the next parameter or 3 Press ESC 179 if you want to exit Cy
99. alue 200 200 200 2 Example value 200 200 200 3 Example value 200 200 200 3 This is the timeout in seconds for a Radius TacacsPlus authentication query to be answered The first server authhost1 is tried radretries times and then the second authhost2 if configured is contacted radretries times If the second also fails to respond Radius TacacsPlus authentication fails Example value 3 Defines the number of times each Radius TacacsPlus server is tried before another is contacted The default if not configured is 5 This is the shared secret password necessary for communication between the Cyclades TS and the Radius TacacsPlus servers Example value rad secret Cyclades TS Chapter 3 Additional Features Configuration for CAS vi Method The parameters described above must be changed by directly editing the etc portslave pslave conf file Browser Method To configure Authentication with your browser Step 1 Follow the steps 1 to 4 in the section titled Configuration for CAS Browser Method on page 69 Step 2 Scroll to the Authentication section Scroll down to the Authentication section and configure the parameters in this section Wizard Method Step 1 Bring up the wizard At the command prompt type the following to bring up the Authentication custom wizard wiz auth Screen 1 will appear Screen 1 KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK X x C
100. ame gt CC address b lt name gt lt name gt Bcc address r lt name gt lt name gt Reply to address lt name gt From address User Guide 197 Chapter 3 Additional Features lt text gt Subject m V text message gt M essage h IP address or name gt SMTP server p lt port gt Port used default 25 To mount the message use this macro FULLDATE The complete date when the message was sent FACILITY The facility of the message PRIORITY or The priority of the message LEVEL PROGRAM The message was sent by this program BUFFERING or SOCK HOST The name of the source host FULLHOST The name of the source host and the source driver Format lt source gt lt hostname gt MSG or MESSAGE The message received Example to send e mail to zgnone com SMTP s IP address 10 0 0 2 from the e mail address a none com with subject TS ALARM The message will carry the current date the host name of this TS and the message that was received from the source destination d_maill pipe dev cyc_alarm template sendmail t z none com f a none com s TS ALARM m SFULLDATE SHOST MSG h 10 0 0 2 User Guide 198 Chapter 3 Additional Features 2 To send to pager server sms server destination ident pipe dev cyc_alarm template sendsms lt pars gt where ident uniquely identify this destination pars d mobile phone number
101. anagement Slave 2 Slave 1 Master Workstation Ethernet IP Ethernet IP Ethernet IP IP Address Address 20 20 20 3 Address 20 20 20 2 Address 20 20 20 1 20 20 20 10 Secondary Address 209 81 55 110 Router Ethernet IP Address 209 81 55 111 Remote Management Workstation Figure 23 An example using the Clustering feature 99 Cyclades TS Chapter 3 Additional Features Parameters Involved and Passed Values The Master Cyclades TS must contain references to the Slave ports The configuration described earlier for Console Access Servers should be followed with the following excep tions for the Master and Slaves Table 6 Master Cyclades Configuration where it differs from the CAS standard T Value for this Parameter Description example conf eth ip Ethernet Interface IP address 20 20 20 1 conf eth ip alias Secondary IP address for the Ethernet Interface needed for clustering feature 209 81 55 110 conf eth mask alias Mask for secondary IP address above 255 255 255 0 all socket port This value applies to both the local ports and ports on slave Cyclades TS 7001 master TS file for every slave port Its for mat is IP of Slave slave socket port for non master ports In this case the slave socket port value is not necessary because s33 socket port is automatically set to 7033 by all socket port above all protocol Depends on the application Socket ssh or socket s
102. ange the settings for all ipno all socket port and all protoool in this section User Guide 70 Chapter 3 Additional Features Cyclades T 1000 Configuration All Serial Ports Microsoft Internet Explorer Ele Edit View Favorites Tools Help ze 2 9 Back Forward Stop Refresh Home 3 B amp m s Mail Print Edit Discuss Realcom Search Favorites History Address http 192 168 160 10 tead sportcta asp z eGo Was le searen attempting to connect to Yahoo Ram Disk Usage RADIUS password required System Information Access Restriction o Profile Protocol Socket Server Remote IP Address 192 168 1 101 Iv incremented et P 7001 W incremented Terminai Serv 192 168 160 8 hn x TSLINUX Portslave Interne Banner hnn 4 Login Prompt E enon z Terminal Type hmo gt Automatic User i r aS ON NUMMUS sm lcs EIE depo intemet lE Done Figure 21 Profile Section of Serial Port Configuration page Step 7 Scroll to the Authentication Section You can configure the parameter all users here under Access Restriction on Users Step 8 Scroll to CAS Section You can configure the following parameters here all poll interval all tx interval all idletimeout Step 9 Configure s n serverfarm Scroll to the SSH section As with the following t
103. apter shows the screen flow and input values needed for this configuration mode If you choose the CLI Command Line Interface method this allows you to configure certain parameters for a specified serial port or some netw ork related parameters Specifics of this method is discussed under the appropriate option title in Chapter 3 Additional Features Default Configuration Parameters Ethernet 192 168 160 10 Netmask 255 255 255 0 e CAS configuration e Socket server in all ports access method is telnet 9600 bps 8N1 No Authentication 30 Cyclades TS Chapter 2 Installation and Configuration Pre Install Checklist There are several things you will need to confirm prior to installing and configuring the Cycla des T S Root Access You will need Root Access on your local UNIX machine in order to use the serial port HyperTerminal If you are using aPC you will need to ensure that HyperTerminal Kermit or Minicom is set up on your Windows operating system If you have a UNIX operating system you will be using Kermit or Minicom IP Address of PC or You will need to locate the IP address of your PC or workstation terminal the Cyclades TS and the machine that resolves names on your Cydades TS network Your Network Administrator can supply you with these NameServer and If there is outside access to the LAN that the Cyclades TS will be Gateway connected with you will need the gateway IP address as well Netw
104. ard configuration screen You will want to configure the following settings e Hostname e System IP Domain Name 34 Cyclades TS Chapter 2 Installation and Configuration Primary DNS Server e Gateway IP e Network Mask After you input the requested parameters you will receive a confirmation screen Your current configuration parameters are Hostname CAS System IP 192 168 160 10 Domain name cyclades com Primary DNS Server 197 168 160 200 Gateway 192 168 160 10 Network Mask 255 255 255 0 If the parameters are correct Y should be typed otherwise type N and then C when asked to change the parameters or quit the program After the parameters are confirmed the next question will be whether to save the configuration to flash Select Y to make the new configuration permanent in non volatile memory After you confirm and save the basic parameters you will be presented with the shell prompt From there either select to continue configuration using the vi editor or continue using a browser The Cyclades TS is now configured as a CAS with its new IP address with no authentication and accepting telnet to the serial ports You can telnet the CAS IP serial port 1 with the fol lowing command telnet IP you assigned 7001 Note Serial port 1 is configured as 9600 8N1 by default The server connected to this serial port has to have the same configuration for its serial port User Gui
105. arm was configured in the directory indicated by this variable please see also Data Buffering section for more details The remote host must have NFS installed and the administrator must create export and allow reading writing to this directory The size of this file is not limited by the value of the parameter sl data_buffering though the value cannot be zero since a zero value turns off data buffering The size of the file is dependent on the NFS server only hard drive partition size etc Value for this Example commented conf facility CAS and Dial in Access This value 0 7 is the Local facility sent to the syslog The file etc syslogng syslog ng conf contains a mapping between the facility number and the action see more in Generating Alarms in Chapter 3 Additional Features conf DB_facility This value 0 7 is the Local facility sent to the syslog with the data when syslog buffering is active The file etc syslog ng syslog ng conf contains a mapping between the facility number and the action see more on Syslog in Chapter 3 conf group Used to group users to simplify configuration of the parameter all userslater on This parameter can be used to define more than one group group_name userl user2 User Guide 245 File Appendix C The pslave Configuration Parameter all dcd CAS and TS Table 30 Mostly CAS specific Parameters Description DCD signal set
106. art rsh and rlogin There are two versions of the protocol ssh and ssh2 The Cyclades TS offers both The command to start an ssh client session from a UNIX workstation is ssh t lt user gt lt hostname gt where lt user gt lt username gt ttySnn or lt username gt socket_port or lt username gt ip_addr or lt username gt serverfarm Note serverfarm is a physical port alias It can be configured in the file pslave conf An example username cyclades TS1000 IP address 192 168 160 1 217 Cyclades TS Appendix A New User Background Information host name ts1000 servername for port 1 file_server ttyS1 is addressed by IP 10 0 0 1 or socket port 7001 The various ways to access the server connected to the port are ssh t cyclades ttyS1 ts1000 ssh t cyclades 7001 ts1000 ssh t cyclades 10 0 0 1 ts1000 ssh t cyclades file_server ts1000 ssh t l cyclades 10 0 0 1ts1000 ssh t 1 cyclades 7001 ts1000 For openssh clients version 3 1p1 or later ssh2 is the default In that case the 1 flag is used for ssh1 ssh t cyclades 7001 ts1000 openssh earlier than 3 1p1 Cyclades TS V 1 3 1 and earlier gt ssh1 will be used ssh t 2 cyclades 7001 ts1000 openssh earlier than 3 1p1 Cyclades TS V 1 3 1 and earlier gt ssh2 will be used ssh t cyclades 7001 ts1000 openssh 3 1p1 or later CycladesTS V 1 3 2 or later AlterPath Console Server version 2 1 0 or later gt ssh2 w
107. ask 255 255 255 0 200 246 93 150 Point your browser to 192 168 160 10 The login page shown in the following figure will appear Cyclades TS Chapter 2 Installation and Configuration Welcome to the Cycl File Edt View Favorites Tools Help lv ec BE eel Ee esr eps Back fowad Stop Refresh Home Search Favorites Histoy Mai Print Edt Discuss Realcom Address hitp 192 168 160 10 home asp aec Wexels Search attempting to connect to Yahoo Cyclades TS Model Host Name SW Version senven Cyclades TS1000 TSx000 V 1 3 4 Sept 01 02 401 EJ Done L p intenet Figure 10 Login page of Web Configuration Manager Step 4 Enter root as login name and tslinux as password Step 5 Click the Submit button This will take you to the Configuration amp Administration Menu page shown below 108 lanagement Ele Edt View Favorites Tools Help Ib ES icrosoft Internet Explorer Ei Search attempting to connect to Yahoo Configuration General Syslog Configuration This section contains the configuration tools Serial Port Groups Host Table General Unit description Ethernet DNS Name Service Access Data Buffering Static Routes Syslog Configuration for the syslog ng Dri BeralPots Configuration of Potslave package Es Boot Configuration Edit Text File Si Gi
108. atures Help Wizard Information Synopsis wiz OPTIONS port port number gt Note Make sure there are two hyphens before any of the options listed on the following table Table 9 General Options for the Help Wizard Option Description auth Configuration of authentication parameters tl Configuration of terminal login display parameters al Configuration of alarm parameter db Configuration of data buffering parameters snf Configuration of sniffing parameters sl Configuration of syslog parameters tso Configuration of other parameters specific to the TS profile ac lt cas or ts gt Configuration of access method parameters sset lt cas or ts gt Configuration of serial setting parameters all lt cas or ts gt Configuration of all parameters help Print this help message User Guide 144 Chapter 3 Additional Features Note To directly configure a feature for a specific serial port use the port port number option after wiz option Step 1 Bring up the wizard At the command prompt type the following to bring up the Help custom wizard you can also type wiz h wiz help Help Command Line Interface Information Synopsis 1 config configure line serial port number options OFX configure line serial port number options The comand above is valid only after entering into CLI mode This is done by first
109. ault this is not very sympathetic to a misconfigured system For example such a system is vulnerable to locking everyone out should the rest of the file become badly written The module pam_deny not very sophisticated For example it logs no information when it is invoked so unless the users of asystem contact the administrator when failing to execute a service application the administrator may not know for along while that his system is mis configured The addition of the following line before those in the above example would provide a suitable warning to the administrator default wake up This application is not configured OTHER auth required pam_warn so OTHER password required pam_warn so Having two OTHER auth lines is an example of stacking User Guide 272 Appendix D Linux PAM On a system that uses the etc pam d configuration the corresponding default setup would be achieved with the following file default configuration etc pam d other auth required pam warn so auth required pam deny so account required pam deny so password required pam warn so password required pam deny so Session required pam deny so On aless sensitive computer the following selection of lines in etc pam conf is likely to mimic the historically familiar Linux setup default standard UNIX access OTHER auth required pam unix auth so OTHER account required pam
110. be in out or i o User Guide 174 Chapter 3 Additional Features When the user selects 3 Send messages to another user the Cyclades TS will send the user s messages to all the sessions but not to the tty port Everyone connected to that port will see all the conversation that s going on as if they were physically in front of the console in the same room These messages will be formatted as Message from user PID lt lt message text goes here gt gt by the TS To inform the Cyclades TS that the message is to be sent to the serial port or not the user will have to use the menu If the administrator chooses the option 4 Kill session s the Cyclades TS will show him her alist of the pairs PID user_name and s he will be able to select one session typing its PID or all to kill all the sessions Option 5 Quit will close the current session and the TCP connection Only for the administrator users typing all escape_char or sN escape_char from the normal or sniff session or send message mode will make the TS show the previous menu If this parameter is not set in pslave conf or it contains an invalid value the regular sessions will not be allowed to return to the menu and the sniffer sessions will be able to do it typing lt CTRL Z gt In addition the regular session will only be allowed to see the menu if the protocol used is socket server or socket ssh Parameters Involved and Passed Values Sni
111. cal syslog clients to all logged root user log source sysl filter f_alert destination d_userroot User Guide 201 Chapter 3 Additional Features 3 To write all messages with levels info notice or warning and received from syslog clients local and remote to var log messages file log source sysl source s_udp filter f_messages destina tion d_messages 4 To send e mail if message received from local syslog client has the string kernel panic log source sysl filter f kpanic destination d maill 5 To send e mail and pager if message received from local syslog client has the string root login log source sysl filter f root destination d maill destina tion d pager 6 To send messages with facility kernel and received from syslog clients local and remote to remote syslogd log source sysl source s udp filter f kern destination d udpl Syslog ng Configuration to use with Syslog Buffering Feature This configuration example uses the syslog buffering feature and sends messages to the remote syslogd 10 0 0 1 Step 1 Configure pslave conf parameters In the pslave conf file the parameters of the syslog buffering feature are configured as conf DB facility 1 all syslog buffering 100 Step 2 Add lines to syslog ng conf Add the following lines by vi or browser to the file local syslog clients source src unix stream dev log destination d bu
112. can 1 Enter the appropriate information for your system and press ENTER Enter if you want to deactivate that parameter or 2 Press ENTER if you are satisfied with the value within the brackets and want to go on to the next parameter or 3 Press ESC if you want to exit ALL STOPBITS The number of stop bits for all ports all stopbits 1 ALL PARITY The parity for all ports e g none odd even all parity none Screen 4 KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK CONFIGURATION WIZARD eexqkex KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK INSTRUCTIONS You can 1 Enter the appropriate information for your system and press ENTER Enter if you want to deactivate that parameter or 2 Press ENTER if you are satisfied with the value within the brackets and want to go on to the next parameter or 3 Press ESC if you want to exit ALL FLOW This sets the flow control to hardware Software or none e g hard soft none User Guide 164 Chapter 3 Additional Features all flow none ALL DCD DCD signal se Valid values are 0 or 1 all dcd 0 a conn ection accepted regardless of t will not be closed socket connection be accepte telnet or ssh DOWN all dcd 0 Screen 5 d only WwW if th if al if the ill be request t ts the tty parameter CLOCAL In a socket se
113. ch as config hostname gt gt Table 11 Help CLI Options Synopsis 2 Option Description tp lt string gt Configuration of the IP of the Ethernet interface mask lt string gt Configuration of the mask for the Ethernet network mtu lt number gt Configuration of the Maximum Transmission Unit size User Guide 146 Chapter 3 Additional Features Requesting Help for the CLI There are two methods for requesting help for the CLI To obtain general help on the format of CLI type config help at the command prompt or if you are already in the CLI just type help after the CLI prompt Help may be requested at any point in a command by entering a If nothing matches the help list will be empty and you must backup until entering a shows the available options For example To find out possible commands that can come after config type config To find out what parameters are configurable through CLI type config configure line serial port number MODBUS is an application layer messaging protocol for client server communication which is widely used in the industrial automation It is a confirmed service protocol and offers many services specified by function codes like reading and writing registers on PLCs A protocol converter for the MODBUS protocol over the TCP IP communication stack Mod bus TCP is implemented in Cyclades TS and converts Modbus TCP ADUs from the Ethernet inter
114. clades TS Chapter 3 Additional Features ALL ESCAPE CHAR This parameter determines which character must be typed to make the session enter into menu mode The possible values are CRTL a to lt CRTL z gt and this is only valid when the port protocol is SOCket server or socket ssh Represent the CRTL character with Default value is z all escape char z ALL MULTIPLE SESSIONS Allow users to open more than one common and sniff sessions on the same port The parameter must be a yes or a no to open Default is set to no all multiple sessions no Screen 4 KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK CONFIGURATION WIZARD eeqxseex KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK Your current configuration parameters are The ones with the means it s not activated all admin_users all sniff_mode out all escape char z all multiple sessions no Are these configuration s all correct Y es or N o N If you type N Type c to go back and CORRECT these parameters User Guide 180 Chapter 3 Additional Features or q to QUIT Typing c repeats the application typing q exits the entire wiz application If you type Y Type c to CONTINUE to set these parameters for specific ports or q to QUIT Typing c leads to Screen 5 typing q leads to Screen 6 Screen 5 KKKKK
115. code without the long distance prefix Area code l 415 Phone number Connect using Direct to Com2 m 28 8 Kbps V 34 FDVSP Direct to Com Direct to Com2 Direct to Com3 1 Direct to Com4 TCP IP Winsock Figure 14 Choose a free COM port 48 Cyclades TS Chapter 2 Installation and Configuration Step 2 Configure COM port Click the Configure button hidden by the dropdown menu in the above figure Your PC considered here to be a dumb terminal should be configured to use 9600 bps 8 data bits no parity 1 stop bit and no flow control as shown in the following figure COM2 Properties 24 x Port Settings Data bits e Parity oe se Stop bits E Flow control None X Advanced Restore Defaults Bits per second Cancel Figure 15 Port Settings Step 3 Power on the Cyclades TS Step 4 Click OK on the Properties window You will see the Cyclades booting on your screen After it finishes booting you will see a login prompt User Guide 49 Chapter 2 Installation and Configuration Task_3 Modify the System Files When the Cyclades TS finishes booting a prompt will appear a flashing underline cursor in your HyperTerminal window You will modify the following Linux files to let the Cyclades TS know about its local environment etc hostname etc hosts etc resolv conf etc network st_routes etc inittab Cyclades TS100 only file e
116. com n NENTI ALL PROMPT This text defines the format of the login prompt all prompt h login User Guide 206 Chapter 3 Additional Features Screen 3 KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK x xxxxxx xx CONFIGURATION WIZARD eexx KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK Your current configuration parameters are The ones with the means it s not activated all issue r n Welcome to terminal server Sh port S p n r n r n Customer Support 510 770 9727 www cyclades com n NENN all prompt h login Are these configuration s all correct Y es or N o N If you type N Type c to go back and CORRECT these parameters Otan EO QUIT Typing c repeats the application typing q exits the entire wiz application If you type Y Type c to CONTINUE to set these parameters for specific ports or q to QUIT Typing c leads to Screen 4 typing q leads to Screen 5 Screen 4 KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK X CONFIGURATION WIZARD eskx Ck C Ck CK Ck CK C Ck CK KKK KKK KKK KK KK KKK KKK CK Ck Ck Ck Ck Ck Ck Ck Kk Ck Ck kk Sk Kk Sk Sk kA Kk kx kx x X You have 8 available ports on this system Type q to quit a valid port number 1 8 or anything lse to refresh User Guide 207 Chapter 3 Additional Features NOTE The number of available ports depends on the system you are on Typing
117. comma may NOT appear between the and the first user name The users may be local Radius or TacacsPlus User groups defined with the parameter conf group can be used in combination with user names in the parameter list Notice that these are common users not administrators e g joe mark grpl the users Joe Mark and members of grpl cannot access the port all users Screen 4 KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK KKK KKK K CONFIGURATION WIZARD eeqeex KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK A KG KK kx ko ko KKK INSTRUCTIONS You can 1 Enter the appropriate information for your system and press ENTER Enter if you want to deactivate that parameter or 2 Press ENTER if you are satisfied with the value within the brackets and want to go on to the next parameter or 3 Press ESC if you want to exit ALL POLL INTERVAL Valid for protocols socket server and raw data When not set to 0 this parameter sets the wait for a TCP connection keep alive timer If no traffic passes through the system for this period of time the system will 75 Cyclades TS Chapter 3 Additional Features send a line status message to the remote device to s uf the connection is sti up If not configured default is 1000ms If set to O0 ine status messages will not be sent to the socket client
118. cters until it receives a CR and LF from the serial port or the accumulated data reaches 256 characters Either way the accumulated data will be recorded in the data buffering file along with the current time The parameter all data buffering has to be with a non zero value for this parameter to be meaningful Ex value 0 To configure Data Buffering with your brow ser Step 1 Point your browser to the TS In the address field of your browser type 192 168 160 10 113 Cyclades TS Chapter 3 Additional Features Step 2 Step 3 Step 4 Step 5 Log in Log in as root pwd is tslinux This will take you to the Configuration and Administration page Select the Serial Ports link Click on the Serial Ports link on the Link Panel to the left of the page or in the Configuration section of the page This will take you to the Port Selection page Select port s On the Port Selection page choose all ports or an individual port to configure from the dropdown menu Click the Submit button This will take you to the Serial Port Configuration page Scroll down to the Data Buffering section You can change the settings in this section Data Buffering Maximum Buffer Size 0 disabled lo Data Buffering Mode CIR v Records the time stamp in the data buffering file yes no Buffer size to send syslog EE 40 to 255 0 disabled p Data Buffering Menu Show Menu v Alarm for Data Buffering Dont S
119. de 35 Chapter 2 Installation and Configuration To explore the Cyclades TS features either continue configuration using the vi editor from the console use a browser from a workstation and point to the Cyclades TS Configuration using a Web browser The Cyclades TS box comes with an IP address pre configured on its Ethernet interface 192 168 160 10 To access that box using your browser Step 1 Step 2 Step 3 36 Connect Hub to workstation and TS Your workstation and your TS must be on the same physical LAN Connect one RJ 45 cable from the Ethernet port of the TSto a spare port from a hub and another cable from another spare port of that same hub to the workstation used to manage the servers Add route pointing to the TS IP From the workstation issue a command to add a route pointing to the network IP address of the TS 192 168 160 0 accessed through the workstation s Ethernet interface For Linux the command would be route add net 192 168 160 0 24 gw IP address assigned to the workstation s Ethernet interface Example if the workstation has IP address 200 246 93 150 the command would be route add net 192 168 160 0 24 gw 200 246 93 150 For Windows the command would be route add 192 168 160 0 mask 255 255 255 0 IP address assigned to the workstation s Ethernet interface Example if the workstation has IP address 200 246 93 150 the command would be route add 192 168 160 0 m
120. difference between option 0 and option 2 is as follow s When 0 a menu with databuffering options is shown when a non empty data buffering file is found When 1 the data buffering menu is not show n When 2 the data buffering menu is shown if not empty When 3 the data buffering menu is shown but without the erase and show and erase options User Guide 120 Chapter 3 Additional Features The DHCP Dynamic Host Configuration Protocol Client is available for firmware versions 1 2 x and above DHCP is aprotocol that allows network administrators to assign IP addresses automatically to network devices Without DHCP or asimilar protocol like BOOTP each device would have to be manually configured DHCP automatically sends a new IP address to a connected device when it is moved to another location on the network DHCP uses the concept of a fixed time period during which the assigned IP address is valid for the device it was assigned for This lease time can vary for each device A short lease time can be used when there are more devices than available IP numbers For more information see RFC 2131 Parameter Involved and Passed Values The DHCP client on the Ethernet Interface can be configured in two different ways depend ing on the action the Cyclades TS should take in case the DHCP server does not answer the IP address request 1 No action is taken and no IP address is assigned to the Ethernet Interface most common conf
121. dress and press Enter The Gateway is a node on a network that serves as an entrance point into another network See your network administrator to find out your organization s gatew ay address Gateway IP eth0 192 168 160 10 Enter Netmask and press Enter The Netmask is a string of Os and 1s that mask or screen out the host part of an IP address so that only the network part of the address remains Netmask 255 255 255 0 Review configuration parameters You will now have the parameters you just configured displayed back to you Your current configuration parameters are Hostname CAS System IP 192 168 160 10 Cyclades TS Chapter 3 Additional Features Domain Name cyclades com Primary DNS Server 192 168 160 200 Gateway 192 168 160 10 Network Mask 255 255 255 0 Are all these parameters correct Y es or N o N Step 10 Type y or n or press Enter Type y if all parameters are correct Type n or just press ENTER if not all the param eters are correct and you want to go back and redo them If n is entered this is displayed Type c to go back and CORRECT the current configuration parameters or q to QUIT Step 11 If you typed n in Step 10 type cor q As directed by the prompt type c to go back to very beginning of this application to change the parameters Type qto exit Step 12 If you typed y in Step 10 choose whether to save to flash Flash is a type of memory that will maintain the inf
122. dule Path rere et Bava xe ete i e e teet 268 Arguttients ences vete ume ep ile ae eee EROR Sui eq ous 270 Directory based Configuration i sese 271 D amp faulbPOollCy utis igitnr duse rire te E E ded Rd GA Lotte ate deze haya dena 272 Reference s uus oue BEA Ate A tae a cde ba OR UR CH be ide Fe HS RT 278 Appendix E Customization and the Cydades Developer Kit Introduction ott do tette estt RE ot tete e da 279 The Customization Process isee tenet n teens 280 The Cyclades Development Kit 0 0 tee 280 Appendix F Software Upgrades and Troubleshooting Upgrades sae duree ack deus ere p eerepuo er erae ria e d sea 281 The Upgrade Process cece cette nn 281 Troubleshooting 25454 um epp ex aera tran ee date fea ds 283 Flash Memory LOSS vit heroe e eh 4er eae Bell RE 283 Hardware Test pease marearen ie Gage be ee Boa G aes etur pup aon 286 POL TEST x oen tee wae cane eek SCR UR ee ecu ele 286 ROFECONVERSALION rans stt ater tate ee metes Darin ue E E tado erue fee tice 287 Test Signals Manually lisessseeee nn 287 Single User Mode 00 c cece eee tees 288 Troubleshooting the Web Configuration Manager isses 290 User Guide Table of Contents What to do when the initial Web page does not appear 290 How to restore the Default Configuration of the Web Configuration Manager 0 cect n n 290 Using a different speed for the Serial Console
123. dware flow control Applications that do not require such features have just to configure NO hardware flow control and NO DCD detec tion on their side Both ends should have the same configuration for better use of the com plete version of the cables Cable 1 Cyclades RJ 45 to DB 25 Male Straight Through Application This cable connects Cyclades products serial ports to modems and other DCE RS 232 devices After connecting the appropriate adaptor to the RJ 45 straight through cable you will essentially have the cable shown in this picture RJ 45 DB 25 Male Male TxD 3 7 7 TxD 2 RxD 6 eo RxD3 Gnd 4 Gnd 7 D_RRa X X X X _ __ DTR20 DSR 8 a DSR 6 DCD7 DCD8 RTS 1 7 RTS4 CTS 5 E e CTS 5 Figure 37 Cable 1 Cyclades RJ 45 to DB 25 Male Straight Through User Guide 231 Appendix B Cabling Hardware amp Electrical Cable 2 Cyclades Rj 45 to DB 25 Female Male Crossover This cable connects Cyclades products serial ports to console ports terminals printers and other DTE RS 232 devices After connecting the appropriate adaptor to the RJ 45 straight through cable you will essentially have the cable shown in this picture RJ 45 DB 25 Custom F M TxD 3 7 RD3 RxD 6 SS TxD 2 Gnd 4 _ _ _ _ _ _ _ _ __ Gnd7 DTR2 lt lt DSR6 DSR 8 EE DCD 8 DCD7 DTR 20 RTS 1 CTS 5 CT 5
124. e The file etc syslog ng syslog ng conf contains a mapping between the facility number and the action Please see the Syslog ng Configuration to use with Syslog Buffering Feature section under Generating Alarms in Chapter 3 the system s manual for the syslog ng configuration file conf DB facility 0 Screen 3 KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK ko ko ko k oko X CONFIGURATION WIZARD eexeeex Dk Ck kk Ck CK Ck Ck CK Ck Ck CK Ck Ck Ck KC Ck C CC Ck Kk CC Ck Ck CK Ck Ck Ck Ck CK kk Ck Sk Ck Ck Sk Sk Pk Sk ke kA Mk kx kx o Your current configuration parameters are The ones with the means it s not activated conf facility 7 conf DB facility 0 Are these configuration s all correct Y es or N o N If you type N Type c to go back and CORRECT these parameters or q to QUIT Typing c repeats the application typing q exits the entire wiz application If you type Y Type c to CONTINUE to set these parameters for Specific ports or q to QUIT Typing c leads to Screen 4 typing q leads to Screen 5 User Guide 188 Chapter 3 Additional Features Screen 4 KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK KKK KKK KKK KKK ck ck ok ck ck k ck ck k ck kk kk Yk CONFIGURATION WIZARD xx x Cc CK C Ck Ck Ck 0 C00 Ck Ck C CC cC Ck Ck ck ck ck CC ck ck ck ck kk C ck ck ck Sk ko A Sk ko Sk ck ko ko kx Ax X You have 8 available ports on this system Type q to
125. e linear buffering is not possible as there is no way to stop reception through the serial line Default is cir Value for this Example cir all DB timestamp CAS Records the time stamp in the data buffering file 1 or not 0 If it is configured as 1 the software will accumulate input characters until it receives a CR an LF from the serial port or the accumulated data reaches 256 characters Either way the accumulated data will be recorded in the data buffering file along with the current time The parameter all data buffering has to be with a non zero value for this parameter to be meaningful 250 Cyclades TS Appendix C The pslave Configuration File Parameter all syslog bufferi ng CAS Table 30 Mostly CAS specific Parameters Description When non zero the contents of the data buffer are sent to the syslogng every time a quantity of data equal to this parameter is collected The syslog level for data buffering is hard coded to level 5 notice and facility conf DB facility The file etc syslog ng syslog ng conf should be set accordingly for the syslog ng to take some action See Syslog ng Configuration to use with Syslog Buffering Feature Value for this Example all dont show DBmenu CAS When zero a menu with data buffering options is shown when a nonempty data buffering file is found When 1 the data buffering menu is not shown When 2 the data buffering men
126. e defines communication parameters such as parity number of bits per character number of stop bits and the baud rate Both sides must be configured with the same parameters That is the first thing to verify if you think you have the correct cable and things still do not work The most common configuration is 8N1 8 bits of data per character no parity bit included with the data 1 stop bit to indicate the end of a character The baud rate in a RS 232 line translates directly into the data speed in bits per second bps Usual transmission speeds range between 9 600 bps and 19 200bps used in most automation and console applications to 115 200 bps used by the fastest modems User Guide 227 Appendix B Cabling Hardware amp Electrical The original RS 232 specifications were defined to work at amaximum speed of 19 200 bps over distances up to 15 meters or about 50 feet That was 30 years ago Today RS 232 inter faces can drive signals faster and through longer cables As a general rule consider Ifthe speed is lower than 38 4 kbps you are safe with any cable up to 30 meters 100 feet e If the speed is 38 4 kbps or higher cables should be shorter than 10 meters 30 feet e If your application is outside the above limits high speed long distances you will need better quality low impedance low capacitance cables Successful RS 232 data transmission depends on many variables that are specific to each envi ronment Th
127. e established by an administrator User Guide 172 Chapter 3 Additional Features defined by the parameter all admin users or sN admin users in the file pslave conf exception authentication none anyone can open a sniffer The first connection alw ays opens a common session After the second connection has been established and the user is authenticated the Cyclades TS shows the following menu to the administrator user ttySN is being used by user name 1 Assume the main session 2 Initiate a sniff session 3 Quit Enter your option If the second user is not an administrator his connection is automatically refused This description is valid for all of the available protocols socket server socket ssh or raw data Versions 1 3 3 and later Users will be ableto open more than one common and sniff session at the same port For this purpose the following configuration items are available in the file pslave conf e all multiple sessions valid for all the serial ports must be yes or no The default value is no e sN multiple sessions valid only for port N must be yes or no If itis not defined it will assume the value of all multiple sessions all escape char valid for all the serial ports this parameter will be used to present the menus below to the user Only characters from a to z i e CTRL A to CTRL Z will be accepted The default value is z CTRL Z 17
128. e general rules above are empirical and have a lot of safety margins built in Connectors The connector traditionally used with RS 232 is the 25 pin D shaped connector DB 25 Most analog modems and most older computers and serial equipment use this connector The RS 232 interface on DB 25 connector always uses the same standard pin assignment The 9 pin D shaped connector DB 9 saves some space and is also used for RS 232 Most new PC COM ports and serial equipment specially when compact size is important uses this con nector RS 232 interfaces on DB 9 connectors always use the same standard pin assignment The telephonetype modular RJ 45 plug and jack are very compact inexpensive and compati ble with the phone and Ethernet wiring systems present in most buildings and data centers Most networking equipment and new servers use RJ 45 connectors for serial communication Unfortunately there is no standard RS 232 pin assignment for RJ 45 connectors Every equip ment vendor has its pin assignment 228 Cyclades TS Appendix B Cabling Hardware amp Electrical Most connectors have two versions The ones with pins are said to be male and the ones with holes are said to be female Table 24 Cables and their pin specifications RS232 Signal input output Standard Standard Cyclades Chassis Safety Ground 1 Shell Shell TxD Transmit Data O 2 3 3 RxD Receive Data 1 3 2 6 DTR Data Termi
129. e port number you have chosen For wiz ac cas an additional parameter is asked serverfarm Typing q leads to Screen 8 Screen 8 KKKKKKKKKKKKKKKKKKKKKKKKKKKKK kCck ck kck ck kck ck ck ck ck kck ck ck ck ck ckck k ck ck k ck k k kk X x CONFIGURATION WIZARD eeqeex x CK CK Ck ck Ck Ck ck kCck ck ckck ck ckck ck ckck kckck ck kckck okckck kck ck kck ck kck ck ck ck ck kck ck ck ck ck ck ck k ck ck k ck kk kk Flash refers to a type of memory that can be erased and reprogrammed in units of memory known as blocks rather than one byte at a time thus making updating to memory easier If you choose to save to flash your configurations thus far will still be in the memory of the system even after you reboot it If you don t save to flash and if you were to reboot the system all your new configurations will be lost and you will have to reconfigure the system Do you want to save your configurations to flash Y N N User Guide 78 Chapter 3 Additional Features CLI Method To configure certain parameters for a specific serial port Step 1 Step 2 Bring up the CLI At the command prompt type the following to bring up the CLI config This will show the CLI prompt config hostname gt gt Type the following after the CLI prompt To activate the serial port lt string gt should be ttyS lt serial port number gt configure line lt serial port number gt tty lt string gt To
130. e previously typed password from the preceding auth module and use that If that doesn t work then the user will not be authenticated This option is intended for auth and password modules only The module should attempt authentication with the previously typed password from the preceding auth module If that doesn t work then the user is prompted for a password This option is intended for auth modules only 270 Appendix D Linux PAM use mapped This argument is not currently supported by any of the modules in pass the Linux PAM distribution because of possible consequences associated with U S encryption exporting restrictions expose account In general the leakage of some information about user accounts is not a secure policy for modules to adopt Sometimes information such as user names or home directories or preferred shell can be used to attack a user s account In some circumstances however this sort of information is not deemed a threat displaying a user s full name when asking them for a password in a secured environment could also be called being friendly The expose account argument is a standard module argument to encourage a module to be less discrete about account information as deemed appropriate by the local administrator Any line in one of the configuration file s that is not formatted correctly will generally tend erring on the side of caution to make the authentication process fail A corre
131. e problem at his or her own expense Notice about FCC compliance for the Cyclades TS1000 and the Cyclades TS2000 In order to comply with FCC standards the Cyclades TS require the use of a shielded CAT 5 cable for the Ethernet interface Notice that this cable is not supplied with either of the prod ucts and must be provided by the customer Canadian DOC Notice The Cyclades TS does not exceed the Class A limits for radio noise emissions from digital apparatus set out in the Radio Interference Regulations of the Canadian Department of Com munications Le Cyclades TS n mete pas de bruits radio lectriques d passant les limites applicables aux appareils num riques de la classe A prescrites dans le r glement sur le brouillage radio lec trique edict par le Minist re des Communications du Canada 27 Cyclades TS Introduction and Overview This page has been left intentionally blank User Guide Chapter 2 Installation and Configuration This chapter will allow you to install and configure Cyclades TS as the default CAS configura tion Please read the entire chapter before beginning A basic installation and configuration should take a half hour at the most either done manually or with the Wizard The Cyclades TS operating system is embedded Linux If you are fairly new to Linux you will want to brush up prior to proceeding with this chapter with the essential background infor mation presented in Appendix A New User Back
132. e relevant Linux PAM configuration file The management functions are per formed by modules specified in the configuration file Following is a figure that describes the overall organization of Linux PAM 262 Cyclades TS Appendix D Linux PAM pam conf X auth a so X auth b so X auth c so X account bso Authentication X account d so Linux PAM X password b so conversation X session e so X session c so Y ath g so auth ELE password session X stack Application X service user Figure 53 Data flow diagram of Linux PAM The left of the figure represents the application Application X Such an application interfaces with the Linux PAM library and knows none of the specifics of its configured authentication method The Linux PAM library in the center consults the contents of the PAM configura tion file and loads the modules that are appropriate for Application X These modules fall into one of four management groups lower center and are stacked in the order they appear in the configuration file These modules when called by Linux PAM perform the various authentication tasks for the application Textual information required from or offered to the user can be exchanged through the use of the application supplied conversation function 263 Cyclades TS Appendix D Linux PAM The Linux PAM Configuration File Linux PAM is designed to provide the system
133. e to the Cyclades T S s software However Cyclades does not provide free technical support for systems modified in this way Any changes are the responsibility of the user The Cyclades Developer Kit CDK is available on the Cyclades Web site Contact Tech Support to download the CDK 280 Cyclades TS Appendix F Upgrades and Troubleshooting Users should upgrade the Cyclades TS whenever there is a bug fix or new features that they would like to have Below are the six files added by Cyclades to the standard Linux files in the proc flash directory when an upgrade is needed They are e boot ori original boot code boot alt alternate boot code Syslog event logs not used by Linux config configuration parameters only the boot parameters are used by the boot code zlmage Linux kernel image script file where all Cyclades TS configuration information is stored The Upgrade Process To upgrade the Cyclades TS follow these steps Step 1 Log in to the TS as root Provide the root password if requested Step 2 Go to the proc flash directory using the following command cd proc flash Step 3 FTP to the host where the new firmware is located Log in using your username and password Go to the directory where the firmware is located Select binary transfer and get the firmware file Example hostname server directory tftpboot username admin Note The destination file name in the proc flash direct
134. e with Syslog Buffering Feature 3 Syslog ng Configuration to use with Multiple Remote Syslog Servers Syslog ng and its Configuration The five tasks previously mentioned are detailed below Task 1 Specify Global Options You can specify several global options to syslog ng in the options statement options optl params opt2 params where optn can be any of the following time reopen n The time to wait before a dead connection is reestablished time reap n The time to wait before an idle destination file is closed sync freq n The number of lines buffered before written to file The file is synced when this number of messages has been written to it mark freq n The number of seconds between two MARKS lines log fifo size n The number of lines fitting to the output queue chain hostname Enable disable the chained hostname format yes no or long hostname yes no User Guide 190 Chapter 3 Additional Features use time recvd yes no use_dns yes no gc idle threshold n gc busy threshold n create dirs yes no owner name group name perm mask Use the time a message is received instead of the one specified in the message Enable or disable DNS usage syslog ng blocks on DNS queries so enabling DNS may lead to a Denial of Service attach Sets the threshold value for the garbage collector when syslog ng is idle GC phase starts when the number of allocated objects reach this nu
135. ear on the console rootG none If the password or username was forgotten execute the following commands passwd saveconf reboot For configuration problems the user has two options Step 1 Edit the file s causing the problem with vi then execute the commands saveconf reboot Step 2 Reset the configuration by executing the commands echo 0 proc flash script reboot If the problem is due to an upgrade dow ngrade a second downgrade upgrade will be neces sary to reverse the process First the network must be initialized in order to reach a ftp server Execute the following script replacing the parameters with values appropriate for your system If your ftp server is on the same network asthe TS the gw and mask parameters are optional User Guide 289 Appendix F Upgrades and Troubleshooting config ethO0 ip 200 200 200 1 mask 255 255 255 0 gw 200 200 200 5 At this point the DNS configuration in the file etc resolv conf should be checked Then download the kernel image using the ftp command Troubleshooting the Web Configuration Manager What to do when the initial Web page does not appear Try pinging telnetting or tracerouting to the Cyclades TS to make sure it is reachable If not the problem is probably in the network or network configuration Are the interfaces up Are the IP addresses correct Are filters configured which block the packets If the Cyclades T Sis reachable see if the bin webs
136. eca c b AE de e o Pe a teo A AVA OA 49 16 The etc hostname file with hostname typed in 0 0 eee 51 17 Contents of the etc hosts file aaa 51 18 Configuration and Administration page ccc eee eens 69 19 Port Selection page 0 cece n 70 20 Serial Port Configuration page top 0 2 70 21 Profile Section of Serial Port Configuration page cece eee 71 22 Serial Ports Users Group Table Entry page 0 cece eee 72 23 An example using the Clustering feature 0 ccc eee 99 24 Example of Centralized Management 00 c ccc eee 104 User Guide 306 List of Figures 25 EOC Text FIlG page sei tiita sa dtp tote er eR Oe EAD Aeg ed 109 26 Data Buffering section of the Serial Port Configuration page menu dropdown 114 27 Data Buffering section of the Serial Port Configuration page mode dropdown 115 28 Data Buffering section of the General page 0 cece ee 115 29 Page 1 of IP Chain filtering res d un Taaa mmm 128 30 IP ChainsInformation page ios ee ceerde naeia e A n 129 31 1 P Statistics pagen enpa aint ie eee RI IE EIN REA RIAL Sepe 129 32 Modbus application osuin siiagi aaa Hs 148 33 Ports configured for Dialin Access 1 0 ccc cette eens 153 34 Terminal Server diagram e nn 155 35 Sniff Session section of the Serial Port Configuration page issues 177 36 Syslog page l esce oo rep oR eR ng ane utu evectus 186 37 Cable 1 Cycl
137. ece eee 288 56 Serial Port Connection page eet ttt 294 57 Port Connection Page iii duerme Ta dar ee aie 295 58 SSH User Authentication page 6 esee nn 295 User Guide 308 List of Tables 1 Hardware vs Configuration Methods 0 cette ete 30 2 Configuration Section cee eee teen E E A 40 3 Web User Management Section 0 0 cc cece tees 40 4 Administration Section 0 cece 41 5 Information Section sc evnaalowe iss veiveesctteeer i pa eee Pees See 41 6 Master Cyclades Configuration where it differs from the CAS standard 100 7 Cyclades TS configuration for Slave 1 where it differs from the CAS standard 102 8 Cyclades TS configuration for Slave 2 where it differs from the CAS standard 102 9 General Options for the Help Wizard 1 0 ccc cee eas 144 10 Help CLI Options Synopsis1 1 cette 145 11 Help CLI Options Synopsis2 cece nn 146 12 Modbus pslave conf port specific parameters only where they differ from the standard CAS profile erp tairo 00 ccc tees 149 Bevi modes o De ee on eae xmi qe n io 214 14 vi navigation commands 0 cette eens 215 15 vi file modification commands 0 00 c eect ee 215 16 vi line modecommands 000 0 cece eee tees 216 17 Process teble sad Syn havnyecunysee od eee Ato oe need Code a E doe Racor ed aiid 221 18 Cyclades TS power requirements 0 0 cc eect ene 225 19 Cyclades TS envi
138. ecific to the operating system lib Contains shared libraries proc Contains process information mnt Contains information about mounted disks opt Location where packages not supplied with the operating system are stored User Guide 212 Appendix A New User Background Information tmp Location where temporary files are stored usr Contains most of the operating system files var Contains operating system data files Basic File Manipulation Commands The basic file manipulation commands allow the user to copy delete and move files and cre ate and delete directories cp file name destination Copies the file indicated by file name to the path a cp text txt tmp indicated by destination a Copies the file text txt b cp chap robo php excess php in the current directory to the tmp directory b Copiesthe file robo php in the chap directory to the current directory and renames the copy excess php rm file name Removes the file indicated by file name mv file name destination Moves the file indicated by file name to the path indicated by destination mkdir directory name Creates a directory named directory name a mkdir spot 8 creates the directory spot in the current b mkdir tmp snuggles directory b creates the directory snuggles in the directory tmp rmdir directory name Removes the directory indicated by directory name Other commands allow the user to change directories and see the contents of a di
139. ed only with unix_stream Default 10 These drivers let you receive messages from the network and as the name of the drivers show you can use both TCP and UDP None of tcp and udp drivers require positional parameters By default they bind to 0 0 0 0 514 which means that syslog ng will listen on all available interfaces Options ip lt ip address gt The IP address to bind to Default 0 0 0 0 port lt number gt UDP TCP port used to listen messages Default 514 max connections n Limits the number of simultaneously opened connections Default 10 Opens the specified file and reads messages Opens a named pipe with the specified name and listens for messages You ll need to create the pipe using mkfifo command Some Examples of Defining Sources 1 To read from a file source identifier file fi ename Example to read messages from temp file1 file source filel file temp fi User Guide etry gs 192 Chapter 3 Additional Features Example to receive messages from the kernel source s kernel file proc kmsg 2 To receive messages from local syslogd clients source sysl unix stream dev log 3 To receive messages from remote syslogd clients source s_udp udp ip lt cliente ip gt port lt udp port gt Example to listen to messages from all machines on UDP port 514 source s_udp udp ip 0 0 0 0 port 514
140. ed over that serial port Parameters must be separated by space e 9 the following example sets igncr which tells the terminal not to ignore the carriage return on input onlcr do not map newline character to a carriage return newline character sequence on output opost post process output icrnl do not map carriage eturn to a newline character on input all sttyCmd igncr onlcr opost icrnl commented 254 Cyclades TS Appendix C The pslave Configuration File Parameter all authtype Table 30 Mostly CAS specific Parameters Description Type of authentication used There are several authentication type options local authentication is performed using the etc passw d file radius authentication is performed using a Radius authentication server TacacsPlus authentication is performed using a TacacsPlus authentication server none local radius authentication is performed locally first switching to Radius if unsuccessful radius local the opposite of the previous option RadiusDownLlocal local authentication is tried only when the Radius server is down local TacacsPlus authentication is performed locally first switching to TacacsPlus if unsuccess ful Value for this Example local s serverfarm CAS Alias name given to the server connected to the serial port Server connected seriall Note that this parameter controls the authentication required by the Cyclad
141. eface This page has been left intentionally blank Cyclades TS Introduction and Overview Cyclades is a data center fault management company that enables remote management of servers network equipment and automation devices Its products help data center managers at enterprise telecommunication and Internet companies to maximize network and server availability This results in decreased maintenance costs increased efficiency and productivity along with greater control freedom and peace of mind Cyclades advantage is providing scalable products leveraging Linux technology for flexibility and ease of customiza tion The Cyclades TS The Cyclades TS is line of Console Access and Terminal Servers that allow both local and dial in access for in band and out of band network management They run an embedded version of the Linux operating system Configuration of the equipment is done by editing a few plain text files and then updating the versions of the files on the Cyclades TS The files can be edited using the vi editor provided or on another computer with the environment and text editor of your choice The default box profile of the Cyclades TS is that of a Console Access Server You can access the Cyclades TS via three methods Aconsole directly connected to the Cyclades TS Telnet ssh over a network Abrowser And configure it with any of the following four options vi Wizard Browser Command Line Inte
142. en in this manual Audience and User Levels This guide is intended for the user who is responsible for the deployment and day to day operation and maintenance of the Cyclades TS It assumes that the reader understands net working basics and is familiar with the terms and concepts used in Local and Wide Area Net working UNIX and Linux users will find the configuration process very familiar It is not necessary to be a UNIX expert however to get the Cyclades TS up and running There are two audiences or user levels for this manual New Users These are users new to Linux and or UNIX with a primarily PC Microsoft background You might want to brush up on such things as common Linux UNIX commands and how to use the vi editor prior to attempting installation and configuration This essential background information appears in Appendix A New User Background Information It is recommended that New Users configure the Cyclades TS using a Web brow ser how ever New Users can also configure the Cyclades TS with vi the Wizard or the Command Line Interface CLI Power Users These are UNIX Linux experts who will use this manual mostly for reference Power Users can choose between configuring the Cyclades TS via Web browser vi Wizard or CLI Each configuration task will be separated into a section a clickable link on the PDF file for each user type Users then can skip to the appropriate level that matches their expertise and comfort level
143. ent than the system user data base so the root password can be different See How to change the Password Web Method Step 6 Configure using the General page The General page of the Web Configuration Manager is shown in the following figure EDIE eneral Configuration Microsol z Eie Edt View Favorites Toole Help a Wes ek H eI attempting to connect to Yahoo 9x000 Cyclades TS x oil Primary IP Address 19215916010 Network Mask 255 2552550 Secondary IP Address Network Mask Common Configuration File Name DHCP Client F inactive active C act restores last assigned mw 1500 Primary DNS Server Figure 12 General page Step 7 Configure parameters presented in the fields A menu of links is provided along the left side of the page A summary of what each link leads to is shown on Table 2 Configuration Section through Table 5 Information Section Step 8 Click on the link Web User Management gt Load Save Configuration Step 9 Click the Save Configuration button Step 10 Click on the link Administration gt Load Save Configuration 38 Cyclades TS Chapter 2 Installation and Configuration Step 11 Click the Save Configuration to Flash button The configuration was saved in flash but it is not yet running Step 12 Click on Administration gt Restart Processes gt Stop cy_ras Step 13 Click on Start cy ras
144. ent the serial port from receiving further data from the remote Then when a session is established to the serial port a flow control start RTS on or XON will be issued and data reception will then resume If all flow or s n flow is set to none neither linear nor circular buffer ing is possible Default is cir When nonzero the contents of the data buffer are sent to the syslogng every time a quantity of data equal to this parameter is collected The syslog level for data buffering is hard coded to level 5 notice and facility conf DB facility The file etc syslog ng syslog ng conf should be set accordingly for the syslog ng to take some action Example value 0 112 Chapter 3 Additional Features all dont show DBmenu all DB timestamp Configuration for CAS vi Method Files created by the software ttyS nn data s nn serverfarm Files to be modified pslave conf e etc user scripts Syslog ng conf Browser Method When zero a menu with data buffering options is shown when a nonempty data buffering file is found When 1 the data buffering menu is not shown When 2 the data buffering menu is not shown but the data buffering file is shown if not empty When 3 the data buffering menu is shown but without the erase and show and erase options Example value 0 Records the time stamp in the data buffering file 1 or not 0 If it is configured as 1 the software will accumulate input chara
145. equipment K DANGER To help prevent electric shock plug the Cyclades TS into a properly grounded power source The cable is equipped with a three prong plug to help ensure proper grounding Do not use adapter plugs or remove the grounding prong from the cable If you have to use an extension cable use a three wire cable with properly grounded plugs For the TS100 400 and 800 the grounded power cable constraint does not apply as these products have an external power supply and one power cable instead of two Important To help protect the Cyclades TS from electrical power fluctuations use a surge suppressor line conditioner or uninterruptible power supply AN AN Important Be sure that nothing rests on the cables of the Cyclades TS and that they are not located where they can be stepped on or tripped over 25 Cyclades TS Introduction and Overview Important Do not spill food or liquids on the Cyclades TS If it gets wet A contact Cyclades DANGER Do not push any objects through the openings of the Cyclades TS M Doing so can cause fire or electric shock by shorting out interior components Important Keep your Cyclades TS aw ay from heat sources and do not block A cooling vents Working inside the Cyclades TS Do not attempt to service the Cyclades TS yourself except when following instructions from Cyclades Technical Support personnel In the latter case
146. ernet interface 192 168 160 10 To access that box using telnet Step 1 Connect Hub to workstation and TS Your workstation and your TS must be on the same physical LAN Connect one RJ 45 cable from the Ethernet port of the TSto a spare port from a hub and another cable from another spare port of that same hub to the workstation used to manage the Servers 42 Cyclades TS Chapter 2 Installation and Configuration Step 2 Add route pointing to the TS IP From the workstation issue a command to add a route pointing to the network IP address of the TS 192 168 160 0 accessed through the workstation s Ethernet interface For Linux the command would be route add net 192 168 160 0 24 gw IP address assigned to the workstation s Ethernet interface Example if the workstation has IP address 200 246 93 150 the command would be route add net 192 168 160 0 24 gw 200 246 93 150 For Windows the command would be route add 192 168 160 0 mask 255 255 255 0 IP address assigned to the workstation s Ethernet interface Example if the workstation has IP address 200 246 93 150 the command would be route add 192 168 160 0 mask 255 255 255 0 200 246 93 150 Step 3 Telnet to 192 168 160 10 Step 4 Enter root as login name and tslinux as password Step 5 Type wiz and press Enter A wizard configuration screen will appear asking you a series of questions User Guide 43 Chapter 2 Installatio
147. erver all authtype Depends on the application Radius or local or none s33 tty This parameter must be created in the 20 20 20 2 7033 s33 serverfarm An alias for this port Server_on_slavel_ serial sl s33 ipno This parameter must be created in the master TS file for every slave port unless configured using all ipno 0 0 0 0 User Guide 100 Chapter 3 Additional Features Table 6 Master Cyclades Configuration where it differs from the CAS standard Parameter Description Value for this example ey See 533 tty 20 20 20 2 7034 34 serverfarm An alias for this port Server_on_slavel_ serial s2 s34 ipno See s33 ipno 0 0 0 0 35 tty See s33 tty 20 20 20 2 7035 S35 serverfarm An alias for this port Server on slavel serial s3 S35 ipno See s33 ipno 0 0 0 0 etc for s36 s64 S65 tty The format of this parameter is IP of Slave slave socket port for non master ports The value 7301 was chosen arbitrarily for this example 20 20 20 3 7301 S65 serverfarm An alias for this port Server on slave2 serial sl 65 ipno See s33 ipno 0 0 0 0 S66 tty See s65 tty 20 20 20 3 7302 S66 serverfarm An alias for this port Server on slave2 serial s2 S66 ipno See s33 ipno 0 0 0 0 567 tty See 565 tty 20 20 20 3 7303 S67 serverfarm An alias for this port Serve
148. ervice associated with this entry Frequently the ser vice name is the conventional name of the given application For exam ple ftpd rlogind su etc There is a special service name reserved for defining a default authentication mechanism It has the name OTHER and may be specified in either lower or upper case characters Note when there is a module specified for a named service the OTHER entries are ignored Moduletype One of currently the four types of module The four types are as follow s User Guide 264 Appendix D Linux PAM Control flag 265 Auth This module type provides two aspects of authenticating the user First it establishes that the user is who they claim to be by instructing the application to prompt the user for a password or other means of identification Second the module can grant group membership independently of the etc groups or other privileges through its credential granting properties Account This module performs non authentication based account management It is typically used to restrict or permit access to a service based on the time of day currently available system resources maximum number of users or perhaps the location of the applicant user root login only on the console Session Primarily this module is associated with doing things that need to be done for the user before or after they can be given service Such things include the logging
149. es TS The authentication required by the device to which the user is connecting is controlled separately s2 tty CAS See the s1 tty entry in the following table ttyS2 User Guide 255 Appendix C The pslave Configuration File Table 30 Mostly CAS specific Parameters Example s8 tty CAS See the s1 tty entry in the following table ttyS8 AS Setup Scenario As shown in Figure 1 Console Access Server diagram our CAS with local authentication scenario has either telnet or ssh a secure shell session being used After configuring desired additional parameters execute the command signal ras hup to acti vate the changes At this point the configuration should be tested A step by step check list follow s Step 1 Create a new user Run the adduser username to create a new user in the local database Create a password for this user by running passwd username Step 2 Confirm physical connection Make sure that the physical connection between the Cyclades TS and the servers is correct A cross cable not the modem cable provided with the product should be used Please see Appendix B Cabling Hardware and Electrical Specifications for pin out diagrams Step 3 Confirm that server is set to same parameters as the TS The Cyclades TS has been set for communication at 9600 bps 8N1 The server must also be configured to communicate on the serial console port with the same parameters
150. ess the LAN Radius authentica tion is used in this example and ppp is chosen as the protocol on the serial dial up lines Cyclades recommends that a maximum of two ports be configured for this option a Port 1 Modem Speed 57600 AlterPath ACS32 Ethernet Interface 200 200 200 1 r EM r E Syslog Server adius PC PC 200 200 200 3 Authentication IP 200 200 200 11 IP 200 200 200 42 Server IP 200 200 200 2 Figure 33 Ports configured for Dial in Access In addition to the parameters which are common to all setups and which appear in Appen dix C The pslave Configuration File you may also configure additional parameters if you wish to configure some ports for Dial in Access These are also listed in the same section under Dial in Access Parameters After configuring the desired parameters execute the com mand signal_ras hup to activate the changes At this point the configuration should be tested A step by step check list follows Note If you add a user through the Web browser the user does not actually get added to the list of users allowed to access the actual TS unit 153 Cyclades TS Chapter 3 Additional Features Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Create a new user Since Radius authentication was chosen create anew user on the Radius authentication server called test and provide them with the password tes
151. etween the system and the Radius or TacacsPlus servers all secret rad secret 95 Cyclades TS Chapter 3 Additional Features Screen 6 KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK CONFIGURATION WIZARD eeqexx KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK Your current configuration parameters are The ones with the means it s not activated all authtype none all authhostl 200 200 200 2 all accthostl 200 200 200 3 all authhost2 200 200 200 2 all accthost2 200 200 200 3 all radtimeout 3 all radretries 5 all secret rad secret Are these configuration s all correct Y es or N o N If you type N Type c to go back and CORRECT these parameters or q to QUIT Typing c repeats application typing q exits the entire wiz application If you type Y Type c to CONTINUE to set these parameters for specific ports or q dco QUIT Typing c leads to Screen 7 typing q leads to Screen 8 Screen 7 KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK X CONFIGURATION WIZARD x x kkxkxkxkxkxkxkxkxkxkxkxkxkxkxkxkxkxkxkkxkkkxkkkkkkxkkkkkkkkkkkxkkkkkkkkkkkxkkkkkxkx k You have 8 available ports on this system Type q to quit a valid port number 1 8 or anything lse to refresh User Guide 96 Chapter 3 Additional Features Note The number of available ports depends on the system you are on Typi
152. etworks The first versions of SNMP were developed in the early 80s SNMP works by send ing messages called protocol data units PDUs to different parts of a network SNMP com pliant devices called agents store data about themselves in Management Information Bases MIBs and return this data to the SNMP requesters The TS uses the net snmp package http w w w net snmp org The net snmp supports snmp version 1 2 and 3 You can configure the etc snmp snmpd conf file as indicated later in this section 1 Snmp version 1 RFC1155 SMI for the official MIB tree e RFC1213 MIB4I 2 Snmp version 2 RFC2578 Structure of Management Information Version 2 SMIv2 RFC2579 Textual Conventions for SMIv2 RFC2580 Conformance Statements for SMIv2 3 Snmp version 3 RFC2570 Introduction to Version 3 of the Internet standard Network Manage ment Framework RFC2571 An Architecture for Describing SNMP Management Frameworks RFC2572 Message Processing and Dispatching for the Simple Network Manage ment Protocol SNMP RFC2573 SNMP Applications RFC2574 User based Security Model USM for version 3 of the Simple Network Management Protocol SNMPv3 User Guide 182 Chapter 3 Additional Features RFC2575 View based Access Control Model VACM for the Simple Network Man agement Protocol SNMP RFC2576 Coexistence between Version 1 Version 2 and Version 3 of the Inter net standard Network Management
153. face to plain MODBUS message frames over a serial RS 232 or RS 485 interface and vice versa supporting both serial modes ASCII and RTU 147 Cyclades TS Chapter 3 Additional Features Figure 32 Modbus application In this example the Automation Application running in the Workstation local or remote controls the PLCs connected to the serial port RS 485 of the Cyclades TS100 using MOD BUS TCP protocol The connection is opened using Cyclades TS100 Ethernet IP address and TCP port 502 Cyclades TS100 accepts the incoming connection and converts MODBUS TCP ADUs packets to plain MODBUS frames and sends them over the serial port On the other hand the MODBUS frames received from the serial port are converted to MODBUS TCP ADUs and sent through the TCP connection to the Automation Application The configuration described earlier for Console Access Servers see Figure 1 Console Access Server diagram should be followed with the following exceptions for this example User Guide 148 Chapter 3 Additional Features Table 12 Modbus pslave conf port specific parameters only where they differ from the standard CAS profile Value for Parameter Description this Example all authtype There are several authentication type options none local authentication is performed using the etc passwd file radius authentication is performed using a Radius authen tication server TacacsPlus authentication is performed usin
154. ffering udp 10 0 0 1 User Guide 202 Chapter 3 Additional Features filter f buffering facility locall and level notice send only syslog_buffering messages to remote server log source src filter f buffering destina tion d buffering Syslog ng Configuration to use with Multiple Remote Syslog Servers This configuration example is used with multiple remote syslog servers Step 1 Configure pslave conf parameters In the pslave conf file the facility parameter is configured as conf facility 1 Step 2 Add lines to syslog ng conf The syslog ng conf file needs these lines local syslog clients source src unix stream dev log remote server 1 IP address 10 0 0 1 port default destination d udpl udp 10 0 0 1 remote server 2 IP address 10 0 0 2 port 1999 destination d udp2 udp 10 0 0 2 port 1999 t filter messages from facility locall and level info to warning Filter f_locall facility locall and level info warn t filter messages from facility local 1 and level err to alert Filter f critic facility locall and level err alert send info notice and warning messages to remote server udpl log source src filter f locall destination d udp1 send error critical and alert messages to remote server udp2 log source src filter f critic destination d udp2 User
155. ffing involves the follow ing parameters 175 Cyclades TS Chapter 3 Additional Features alladmin users all sniff mode all escape char all multiple sessions Configuration for CAS vi Method This parameter determines which users can open a sniff session which is where other users connected to the very same port can see everything that a previously connected user is doing The other users connected to the very same port can also cancel the first user s session and take over If all multiple sessions seen below is configured as no only two users can connect to the same port simultaneously If all multiple sessions is configured as yes more simultaneous users can sniff the session or have read and or write permission When users want access per port to be controlled by administrators this parameter is obligatory and authtype must not be none This parameter can determine who can open asniff session or cancel a previous session User groups defined with the parameter conf group can be used in combination with user names in the parameter list Example values peter john user_group This parameter determines what other users connected to the very same port see parameter admin_users below can see of the session of the first connected user main session in shows data written to the port out shows data received from the port and i o shows both streams The second and later sessions are called sniff sessions and this feat
156. fic passes through the Cyclades TS for this period of time the Cyclades TS will send a line status message to the remote device to see if the connection is still up If not configured 1000 ms is assumed the unit for this parameter is ms If set to zero line status messages will not be sent to the socket client Example value 0 Valid for protocols socket server and raw data Defines the delay in milliseconds before transmission to the Ethernet of data received through a serial port If not configured 100ms is assumed If set to zero or a value above 1000 no buffering will take place Example value 100 Valid only for the CAS configuration protocols socket server socket ssh raw data and modbus Specifies how long in minutes a connection can remain inactive before it is cut off If set to zero the default the connection will not time out Example value 0 Used to group users to simplify configuration of the parameter all users later on This parameter can be used to define more than one group Example value group name user1 user2 The stty command which can be issued to configure the serial port Alias name given to the server connected to the serial port Server connected Example value Server connected serial1 The parameters described above must be changed by directly editing the etc portslave plsave conf file User Guide 68 Chapter 3 Additional Features Browser Method To configure Access Method with your
157. g a TacacsPlus authentication server none local radius authentication is performed locally first switching to Radius if unsuccessful radius local the opposite of the previous option RadiusDownLocal local authentication is tried only when the Radius server is down local TacacsPlus authentication is performed locally first switching to TacacsPlus if unsuccessful TacacsPlus local the opposite of the previous option TacacsPlusDownLocal local authentication is tried only when the TacacsPlus server is down Note that this param eter controls the authentication required by the Cyclades TS The authentication required by the device to which the user is connecting is controlled separately all socket_ This defines an alternative labeling system for the Cyclades 502 port TS ports The after the numerical value causes the inter faces to be numbered consecutively In this example inter face 1 is assigned the port value 7001 interface 2 is assigned the port value 7002 etc 149 Cyclades TS Chapter 3 Additional Features Table 12 Modbus pslave conf port specific parameters only where they differ from the standard CAS profile Value for Parameter Description this Example all protocol For the console server profile the possible protocols are modbus socket_server when telnet is used socket_ssh when ssh version one or two is used raw_data to exchange data in transparent mode similar t
158. ground Information Even if you area UNIX user and find the tools and files familiar do not configure this product as you would a regular Linux server The chapter is divided into the following sections e System Requirements e Default Configuration Parameters e Pre4nstall Checklist Task List e The Wizard Quick Start The Installation and Configuration Process System Requirements Cyclades recommends either of the following specifications for a configuration of the Cyclades T S Aworkstation with a console serial port or Aworkstation with Ethernet and TCP IP topology User Guide 29 Chapter 2 Installation and Configuration The following table shows the different hardware required for various configuration methods Table 1 Hardware vs Configuration Methods Hardware Configuration Method Console Console Cable constructed from vi Wizard or CLI RJ 45 straight through cable adapter Workstation Hub Ethernet Cables vi Wizard CLI or browser If you will be using vi the files that need to be changed are discussed in Configuration using Telnet in this chapter If you will be using the Wizard basic Wizard access can be found under Configuration Wizard Basic Wizard in Chapter 3 Additional Features and specifics of this method are discussed under the appropriate option title in the same chapter If you choose the browser method the Quick Start in this ch
159. guration of the TS using any browser or by editing system files with the vi editor What follows are the basic parameters to get you quickly started The files that will be eventually modified if you decide to save to flash at the end of this applica tion are 1 etc hostname etc hosts etc resolv conf etc netw ork st_routes etc netw ork ifcfg_ethO Or Mh gb w N etc portslave pslave conf 61 Cyclades TS Chapter 3 Additional Features Step 1 Enter the command wiz At the command prompt type wiz in your TS terminal to bring up the wizard You will receive an initial prompt Set to defaults y n N Step 2 Press Enter or type n or y The default answer or value to any question is in the brackets You can take one of three actions Either just press the ENTER key to execute whatever is in between the brackets or Typento NOT reset the current configurations to the Cyclades defaults or Type y to reset to Cyclades default configurations The next screen begins the configuration There are instructions for using the wizard on each screen There is also an explanation of each parameter before you are asked to configure it Tip On most of the following configuration screens the default or current value of the parameter is displayed inside brackets Just press the ENTER key if you are satisfied with the value in the brackets If not enter the appropriate parameter and press ENTER If at any time yo
160. hanism s it uses Indeed one may entirely upgrade the local authentication system without touching the applications themselves It is the purpose of the Linux PAM project to separate the development of privilege granting software from the development of secure and appropriate authentication schemes This is accomplished by providing a library of functions that an application may use to request that a user be authenticated This PAM library is configured locally with a system file etc pam conf or a series of configuration files located in etc pam d to authenticate a user request via the locally available authentication modules The modules themselves will usually be located in the directory lib security and take the form of dynamically loadable object files The Linux PAM authentication mechanism gives to the system administrator the freedom to stipulate which authentication scheme is to be used S he has the freedom to set the scheme for any all PAM aware applications on your Linux system That is s he can authenticate from anything as generous as simple trust pam permit to something as severe as a combination of a retinal scan a voice print and a one time password Linux PAM deals with four separate types of management task These are authentication management account management session management and password management The association of the preferred management scheme with the behavior of an application is made with entries in th
161. he Java Plug in is the version you have installed If you have installed JRE but the correct Java Plug in is not shown this may mean the browser is not locating the correct plugin To fix this go to the directory where your browser is installed Then make a soft link from netscape or mozilla gt plugins to the plugin module in your JRE directory User Guide 293 Appendix F Upgrades and Troubleshooting For example for Netscape In s lt jre gt plugin i386 ns600 libjavaplugin_oji so lt netscape gt plu gins where lt jre gt is the path to your Java Runtime Environment JRE installation and lt netscape gt is the path to your Netscape installation The plug in for Mozilla should be the one under lt jre gt plugin i386 ns610 After creating the link check again to see if your browser rec ognized the plug in Step by Step Process Step 1 Point your browser to the Console Server In the address field of your browser type the IP address of your Console Server 192 168 160 10 Step 2 Log in Log in as root pwd is tslinux This will take you to the Configuration and Administration page Step 3 Select the Connect to Serial Ports link Click on the Connect to Serial Ports link on the Link Panel to the left of the page in the Configuration section This will take you to the Port Selection page The ports will be listed by their serverfarm name if it were configured Serial Port Connection Logical Port v F
162. he minutes and seconds must be between 0 and 59 The second format is used when there is daylight savings time std offset dst offset start time end time There are no spaces in the specification The initial std and offset specify the Standard Time zone as described above The dst string and offset specify the name and offset for the corre sponding daylight savings time zone If the offset is omitted it defaults to one hour ahead of Standard Time The start field specifies when daylight savings time goes into effect and the end field specifies when the change is made back to Standard Time These fields may have the following for mats Jn This specifies the Julian day with n being between 1 and 365 February 29 is never counted even in leap years n This specifies the Julian day with n being between 1 and 365 February 29 is counted in leap years Mm w d This specifies day d O d lt 6 of week w 1 lt w lt 5 of month m 1 m lt 12 Week 1 is the first week in which day d occurs and week 5 is the last week in which day d occurs Day 0 is a Sunday The time fields specify when in the local time currently in effect the change to the other time occurs If omitted the default is 02 00 00 User Guide 209 Chapter 3 Additional Features In the example below GST 7DST 6M4 1 0 14 30 M10 5 6 10 Daylight Savings Time starts on the first Sunday of April at 2 30 p m and it ends on the last Saturday of October at 1
163. he ramdisk on boot The follow ing table lists files that should be included in the etc config files file and which programs use each Table 33 Files to be included in etc config file and the program to use File Program etc securetty telnet login su etc issue getty etc getty ttySO login via console etc hostname tcp etc hosts tcp etc host conf tcp etc nsswitch conf dns etc resolv conf dns etc config files saveconf etc passwd login passwd adduser etc group login passwd adduser etc ssh ssh_ host key pub sshd etc ssh sshd config sshd etc ssh ssh config ssh client etc ssh ssh host key sshd ssh1 etc ssh ssh host key pub sshd ssh1 284 Cyclades TS Appendix F Upgrades and Troubleshooting Table 33 Files to be included in etc config file and the program to use File etc ssh ssh host dsa key Program sshd ssh2 etc ssh ssh host dsa_key pub sshd ssh2 etc snmp snmpd conf snmpd etc portslave pslave conf Cy ras portslave TS configuration information etc network ifcfg ethO ifconfig ethO cy ras rc sysinit eto network ifcfg ifconfig cy ras rc sysinit etc network ifcfg lo ifconfig lo cy ras rc sysinit var run radsession id radinit radius authentication process home adduser passw d ekc nebwork st routes ifconfig cy ras rc sys
164. he server to send the SMS out and the message ID attributed to the SMS by the module s SIM card If any of these items is missing or can t be parsed a value of will be returned g Turns debugging on Will output the entire dialog with the server on stderr and more h Displays a short help message and exits x Displays version information and exits d dest Required The GSM network address i e phone number of the mobile phone the message is to be sent to Supported format is int prefix country code area code phone number The international prefix can be either or 00 or any other value supported by the GSM network provider the server is subscribed to Some separation characters can be used to beautify the number but they are purely cosmetic and will be stripped by the server Those characters are The pause character is not supported Regarding the international country code don t forget that its necessity is to be considered respective to the SMS gatew ay location the host this client program is connecting to not the location where the client is run from In case of doubt please contact the SMS server administrator for your network Please always include the area code even when sending to a destination in the same area i e on the same network The number without the area code though syntactically correct and accepted by the network may never get delivered User Guide 140 Chapter 3
165. how Menu and Ignore DBfile Don t Show Menu and Show DBfile Show Short Menu Figure 26 Data Buffering section of the Serial Port Configuration page menu dropdown User Guide 114 Chapter 3 Additional Features Data Buffering Maximum Buffer Size 0 disabled Co Data Buffering Mode CIR v Records the time stamp in the data buffering file no 0 to 255 disabled Data Buffering Menu Show Menu v Alarm for Data Buffering C yes no Figure 27 Data Buffering section of the Serial Port Configuration page mode dropdown You can also configure Data Buffering on the General page Link Panel General link Data Buffering Remote NFS path Data Buffering Facility local Figure 28 Data Buffering section of the General page On this page you can choose whether NFS will be used or not Wizard Method Step 1 Bring up the wizard At the command prompt type the following to bring up the Data Buffer custom wizard wiz db 115 Cyclades TS Chapter 3 Additional Features Screen 1 KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK X x CONFIGURATIONWIZARID S WeeeeeW Ck Ck Ck C Ck CK C Ck CK Ck Ck CK C Ck Ck KC Ck Ck CC Ck CK Ck CC Ck CK Ck Ck Ck Ck Ck Ck Ck Sk Ck Ck kk Sk Pk Sk ke kA M kx kx o Data Buffering allows capturing of data received from the serial port and saving it into local files or remote files through NFS Local file is circular and a maximum limit f
166. hown When 2 the data buffering menu is 117 Cyclades TS Chapter 3 Additional Features not shown but the data buffering file is shown if not empty When 3 the data buffering menu is shown but without the erase and show and erase options all dont show DBmenu 0 Screen 4 KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK CONFIGURATIONWIZAR D 5 eexr KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK INSTRUCTIONS You can 1 Enter the appropriate information for your system and press ENTER Enter if you want to deactivate that parameter or 2 Press ENTER if you are satisfied with the value within the brackets and want to go on to the next parameter or 3 Press ESC if you want to exit ALL DB TIMESTAMP Records the time stamp in the data buffering file 1 or not 0 In case it is configured as 1 the software will accumulate input characters until it receives a CR an LF from the serial port or the accumu lated data reaches 256 characters Either way the accumu lated data will be recorded in the data buffering file along with the current time The parameter all data buf fering has to be nonzero in order for this parameter to work all DB timestamp 0 ALL SYSLOG BUFFERING This parameter is another option to data buffering Users can also have syslog perform this function along with data buffe
167. ical Specifications Connect the loop back connector to the modem cable and then connect the modem cable to the port to be tested or connect across cable between two portsto be tested In the case of the TS100 connect the DB 25 loop back connector to the console cable using a DB 9 DB 25 convertor When tstest senses the presence of the cable or connector the test will be run automatically and the result shown on the screen Each line of data corresponds to a port in test The last four columns DATA CTS DCD and DSR indicate errors The values in these columns should be zero Below is an example of the output screen 286 Cyclades TS Appendix F Upgrades and Troubleshooting Packets gt Errors gt From To Sent Received Passes Data CTS DCD DSR 2 lt gt 2 35 35 35 0 0 0 0 4 lt gt 5 35 35 35 0 0 0 0 5 lt gt 4 35 35 35 0 0 0 0 When thistest is run with a cable or connector without the DSR signal see the pinout dia gram for the cable or connector being used errors will appear in the DSR column This does not indicate a problem with the port In the example above tstest perceived that a loop back connector was attached to port 2 and that a cross cable was used to connect ports 4 and 5 Port Conversation This test sends and receives data on the selected port One way to run thistest isto place a loop back connector on the port to be tested and begin Enter the number of the port and a baud rate 9600
168. iff Session Mode output v Administrative Users Escape char from sniff mode FE Allows multiple sniff sessions C yes no 177 Figure 35 Sniff Session section of the Serial Port Configuration page Cyclades TS Chapter 3 Additional Features Wizard Method Step 1 Bring up the wizard At the command prompt type the following to bring up the Sniffing custom wizard wiz snf Screen 1 KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK CONFIGURATION WIZARD eeqeeex KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK KKK KKK KKK Set to defaults y n N Screen 2 KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK KKK KKKKKK X CONFIGURATION WIZARD exeeooe KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK INSTRUCTIONS You can 1 Enter the appropriate information for your system and press ENTER Enter if you want to deactivate that parameter or 2 Press ENTER if you are satisfied with the value within the brackets and want to go on to the next parameter or 3 Press ESC if you want to exit ALL ADMIN USERS This parameter determines which users can open a sniff session which is where other users connected to the very same port can see everything that the first user is doing The other users connected to the very same port can also cancel the first user s session and take over If the parameter
169. ifigurationm Tor CAS oco ee ne E E EE DECR Eee ed eg 162 Configuration for TS eee n 169 Configuration for Dial in Access iiie 172 Session Sniffihg oiim i bec Ure aee aae vac bend cedere Tes x 172 Versions 1 3 2 and earlier 172 Versions 1 3 3 and later eene 173 Parameters Involved and Passed Values 0c e eee ee eee 175 Configuration for CAS lisse n 176 User Guide Table of Contents SNMP i fest ud FRU Ge tee atl okey ae ec eese eau e s 182 Configuration for CAS Si vitae axo ea aw See ower eats aes 183 Configuration TOF TS s esed rre exe Peeled ge MAE 184 Configuration for Dial in Access 1 cece eee 184 Syslogac iore ted UL Bes ero MEA duo eL eot cM aloe 184 Port Slave Parameters Involved with syslog ng 0 0000 185 Configuration Tor GAS io dew Ree rr EA es REESE EAE 185 Configuration for TS ccia ietan trehi ee 189 Configuration for Dial in Access 0 ce eee 190 The Syslog Functions anaa i enan aae a ees 190 Terminal Appearance s se ve EE dos Waa AO ae wah aa 204 Parameters Involved and Passed Values ouaaa 204 Browser Method 0 00 0 eee cee eens 204 Wizard Method oe nee wan weed oP ee WE ee ue 205 TMIMOVZO NC ee sewer ID E 209 How to set Date and Time 6 eee 210 Appendix A New User Background Information Users and Passwords 1 ccc ccc cece e hh 212 Linux File Str cture ius pui riui way aed GA RE e e E bbs 212 Basic File Manipulation Commands
170. igned to the TS gt 7001 An example would be telnet 192 168 160 10 7001 If everything is configured correctly a telnet session should open on the server connected to port 1 If not check the configuration follow the above steps again and check Appendix F Software Upgrades and Troubleshooting Task 7 Save the changes Execute the following command in HyperTerminal to save the configuration saveconf Task 8 Reboot the Cyclades TS After rebooting the initial configuration is complete standard Linux saveconf must be used because tar on the TS does not support Note saveconf is equivalent to tar czf proc flash script T etc config files in the z flag proc flash script file to the corresponding files in the ramdisk The files on the ramdisk are overwritten Restoreconf is run automatically each time the Cycla gt Note restoreconf does the opposite of saveconf copying the contents of the des TS is booted User Guide 57 Chapter 2 Installation and Configuration Special Configuration for the Cyclades TS100 TS100 specific background information Since there are two physical interfaces available in the Cyclades TS100 RS 232 and RS 485 this model requires the configuration of the parameter described below all media or For the TS100 only s1 media e rs232 RS232 interface and DB 9 connector see note box rs485 half terminator RS 485 interface half duplex com below
171. iguration Setthe global parameter conf dhcp client to 1 Comment all other parameters related to the Ethernet Interface conf eth ip etc Addthe necessary optionsto the file etc network dhcpcd cmd some options are described below 2 The CycladesTS restores the last IP address previously provided in another boot and assigns this IP address to the Ethernet Interface Setthe global parameter conf dhcp client to 2 Comment all other parameters related to the Ethernet Interface conf eth ip etc Addthe following linesto the file etc config files etc network dhcpcd cmd etc dhcpcd eth0 save 121 Cyclades TS Chapter 3 Additional Features e Add the option x to the factory default content of the file etc network dhcpcd cmd bin dhcpcd x c bin handle dhcp Add all other necessary options to the file etc network dhcpcd cmd some options are described below In both cases if the IP address of the Cyclades TS or the default gateway are changed the Cyclades TS will adjust the routing table accordingly Two files are related to DHCP bin handle dhcp The script which is run by the DHCP client each time an IP address negotiation takes place etc network dhcpcd cmd Contains a command that activates the DHCP client used by the cy ras program Its factory contents are bin dhcpcd c bin handle dhcp The options available that can be used on this command line are D This option forces dhcpcd
172. igure 49 Cable 1 for TS100 DB 9 Female to DB 9 Female Crossover half duplex User Guide 238 Appendix B Cabling Hardware amp Electrical Cable 2 DB 9 Female to DB 9 Female Crossover full duplex Application It connects the Cyclades TS100 serial port to DTE RS 485 devices with full duplex communication DB 9 DB 9 Female Female RxD 8 TxD 7 DB 9 Female DB 9 Female TxD 7 RxD 8 RxD 2 TxD 3 TxD 3 RxD 2 Figure 50 Cable 2 for TS100 DB 9 Female to DB 9 Female Crossover full duplex Cable 3 Block Connector to Block Connector Crossover half duplex Application It connects the Cyclades TS100 serial port to DTE RS 485 devices with half duplex communication Block Block Connector Connector 3lock Connector Block Connector RxD 5 RxD 5 TxD 2 TxD 2 ZG m RxD 4 L RxD 4 zu TxD 3 TxD 3 Figure 51 Cable 2 for TS100 Block Connector to Block Connector Crossover half duplex User Guide 239 Appendix B Cabling Hardware amp Electrical Cable 4 Block Connector to Block Connector Crossover full duplex Application It connects the Cyclades TS100 serial port to DTE RS 485 devices with full duplex communication Block Block Connector Connector Block Connector Block Connector RxD 5 TxD 2 RxD 4 TxD 43 e TxD 2 RxD 5 ez Za A o TxD 43 RxD 44 Figure 52 Cable 4 for
173. igure 56 Serial Port Connection page Step 4 Select port On the Port Selection page choose a port to connect to from the dropdown menu and click the Submit button This will take you to the Port Connection Page User Guide 294 Appendix F Upgrades and Troubleshooting E CYCLADES um Status bar Configuration S Port Connei s Joder General Connect to Serial Ports Serial Port Groups Host Table Static Routes IP Chains Boot Configuration Edit Text File System Users System Groups Administration Logout Reboot Port Conversation Download Upload Image Load Save Configuration Set Date Time Active Sessions Proc Status ait Horses Console Server IP address Port number Web User j Ye Management Command 4 line input Connect 15216816010 Je Disconnect senasrear field ie Figure 57 Port Connection page Step 5 Log in If the port selected were configured for a ssh connection a Login window will pop up Login in this format username socket port number Then enter in the username s password f amp SSH User Authentication DER SSH Authorization required SSH implementation 1998 by Cedric Gourio Adapted 1999 to the JTA by Matthias L Jugel Username jroot 7001 Password Cancel Login Figure 58 SSH User Authentication page User Guide 295 Appendix F Upgrades and Troubleshooting If the port selected were configured as socket_server
174. ile If you will be managing via Internet you will be connecting through arouter and thus need to modify this file You would get the IP address from your Network Administrator The default contents of this file are route add default dev ethO0 Change password for root and new users The default etc passw d file has the user root with password tslinux You should change the password for user root as soon as possible Before changing any password or adding new users you should also activate shadow password if it is needed The Cyclades TS has support for shadow password but it is not active by default To activate shadow password follow the steps listed below Step A Create an empty file called etc shadow cd etc touch shadow Step B Add a temporary user to the system It will be removed later adduser boo Step C Edit the file shadow For each user in passwd file create a copy of the line that begins with boo in the shadow file then replace boo with the user name The line begin ning with root must be the first line in the file etc shadow Step D Edit the passwd file Replace the password in all password fields with an x The root s line will look like this root x 0 0 root root bin sh password field Cyclades TS Chapter 2 Installation and Configuration Tip Using the vi editor put the cursor in the first byte after root then type ct x plus lt ESC gt
175. ill be used ssh t 1 cyclades 7001 ts1000 openssh 3 1p1 or later CycladesTS V 1 3 2 or later AlterPath Console Server version 2 1 0 or later gt ssh1 will be used User Guide 218 Appendix A New User Background Information To log in to a port that does not require authentication the username is not necessary ssh t 2 ttyS1 ts1000 Note In this case the file sshd_config must be changed in the following way PermitRootLogin Yes PermitEmptyPassword Yes Configuring sshd s client authentication using SSH Protocol version 1 Step 1 Only RhostsAuthentication yes in sshd_config One of these hostname or ipaddress in etc hosts equiv or etc ssh shosts equiv hostname or ipaddress and username in rhosts or shosts and IgnoreRhosts no in sshd_config Client start up command ssh TS ip or Serial port ip if the ssh client is run ning under a session belonging to a username present both in the workstation s database and the TS s database e Client start up command ssh username TS ip or Serial port ip if the ssh client is running under a session belonging to a username present only in the workstation s database In this case the username indicated would have to bea username present in the TS s database Note For security reasons some ssh clients do not allow just this type of authentication To access the serial port the TS must be configured for local authentication No ro
176. init etc syslogng syslog ng conf syslog ng rebooting des TS administrator must execute the command saveconf before rebooting the Cyclades TS or the changes will be lost If a file is created or a filename altered its name must be added to this file before executing saveconf and i Important If any of the files listed in etc config files is modified the Cycla cat proc version Important Cyclades Technical Support is always ready to help with any config AN uration problems Before calling execute the command and note the Linux version and Cyclades TS version written to the screen This will speed the resolution of most problems User Guide 285 Appendix F Upgrades and Troubleshooting Hardware Test A hardware test called tstest is included with the Cyclades TS firmware It is a menu driven program run by typing tstest at the command prompt The various options are described below Note that the Cyclades TS should not be tested while in use as the test will inactivate all ports You should inactivate all processes that may use the serial ports inetd sshd cy_ras and cy_buffering Following are the hardware test steps Step 1 signal_ras stop Step 2 Perform all hardware tests needed Step 3 signal_ras start Port Test Either a cross cable or a loop back connector is necessary for this test Their pinout diagrams are supplied in Appendix B Cabling Hardware and Electr
177. ion in 1969 for serial communication More than 30 years later more applications have been found for this standard than its creators could have imagined Almost all electronic devices nowadays have serial communication ports 226 Cyclades TS Appendix B Cabling Hardware amp Electrical RS 232 was defined to connect Data Terminal Equipment DTE usually a computer or termi nal to Data Communication Equipment DCE usually a modem DTE gt RS 232 gt DCE gt communication line gt DCE gt RS 232 gt DTE RS 232 is now mostly being used to connect DTE devices directly without modems or com munication lines in between While that was not the original intention it is possible with some wiring tricks The relevant signals or wires in a RS 232 cable from the standpoint of the computer DTE are Receive Data RxD and Transmit Data The actual data signals TxD Signal Ground Gnd Electrical reference for both ends Data Terminal Ready DTR Indicates that the computer DTE is active Data Set Ready DSR Indicates that the modem DCE is active Data Carrier Ready DCD Indicates that the connection over the communication line is active CTS Clear to Send an input Flow control for data flowing from DTE to DCE RTS Request to Send an output Flow control for data flowing from DCE to DTE Not all signals are necessary for every application so the RS 232 cable may not need all 7 wires The RS 232 interfac
178. ir terminal from which they are making their request Cyclades TS Appendix D Linux PAM pam tacplus pam unix pam warn Arguments Provides TacacsPlus Server authentication authorization account management and accounting session management This is the standard UNIX authentication module It uses standard calls from the system s libraries to retrieve and set account information as well as authentication Usually this is obtained from the etc passwd and the etc shadow file as well when shadow is enabled This module is principally for logging information about a proposed authentication or application to update a password The arguments are a list of tokens that are passed to the module when it is invoked They are much like arguments to a typical Linux shell command Generally valid arguments are optional and are specific to any given module Invalid arguments are ignored by a module however when encountering an invalid argument the module is required to write an error to syslog 3 The following are optional arguments which are likely to be understood by any module Argu ments including these are in general optional debug no warn use first pass try first pass User Guide Use the syslog 3 call to log debugging information to the system log files Instruct module to not give warning messages to the application The module should not prompt the user for a password Instead it should obtain th
179. irst character of the module path is itis assumed to be a complete path If this is not the case the given module path is appended to the default module path lib security Currently the Cyclades TS has the following modules available pam access pam deny pam env pam filter User Guide Provides logdaemon style login access control Deny access to all users This module allows the un setting of environment variables The use of previously set environment variables as well as PAM ITEMs such as PAM RHOST is supported This module was written to offer a plugin alternative to programs like ttysnoop XXX need a reference Since a filter that performs this function has not been written it is currently only a toy The single filter provided with the module simply transposes upper and lower case letters in the input and output streams This can be very annoying and is not kind to termcap based editors 268 Appendix pam group pam issue pam lastlog pam limits pam listfile pam motd pam nologin pam permit pam radius pam rootok pam securetty pam time 269 D Linux PAM This module provides group settings based on the user s name and the terminal they are requesting a given service from It takes note of the time of day This module presents the issue file etc issue by default when prompting for a username This session module maintains the var log lastlog file It adds an open entry
180. is atypical value Type some letters and if the letters appear on the screen the port is working If the letters do not appear on the screen which also occurs if the loop back connector is removed the port is not functioning correctly A second method that can be used to test the port is to connect itto a modem with a straight cable Begin the test and type at The modem should respond with OK which will appear on the screen Other commands can be sent to the modem or to any other serial device Test Signals Manually This test confirms that signals are being sent and received on the selected port Neither the loop back connector nor the cross cable are necessary Enter the number of the port to be tested and begin the test State DTR DCD DSR RTS CTS ON X X l 1 OFF X X X Figure 54 Initial test User Guide 287 Appendix F Upgrades and Troubleshooting First type Ctrl D to see the X in the DTR column move position then type Ctrl R to see the X in the RTS column change position If each of the Xs moves in response to its command the signals are being sent Another method to test the signals is to use a loop back connector Enter the number of the port with the loopback connector and start the test In this case when Ctrl D is typed the Xs in the first three columns will move as shown below State DTR DCD DSR RTS CTS ON X X X X l l i OFF X Figure 55 Second screen showing changed positions This is because the tes
181. is will show the CLI prompt config hostname gt gt Step 2 Type the following after the CLI prompt To activate the serial port lt string gt should be ttyS lt serial port number gt configure line lt serial port number gt tty lt string gt 81 Cyclades TS Chapter 3 Additional Features To configure the protocol lt string gt is the type of protocol desired configure line lt serial port number gt protocol lt string gt To configure the socket_port configure line lt serial port number gt socket lt number gt Tip You can configure all the parameters for a serial port in one line configure line serial port number tty string protocol string socket number Step 3 To exit the CLI Type exit or quit after the CLI prompt Step 4 To activate your new configurations type signal ras hup vi Method The parameters described above must be changed by directly editing the etc portslave pslave conf file Browser Method Step 1 Follow the steps 1 to 4 in the section titled Configuration for CAS Browser Method on page 69 Step 2 Click the TS Profile button in the Wizard section User Guide 82 Chapter 3 Additional Features Step 3 Configure the following parameters Profile section Protocol telnet ssh rlogin or socket client Socket port 23 for telnet 22 for ssh 513 for rlogin Terminal Server section Host the name or the IP address of the host
182. iscards 0 Figure 31 IP Statistics page 129 Cyclades TS Chapter 3 Additional Features Configuration for TS vi Method This is done the same as for CAS Configuration for Dial in Access vi Method This is done the same as for CAS Generating Alarms This feature helps the administrator to manage the servers It filters the messages received by the serial port the server s console based on the contents of the messages It then performs an action such as sending an email or pager message To configure this feature you need to configure filters and actions in the syslog ng conf file You can read more about syslog ng in the Syslog section Port Slave Parameters Involved with Generating Alarms confDB facility This value 0 7 is the Local facility sent to the syslog ng with data when syslog_buffering and or alarm is active all alarm When nonzero all data received from the port is captured and sent to syslog ng with INFO level and LOCAL 0 conf DB facility facility vi Method Files to be modified pslave conf Syslog ng conf User Guide 130 Chapter 3 Additional Features Browser Method To configure PortSlave parameters involved with syslog ng and syslog ng parameters with your browser Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Step 8 131 Point your browser to the TS In the address field of your browser type 192 168 160 10 Log in Log in a
183. ith data when syslog buffering and or alarm is active When nonzero the contents of the data buffer are sent to the syslogng every time a quantity of data equal to this parameter is collected The syslog level for data buffering is hard coded to level five notice and facility conf DB facility The file etc syslog ng syslog ng conf should be set accordingly for the syslog ng to take some action Example value 0 When non zero the contents of the data buffer are sent to the syslog ng every time a quantity of data equal to this parameter is collected The syslog message is sent to syslog ng with NOTICE level and LOCAL O conf DB facility facility File to be changed pslave conf The parameters are the same 185 Cyclades TS Chapter 3 Additional Features Browser Method To configure syslog via your Web browser Step 1 Point your browser to 192 168 130 10 Enter theTS s IP address in your browser s address field Step 2 Log in Enter root as the username and tslinux as the password This will take you to the Configuration and Administration Menu Page Step 3 Click Syslog on the Configuration section Select the Syslog link The following page will appear giving information for configuring syslog Cyclades TS1000 Edit Text File Microsoft Internet Explorer File Edit View Favorites Tools Help pee e ala Dm GIB 3 M E Back Foward Stop Refresh Home Search Favorites Histoy Mal Pint Edi Discuss Realcom
184. ius radius radius The local local local local local The remote remote remote remote 275 PAM configuration file for the radius service auth requisite pam_securetty so auth required pam_radius_auth so account required pam_radius_auth so session required pam_radius_auth so PAM configuration file for the local service auth requisite pam_securetty so auth required pam_unix so account required pam_unix so password required pam_unix so md5 use_authtok session required pam_unix so PAM configuration file for the remote servic auth required pam_permit so account required pam_permit so password required pam_permit so session required pam_permit so The PAM configuration file for the login service Cyclades TS Appendix D Linux PAM lo lo lo lo lo lo lo lo SS SS SS ss ss ss ss ss gi gi gi gi gi gi gi gi n n n n n n n n The hd hd hd hd hd hd hd hd auth requisite pam securetty so auth required pam unix so auth optional pam group so account requisite pam time so account required pam unix so password required pam unix so md5 use authtok Session required pam unix so Session required pam limits so PAM configuration file for the xsh service auth requisite pam securetty so
185. just typing config at the terminal prompt Then you will get a CLI prompt such as config hostname gt gt Once in the CLI mode you eliminate the need to type config in all your CLI commands Table 10 Help CLI Options Synopsis 1 Option Description ttys lt string gt Activate the serial port protocol lt string gt Configuration of protocol for the serial port interval lt number gt Configuration of poll_interval for the serial port authtype lt string gt Configuration of authentication type for the serial port 145 Cyclades TS Chapter 3 Additional Features Table 10 Help CLI Options Synopsis 1 Option Description speed lt number gt Configuration of speed for the serial port datasize lt number gt Configuration of datasize for the serial port stopbits lt number gt Configuration of the stopbits for the serial port parity lt string gt Configuration of the parity for the serial port socket number Configuration of socket port for the serial port break lt string gt Configuration of break sequence for the serial port There are also other options that configures network related parameters Synopsis 2 config configure ether options or configure ether options This synopsis is valid only after entering into CLI mode This is done by first just typing con fig at the terminal prompt Then you will get a CLI prompt su
186. k ck Sk ko E A Pk Sk Sk ko Ax kx x6 X You have 8 available ports on this system Type q to quit a valid port number 1 8 or anything lse to refresh Tip The number of available ports depends on the system you are on Typing in a valid port number repeats this program exceptthis time it s config uring for the port number you have chosen Typing q leads to Screen 6 159 Cyclades TS Chapter 3 Additional Features Screen 6 KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK KK KKK K X CONFIGURATION WIZARD eeqxexx KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK Flash refers to a type of memory that can be erased and reprogrammed in units of memory known as blocks rather than one byte at a time thus making updating to memory easier If you choose to save to flash your configurations thus far will still be in the memory of the system even after you reboot it If you don t save to flash and if you were to reboot the system all your new configurations will be lost and you will have to reconfigure the system Do you want to save your configurations to flash Y N N Serial Settings This feature controls the speed data size parity and stop bits of all ports It also sets the flow control to hardware software or none the DCD signal and tty settings after a socket connec tion to that serial port is established Parameters Involved and Passed Values Terminal
187. k ck ck ck ck k ck ck k ck k k kk Flash refers to a type of memory that can be erased and reprogrammed in units of memory known as blocks rather than one byte at a time thus making updating to memory easier If you choose to save to flash your configurations thus far will still be in the memory of the system even after you reboot it If you don t save to flash and if you were to reboot the system all your new configurations will be lost and you will have to reconfigure the system Do you want to save your configurations to flash Y N N User Guide 134 Chapter 3 Additional Features Syslog ng Configuration to use with Alarm Feature This configuration example is used for the alarm feature Step 1 Configure the pslave conf file parameter In the pslave conf file the parameters of the alarm feature are configured as all alarm 1 conf DB facility 2 Step 2 Add lines to syslog ng conf The syslog ng conf file needs these lines local syslog clients source src unix stream dev log t To filter ALARM message with the string kernel panic filter f kpanic facility local2 and level info and match ALARM and match kernel panic t To filter ALARM message with the string root login filter f root facility local2 and level info and match ALARM and match root login To send e mail to z none com SMTP s IP address 10 0 0 2 from the e mail addre
188. l be lost Step 3 Reboot After rebooting the TS100 the initial configuration is complete User Guide 59 Chapter 3 Additional Features After the Configuration Wizard section in this chapter each of the following sections is listed alphabetically and shows how to configure the option using vi the custom Wizard when available browser where appropriate and the Command Line Interface CLI when available This chapter contains the following sections e Configuration Wizard Basic Wizard e Access Method Authentication Clustering e CronD Data Buffering DHCP Filters Generating Alarms Help NTP e Ports Configured for Dial in Access e Ports Configured as Terminal Servers Serial Settings Session Sniffin SNMP Syslog Terminal Appearance TimeZone User Guide 60 Chapter 3 Additional Features Note If you add a user through the Web browser the user does not actually get added to the list of users allowed to access the actual TS unit Configuration Wizard Basic Wizard The configuration wizard application is a quicker and easier way to configure the Cyclades TS It is recommended that you use this application if you are not familiar with the vi editor or if you just want to do a quick installation of the TS The command wiz gets you started with some basic configuration After executing this com mand you can continue the confi
189. ld the ADM button and power on the Cyclades TS100 There s a small hole in the box containing an internal ADM button that can be reached by a thin sharp object Step 4 Release the ADM button when the self test starts on the terminal s screen The Cyclades TS100 will be now in single user mode the serial port will work as a console port and the product can de reconfigured Notice that no previous configuration is lost After finishing save the configuration saveconf power the Cyclades TS100 off and reconnect the original device to the serial port Using a different speed for the Serial Console The serial console is originally configured to work at 9600 bps If you want to change that it is necessary to change the configuration follow ing the steps Step 1 Run bootconf The user will be presented with the screen Current configuration MAC address assigned to Ethernet 00 60 2e 00 16 b9 IP address assigned to Ethernet interface 192 168 160 10 Watchdog timer A ctive or I nactive A Firmware boot from F lash or N etwork F Boot type B ootp T ftp or Bot H T Boot File Name zvmppctsbin Server s IP address 192 168 160 1 Console speed 9600 P erform or S kip Flash test P S kip Q uick or F ull RAM test F Fast Ethernet A uto Neg 1 00 BtH 100 Bt F 10 B t F 10 Bt H A Fast Ethernet Maximum Interrupt Events 0 User Guide 291 Appendix F Upgrades and Troublesh
190. le destination d file file lt filename gt Example send message to console destination d console file dev ttyS0 Example to write a message in var log messages file destination d message file var log messages 5 To write messages to the session of a logged in user destination d user usertty username Example to send message to all sessions with root user logged destination d userroot usertty root User Guide 200 Chapter 3 Additional Features 6 To send a message to a remote syslogd server destination d udp udp remote IP address gt port 514 Example to send syslogs to syslogd located at 10 0 0 1 destination d udpl udp 10 0 0 1 port 514 Task 5 Connect all of the above To connect the sources filters and actions use the following statement Actions would be any message coming from one of the listed sources A match for each of the filters is sent to the listed destinations log source S1 source S2 filter F1 filter F2 destination D1 destination D2 where amp Identifier of the sources defined before Fx Identifier of the filters defined before Dx Identifier of the actions destinations defined before Examples 1 To send all messages received from local syslog clients to console log source sysl destination d_console 2 To send only messages with level alert and received from lo
191. log messages to the system console log files other machines remote syslog serv ers and or users as specified by its configuration file In addition syslog ng is able to filter messages based on the contents of them and to perform an action e g to send an e mail or pager message In order to access these functions the syslog ng conf file needs some spe cific configuration The configuration file default syslog ng conf is read at startup and is reread after receipt of a hangup HUP signal When reloading the configuration file all destination files are closed and reopened as appropriate The syslog ng reads from sources files TCP UDP connections syslogd clients filters the messages and takes an action writes in files sends snmptrap pager e mail or syslogs to remote servers User Guide 184 Chapter 3 Additional Features There are five tasks required for configuring syslog ng Task 1 Define Global Options Task 2 Define Sources Task 3 Define Filters Task 4 Define Actions Destinations Task 5 Connect all of the above The five tasks are explained in the following section Syslog ng and its Configuration on page 190 Port Save Parameters Involved with syslog ng conffacility con DB facility allsyslog buffering Configuration for CAS vi Method This value 0 7 is the Local facility sent to the syslog ng from PortSlave This value 0 7 is the Local facility sent to the syslog ng w
192. lon Line mode When you enter the vi program you are automatically in command mode To navigate to the part of the file you wish to edit use the following keys Table 14 vi navigation commands h Moves the cursor to the left left arrow j Moves the cursor to the next line down arrow k Moves the cursor to the previous line up arrow l Moves the cursor to the right right arrow Having arrived at the location w here text should be changed use these commands to modify the text note commands i and o will move you into edit mode and everything typed will be taken literally until you press the lt ESC gt key to return to the command mode Table 15 vi file modification commands i Inserts text before the cursor position everything to the right of the cursor is shifted right o Creates a new line below the current line and insert text all lines are shifted down dd Removes the entire current line X Deletes the letter at the cursor position After you have finished modifying a file enter line mode by typing from command mode and use one of the following commands 215 Cyclades TS Appendix A New User Background Information Table 16 vi line mode commands w Saves the file w is for write wq Saves and closes the file q is for quit q Closes the file without saving w file Saves the file with the name lt file
193. lters outgoing packets forward Filters packets which are not created by the Cyclades TS and are not destined to the Cyclades TS user created chain A previously defined or in the process of being defined chain created using the N command is described above The output chain controls which packets are sent A packet can be accepted by the input chain but then rejected by the output chain Likewise the forward chain controls which packets will be routed The input chain controls incoming packet filtering The packet is either destined for the router or for another computer In the latter case the packet is pro cessed by the forward chain Packets that pass through the forward chain will then be pro cessed by the output chain Source and destination have the following format address mask port port Reverses the definition resulting in the opposite address Host or network IP port Defines a specific port port port Defines a range of ports If asource or destination is not specified then 0 0 0 0 0 is used 125 Cyclades TS Chapter 3 Additional Features Protocol is one of the following tcp e udp e icmp all Oraprotocol number See the file etc protocols for a list Target is one of the follow ing ACCEPT DENY Thename of another chain Interface is ethO The Ethernet interface is the only option on the Cyclades TS Lists do not need to be associated to an interface so this o
194. m lt message max size 160 characters V u username to login on sms server p port sms default 60701 server IP address or name Example to send a pager to phone number 123 Pager server at 10 0 0 1 with message carry ing the current date the hostname of this TS and the message that was received from the Source destination d pager pipe dev cyc alarm template sendsms d 123 m SFULLDATE S HOST SMSG 10 0 0 1 3 To send snmptrap destination lt ident gt pipe dev cyc_alarm template snmptrap lt pars gt where ident uniquely identify this destination pars v 1 lt snmptrapd IP address gt public community enterprise oid agent hostname User Guide 199 Chapter 3 Additional Features lt trap number gt 2 Link Down 3 Link Up 4 Authentication Failure 0 specific trap host uptime 1 3 6 1 2 1 2 2 1 2 1 interfaces iftable ifentry ifdescr 1 S the type of the next field it is a string lt message max size 250 characters gt Example to send a Link Down trap to server at 10 0 0 1 with message carrying the current date the hostname of this TS and the message that was received from the source destination d trap pipe dev cyc alarm template snmptrap vl 10 0 0 1 public N N ATANT 2 Q 1 3 6 1 2 1 2 2 1 2 1 s SFULLDATE HOST MSGN 4 To write in fi
195. mber Default 100 Sets the threshold value for the garbage collector When syslog ng is busy GC phase starts Enable the creation of new directories Set the owner of the created file to the one specified Default root Set the group of the created file to the one specified Default root Set the permission mask of the created file to the one specified Default 0600 Task 2 Define sources To define sources use this statement Source identifier source driver params source driver params where identifier Has to uniquely identify this given source source driver Is a method of getting a given message params Each source driver may take parameters Some of them are User Guide required some of them are optional 191 Chapter 3 Additional Features The following source drivers are available a internal b unix stream filename options and unix dgram filename options c tcp options and udp options d file filename e pipe filename Messages are generated internally in syslog ng They open the given AF_UNIX socket and start listening for mes sages Options owner name group name perm mask are equal glo bal options keep alive yes no Selects whether to keep connections opened when syslog ng is restarted Can be used only with unix_stream Default yes max connections n Limits the number of simultaneously opened connections Can be us
196. mit button This will take you to the Serial Port Configuration page Step 5 Scroll down to the Profile section If you select the General page and go to the Ethernet section you ll find the common file field CronD is aservice provided by the Cyclades TS system that allows automatic periodically run custom made scripts It replaces the need for the same commands to be run manually Parameters Involved and Passed Values The following parameters are created in the etc crontab_files file e Status e user Source Configuration for CAS vi Method The files Crontab and Script shell are created and the file etc crontab files is modified as indicated in the previous section 107 Cyclades TS Chapter 3 Additional Features To use cronD Step 1 Create the following two files for every process that it will execute Crontab The file that specifies frequency of execution the name of shell script etc It should be set using the traditional crontab file format Script shell A script file with the Linux commands to be executed Step 2 Create a line in the file etc crontab files for each process to be run Each line must contain the following three items status active or inactive If this item is not active the script will not be executed user The process will be run with the privileges of this user who must be a valid local user source Pathname of the crontab file When the etc crontab_files file contains the
197. modify only the command line text will be shown g Michele HyperTerminal iO x File Edit View Call Transfer Help Dele glnan Figure 16 The etc hostname file with hostname typed in Step 4 Modify etc hosts This file should contain the IP address for the Ethernet interface and the same hostname that you entered in the etc hostname file It may also contain IP addresses and host names for other hosts in the network Modify the file using the vi as you did in Step 1 Replace to match hostname from Obtain IP address previous step from your System 127 0 0 1 localhost Administrator 192 168 160 10 TS1988 129 6 15 28 ntphost Figure 17 Contents of the etc hosts file Step 5 Modify etc resolv conf This file must contain the domain name and nameserver information for the network Obtain the nameserver IP address from your Network Administrator The default contents of this file are domain mycompany com nameserver 200 200 200 2 User Guide 51 Step 6 Step 7 52 Chapter 2 Installation and Configuration Modify etc network st_routes The fourth file defines static routes In the console server example in Figure 1 Console Access Server diagram the router is a gateway router and thus its IP address is configured in this file to be the default gateway Other static routes are also configured in this file If you will be managing servers through a LAN you don t need to alter this f
198. munication with two wires DB 9 or block connector The TS100 terminates the network rs422 RS 485 interface full duplex communication with four wires DB 9 or block connector The TS100 terminates the network or rs485 half RS485 interface half duplex communication with two wires DB 9 or block connector The TS100 isin the middle of the network parameters change the default parameters for individual ports As the TS100 Note all parameters are used to set default parameters for all ports and s has only one port either s1 or all can be used interchangeably Configuring the Cydades TS100 for the first time The next step is to update the system with the modified data in the files above Make sure the file named etc config files contains the names of all files that should be saved to flash The Cyclades T S100 does not have a dedicated console port Therefore after configuring the serial port perform the following steps User Guide 58 Chapter 2 Installation and Configuration Step 1 Edit the file etc inittab Comment the line that designates the console port add a 7 to it ttyS0 respawn sbin getty p ttySO ansi Step 2 Run saveconf The command saveconf which reads the etc config files file should be run The command saveconf copies all the files listed in the file etc config files from the ramdisk to proc flash script The previous contents of the file proc flash script wil
199. n Chapter 2 Installation and Con figuration to finish the configuration Make into links User Guide 154 Chapter 3 Additional Features Ports Configured as Terminal Servers The Cyclades TS provides features for out of band management via the configuration of termi nal ports All ports can be configured as terminal ports This allows a terminal user to access a server on the LAN The terminal can be either a dumb terminal or a terminal emulation pro gram on aPC Cyclades T S 1000 Router Speed Ethernet Interface 200 200 200 1 PC Running Terminal z Application VT 100 Linux Server IP 200 200 200 3 Figure 34 Terminal Server diagram In addition to the parameters which are common to all setups and which are listed in Appendix C The pslave Configuration File you may also configure additional parameters for the Terminal Server port profile They are listed in the same chapter under TS Parameters 155 Cyclades TS Chapter 3 Additional Features TS Setup Scenario No authentication is used in the example shown in Figure 34 Terminal Server diagram and rlogin is chosen as the protocol After configuring the desired parameters execute the com mand signal_ras hup to activate the configuration changes At this point the configuration should be tested A step by step check list follows Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Create a new user Since authen
200. n and Configuration of Telnet 192 168 160 10 Connect Edit Terminal Help HEHEHE 3 3 3 3 3 3 3 3 3 J 3 HE HE 3 HE 3 3 3 3 9 9 9 9 3 9 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 D xxxxxxxx W IZARD CONFIGURAT I ON sees HHH HHH HEH HH HHH E HHH HHH HHH JE E JE JE JE HH E EE JE JE JE JE JE JE JE JE JE JE JE JE JE JE JE JE JE JE JE JEJE JEME OK let s get started I need some basic information about the system so that it can know where it is located within the network and know about its local environment Set to defaults y n N E ujmi Figure 13 The initial wizard configuration screen After you input the requested parameters you will receive a confirmation screen Your current configuration parameters are Hostname CAS System IP 192 168 160 100 Domain name cyclades com Primary DNS Server 197 168 160 200 Gateway 192 168 160 10 Network Mask 255 255 255 0 If the parameters are correct Y should be typed otherwise type N and then C when asked to change the parameters or quit the program After the parameters are confirmed the next question will be whether to save the configuration to flash Select Y to make the new configuration permanent in non volatile memory At this point you may lose your connection Don t worry
201. n to CAS TS amp Dial in Access Parameter Description Walle sor this Example conf lockdir The lock directory which is var lock for the var lock Cyclades TS It should not be changed unless the user decides to customize the operating system all speed The speed for all ports 9600 all datasize The data size for all ports 8 all sto pbits The number of stop bits for all ports 1 all parity The parity for all ports none all DTR reset Valid only for the CAS configuration This value 100 specifies how long in milliseconds a DTR signal will be turned off before it isturned back on again If set to 0 this parameter will NOT be active This may be dangerous if a user were to connect to a port that a previous user was on but had lost the session after a timeout The user may directly connect into the previous user s shell A minimum of 100ms is required otherwise it is assumed all authtype Configured in Task 4 Edit the pslave conf file in radius Chapter 2 Installation and Configuration all authhost1 This address indicates the location of the Radius 200 200 200 2 TacacsPlus authentication server and is only necessary if this option is chosen in the previous parameter A second Radius TacacsPlus authentication server can be configured with the parameter all authhost2 242 Cyclades TS Appendix C The pslave Configuration File Table 29 Parameters Common to CAS TS amp Dial in Access Pa
202. nal Ready O 20 4 2 DSR Data Set Ready I 6 6 8 DCD Data Carrier Detect I 8 1 7 RTS Request To Send O 4 7 1 CTS Clear To Send 1 5 8 5 Gnd Signal Ground 7 5 4 Straight Through vs Crossover Cables The RS232 interface was originally intended to connect a DTE computer printer and other serial devices to a DCE modem using a straight through cable all signals on one side con necting to the corresponding signals on the other side one to one By using some cabling tricks we can use RS 232 to connect two DTEs as is the case in most modern applications A crossover a k a null modem cable is used to connect two DTEs directly without modems or communication lines in between The data signals between the two sides are transmitted and received and there are many variations on how the other control signals are wired A complete crossover cable would connect TxD with RxD DTR with DCD DSR and RTS with CTS on both sides A simplified crossover cable would cross TxD and RxD and locally short circuit DTR with DCD DSR and RTS with CTS User Guide 229 Appendix B Cabling Hardware amp Electrical Which cable should be used First look up the proper cable for your application in the table below Next purchase stan dard off the shelf cables from a computer store or cable vendor For custom cables refer to the cable diagrams to build your own cables or order them from Cyclades or a cable vendor Table 25
203. nce of any definite successes or failures of previous or subsequent stacked modules this module will determine the nature of the response to the application One example of this latter case is when the other modules return something like PAM IGNORE 266 Appendix D Linux PAM Newest_Syntax The more elaborate newer syntax is much more specific and gives the administrator a great deal of control over how the user is authenticated This form of the control flag is delimited with square brackets and consists of a series of value action tokens valuel actionl value2 action2 Here valuel is one of the following return values success open err symbol err service err system_err buf_err perm_denied auth_err cred_insufficient authinfo_unavail user unknown maxtries new_authtok_reqd acct expired session err cred unavail cred expired cred err no module data conv err authtok err authtok recover err authtok lock busy authtok disable aging try again ignore abort authtok expired module unknown bad item and default The last of these default can be used to set the action for those return values that are not explicitly defined The action can be a positive integer or one of the following tokens ignore ok done bad die and reset A positive integer When specified as the action can be used to indicate that the next J modules of the current type will be skipped In this way the administrator can develop a mode
204. nfigure all the parameters for a serial port in one line configure line serial port number tty string authtype lt string gt Step 3 To exit the CLI Type exit or quit after the CLI prompt Step 4 To activate your new configurations type signal_ras hup Configuration for TS The same pslave conf parameters listed in the previous section are configured for aTS setup You can use either the vi Browser or CLI method if you want to configure parameters for a specific serial port Configuration for Dial in Access The same pslave conf parameters listed in the previous section are configured for a Dial in Access setup You can use either the vi Browser or CLI method if you want to configure parameters for a specific serial port User Guide 98 Chapter 3 Additional Features Clustering is available for the Cyclades TS with firmware versions 1 3 0 and up except for the TS100 It allows the stringing of Terminal Servers so that one master Cyclades TS can be used to access all Cyclades T Ss on a LAN The master Cyclades TS can manage up to 512 serial ports so that the following can be clustered 1Master TS1000 31 slave TS1000s or 1 Master TS2000 15 slave TS2000s or e 1 Master TS3000 9 slave TS3000s 1 slave TS2000 An example with one master TS2000 and two slave TS1000s is shown in the following figure 7302 7035 09 7033 7003 7002 7001 Port Numbers Cyclades TS Cyclades TS Cyclades TS M
205. ng When local data buffering is used each time the maximum is reached the oldest 10 of stored data is discarded releasing space for new data FIFO system circular file When remote data buffering is used there s no maximum file size other than the one imposed by the remote server linear file This file can be viewed using the normal Unix tools cat vi more etc Size is in bytes not kilobytes See Data Buffering for details User Guide 249 Appendix C The pslave Configuration File Parameter all DB mode Table 30 Mostly CAS specific Parameters Description When configured as cir for circular format the buffer works like a revolving file at all times The file is over written whenever the limit of the buffer size as con figured in all data buffering or s lt n gt data_buffering is reached As for linear format lin once the limit of the kernel buffer size is reached 4k aflow control stop RTS off or XOFF depending on how all f low or s lt n gt flow is set is issued automatically to the remote device so that it will stop sending data to the serial port Then when a session is established to the serial port the data in the buffer is shown to the user if not empty dont show DBmenu parameter assumed to be 2 cleared and a flow control start RTS on or XON is issued to resume data transmission Once exiting the session linear data buffering resumes If all flow or s lt n gt flow is set to non
206. ng in avalid port number repeats this program except this time it s configuring for the port number you have chosen Typing q leads to Screen 8 Screen 8 KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK X CONFIGURATION WIZARD xkx KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK Flash refers to a type of memory that can be erased and reprogrammed in units of memory known as blocks rather than one byte at a time thus making updating to memory easier If you choose to save to flash your configurations thus far will still be in the memory of the system even after you reboot it If you don t save to flash and if you were to reboot the system all your new configurations will be lost and you will have to reconfigure the system Do you want to save your configurations to flash Y N N CLI Method To configure certain parameters for a specific serial port Step 1 Bring up the CLI At the command prompt type the following to bring up the CLI config This will show the CLI prompt config hostname gt gt Step 2 Type the following after the CLI prompt To activate the serial port lt string gt should be ttyS lt serial port number gt configure line lt serial port number gt tty lt string gt 97 Cyclades TS Chapter 3 Additional Features To configure authtype configure line lt serial port number gt authtype lt string gt Tip You can co
207. ntrol Web servers from webopedia com User Guide 313 Glossary Terminal Server A terminal server has one Ethernet LAN port and many RS 232 serial ports It is used to con nect many terminals to the network Because they have the same physical interfaces terminal servers are sometimes used as console access servers TY The UNIX name for the COM Microsoft port U Rack height unit A standard computer rack has an internal width of 17 inches Rack space on a standard rack is measured in units of height U One U is 1 75 inches A device that has a height of 3 5 inches takes 2U of rack space 314 Cyclades TS Index A Access Method 66 Alarm 137 Authentication 90 Basic Wizard 61 Battery 26 Block Connector 239 C Cable Length 228 CAS Setup Scenario 256 CLI 30 Clustering 99 Command Line Interface 30 60 Configuration using a Web browser 36 Connectors 228 CronD 107 Custom Wizard 32 Customization Process 280 D Data Buffers 110 Default Configuration Parameters 30 DHCP 121 DNS Server 32 Domain 32 Ethernet 31 User Guide F Filters 124 Flash Memory Loss 283 G Gateway 31 default 32 Generating Alarms 130 H Hardware Specifications 225 Hardware Test 286 HyperTerminal 31 init process 279 IP Address 32 K Kermit 31 L Linux File Structure 212 Linux PAM 262 loop back connector 19 M Minicom 31 315 Index Netmask 32 NTP 150 P Passwords 212 Port Test 286
208. o man age the TS The workstation used to access the TS through telnet or ssh uses a LAN connec tion 46 Cyclades TS Chapter 2 Installation and Configuration These events can be summarized as follows PC Hyper terminal COM port connects via serial cable to the TS s console port PC Ethernet Ethernet port connects via hub to the TS s Ethernet port Use the HyperTerminal to configure the box Use the PC Ethernet to access the box as client telnet ssh Step 1 Plug the power cable into the Cyclades TS Insert the female end of the black power cable into the power socket on the Cyclades TS and the three prong end into a wall outlet DANGER To help prevent electric shock plug the Cyclades TS into a properly we grounded power source The cable is equipped with a 3 prong plug to help ensure proper grounding Do not use adapter plugs or remove the grounding prong from the cable If you use an extension cable use a 3 wire cable with properly grounded plugs For the TS100 400 and 800 the grounded power cable constraint does not apply as these products have an external power sup ply and one power cable instead of two Step 2 Connect the console cable You will be constructing a Console Cable out of the RJ 45 straight through cable and the appropriate adapter provided in the product box There are four options all adapters have an RJ 45 connector on one end and either a DB25 or DB9 connector on the
209. o socket server mode but without telnet negotiation breaks to serial ports etc or modbus an application layer messaging protocol for cli ent server communication widely used for industrial auto mation all smode Communication mode through the serial ports This ascii parameter is meaningful only when modbus protocol is configured The valid options are ascii normal TX RX mode and rtu some time constraints are observed between characters while transmitting a frame If not con figured ASCII mode will be assumed The ntpclient is a Network Timer Protocol RFC 1305 client for UNIX and Linux based com puters In order for the Cyclades TS to work asa NTP client the IP address of the NTP server must be set in the file etc ntpclient conf The script shell bin ntpclient sh reads the configuration file etc ntpclient conf and build the line command to call bin ntpclient program User Guide 150 Chapter 3 Additional Features Parameters Involved and Passed Values The file etc ntpclient conf has the value of two parameters NIPSERVER The IP address of the NTP server INTERVAL Check time every interval seconds default 300 The data and time will be update from the NPT server according to the parameter options The ntpclient program has this syntax ntpclient options Options lt count Stop after count time measurements default 0 means go for ever d print diagnostics h hostname NTP server hos
210. ocket ssh and the port value 7001 7002 etc if supplied by the ssh client like username port value the ssh client will be directly connected with the serial interface The possible protocols are telnet ssh1 ssh2 or raw data Socket server telnet protocol Socket ssh ssh1 ssh2 protocol raw data used to exchange data in transparent mode Raw data is similar to socket server mode but without telnet negotiation breaks to serial ports An example value would be socket server Restricts access to ports by user name only the users listed can access the port or using the character all but the users listed can access the port In this example the users joe mark and members of user group cannot access the port A single comma and spaces tabs may be used between names A comma may not appear between the and the first user name The users may be local Radius or TacacsPlus User groups defined with the parameter conf group can be used in combination with user names in the parameter list Notice that these are common users not administrators Example value joe mark user group Cyclades TS Chapter 3 all poll interval all tx interval all idletimeout confgroup all stty s lt n gt serverfarm Configuration for CAS vi Method Additional Features Valid only for protocols socket server and raw data When not set to zero this parameter sets the wait for a TCP connection keep alive timer If no traf
211. of the first connected user main session in shows data written to the port out shows data received from the port and i o shows both streams The second and later sessions are called sniff sessions and this feature is activated whenever the protocol parameter is set to socket ssh or socket server 252 Cyclades TS Appendix C The pslave Configuration File Table 30 Mostly CAS specific Parameters Parameter all admin users CAS Description This parameter determines which users can open a sniff session which is where other users connected to the very same port can see everything that a first user connected is doing The other users connected to the very same port can also cancel the first user s session and take over If all multiple sessions seen below is configured as no only two users can connect to the same port simultaneously If all multiple sessions is configured as yes more simultaneous users can sniff the session or have read and or write permission please see details in Session Sniffing in Chapter 3 When users want access per port to be controlled by administrators this parameter is obligatory and authtype must not be none This parameter can determine who can open a sniff session or cancel a previous session User groups defined with the parameter conf group can be used in combination with user names in the parameter list Value for this Example peter john user group all mul
212. ofile appear in the following sections and the exact screen flow begins with Figure 18 Configuration and Administration page To summarize the process the wizard configuration is started by first selecting the desired port s on the Port Selection page Figure 19 Port Selection page clicking Submit and then selecting either the CAS TS or RAS profile buttons on the subsequent Serial Port Configura tion Page Figure 20 Serial Port Configuration page top Change the appropriate parame ters and then click the Submit button on the Serial Port Configuration Page For most applications the parameters to be changed are For CAS Port Speed e First RADIUS TacacsPlus Authentication Server First Accounting Server e RADIUS TacacsPlus secret Protocol if the protocol is Socket SSH Socket Telnet or Socket Raw 65 Cyclades TS Chapter 3 Additional Features Socket Port keep the Incremented option on For TS Port Speed e First RADIUS TacacsPlus Authentication Server First Accounting Server e RADIUS TacacsPlus secret e Protocol if the protocol is Login Rlogin SSH or Socket Client Socket Port write the TCP port for the protocol selected keep the incremented option off For Dial in access First RADIUS TacacsPlus Authentication Server First Accounting Server e RADIUS TacacsPlus secret Remote IP Address keep the Incremented option on Access Method Access
213. ons of a firewall KVM Switch KVM Keyboard Video M ouse Switches connect to the KVM ports of many computers and allow the network manager to access them from a single KVM station Mainframe Large monolithic computer system MIBs Management Information Bases SNMP compliant devices called agents store data about themselves in MIBs and return this data to the SNMP requesters Out of band network management In a computer network when the management data is accessed through a network that is independent of the network used to carry data this is called out of band network manage ment Off line data buffering This is a CAS feature that allows capture of console data even when there is no one con nected to the port Profile Usage setup of the Cyclades TS either as a Console Access Server CAS a Terminal Server or a Remote Access Server RADIUS Protocol between an authentication server and an access server to authenticate users trying to connect to the network 312 Cyclades TS Glossary RISC Reduced Instruction Set Computer This describes a computer processor architecture that uses a reduced set of instructions and achieves performance by executing those instructions very fast Most UNIX servers Sun Sparc HP IBM RS6000 Compag Alpha were designed with a processor using a RISC architecture The Intel 9 x86 architecture RS 232 A set of standards for serial communication between electronic e
214. ontiguratlon Tor T9 ie EEEE wee wes per a d ee 130 Configuration for Dial in Access iiie 130 Generating Alarms oss dev s mb UEM P re owe ei dG EA 130 Port Slave Parameters Involved with Generating Alarms 130 VIAM eEBOGI os oe ost pe pere ete e ase Meas RITU WW 130 Browser MethO d i e net etta e pe vr dev amate ate ache Poor d p eene 131 Wizard Method uis te REM By veter 132 Syslog ng Configuration to use with Alarm Feature 005 135 Alarm Sendmail Sendsms and Snmptrap 0000s eese 137 ajo CTDTDX x r TKT 144 Help Wizard Information 0 0 cece tenes 144 Help Command Line Interface Information 0 0 0 c eee aes 145 Modbus ss needed aA Ws dean a E O Ge alla esse leta eR AC RR esie anu Weta 147 NR ave cots Pesca cess canet AT ote earth buo Eaa aya eel iia eode tr asm 150 Parameters Involved and Passed Values 0 cee eee eee 151 Configuration for CAS 0 ea eee en 151 Conflguratlontmfor T9 sederet vet we ache tcr Red end 152 Configuration for Dial in Access liiis 152 Ports Configured for Dial in Access lesen 153 Ports Configured as Terminal Servers 0 ccc cece eee ees 155 TS Setup Scen ahi ne coude Lupe eR s eee eta 156 TS Setup WIZArd retd duet ree ett ese ae dea Prior s e ete 157 Serial Settings ceu et te xA Ao eR VL RR RS PR tto 160 Parameters Involved and Passed Values 0 cece eee eee 160 Cor
215. ooting Type Enter for all fields but the Console Speed When presented the following line Do you confirm these changes in flash Y es N o Q uit N Step 2 Enter Y and the changes will be saved in flash Step 3 Logout and login again to use the console at the new speed How to connect to serial ports from the browser Depending on how the serial port is configured connecting to a serial port will either open up a telnet or ssh connection A serial port configured as socket server or raw data will open up atelnet connection while socket ssh will open up assh connection Tested Environment Table 34 Windows XP JREv1 4 0 01 or 02 Internet Explorer 6 0 Success Netscape 6 6 2 3 Success Netscape 7 0 Success Mozilla 1 1 Success Table 35 Redhat 7 3 JREv1 4 0 01 or 02 Netscape 7 0 Success Mozilla 1 1 Success User Guide 292 Appendix F Upgrades and Troubleshooting Requirements Java 2 Runtime Environment JRE SE v1 4 0 010r v1 4 0 02 installed on your PC with your browser acknow ledged to use it You can first check if the browser you are using acknow ledges the Java version by On Windows From Internet Explorer Go to Tools Internet Options Advanced Scroll down and look for asection on Java There should be a checkbox that says Use Java 2 v1 4 0 If there isn t this could either mean your browser is not activated to use the Java plug in that came wi
216. or its size in bytes is imposed by the available ramdisk Remote file is sequential and its size is limited to the remote server s disk space Set to defaults y n N Screen 2 KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK xxxxxxx xx CONF IGURATIONWIZARD 5 eeeeeeqee Ck KC C CK C Ck CK Ck Ck CK KKK KKK KKK KKK KKK KR KKK CK Ck Ck Ck Ck Ck Ck Ck Kk Ck Ck kk Sk Pk Sk ke kA Kk kx kx x X INSTRUCTIONS You can 1 Enter the appropriate information for your system and press ENTER Enter if you want to deactivate that parameter or 2 Press ENTER if you are satisfied with the value within the brackets and want to go on to the next parameter or 3 Press ESC if you want to exit CONF NFS DATA BUFFERING This parameter applies only if users choose to remotely buffer data This is the remote directory name where data buffering wi be written to instead of the default directory var run If deactiva vated data buffering wi be done locally conf nfs data buffering ALL DATA BUFFERING For local data buffering this para meter represents the maximum file size in bytes allowed to be captured before it is discarded for new space If re User Guide 116 Chapter 3 Additional Features mote this parameter is just a flag to either activate any value greater than 0 or deactiva
217. ork Access You will need to have aNIC card installed in your PC to provide an Ethernet port and have network access Task List There are eight key tasks that you will need to perform to install and configure the Cyclades TS Task 1 Connect the Cyclades TS to the Network and other Devices Task 2 Configure the COM Port Connection and Log In Task 3 Modify the System Files Task 4 Edit the pslave conf file Task 5 Activate the changes Task 6 Test the configuration Task 7 Save the changes Task 8 Reboot the Cyclades TS User Guide 31 Chapter 2 Installation and Configuration The Wizard The eight key tasks can also be done through a wizard in the 2 1 plus versions of the Cyclades TS Basic Wizard The Basic Wizard will configure the following parameters P Address e Netmask Default Gatew ay DNS Server Domain Basic Wizard access is covered in the Quick Start in this chapter and also in Configuration Wizard Basic Wizard in Chapter 3 Additional Features Custom Wizard Further configuration of the Cyclades TS can be done through one of several customized wiz ards These procedures are explained under their respective topic heading in Chapter 3 Additional Features There are custom wizards for the following optional configurations e Access Method Generating Alarms e Authentication e Data Buffering Help e Serial Settings e Session Sniffing
218. ormation saved on it even after the Cyclades TS is turned off Once it is turned on again the saved information can be recovered If y is entered the screen will display an explanation of what saving to flash means Flash refers to a type of memory that can be erased and repro grammed in units of memory known as blocks rather than one byte at a time thus making updating to memory easier If you choose to save to flash your configurations thus far will Still be in the memory of the TS even after you reboot it If you don t save to flash and if you were to reboot the system all your new configurations will be lost and you will have to reconfigure the TS User Guide 64 Chapter 3 Additional Features Do you want to save your configurations to flash Y N N Step 13 Type y if you want to save to flash Type n if you don t want to save to flash You can now continue TS configurations using the Web browser by typing in the IP address of the TS Using the Wizard through your Browser The Web interface supports wizards for serial ports configuration The wizard is a useful tool that simplifies configuration of serial ports The Web interface will access the following wiz ard files e etc portslave pslave wiz cas CAS e Jetc portslave pslave wiz ts TS Jetc portslave pslave wiz ras Dial in Access Jetc portslave pslave wiz auto Automation The step by step process to configuring ports for a specific pr
219. ory must be zlmage password adminpw firmware filename on that server zlmage 210 User Guide 281 Appendix F Upgrades and Troubleshooting ftp gt open server gt user admin gt Password adminpw gt cd tftpboot gt bin gt get zImage 210 zImage gt quit Note Due to space limitations the new zilmage file may not be downloaded with a different name then renamed The TS searches for a file named zlmage when booting and there is no room in flash for two zlmage files Step 4 Run zlmage To make sure the downloaded file is not corrupted or that the zl mage saved in flash is OK the user should run md5sum b proc flash zImage Step 5 Check text file information Now the user should check with the information present in the text file saved in the Cyclades site e g zimage 210 md5sum If the numbers match the downloaded file is not corrupted Step 6 Issue the command reboot reboot Step 7 Confirm that the new Linux kernel has taken over After rebooting the new Linux kernel will take over This can be confirmed by typing cat proc version to see the Linux kernel version 282 Cyclades TS Appendix F Upgrades and Troubleshooting Flash Memory Loss If the contents of flash memory are lost after an upgrade please follow the instructions below to restore your system Step 1 Turn the TS OFF then back ON Step 2 Using the console during the self test press l
220. ot user should be used as username Step 2 Only RhostsRSAAuthentication yes in sshd config Oneof the RhostsAuthentication settings described in Step 1 Client machine s host key ETC ssh host key pub copied into the TS tmp known hostsfile The client hostname plus the information inside this file must be 219 Cyclades TS Appendix A New User Background Information appended in one single line inside the file etc ssh ssh known hosts or ssh known_hosts and IgnoreUserKnownHosts no inside sshd_config The following commands can be used for example echo n client_hostname gt gt etc ssh ssh known hosts or ssh known hosts cat tmp known hosts gt gt etc ssh ssh known hosts or ssh known hosts client start up command ssh t TS ip or Serial port ip TS must be configured for local authentication No root user should be used as Note client hostname should be the DNS name To access the serial port the username Step 3 Only RSAAuthentication yes in sshd config Removal of the TS s equiv hosts and known hosts files Client identity created by ssh keygen and its public part ssh identity pub cop ied into TS s ssh authorized keys Client start up command ssh t TS ip or Serial port ip Step 4 Only PasswdAuthentication yes in sshd config Removal of the TS s equiv hosts known hosts and authorized keys files e Client startup command
221. other end male or female Connect this cable to the port labeled Console on the Cyclades TS with the RJ 45 connector end and connect the adapter end to your PC s available COM port For more detailed information on cables see Appendix B Cabling Hardware and Electrical Specifications uration Use it when the configuration is complete and you want to access the Note The modem cable is not necessary for a standard installation and config box remotely through a serial port User Guide 47 Chapter 2 Installation and Configuration Step 3 Connect Hub to PC and the Cyclades TS Your workstation and TS must be on the same physical LAN Connect one RJ 45 cable from the Ethernet port of the TS to the hub and another from the hub to the workstation used to manage the servers Step 4 Install and launch HyperTerminal Kermit or Minicom if not already installed You can obtain the latest update to HyperTerminal from http w ww hilgraeve com htpe dow nload html Task 2 Configure the COM Port Connection and Log In Step 1 Select available COM port In HyperTerminal Start gt Program gt Accessories select File gt Properties and click the Connect To tab Select the available COM port number from the Connection dropdown New Connection Properties 2 x Connect To Settings hh New Connection Change Icon Country region United States of America 11 Y Enter the area
222. p 10 0 0 1 conf eth mask 255 0 0 0 conf include etc portslave TScommon conf For the etc hostname file in unit 2 unit2 For the plsave conf file in unit 2 conf eth ip 10 0 0 2 conf eth mask 255 0 0 0 conf include etc portslave TScommon conf User Guide 104 Chapter 3 Additional Features For the etc hostname file in unit 3 unit3 For the plsave conf file in unit 3 conf eth_ip 10 0 0 3 conf eth_mask 255 0 0 0 conf include etc portslave TScommon conf The common include file for the example is con lt pa conf pa conf pa con F host config unitl rameters for unitl fo owing the rul host config unit2 rameters for unit2 fo les for pslave conf gt owing the rul host config unit3 F host config end les for pslave conf gt rameters for unit3 following the rules for pslave conf gt When this file is included unitl would read only the information between conf host config unit1 and conf host config unit2 Unit2 would use only the information between conf host config unit2 and conf host config unit3 and unit3 would use information after conf host config unit3 and before conf host config end Steps for using Centralized Configuration Step 1 Create and save the etc portslave pslave conf and etc hostname files in each Cyclades TS Step 2 Execute the command signal ras hup on each unit 105 Cyclades TS Chapter 3 Additional
223. ports on this system Type q to quit a valid port number 1 8 or anything lse to refresh Note The number of available ports depends on the system you are on Typing in a valid port number repeats this program except this time it s configuring for the port number you have chosen Typing q leads to Screen 7 Screen 7 CK CK Ck ck ck Ck ck kCck ck ckck ck ckock ck ck ck kCckck ck kckck ck ckck kCck ck kck ck kck ck kck ck kck ck ck ck ck ck ck k ck ck k ck k k kk X CONFIGURATION WIZARD eeqexx KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK kck ck kck ck ck ck ck ck ck ck ck ck ck ck ck k ck ck k ck k k kk Flash refers to a type of memory that can be erased and reprogrammed in units of memory known as blocks rather than User Guide 170 Chapter 3 Additional Features one byte at a time thus making updating to memory easier If you choose to save to flash your configurations thus far will still be in the memory of the system even after you reboot it If you don t save to flash and if you were to reboot the system all your new configurations will be lost and you will have to reconfigure the system Do you want to save your configurations to flash Y N N CLI Method To configure certain parameters for a specific serial port Step 1 Bring up the CLI At the command prompt type the following to bring up the CLI config This will show the CLI prompt config hostname gt gt Step 2 T
224. ption may be omitted To save changes made using the ipchains command execute fwset This command will save the filter configuration in the file etc network firewall and then save the file in flash mem ory To delete the changes made before fw set is executed execute fwset restore to return to the lists previously saved in etc network firewall Only the lists previously saved using fwset will then be defined This command is executed at boot to invoke the last configuration saved Another option is to edit the file etc network firewall or another file directly following the syntax defined in the file itself If the file is edited in this way the command fwset cannot be used to save and restore the configuration User Guide 126 Chapter 3 Additional Features Use ipchains save gt file name to save the lists in file name updatefiles file nam to save file name to flash memory and ipchains restore file name to restore the lists to the configuration in file name An example of the use of ipchains for a Console Access Server Referring to Figure 1 Console Access Server diagram if the administrator wishes to restrict access to the consoles connected to the Cyclades TS to a user on the workstation with IP address 200 200 200 4 a filter can be set up as shown below ipchains P input ACCEPT ipchains P output ACCEPT ipchains P forward ACCEPT ipchains A input p tcp s 200 200 200 4 d
225. ptrap v 1 Ci common arguments enterprise oid agent generic trap specific trap uptime objectID type value snmptrap v 2c 3 Ci common arguments uptime trap oid objectID type value where Ci Optional It sends INFORM PDU common arguments Required They are SNMP server IP address and community enterpriseoid Required but it can be empty agent Required but it can be empty The agent name generictrap The generic trap number 2 link down 3 link up 4 authentication failure specific trap Required The specific trap number uptime Required objectID type value Optional objectlD is the object oid You want to inform its value to server User Guide 142 Chapter 3 Additional Features If the network entity has an error processing the request packet an error packet will be returned and a message will be shown helping to pinpoint in what way the request was mal formed If there were other variables in the request the request will be resent without the bad variable For example to send a Link Down trap to server at 10 0 0 1 with interfaces iftable ifentry ifde scr snmptrap v 1 10 0 0 1 public 2 0 1 3 6 1 2 1 2 2 1 2 1 8 TS serial port number 1 is down Ci Optional It sends INFORM PDU common arguments Required They are SNMP server IP address and community enterpriseoid Required but it can be empty 143 Cyclades TS Chapter 3 Additional Fe
226. quipment defined by the Electronic Industries Association in 1969 Today RS 232 is still widely used for low speed data communication Secure Shell SSH SSH has the same functionality as Telnet see definition below but adds security by encrypt ing data before sending it through the network Server Farm A collection of servers running in the same location see Cluster SNMP Short for Simple Network Management Protocol a set of protocols for managing complex networks The first versions of SNMP were developed in the early 80s SNMP works by send ing messages called protocol data units PDUs to different parts of a network SNMP com pliant devices called agents store data about themselves in Management Information Bases MIBs and return this data to the SNMP requesters Source Webopedia Telnet Telnet is the standard set of protocols for terminal emulation between computers over a TCP IP connection It is a terminal emulation program for TCP IP networks such as the Internet The Telnet program runs on your computer and connects your PC to aserver on the network You can then enter commands through the Telnet program and they will be executed as if you were entering them directly on the server console This enables you to control the server and communicate with other servers on the network To start a Telnet session you must log in to a server by entering a valid username and password Telnet is a common way to remotely co
227. quit a valid port number 1 8 or anything lse to refresh NOTE The number of available ports depends on the system you are on Typing in a valid port number repeats this program except this time it s configuring for the port number you have chosen Typing q leads to Screen 5 Screen 5 KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK X CONFIGURATION WIZARD eeqeqee Dk CK ck Ck Ck CK Ck Ck Ck Ck CK Ck Ck C CC CC Ck KR KKK KKKKKKKKKKKKKKKKKKKKKKKKKKKKKK Flash refers to a type of memory that can be erased and reprogrammed in units of memory known as blocks rather than one byte at a time thus making updating to memory easier If you choose to save to flash your configurations thus far will still be in the memory of the system even after you reboot it If you don t save to flash and if you were to reboot the system all your new configurations will be lost and you will have to reconfigure the system Do you want to save your configurations to flash Y N N Configuration for TS vi Method Same as for CAS User Guide 189 Chapter 3 Additional Features Configuration for Dial in Access vi Method Same as for CAS The Syslog Functions This section show sthe characteristics of the Alarm for Data Buffering that is implemented for all members of the Cyclades TS family It is divided into three parts 1 Syslog ng and its Configuration 2 Syslog ng Configuration to us
228. r N o N If you type N Type c to go back and CORRECT these parameters or q to QUIT Typing c repeats the application typing q exits the entire wiz application If you type Y Type c to CONTINUE to set these parameters for specific ports or q to QUIT Typing c leads to Screen 5 typing q leads to Screen 6 85 Cyclades TS Chapter 3 Additional Features Screen 5 KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK X CONFIGURATION WIZARD exeqex CK CKCk ck ckCck ck ckck ck ckck kckck ck ckck kckckck kckck kckck kck ck KKK KKK KKK kck ck ck ck ck ck ck k ck ck k ck k k kk You have 8 available ports on this system Type q to quit a valid port number 1 8 or anything lse to refresh Note The number of available ports depends on the system you are on Typing in a valid port number repeats this program except this time it s configuring for the port number you have chosen Typing q leads to Screen 6 Screen 6 CK CK Ck ck Ck Ck ck ckck ck ckck ck ckck ck ckck ckckck ck kckck kc kck kck ck kck ck kck ck ck ck ck ck ck ck ck ck ck ck ck k ck ck k ck k k kk Kk CONFIGURATION WIZARD eee kk ck ck ck ck ck Ck Ck Ck CK kk Ck ck Ck Ck Ck kk ck ck CK ck Ck Ck Ck CK kk Ck ck ck kk ck ck kk Ck Ck ko Sk Ck Ck ko Sk ko ko kv ko x AX Flash refers to a type of memory that can be erased and reprogrammed in units of memory known as blocks rather than one byte at a time thu
229. r name of filter and select appropriate button To create a filter type in the name of the filter chain in the Name box to the far right of the page and then click the appropriate radio button to enter the default target Then click the Add chain button Button functions are listed below List rules When clicked this button brings up a page of the selected IP chain filtering rules for the selected filter chain Edit chain When clicked this button brings up a page where you can edit the selected filter chain Delete chain Lets you delete a selected filtering chain Add chain Lets you add a filtering chain User Guide 128 Chapter 3 Additional Features A new filter will be added to the Port Table Step 5 Click the General Link If you click the General link on the Link Panel gt IPChains gt Information you can view detailed information for each filter chain Name Target Packets Bytes input ACCEPT 414 35333 forward ACCEPT o D output ACCEPT 515 261861 Figure 30 IP Chains Information page General gt Information also has IP Rules and IP Statistics links IP Rules contains a table with rules on how to proceed when a datagram reaches the IP stack IP Statistics has the following page _ PStatistics Forwarding 1 DefaultTTL 64 InReceives 437 InHdrErrors 0 InAddrErrors 0 ForwDatagrams 0 InUnknownProtos 0 InDiscards 0 InDelivers 46 OutRequests 542 OutD
230. r on slave2 serial s3 567 ipno See s33 ipno 0 0 0 0 101 Cyclades TS Chapter 3 Additional Features Table 6 Master Cyclades Configuration where it differs from the CAS standard Parameter Value for this Description example etc for 568 596 The Slave Cyclades TS do not need to know they are being accessed through the Master Cyclades TS You are creating virtual terminals virtual serial ports Their port numbers however must agree with those assigned by the Master Table 7 Cyclades TS configuration for Slave 1 where it differs from the CAS standard Parameter Value for this example all protocol socket_server all authtype none conf eth ip 20 20 20 2 all socket port 7033 all authtype none Table 8 Cyclades TS configuration for Slave 2 where it differs from the CAS standard Parameter Value for this example all protocol socket_server all authtype none conf eth ip 20 20 20 3 all authtype none all socket port 7301 User Guide 102 Chapter 3 Additional Features To access ports from the remote management workstation use telnet with the secondary IP address telnet 209 81 55 110 7001 to access the first port of the Master Cyclades TS telnet 209 81 55 110 7033 to access the first port of Slave 1 telnet 209 81 55 110 7065 to access the first port of Slave 2 Note Socket port
231. r the appropriate information for your system and press ENTER Enter if you want to deactivate that parameter or 2 Press ENTER if you are satisfied with the value User Guide 94 Chapter 3 Additional Features within the brackets and want to go on to the next parameter or 3 Press ESC if you want to exit ALL ACCTHOST2 This IP address indicates where the SECOND Radius or TacacsPlus accounting server is located all accthost2 200 200 200 3 ALL RADTIMEOUT This is the timeout in seconds for a Radius or TacacsPlus authentication query to be answered all radtimeout 3 Screen 5 KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK x xxxxxx xx CONFIGURATION WIZARD eeqeqeex Ck Ck kk Ck CK C Ck CC Ck CK KKK KKK KKK KKK KE KKK Ck Ck CK Ck Ck Ck Ck Ck Ck Ck Sk Ck Ck kk Sk Pk Sk ke Pk A kx kx x INSTRUCTIONS You can 1 Enter the appropriate information for your system and press ENTER Enter if you want to deactivate that parameter or 2 Press ENTER if you are satisfied with the value within the brackets and want to go on to the next parameter or 3 Press ESC if you want to exit ALL RADRETRIES This defines the number of times each Radius or TacacsPlus server is tried before another is contacted all radretries 5 ALL SECRET This is the shared secret necessary for communication b
232. rameter all accthost1 Description This address indicates the location of the Radius TacacsPlus accounting server which can be used to track how long users are connected after being authorized by the authentication server Its use is optional If this parameter is not used accounting will not be performed If the same server is used for authentication and accounting both parameters must be filled with the same address A second Radius TacacsPlus accounting server can be configured with the parameter all accthost2 Value for this Example 200 200 200 2 all radtimeout This is the timeout in seconds for a Radius TacacsPlus authentication query to be answered The first server authhost1 is tried radretries times and then the second authhost2 if configured is contacted radretries times If the second also fails to respond Radius TacacsPlus authentication fails all radretries Defines the number of times each Radius TacacsPlus server is tried before another is contacted The default if not configured is 5 all secret This is the shared secret necessary for communication between the Cyclades TS and the Radius TacacsPlus servers rad secret all flow This sets the flow control to hardware software or none hard all protocol The default CAS setup was explained in Chapter 2 Task 4 Edit the pslave conf file The TS configuration settings are in Table 31 TS Parameters
233. rately sophisticated stack of modules with a number of different paths of execution Which path is taken can be determined by the reactions of individual modules Ignore When used with a stack of modules the module s return status will not contribute to the return code the application obtains Bad This action indicates that the return code should be thought of as indicative of the module failing If this module is the first in the stack to fail its status value will be used for that of the whole stack Die Equivalent to bad with the side effect of terminating the module stack and PAM immediately returning to the application 267 Cyclades TS Appendix D Linux PAM OK Done This tells PAM that the administrator thinks this return code should contribute directly to the return code of the full stack of modules In other words if the former state of the stack would lead to a return of PAM_SUCCESS the module s return code will override this value Note if the former state of the stack holds some value that is indicative of a module failure this OK value will not be used to override that value Equivalent to OK with the side Oeffect of terminating the module stack and PAM immediately returning to the application Clear all memory of the state of the module stack and start again with the next stacked module Module Path Module Path is the path name of the dynamically loadable object file the pluggable module itself If the f
234. rectory pwd Supplies the name of the current directory While logged in the user is always in a directory The default initial directory is the user s home directory 213 Cyclades TS Appendix A New User Background Information home lt username gt s options directory name Lists the files and directories within directory name Some useful options are 4 for more detailed out put and a which shows hidden system files cd directory name Changes the directory to the one specified cat file name Prints the contents of file name to the screen Shortcuts one dot Represents the current directory two dots Represents one directory above the current directory i e one directory closer to the base directory The vi Editor To edit a file using the vi editor type vi file name Vi is a three state line editor it has a command mode a line mode and an editing mode If in doubt as to which mode you are in press the lt ESC gt key which will bring you to the com mand mode Table 13 vi modes Mode What is done there How to get there Command mode Navigation within the open file Press the lt ESC gt key Editing mode Text editing See list of editing commands below User Guide 214 Appendix A New User Background Information Table 13 vi modes What is done there File saving opening etc Exiting from vi How to get there From the command mode type co
235. rface CLI only for certain configuration parameters User Guide 16 Introduction and Overview With the Cyclades TS set up as a Console Access Server you can access a server connected to the Cyclades TS through the server s serial console port from a workstation on the LAN or WAN There is no authentication by default but the system can be configured for authentica tion to be performed by a Radius server a TacacsPlus server or even by a local database Either telnet or ssh a secure shell session can be used See Appendix A New User Back ground Information for more information about ssh The instructions in Chapter 2 Installa tion and Configuration will set up a default fully functional CAS environment More options can be added after the initial setup as illustrated in Chapter 3 Additional Features Console Access Server An example of a CAS environment is shown in Figure 1 Console Access Server diagram This configuration example has local authentication an Ethernet interface provided by a router and serially connected workstations T51000 Ethernet Interface IP Address 200 200 200 1 Authentication Ethernet Interface 200 200 200 5 TS1000 Socket Port 7002 192 168 1 102 Connections Socket Port Speed 9 6K 7008 192 168 1 108 M Workstation Socket Port 7001 192 168 1 101 Figure 1 Console Access Server diagram 17 Cyclades TS Introduction and Overview The following
236. ring into files When nonzero the contents of the data buffer are sent to the Syslog ng every time a quantity of data equal to this parameter is collected The syslog level for data buffering is hard coded to level 5 notice and facility User Guide 118 Chapter 3 Additional Features conf DB facility The file etc syslog ng syslog ng conf should be set accordingly for the syslog ng to take some action Please see the Syslog ng Configuration to use with Syslog Buffering Feature section under Generating Alarms in Chapter 3 of the system s manual for the syslog ng configuration file all syslog buffering 0 Screen 5 KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK kckck kck ck kck ck ckck ck ck ck ck ck ck k ck ck kk k kk kk X cCONFIGURATIONWIZAR D eeEaxr KKKKKKKKKKKKKKKKKKKKKKKKKKKKK KKK kckck kck ck ckck ck ckck ck ck ck ck ck ck k ck ck k ck k kk kk Your current configuration parameters are The ones with the means it s not activated onf nfs data buffering 4 ll data buffering 0 ll1 DB mode cir ll dont show DBmenu 0 ll DB timestamp 0 c a a a a all syslog buffering 0 Are these configuration s all correct Y es or N o N Note The number of available ports depends on the system you are on Typing in a valid port number repeats this program except this time it s configuring for the port number you have chosen Typing q leads to Screen 7
237. ronmental conditions lees 225 20 Cyclades TS physical specifications lle eene 226 21 Cyclades TS safety specifications 0 cece tees 226 22 Cables and their pin specifications 0 cece 229 23 Whhich cable to Use 85 ec lay elie ed ED ER ael ladda E SE enor ee 230 24 TS100 Connector pin assignment 0 ccc eee teens 237 User Guide 309 List of Tables 25 Parameters Common to CAS TS amp Dial in Access 00 0 e eae 241 26 Mostly CASspecific Parameters lsiiiee a 245 24 TS Paraimeters 5 3n aet trei e Mannie ode PUTET ae P RUE Roe aee Red oet 257 28 Dialin configuration Parameters 0 0 c eee tee a 259 29 Files to be included in etc config file and the program to use 284 30 Windows XP JREv1 4 0 010r02 sssseseeeeee nen 292 31 Redhat 7 3 JREv1 4 0 010r02 ssisssssssssee eee 292 32 CPU LED Code Interpretation 297 33 Required information for the OpenSSL package sssesssssssss 298 310 Cyclades TS Glossary Authentication Authentication is the process of identifying an individual usually based on a username and passw ord In security systems authentication is distinct from authorization which is the pro cess of giving individuals access to system objects based on their identity Authentication merely ensures that the individual is who he or she claims to be but says nothing about the access rights of the individual Source
238. roups Conner ation Administration Set Date Time Active Sessions This section constains the administration tools Process ue Logout Exits the Web Management Service Restart Processes Web User Reboot Resets the equipment Management Send Message Send messages to the users logged or to a determined serial port sers Port Conversation aoe Pi n Does a Port Conversation through a determined serial port gt i aaa WT A AAAA AEA A TESST TTS TDR OARA Figure 18 Configuration and Administration page Step 3 Select the Serial Ports link Click on the Serial Ports link on the Link Panel to the left of the page or in the Configuration section of the page This will take you to the Port Selection page 69 Cyclades TS Chapter 3 Additional Features Serial Port Configuration Logical Port Au ports Figure 19 Port Selection page Step 4 Select port s On the Port Selection page choose all ports or an individual port from the dropdown menu a Ala m d nu g top Rehesh Home Search Favorites Hitoy Mai CAS profile button Figure 20 Serial Port Configuration page top Step 5 Click the CAS profile button Click the CAS profile button in the wizards section then click the Submit button This will take you to the Serial Port Configuration page Step 6 Scroll down to the Profile section You can ch
239. rt value 7002 etc One example on how this could be used is in the case of all protocol or s n protocol socket ssh and the port value 7001 7002 etc if supplied by the ssh client like username port value the ssh client will be directly connected with the serial interface For TS the all socket port s lt n gt socket_port for the TS profile can be 23 default value This means that the TS will initiate a telnet session against a given host If it is a different value there will be pure raw data between the client TS for that serial port and the host The all protocol s lt n gt protocol HAS to be configured as socket client In summary TS profile all protocol is socket client raw mode all socket port is NOT 23 248 Cyclades TS Appendix C The pslave Configuration File Table 30 Mostly CAS specific Parameters Value for this Parameter Description Example all data_ A non zero value activates data buffering local or 0 buffering CAS remote according to what was configured in the parameter conf nfs_data_buffering see Data Buffering in Chapter 3 If local data buffering a file is created on the Cyclades TS if remote a file is created through NFS in a remote server All data received from the port is captured in this file If local data buffering this parameter means the maximum file size in bytes If remote this parameter is just a flag to activate greater than zero or deactivate data bufferi
240. s Modem Cable n n Crdede Tre Rj45Suoightthnugh a Sun Netra adapter pan eC Cable EE Manual e Ao Wey RJ 45 to DB 25 M amp Fadapters Figure 3 The Cyclades TS3000 and cables 19 Cyclades TS Introduction and Overview Back View maw E ils oi ole ls oe 123 1 1 IS li Wall Outlet A i Power Cable TEE Loop back Connector Mounting Kit RJ 45 to DB 9 Modem Cable M amp Fadapters RJ 45 Straight through Cyclad TS Series j J Pte moe Sun Netra ada pter rr mW Manual Noy NA RJ 45 to DB 25 M amp Fadapters CAT Se E COUPLER all E od Figure 4 The Cyclades 192000 and cables User Guide 20 Introduction and Overview Back View LU 2 3 4 8 T s 9 iD n i2 5 4 Comme mes Wall Outlet s Power Cable Loop back Connector RJ 45 to DB9 Modem Cable E re F adapters RJ 45 Straight through Sun Netra adapter Cable RJ 45 to DB25 M amp Fadapters Figure 5 The Cyclades TS1000 and cables 21 Cyclades TS Introduction and Overview Back View On Off gt Be Ct ad Call Switch uw Q Outlet Power Cable v RJ 45to DB 9 liz M amp Fadapters OR TEE gt Loop back onnector Mounting Kit mE Modem Cable RJ 45 Stra ight through Cable Sun Netra adapter Man
241. s making updating to memory easier If you choose to save to flash your configurations thus far will still be in the memory of the system even after you reboot it If you don t save to flash and if you were to reboot the system all your new configurations will be lost and you will have to reconfigure the system Do you want to save your configurations to flash Y N N User Guide 86 Chapter 3 Additional Features Configuration for Dial in Access Parameters and Passed Values The parameters that need to be configured are confpppd conffacility allipno allinitchat all autoppp 87 Location of the ppp daemon with Radius Example value usr local sbin pppd This value 0 7 is the Local facility sent to the syslog The file etc syslogng syslog ng conf contains a mapping between the facility number and the action Example value 7 This is the default IP address of the Cyclades TS s serial ports Any host can access a port using its IP address as long as a path to the address exists in the host s routing table An example value would be 192 168 1 101 The indicates that the first port should be addressed as 192 168 1 101 and the following ports should have consecutive values Modem initialization string Example value TIMEOUT 10 d dATZ OK r n ATZ OK r n V ATMO OK R N ATIMEOUT 3600 RING ASTATUS Incoming 90p ILHANDSHAKE ATAATIMEOUT 60 CONNECTQ X STATUS Connected p l HA
242. s root pwd is tslinux This will take you to the Configuration and Administration page Select the General link Click on the General link on the Link Panel to the left of the page in the Configuration section This will take you to the General page Scroll down to the Data Buffering section You can change the Data Buffering Facility value conf DB facility Click the Submit button Select the Serial Ports link Click on the Serial Ports link on the Link Panel to the left of the page in the Configuration section This will take you to the Port Selection page Select port s On the Port Selection page choose all ports or an individual port to configure from the dropdown menu Click the Submit button This will take you to the Serial Port Configuration page Scroll down to the Data Buffering section You can change the Alarm for Data Buffering alarm value Click the Submit button Select the Syslog link Click on the Syslog link on the Link Panel to the left of the page in the Configuration section This will take you to the Edit the Syslog ng Configuration File page Cyclades TS Chapter 3 Additional Features Wizard Method The Alarm Generation custom wizard configures the ALL ALARM parameter Step 1 Bring up the wizard At the command prompt type the following to bring up the Alarm Generation custom wizard wiz al Screen 1 below will appear Screen 1 KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK
243. s the tty parameter CLOCAL Valid values are 0 or 1 In asocket session if all dcd 0 a connection request telnet or ssh will be accepted regardless of the DCD signal and the connection will not be closed if the DCD signal is set to DOWN Ina socket connection if all dcd 1 a connection request will be accepted only if the DCD signal is UP and the connection telnet or ssh will be closed if the DCD signal is set to DOWN Value for this Example all modbus_ smode Communication mode through the serial ports This parameter is meaningful only when modbus protocol is configured The valid options are ascii normal TX RX mode and rtu some time constraints are observed between characters while transmitting a frame If not configured ASCII mode will be assumed commented all issue CAS and TS This text determines the format of the login banner that is issued when aconnection is made to the Cyclades TS n represents a new line and r represents a carriage return Expansion characters can be used here Value for this Example r n TSLINUX Portslave Internet Services n r n Welcome to terminal server h port S p n r n Customer Support 510 770 9727 www cyclades com n r n See Description column all prompt CAS and TS This text defines the format of the login prompt Expansion characters can be used here h login 246 Cyclades TS Appendix C The pslave Configuration File
244. s tried only when the TacacsPlus server is down An example value would be radius User Guide 55 Chapter 2 Installation and Configuration all protocol For the console server configuration the possible protocols are e socket server when telnet is used e socket ssh when ssh version one or two is used raw data to exchange data in transparent mode similar to socket server mode but without telnet negotiation breaks to serial ports etc An example value would be SoCket server The Authentication feature See Authentication in Chapter 3 Additional Features Task 5 Activate the changes Execute the following command in HyperTerminal to activate the changes signal ras hup Task 6 Test the configuration Now you will want to make sure that the ports have been set up properly Step 1 Ping the TS from a DOS prompt Open a DOS window type in the following and then press Enter ping IP you assigned to the TS gt An example would be ping 192 168 160 10 If you receive a reply your TS connection is OK If there is no reply see Appendix F Softw are Upgrades and Troubleshooting User Guide 56 Chapter 2 Installation and Configuration Step 2 Telnet to the server connected to the first port of the Cyclades TS This will only work if you selected socket server as your all protocol parameter While still in the DOS window type the following and then press Enter telnet lt IP you ass
245. sages has been written to it owner name group name perm mask Equals global options template string Syslog ng writes the string in the file You can use the MACROS in the string User Guide 196 Chapter 3 Additional Features encrypt yes no Encrypts the resulting file compress yes no Compresses the resulting file using zlib b pipe filename options This driver sends messages to a named pipe Available options owner name group name perm mask Equals global options template string Syslog ng writes the string in the file You can use the MACROS in the string c unix stream filename and unix dgram filename This driver sends messages to a UNIX socket in either SOCKET STREAM or SOCK DGRAM mode d udp ip address gt port number and tcp lt ip address gt port number This driver sends messages to another host ip address port using either UDP or TCP pro tocol e usertty username This driver writes messages to the terminal of a logged in username f program program name and arguments This driver fork s executes the given program with the arguments and sends messages down to the stdin of the child Some Examples of Defining Actions 1 To send e mail destination ident pipe dev cyc alarm template sendmail lt pars gt where ident uniquely identifies this destination Parameters lt ame lt name gt To address lt names n
246. sponding error is written to the system log files with a call to syslog 3 Directory based Configuration It is possible to configure libpam via the contents of the etc pam d directory This is more flexible than using the single configuration file In this case the directory is filled with files each of which has a filename equal to a service name in lower case the personal configura tion file for the named service The Cyclades TS Linux PAM was compiled to uses both etc pam d and etc pam conf in sequence In this mode entries in etc pam d override those of etc pam conf The syntax of each file in etc pam d is similar to that of the etc pam conf file and is made up of lines of the following form module type control flag module path arguments The only difference between the two is that the service name is not present The service name is of course the name of the given configuration file For example etc pam d login contains the configuration for the login service 271 Cyclades TS Appendix D Linux PAM Default Policy If a system is to be considered secure it had better have a reasonably secure OTHER entry The following is a severe setting which is not a bad place to start default deny access OTHER auth required pam_deny so OTHER account required pam_deny so OTHER password required pam_deny so OTHER session required pam_deny so While fundamentally a secure def
247. ss a none com with subject ALARM The message will carry the current date the hostname of this unit and the message that was received from the source destination d_maill pipe dev cyc alarm template sendmail t z none com f a none com s ALARM m SFULLDATE S HOST SMSG h 10 0 0 2 I H 135 Cyclades TS Chapter 3 Additional Features Example to send a pager to phone number 123 Pager server at 10 0 0 1 with message carrying the current date the hostname of this TS and the message that was received from the source destination d_pager pipe dev cyc alarm I template sendsms d 123 m SFULLDATE HOST SMSG 10 0 0 1 r Example to send a Link Down trap to server at 10 0 0 1 with message carrying the current date the hostname of this unit and the message that received from the source destination d_trap pipe dev cyc_alarm template snmptrap vl 10 0 0 1 public N N 2 Q NONN 1 3 6 1 2 1 2 2 1 2 1 s SFULLDATE HOST MSGN t To send e mail and snmptrap if message received from local syslog client has the string kernel panic log source sysl filter f kpanic destination d maill destination d trap To send e mail and pager if message received from local Syslog client has the string root login log source sysl filter f root
248. ssion inet or if ssh will be e DCD si he DCD signal and the connection is set to DOWN Ina 1 dcd 1 DCD signal closed gna a connection request will is UP and the connection if the DCD signal is set to KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK CONF IGURATIONWIZARD 5 cer Ck kk Ck CK Ck Ck Ck Ck CK Ck Ck Ck Ck Ck CC Ck CK KKK KKK KE KKK Ck Ck CK Sk Ck Ck Ck Ck Ck kk Sk Kk Sk kx ke A kx kx o INST You RUCTIO can nter t nd press eactivate s NS ENTER Enter t Press E NTER if ithin the ext Bg ws Z NPO DL G ress parameter bracke or ESC if you want ALL DTR_R P SET millisecon turned on T active ds again after a timeout This pa a DTR sig If set to 0 his may be dangerous port that a previous user was The user may previous user s shell you a ts all DTR reset 100 165 Y he appropriate information for your system if you want to hat parameter or re satisfied with the value and want to go on to the to exit in rameter specifies how long nal will be turned off before it is this parameter will NOT be when a user connects to a on but had lost the session directly connect into the A minimum of 100ms is required Cyclades TS Chapter 3 Additional Features ALL STTYCMD Tty settings after a socket connection to
249. st of the text These terms have a hypertext link to the glossary User Guide 12 Preface Note Box Icons Note boxes contain instructional or cautionary information that the reader especially needs to bear in mind There are five levels of note box icons Tip An informational tip or tool that explains and or expedites the use of the CycladesTS l A Important An important tip that should be read Review all of these notes for critical information Warning A very important type of tip or warning Do not ignore this information K DANGER Indicates a direct danger which if not avoided may result in personal injury or damage to the sys tem Security Issue Indicates security related information where it is rele vant 13 Cyclades TS Preface Quick Steps Step by step instructions for installing and configuring the Cyclades TS are numbered with a summarized description of the step for quick reference Underneath the quick step is a more detailed description Steps are numbered 1 2 3 etc Additionally if there are sub steps to a step they are indicated as Step A B C and are nested within the Step 1 2 3 etc For exam ple Step 1 Modify files You will modify four Linux files to letthe Cyclades TS know about its local environment Step A Modify pslave conf Open the file plsave conf and add the following lines User Guide 14 Pr
250. t Confirm that the Radius server is reachable From the console ping 200 200 200 2 to make sure the Radius authentication server is reachable Confirm physical connections Make sure that the physical connection between the Cyclades TS and the modems is correct The modem cable provided with the product should be used Please see Appendix B Cabling Hardware and Electrical Specifications for pinout diagrams Confirm modem settings The Cyclades TS has been set for communication at 57600 bps 8N1 The modems should be programmed to operate at the same speed on the DTE interface Confirm routing Also make sure that the computer is configured to route console data to the serial console port Perform a test dial in Try to dial in to the Cyclades TS from a remote computer using the username and password configured in step one The computer dialing in must be configured to receive its IP address from the remote access server the Cyclades TS in this case and to use PAP authentication Activate changes Now continue on to Task 5 Activate the changes through Task 8 Reboot the Cyclades TS listed in Chapter 2 Installation and Configuration Important TS100 owners please skip to the special section on the TS100 later in the installation chapter Configuring the Cyclades TS100 for the first time then perform Task 5 Activate the changes on page 56 through Task 8 Reboot the Cyclades TS on page 57 listed i
251. t and allow reading w riting to this direc tory The size of this file is not limited by the value of the parameter s1 data buffering though the value cannot be zero since a zero value turns off data buffering Ramdisks Since version 1 3 2 of the Cyclades TS software additional ramdisks can be created and used for example to buffer data This removed the previous 700 kbyte restriction for all TS ports Data buffering files are created in the directory var run DB Previously data buffering files were named ttyS lt nn gt data where nn is the port number Now if the parameter s lt nn gt serverfarm is configured for the port nn this name will be used For example if the serverfarm is called bunny the data buffering file will be named bunny data User Guide 110 Chapter 3 Additional Features The shell script bin build DB ramdisk creates a 4 Mbyte ramdisk for the TS3000 Use this script as a model to create customized ramdisks for your environment Any user created scripts should be listed in the file etc user_scripts because rc sysinit executes all shell scripts found there This avoids changing rc sysinit itself Linear vs Circular Buffering For local data buffering this parameter allow users to buffer data in either a circular or linear fashion Circular format cir is a revolving buffer file that is overwritten whenever the limit of the buffer size set by all data buffering is reached In linear format lin data
252. t Esc gt after the Ethernet test Step 3 When the Watch Dog Timer prompt appears press lt Enter gt Step 4 Choose the option Network Boot when asked Step 5 Enter the IP address of the Ethernet interface Step 6 Enter the IP address of the host where the new zlmage file is located Step 7 Enter the file name of the zImage file on the host Step 8 Select the TFTP option instead of BOOTP The host must be running TFTPD and the new zlmage file must be located in the proper directory e g tftpboot for Linux Step 9 Accept the default MAC address by pressing Enter The TS should begin to boot off the network and the new image will be downloaded and begin running in RAM At this point follow the upgrade steps above login cd proc flash ftp and so forth to save the new zImage file into flash again wrong zlmage file downloaded as ASCII instead of binary problems with flash Note Possible causes for the loss of flash memory may include downloaded memor y User Guide 283 Appendix F Upgrades and Troubleshooting If the Cyclades TS booted properly the interfaces can be verified using ifconfig and ping If ping does not work check the routing table using the command route Of course all this should be tried after checking that the cables are connected correctly The file etc config files contains a list of files acted upon by saveconf and restoreconf If a file is missing it will not be loaded onto t
253. t is receiving the DTR signal sent through the DCD and DSR pins When Ctrl R is typed the Xs in the RTS and CTS columns should move together If the Xs change position as described the signals are being sent and received correctly Single User Mode The Cyclades TS has a single user mode used when The name or password of the user with root privileges is lost or forgotten After an upgrade or downgrade which leaves the Cyclades TS unstable e After a configuration change which leaves the Cyclades T S inoperative or unstable Type the word single with a blank space before the word during boot using a console con nection This cannot be done using a telnet or other remote connection The initial output of the boot process is shown below Entry Point 0x00002120 loaded at 00002120 0000D370 relocated to 00300020 0030B270 board data at 003052C8 0030537C relocated to 002FF120 002FF1D4 zimage at 00008100 0006827E 288 Cyclades TS Appendix F Upgrades and Troubleshooting relocated to 00DB7000 00E1717E initrd at 0006827E 0024F814 relocated to 00E18000 OOFFF596 avail ram 0030B270 00E18000 Linux PPC load root dev ram After printing Linux PPC load root dev ram the Cyclades TS waits approximately 10 sec onds for user input This is where the user should type lt sp gt single spacebar then the word single When the boot process is complete the Linux prompt will app
254. t mandatory i interval Check time every interval seconds 1 Attempt to lock local clock to server using adjtimex 2 p port Local NTP client UDP port T Replay analysis code based on stdin s Clock set if count is not defined this sets count to 1 Configuration for CAS vi Method Files to be changed etc ntpclient conf 151 Cyclades TS Chapter 3 Additional Features Browser Method To configure NTP with your browser Step 1 Point your browser to the TS In the address field of your browser type 192 168 160 10 Step 2 Log in Log in as root pwd is tslinux This will take you to the Configuration and Administration page Step 3 Click on the Edit Text File link Click on this link on the Link Panel or on the Configuration section of the Configuration and Administration page See Figure 18 Configuration and Administration page You can then pull up the appropriate file and edit it Step 4 Go to Configuration Host Table Create update the entry ntphost Step 5 Go to Configuration Edit Text File Edit file and insert all parameter options needed Configuration for TS vi Method Same as for CAS Configuration for Dial in Access vi Method Same as for CAS User Guide 152 Chapter 3 Additional Features Ports Configured for Dial in Access The Cyclades TS can be configured to accommodate out of band management Ports can be configured on the Cyclades TS to allow amodem user to acc
255. tc inittab See Configuring the Cyclades TS100 for the first time at the Important If you have the Cyclades TS100 you will be modifying an additional A end of this chapter for instructions specific to this model The five Linux files must be modified to identify the TS and other devices it will be communi cating with The operating system provides the vi editor which is described in Appendix A New User Background Information for the uninitiated The Cyclades TS runs Linux a UNIX like operating system and those not familiar with it will want to refer to Appendix A Step 1 Type root and press Enter Step 2 At the password prompt type tslinux Press Enter Step 3 Modify etc hostname In HyperTerminal type vi etc hostname without the quotes and press Enter Arrow over the existing text in the file type r for replace and type the first number of the model of your Cyclades TS Or you can replace the default naming convention with anything you d like for your hostname When finished press the Esc key to return to command mode then type colon and then wq and press Enter This will save the file The only entry in this file should be the hostname of the Cyclades TS An example is shown in the following figure The 50 Cyclades TS Chapter 2 Installation and Configuration HyperTerminal screen is shown in this first example for clarity however for the other Linux files we will
256. te data buffering all data buffering 0 Screen 3 KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK X CONF IGURATIONWIZARD eeeeek KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK INSTRUCTIONS You can 1 Enter the appropriate information for your system and press ENTER Enter if you want to deactivate that parameter or 2 Press ENTER if you are satisfied with the value within the brackets and want to go on to the next parameter or 3 Press ESC if you want to exit ALL DB MODE For local data buffering this parameter allow users to buffer data in either a circular or linear fashion Circular format cir is a revolving buffer file that is overwritten when ever the limit of the buffer size set by all data buffering is reached In linear format lin data tranmission between the remote device and the serial port ceas once the 4k bytes Rx buffer in the kernel is reached Then if a session is established to the serial port the data in the buffer is shown dont show DBmenu must be 2 cleared and data transmission is resumed Linear buffering is impossible if flow control is set to none Default is cir Fh Fh all DB mode cir ALL DONT SHOW DBMENU When 0 a menu with data buffering options is shown when a non empty data buffering file is found When 1 the data buffering menu is not s
257. tem for the port number associ ated with the well known service sms as defined in etc services If that doesn t return an answer the compiled in default value 6701 will be used Required The host name or IP address of the computer where the SMS gatew ay server process is running By default this server will be listening on TCP port 6701 Upon success when the server module reports that the message was successfully sent sendsms returns 0 When a problem occurs anon zero value is returned Different return values indicate different problems A return value of 1 indicates a general failure of the client program Cyclades TS Chapter 3 Additional Features COPY RIGHT SMSLink is c Les Ateliers du Heron 1998 by Philippe Andersson Example to send a pager message to phone number 123 Pager server at 10 0 0 1 with mes sage sendsms d 123 m Hi This is a test message send from TS using sendsms 10 0 0 1 Snmptrap Snmptrap is an SNMP application that uses the TRAP PDU Request to send information to a network manager One or more fully qualified object identifiers can be given as arguments on the command line A type and a value must accompany each object identifier Each variable name is given in the format specified If any of the required version 1 parameters enter prise oid agent and uptime are specified as empty it defaults to 1 3 6 1 4 1 3 1 1 host name and host uptime respectively Synopsis snm
258. ter appearing later in the pslave conf file or vice versa Power Users To find out what to input for these three parameters so that you can configure what you need go the appropriate appendix where you will find a complete table with an explanation for each parameter You can use the templates from that same Appendix pslave conf cas etc as reference confeth ip This is the IP address of the Ethernet interface An example value would be 200 200 200 1 54 Cyclades TS Chapter 2 Installation and Configuration allauthtype This parameter controls the authentication required by the Cyclades TS The authentication required by the device to which the user is connecting is controlled separately There are several authentication type options local authentication is performed using the etc passwd file radius authentication is performed using a Radius authentication server TacacsPlus authentication is performed using a TacacsPlus authenti cation server local radius authentication is performed locally first switching to Radius if unsuccessful none no authentication radius local the opposite of the previous option RadiusDownLocal local authentication is tried only when the Radius server is down local TacacsPlus authentication is performed locally first switching to TacacsPlus if unsuccessful TacacsPlus local the opposite of the previous option TacacsPlusDownLocal local authentication i
259. th the JRE you have installed or it just means that you don t have any JRE installed in which case please install and repeat the check If you have already installed JRE and you just want to activate your browser to use it go to your system s Control Panel Java Plug in icon Browser check on the browser s you want to activate to use the Java Plugin Now repeat the check to see if your browser will now use the correct Java Plugin From Netscape or Mozilla Check to see if Java is enabled Go to Edit Preferences gt Advanced Check on Enable Java To see what version of JRE Plug in is used go to Help gt About Plugins Scroll down to Java Plugin section Check if the Java Plug in is the version you have installed Tip When installing Netscape 7 0 it will ask if you want to install Sun Java If you click on the box to install it a version of JRE will be installed into your sys tem however this does not mean that other brow sers such as IE will recognize it If you choose not to install Sun Java through Netscape but do it separately Netscape 7 0 should automatically detect the JRE and this can be checked by the instructions mentioned aboveCyclades TS On Linux From Netscape or Mozilla Check to see if Java is enabled Go to Edit Preferences gt Advanced Check on Enable Java To see what version of JRE Plug in is used go to Help gt About Plugins Scroll down to Java Plugin section Check if t
260. tication was set to none the Cyclades TS will not authenticate the user However the Linux Server receiving the connection will Create anew user on the server called test and provide him with the password test Confirm that the server is reachable From the console ping 200 200 200 3 to make sure the server is reachable Check physical connections Make sure that the physical connection between the Cyclades TS and the terminals is correct A cross cable not the modem cable provided with the product should be used Please see the Appendix B Cabling Hardware and Electrical Specifications for pin out diagrams Confirm that terminals are set to same parameters as the A CTS The AlterPath Console Server Cyclades TS has been set for communication at 9600 bps 8N1 The terminals must also be configured with the same parameters Log onto server with new username and password From a terminal connected to the Cyclades TS try to login to the server using the username and password configured in step one Activate changes Now continue on to Task 5 Activate the changes through Task 8 Reboot the Cyclades TS listed in Chapter 2 Installation and Configuration User Guide 156 Chapter 3 Additional Features TS Setup Wizard The Wizard can be used to configure TS specific parameters TSO stands for TS Other other parameters specific to the TS profile Step 1 At the command line interface type the following
261. tion requested by this serial port That application usually is telnet 23 The all socket port s n socket port for the TS profile can be 23 default value This means that the TS will initiate a telnet session against a given host If it is a different value there will be pure raw data between the client TS for that serial port and the host The all protocol s lt n gt protocol HAS to be configured as socket client In summary TS profile all protocol is socket client raw mode all socket port is NOT 23 Username used when connected to a UNIX server from the user s serial terminal 80 Chapter 3 Additional Features allissue This text determines the format of the login banner that is issued when a connection is made to the Cyclades TS n represents a new line and r represents a carriage return Expansion characters can be used here Value for this Example NrMnN Welcome to terminal server Sh port S p n r n r n Customer Support 510 770 9727 www cyclades com n r n all prompt This text defines the format of the login prompt Expansion characters can be used here Example value h login all term This parameter defines the terminal type assumed when performing rlogin or telnet to other hosts Value for this example vt100 CLI Method To configure certain parameters for a specific serial port Step 1 Bring up the CLI At the command prompt type the following to bring up the CLI config Th
262. tiple_ sessions CAS Valid for all serial ports must be yes or no If itis not defined the default will be no Please see Session Sniffing in Chapter 3 for details no all escape_char CAS This parameter determines which character must be typed to make the session enter menu mode The possible values are lt CTRL a gt to lt CTRL z gt Represent the CTRL with This parameter is only valid when the port protocol is socket_server or socket_ssh Default value is z all tx interval CAS Valid for protocols socket server and raw data Defines the delay in milliseconds before transmission to the Ethernet of data received through a serial port If not configured 100ms is assumed If set to zero or a value above 1000 no buffering will take place 100 User Guide 253 Appendix C The pslave Configuration File Table 30 Mostly CAS specific Parameters Parameter all idletimeout CAS Description Valid only for the CAS configuration protocols Socket server socket ssh raw data and modbus Specifies how long in minutes a connection can remain inactive before it is cut off If set to zero the default the connection will not time out Value for this Example all sttyCmd CAS Tty settings after a socket connection to that serial port is established The tty is programmed to work as a CAS configuration and this user specific configuration is appli
263. to set the domain name of the host to the domain name parameter sent by the DHCP server The default option is to NOT set the domain name of the host to the domain name parameter sent by the DHCP server H This option forces dhcpcd to set the host name of the host to the hostname parameter sent by the DHCP server The default option is to NOT set the host name of the host to the hostname parameter sent by the DHCP server R Thisoption prevents dhcpcd from replacing the existing etc resolv conf file gt Note Do not modify the c bin handle_dhcp option User Guide 122 Chapter 3 Additional Features Configuration for CAS vi Method Steps 1 and 2 under Parameters and Passed Values should be followed You ll need to edit etc portslave pslave conf comment some lines etc Browser Method To configure DHCP via your Web browser Step 1 Point your browser to the TS In the address field of your browser type 192 168 160 10 Step 2 Log in Log in as root pwd is tslinux This will take you to the Configuration and Administration page Step 3 Click the General link on the Link Panel This takes you to the General page Step 4 Scroll down to the Ethernet port section You can activate DHCP Client in this section Select the active radio button and click the Submit button at the bottom of the page Configuration for TS vi Method This is done exactly as for CAS Configuration for Dial in Access
264. type the following to bring up the TS Terminal Settings custom wizard wiz sset ts CAS wizard is the parameter sttyCmd In the TS configuration sttyCmd is not Note Screens 1 4 are the same as those of the previous wizard for sset cas thus they are omitted here The only difference between this feature and the requested Screen 5 KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK KKK K X CONFIGURATION WIZARD xexx KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK ko ko kockok Your current configuration parameters are The ones with the means it s not activated Speed 9600 datasize 8 stopbits 1 parity none 5 oon Beep 169 Cyclades TS Chapter 3 Additional Features all flow none all dcd 0 Are these configuration s all correct Y es or N o N If you type N Type c to go back and CORRECT these parameters or q to QUIT Typing c repeats the application typing q exits the entire wiz application If you type Y Type c to CONTINUE to set these parameters for specific ports or q to QUIT Typing c leads to Screen 6 typing q leads to Screen 7 Screen 6 CK kc Ck CK Ck Ck Ck Ck Ck CK Ck CK Ck Ck CK CC CC CC C CK Ck Ck Ck Ck SK kk Ck Sk Ck Ck kk Sk Kk Sk ke kA M kx kx o X k CONFIGURATION WIZARD x KKKKKKKKKKKKKKKKKKK CK CC Ck CK Ck CC Ck CK Ck Ck Ck Ck Ck Ck Ck Sk Sk Ck kk Sk Pk kv ke Pk A Sk ko o You have 8 available
265. u is not shown but the data buffering file is shown if not empty When 3 the data buffering menu is shown but without the erase and show and erase options all alarm CAS When non zero all data received from the port are captured and sent to syslog ng with DAEMON facility and ALERT level The syslogng conf file should be set accordingly for the syslog ng to take some action please see Generating Alarms in Chapter 3 Additional Features for the syslog ng configuration file User Guide 251 Appendix C The pslave Configuration File Table 30 Mostly CAS specific Parameters Value for this Parameter Description Example all users CAS Restricts access to ports by user name only the users joe mark listed can access the port or using the character user group all but the users listed can access the port In this example the users joe mark and members of user group cannot access the port A single comma and spaces tabs may be used between names A comma may not appear between the and the first user name The users may be local Radius or TacacsPlus User groups defined with the parameter conf group can be used in combination with user names in the parameter list Notice that these are common users not administrators all sniff mode This parameter determines what other users out CAS connected to the very same port see parameter admin users below can see of the session
266. u want to exit the wizard or skip the rest of the configurations press ESC This will immediately display a summary of the current configura tions for your verification before exiting the application This will not work if you did not enter a valid choice for the parameter you are currently on Step 3 Enter Hostname and then press the Enter key This is an alias for your TS that allows you to refer to the TS by this name rather than its IP address Enter hostname after the prompt Hostname CAS User Guide 62 Chapter 3 Additional Features Step 4 Step 5 Step 6 Step 7 Step 8 Step 9 63 Enter IP Address of your TS and then press the Enter key This is the IP address of the TS within your network See your network administrator to obtain a valid IP address for the TS IP of your system 192 168 160 10 Enter Domain name and then press Enter Domain name locates or identifies your organization within the Internet Domain name cyclades com Enter IP address of Domain Name Server and press Enter At the prompt enter the IP address of the server that resolves domain names Your domain name is alphabetical so that it is easier to remember Every time you see the domain name it is actually being translated into an IP address by the domain name server See your network administrator to obtain this IP address for the domain name server Domain Name Server 192 168 160 200 Enter Gateway IP ad
267. ual a No EA RJ 45 to DB 25 M amp Fadapters Figure 6 The Cydades TS800 and cables User Guide 22 Introduction and Overview Back View On off BET Ta ET Teg oe Switch Wall Outlet AE a Mounting Kit RJ 45 to DB 9 M amp Fadapters RJ 45 Stra ight through Cable Manual el RJ 45 to DB 25 M amp Fadapters Figure 7 The Cyclades TS400 and cables 23 Cyclades TS Introduction and Overview Front View Back View m A Cyclades TS Series j Loop back Connector BE To Wall Outlet RJ 45 Straight through H1 Cable DB 9 Female to DB 25 Male connector nm rl no oy RJ 45 to DB9 RJ 45 to DB25 M amp Fadapters M amp Fadapters Figure 8 The Cyclades TS100 and cables User Guide 24 Introduction and Overview Safety Instructions Read all the following safety guidelines to protect yourself and your Cyclades TS DANGER Do not operate your Cyclades TS with the cover removed K DANGER In order to avoid shorting out your Cyclades TS when disconnecting the network cable first unplug the cable from the equipment and then from the network jack When reconnecting a network cable to the equipment first plug the cable into the network jack and then into the
268. unix acct so OTHER password required pam unix passwd so OTHER session required pam unix session so In general this will provide a starting place for most applications In addition to the normal applications login su sshd passw d and pppd Cyclades also has made portslave a PAM aware application The portslave requires four services configured in pam conf They are local remote radius and tacplus The portslave PAM interface takes any parameter needed to perform the authentication in the serial ports from the file pslave conf The pslave conf parameter all authtype determines which service s 213 Cyclades TS Appendix D Linux PAM should be used tacpl tacpl tacpl col 1 tacpl lcp User Guide us us us cp us etc pam conf The PAM configuration file for the auth requisite pam securetty auth required pam tacplus so account required pam tacplus Session required pam tacplus Last modified by Andrew G Morgan lt morgan kernel org gt p Id pam conf v 1 2 2001 04 08 06 02 33 agmorgan Exp PSS aS SS SSS SS Se SS eS SSeS serv module ctrl module path args name type flag tacplus service so encrypt so encrypt service ppp proto so encrypt service ppp proto 274 Appendix D Linux PAM The radius rad
269. ure is activated whenever the protocol parameter is set to socket_ssh or socket_server Example value out This parameter determines which character must be typed to make the session enter menu mode The possible values are lt CTRL a gt to CTRLz Represent the CTRL with This param eter is only valid when the port protocol is socket_server or socket ssh Default value is z Valid for all serial ports Must be yes or no If itis not defined the default will be no Example value yes Only the file etc portslave pslave conf has to be changed User Guide 176 Chapter 3 Additional Features Browser Method To configure Session Sniffing with your browser Step 1 Step 2 Step 3 Step 4 Step 5 Point your browser to the TS In the address field of your browser type 192 168 160 10 Log in Log in as root pwd is tslinux This will take you to the Configuration and Administration page Select the Serial Ports link Click on the Serial Ports link on the Link Panel to the left of the page or in the Configuration section of the page This will take you to the Port Selection page Select port s On the Port Selection page choose all ports or an individual port to configure from the dropdown menu Click the Submit button This will take you to the Serial Port Configuration page Scroll down to the Sniff Session section You can configure the appropriate values here Sn
270. urn to a newline character on input all sttyCmd igncr onlcr opost icrnl Example value commented DIR reset for CASonly This value specifies how long in milliseconds a DTR signal will be turned off before it is turned back on again If set to 0 this parameter will NOT be active This may be dangerous if a user were to connect to a port that a previous user was on but had lost the session after a timeout The user may directly connect into the previous user s shell A minimum of 100ms is required otherwise it is assumed 161 Cyclades TS Chapter 3 Additional Features Configuration for CAS Browser Method Step 1 Step 2 Step 3 Step 4 Step 5 Point your browser to the TS In the address field of your browser type 192 168 160 10 Log in Log in asroot pwd istslinux This will take you to the Configuration and Administration page Select the Serial Ports link Click on the Serial Ports link on the Link Panel to the left of the page or in the Configuration section of the page This will take you to the Port Selection page Select port s On the Port Selection page choose all ports or an individual port to configure from the dropdown menu Click the Submit button This will take you to the Serial Port Configuration page Scroll down to the Physical section You can change the settings for Speed Data Size Stop Bit Parity Flow Control and DCD sensitivity here Wizard Method Step
271. will take you to the Serial Port Configuration page Step 5 Scroll down to the Terminal Server section You can change the settings for Banner Field issue and Login Prompt field here Wizard Method Step 1 Bring up the wizard At the command prompt type the following to bring up the Terminal Appearance custom wizard wiz tl Screen 1 will appear Screen 1 KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK X CONFIGURATION WIZARD eeqsqeex KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK Set to defaults y n N User Guide 205 Chapter 3 Additional Features Screen 2 KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK X x CONFIGURATION WIZARD eexdkx KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK INSTRUCTIONS You can 1 Enter the appropriate information for your system and press ENTER Enter if you want to deactivate that parameter or 2 Press ENTER if you are satisfied with the value within the brackets and want to go on to the next parameter or 3 Press ESC if you want to exit ALL ISSUE This text determines the format of the login banner that is issued when a connection is made to the System n represents a new line and Nr represents a carriage return all issue r n Welcome to terminal server Sh port S p n r n r n Customer Support 510 770 9727 www cyclades
272. wiz tso Screen 1 KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK X CONFIGURATION WIZARD exx KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK Set to defaults y n N Screen 2 KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK X CONFIGURATION WIZARD e kkx KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK INSTRUCTIONS You can 1 Enter the appropriate information for your system and press ENTER Enter if you want to deactivate that parameter or 2 Press ENTER if you are satisfied with the value within the brackets and want to go on to the next parameter or 3 Press ESC if you want to exit ALL HOST The IP address of the host to which the terminals will connect all host 200 200 200 3 157 Cyclades TS Chapter 3 Additional Features ALL TERM This parameter defines the terminal type assumed when performing rlogin or telnet to other hosts all term vt100 Screen 3 KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK x xxxxxx xx CONFIGURATION WIZARD eexqeqeex KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK INSTRUCTIONS You can 1 Enter the appropriate information for your system and press ENTER Enter if you want to deactivate that parameter or 2 Press ENTER if you are satisfied with the value within the brackets and
273. wo parameters s lt n gt ipno and s n socket port there is one specific configuration per serial port Each port can be named after the server or device connected to it This makes the process of associating what is connecting to which port easier This parameter will not appear on the configuration page when All ports is selected 71 Cyclades TS Chapter 3 Additional Features Step 10 Configure socket IP and socket port You can configure the socket profile of the following two parameters in the Profile section s lt n gt ipno e s lt n gt socket_port Step 11 Click on the Serial Port Groups link on the Link Panel Click the Add Group button that appears A Serial Ports Users Group Table Entry page appears Add Serial Ports Users Group Table Entry 1 Users n Submit Cancel Figure 22 Serial Ports Users Group Table Entry page Step 12 Configure conf group Fill in the Group Name and Users fields to configure the group Wizard Method Step 1 Bring up the wizard At the command prompt type the following to bring up the Access Method custom wizard wiz ac cas This will bring up Screen 1 User Guide 72 Chapter 3 Additional Features Screen 1 KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK X CONFIGURATION WIZARD eexdex x KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK Set to defaults y n N Screen
274. x kernel org User Guide 278 Appendix E Customization and the CDK Everything related to the Cyclades TS can be traced back to two files e fetc rc sysinit etc inittab All Cyclades TS application programs are started during boot by the init process The related lines in the etc inittab file are listed below System initialization D sysinit etc rc sysinit Single user shell console respawn bin sh dev console dev console 2 dev console ttyS0 respawn sbin getty p ttyS0 ansi irespawn sbin cy wdt led wdt led Cyclades RAS once sbin cron 0nce sbin snmpd once sbin cy_buffering 0nce sbin cy ras once sbin sshd f etc ssh sshd config 0nce sbin ex ntpclient once bin webs once bin syslog ng once bin cy alarm wait sbin fwset restore User Guide 279 Appendix E Customization and the CDK To customize the Cyclades TS change these lines or add others If the etc inittab file is changed edit the etc config_files file and add a line containing only etc inittab Save the file and exit the editor Save the new configuration by executing saveconf Then the Cycla des TS should be rebooted This is necessary because the init program provided by Busybox a tool that emulates rm cp etc but uses much less space does not support the option q The Cyclades Development Kit Cyclades provides a development kit which allows changes to be mad
275. yc alarm template send mail pars To send a pager message destination d pager pipe dev cyc alarm template sendsms pars To send snmptrap destination d trap pipe dev cyc alarm template snmptrap pars Jj Step 4 Connect filters and actions in the syslog ng configuration file Example alarm is active and if the serial port receives the string kernel panic one message will be sent to the pager log source sysl filter f kpanic destination d trap destination d pager Sendmail Sendmail sends a message to a SMTP server It is not intended as a user interface routine it is used only to send pre formatted messages Sendmail reads all parameters in the command line If the SMTP server does not answer the SMTP protocol requests sent by sendmail the message is dropped Synopsis sendmail t lt name gt lt name gt c name lt name gt b lt name gt name r name f name s text m text h SMTP server p lt smtp port gt where lt name gt lt name gt To Required Multi part allowed multiple names are sepa rated by commas Names are expanded as explained below User Guide 138 Chapter 3 Additional Features c lt name gt lt name gt Cc Optional Multi part allowed multiple names are sepa rated by commas b lt name gt lt name gt Bcc Optional Multi part allowed multiple names are sepa
276. ype the following after the CLI prompt To activate the serial port lt string gt should be ttyS lt serial port number gt configure line lt serial port number gt tty lt string gt To configure speed configure line lt serial port number gt speed lt number gt To configure datasize configure line lt serial port number gt datasize lt number gt To configure stopbits configure line lt serial port number gt stopbits lt number gt To configure parity 171 Cyclades TS Chapter 3 Additional Features configure line lt serial port number gt parity lt string gt Tip You can configure all the parameters for a serial port in one line configure line serial port number tty string speed number datasize number stopbits number parity lt string gt Step 3 To exit the CLI Type exit or quit after the CLI prompt Step 4 To activate your new configurations type signal_ras hup Configuration for Dial in Access The parameters are the same as before Session Sniffing Versions 1 3 2 and earlier The Cyclades TS allows a maximum of two connections to each serial port as follows Onecommon session user can execute read and write commands to the tty port Session can be established by a regular user or by an administrator One sniffer session user can execute only read commands in order to monitor what is going on in the other main session Session can only b
Download Pdf Manuals
Related Search