Dell Managed PDU LED User's Manual
Contents
1. ToO OoOo Ce oF choke The following configuration shows three sets of synchronized outlets Global outlets are shown in black Outlet groups are enclosed in red rectangles These four global outlet groups synchronize a total of 19 outlets These two global outlet groups synchronize 6 outlets 2 in one group and 4 in the other This local outlet group synchronizes 3 outlets on the same Rack PDU 6 anaga a a ET E Ht E T 1 oF choke Verify your setup and configuration for global outlet groups To ensure that your setup meets all system requirements for outlet groups and that you have configured the outlet groups correctly select Information from the Outlet Groups left navigation menu in the Web interface to view the groups and their connections e The Configured Outlet Groups section displays the following All configured outlet groups on the current Rack PDU The outlets in each group by outlet number Any outlet groups on other Rack PDUs with which a global outlet group is synchronized Each Rack PDU is identified by its IP address and each global outlet is displayed in bold text e The Global Outlet Overview section displays the following The IP address of the current Rack PDU The IP address of any Rack PDUs that contain global outlets that are available to be synchronized with outlet groups on other Rack PDUs All global outlets con2. all All device outlets lt outlet The name configured for a specific outlet See olName name gt lt outlet gt A single number or a range of numbers separated with a dash or a comma separated list of single outlet numbers and number ranges Example 1 To turn on outlets 3 and 5 through 7 type cli gt olOn 3 5 7 E000 Success oF choke olOnDelay Access Administrator Device User and Outlet User but only for outlets to which the user is assigned Description Set or view the time delay for the On Delayed command see olDlyOn and for a Reboot Delayed command see olDlyReboot Argument Description all All device outlets lt outlet The name configured for a specific outlet See olName name gt lt outlet gt A single number or a range of numbers separated with a dash or a comma separated list of single outlet numbers and number ranges lt time gt A time for the delay within the range of 1 to 7200 seconds 2 hours Example 1 To set a 6 second delay for turning on outlets 3 and 5 through 7 type cli gt olOnDelay 3 5 7 6 E000 Success Example 2 7 type To view the delay for the On Delayed command for outlets 3 and 5 through cli gt olOnDelay 3 5 7 E000 Success 3 BobbysServer 6 sec BillysServer 6 sec 5 6 JoesServer 6 sec 7 JacksServer 6 sec oF choke olOverLoad Access Administrator Device User and Outlet User but
3. Off Delayed Remove power from each selected outlet according to its value for Power Off Delay t Reboot Immediate Remove power from each selected outlet Then apply power to each of these outlets according to its value for Reboot Duration t Reboot Delayed Remove power from each selected outlet according to its value for Power Off Delay Wait until all outlets are off the highest value for Reboot Duration and then apply power to each outlet according to its value for Power On Delay t t Ifa local outlet group is selected only the configured delays and reboot duration of the lowest numbered outlet of the group are used If a global outlet group is selected only the configured delays and reboot duration of the global outlet are used Schedule an outlet event 1 At the Web interface select the Device Manager tab and then Scheduling from the left navigation menu 2 On the Outlet Scheduling page select how often the event will occur One Time Daily or Weekly and click the Next button If you select Weekly you can choose to have the event occur once every week or once every two four or eight weeks 3 On the Schedule a Daily Action page in the Name of event text box replace the default name Outlet Event with a name that will identify your new event 4 Use the drop down lists to select the type of event and when it will occur The date format for one time events is mm dd and the tim
4. Trap Generation Enable the default or disable trap generation for this trap receiver NMS IP Host The IPv4 IPv6 address or host name of this trap receiver The default Name 0 0 0 0 leaves the trap receiver undefined oF cloaks SNMPv1 option Item Definition Community Name The name public by default used as an identifier when SNMPv1 traps are sent to this trap receiver Authenticate When this option is enabled the default the NMS identified by the NMS Traps IP Host Name setting will receive authentication traps traps generated by invalid attempts to log on to this device To disable that ability unmark the checkbox SNMPVv3 option Select the identifier of the user profile for this trap receiver To view the settings of the user profiles identified by the user names selectable here choose Network on the top menu bar and user profiles under SNMPv3 on the left navigation menu See SNMPv3 for information on creating user profiles and selecting authentication and encryption methods SNMP Trap Test Path Administration gt Notification gt SNMP Traps gt test Last Test Result The result of the most recent SNMP trap test A successful SNMP trap test verifies only that a trap was sent it does not verify that the trap was received by the selected trap receiver A trap test succeeds if all of the following are true e The SNMP version SNMPv1 or SNMPv3 configured for the
5. For Outlet User accounts there is no default user name or password An Administrator must define the user name and password and other account characteristics for an Outlet User See Configure an outlet user Account Type Default User Name Default Password Permitted Access Administrator admin admin Web interface and command line interface Device User device device Read Only User readonly readonly Web interface only Remote Users Authentication Path Administration gt Security gt Remote Users gt Authentication Method Use this option to select how to administer remote access to the Rack PDU For information about local authentication not using the centralized authentication of a RADIUS server see the Appendix B Security Handbook The Rack PDU supports the authentication and authorization functions of RADIUS Remote Authentication Dial In User Service When a user accesses the Rack PDU or other network enabled device that has RADIUS enabled an authentication request is sent to the RADIUS server to determine the user s permission level e RADIUS user names used with the Rack PDU are limited to 32 characters Select one of the following e Local Authentication Only RADIUS is disabled Local authentication is enabled e RADIUS then Local Authentication RADIUS and local authentication are enabled Authentication is requested from the RADIUS server first If the RADIUS serve
6. On the next screen review the summary of the certificate Scroll downward to view the certificate s unique serial number and fingerprints To make any changes to the information you provided click Back Revise the information The certificate s subject information and the certificate s issuer information should be identical oF choke 7 The last screen verifies that the certificate was created and displays information you need for the next tasks e The location and name of the p15 file that you will use to sign the server certificates e The location and name of the crt file which is the CA root certificate to load into the browser of each user who needs to access the Rack PDU Load the CA root certificate to your browser Load the crt file to the browser of each user who needs to access the Rack PDU See the help system of the browser for information on how to load the crt file into the browser s certificate store cache Following is a summary of the procedure for Microsoft Internet Explorer 1 Select Tools then Internet Options from the menu bar 2 In the dialog box on the Content tab click Certificates and then Import 3 The Certificate Import Wizard guides you through the rest of the procedure The file type to select is X 509 and the CA Public Root Certificate is the crt file created in the procedure Create a Root Certificate and Server Certificates Create an SSL Server User Certificate 1 On the
7. To Address The user and domain names of the recipient To use e mail for paging use the e mail address for the recipients pager gateway account for example myacct100 skytel com The pager gateway will generate the page To bypass the DNS lookup of the mail server s IP address use the IP address in brackets instead of the e mail domain name e g use jsmith Xxx xxx x xXxx instead of jsmith company com This is useful when DNS lookups are not working correctly NOTE The recipient s pager must be able to use text based messaging E mail Enables by default or disables sending e mail to the recipient Generation oF choke oF choke Setting Description SMTP Server Select one of the following methods for routing e mail e Local Through the Rack PDU s SMTP server This setting recommended ensures that the e mail is sent before the Rack PDU s 20 second time out and if necessary is retried several times Also do one of the following e Enable forwarding at the Rack PDU s SMTP server so that it can route e mail to external SMTP servers Typically SMTP servers are not configured to forward e mail Check with the administrator of your SMTP server before changing its configuration to allow forwarding e Set up a special e mail account for the Rack PDU to forward e mail to an external mail account e Recipient Directly to the recipient s SMTP server With this setting the Rack PDU tries
8. h lt host name gt tcpip6 S lt enable disable gt man lt enable disable gt auto lt enable disable gt i lt IPv6 address gt g lt IPv6 gateway gt d6 lt router stateful stateless never gt oF choke user an lt Administrator name gt dn lt Device User name gt rn lt Read Only User name gt ap lt Administrator password gt dp lt Device User password gt rp lt Read Only User password gt t lt inactivity timeout in minutes gt web S lt disable http https gt ph lt http port gt ps lt https port gt xferINI xferStatus Device Command Descriptions devLowLoad lt power gt devNearOver lt power gt devOverLoad lt power gt devReading lt power energy gt devStartDly humLow lt humidity gt humMin lt humidity gt humReading inNormal inReading olAssignUsr lt all outlet name outlet gt lt user gt olCancelCmd lt all outlet name outlet gt olDlyOff lt all outlet name outlet gt olDlyOn lt all outlet name outlet gt olDlyReboot lt all outlet name outlet gt olGroups oF choke olLowLoad lt all outlet name outlet gt lt power gt olName lt all outlet gt lt new name gt olNearOver lt all outlet name outlet gt lt power gt olOff lt all outlet name outlet gt ol
9. o lt stop prevSettings gt f lt retry then fail gt c lt dhcp cookie gt enable disable s lt retry then stop gt v lt vendor class gt i lt client id gt u lt user class gt cd console S lt disable telnet ssh gt pt lt telnet port n gt ps lt SSH port n gt b lt 2400 9600 19200 38400 gt date d lt datestring gt t lt 00 00 00 gt f mm dd yy dd mm yyyy mmm dd yy dd mmm yy yyyy mm dd delete dir dns OM lt enable disable gt p lt primary DNS server gt s lt secondary DNS server gt d lt domain name gt n lt domain name IPv6 gt h lt host name gt eventlog exit format oF choke ftp p lt port number gt S lt enable disable gt help netstat ntp OM lt enable disable gt p lt primary NTP server gt s lt secondary NTP server gt ping lt IP address or DNS name gt portspeed s auto 10H 10F 100H 100F prompt s long short quit radius a lt access gt local radiusLocal radius p lt server IP gt s lt server secret gt t lt server timeout gt reboot resetToDef p lt all keepip gt snmp snmpv3 S lt enable disable gt system n lt system name gt c lt system contact gt lt system location gt tcpip i lt IP address gt s lt subnet mask gt g lt gateway gt d lt domain name gt
10. Type the DNS name configured by the DNS server h lt host name gt Type the host name that the Rack PDU will use Example 1 To view the network settings of the Rack PDU type tepip and press ENTER Example 2 To manually configure an IP address of 150 250 6 10 for the Rack PDU type tcpip i 150 250 6 10 tcpip6 Access Administrator only Description Enable IPv6 and view and manually configure these network settings for the Rack PDU Option Argument Description S enable disable Enable or disable IPv6 man enable disable Enable manual addressing for the IPv6 address of the Rack PDU auto enable disable Enable the Rack PDU to automatically configure the IPv6 address i lt IPv6 address gt Set the IPv6 address of the Rack PDU g lt IPv6 gateway gt Set the IPv6 address of the default gateway d6 router stateful Set the DHCPv6 mode with parameters of router stateless never controlled statefull for address and other information they maintain their status stateless for information other than address the status is not maintained never Example 1 To view the network settings of the Rack PDU type tepip6 and press ENTER Example 2 To manually configure an IPv6 address of 2001 0 0 0 0 FFD3 0 57ab for the Rack PDU type tcpip i 2001 0 0 0 0 FFD3 0 57ab oF choke user Access Administrator only Description Confi
11. Argument Definition p lt port Define the TCP IP port that the FTP server uses to number gt communicate with the Rack PDU 21 by default The FTP server uses both the specified port and the port one number lower than the specified port S enable Configure access to the FTP server disable Example To change the TCP IP port to 5001 type ftp p 5001 help Access Administrator Device User Outlet User Description View a list of all the CLI commands available to your account type To view help text for a specific command type the command followed by the help Example 1 To view a list of commands available to a Device User type help Example 2 To view alist of options that are accepted by the alarmcount command type alarmcount help netstat Access Administrator Device User Outlet User Description View the status of the network and all active IPv4 and IPv6 addresses ntp Access Administrator Definition View and configure the network time protocol parameters Option Argument Definition OM enable Override the manual settings disable p lt primary NTP Specify the primary server server gt S lt secondary Specify the secondary server NTP server gt Example 1 To enable the override of manual setting type ntp OM enable Example 2 To specify the primary NTP server type ntp p 150 250 6 10 oF choke oF choke ping Acces
12. E000 Success 3 BobbysServer BillysServer 5 6 JoesServer 7 JacksServer oF choke oF choke olNearOver Access Administrator Device User and Outlet User but only for outlets to which the user is assigned Description Set or view the outlet near overload warning threshold Argument Description all All device outlets lt outlet The name configured for a specific outlet See olName name gt lt outlet gt A single number or a range of numbers separated with a dash or a comma separated list of single outlet numbers and number ranges lt power gt The new outlet threshold watts Example 1 To view the near overload threshold for outlets 3 and 5 through 7 type cli gt olNearOver 3 5 7 E000 Success 3 BobbysServer 5 W BillysServer 6 W 5 6 JoesServer 5 W 7 JacksServer 4 W Example 2 To set the near overload threshold for outlets 3 and 5 through 7 to six watts type cli gt olNearOver 3 5 7 6 E000 Success 3 BobbysServer 6 W BillysServer 6 W 5 6 JoesServer 6 W 7 JacksServer 6 W olOff Access Administrator Device User and Outlet User but only for outlets to which the user is assigned Description Turn off an outlet or group of outlets without any delay Argument Description all All device outlets lt outlet The name configured for a specific outlet See olName name gt lt outlet gt A single
13. Enable or display the respective version of SNMP 1 or 3 disable Example To enable SNMP version 1 type snmp S enable oF choke system Access Administrator only Description View and set the system name the contact the location and view up time as well as the date and time the logged on user and the high level system status P N A see About the Main Screen for more information about system status Option Argument Description N lt system name gt C lt system contact gt lt system location gt Define the device name the name of the person responsible for the device and the physical location of the device NOTE If you define a value with more than one word you must enclose the value in quotation marks Example 1 To configure the device location as Test Lab type system l1 Test Lab Example 2 To configure the system name as Don Adams type system n Don Adams tcpip Access Administrator only Description View and manually configure these network settings for the Rack PDU Option Argument Description i lt IP address gt Type the IP address of the Rack PDU using the format XXX XXX XXX XXX S lt subnet mask gt Type the subnet mask for the Rack PDU g lt gateway gt Type the IP address of the default gateway Do not use the loopback address 127 0 0 1 as the default gateway d lt domain name gt
14. Network gt FTP Server The FTP Server settings enable by default or disable access to the FTP server and specify the TCP IP port 21 by default that the FTP server uses to communicate with the Rack PDU The FTP server uses both the specified port and the port one number lower than the specified port You can change the Port setting to the number of any unused port from 5001 to 32768 for added security Users must then use a colon to specify the non default port number For example for port 5001 and IP address 152 214 12 114 the command would be ftp 152 214 12 114 5001 FTP transfers files without encryption For higher security disable the FTP Q server and transfer files with SCP Selecting and configuring Secure Shell SSH enables SCP automatically For detailed information on enhancing and managing the security of your system see Appendix B Security Handbook Administration General Options Home Device Manager Environment Logs Administration Security Network Notification General i No Alarms Identification Identification Date Time mode Name John Doe Contact Unknown daylight saving date format Location Unknown User Config File Preferences Reset Reboot Quick Links About Link 1 Link 2 Link 3 Managed Rack PDU DOLL Identification Path Administration gt General gt Identification Define the Name the device name Location the physical location and Contac
15. The Rack PDU is receiving or transmitting data packets at 100 Mbps oF choke Command Line Interface About the Command Line Interface You can use the command line interface to view the status of and manage the Rack PDU In addition the command line interface enables you to create scripts for automated operation An Administrator has full access to the command line interface a Device user and Outlet user have limited access and a Read Only user is completely restricted For additional details see Types of user accounts You can configure all parameters of a Rack PDU including those for which there are not specific CLI commands by using the CLI to transfer an INI file to the Rack PDU The CLI uses XMODEM to perform the transfer However you cannot read the current INI file through XMODEM Logging on to the Command Line Interface To access the command line interface you can use either a local serial connection or a remote Telnet or SSH connection with a computer on the same network as the Rack PDU Remote access to the command line interface You can access the command line interface through Telnet or SSH Telnet is enabled by default Enabling SSH disables Telnet To enable or disable these access methods use the Web interface On the Administration tab select Network on the top menu bar and then the access option under Console on the left navigation menu oF choke Telnet for basic access Telnet provide
16. Then under Remote Users on the left navigation menu select authentication to define an authentication method e Local Authentication Only RADIUS is disabled Local authentication is enabled e RADIUS then Local Authentication Both RADIUS and local authentication are enabled Authentication is requested from the RADIUS server first local authentication is used only if the RADIUS server fails to respond e RADIUS Only RADIUS is enabled Local authentication is disabled If RADIUS Only is selected and the RADIUS server is unavailable improperly identified or improperly configured remote access is unavailable to all users You must use a serial connection to the command line interface and change the RADIUS access setting to local or radiusLocal to regain access For example the command to change the access setting to local would be radius a local RADIUS To configure RADIUS on the Administration tab select Security on the top menu bar Then under Remote Users on the left navigation menu select RADIUS Setting Definition RADIUS Server The server name or IP address of the RADIUS server NOTE RADIUS servers use port 1812 by default to authenticate users To use a different port add a colon followed by the new port number to the end of the RADIUS server name or IP address Secret The secret shared between the RADIUS server and the Rack PDU Reply Timeout The time in seconds that the Rack PDU wa
17. When viewing the Device Load the triangle above the meter indicates peak load Click kW BTU in the upper right corner to toggle the load values between kilowatts and British Thermal Units BTU oF choke Configuring Load Thresholds Path Device Manager gt Load Management options To configure load thresholds 1 2 Click the Device Manager tab To configure load thresholds for the device or phases make a selection from the Load Management menu Set Overload Alarm Near Overload Warning and Low Load Warning thresholds Click Apply dF choke Configuring the Name and Location of the Rack PDU Path Device Manager gt Load Management gt Device Load The name and location you enter appear on the Home tab Manager tab or the Administration tab A change in one affects the Q You can set the Name and Location through either the Device other 1 Click the Device Manager tab then device load from the Load Management menu 2 Enter a name and location 3 Click Apply Setting the Coldstart Delay Path Device Manager gt Device Load The Coldstart Delay is the number of seconds added to each outlet s Power On Delay before the outlet will turn on after power is applied to the Rack PDU Allowed values are from 1 to 300 seconds Immediate or Never never turn on 1 Click the Device Manager tab then device load from the Load Management menu 2 Make a selection for Coldstart Delay 3 C
18. Within 2 42 kW of Near Overload Control Peak Load 0 59 kw Within 2 41 kW of Near Overload at 10 20 2000 19 39 34 Configuration Energy 64 3 kwh Outlet Links Outlet Groups information Device Load Management Configuration Name John Doe Location Unknown group configuration Scheduling Overload Alarm 3 7 kw 0 0 to 5 4 Near Overload Warning 3 0 kw 0 0 to 5 4 Low Load Warning 0 5 kw 0 0 to 5 4 Outlet Manager Coldstart Delay O Immediate wait 6 Seconds 1 to 300 O Never Peak Load C Reset last reset 06 12 2000 22 44 49 Kilowatt Hours C Reset last reset 04 24 2000 04 55 23 Link 1 Link 2 Link 3 Managed Rack PDU DOLL About the Device Manager Tab Path Device Manager oF choke Use the Device Manager tab to e View the load status for the Rack PDU e Configure load thresholds for all connected devices and for phases as applicable e Manage and control outlets e Configure a name and location for the Rack PDU e View and manage the peak load measurement e Click user configurable links to open web pages for specific devices connected to the Rack PDU Viewing the load status and peak load Path Device Manager gt Load Management options The indicator in the green yellow and red meter shows the current load status normal near overload or overload If a low load threshold was configured the meter will include a blue segment to the left of the green
19. and accounting service used to centrally administer remote access for each Rack PDU The Rack PDU supports the authentication and authorization functions Access priorities The priority for access beginning with the highest priority is as follows e Local access to the command line interface from a computer with a direct serial connection to the Rack PDU e Telnet or Secure Shell SSH access to the command line interface from a remote computer e Web access oF choke Change default user names and passwords immediately After installation and initial configuration of the Rack PDU immediately change the user names and passwords from their defaults to unique user names and passwords to establish basic security Port assignments If Telnet the FTP server SSH SCP or the Web server uses a non standard port a user must specify the port in the command line or Web address used to access the Rack PDU A non standard port number provides an additional level of security The ports are initially set at the standard well known ports for the protocols To increase security reset the ports to any unused port numbers from 5001 to 32768 for the FTP server and from 5000 to 32768 for the other protocols and servers The FTP server uses both the specified port and the port one number lower than the specified port User names passwords and community names with SNMPv1 All user names passwords and community names for SNMPv
20. configuring the most restrictive SNMP access type READ enables informational queries without the risk of allowing remote configuration changes oF choke oF choke Configuring event actions Notification parameters For events that have an associated clearing event you can also set the following parameters as you configure events individually or by group as described in the next two sections To access the parameters click the receiver or recipient name Parameter Description Delay x time If the event persists for the specified time a notification is sent If the before sending condition clears before the time expires no notification is sent Repeat at an The notification is sent at the specified interval e g every 2 minutes interval of x time Up to x times During an active event the notification repeats for this number of times Until condition The notification is sent repeatedly until the condition clears or is resolved clears Configuring by event To define event actions for an individual event 1 Select the Administration tab Notification on the top menu bar and by event under Event Actions on the left navigation menu 2 In the list of events review the marked columns to see whether the action you want is already configured By default logging is configured for all events 3 To view or change the current configuration such as recipients to be notified by e mail or paging
21. 1 3 Local Billy 2 5 Local Joe 4 6 Local Jack 7 8 Example 2 When logged in as Billy type cli gt userList E000 Success Local Billy 2 5 userPasswd Access Administrator Description Set an outlet user s password Example To set Bobby s password to abc123 type cli gt userPasswd Bobby abc123 abc123 E000 Success oF choke whoami Access Administrator Device User Outlet User Description View the user name of the active user Example cli gt whoami E000 Success admin Web Interface Supported Web Browsers You can use Microsoft Internet Explorer IE 7 x and higher on Windows operating systems only Mozilla Firefox 3 0 6 or higher on all operating systems to access the Rack PDU through its Web interface Other commonly available browsers may work but have not been fully tested The Rack PDU cannot work with a proxy server Before you can use a Web browser to access the Rack PDU s Web interface you must do one of the following e Configure the Web browser to disable the use of a proxy server for the Rack PDU e Configure the proxy server so that it does not proxy the specific IP address of the Rack PDU Logging On to the Web Interface Overview You can use the DNS name or System IP address of the Rack PDU for the URL address of the Web interface Use your case sensitive user name and password to log on The default user names and password differs by account type e
22. 5 To add outlets to any of the global outlet groups you created see Edit or delete an outlet group Edit or delete an outlet group 1 From the Device Manager tab select Information from the Outlet Groups left navigation menu 2 Under Configured Outlet Groups click the number or name of the outlet group to edit or delete 3 When editing an outlet group you can do any of the following e Rename the outlet group Add or remove outlets by clicking the checkboxes to mark or unmark them You cannot remove an outlet from an outlet group that contains only two outlets unless the remaining outlet is a global outlet 4 To delete the outlet group click Delete Outlet Group oF choke oF choke Typical outlet group configurations The following configuration shows two Rack PDUs each with eight outlet groups Each outlet group consists of a single global outlet Each outlet group on the first Rack PDU is linked to the outlet group in the same location on the second Rack PDU One power cord of a dual corded server is connected to each outlet on the first Rack PDU and its other cord is connected to the corresponding outlet on the second Rack PDU ensuring that output power from both power sources to the server will turn on or off in a synchronized manner in response to an outlet control action o 2 a m i do ry h G severs j j a Server 4 n G s 5 D gt gt gt 2 a ee E o
23. Log Launch Launch Login New Window in New Window Event Log Date 10 25 2010 10 25 2010 10 25 2010 10 25 2010 10 25 2010 10 25 2010 10 25 2010 10 25 2010 10 25 2010 10 25 2010 Time 20 27 48 20 25 04 20 18 12 20 07 50 19 56 28 19 45 54 19 45 54 19 45 31 19 45 18 19 45 25 Event System Web user admin logged in from 10 218 116 102 Managed Rack PDU Sensor connected Temperature Humidity Sensor type System Web user admin logged out from 10 218 116 102 System Web user admin logged in from 10 218 116 102 System Web user admin logged out from 10 218 116 102 Managed Rack PDU Outlet 2 Outlet 2 off Managed Rack PDU Outlet 1 Outlet 1 off System Configuration change Event log web display time selection System Set Time System Set Date Managed Rack PDU DOLL Using the Event and Data Logs Event log Path Logs gt Events gt options You can view filter or delete the event log By default the log displays all events recorded during the last two days in reverse chronological order For lists of all configurable events and their current configuration select the Administration tab Notification on the top menu bar and by event under Event Actions on the left navigation menu See Configuring by event To display the event log Logs gt Events gt log e By default view the event log as a page of the Web interface The most recent event is recor
24. Outlets 1 olLowLoad Access Administrator Device User and Outlet User but only for outlets to which the user is assigned Description Set or view the outlet low load warning threshold Argument Description all All device outlets lt outlet The name configured for a specific outlet See olName name gt lt outlet gt A single number or a range of numbers separated with a dash or a comma separated list of single outlet numbers and number ranges lt power gt The new outlet threshold watts Example 1 To set the low load threshold to 2 watts for all outlets type cli gt olLowLoad all 2 E000 Success Example 2 To view the low load threshold for outlets 3 and 5 through 7 type cli gt olLowLoad 3 5 7 E000 Success 3 BobbysServer 2 W 5 BillysServer 2 W 6 JoesServer 2 W 7 JacksServer 2 W olName Access Administrator Device User and Outlet User but only for outlets to which the user is assigned Description Set or view the name configured for an outlet Argument Description all All device outlets lt outlet gt A single number or a range of numbers separated with a dash or a comma separated list of single outlet numbers and number ranges lt newname gt The name for a specific outlet Use only letters and numbers Example To configure the name for outlet 3 to BobbysServer type cli gt olName 3 BobbysServer
25. SNMP Outlet groups you synchronize must have the same Multicast IP address Make sure each Ethernet switch that connects Rack PDUs allows Multicast network traffic for that Multicast IP address oF choke Rules for configuring outlet groups For a system that uses outlet groups the following rules apply A Rack PDU can have more than one outlet group but an outlet can belong to only one outlet group A local outlet group which has no global outlet must consist of two or more outlets You can synchronize a global outlet group on one Rack PDU with a global outlet group on each of three other Rack PDUs In a global outlet group you can designate only one outlet to be a global outlet linking to outlet groups on other Rack PDUs for the purpose of synchronization That global outlet can be the only outlet in its group or the group can consist of multiple outlets To link outlet groups on Rack PDUs for synchronization those Rack PDUs must have the same Device Multicast Name and Device Multicast Address and be running the same version of Rack PDU firmware A global outlet of one outlet group must have the same physical outlet number as the global outlet of any other outlet group to which it links To create and configure outlet groups you must use the Web interface or export configuration file ini file settings from a configured Rack PDU The command line interface lets you display whether an outlet is a member of
26. Upgrade the AOS In the example xxx is the firmware version number ftp gt bin ftp gt put dell hw05 aos xxx bin When FTP confirms the transfer type quit to close the session After 20 seconds repeat step 2 through step 5 In step 5 use the application module file name SCP To use Secure CoPy SCP to upgrade firmware for the Rack PDU 1 2 Identify and locate the firmware modules described in the preceding instructions for FTP Use an SCP command line to transfer the AOS firmware module to the Rack PDU The following example uses xxx to represent the version number of the AOS module scp dell hw05 aos xxx bin de11 158 205 6 185 dell hw05 aos xxx bin Use a similar SCP command line with the name of the application module to transfer the application firmware module to the Rack PDU How to upgrade multiple Rack PDUs Use FTP or SCP to upgrade multiple Rack PDUs To upgrade multiple Rack PDUs using an FTP client or using SCP write a script which automatically performs the procedure Use XMODEM to upgrade one Rack PDU To use XMODEM to upgrade one Rack PDU that is not on the network you must first download the firmware files from Dell com To transfer the files 1 2 oF choke Select a serial port at the local computer and disable any service that uses the port Connect the provided serial configuration cable to the selected port and to the serial port at the Rack PDU Runa terminal program
27. Windows Start menu select Programs then Rack PDU Security Wizard 2 On the screen labeled Step 1 select SSL Server Certificate as the type of file and then select the length of the key to generate use 1024 bits which is the default setting or use 2048 bits to provide complex encryption and a high level of security 3 Enter a name for this file which will contain the server certificate and the private key The file must have a p15 suffix and by default will be created in the folder C Program Files Dell Rack PDU Security Wizard 4 Click Browse and select the CA root certificate created in the procedure Create a Root Certificate and Server Certificates The CA Root Certificate is used to sign the Server User Certificate being generated 5 On the screen labeled Step 2 provide the information to configure the server certificate Country and Common Name are the only required fields For the Common Name field enter the IP address or DNS name of the server the Rack PDU By default a server certificate is valid for 10 years but you can edit the Validity Period Start and Validity Period End fields Because the configuration information is part of the signature the Q information for every certificate must be unique The configuration of a server certificate cannot be the same as the configuration of the CA root certificate The expiration date is not considered part of the unique configuration Some other configuration information m
28. a single phase a range or a comma separated list of phases Example 1 To set the overload restriction for phase three to none type cli gt phRestrictn 3 none E000 Success Example 2 To view the overload restrictions for all phases type cli gt phRestrictn all E000 Success 1 over 2 near 3 none oF choke prodinfo Access Administrator Device User Outlet User Description View information about the Rack PDU Example cli gt prodInfo E000 Success AOS vX X X X Managed Rack PDU vX X X X Model Present Outlets Switched Outlets Metered Outlets Max Current Phases DELL6xxx 12 oF choke sensorName Access Administrator Device User Description Set or view the name assigned to the Rack PDU temperature humidity sensor port Example 1 To set the name for the port to Sensor1 type cli gt sensorName Sensorl1 E000 Success Example 2 To then view the name for the sensor port type cli gt sensorName E000 Success Sensorl oF choke tempHigh Access Administrator Device User Description Set or view the high temperature threshold in either Fahrenheit or Celsius Example 1 To set the high temperature threshold to 70 Fahrenheit type cli gt tempHigh F 70 E000 Success Example 2 To view the high temperature threshold in Celsius type cli gt tempHigh C E000 Success 21 C Example 3 To view the high temperature threshold in Fahrenheit type
29. admin admin for an Administrator e device device for a Device User e readonly readonly for a Read Only User For Outlet User accounts there is no default user name or password An Administrator must define the user name and password and other account characteristics for an Outlet User See Configure an outlet user credentials are compared with information in a server certificate If the certificate was created with the Security Wizard and an IP address was specified as the common name in the certificate you must use an IP address to log on to the Rack PDU If a DNS name was specified as the common name on the certificate you must use a DNS name to log on If you are using HTTPS SSL TLS as your access protocol your login For information about the Web page that appears when you log on to the Web interface see About the Home Tab oF choke URL address formats Type the DNS name or IP address of the Rack PDU in the Web browser s URL address field and press ENTER When you specify a non default Web server port in Internet Explorer you must include http orhttps in the URL Common browser error messages at log on Error Message Cause of the Error Browser You are not authorized to view this page or Someone is currently logged in Someone else is logged on Internet Explorer Firefox This page cannot be displayed Unable to connect Web access is disabl
30. all four digits If you are using the encryption based security protocols for your system use Secure CoPy SCP to retrieve the log file If you are using unencrypted authentication methods for the security of your system use FTP to retrieve the log file See Appendix B Security Handbook for information on available protocols and methods for setting up the type of security you need To use SCP to retrieve the files To use SCP to retrieve the event txt file use the following command scp username hostname or ip address event txt event txt To use SCP to retrieve the data txt file use the following command scp username hostname or ip address data txt data txt To use FTP to retrieve the files To use FTP to retrieve the event txt or data txt file 1 Ata command prompt type ftp and the IP address of the Rack PDU and press ENTER If the Port setting for the FTP Server option set through the Network menu of the Administration tab has been changed from its default 21 you must use the non default value in the FTP command For Windows FTP clients use the following command including spaces For some FTP clients you must use a colon instead of a space between the IP address and the port number ftp gt open ip address port number To set a non default port value to enhance security for the FTP Server see FTP Server You can specify any port from 5001 to 32768 2 Use the case sensitive User Name and Password for Ad
31. and humidity sensor data if a sensor is connected to the Rack PDU Logs View event data and system logs Administration Configure security network connection notification and general settings Device status icons One or more icons and accompanying text indicate the current operating status of the Rack PDU Critical A critical alarm exists which requires immediate action Warning An alarm condition requires attention and could jeopardize your data or equipment if not addressed No Alarms No alarms are present and the Rack PDU is operating normally Q gt In the upper right corner of every page the Web interface displays the same icons currently displayed on the Home page to report Rack PDU status e The No Alarms icon if no alarms exist e One or both of the other icons Critical and Warning if any alarms exist and after each icon the number of active alarms of that severity To return to the Home tab to view the summary of the Rack PDU status including the active alarms click a quick status icon on any page of the interface oF choke oF choke Quick Links At the lower left of the interface there are three configurable links The default settings follow e Link 1 dell com e Link 2 dell com home e Link 3 dell com business To reconfigure the links see Configure Links Other Web interface features e The IP address appears in the upper left corner A ccontext sensiti
32. and reboot duration of the lowest numbered outlet in the group Purpose and benefits of outlet groups By using groups of synchronized outlets on Rack PDUs you can ensure that outlets turn on turn off and reboot in a synchronized manner Synchronizing control group actions through outlet groups provides the following benefits e Synchronized shutdown and startup of the power supplies of dual corded servers prevents erroneous reporting of power supply failures during a planned system shutdown or reboot e Synchronizing outlets by using outlet groups provides more precise shutdown and restart timing than relying on the delay periods of individual outlets e A global outlet is visible to the user interface of any Rack PDU to which it is linked oF choke System requirements for outlet groups To set up and use synchronized outlet control groups You need a 10 100Base T TCP IP network with an Ethernet hub or switch that has a power source not shared by the computers or other devices being synchronized If outlet groups are to be synchronized across multiple Rack PDUs those Rack PDUs must meet the following requirements They must be on the same subnet They must use firmware that has the same version number for both the Operating System AOS module and the application module You need a computer that can initiate synchronized control operations through the Web interface or command line interface of the Rack PDUs or through
33. configured to ignore DHCP offers that do not encapsulate the vendor cookie in DHCP option 43 using the following hexadecimal format The Rack PDU does not require this cookie by default Option 43 01 04 31 41 50 43 Where e The first byte 01 is the code e The second byte 04 is the length e The remaining bytes 31 41 50 43 are the vendor cookie See your DHCP server documentation to add code to the Vendor Specific Information option Note By selecting the Require vendor specific cookie to accept Q DHCP Address check box in the Web interface you can require the DHCP server to provide a vendor cookie which supplies information to the Rack PDU Administration gt Network gt TCP IP gt ipv4 settings Command Line Interface 1 Log on to the command line interface See Logging on to the Command Line Interface 2 Contact your network administrator to obtain the IP address subnet mask and default gateway for the Rack PDU 3 Use these three commands to configure network settings Text in italics indicates a variable a tcpip i yourlIPaddress b tcpip s yourSubnetMask c tcpip g yourDefaultGateway For each variable type a numeric value that has the format xxx xxx XXX XXX For example to set a system IP address of 156 205 14 141 type the following command and press ENTER tcpip i 156 205 14 141 4 Type exit The Rack PDU restarts to apply the changes oF choke Recovering from a Lost Password You can u
34. controls how you must log on to the Web interface e If an IP address was specified for this field when the certificate was created use an IP address to log on If the DNS name was specified for this field when the certificate was created use the DNS name to log on If you do not use the IP address or DNS name that was specified for the certificate authentication fails and you receive an error message asking if you want to continue For a server certificate generated by default by the Rack PDU this field displays the serial number of the Rack PDU instead Organization O Organizational Unit OU and Locality Country The name organizational unit and location of the organization using the server certificate For a server certificate generated by default by the Rack PDU the Organizational Unit OU field displays Internally Generated Certificate Serial Number The serial number of the server certificate oF choke Parameter Description Issued By Common Name CN The Common Name as specified in the CA root certificate For a server certificate generated by default by the Rack PDU this field displays the serial number of the Rack PDU instead Organization O and Organizational Unit OU The name and organizational unit of the organization that issued the server certificate If the server certificate was generated by default by the Rack PDU or device this field displays Internally Generated
35. d2c25o4 ce sawe sete teueece eh ee ee ne cosesadanters 206 Using the Rack PDU Security Wizard 0000eeeeaee 207 Create a Root Certificate and Server Certificates 210 Create a Server Certificate and Signing Request 214 Create an SSH Host Key 0022 cece eee eee eee 217 oF choke Command Line Interface Access and Security 5 220 Telnet and Secure Shell SSH 0002 e eee eee eee 221 Web Interface Access and Security HTTP and HTTPS with SSL 222 Supported RADIUS Functions and Servers 0 255 225 Configure the Rack PDU 2ssccseadeeceeeedece ee abieaeee ves 226 Configure the RADIUS Server 0000 eee eee eee eee 228 Index 232 Introduction Product Features The Dell Managed Rack Power Distribution Unit PDU is a stand alone network manageable power distribution device The Rack PDU provides real time remote monitoring of connected loads User defined alarms warn of potential circuit overloads The Rack PDU provides full control over outlets through remote commands and user interface settings You can manage a Rack PDU through its Web interface its command line interface CLI or Simple Network Management Protocol SNMP e Access the Web interface using Hypertext Transfer Protocol or using secure HTTP HTTPS with Secure Sockets Layer SSL See Logging On to the Web Interface e Access the command line interface through a serial c
36. error E104 User level denial oF choke Network Management Card Command Descriptions Access Administrator Device User Outlet User Description View a list of all the CLI commands available to your account type To view help text for a specific command type the command followed by a question mark Example To view a list of options that are accepted by the alarmcount command type alarmcount about Access Administrator Device User Outlet User Description View hardware and firmware information This information is useful in troubleshooting and enables you to determine if firmware upgrade is needed alarmcount Access Administrator Device User Outlet User Description Option Arguments Description P all View the number of active alarms reported by the Rack PDU Information about the alarms is provided in the event log warning View the number of active warning alarms critical View the number of active critical alarms Example To view all active warning alarms type alarmcount p warning oF choke boot Access Administrator only Description Define how the Rack PDU will obtain its network settings including the IP address subnet mask and default gateway Then configure the BOOTP or DHCP server settings Option Argument Description b dhcp bootp Define how the TCP IP settings will be configured when the lt boot
37. is ignored Configuration file warning Configuration file exceeds maximum size If the file is too large an incomplete upload occurs Reduce the size of the file or divide it into two files and try uploading again oF choke Messages in config ini A Rack PDU from which you download the config ini file must be discovered successfully in order for its configuration to be included If the Rack PDU is not present or is not discovered the config ini file contains a message under the appropriate section name instead of keywords and values For example Rack PDU not discovered If you did not intend to export the configuration of the Rack PDU as part of the ini file import ignore these messages Errors generated by overridden values The Override keyword and its value will generate error messages in the event log when it blocks the exporting of values See Contents of the ini file for information about which values are overridden Because the overridden values are device specific and not appropriate to export to other Rack PDUs ignore these error messages To prevent these error messages delete the lines that contain the Override keyword and the lines that contain the values that they override Do not delete or change the line containing the section heading File Transfers How to Upgrade Firmware Benefits of upgrading firmware When you upgrade the firmware on the Rack PDU e You obtain the latest bu
38. manual Rack PDU turns on resets or restarts See TCP IP and mode gt Communication Settings for information about each boot mode setting C enable disable dhcp and dhcpBootp boot modes only Enable or disable the requirement that the DHCP server provide the vendor cookie The default values for these three settings generally do not need to be changed v lt vendor class gt DELL i lt client id gt The MAC address of the Rack PDU which uniquely identifies it on the network u lt user class gt The name of the application firmware module Example To use a DHCP server to obtain network settings 1 Type boot b dhcp 2 Enable the requirement that the DHCP server provide the vendor cookie boot c enable oF choke oF choke cd Access Administrator Device User Outlet User Description Navigate to a folder in the directory structure of the Rack PDU Example 1 To change to the ssh folder and confirm that an SSH security certificate was uploaded to the Rack PDU 1 Type cd ssh and press ENTER 2 Type dir and press ENTER to list the files stored in the SSH folder Example 2 To return to the main directory folder type cd oF choke console Access Administrator only Description Define whether users can access the command line interface using Telnet which is enabled by default or Secure Shell SSH which provides protection by transmitting user names passwords and data in enc
39. never never turn on Example 1 To view the cold start delay type cli gt devStartDly E000 Success 5 seconds Example 2 To set the cold start delay to six seconds type cli gt devStartDly 6 E000 Success oF choke humLow Access Administrator Device User Description Set or view the low humidity threshold as a percent of the relative humidity Example 1 To view the low humidity threshold type cli gt humLow E000 Success 10 RH Example 2 To set the low humidity threshold type cli gt humLow 12 E000 Success humMin Access Administrator Device User Description Set or view the minimum humidity threshold as a percent of the relative humidity Example 1 To view the minimum humidity threshold type cli gt humMin E000 Success RH Example 2 To set the minimum humidity threshold type cli gt humMin 8 E000 Success humReading Access Administrator Device User Outlet User Description View the humidity value from the sensor Example To view the humidity value type cli gt humReading E000 Success 25 RH oF choke inNormal Access Administrator Device User Description View the normal state for each dry contact input Example To view the normal state for each dry contact input type cli gt inNormal E000 Success 1 Open 2 Open inReading Access Administrator Device User Description View the current state of each dry contact input Example To view the s
40. only for outlets to which the user is assigned Description Set or view the outlet overload warning threshold Argument Description all All device outlets lt outlet The name configured for a specific outlet See olName name gt lt outlet gt A single number or a range of numbers separated with a dash or a comma separated list of single outlet numbers and number ranges lt power gt The new outlet threshold watts Example 1 To view the overload threshold for outlets 3 and 5 through 7 type cli gt olOverLoad 3 5 7 E000 Success 3 BobbysServer 7 W BillysServer 8 W 5 6 JoesServer 7 W 7 JacksServer 6 W Example 2 seven watts To set the overload threshold for outlets 3 and 5 through 7 to type cli gt olOverLoad 3 5 7 7 E000 Success 3 BobbysServer 7 W BillysServer 7 W 5 6 JoesServer 7 W 7 JacksServer 7 W olRbootTime Access Administrator Device User and Outlet User but only for outlets to which the user is assigned Description Set or view the amount of time an outlet will remain off for a Reboot Delayed command see o DlyReboot Example 1 To view the time set for outlets 3 and 5 through 7 to remain off during a reboot type cli gt olRbootTime 3 5 7 E000 Success 3 BobbysServer 4 sec 5 BillysServer 5 sec 6 JoesServer 7 sec 7 JacksServer 2 sec Example 2 To set the time for outlets 3 and 5 through 7 to remain off during a
41. or Network Management Systems NMSs to be notified by SNMP traps click on the event name If no Syslog server is configured items related to Syslog configuration are not displayed When viewing details of an event s configuration you can change the configuration enable or disable event logging or Syslog or disable notification for specific e mail recipients or trap receivers but you cannot add or remove recipients or receivers To add or remove recipients or receivers see the following e Identifying Syslog servers e E mail recipients Trap Receivers Configuring by group To configure a group of events simultaneously 1 Select the Administration tab Notification on the top menu bar and by group under Event Actions on the left navigation menu 2 Choose how to group events for configuration e Choose Grouped by severity and then select all events of one or more severity levels You cannot change the severity of an event e Choose Grouped by category and then select all events in one or more pre defined categories 3 Click Next gt gt to move from page to page to do the following a Select event actions for the group of events e To choose any action except Logging the default you must first have at least one relevant recipient or receiver configured e If you choose Logging and have configured a Syslog server select Event Log or Syslog or both on the next page b Select whether to leave the ne
42. pre defined values are not case sensitive but string values that you define are case sensitive Use adjacent quotation marks to indicate no value For example LinkURL1 indicates that the URL is intentionally undefined Enclose in quotation marks any values that contain leading or trailing spaces or are already enclosed in quotation marks To export scheduled events configure the values directly in the ini file To export a system time with the greatest accuracy if the receiving Rack PDUs can access a Network Time Protocol server configure enabled for NTPEnab1le NTPEnable enabled Alternatively reduce transmission time by exporting the SystemDate Time section as a separate ini file To add comments start each comment line with a semicolon 2 Copy the customized file to another file name in the same folder The file name can have up to 64 characters and must have the ini suffix Retain the original customized file for future use The file that you retain is the only record of your comments Transferring the file to a single Rack PDU To transfer the ini file to another Rack PDU do either of the following e From the Web interface of the receiving Rack PDU select the Administration tab General on the top menu bar and User Config File on the left navigation menu Enter the full path of the file or use Browse Use any file transfer protocol supported by Rack PDUs i e FTP FTP Client SCP or TFTP The
43. private key of the Rack PDU and the public key obtained from the cer or crt file nF choke Load the server certificate to the Rack PDU 1 On the Administration tab select Network on the top menu bar and ssl certificate under the Web heading on the left navigation menu 2 Select Add or Replace Certificate File and browse to the server certificate the p15 file you created in the procedure Create a Root Certificate and Server Certificates The default location is C Program Files Dell Rack PDU Security Wizard Alternatively you can use FTP or Secure CoPy SCP to transfer the server Q certificate to the Rack PDU For SCP the command to transfer a certificate named cert p15 to a Rack PDU with an IP address of 156 205 6 185 would be scp cert p15 del1l1 156 205 6 185 Create an SSH Host Key Summary This procedure is optional If you select SSH encryption but do not create a host key the Rack PDU generates a 2048 bit RSA key when it reboots You define whether the host keys for SSH that are created with the Rack PDU Security Wizard are 1024 bit or 2048 bit RSA keys You can generate a 1024 bit key or you can generate a 2048 bit key which provides complex encryption and a higher level of security e Use the Rack PDU Security Wizard to create a host key which is encrypted and stored in a file with the p15 suffix e Load the host key onto the Rack PDU oF choke The procedure Create the host key 1 If
44. reboot type cli gt olRebootTime 3 5 7 10 E000 Success 3 BobbysServer 10 sec 5 BillysServer 10 sec 6 JoesServer 10 sec 7 JacksServer 10 sec olReading Access Administrator Device User and Outlet User but only for outlets to which the user is assigned Description View the current power or energy for an outlet or group of outlets Argument Description all All device outlets lt outlet The name configured for a specific outlet See olName name gt lt outlet gt A single number or a range of numbers separated with a dash or a comma separated list of single outlet numbers and number ranges current The new outlet threshold watts power energy Example 1 To view the current for outlets 3 and 5 through 7 type cli gt olReading 3 5 7 current E000 Success 3 BobbysServer 4 A 5 BillysServer 5A 6 JoesServer 7 A 7 JacksServer 2 A Example 2 To view the power for outlet 3 type cli gt olReading 3 power E000 Success 3 BobbysServer 40 W oF choke Example 3 To view the energy for outlet JoesServer type cli gt olReading joesserver energy E000 Success 6 JoesServer 7 3 kWh olReboot Access Administrator Device User and Outlet User but only for outlets to which the user is assigned Description Cycle power to an outlet or group of outlets without any delays If more than one outlet is specified then those outlets will be cy
45. selected trap receiver is enabled on this device e The trap receiver is enabled e If a host name is selected for the To address that host name can be mapped to a valid IP address To Select the IP address or host name to which a test SNMP trap will be sent If no trap receiver is configured a link to the Trap Receiver configuration page is displayed oF choke Syslog Path Logs gt Syslog gt options The Rack PDU can send messages to up to four Syslog servers when an event occurs The Syslog servers record events that occur at network devices in a log that provides a centralized record of events This user s guide does not describe Syslog or its configuration values in detail See RFC3164 for more information about Syslog Identifying Syslog servers Path Logs gt Syslog gt servers Setting Definition Syslog Uses IPv4 IPv6 addresses or host names to identify from one to four servers to Server receive Syslog messages sent by the Rack PDU Port The user datagram protocol UDP port that the Rack PDU will use to send Syslog messages The default is 514 the UDP port assigned to Syslog Protocol Choose the language for any Syslog messages oF choke Syslog settings Path Logs gt Syslog gt settings Setting Definition Message Enables by default or disables the Syslog feature Generation Facility Selects the facility code assigned to the Rack PDU s Syslog mes
46. such as HyperTerminal and configure the selected port for 57600 bps 8 data bits no parity 1 stop bit and no flow control Press the RESET button on the Rack PDU then immediately press the ENTER key twice or until the Boot Monitor prompt displays BM gt Type XMODEM then press ENTER From the terminal program s menu select XMODEM then select the binary AOS firmware file to transfer using XMODEM After the XMODEM transfer is complete the Boot Monitor prompt returns To install the application module repeat step 5 and step 6 In step 6 use the application module file name Type reset or press the Reset button to restart the Rack PDU Verifying Upgrades and Updates Verify the success or failure of the transfer To verify whether a firmware upgrade succeeded use the xferStatus command in the command line interface to view the last transfer result or use an SNMP GET to the mfiletransferStatusLastTransferResult OID Last Transfer Result codes Code Description Successful The file transfer was successful Result not available There are no recorded file transfers Failure unknown The last file transfer failed for an unknown reason Server inaccessible The TFTP or FTP server could not be found on the network Server access denied The TFTP or FTP server denied access File not found The TFTP or FTP server could not locate the requested file File type unknown The file w
47. the Rack PDU Security Wizard is not already installed on your computer obtain and run the installation program Rack PDU Security Wizard exe On the Windows Start menu select Programs then Rack PDU Security Wizard On the Step 1 screen select SSH Server Host Key as the type of file to create and then select the length of the key to generate use 1024 bits which is the default setting or use 2048 bits to provide complex encryption and a high level of security Enter a name for this file which will contain the host key The file must have a p15 suffix By default the file will be created in the installation folder C Program Files Dell Rack PDU Security Wizard Click Next to generate the host key The summary screen displays the SSH version 2 fingerprints which are unique for each host key and identify the host key After you load the host key onto the Rack PDU you can verify that the correct host key was uploaded by verifying that the fingerprints displayed here match the SSH fingerprints on the Rack PDU as displayed by your SSH client program The last screen verifies that the host key was created instructs you to load the host key to the Rack PDU and displays the location and name of the host key which has a p15 file suffix Load the host key to the Rack PDU 1 On the Administration tab select Network on the top menu bar and ssh host key under the Console heading on the left navigation menu 2 S
48. the configuration pages generally do not need to be changed Vendor Class DELL Client ID The MAC address of the Rack PDU which uniquely identifies it on the local area network LAN User Class The name of the application firmware module oF choke Setting Description BOOTP A BOOTP server provides the TCP IP settings At 32 second intervals the Rack PDU requests network assignment from any BOOTP server If the Rack PDU receives a valid response it starts the network services e If the Rack PDU finds a BOOTP server but a request to that server fails or times out the Rack PDU stops requesting network settings until it is restarted e By default if previously configured network settings exist and the Rack PDU receives no valid response to five requests the original and four retries it uses the previously configured settings so that it remains accessible Click Next gt gt to access the BOOTP Configuration page to change the number of retries or the action to take if all retries fail 1 Maximum retries Enter the number of retries that will occur when no valid response is received or zero 0 for an unlimited number of retries e If retries fail Select Use prior settings the default or Stop BOOTP request DHCP The default setting At 32 second intervals the Rack PDU requests network assignment from any DHCP server e If the Rack PDU receives a valid response it does not require the vendor co
49. through a serial connection to transfer the individual firmware modules from your computer to the Rack PDU When you transfer individual firmware modules you must transfer the Q Operating System AOS module to the Rack PDU before you transfer the application module Use FTP or SCP to upgrade one Rack PDU FTP To use FTP to upgrade one Rack PDU over the network e The Rack PDU must be connected to the network and its system IP subnet mask and default gateway must be configured The FTP server must be enabled at the Rack PDU e The firmware files must have been downloaded from Dell com To transfer the files 1 At a computer on the network open a command prompt window Go to the directory that contains the firmware files and list the files C gt cd dell C dellsdir For the listed files xxx represents the firmware version number e dell hw05 aos xxx bin e dell hw05 application xxx bin oF choke Open an FTP client session C dell gt ftp Type open and the IP address of the Rack PDU and press ENTER If the port setting for the FTP Server has changed from its default of 21 you must use the non default value in the FTP command e For Windows FTP clients separate a non default port number from the IP address by a space For example ftp gt open 150 250 6 10 21000 e Some FTP clients require a colon instead before the port number Log on as Administrator admin is the default user name and password
50. to the browser For authentication to occur e Each server Rack PDU with SSL enabled must have a server certificate on the server itself e Any browser that is used to access the Web interface of the Rack PDU must contain the CA root certificate that signed the server certificate If authentication fails a browser message asks you whether to continue even though it cannot authenticate the server If your network does not require the authentication provided by digital certificates you can use the default certificate that the Rack PDU generates automatically The default certificate s digital signature will not be recognized by browsers but a default certificate enables you to use SSL for the encryption of transmitted user names passwords and data If you use the default certificate the browser prompts you to agree to unauthenticated access before it logs you on to the Web interface of the Rack PDU How SSH host keys are used An SSH host key authenticates the identity of the server the Rack PDU each time an SSH client contacts that server Each server with SSH enabled must have an SSH host key on the server itself oF choke Files you create for SSL and SSH security Use the Rack PDU Security Wizard to create these components of an SSL and SSH security system The server certificate for the Rack PDU if you want the benefits of authentication that such a certificate provides You can create either of the following types of
51. type the command and press ENTER Commands and arguments are valid in lowercase uppercase or mixed case Options are case sensitive While using the command line interface you can also do the following Type and press ENTER to view a list of available commands based on your account type To obtain information about the purpose and syntax of a specified command type the command a space and or the word help For example to view RADIUS configuration options type radius or radius help Press the UP arrow key to view the command that was entered most recently in the session Use the UP and DOWN arrow keys to scroll through a list of up to ten previous commands Type at least one letter of acommand and press the TAB key to scroll through a list of valid commands that match the text you typed in the command line Type exit or quit to close the connection to the command line interface oF choke Command Syntax Item Description Options are preceded by a hyphen lt gt Definitions of options are enclosed in angle brackets For example dp lt device password gt If a command accepts multiple options or an option accepts mutually exclusive arguments the values may be enclosed in brackets A vertical line between items enclosed in brackets or angle brackets indicates that the items are mutually exclusive You must use one of the items Example of a command that supports multiple
52. y for mmm dd yy year represents one digit Single digit days and months are dd mmm yy displayed with a leading zero yyyy mm dd Z lt time zone Set the difference with GMT in order to specify your time zone offset gt This enables you to synchronize with other people in different time zones Example 1 To display the date using the format yyyy mm dd type date f yyyy mm dd Example 2 To define the date as October 30 2009 using the format configured in the preceding example type date d 2009 10 30 Example 3 To define the time as 5 21 03 p m type date t 17 21 03 delete Access Administrator only Description Delete a file in the file system Argument Description lt file name gt Type the name of the file to delete dir Access Administrator Device User Outlet User Description View the files and folders stored on the Rack PDU oF choke oF choke dns Access Administrator only Definition Configure the manual Domain Name System DNS settings Parameter Argument Description OM enable Override the manual DNS disable p lt primary DNS Set the primary DNS server server gt S lt secondary Set the secondary DNS server DNS server gt d lt domain Set the domain name name gt N lt domain Set the domain name IPv6 name IPv6 gt h lt host name gt Set the host name eventlog
53. you enable SSL you must reboot the Rack PDU During rebooting if no server certificate exists the Rack PDU generates a default server certificate that is self signed but that you cannot configure Method 1 has the following advantages and disadvantages e Advantages Before they are transmitted the user name and password and all data to and from the Rack PDU are encrypted You can use this default server certificate to provide encryption based security while you are setting up either of the other two digital certificate options or you can continue to use it for the benefits of encryption that SSL provides e Disadvantages The Rack PDU takes up to 1 minute to create this certificate and the Web interface is not available during that time This delay occurs the first time you log on after you enable SSL This method does not include the authentication provided by a CA certificate a certificate signed by a Certificate Authority that Methods 2 and 3 provide There is no CA Certificate cached in the browser Therefore when you log on to the Rack PDU the browser generates a security alert indicating that a certificate signed by a trusted authority is not available and asks if you want to proceed To avoid this message you must install the default server certificate into the certificate store cache of the browser of each user who needs access to the Rack PDU and each user must always use the fully qualified domain
54. 1 are transferred over the network as plain text A user who is capable of monitoring the network traffic can determine the user names and passwords required to log on to the accounts of the command line interface or Web interface of the Rack PDU If your network requires the higher security of the encryption based options available for the command line interface and Web interface disable SNMPv1 access or set its access to Read Read access allows you to receive status information and use SNMPv1 traps To disable SNMPv1 access on the Administration tab select Network on the top menu bar and access under the SNMPv1 heading on the left navigation menu Clear the Enable SNMPv1 access checkbox and click Apply To set SNMPv1 access to Read on the Administration tab select Network on the top menu bar and access control under the SNMPv1 heading on the left navigation menu Then for each configured Network Management System NMS click the community names and set the access type to Read Authentication You can choose security features for the Rack PDU that control access by providing basic authentication through user names passwords and IP addresses without using encryption These basic security features are sufficient for most environments in which sensitive data are not being transferred SNMP GETS SETS and Traps For enhanced authentication when you use SNMP to monitor or configure the Rack PDU choose SNMPv3 The authentication passph
55. 1 kW type cli gt devLowLoad 1 0 E000 Success devNearOver Access Administrator Device User Description Set or view the near overload threshold in kilowatts for the device Example 1 To view the near overload threshold type cli gt devNearOver E000 Success 20 5 KW Example 2 To set the near overload threshold to 21 3 kW type cli gt devNearOver 21 3 E000 Success oF choke devOverLoad Access Administrator Device User Description Set or view the overload threshold in kilowatts for the device Example 1 To view the overload threshold type cli gt devOverLoad E000 Success 25 0 kW Example 2 To set the overload threshold to 25 5 kW type cli gt devOverLoad 25 5 E000 Success devReading Access Administrator Device User Description View the total power in kilowatts or total energy in kilowatt hours for the device Argument Definition power View the total power in kilowatts energy View the total energy in kilowatt hours Example 1 To view the total power type cli gt devReading power E000 Success 5 2 KW Example 2 To view the total energy type cli gt devReading energy E000 Success 200 1 kWh oF choke devStartDly Access Administrator Device User Description Set or view the amount of time in seconds to be added to each outlet s Power On Delay after power is applied to the Rack PDU Allowed values are within the range of 1 to 300 seconds or
56. 142 Local Users setting user access 131 oF choke Location system value 167 Logging on access priorities 2 locally through a serial port to the control console 17 Web interface 85 Login date and time control console 19 Main screen displaying identification 19 firmware values displayed 19 login date andtime 19 status 20 Up Time 19 Menus Logs 121 Network 148 137 Security 130 Message Generation Syslog setting 146 N Network menu 148 Network status LED front panel 12 13 Network Time Protocol NTP 168 NMS IP Host Name for trap receivers 143 Notification menu 137 Notification delaying or repeating 138 O Outlet events described 109 113 Outlet groups creating local groups 103 deleting 104 editing 104 102 follower 98 global 98 initiator 98 local 98 purpose and benefits 99 rules for configuring 101 system requirements 100 typical configurations 105 Outlet settings configuring 110 108 Outlets global 98 Override keyword user configuration file 174 P Paging by using e mail 141 Passwords change immediately for security 197 default for all account types 85 131 for data log repository 126 recovery 9 using non standard ports for extra security 197 Peak load 95 resetting kWh resetting 98 Phase LEDs front panel 11 Ping utility for troubleshooting access 186 Port speed configuring for Ethernet 154 Ports FTP server 33 166 HTTP and HTTPS 157 RADIUS server 37 133 Telnet and SS
57. 152 214 12 114 your Telnet client requires one of these commands telnet 152 214 12 114 5000 telnet 152 214 12 114 5000 e SSH Port The SSH port used to communicate with the Rack PDU 22 by default You can change the port setting to any unused port from 5000 to 32768 for additional security See the documentation for your SSH client for the command line format required to specify a non default port oF choke Option Description ssh host key Status indicates the status of the host key private key e SSH Disabled No host key in use When disabled SSH cannot use a host key e Generating The Rack PDU is creating a host key because no valid host key was found e Loading A host key is being activated on the Rack PDU e Valid One of the following valid host keys is in the ssh directory the required location on the Rack PDU A 1024 bit or 2048 bit host key created by the Security Wizard A 2048 bit RSA host key generated by the Rack PDU Add or Replace Browse to and upload a host key file created by the Security Wizard To use the Security Wizard see the Appendix B Security Handbook NOTE To reduce the time required to enable SSH create and upload a host key in advance If you enable SSH with no host key loaded the Rack PDU takes up to one minute to create a host key and the SSH server is not accessible during that time Remove Remove the current host key To use SSH you must h
58. Access Administrator Device User Outlet User Description View the date and time you retrieved the event log the status of the Rack PDU and the status of sensors connected to the Rack PDU View the most recent device events and the date and time they occurred Use the following keys to navigate the event log Key Description ESC Close the event log and return to the command line interface ENTER Update the log display Use this command to view events that were recorded after you last retrieved and displayed the log SPACEBAR View the next page of the event log B View the preceding page of the event log This command is not available at the main page of the event log D Delete the event log Follow the prompts to confirm or deny the deletion Deleted events cannot be retrieved exit Access Administrator Device User Outlet User Description Exit from the command line interface session format Access Administrator only Description Reformat the file system of the Rack PDU and erase all security certificates encryption keys configuration settings and the event and data logs To reset the Rack PDU to its default configuration use the reset ToDef command dF choke nF choke FTP Access Administrator only Description Enable or disable access to the FTP server Optionally change the port setting to the number of any unused port from 5001 to 32768 for added security Option
59. Certificate Validity Issued on The date and time at which the certificate was issued Expires on The date and time at which the certificate expires Fingerprints Each of the two fingerprints is a long string of alphanumeric characters punctuated by colons A fingerprint is a unique identifier to further authenticate the server Record the fingerprints to compare them with the fingerprints contained in the certificate as displayed in the browser SHA1 Fingerprint A fingerprint created by a Secure Hash Algorithm SHA 1 MD5 Fingerprint A fingerprint created by a Message Digest 5 MD5 algorithm Supported RADIUS Functions and Servers Supported functions Supported authentication and authorization functions Remote Authentication Dial In User Service RADIUS Use RADIUS to administer remote access for each Rack PDU centrally When a user accesses the Rack PDU an authentication request is sent to the RADIUS server to determine the permission level of the user For more information on permission levels see Types of user accounts Supported RADIUS servers Supported RADIUS servers FreeRADIUS and Microsoft IAS 2003 Other commonly available RADIUS applications may work but have not been fully tested oF choke oF choke Configure the Rack PDU Authentication Q RADIUS user names used with Rack PDU are limited to 32 characters On the Administration tab select Security on the top menu bar
60. DlyOff Access Administrator Device User and Outlet User but only for outlets to which the user is assigned Description Turns off an outlet or group of outlets after the Power Off Delay see olOff Argument Description all All device outlets lt outlet The name configured for a specific outlet See olName name gt lt outlet gt A single number or a range of numbers separated with a dash or a comma separated list of single outlet numbers and number ranges Example 1 To turn off outlets 3 5 through 7 and 10 type cli gt olDlyOff 3 5 7 10 E000 Success Example 2 To turn off all outlets type cli gt olDlyOff all E000 Success olDlyOn Access Administrator Device User and Outlet User but only for outlets to which the user is assigned Description Turns on an outlet or group of outlets after the Power On Delay see olOnDelay Argument Description all All device outlets lt outlet The name configured for a specific outlet See olName name gt lt outlet gt A single number or a range of numbers separated with a dash or a comma separated list of single outlet numbers and number ranges Example 1 To turn on outlets 3 5 through 7 and 10 type cli gt olDlyOn 3 5 7 10 E000 Success Example 2 To turn on an outlet with the configured name of Outlet1 type cli gt olDlyOn outletl E000 Success olDlyReboot Access Admini
61. F choke Using the Rack PDU Security Wizard The Rack PDU Security Wizard creates components needed for high security for a Rack PDU on the network when you are using Secure Sockets Layer SSL and related protocols and encryption routines Authentication by certificates and host keys Authentication verifies the identity of a user or a network device Such as a Rack PDU Passwords typically identify computer users However for transactions or communications requiring more stringent security methods on the Internet the Rack PDU supports more secure methods of authentication Secure Sockets Layer SSL used for secure Web access uses digital certificates for authentication A digital CA root certificate is issued by a Certificate Authority CA as part of a public key infrastructure and its digital signature must match the digital signature on a server certificate on the Rack PDU Secure Shell SSH used for remote terminal access to the command line interface of the Rack PDU uses a public host key for authentication oF choke How certificates are used Most Web browsers including all browsers supported by Rack PDUs contain a set of CA root certificates from all of the commercial Certificate Authorities Authentication of the server in this case the Rack PDU occurs each time a connection is made from the browser to the server The browser checks to be sure that the server s certificate is signed by a Certificate Authority known
62. H 159 Ports assigning 197 Power Off Delay 110 Power On Delay 110 oF choke Primary NTP Server 168 Proxy servers configuring not to proxy the PDU 85 disabling use of 85 Q Quick Links configuration 173 R Rack PDU configuring name and location 97 front panel 11 getting started 4 product features 1 troubleshooting access problems 186 RADIUS configuration 133 server configuration 134 135 RADIUS Server setting 227 Reboot outlets 109 113 Reboot Duration 110 Reboot Management Interface 172 Recent Events Device Events on home page 92 Recipient SMTP server 142 Remote Users authentication 132 setting user access 132 Reset All 172 Reset Only 172 Reverse lookup 124 RJ 45 serial port front panel 12 Root certificates creating 210 S SCP enabled and configured with SSH 200 221 for encrypted file transfer 199 166 219 213 217 transferring firmware files 182 using non standard port 197 127 Secondary NTP Server 168 Section headings user configuration file 174 Secure CoPy See SCP Secure SHell See SSH Secure Sockets Layer See SSL Security authentication through digital certificates with SSL 200 226 with SSH and SCP 199 certificate signing requests 201 disabling less secure interfaces 199 200 encryption with SSH and SCP 199 how certificates are used 208 immediately changing username and password 197 SCP as alternative to FTP 200 din ae to use certificates 202 summary of access
63. Never Select this to disable DHCPv6 Ping Response Path Administration gt Network gt Ping Response Select the Enable check box for IPv4 Ping Response to allow the Network Management Card to respond to network pings Clear the check box to disable an NMC response This does not apply to IPv6 oF choke Port Speed Path Administration gt Network gt Port Speed The Port Speed setting defines the communication speed of the TCP IP port e For Auto negotiation the default Ethernet devices negotiate to transmit at the highest possible speed but if the supported speeds of two devices are unmatched the slower speed is used e Alternatively you can choose 10 Mbps or 100 Mbps each with the option of half duplex communication in only one direction at a time or full duplex communication in both directions on the same channel simultaneously oF choke DNS Path Administration gt Network gt DNS gt options Use the options under DNS to configure and test the Domain Name System DNS Select Primary DNS Server or Secondary DNS Server to specify the IPv4 or IPv6 addresses of the primary and optional secondary DNS server For the Rack PDU to send e mail you must at least define the IP address of the primary DNS server The Rack PDU waits up to 15 seconds for a response from the primary DNS server or the secondary DNS server if a secondary DNS server is specified If the Rack PDU does not receive a response
64. OffDelay lt all outlet name outlet gt lt time gt On lt all outlet name outlet gt olOnDelay lt all outlet name outlet gt lt time gt olOverLoad lt all outlet name outlet gt lt power gt olRbootTime lt all outlet name outlet gt lt time gt olReadin lt all outlet name outlet gt lt current power energy gt olReboot lt all outlet name outlet gt olStatus lt all outlet name outlet gt olUnasgnUsr lt all outlet name outlet gt lt user gt phLowLoad lt all phase gt lt current gt phNearOver lt all phase gt lt current gt phOverLoad lt all phase gt lt current gt phReading lt all phase gt lt current voltage power gt phRestrictn lt all phase gt lt none near over gt prodIinfo tempHigh lt F C gt lt temperature gt tempMax lt F C gt lt temperature gt tempReading lt F C gt userAdd lt new user gt userDelete lt user gt userList userPasswd lt user gt lt new password gt lt new password gt whoami Appendix B Security Handbook Content and Purpose of This Appendix This appendix documents security features for firmware version 5 x x for Dell Rack PDUs which enable Rack PDUs to function remotely over
65. P or HTTPS and configure the ports that each of the two protocols will use Changes take effect the next time you log on When SSL is activated your browser displays a small lock icon For information on the extra security a non standard port provides see Port assignments 3 Select ssl certificate under Web on the left navigation menu to determine whether a server certificate is installed on the Rack PDU If a certificate was created with the Rack PDU Security Wizard but is not installed e In the Web interface browse to the certificate file and upload it to the Rack PDU e Alternatively use the Secure CoPy SCP protocol or FTP to upload the certificate file to the Rack PDU oF choke required to enable HTTPS If you enable HTTPS with no server certificate OQ Creating and uploading a server certificate in advance reduces the time loaded the Rack PDU creates one when it reboots The Rack PDU can take up to 1 minute to create the certificate and the SSL server is unavailable during that time A certificate that the Rack PDU generates has some limitations See Method 1 Use the default certificate auto generated by the Rack PDU 4 If a valid digital server certificate is loaded the Status field displays the link Valid Certificate Click the link to display the parameters of the certificate Parameter Description Issued To Common Name CN The IP Address or DNS name of the Rack PDU This field
66. U 97 Setting the Coldstart Delay 00 0c eee eee eee 97 oF choke Resetting Peak Load and kWh 1 000 cece eee eee eee 98 Configure and Control Outlet Groups 02000e eens 98 Outlet Settings for Outlets and Outlet Groups 055 108 Scheduling Outlet ActionS 000 c eee ees 112 Outlet Manager Menu 2 00 c ee es 116 Environment 117 Configuring Temperature and Humidity Sensors 5 118 Configuring Dry Contact Inputs 000 c eee eee eee 120 Logs 121 Using the Event and Data Logs 0 ccc eee e eee e eens 122 Administration Security 130 Local sere 222 naii a Sensor A 131 Remote US rS acca decade anidre npada i Ninne eucasaeadans 132 Configuring the RADIUS Server 0000 ee eee eee eee 134 Inactivity Timeout 2 6ssccnnnescnwecesdscsnseheecnonceces 135 Administration Notification 136 EventActlonSeas eicscicee ae draa anedota a SORE Gees cows 137 Active Automatic Direct Notification 0000neeeae 140 Administration Network Features 148 TCP IP and Communication Settings 2 2000e0ees 149 Ping RESPONSE ceap bs cPi cde secession dete eked tant ae wee 153 PON SHCCGs 55 sec bGs5e 05 9 See ee woe seetled E 154 DNS ceram are yee Sea ra are a O E ees a eve ee ee ere ates 155 LC ee ee ee ee ee eo ee ee eee eee ere ee 157 CONSOle ci cite cbse dese tae arekathinadiedeve gash E keds 159 SNMP sc ccccetedatadecececacbetet
67. U Secure Shell SSH and Secure CoPy SCP for the command line interface The Secure Shell protocol SSH provides a secure mechanism to access computer consoles or shells remotely The protocol authenticates the server in this case the Rack PDU and encrypts all transmissions between the SSH client and the server SSH is a high security alternative to Telnet Telnet does not provide encryption SSH protects the user name and password which are the credentials for authentication from being used by anyone intercepting network traffic To authenticate the SSH server the Rack PDU to the SSH client SSH uses a host key unique to the SSH server The host key is an identification that cannot be falsified and it prevents an invalid server on the network from obtaining a user name and password by presenting itself as a valid server For information on supported SSH client applications see Telnet and Secure Shell SSH To create a host key see Create an SSH Host Key The Rack PDU supports SSH version 2 which provides protection from attempts to intercept forge or change data during transmission When you enable SSH Telnet is automatically disabled The interface user accounts and user access rights are the same whether you access the command line interface through SSH or Telnet oF choke Secure CoPy SCP is a secure file transfer application that you can use instead of FTP SCP uses the SSH protocol as the underlying tran
68. a Function button To manually display the current for each phase repeatedly press the button The current displays for 30 seconds or until you press the button again This functionality is not available for single phase Rack PDUs e To display the IP address press and hold for five seconds until IP appears then release On the LED display the address will appear two digits at a time and then the cycle will repeat e To invert the display press and hold for ten seconds until the AA pattern appears Continue holding the button until AA is oriented as desired then release the button 10 100 base T connector Port for connecting the Rack PDU to the network 10 100 LED See 10 100 LED Network status LED See Network Status LED Outlet status LED Illuminates green when the outlet is energized Each outlet has an outlet LED O O O Q O Temp humidity sensor port Port for connecting a Rack PDU Temperature Sensor G853N or a Rack PDU Temperature Humidity Sensor H621N RJ 45 serial port Port for connecting the Rack PDU to a terminal emulator program for local access to the command line interface Use the supplied serial cable Reset button To restart the interface of the Rack PDU without affecting the outlets press and release the Reset button oF choke Network Status LED Condition Description Off One of the following situations exists e The Rac
69. ack PDU 173 Access enabling or disabling methods of access to the command line interface 159 157 priorities 2 to the command line interface remotely 15 187 Administration Network menu 148 136 Security menu 130 Alarm Status input contacts 120 Apply Local Computer Time 168 Authenticating users through RADIUS 132 Authentication for Web interface and command line interface 198 with RADIUS 226 198 200 Authentication Traps setting 144 Automatic log off for inactivity 135 B BOOTP Rack PDU and BOOTP server communica tion 6 Status LED indicating BOOTP requests 13 Browsers CA certificates in browser s store cache 200 danger of leaving browser open 201 errormessages 87 lock icon when SSL is installed 200 types and versions supported 84 C Certificates choosing which method to use 202 methods Rack PDU Security Wizard creates all certificates 204 Use a Certificate Authority CA 205 203 Certificates how to create view or remove 158 Cipher suites purpose of the algorithms and ciphers 201 Coldstart Delay 97 Command line interface 15 command descriptions 24 about 24 25 boot cd 27 28 date 29 34 30 46 47 48 49 30 31 eventlog 32 format 32 FTP 33 help 33 50 51 inNormal 52 netstat 34 oF choke olAssignUsr 53 54 55 56 57 58 59 60 61 62 63 64 65 66 69 67 68 70 71 phLowLoad 72 73 74 75 76 35 36 quit 36 radius 37 38 39 sensorName 78 40 tcpi
70. an outlet group and lets you apply control actions to an outlet group but the command line interface does not let you set up or configure an outlet group Enable outlet groups Click the Device Manager tab and select Group Configuration from the Outlet Groups left navigation menu Configure the following parameters and click Apply Enable creation of outlet groups Parameter Description Device Level To create an outlet group you must enable this parameter It is Outlet Group disabled by default Enable support for global outlet groups linked groups Parameter Description Multicast Name To link outlet groups on multiple Rack PDUs you must define the Multicast IP same Multicast name and Multicast IP address on each of those aaa Rack PDUs NOTE A maximum of four devices can be configured with the same Multicast name and Multicast IP address Enabling encryption and authentication of outlet groups Parameter Description Authentication A phrase of 15 to 32 ASCII characters that verifies that the device Phrase is communicating with other devices that the message has not been changed during transmission and that the message was communicated in a timely manner The authentication phrase indicates that it was not delayed and that it was not copied and sent again later at an inappropriate time Encryption Phrase A phrase of 15 to 32 ASCII characters that ensures the privacy of th
71. ary and secondary that the Rack PDU can use Host Name option 12 The host name that the Rack PDU will use 32 character maximum length Domain Name option 15 The domain name that the Rack PDU will use 64 character maximum length Boot File Name from the file field of the DHCP response described in RFC2131 The fully qualified directory path to a user configuration file ini file to download The siaddr field of the DHCP response specifies the IP address of the server from which the Rack PDU will download the ini file After the download the Rack PDU uses the ini file as a boot file to reconfigure its settings Path Administration gt Network gt TCP IP gt IPv6 settings Setting Description Enable Enable or disable IPv6 with this check box Manual Configure IPv6 manually by entering the IP address and default gateway Auto When the Auto Configuration check box is selected the system obtains addressing Configuration prefixes from the router if available It uses those prefixes to automatically configure IPv6 addresses oF choke Setting Description DHCPv6 Mode Router Controlled Selecting this option means that DHCPV6 is controlled by the Managed M and Other O flags received in IPv6 router advertisements When a router advertisement is received the NMC checks whether the M or the O flag is set The NMC interprets the state of the M Managed Address Configuration F
72. as downloaded but the contents were not recognized File corrupt The file was downloaded but at least one Cyclical Redundancy Check CRC failed Verify the version numbers of installed firmware Use the Web interface to verify the versions of the upgraded firmware modules by selecting the Administration tab General on the top menu bar and About on the left navigation menu or use an SNMP GET to the MIB II sysDescr OID In the command line interface use the about command oF choke Troubleshooting Rack PDU Access Problems Problem Solution Unable to ping the Rack PDU If the Rack PDU s Status LED is green try to ping another node on the same network segment as the Rack PDU If that fails it is not a problem with the Rack PDU If the Status LED is not green or if the ping test succeeds perform the following checks e Verify all network connections e Verify the IP addresses of the Rack PDU and the NMS e If the NMS is on a different physical network or subnetwork from the Rack PDU verify the IP address of the default gateway or router e Verify the number of subnet bits for the Rack PDU s subnet mask Cannot allocate the communications port through a terminal program Before you can use a terminal program to configure the Rack PDU you must shut down any application service or program using the communications port Cannot access the command line interface through a serial connecti
73. at it was not delayed and that it was not copied and sent again later at an inappropriate time Privacy Passphrase A phrase of 15 to 32 ASCII characters dell crypt passphrase by default that ensures the privacy of the data by means of encryption that an NMS is sending to this device or receiving from this device through SNMPv3 Authentication Protocol The Dell implementation of SNMPv3 supports SHA and MD5 authentication Authentication will not occur unless an authentication protocol is selected Privacy Protocol The Dell implementation of SNMPv3 supports AES and DES as the protocols for encrypting and decrypting data Privacy of transmitted data requires that a privacy protocol is selected and that a privacy passphrase is provided in the request from the NMS When a privacy protocol is enabled but the NMS does not provide a privacy passphrase the SNMP request is not encrypted Note You cannot select the privacy protocol if no authentication protocol is selected oF choke Option Description access control You can configure up to four access control entries to specify which NMSs have access to this device The opening page for access control by default assigns one entry to each of the four user profiles but you can edit these settings to apply more than one entry to any user profile to grant access by several specific IP addresses host names or IP address masks e If you leave the default access contro
74. ates for commercial Certificate Authorities in the certificate store within the browser as described in Method 3 Method 3 Use the Rack PDU Security Wizard to create a certificate signing request to be signed by the root certificate of an external Certificate Authority and to create a server certificate Use the Rack PDU Security Wizard to create a request a csr file to send to a Certificate Authority The Certificate Authority returns a signed certificate a crt file based on information you submitted in your request You then use the Rack PDU Security Wizard to create a server certificate a p15 file that includes the signature from the root certificate returned by the Certificate Authority Upload the server certificate to the Rack PDU You can also use Method 3 if your company or agency operates its own Certificate Authority Use the Rack PDU Security Wizard in the same way but use your own Certificate Authority in place of a commercial Certificate Authority Method 3 has the following advantages and disadvantages e Advantages Before they are transmitted the user name and password and all data to and from the Rack PDU are encrypted You have the benefit of authentication by a Certificate Authority that already has a signed root certificate in the certificate cache of the browser The CA certificates of commercial Certificate Authorities are distributed as part of the browser software and a Certificate Authority o
75. ation gt Network gt SNMPv3 gt options For SNMP GETs SETs and trap receivers SNMPv3 uses a system of user profiles to identify users An SNMPv3 user must have a user profile assigned in the MIB software program to perform GETs and SETs browse the MIB and receive traps Q To use SNMPv3 you must have a MIB program that supports SNMPv3 The Rack PDU supports SHA or MD5 authentication and AES or DES encryption Option Description access SNMPv3 Access Enables SNMPv3 as a method of communication with this device oF choke Option Description user profiles By default lists the settings of four user profiles configured with the user names dell snmp profile1 through dell snmp profile4 and no authentication and no privacy no encryption To edit the following settings for a user profile click a user name in the list User Name The identifier of the user profile SNMP version 3 maps GETs SETs and traps to a user profile by matching the user name of the profile to the user name in the data packet being transmitted A user name can have up to 32 ASCII characters Authentication Passphrase A phrase of 15 to 32 ASCII characters dell auth passphrase by default that verifies that the NMS communicating with this device through SNMPv3 is the NMS it claims to be that the message has not been changed during transmission and that the message was communicated in a timely manner indicating th
76. ave an SSH client installed Most Linux and other UNIX platforms include an SSH client but Microsoft Windows operating systems do not Clients are available from various vendors SNMP All user names passwords and community names for SNMP are transferred over the network as plain text If your network requires the high security of encryption disable SNMP access or set the access for each community to Read A community with Read access Can receive status information and use SNMP traps For detailed information on enhancing and managing the security of your system see Appendix B Security Handbook oF choke oF choke SNMPv1 Path Administration gt Network gt SNMPv1 gt options Option Description access Enable SNMPv1 Access Enables SNMP version 1 as a method of communication with this device access You can configure up to four access control entries to specify which Network control Management Systems NMSs have access to this device The opening page for access control by default assigns one entry to each of the four available SNMPv1 communities but you can edit these settings to apply more than one entry to any community to grant access by several specific IPv4 and IPv6 addresses host names or IP address masks To edit the access control settings for a community click its community name e If you leave the default access control entry unchanged for a community that community has ac
77. can access access Environment Home Device Manager Environment Logs Administration Temperature amp Humidity Dry Contact Inputs No Alarms Temperature amp Humidity SensorName Name SensorName Alarm Status tf Normal Temperature p e E C Humidity 48 RH Temperature Alarm Settings Humidity Alarm Settings Max Critical 60 c 0 to 60 Low Warning RH 0 to 99 High Warning 59 C 0 to 60 Min Critical RH 0 to 99 Hysteresis 1 c 0 to 10 Hysteresis 1 RH 0 to 20 Alarm Generation Enable Alarm Generation Enable Link 1 Link 2 Link 3 Managed Rack PDU DOLL oF choke Configuring Temperature and Humidity Sensors Path Environment gt Temperature amp Humidity Through the Temperature amp Humidity page when you have a temperature or a temperature and humidity sensor connected to the Rack PDU you can set thresholds for Warning and Critical alarm generation see Device status icons for details on each type of alarm For temperature e If the high temperature threshold is reached the system generates a Warning alarm e If the maximum temperature threshold is reached the system generates a Critical alarm Similarly for humidity e If the low humidity threshold is reached the system generates a Warning alarm e If the minimum humidity threshold is reached the system generates a Critical alarm Click the thermomet
78. cess use a computer that connects to the Rack PDU through the serial port to access the command line interface 1 2 Select a serial port at the computer and disable any service that uses that port Connect the supplied serial cable from the selected serial port on the computer to the serial port on the Rack PDU Run a terminal program e g HyperTerminal and configure the selected port for 9600 bps 8 data bits no parity 1 stop bit and no flow control Press ENTER and at the prompts enter your user name and password About the Main Screen Following is an example of the main screen which is displayed when you log on to the command line interface of a Rack PDU ae Corporation Network Management Card AOS aise c Copyright 2009 All Rights Reserved RPDUD VX X X Name Test Lab Date 10 30 2009 Contact Don Adams Time 5 58 30 Location Building 3 User Administrator Up Time 0 Days 21 Hours 21 Minutes Stat P N A cli gt Ta a oF choke oF choke Main screen information fields Two fields identify the operating system AOS and application APP firmware versions The application firmware name identifies the type of device that connects to the network In the preceding example the application firmware for the Rack PDU is displayed Network Management Card AOS vx x x RPDUD vx x X Three fields identify the system name contact person and location of the Rack PDU In the control co
79. cess to this device from any location on the network If you configure multiple access control entries for one community name the limit of four entries requires that one or more of the other communities must have no access control entry If no access control entry is listed for a community that community has no access to this device Community Name The name that an NMS must use to access the community The maximum length is 15 ASCII characters and the default community names for the four communities are public private public2 and private2 NMS IP Host Name The IPv4 or IPv6 address IP address mask or host name that controls access by NMSs A host name or a specific IP address such as 149 225 12 1 allows access only by the NMS at that location IP addresses that contain 255 restrict access as follows e 149 225 12 255 Access only by an NMS on the 149 225 12 segment e 149 225 255 255 Access only by an NMS on the 149 225 segment e 149 255 255 255 Access only by an NMS on the 149 segment e 0 0 0 0 the default setting which can also be expressed as 255 255 255 255 Access by any NMS on any segment Access Type The actions an NMS can perform through the community e Read GETS only at any time e Write GETS at any time and SETS when no user is logged onto the Web interface or command line interface e Write GETS and SETS at any time e Disable No GETS or SETS at any time oF choke SNMPv3 Path Administr
80. cled together Argument Description all All device outlets lt outlet The name configured for a specific outlet See olName name gt lt outlet gt A single number or a range of numbers separated with a dash or a comma separated list of single outlet numbers and number ranges Example To reboot outlets 3 and 5 through 7 type cli gt olReboot 3 5 7 E000 Success oF choke olStatus Access Administrator Device User and Outlet User but only for outlets to which the user is assigned Description View the status of specified outlets Argument Description all All device outlets lt outlet The name configured for a specific outlet See olName name gt lt outlet gt A single number or a range of numbers separated with a dash or a comma separated list of single outlet numbers and number ranges Example To view the status for outlets 3 and 5 through 7 type cli gt olStatus 3 5 7 E000 Success 3 BobbysServer On 5 BillysServer Off 6 JoesServer Off 7 JacksServer On oF choke olUnasgnUsr Access Administrator Description Remove control of outlets from an outlet user that exists in the local database Argument Description all All device outlets lt outlet The name configured for a specific outlet See olName name gt lt outlet gt A single number or a range of numbers separated with a da
81. cli gt tempHigh F E000 Success 70 F oF choke tempMax Access Administrator Device User Description Set or view the max temperature threshold in either Fahrenheit or Celsius Example 1 To set the max temperature threshold to 80 Fahrenheit type cli gt tempMax F 80 E000 Success Example 2 To view the max temperature threshold in Celsius type cli gt tempMax C E000 Success 27 C Example 3 To view the max temperature threshold in Fahrenheit type cli gt tempMax F E000 Success 80 F tempReading Access Administrator Device User Outlet User Description View the temperature value in either Fahrenheit or Celsius from the sensor Example To view the temperature value in Fahrenheit type cli gt tempReading F E000 Success 51 1 F userAdd Access Administrator Description Add an outlet user to the local user database Example To add a user named Bobby type cli gt userAdd Bobby E000 Success userDelete Access Administrator Description Remove an outlet user from the local user database Example To remove a user named Bobby type cli gt userDelete Bobby E000 Success userList Access Administrator Device User and Outlet User but only for outlets to which the user is assigned Description List the users and the outlets assigned to them Example 1 When logged in as the Administrator type cli gt userList E000 Success Local admin 1 2 3 4 5 6 7 8 Local Bobby
82. ction of these materials in any manner whatsoever without the written permission of Dell Inc is strictly forbidden Trademarks used in this text Dell and the DELL logo are trademarks of Dell Inc Other trademarks and trade names may be used in this document to refer to either the entities claiming the marks and names or their products Dell Inc disclaims any proprietary interest in trademarks and trade names other than its own 11 2010 Part Number 990 3926 001 www dell com support dell com
83. d by the Rack PDU Security Wizard These files will not work with products such as OpenSSL and Microsoft Internet Information Services IIS oF choke Create a Root Certificate and Server Certificates Summary Use this procedure if your company or agency does not have its own Certificate Authority and you do not want to use a commercial Certificate Authority to sign your server certificates Define the size of the public RSA key that is part of the certificate generated Q by the Rack PDU Security Wizard You can generate a 1024 bit key or you can generate a 2048 bit key which provides complex encryption and a higher level of security The default key generated by the Rack PDU if you do not use the Wizard is 2048 bits Create a CA root certificate that will sign all server certificates to be used with Rack PDU During this task two files are created The file with the p15 suffix is an encrypted file that contains the Certificate Authority s private key and public root certificate This file signs server certificates The file with the crt suffix contains only the Certificate Authority s public root certificate Load this file into each Web browser that will be used to access the Rack PDU so that the browser can validate the server certificate of that Rack PDU Create a server certificate which is stored in a file with a p15 suffix During this task you are prompted for the CA root certificate that signs the s
84. d outlet according to its value for Power Off Delay Reboot Immediate Remove power from each selected outlet Then apply power to each of these outlets according to its value for Reboot Duration t Reboot Delayed Remove power from each selected outlet according to its value for Power Off Delay Wait until all outlets are off the highest value for Reboot Duration and then apply power to each outlet according to its value for Power On Delay t Cancel Pending Commands Cancel all commands pending for the selected outlets and keep them in their present state NOTE For global outlet groups you can cancel a command only from the interface of the initiator outlet group The action will cancel the command for the initiator outlet group and all follower outlet groups t Ifa local outlet group is selected only the configured delays and reboot duration of the lowest numbered outlet of the group are used If a global outlet group is selected only the configured delays and reboot duration of the global outlet are used Configure outlet settings and the outlet name The following settings are available Setting Description Name Set the name for one or more outlets The name is displayed next to the outlet number on status screens External Link Define an HTTP or HTTPS link to a Web site or IP address http www dell com links the outlet to Dell s Web site http pdu_ip_addres
85. ded on page 1 In the navigation bar below the log Click a page number to open a specific page of the log Click Previous or Next to view the events recorded immediately before or after the events listed on the open page Click lt lt to return to the first page or click gt gt to view the last page of the log e To see the listed events on one page click Launch Log in New Window from the event log page to display a full screen view of the log In your browser s options JavaScript must be enabled for you to use the Launch Log in New Window button You can also use FTP or Secure CoPy SCP to view the event log See How to use FTP or SCP to retrieve log files To filter the log Logs gt Events gt log Filtering the log by date or time To display the entire event log or to change the number of days or weeks for which the log displays the most recent events select Last Select a time range from the drop down menu then click Apply The filter configuration is saved until the Rack PDU restarts To display events logged during a specific time range select From Specify the beginning and ending times using the 24 hour clock format and dates for which to display events then click Apply The filter configuration is saved until the Rack PDU restarts Filtering the log by event To specify the events that display in the log click Filter Log Clear the checkbox of an event category or alarm severity level to remove
86. dor cookie Option 43 0x01 0x04 0x31 0x41 0x50 0x43 TCP IP options The Rack PDU uses the following options within a valid DHCP response to define its TCP IP settings All of these options except the first are described in RFC2132 IP Address from the yiaddr field of the DHCP response described in RFC2131 The IP address that the DHCP server is leasing to the Rack PDU Subnet Mask option 1 The Subnet Mask value that the Rack PDU needs to operate on the network Router i e Default Gateway option 3 The default gateway address that the Rack PDU needs to operate on the network IP Address Lease Time option 51 The time duration for the lease of the IP Address to the Rack PDU Renewal Time T1 option 58 The time that the Rack PDU must wait after an IP address lease is assigned before it can request a renewal of that lease Rebinding Time T2 option 59 The time that the Rack PDU must wait after an IP address lease is assigned before it can seek to rebind that lease oF choke Other options The Rack PDU also uses these options within a valid DHCP response All of these options except the last are described in RFC2132 Network Time Protocol Servers option 42 Up to two NTP servers primary and secondary that the Rack PDU can use Time Offset option 2 The offset of the Rack PDU s subnet in seconds from Coordinated Universal Time UTC Domain Name Server option 6 Up to two Domain Name System DNS servers prim
87. e Q format for all events is hh mm with the two digit hour specified in 24 hour time e An event that is scheduled daily or at one of the intervals available in the Weekly selection continues to occur at the scheduled interval until the event is deleted or disabled e You can schedule a one time event to occur only on a date within 12 months of the date on which you perform the scheduling For example on December 26 2010 you could schedule a one time event on any date from the current date until December 26 2011 5 Use the checkboxes to select which outlets will be affected by the action You can select one or more individual outlets or All Outlets 6 Click Apply to confirm the scheduling of the event or Cancel to clear it When you confirm the event the summary page is re displayed with the new event displayed in the list of scheduled events oF choke oF choke Edit disable enable or delete a scheduled outlet event 1 At the Web interface select the Device Manager tab and then Scheduling from the left navigation menu 2 In the event list in the Scheduled Outlet Action section of the Scheduling page click on the name of the event 3 On the Daily Weekly scheduled action detail page you can do any of the following Change details of the event such as the name of the event when it is scheduled to occur and which outlets are affected Under Status of event at the top of the page you can perform the followin
88. e data by means of encryption oF choke Setting outlet group port Parameter Description Outlet Group Port The port number on which the device will communicate with other devices Devices attempting to synchronize with Outlet Groups on other devices must all have the same Authentication Phrase Encryption Phrase and Group Port number The values are hidden to the user Create a local outlet group 1 From the Device Manager tab select Information from the Outlet Groups left navigation menu 2 Make sure outlet groups are enabled See Enable outlet groups 3 Click Create Local Outlet Group 4 Under Select Local Outlets select each outlet that will be in the group and assign the group a name in the Outlet Group Name field You must select at least two outlets Create multiple global outlet groups To set up multiple global outlet groups that link to outlet groups on other Rack PDUs 1 From the Device Manager tab select Information from the Outlet Groups left navigation menu 2 Make sure outlet groups are enabled and that the Multicast parameters name and IP address are the same for all Rack PDUs to be linked See Enable outlet groups 3 Click Create Global Outlet Groups 4 For each global outlet group you create select an outlet by clicking on its checkbox Then click Apply For example select five outlets to create five outlet groups each consisting of one global outlet
89. e of the date and time by the NTP Server oF choke Daylight saving Path Administration gt General gt Date amp Time gt daylight saving Enable traditional United States Daylight Saving Time DST or enable and configure a customized daylight saving time to match how Daylight Saving Time is implemented in your local area DST is disabled by default When customizing Daylight Saving Time DST e If the local DST always starts or ends on the fourth occurrence of a specific weekday of a month e g the fourth Sunday choose Fourth Last If a fifth Sunday occurs in that month in a subsequent year the time setting still changes on the fourth Sunday e If the local DST always starts or ends on the last occurrence of a specific weekday of a month whether it is the fourth or the fifth occurrence choose Fifth Last Format Path Administration gt General gt Date amp Time gt date format Select the numerical format in which to display all dates in this user interface In the selections each letter m for month d for day and y for year represents one digit Single digit days and months are displayed with a leading zero oF choke Use an ini File Path Administration gt General gt User Config File Use the settings from one Rack PDU to configure another Retrieve the config ini file from the configured Rack PDU customize that file e g to change the IP address and upload the customized file to the n
90. e was created To confirm that the server certificate is signed by a trusted signing authority the browser compares the signature of the server certificate with the signature in the root certificate cached in the browser An expiration date confirms whether the server certificate is current Method 2 has the following advantages and disadvantages e Advantages Before they are transmitted the user name and password and all data to and from the Rack PDU are encrypted You choose the length of the public key RSA key that is used for encryption when setting up an SSL session use 1024 bits which is the default setting or use 2048 bits to provide complex encryption and a high level of security The server certificate that you upload to the Rack PDU enables SSL to authenticate that data are being received from and sent to the correct Rack PDU oF choke This provides an extra level of security beyond the encryption of the user name password and transmitted data The root certificate that you install to the browser enables the browser to authenticate the server certificate of the Rack PDU to provide additional protection from unauthorized access Disadvantage Because the certificates do not have the digital signature of a commercial Certificate Authority you must load a root certificate individually into the certificate store cache of each user s browser Browser manufacturers already provide root certific
91. eate a Certificate Signing Request CSR The CSR contains all the information for a server certificate except the digital signature This process creates two output files The file with the p15 suffix contains the private key of the Rack PDU The file with the csr suffix contains the certificate signing request which you send to an external Certificate Authority When you receive the signed certificate from the Certificate Authority import that certificate Importing the certificate combines the p15 file containing the private key and the file containing the signed certificate from the external Certificate Authority The output file is a new encrypted server certificate file with a p15 suffix Load the server certificate onto the Rack PDU For each Rack PDU that requires a server certificate repeat the tasks that create and load the server certificate The procedure Create the Certificate Signing Request CSR 1 If the Rack PDU Security Wizard is not already installed on your computer obtain and run the installation program Rack PDU Security Wizard exe 2 On the Windows Start menu select Programs then Rack PDU Security Wizard 3 On the screen labeled Step 1 select Certificate Request as the type of file to create and then select the length of the key to generate use 1024 bits which is the default setting or use 2048 bits to provide complex encryption and a high level of security oF choke 4 Enter a name f
92. ecurity Network Event Actions by event by group E mail server recipients test SNMP Traps trap receivers test Link 1 Link 2 Link 3 Administration Notification General No Alarms Event Actions for Individual Events To list all events in a main category by severity level click the main category name To list all events in a sub category by severity level click the sub category name Device System Communications Mass Configuration Device Security Phase Load Outlet Load Outlet Control Sensor Managed Rack PDU DOLL Event Actions Path Administration gt Notification gt Event Actions gt options Types of notification You can configure event actions to occur in response to an event or group of events These actions notify users of the event in any of several ways Active automatic notification The specified users or monitoring devices are contacted directly E mail notification SNMP traps Syslog notification Indirect notification Event log If no direct notification is configured users must check the log to determine which events have occurred You can also log system performance data to use for device monitoring See Data log for information on how to configure and use this data Queries SNMP GETs logging option For more information see SNMP SNMP enables an NMS to perform informational queries For SNMPv1 which does not encrypt data before transmission
93. ed or the URL was not correct Internet Explorer Firefox oF choke URL format examples e Fora DNS name of Web1 http Web1 if HTTP is your access mode https Web1 if HTTPS is your access mode e Fora System IP address of 139 225 6 133 and the default Web server port 80 http 139 225 6 133 if HTTP is your access mode https 139 225 6 133 if HTTPS HTTP with SSL is your access mode e Fora System IP address of 139 225 6 133 and a non default Web server port 5000 http 139 225 6 133 5000 if HTTP is your access mode https 139 225 6 133 5000 if HTTPS HTTP with SSL is your access mode e Fora System IPv6 address of 2001 db8 1 2c0 b7ff fe00 1100 and a non default Web server port 5000 http 2001 db8 1 2c0 b7 e00 1100 5000 if HTTP is your access mode oF choke Web Interface Features Read the following to familiarize yourself with basic Web interface features for your Rack PDU Tabs The following tabs are available Home Appears when you log on View active alarms the load status of the Rack PDU and the most recent Rack PDU events For more information see About the Home Tab Device Manager View the load status configure load thresholds and view and manage peak load measurements for all connected devices phases and outlets as applicable Manage and control outlets For more information see About the Device Manager Tab Environment View temperature
94. eit or Celsius in which to display all temperature measurements in this user interface oF choke oF choke Reset the Rack PDU Path Administration gt General gt Reset Reboot Action Definition Reboot Restarts the interface of the Rack PDU Management Interface Reset All Clear the Exclude TCP IP checkbox to reset all configuration values mark the Exclude TCP IP checkbox to reset all values except TCP IP Reset Only TCP IP settings Set TCP IP Configuration to DHCP amp BOOTP its default setting requiring that the Rack PDU receive its TCP IP settings from a DHCP or BOOTP server See TCP IP and Communication Settings Event configuration Reset all changes to event configuration by event and by group to their default settings RPDU to Defaults Resets only Rack PDU settings not network settings to their defaults 1 Resetting may take up to a minute Configure Links Path Administration gt General gt Quick Links Select the Administration tab General on the top menu bar and Quick Links on the left navigation menu to view and change the URL links displayed at the bottom left of each page of the interface By default these links access the following Web pages e Link 1 dell com e Link 2 dell com home e Link 3 dell com business To reconfigure any of the following click the link name in the Display column e Display The short link name displayed on each in
95. elect Add or Replace Host Key and browse to the host key the p15 file you created in the procedure Create the host key The default location is C Program Files Dell Rack PDU Security Wizard 3 At the bottom of the User Host Key page note the SSH fingerprint Log on to the Rack PDU through your SSH client program and verify that the correct host key was uploaded by verifying that these fingerprints match the fingerprints that the client program displays Alternatively you can use FTP or Secure CoPy SCP to transfer the host key Q file to the Rack PDU For SCP the following command would transfer a host key named hostkey p15 to a Rack PDU with an IP address of 156 205 6 185 scp hostkey p15 del1 156 205 6 185 oF choke oF choke Command Line Interface Access and Security Users with Administrator or Device User accounts can access the command line interface through Telnet or Secure Shell SSH depending on which is enabled An Administrator can enable these access methods by selecting the Administration tab then Network on the top menu bar and access under the Console heading on the left navigation menu By default Telnet is enabled Enabling SSH automatically disables Telnet Telnet for basic access Telnet provides the basic security of authentication by user name and password but not the high security benefits of encryption SSH for high security access If you use the high security of SSL for the Web interface use Secure S
96. er symbol in the upper right corner to toggle between Fahrenheit and Celsius To configure temperature and humidity sensors 1 Enter values for minimum maximum high and low thresholds 2 Enter Hysteresis values See Hysteresis for details 3 Enable alarm generation as desired 4 Click Apply oF choke Hysteresis This value specifies how far past a threshold the temperature or humidity must return to clear a threshold violation e For Maximum and High temperature threshold violations the clearing point is the threshold minus the hysteresis e For Minimum and Low humidity threshold violations the clearing point is the threshold plus the hysteresis Increase the value for Temperature Hysteresis or Humidity Hysteresis to avoid multiple alarms if temperature or humidity that has caused a violation then wavers slightly up and down If the hysteresis value is too low such wavering can cause and clear a threshold violation repeatedly Example of rising but wavering temperature The maximum temperature threshold is 85 F and the temperature hysteresis is 3 F The temperature rises above 85 F violating the threshold It then wavers down to 84 F and then up to 86 F repeatedly but no clearing event and no new violation occur For the existing violation to clear the temperature would have to drop to 82 F 3 F below the threshold Example of falling but wavering humidity The minimum humidity threshold is 18 and the humidi
97. ertificates in Appendix B Security Handbook to choose among the several methods for using digital certificates HTTP Port The TCP IP port 80 by default used to communicate by HTTP with the Rack PDU HTTPS Port The TCP IP port 443 by default used to communicate by HTTPS with the Rack PDU For either of these ports you can change the port setting to any unused port from 5000 to 32768 for additional security Users must then use a colon in the address field of the browser to specify the port number For example for a port number of 5000 and an IP address of 152 214 12 114 http 152 214 12 124 5000 https 152 214 12 114 5000 oF choke Option Description ssl Add replace or remove a security certificate certificate Status e Not installed A certificate is not installed or was installed by FTP or SCP to an incorrect location Using Add or Replace Certificate File installs the certificate to the correct location ssl on the Rack PDU e Generating The Rack PDU is generating a certificate because no valid certificate was found e Loading A certificate is being activated on the Rack PDU e Valid certificate A valid certificate was installed or was generated by the Rack PDU Click on this link to view the contents of the certificate If you install an invalid certificate or if no certificate is loaded when you enable SSL the Rack PDU generates a default certificate a process which delays acc
98. erver certificate Load the server certificate onto the Rack PDU For each Rack PDU that requires a server certificate repeat the tasks that create and load the server certificate oF choke The procedure Create the CA root certificate 1 If the Rack PDU Security Wizard is not already installed on your computer obtain and run the installation program Rack PDU Security Wizard exe On the Windows Start menu select Programs then Rack PDU Security Wizard On the screen labeled Step 1 select CA Root Certificate as the type of file to create and then select the length of the key to generate use 1024 bits which is the default setting or use 2048 bits to provide complex encryption and a high level of security Enter a name for this file which will contain the Certificate Authority s public root certificate and private key The file must have a p15 suffix and by default will be created in the installation folder C Program Files Dell Rack PDU Security Wizard On the screen labeled Step 2 provide the information to configure the CA root certificate The Country and Common Name fields are the only required fields For the Common Name field enter an identifying name of your company or agency Use only alphanumeric characters with no spaces and time but you can edit the Validity Period Start and Validity Period OQ By default a CA root certificate is valid for 10 years from the current date End fields
99. es The maximum number of times the upload will be attempted after an initial failure Until Upload Succeeds Attempt to upload the file until the transfer is completed To resize the data log Logs gt Data gt size By default the data log stores 1000 records You can change the number of records the log stores When you resize the data log all existing log entries are deleted To avoid losing records use FTP or SCP to retrieve the log before you enter a new value in the Data Log Size field See How to use FTP or SCP to retrieve log files When the log is full the older entries are deleted How to use FTP or SCP to retrieve log files An Administrator or Device User can use FTP or SCP to retrieve a tab delineated event log file event txt or data log file data txt and import it into a spreadsheet The file reports all events or data recorded since the log was last deleted or for the data log truncated because it reached maximum size e The file includes information that the event log or data log does not display The version of the file format first field The date and time the file was retrieved The Name Contact and Location values and IP address of the Rack PDU The unique Event Code for each recorded event event txt file only oF choke select a four digit date format in your spreadsheet application to display O The Rack PDU uses a four digit year for log entries You may need to
100. ess to the interface for up to one minute You can use the default certificate for basic encryption based security but a security alert message displays whenever you log on Add or Replace Certificate File Enter or browse to the certificate file created with the Security Wizard See Creating and Installing Digital Certificates in Appendix B Security Handbook to choose a method for using digital certificates created by the Security Wizard or generated by the Rack PDU Remove Delete the current certificate oF choke Console Path Administration gt Network gt Console gt options Option Description access Choose one of the following for access by Telnet or Secure Shell SSH e Disable Disables all access to the command line interface Enable Telnet the default Telnet transmits user names passwords and data without encryption e Enable SSH SSH transmits user names passwords and data in encrypted form providing protection from attempts to intercept forge or alter data during transmission Configure the ports to be used by these protocols Telnet Port The Telnet port used to communicate with the Rack PDU 23 by default You can change the port setting to any unused port from 5000 to 32768 for additional security Users must then use a colon or a space as required by your Telnet client program to specify the non default port For example for port 5000 and an IP address of
101. ew Rack PDU The file name can be up to 64 characters and must have the ini suffix Status Reports the progress of the upload The upload succeeds even if the file contains errors but a system event reports the errors in the event log Upload Browse to the customized file and upload it so that the current Rack PDU can use it to set its own configuration To retrieve and customize the file of a configured Rack PDU see How to Export Configuration Settings Instead of uploading the file to one Rack PDU you can export the file to multiple Rack PDUs by using an FTP or SCP script Event Log and Temperature Units Path Administration gt General gt Preferences Color code event log text This option is disabled by default Mark the Event Log Color Coding checkbox to enable color coding of alarm text recorded in the event log System event entries and configuration change entries do not change color Text Color Alarm Severity Red Critical A critical alarm exists which requires immediate action Orange Warning An alarm condition requires attention and could jeopardize your data or equipment if its cause is not addressed Green Alarm Cleared The conditions that caused the alarm have improved Black Normal No alarms are present The Rack PDU and all connected devices are operating normally Change the default temperature scale Select the temperature scale Fahrenh
102. f you install an invalid host key or if you enable SSH with no host key installed the Rack PDU generates an RSA host key of 2048 bits For the Rack PDU to create a host key it must reboot The Rack PDU can take up to 1 minute to create this host key and SSH is not accessible during that time prompt on Windows operating systems you can use FTP or Secure Alternatively from a command line interface such as the command CoPy SCP to transfer the host key file oF choke 4 Display the fingerprint of the SSH host key for SSH version 2 Most SSH clients display the fingerprint at the start of a session Compare the fingerprint displayed by the client to the fingerprint that you recorded from the Web interface or command line interface of the Rack PDU Web Interface Access and Security HTTP and HTTPS with SSL HyperText Transfer Protocol HTTP provides access by user name and password but does not encrypt user names passwords and data during transmission HyperText Transfer Protocol over Secure Sockets Layer HTTPS encrypts user names passwords and data during transmission and provides authentication of the Rack PDU by means of digital certificates See Creating and Installing Digital Certificates to choose among the several methods for using digital certificates To configure HTTP and HTTPS 1 On the Administration tab select Network on the top menu bar and access under Web on the left navigation menu 2 Enable either HTT
103. f your own company or agency has probably already loaded its CA certificate to the browser store of each user s browser Therefore you do not have to upload a root certificate to the browser of each user who needs access to the Rack PDU You choose the length of the public key RSA key that is used for setting up an SSL session use 1024 bits which is the default setting or use 2048 bits to provide complex encryption and a high level of security The server certificate that you upload to the Rack PDU enables SSL to authenticate that data are being received from and sent to the correct Rack PDU This provides an extra level of security beyond the encryption of the user name password and transmitted data The browser matches the digital signature on the server certificate that you uploaded to the Rack PDU with the signature on the CA root certificate that is already in the browser s certificate cache to provide additional protection from unauthorized access e Disadvantages Setup requires the extra step of requesting a signed root certificate from a Certificate Authority An external Certificate Authority may charge a fee for providing signed certificates Firewalls Although some methods of authentication provide a higher level of security than others complete protection from security breaches is almost impossible to achieve Well configured firewalls are an essential element in an overall security scheme o
104. figured on the Rack PDUs regardless of whether they are synchronized with outlet groups on the current Rack PDU Outlet Settings for Outlets and Outlet Groups Initiate a control action If you apply an outlet control action to outlets or outlet groups the Q following delays are used for the action e For an individual outlet not in an outlet group the action uses the delay periods and reboot duration configured for that outlet For a global outlet group the action uses the delay periods and reboot duration configured for the global outlet e For a local outlet group the action uses the delay periods configured for the lowest numbered outlet in the group To control the outlets on your Rack PDU 1 From the Device Manager tab select Control from the left navigation menu 2 Mark the checkboxes for each individual outlet or outlet group to control or select the All Outlets checkbox 3 Select a Control Action from the list and click Next gt gt On the confirmation page that explains the action choose to apply or cancel it oF choke oF choke Control actions you can select Option Description No Action Web interface only Do nothing On Immediate Apply power to the selected outlets On Delayed Apply power to each selected outlet according to its value for Power On Delay t Off Immediate Remove power from the selected outlets Off Delayed Remove power from each selecte
105. file RPDUAdmin corresponds to Service Type Administrative User 6 RPDUDevice corresponds to Service Type Login User 1 RPDUReadOn1y corresponds to Service Type null RPDUAdmin Auth Type Local Password admin Service Type Administrative User RPDUDevice Auth Type Local Password device Service Type Login User RPDUReadOnly Auth Type Local Password readonly oF choke Examples using Vendor Specific Attributes Vendor Specific Attributes VSAs can be used instead of the Service Type attributes provided by your RADIUS server This method requires a dictionary entry and a RADIUS users file In the dictionary file you can define the names for the ATTRIBUTE and VALUE keywords but not the numeric values If you change the numeric values RADIUS authentication and authorization will not work correctly VSAs take precedence over standard RADIUS attributes Dictionary file Following is an example of a RADIUS dictionary file dictionary dell dictionary dell VENDOR DELL 318 Attributes ATTRIBUTE DELL Service Type 1 integer DELL ATTRIBUTE DELL Outlets 2 string DELL VALUE DELL Service Type Admin 1 VALUE DELL Service Type Device 2 VALUE DELL Service Type ReadOnly 3 For devices with outlet users only VALUE DELL Service Type Outlet 4 oF choke RADIUS Users file with VSAs Following is an example of a RADIUS users file with VSAs VSAAdmin Auth Type Local Passw
106. following example uses FTP a From the folder containing the copy of the customized ini file use FTP to log in to the Rack PDU to which you are exporting the ini file ftp gt open ip address b Export the copy of the customized ini file to the root directory of the receiving Rack PDU ftp gt put filename ini Exporting the file to multiple Rack PDUs To export the ini file to multiple Rack PDUs use FTP or SCP but write a script that incorporates and repeats the steps used for exporting the file to a single Rack PDU oF choke The Upload Event and Error Messages The event and its error messages The following event occurs when the receiving Rack PDU completes using the ini file to update its settings Configuration file upload complete with number valid values If a Keyword section name or value is invalid the upload by the receiving Rack PDU succeeds and additional event text states the error Event text Description Configuration file warning Invalid keyword on line number Configuration file warning Invalid value on line number A line with an invalid keyword or value is ignored Configuration file warning Invalid section on line number If a section name is invalid all kKeyword value pairs in that section are ignored Configuration file warning Keyword found outside of a section on line number A keyword entered at the beginning of the file i e before any section headings
107. g 222 Firmware benefits of upgrading 180 file transfer methods FTPor SCP 182 XMODEM 184 upgrading multiple Rack PDUs 184 Firmware versions displayed on main screen 19 Follower outlet groups 98 From Address SMTP setting 141 FTP disabling FTP if you use SSH and SCP 200 for transferring host keys 221 213 222 server settings 166 transferring firmware files 182 using a non standard port for extra security 197 127 Function button 12 G Global outlet groups 98 creating 104 verifying setup and configuration 107 Global outlets 98 H Home tab 91 Host keys adding or replacing 160 creating with the Security Wizard 217 status 160 transferring to the Rack PDU 221 Host name of trap receivers 143 Humidity sensor configuring thresholds 118 Hysteresis 119 Identification Name Location and Contact in Web interface 167 Identification fields on main screen 19 Inactivity timeout 135 ini files See User configuration files Initiator outlet groups 98 J JavaScript required to launch log in new window 122 K Keywords in user configuration file 174 L Last Transfer Result codes 185 Launch Log in New Window JavaScript requirement 122 LED display front panel 11 Link as an outlet setting 110 Links configuration 173 Links quick 90 Load status 95 Load thresholds 96 Local outlet groups 98 creating 103 Local SMTP Server defining by IP address or DNS name 141 recommended option for routing e mail
108. g fixes and performance improvements e New features become available for immediate use Keeping the firmware versions consistent across your network ensures that all Rack PDUs support the same features in the same manner oF choke Firmware files A firmware version consists of three modules An Operating System AOS module an application module and a boot monitor bootmon module Each module contains one or more Cyclical Redundancy Checks CRCs to protect its data from corruption during transfer The Operating System AOS application and boot monitor module files used with the Rack PDU share the same basic format dell hardware version type firmware version bin de11 Indicates that this is a Dell file hardware version hw0x identifies the version of the hardware on which you can use this binary file type Identifies whether the file is the Operating System AOS module the application module or the boot monitor module for the Rack PDU version The version number of the file bin Indicates that this is a binary file See About the Rack PDU to check the version number of each firmware module on a Rack PDU oF choke Firmware File Transfer Methods To upgrade the firmware of a Rack PDU use one of these methods e From a networked computer on any supported operating system use FTP or SCP to transfer the individual AOS and application firmware modules e For a Rack PDU that is not on your network use XMODEM
109. g tasks e Disable the event leaving all its details configured so that it can be re enabled later A disabled event will not occur An event is enabled by default when you create it e Enable the event if it was previously set to Disable e Delete the event removing the event completely from the system A deleted event cannot be retrieved 4 When you finish making changes on this page click Apply to confirm the changes or Cancel oF choke Outlet Manager Menu Create and configure outlet user accounts Individual outlets can be assigned a user with an Outlet User account An Outlet User account allows control only to the outlets assigned The configuration of outlets is allowed to those with Administrator rights The Device Manager has limited outlet configuration rights Configure an outlet user 1 At the Web interface select the Device Manager tab and then Outlet Manager from the left navigational menu 2 Click the Add New User button 3 Type in the information for the following options and click Apply to confirm the changes Option Description User Name Set the outlet user name New User is reserved and is not allowed NOTE A user name in orange indicates the user account has been disabled Password Set the outlet user password User Description Set identification description of outlet user Account Status Enable disable or delete outlet user s account Device outlet Select the outlets the user
110. gure the user name password and inactivity timeout for the Administrator Device User and Read Only User account types For information on the permissions granted to each account type see Types of user accounts Option Argument Description an lt admin name gt Set the case sensitive user name for each account dn lt device name gt type The maximum length is 10 characters rn lt read only name gt ap lt admin password gt Set the case sensitive password for each account dp lt device password gt type The maximum length is 32 characters Blank rp lt read only password gt passwords passwords with no characters are not allowed t lt minutes gt Configure the time 3 minutes by default that the system waits before logging off an inactive user Example 1 To change the Administrator user name to XYZ type user an XYZ Example 2 To change the log off time to 10 minutes type user t 10 oF choke web Access Administrator only Description Enable access to the Web interface using HTTP or HTTPS For additional security you can change the port setting for HTTP and HTTPS to any unused port from 5000 to 32768 Users must then use a colon in the address field of the browser to specify the port number For example for a port number of 5000 and an IP address of 152 214 12 114 type http 152 214 12 114 5000 Option Argument Definition S disable http Conf
111. hOverLoad Access Administrator Device User Description Set or view the phase overload threshold in kilowatts To specify phases choose from the following options Type a11 a single phase a range or a comma separated list of phases Example 1 To set the overload threshold for all phases to 13 kW type cli gt phOverLoad all 13 E000 Success Example 2 To view the overload threshold for phases 1 through 3 type cli gt phOverLoad 1 3 E000 Success 1 13 A 2 13 A 3 13 A oF choke phReading Access Administrator Device User Description View the current voltage or power for a phase Set or view the phase near overload threshold in kilowatts To specify phases choose from the following options Type a11 a single phase a range or a comma separated list of phases Example 1 To view the measurement for current for phase 3 type cli gt phReading 3 current E000 Success 3 4A Example 2 To view the voltage for each phase type cli gt phReading all voltage E000 Success 1 120 V 2 120 V 3 120 V Example 3 To view the power for phase 2 type cli gt phReading 2 power E000 Success 2 40 W oF choke phRestrictn Access Administrator Description Set or view the overload restriction feature to prevent outlets from turning on when the overload alarm threshold is violated Acceptable arguments are none near and over To specify phases choose from the following options Type a11
112. hell SSH for access to the command line interface SSH encrypts user names passwords and transmitted data The interface user accounts and user access rights are the same whether you access the command line interface through SSH or Telnet but to use SSH you must first configure SSH and have an SSH client program installed on your computer Flake Telnet and Secure Shell SSH While SSH is enabled you cannot use Telnet to access the command line interface Enabling SSH enables SCP automatically When SSH is enabled and its port is configured no further configuration is required to use Secure CoPy SCP SCP uses the same configuration as SSH UNIX platforms include an SSH client but Microsoft Windows operating To use SSH you must have an SSH client installed Most Linux and other systems do not SSH clients are available from various vendors To configure the options for Telnet and Secure Shell SSH 1 On the Administration tab of the Web interface select Network on the top menu bar and select access under the Console heading on the left navigation menu 2 Configure the port settings for Telnet and SSH For information on the extra security a non standard port provides see Port assignments 3 Under Console on the left navigation menu select ssh host key specify a host key file previously created with the Rack PDU Security Wizard and load it to the Rack PDU If you do not specify a host key file here i
113. iew the data recorded immediately before or after the data that is listed on the open page Click lt lt to return to the first page of the log or click gt gt to view the last page of the log e To see the listed data on one page click Launch Log in New Window from the data log page to display a full screen view of the log In your browser s options JavaScript must be enabled for you to use the Launch Log in New Window button Alternatively you can use FTP or SCP to view the data log See How to use FTP or SCP to retrieve log files To filter the log by date or time Logs gt Data gt log To display the entire data log or to change the number of days or weeks for which the log displays the most recent events select Last Select a time range from the drop down menu then click Apply The filter configuration is saved until the device restarts oF choke To display data logged during a specific time range select From Specify the beginning and ending times using the 24 hour clock format and dates for which to display data then click Apply The filter configuration is saved until the device restarts To delete the data log To delete all data recorded in the log click Clear Data Log on the Web page that displays the log Deleted data cannot be retrieved To set the data collection interval Logs gt Data gt interval Define in the Log Interval setting how frequently data is sampled and stored in the data
114. igure access to the Web interface When HTTPS is https enabled data is encrypted during transmission and authenticated by digital certificate ph lt http port gt Define the TCP IP port used by HTTP to communicate with the Rack PDU 80 by default ps lt https port gt Define the TCP IP port used by HTTPS to communicate with the Rack PDU 443 by default Example To prevent all access to the Web interface type web S disable xferINI Access Administrator only Description Use XMODEM to upload an INI file while you are accessing the command line interface through a serial connection After the upload completes e If there are any system or network changes the command line interface restarts and you must log in again e If you selected a baud rate for the file transfer that is not the same as the default baud rate for the Rack PDU you must reset the baud rate to the default to reestablish communication with the Rack PDU xferStatus Access Administrator only Description View the result of the last file transfer See Verifying Upgrades and Updates for descriptions of the transfer result codes oF choke Device Command Descriptions devLowLoad Access Administrator Device User Description Set or view the low load threshold in Kilowatts for the device Example 1 To view the low load threshold type cli gt devLowLoad E000 Success 0 5 kW Example 2 To set the low load threshold to
115. ionary files the following two methods can be used to authenticate users e If all UNIX users have administrative privileges add the following to the RADIUS user file To allow only Device Users change the DELL Service Type to Device DEFAULT Auth Type System DELL Service Type Admin Add user names and attributes to the RADIUS user file and verify the password against etc passwd The following example is for users bconners and thawk bconners Auth Type System DELL Service Type Admin thawk Auth Type System DELL Service Type Device Supported RADIUS servers FreeRADIUS and Microsoft IAS 2003 are supported Other commonly available RADIUS applications may work but have not been fully tested Inactivity Timeout Path Administration gt Security gt Auto Log Off Use this option to configure the time 3 minutes by default that the system waits before logging off an inactive user If you change this value you must log off for the change to take effect This timer continues to run if a user closes the browser window without first Q logging off by clicking Log Off at the upper right Because that user is still considered to be logged on no user can log on until the time specified as Minutes of Inactivity expires For example with the default value for Minutes of Inactivity if a user closes the browser window without logging off no user can log on for 3 minutes oF choke Administration Notification S
116. it from view Text at the upper right corner of the event log page indicates that a filter is active As Administrator click Save As Default to save this filter as the default log view for all users If you do not click Save As Default the filter is active until you clear it or until the Rack PDU restarts To remove an active filter click Filter Log then Clear Filter Show All e Events that you do not select from the Filter By Severity list never display in the filtered event log even if the event occurs in a category you selected from the Filter by Category list Events that you do not select from the Filter by Category list never display in the filtered event log even if devices in the category enter an alarm state you selected from the Filter by Severity list Q Events are processed through the filter using OR logic To delete the log Logs gt Events gt log To delete all events recorded in the log click Clear Log on the Web page that displays the log Deleted events cannot be retrieved To disable the logging of events based on their assigned severity level or their event category see Configuring by event oF choke To configure reverse lookup Logs gt Events gt reverse lookup Reverse lookup is disabled by default Enable this feature unless you have no DNS server configured or have poor network performance because of heavy network traffic With reverse lookup enabled when a network related event occur
117. its for a response from the RADIUS server Test Settings Enter the Administrator user name and password to test the RADIUS server path that you have configured Skip Test and Apply Do not test the RADIUS server path If two configured servers are listed and RADIUS then Local Authentication or RADIUS Only is the enabled authentication method you can change which RADIUS server will authenticate users by clicking the Switch Server Priority button oF choke oF choke Configure the RADIUS Server You must configure your RADIUS server to work with the Rack PDU The examples in this section may differ somewhat from the required content or format of your specific RADIUS server In the examples any reference to outlets applies only to Rack PDU devices that support outlet users 1 Add the IP address of the Rack PDU to the RADIUS server client list file 2 Users must be configured with Service Type attributes unless Vendor Specific Attributes VSAs are defined instead If no Service Type attribute is configured the user has read only access to the Web interface only The two acceptable values for Service Type are Administrative User 6 which gives the user Administrator permissions and Login User 1 which gives the user Device permissions See your RADIUS server documentation for information about the RADIUS users file Example using Service Type Attributes In the following example of a RADIUS users
118. k for the MAC address on the bottom of the Rack PDU or on the Quality Assurance slip included in the package When the Rack PDU reboots the BOOTP server provides it with the TCP IP settings e If you specified a bootup file name the Rack PDU attempts to transfer that file from the BOOTP server using TFTP or FTP The Rack PDU assumes all settings specified in the bootup file e If you did not specify a bootup file name you can configure the other settings of the Rack PDU remotely through its Web Interface or Command Line Interface To create a bootup file see your BOOTP server documentation DHCP You can use an RFC2131 RFC2132 compliant DHCP server to configure the TCP IP settings for the Rack PDU This section summarizes the Rack PDU s communication with a DHCP server For more detail about how a DHCP server can configure the network settings for a Rack PDU see DHCP response options 1 The Rack PDU sends out a DHCP request that uses the following to identify itself e A Vendor Class Identifier e A Client Identifier by default the MAC address of the Rack PDU e A User Class Identifier by default the identification of the application firmware installed on the Rack PDU 2 A properly configured DHCP server responds with a DHCP offer that includes all the settings that the Rack PDU needs for network communication The DHCP offer also includes the Vendor Specific Information option DHCP option 43 The Rack PDU can be
119. k PDU is not receiving input power e The Rack PDU is not operating properly It may need to be repaired or replaced Solid Green The Rack PDU has valid TCP IP settings Flashing Green The Rack PDU does not have valid TCP IP settings Solid Orange A hardware failure has been detected in the Rack PDU Flashing Orange The Rack PDU is making BOOTP requests Flashing Orange and Green alternating If the LED is flashing slowly the Rack PDU is making DHCP requests If the LED is flashing rapidly the Rack PDU is starting up 1 If you do not use a BOOTP or DHCP server see Establishing Network Settings to configure the TCP IP settings of the Rack PDU 2 To use a DHCP server see TCP IP and Communication Settings 10 100 LED Condition Description Off One or more of the following situations exists e The Rack PDU is not receiving input power e The cable that connects the Rack PDU to the network is disconnected or defective e The device that connects the Rack PDU to the network is turned off e The Rack PDU itself is not operating properly It may need to be repaired or replaced Solid green The Rack PDU is connected to a network operating at 10 Megabits per second Mbps Solid orange The Rack PDU is connected to a network operating at 100 Mbps Flashing Green The Rack PDU is receiving or transmitting data packets at 10 Mbps Flashing Orange
120. l entry unchanged for a user profile all NMSs that use that profile have access to this device e If you configure multiple access entries for one user profile the limit of four entries requires that one or more of the other user profiles must have no access control entry If no access control entry is listed for a user profile no NMS that uses that profile has any access to this device To edit the access control settings for a user profile click its user name Access Mark the Enable checkbox to activate the access control specified by the parameters in this access control entry User Name From the drop down list select the user profile to which this access control entry will apply The choices available are the four user names that you configure through the user profiles option on the left navigation menu NMS IP Host Name The IP address IP address mask or host name that controls access by the NMS A host name or a specific IP address such as 149 225 12 1 allows access only by the NMS at that location An IP address mask that contains 255 restricts access as follows e 149 225 12 255 Access only by an NMS on the 149 225 12 segment e 149 225 255 255 Access only by an NMS on the 149 225 segment e 149 255 255 255 Access only by an NMS on the 149 segment e 0 0 0 0 the default setting which can also be expressed as 255 255 255 255 Access by any NMS on any segment oF choke FTP Server Path Administration gt
121. lag and O Other Stateful Configuration Flag bits for the following cases e Neither is set Indicates the local network has no DHCPv 6 infrastructure The NMC uses router advertisements and manual configuration to get addresses that are not link local and other settings M or M and O are Set In this situation full DHCPv6 address configuration occurs DHCPv6 is used to obtain addresses AND other configuration settings This is known as DHCPV6 stateful Once the M flag has been received the DHCP v6 address configuration stays in effect until the interface in question has been closed This is true even if subsequent router advertisement packets are received in which the M flag is not set If an O flag is received first then an M flag is received subsequently the NMC performs full address configuration upon receipt of the M flag e Only O is set In this situation the NMC sends a DHCPv6 Info Request packet DHCPv 6 will be used to configure other settings such as location of DNS servers but NOT to provide addresses This is known as DHCPV6 stateless Address and Other Information With this radio button selected DHCPV6 is used to obtain addresses AND other configuration settings This is known as DHCPv6 stateful Non Address Information Only With this radio button selected DHCPv6 will be used to configure other settings such as location of DNS servers but NOT to provide addresses This is known as DHCPV6 stateless
122. let Enter values for Name and Link and click the Apply button immediately below the list Enter values for Power On Delay Power Off Delay or Reboot Duration and click the Apply button immediately below the list oF choke Scheduling Outlet Actions Actions you can schedule To configure values for Power On Delay Power Off Delay and Reboot Duration for each outlet see Configure outlet settings and the outlet name Although you must use the Web interface to schedule outlet actions you can set these values in either the Web or command line interfaces For an action to be applied to an outlet group you must have outlet Q groups enabled at the beginning of the scheduled action For example if Off Delayed is scheduled for 4 00 p m the Power Off Delay begins at 4 00 p m Even if you then enable outlet groups during that Power Off Delay before any of the outlets are scheduled to turn off the action will be applied only to the individual outlet and not the outlet group oF choke For any outlets you select you can schedule any of the actions listed in the following table to occur daily at intervals of one two four or eight weeks or only once Option Description No Action Do nothing On Immediate Apply power to the selected outlets On Delayed Apply power to each selected outlet according to its value for Power On Delay t Off Immediate Remove power from the selected outlets
123. lick Apply oF choke Resetting Peak Load and kWh Path Device Manager gt Device Load 1 Click the Device Manager tab then device load from the Load Management menu 2 Click the Peak Load and Kilowatt Hours check boxes as desired 3 Click Apply Configure and Control Outlet Groups Outlet group terminology An outlet group consists of outlets that are logically linked together on the same Rack PDU Outlets that are in an outlet group turn on turn off and reboot in a synchronized manner e A local outlet group consists of two or more outlets on a Rack PDU Only the outlets in that group are synchronized e A global outlet group consists of one or more outlets on a Rack PDU One outlet is configured as a global outlet which logically links the outlet group to outlet groups on up to three other Rack PDUs All outlets in the linked global outlet groups are synchronized For global outlet groups the initiator outlet group is the group that issued the action For global outlet groups a follower outlet group is any other outlet group that is synchronized with the initiator outlet group oF choke When you apply an outlet control action to outlets that are members of an outlet group the outlets are synchronized as follows e For a global outlet group use the delay periods and reboot duration configured for the global outlet of the initiator outlet group For a local outlet group the outlets use the delay periods
124. log and view the calculation of how many days of data the log can store based on the interval you selected When the log is full the older entries are deleted To avoid automatic deletion of older data enable and configure data log rotation described in the next section To configure data log rotation Logs gt Data gt rotation Set up a password protected data log repository on a specified FTP server Enabling rotation causes the contents of the data log to be appended to the file you specify by name and location Updates to this file occur at the upload interval you specify Parameter Description Data Log Rotation Enable or disable the default data log rotation FTP Server Address The location of the FTP server where the data repository file is stored User Name The user name required to send data to the repository file This user must also be configured to have read and write access to the data repository file and the directory folder in which it is stored Password The password required to send data to the repository file File Path The path to the repository file Filename The name of the repository file an ASCII text file oF choke Parameter Description Delay X hours between The number of hours between uploads of data to the file uploads Upload every X minutes The number of minutes between attempts to upload data to the file after an upload failure Up to X tim
125. lowing e section headings and keywords only those supported for the device from which you retrieve the file Section headings are category names enclosed in brackets Keywords under each section heading are labels describing specific Rack PDU settings Each keyword is followed by an equals sign and a value either the default or a configured value e The Override keyword With its default value this keyword prevents the exporting of one or more keywords and their device specific values For example in the NetworkTCP IP section the default value for Override the MAC address of the Rack PDU blocks the exporting of values for the SystemIP SubnetMask DefaultGateway and BootMode Detailed procedures Retrieving To set up and retrieve an ini file to export 1 If possible use the interface of a Rack PDU to configure it with the settings to export Directly editing the ini file risks introducing errors 2 To use FTP to retrieve config ini from the configured Rack PDU a Open a connection to the Rack PDU using its IP address ftp gt open ip address b Log on using the Administrator user name and password c Retrieve the config ini file containing the Rack PDU s settings ftp gt get config ini The file is written to the folder from which you launched FTP oF choke oF choke Customizing You must customize the file before you export it 1 Use a text editor to customize the file Section headings keywords and
126. meter shows the current load status normal near overload or overload Note that if a low load threshold was configured the meter will also include a blue segment to the left of the green Hover over the colors to view the configured load thresholds Load Status Device Load 0 57 kw Phase Ll Load 5 0 4 Normal range is 0 3 to 5 9 kW More Click More to go to the Device Manager tab to configure thresholds and to view and manage peak load information In the device parameters area view the name contact location current rating type of user account accessing the Rack PDU and the amount of time the Rack PDU has been operating since the last reboot from either a power cycle or a reboot of the Management Interface For more information see Reset the Rack PDU In the Recent Device Events area view in reverse chronological order the events that occurred most recently and the dates and times they occurred A maximum of five events are shown at one time Click More Events to go to the Logs tab to view the entire event log oF choke The Alarm Status view Path Home gt Alarm Status The Alarm Status view provides a description of all alarms present For details about a temperature or humidity threshold violation click the Environment tab Device Management Home Device Manager Environment Logs Administration tf No Alarms Load Management device load phase load Status kw BTU outlet load Load 0 58 kw mi
127. methods 194 221 using non standard ports for extra security 197 Security menu RADIUS settings 227 remote users authentication 226 Security Wizard creating certificates to use with a Certificate Authority 214 without a Certificate Authority 210 214 217 oF choke Server certificates creating to use with a Certificate Authority 214 210 Severity Mapping Syslog setting 146 Signing requests creating 214 SMTP server selecting for e mail recipients 142 141 SNMP access and access control SNMPv1 162 163 144 disabling SNMPv1 for high security systems 161 v1 disabling 197 READ access 197 authentication 198 encryption 199 SSH 16 configuring 221 enabling 221 199 fingerprints displaying and comparing 222 host key as identifier that cannot be falsified 199 creating with the Security Wizard 217 transferring to the Rack PDU 221 160 obtaining an SSH client 221 SSL authentication through digital certificates 200 certificate signing requests 201 how to create view or remove certificates 158 Status on control console main screen 20 Synchronize with NTP Server Date amp Time 168 Syslog identifying the Syslog server and port 145 mapping event severity to Syslog priorities 146 System Name 167 System requirements outlet groups 100 T TCP IP configuration 5 8 Telnet 16 Temp humidity sensor port front panel 12 Temperature sensor configuring thresholds 118 Temperature units Fahrenheit or Celsius 171 Test DNS q
128. ministrator or Device User to log on For Administrator admin is the default for User Name and Password For the Device User the defaults are device for User Name and Password 3 Use the get command to transmit the text of a log to your local drive ftp gt get event txt or ftp gt get data txt 4 Type quit at the tp gt prompt to exit from FTP Administration Security Devi Security Network Local Users administrator device read only Remote Users authentication RADIUS Auto Log Off Link 1 Link 2 Link 3 nment Notification General Administrator Administration User Name Current Password New Password Confirm Password Managed Rack PDU tf No Alarms bre Local Users Setting user access Path Administration gt Security gt Local Users gt options The Administrator user account always has access to the Rack PDU The Device User and Read Only User accounts are enabled by default To disable the Device User or Read Only User accounts select the user account from the left navigation menu then clear the Enable checkbox You set the case sensitive user name and password for each account type in the same manner Maximum length is 64 characters for a user name and 64 characters for a password Blank passwords passwords with no characters are not allowed For information on the permissions granted to each account type see Types of user accounts
129. ministratorName user ap yourAdministratorPassword For example to change the Administrator user name to Don Adams type user an Don Adams 8 Type quit or exit to log off reconnect any serial cable you disconnected and restart any service you disabled Rack PDU Front Panel pdu0536a Ba oks O ia is n WARNING 8 A OVERLOAD E act i CONTACT SENSOR gt 3 FUNCTION BERTO aA INVERT DISPLAY PRESS AND HOLD TO Ii Item Function Dry contact inputs Connector for two dry contact devices Phase LEDs Note for single phase Rack PDUs only one LED is present When no alarms are present the LED display shows a phase current and a green Phase LED indicates for which phase The system automatically cycles through each phase displaying the phase current for three seconds If an alarm is present for one phase the applicable Phase LED turns on and stays on while the alarm condition is present The LED will illuminate orange for a Warning alarm or red for a Critical alarm If an alarm is present for more than one phase the system will automatically cycle through each phase with an alarm illuminating the Phase LEDs for three seconds LED display Shows the phase current for the currently illuminated Phase LED oF choke Item Function
130. name of the server when logging on to the Rack PDU The default server certificate has the serial number of the Rack PDU in place of a valid common name the DNS name or the IP address of the Rack PDU Therefore although the Rack PDU can control access to its Web interface by user name password and account type e g Administrator Device Only User or Read Only User the browser cannot authenticate which Rack PDU is sending or receiving data oF choke The length of the public key RSA key that is used for encryption when setting up an SSL session is 2048 bits by default Method 2 Use the Rack PDU Security Wizard to create a CA certificate and a server certificate Use the Rack PDU Security Wizard to create two digital certificates e A CA root certificate Certificate Authority root certificate that the Rack PDU Security Wizard uses to sign all server certificates and which you then install into the certificate store cache of the browser of each user who needs access to the Rack PDU A server certificate that you upload to the Rack PDU When the Rack PDU Security Wizard creates a server certificate it uses the CA root certificate to sign the server certificate The Web browser authenticates the Rack PDU sending or requesting data To identify the Rack PDU the browser uses the common name IP address or DNS name of the Rack PDU that was specified in the server certificate s distinguished name when the certificat
131. nsole use the System menu to set these values Name Test Lab Contact Don Adams Location Building 3 An Up Time field reports how long the Rack PDU has been running since it was last turned on or reset Up Time 0 Days 21 Hours 21 Minutes Two fields identify when you logged in by date and time Date 10 30 2009 Time 5 58 30 A User field identifies whether you logged in through the Administrator or Device user account The Read Only User account cannot access the command line interface User Administrator e A Stat field reports the Rack PDU status Stat P N A P The Dell operating system is functioning properly IPv4 IPv6 IPv4 and Description only only IPv6 N N N4 N6 The network is functioning properly N N6 N4 N6 ABOOTP request cycle is in progress N N6 N4 N6 The Rack PDU failed to connect to the network N N6 N4 N6 Another device is using the Rack PDU IP address The N4 and N6 values can be different from one another you could for example have N4 N6 A The application is functioning properly A The application has a bad checksum A The application is initializing A The application is not compatible with the AOS oF choke If P is not displayed contact Dell support staff oF choke Using the Command Line Interface At the command line interface use commands to configure the Rack PDU To use a command
132. number or a range of numbers separated with a dash or a comma separated list of single outlet numbers and number ranges Example 1 To turn off outlets 3 and 5 through 7 type cli gt olOff 3 5 7 E000 Success oF choke olOffDelay Access Administrator Device User and Outlet User but only for outlets to which the user is assigned Description Set or view the time delay for the Off Delayed command see olDlyOff and for a Reboot Delayed command see o DlyReboot Argument Description all All device outlets lt outlet The name configured for a specific outlet See olName name gt lt outlet gt A single number or a range of numbers separated with a dash or a comma separated list of single outlet numbers and number ranges lt time gt A time for the delay within the range of 1 to 7200 seconds 2 hours Example 1 To set a 9 second delay for turning off outlets 3 and 5 through 7 type cli gt olOffDelay 3 5 7 9 E000 Success Example 2 7 type To view the delay for the Off Delayed command for outlets 3 and 5 through cli gt olOffDelay 3 5 7 E000 Success 3 BobbysServer 9 sec BillysServer 9 sec 5 6 JoesServer 9 sec 7 JacksServer 9 sec olOn Access Administrator Device User and Outlet User but only for outlets to which the user is assigned Description Turn on an outlet or group of outlets without any delay Argument Description
133. od to use for the DNS query by Host the URL name of the server e by FQDN the fully qualified domain name e by IP the IP address of the server e by MX the Mail Exchange used by the server As Query Question identify the value to be used for the selected query type Query Type Selected Query Question to Use by Host The URL by FQDN The fully qualified domain name my_server my_domain by IP The IP address by Mx The Mail Exchange address View the result of the test DNS request in the Last Query Response field oF choke Web Path Administration gt Network gt Web gt options Option Description access To activate changes to any of these selections log off from the Rack PDU e Disable Disables access to the Web interface To re enable access log in to the command line interface then type the command http S enable For HTTPS access type https S enable e Enable HTTP the default Enables Hypertext Transfer Protocol HTTP which provides Web access by user name and password but does not encrypt user names passwords and data during transmission e Enable HTTPS Enables Hypertext Transfer Protocol HTTPS over Secure Sockets Layer SSL SSL encrypts user names passwords and data during transmission and authenticates the Rack PDU by digital certificate When HTTPS is enabled your browser displays a small lock icon See Creating and Installing Digital C
134. okie from the DHCP server in order to accept the lease and start the network services If the Rack PDU finds a DHCP server but the request to that server fails or times out it stops requesting network settings until it is restarted e Require vendor specific cookie to accept DHCP Address By selecting this check box you can require the DHCP server to provide a cookie which supplies information to the Rack PDU 1 The default values for these three settings on the configuration pages generally do not need to be changed Vendor Class DELL Client ID The MAC address of the Rack PDU which uniquely identifies it on the local area network LAN User Class The name of the application firmware module oF choke DHCP response options Each valid DHCP response contains options that provide the TCP IP settings that the Rack PDU needs to operate on a network and other information that affects the operation of the Rack PDU Vendor Specific Information option 43 The Rack PDU uses this option ina DHCP response to determine whether the DHCP response is valid This option contains a specific options in a TAG LEN DATA format the Vendor Cookie This is disabled by default e Vendor Cookie Tag 1 Len 4 Data 1APC Option 43 communicates to the Rack PDU that a DHCP server is configured to service the Dell Rack PDUs Following in hexadecimal format is an example of a Vendor Specific Information option that contains the ven
135. olon and space identifies the event type e The CONTENT field is the event text followed optionally by a space and the event code For example Dell Test Syslog is valid oF choke Administration Network Features Home Manager E ment gs Administration Security Network Notification General No Alarms TE Web Access ipy4 settings ipv6 settings Access O Disable Ping Response Enable HTTP Port Speed Enable HTTPS DNS HTTP Port 80 80 5000 to 32768 configuration HTTPS Port 443 443 5000 to 32768 test Web aih Note Some configuration settings will require a reboot to activate ssl certificate Console access ssh host key SNMP 1 access access control SNMPv3 access user profiles access control FTP server Managed Rack PDU DOLL Link 1 Link 2 Link 3 oF choke TCP IP and Communication Settings TCP IP settings Path Administration gt Network gt TCP IP The TCP IP option on the left navigation menu selected by default when you choose Network on the top menu bar displays the current IPv4 address subnet mask default gateway MAC address and boot mode of the Rack PDU For information on DHCP and DHCP options see RFC2131 and RFC2132 Setting Description Enable Enable or disable IPv4 with this check box Manual Configure IPv4 manually by entering the IP address subnet mask and default gateway 1 The default values for these three settings on
136. on Make sure that you did not change the baud rate Try 2400 9600 19200 or 38400 Cannot access the command line interface remotely e Make sure you are using the correct access method Telnet or Secure Shell SSH An Administrator can enable these access methods By default Telnet is enabled Enabling SSH automatically disables Telnet e For SSH the Rack PDU may be creating a host key The Rack PDU can take up to one minute to create the host key and SSH is inaccessible for that time oF choke Problem Solution Cannot access the Web interface e Verify that HTTP or HTTPS access is enabled e Make sure you are specifying the correct URL one that is consistent with the security system used by the Rack PDU SSL requires https not http at the beginning of the URL e Verify that you can ping the Rack PDU e Verify that you are using a Web browser supported for the Rack PDU See Supported Web Browsers e If the Rack PDU has just restarted and SSL security is being set up the Rack PDU may be generating a server certificate The Rack PDU can take up to one minute to create this certificate and the SSL server is not available during that time Appendix A List of Supported Commands Network Management Card Command Descriptions about alarmcount p all warning critical boot b lt dhcpBootp dhcp bootp manual gt a lt remainDhcpBootp gotoDhcpOrBootp gt
137. on to the Rack PDU The priority for access beginning with the highest priority is as follows e Local access to the command line interface from a computer with a direct serial connection to the Rack PDU e Telnet or Secure Shell SSH access to the command line interface from a remote computer e Web access See SNMP for information about how SNMP access to the Rack PDU is controlled oF choke Types of user accounts The Rack PDU has four levels of access Administrator Device User Read Only User and Outlet User which are protected by user name and password requirements An Administrator can use all of the menus in the Web interface and all of the commands in the command line interface The default user name and password are both admin e A Device User can access only the following In the Web interface the menus on the Device Manager tab the Environment tab and the event and data logs accessible under the Events and Data headings on the left navigation menu of the Logs tab The event and data logs display no button to clear the log In the command line interface the equivalent features and options The default user name and password are both device e A Read Only User has the following restricted access Access through the Web interface only Access to the same tabs and menus as a Device User but without the capability to change configurations control devices delete data or use file transfe
138. onnection Telnet or Secure Shell SSH See About the Command Line Interface e Use an SNMP browser and the Dell Management Information Base MIB to manage your Rack PDU Rack PDUs have these additional features e Peak load and power and energy monitoring for all connected loads e Voltage current and power monitoring for phases e Power monitoring for each outlet Configurable alarm thresholds that provide network and visual alarms to help avoid overloaded circuits Four levels of user access accounts Administrator Device User Read Only User and Outlet User e Independent outlet control Configurable power delays oF choke Up to twenty four independent outlet user accounts Event and data logging The event log is accessible by Telnet Secure CoPy SCP File Transfer Protocol FTP serial connection or Web browser using HTTPS access with SSL or using HTTP access The data log is accessible by Web browser SCP or FTP E mail notifications for Rack PDU and system events SNMP traps Syslog messages and e mail notifications based on the severity level or category of the Rack PDU and system events Security protocols for authentication and encryption that the device is protected from power failure or power surges Q The Rack PDU does not provide power surge protection To ensure connect the Rack PDU to an uninterruptible power supply UPS Access priorities for logging on Only one user at a time can log
139. options user an lt admin name gt ap lt admin password gt In this example the user command accepts the option an which defines the Administrator user name and the option ap which defines the Administrator password To change the Administrator user name and password to XYZ 1 Type the user command one option and the argument XYZ user ap XYZ 2 After the first command succeeds type the user command the second option and the argument XYZ user an XYZ oF choke Example of a command that accepts mutually exclusive arguments for an option alarmcount p all warning critical In this example the option p accepts only three arguments all warning or critical For example to view the number of active critical alarms type alarmcount p critical The command will fail if you type an argument that is not specified Command Response Codes The command response codes enable scripted operations to detect error conditions reliably without having to match error message text The CLI reports all command operations with the following format E 0 9 0 9 0 9 Error Message Code Message Code Message E000 Success E105 Command Prefill E001 Successfully Issued E106 Data not available E002 Reboot required for E107 Serial communication change to take effect with the Rack PDU has been lost E100 Command failed E101 Command not found E102 Parameter error E103 Command line
140. or this file which will contain the private key of the Rack PDU The file must have a p15 suffix and by default will be created in the installation folder C Program Files Dell Rack PDU Security Wizard On the screen labeled Step 2 provide the information to configure the certificate signing request CSR i e the information that you want the signed server certificate to contain The Country and Common Name fields are required Other fields are optional For the Common Name field enter the IP Address or DNS name of the Rack PDU and time but you can edit the Validity Period Start and Validity Period Q By default a server certificate is valid for 10 years from the current date End fields On the next screen review the summary of the certificate Scroll downward to view the unique serial number and fingerprints of the certificate To make any changes to the information you provided click Back Revise the information The certificate s subject information and the certificate s issuer information should be identical The last screen verifies that the certificate signing request was created and displays the location and name of the file which has a csr extension Send the certificate signing request to an external Certificate Authority either a commercial Certificate Authority or if applicable a Certificate Authority managed by your own company or agency See the instructions provided by the Certificate A
141. ord admin DELL Service Type Admin VSADevice Auth Type Local Password device DELL Service Type Device VSAReadOnly Auth Type Local Password readonly DELL Service Type ReadOnly Give user access to device outlets 1 2 and 3 vsAOutlet Auth Type Local Password outlet DELL Service Type Outlet DELL Outlets 1 2 3 See the following related topics e Types of user accounts for information on the three basic user permission levels Administrator Device User and Read Only User e Supported RADIUS servers for information on RADIUS servers tested and supported oF choke Example with UNIX shadow passwords If UNIX shadow password files are used etc passwd with the RADIUS dictionary files the following two methods can be used to authenticate users e If all UNIX users have administrative privileges add the following to the RADIUS user file To allow only Device Users change the Dell Service Type to Device DEFAULT Auth Type System DELL Service Type Admin Add user names and attributes to the RADIUS user file and verify the password against etc passwd The following example is for users bconners and thawk bconners Auth Type System DELL Service Type Admin thawk Auth Type System DELL Service Type Outlet DELL Outlets 1 2 3 Numerics 10 100 base T connector front panel 12 10 100 LED front panel 12 14 A About options for information about the R
142. ork Settings You must configure the following TCP IP settings before the Rack PDU can operate on a network IP address of the Rack PDU e Subnet mask e Default gateway If a default gateway is unavailable use the IP address of a computer that is located on the same subnet as the Rack PDU and that is usually running The Rack PDU uses the default gateway to test the network when traffic is very light address for the Rack PDU It disables the card and requires you to reset TCP IP settings to their defaults using a local serial login f Do not use the loopback address 127 0 0 1 as the default gateway TCP IP configuration methods Use one of the following methods to define the TCP IP settings needed by the Rack PDU BOOTP and DHCP configuration e Command Line Interface oF choke BOOTP and DHCP configuration The default TCP IP configuration setting DHCP assumes that a properly configured DHCP server is available to provide TCP IP settings to Rack PDUs You can also configure the setting for BOOTP A user configuration INI file can function as a BOOTP or DHCP boot file For more information see Use an ini File BOOTP For the Rack PDU to use a BOOTP server to configure its TCP IP settings it must find a properly configured RFC951 compliant BOOTP server In the BOOTPTAB file of the BOOTP server enter the Rack PDU s MAC address IP address subnet mask and default gateway and optionally a bootup file name Loo
143. p 41 42 79 80 81 user 43 81 82 web 44 83 xferIN 45 22 159 8 loggingon 15 main screen 18 remote access 15 23 Community Name for trap receivers 144 Configuring RADIUS authentication 133 SSH 221 222 Contact identification whom to contact 167 D Data log importing into spreadsheet 127 Log Interval setting 126 rotation archiving 126 using FTP or SCP to retrieve 127 Date amp Time settings 168 Date format configuring 169 Daylight saving time 169 Device Manager tab 95 DHCP Rack PDU and DHCP server communication vendor cookie 151 Disable e mail to arecipient 141 reverse lookup 124 Telnet 159 use of a proxy server 85 DNS query types 155 specifying DNS servers by IP address 155 Dry contacts configuring 120 front panel inputs 11 E E mail configuring notification parameters 140 1 test message 142 using for paging 141 Enable e mail forwarding to external SMTP servers 142 141 reverse lookup 124 Telnet 159 versions of SSH 159 Encryption with SNMPv3 199 222 Environment tab 118 Error messages browser 87 from overridden values in ini file 179 Ethernet port speed 154 Event actions 137 configuring by event 138 139 Event log displaying and using 122 errors from overridden values in ini file 179 using FTP or SCP to retrieve 127 event txt file contents 127 importing into spreadsheet 127 oF choke F Facility Code Syslog setting 146 Fingerprints displaying and comparin
144. r fails to respond local authentication is used e RADIUS Only RADIUS is enabled Local authentication is disabled improperly identified or improperly configured remote access is unavailable to all users You must use a serial connection to the command line interface and change the access setting to local or radiusLocal to regain access For example the command to change the access setting to local would be radius a local f If RADIUS Only is selected and the RADIUS server is unavailable oF choke RADIUS Path Administration gt Security gt Remote Users gt RADIUS Use this option to do the following e List the RADIUS servers a maximum of two available to the Rack PDU and the time out period for each e Click a link and configure the parameters for authentication by a new RADIUS server e Click a listed RADIUS server to display and modify its parameters RADIUS Setting Definition RADIUS Server The server name or IP address IPv4 or IPv6 of the RADIUS server Click a link to configure the server NOTE RADIUS servers use port 1812 by default to authenticate users To use a different port add a colon followed by the new port number to the end of the RADIUS server name or IP address Secret The shared secret between the RADIUS server and the Rack PDU Timeout The time in seconds that the Rack PDU waits for a response from the RADIUS server Test Settings Enter the Adminis
145. r options Links to configuration options are visible but disabled The event and data logs display no button to clear the log The default user name and password are both readonly To set User Name and Password values for the three account types above see Setting user access oF choke e An Outlet User has the following restricted access Access through the Web interface and command line interface Access to the same menus as a Device User but with limited capability to change configurations control devices delete data or use file transfer options Links to configuration options are visible but are disabled The Outlet User has access to the Outlet Control menu option that allows the user to control the outlets assigned by the Administrator Outlet Users cannot clear the event or data logs The user name and password are defined by the Administrator during the process of adding a new Outlet User Getting Started To start using the Rack PDU 1 Install the Rack PDU using the Rack Power Distribution Unit Installation Instructions that were shipped with your Rack PDU 2 Apply power and connect to your network Follow the directions in the Rack Power Distribution Unit Installation Instructions 3 Establish network settings See Establishing Network Settings 4 Begin using the Rack PDU by way of one of the following e Web Interface e Command Line Interface e Rack PDU Front Panel oF choke Establishing Netw
146. rase used with SNMPv3 user profiles ensures that a Network Management System NMS attempting to communicate with the Rack PDU is the NMS it claims to be that the message has not been changed during transmission and that the message was not delayed copied and sent again later at an inappropriate time SNMPv3 is disabled by default The Dell implementation of SNMPv3 allows the use of the SHA 1 or MD5 protocol for authentication Web interface and command line interface To ensure that data and communication between the Rack PDU and the client interfaces the command line interface and the Web interface cannot be intercepted you can provide a greater level of security by using one or more of the following encryption based methods e For the Web interface use the Secure Sockets Layer SSL protocol e To encrypt user names and passwords for command line interface access use the Secure Shell SSH protocol To encrypt user names passwords and data for the secure transfer of files use the Secure CoPy SCP protocol For more information on encryption based security see Encryption oF choke Encryption SNMP GETS SETS and Traps For encrypted communication when you use SNMP to monitor or configure the Rack PDU choose SNMPv3 The privacy passphrase used with SNMPv3 user profiles ensures the privacy of the data by means of encryption using the AES or DES encryption algorithm that an NMS sends to or receives from the Rack PD
147. rk communication that requires a higher level of security than password encryption the Web interface of the Rack PDU supports the use of digital certificates with the Secure Sockets Layer SSL protocol Digital certificates can authenticate the Rack PDU the server to the Web browser the SSL client Q You can generate a 1024 bit key or you can generate a 2048 bit key which provides complex encryption and a higher level of security The sections that follow summarize the three methods of creating implementing and using digital certificates to help you determine the most appropriate method for your system e Method 1 Use the default certificate auto generated by the Rack PDU e Method 2 Use the Rack PDU Security Wizard to create a CA certificate and a server certificate e Method 3 Use the Rack PDU Security Wizard to create a certificate signing request to be signed by the root certificate of an external Certificate Authority and to create a server certificate You can also use Method 3 if your company or agency operates its own Q Certificate Authority Use the Rack PDU Security Wizard in the same way but use your own Certificate Authority in place of a commercial Certificate Authority Choosing a method for your system Using the Secure Sockets Layer SSL protocol you can choose any of the following methods for using digital certificates dF choke Method 1 Use the default certificate auto generated by the Rack PDU When
148. rypted form You can change the Telnet or SSH port setting for additional security Alternately disable network access to the command line interface Option Argument Description S disable telnet Configure access to the command line interface or use the ssh disable command to prevent access Enabling SSH enables SCP and disables Telnet pt lt telnet port n gt Define the Telnet port used to communicate with the Rack PDU 23 by default ps lt SSH port n gt Define the SSH port used to communicate with the Rack PDU 22 by default b 2400 9600 Configure the speed of the serial port connection 9600 bps 19200 38400 by default Example 1 To enable SSH access to the command line interface type console S ssh Example 2 To change the Telnet port to 5000 type console pt 5000 date Access Administrator only Definition Configure the date used by the Rack PDU To configure an NTP server to define the date and time for the Rack PDU see Set the Date and Time Option Argument Description d lt datestring gt Configure the current date Use the date format specified by the date f command t lt 00 00 00 gt Configure the current time in hours minutes and seconds Use the 24 hour clock format f mm dd yy Select the numerical format in which to display all dates in this dd mm yyyy user interface Each letter m for month d for day and
149. s Administrator Device User Description Determine whether the device with the IP address or DNS name you specify is connected to the network Four inquiries are sent to the address Argument Description lt IP address or DNS name gt Type an IP address with the format xxx xxx xxx xxx or the DNS name configured by the DNS server Example To determine whether a device with an IP address of 150 250 6 10 is connected to the network type ping 150 250 6 10 portSpeed Access Administrator Description Option Arguments Description S auto 10H 10F 100H 100 F Define the communication speed of the Ethernet port The auto command enables the Ethernet devices to negotiate to transmit at the highest possible speed See Port Speed for more information about the port speed settings Example To configure the TCP IP port to communicate using 100 Mbps with half duplex communication communication in only one direction at a time type portspeed s 100H oF choke prompt Access Administrator Device User Description Configure the command line interface prompt to include or exclude the account type of the currently logged in user Any user can change this setting all user accounts will be updated to use the new setting Option Argument Description S long The prompt includes the account type of the currently logged in user short The defa
150. s both the IP address and the domain name for the networked device associated with the event are logged in the event log If no domain name entry exists for the device only its IP address is logged with the event Since domain names generally change less frequently than IP addresses enabling reverse lookup can improve the ability to identify addresses of networked devices that are causing events To resize the event log Logs gt Events gt size By default the event log stores 400 events You can change the number of events the log stores When you resize the event log all existing log entries are deleted To avoid losing log data use FTP or SCP to retrieve the log before you enter a new value in the Event Log Size field See How to use FTP or SCP to retrieve log files When the log is full the older entries are deleted oF choke Data log Path Logs gt Data gt options The data log records the current and power for the device and phases for a 3 phase Rack PDU as applicable as well as temperature and humidity and dry contact data at the specified time interval Each entry is listed by the date and time the data was recorded To display the data log Logs gt Data gt log e By default view the data log as a page of the Web interface The most recent data item is recorded on page 1 From the navigation menu below the log Click a page number to open a specific page of the log Click Previous or Next to v
151. s where pdu_ip_address is the IP address of the Rack PDU and links the outlet to the Web interface of the Rack PDU at the IP address enabling authorized users to log on Power On Delay Set the number of seconds that the Rack PDU waits after a command is issued before applying power from an outlet NOTE To configure an outlet to remain off at all times check the Never checkbox next to Power On Delay Power Off Delay Set the number of seconds that the Rack PDU waits after a command is issued before removing power from an outlet NOTE To configure an outlet to remain on at all times check the Never check box next to Power Off Delay Reboot Duration Set the number of seconds an outlet remains off before restarting oF choke oF choke To configure the outlet settings or outlet names select the Device Manager tab and then Configuration from the left navigation menu Click the Configure Multiple Outlets button in the Outlet Configuration section or click on the outlet name e Configure outlet settings for multiple outlets Select the checkboxes next to the numbers of the outlets you want to modify or select the All Outlets checkbox Enter values for Name and Link and click the Apply button immediately below the list Enter values for Power On Delay Power Off Delay or Reboot Duration and click the Apply button immediately below the list e Configure outlet settings for a single out
152. s bates seeeeasanaeek 161 FTP Servel soc tSediosctctoku ewes bbeceesest hears 166 Administration General Options 167 IDGNIINIGAUON 2 ee Soe one se 6564 62 eek bbe eee Se Bs ee Sees ee 167 Set the Date and Time 0 00 cc ce es 168 Us ann File 222 266so08 bec00 2654 suditi cose eeese Hoek ens 170 Event Log and Temperature Units 0000 ee eee eee eeee 171 Reset the Rack PDUs oi6cc269e0 eae ee oe dodo ee ba deeex ees 172 Contgure LINKS eris rees be cwee ed ce eeeeheeee ence arareo 173 About the Rack PDU sccccacscccicnedasenieceseaxkceceans 173 How to Export Configuration Settings 174 Retrieving and Exporting the ini File 00 eee eeeee 174 The Upload Event and Error Messages 2220 00e000es 178 File Transfers 180 How to Upgrade Firmware 000cee cee e eee eee eee 180 Firmware File Transfer Methods 000000e eee eeeee 182 Verifying Upgrades and Updates anann e ee eee eee 185 Troubleshooting 186 Rack PDU Access Problems 000000eeeeeeeueeeees 186 Appendix A List of Supported Commands 188 Appendix B Security Handbook 193 Content and Purpose of This Appendix 0200000eeeee 193 Security Features si cies das dcasc es va diseeeetacca asides s 194 Authentication sc bce ceed dead ota aiei e ina ives 2060 S84 198 Enceryptione c2cseetteac he ivareicees hd tees ee seenesaeees 199 Creating and Installing Digital Certificates 00005 202 Firewalls
153. s the basic security of authentication by user name and password but not the high security benefits of encryption To use Telnet to access the command line interface 1 From a computer on the same network as the Rack PDU at a command prompt type telnet and the IP address for the Rack PDU for example telnet 139 225 6 133 when the Rack PDU uses the default Telnet port of 23 and press ENTER If the Rack PDU uses a non default port number from 5000 to 32768 you must include a colon or a space depending on your Telnet client between the IP address or DNS name and the port number These are commands for general usage some clients do not allow you to specify the port as an arguement and some may require extra commands 2 Enter the user name and password by default admin and admin for an Administrator or device and device for a Device User If you cannot remember your user name or password see Recovering from a Lost Password SSH for high security access If you use the high security of SSL for the Web interface use SSH for access to the command line interface SSH encrypts user names passwords and transmitted data The interface user accounts and user access rights are the same whether you access the command line interface through SSH or Telnet but to use SSH you must first configure SSH and have an SSH client program installed on your computer oF choke Local access to the command line interface For local ac
154. sages User by Code default NOTE User best defines the Syslog messages sent by the Rack PDU Do not change this selection unless advised to do so by the Syslog network or system administrator Severity Maps each severity level of Rack PDU or Environment events to available Syslog Mapping priorities You should not need to change the mappings The following definitions are from RFC3164 e Emergency The system is unusable e Alert Action must be taken immediately e Critical Critical conditions e Error Error conditions e Warning Warning conditions e Notice Normal but significant conditions e Informational Informational messages e Debug Debug level messages Following are the default settings for the Local Priority settings e Severe is mapped to Critical e Warning is mapped to Warning Informational is mapped to Info NOTE To disable Syslog messages see Configuring event actions Syslog test and format example Path Logs gt Syslog gt test Send a test message to the Syslog servers configured through the servers option 1 Select a severity to assign to the test message 2 Define the test message according to the required message fields The priority PRI the Syslog priority assigned to the message s event and the facility code of messages sent by the Rack PDU The Header a time stamp and the IP address of the Rack PDU The message MSG part e The TAG field followed by a c
155. se a local computer a computer that connects to the Rack PDU or other device through the serial port to access the command line interface 1 Select a serial port at the local computer and disable any service that uses that port Connect the provided serial cable to the selected port on the computer and to the Serial port at the Rack PDU Run a terminal program such as HyperTerminal and configure the selected port for 9600 bps 8 data bits no parity 1 stop bit and no flow control Press ENTER repeatedly if necessary to display the User Name prompt If you are unable to display the User Name prompt verify the following The serial port is not in use by another application The terminal settings are correct as specified in step 3 The correct cable is being used as specified in step 2 Press the Reset button The Status LED will flash alternately orange and green Press the Reset button a second time immediately while the LED is flashing to reset the user name and password to their defaults temporarily Press ENTER repeatedly if necessary to display the User Name prompt again then use dell for the user name and password If you take longer than 30 seconds to log on after the User Name prompt is redisplayed you must repeat step 5 and log on again At the command line interface use the following commands to change the User Name and Password settings both of which are now dell user an yourAd
156. server certificate A server certificate signed by a custom CA root certificate also created with the Rack PDU Security Wizard Use this method if your company or agency does not have its own Certificate Authority and you do not want to use an external Certificate Authority to sign the server certificate Aserver certificate signed by an external Certificate Authority This Certificate Authority can be one that is managed by your own company or agency or can be one of the commercial Certificate Authorities whose CA root certificates are distributed as part of a browser s software A certificate signing request containing all the information required for a server certificate except the digital signature You need this request if you are using an external Certificate Authority A CA root certificate An SSH host key that your SSH client program uses to authenticate the Rack PDU when you log on to the command line interface You define whether the public keys for SSL certificates and the host keys for Q SSH that are created with the Rack PDU Security Wizard are 1024 bit RSA keys the default setting or 2048 bit RSA keys which provide complex encryption and a higher level of security If you do not create and use SSL server certificates and SSH host keys with the Rack PDU Security Wizard the Rack PDU generates 2048 bit RSA keys Only Dell Rack PDU products can use server certificates host keys and CA root certificates create
157. sh or a comma separated list of single outlet numbers and number ranges lt user gt A user that exists in the local database See userList Example 1 To remove a user named Bobby from control of outlets 3 5 through 7 and 10 type cli gt olUnasgnUsr 3 5 7 10 bobby E000 Success Example 2 To remove a user named Billy from control of all outlets type cli gt olUnasgnUsr all billy E000 Success oF choke phLowLoad Access Administrator Device User Description Set or view the phase low load threshold in kilowatts To specify phases choose from the following options Type a11 a single phase a range or a comma separated list of phases Example 1 To set the low load threshold for all phases to 1 kW type cli gt phLowLoad all 1 E000 Success Example 2 To view the low load threshold for phases 1 through 3 type cli gt phLowLoad 1 3 E000 Success 1 LA 2 LA 3 LA oF choke phNearOver Access Administrator Device User Description Set or view the phase near overload threshold in Kilowatts To specify phases choose from the following options Type a11 a single phase a range ora comma separated list of phases Example 1 To set the near overload threshold for all phases to 10 kW type cli gt phNearOver all 10 E000 Success Example 2 To view the near overload threshold for phases 1 through 3 type cli gt phNearOver 1 3 E000 Success 1 10 A 2 10 A 3 LOA oF choke p
158. sport protocol for encryption of user names passwords and files e When you enable and configure SSH you automatically enable and configure SCP No further configuration of SCP is needed e You must explicitly disable FTP It is not disabled by enabling SSH To disable FTP on the Administration tab select Network on the top menu bar and FTP Server on the left navigation menu Clear the Enable checkbox and click Apply Secure Sockets Layer SSL for the Web interface For secure Web communication enable Secure Sockets Layer SSL by selecting HTTPS as the protocol mode to use for access to the Web interface of the Rack PDU HyperText Transfer Protocol over Secure Sockets Layer HTTPS is a Web protocol that encrypts and decrypts page requests from the user and pages that are returned by the Web server to the user The Rack PDU supports SSL version 3 0 and the associated Transport Layer Security TLS version 1 0 Most browsers let you select the version of SSL to enable EJ SSL uses a digital certificate to enable the browser to authenticate the server in this case the Rack PDU The browser verifies the following When SSL is enabled your browser displays a small lock icon e The format of the server certificate is correct e The expiration date and time of the server certificate have not passed e The DNS name or IP address specified when a user logs on matches the common name in the server certificate The server certifica
159. ss of the primary or secondary RADIUS server NOTE RADIUS servers use port 1812 by default to authenticate users To use a different port add a colon followed by the new port number to the end of the RADIUS server name or IP address Option Argument Description s1 lt server The shared secret between the primary or secondary RADIUS S2 secret gt server and the Rack PDU t1 lt server The time in seconds that the Rack PDU waits for a response t2 timeout gt from the primary or secondary RADIUS server Example 1 To view the existing RADIUS settings for the Rack PDU type radius and press ENTER Example 2 To enable RADIUS and local authentication type radius a radiusLocal Example 3 To configure a 10 second timeout for a secondary RADIUS server type radius t2 10 reboot Access Administrator only Description Restart the interface of the Rack PDU oF choke resetToDef Access Administrator only Description Option Arguments Description p all keepip Reset all configuration changes including event actions device settings and optionally TCP IP configuration settings Example To reset all of the configuration changes except the TCP IP settings for the Rack PDU type resetToDef p keepip snmp snmpv3 Access Administrator only Description Enable or disable SNMP 1 or SNMP 3 Option Arguments Description S enable
160. ssion oF choke oF choke SNMPv1 and SNMPv3 Security Access Description Community Name e Host Name e NMS IP filters e Agents that can be enabled or disabled e Four access communities with read write disable capability Available methods SNMPv1 e Four User Profiles e Authentication through an authentication passphrase e Encryption through a privacy passphrase SHA or MD5 authentication e AES or DES encryption algorithm e NMS IP filters Available methods SNMPv3 For both SNMPv1 and SNMPv3 the host name restricts access to the Network Management System NMS at that location only and the NMS IP filters allow access only to the NMSs specified by one of the IP address formats in the following examples e 159 215 12 1 Only the NMS at the IP address 159 215 12 1 e 159 215 12 255 Any NMS on the 159 215 12 segment e 159 215 255 255 Any NMS on the 159 215 segment e 159 255 255 255 Any NMS on the 159 segment e 0 0 0 0 or 255 255 255 255 Any NMS SNMPv3 has additional security features that include the following e An authentication passphrase to ensure that an NMS trying to access the Rack PDU is the NMS it claims to be e Encryption of data during transmission with a privacy passphrase required for encrypting and decrypting File transfer protocols Security Access Description Available methods e User name and password e Selectable ser
161. strator Device User and Outlet User but only for outlets to which the user is assigned Description Cycles power to an outlet or a group of outlets The specified outlets will be turned off based on the configured Power Off Delay see olOffDelay After the longest Reboot Duration see olRbootTime of the selected outlets the outlets will then begin to turn on based on the configured Power On Delays see olOnDelay set for the specified outlets Argument Description all All device outlets lt outlet The name configured for a specific outlet See olName name gt lt outlet gt A single number or a range of numbers separated with a dash or a comma separated list of single outlet numbers and number ranges Example 1 To cycle power to outlets 3 5 through 7 and 10 type cli gt olDlyReboot 3 5 7 10 E000 Success Example 2 To cycle power to an outlet with the configured name of Outlet1 type cli gt olDlyReboot outletl E000 Success oF choke olGroups Access Administrator Device User and Outlet User Description List the outlet synchronization groups defined on the rack PDU see Configure and Control Outlet Groups for more information Example To list outlets synchronization groups type cli gt olGroups E000 Success Outlet Group A 159 215 6 141 gt Outlets 2 4 5 159 215 6 143 gt Outlets 2 8 Outlet Group B 159 215 6 141 gt Outlets 1 159 215 6 166 gt
162. t the person responsible for the device used by the SNMP agent of the Rack PDU oF choke These settings are the values used for the MIB II sysName sysContact and sysLocation Object Identifiers OIDs For more information about MIB I OIDs see the Dell Management Information Base MIB Set the Date and Time Method Path Administration gt General gt Date amp Time gt mode Set the time and date used by the Rack PDU You can change the current settings manually or through a Network Time Protocol NTP Server e Manual Mode Do one of the following Enter the date and time for the Rack PDU Mark the checkbox Apply Local Computer Time to match the date and time settings of the computer you are using e Synchronize with NTP Server Have an NTP Server define the date and time for the Rack PDU Setting Definition Primary NTP Server Enter the IP address or domain name of the primary NTP server Secondary NTP Server Enter the IP address or domain name of the secondary NTP server when a secondary server is available Time Zone Select a time zone The number of hours preceding each time zone in the list is the offset from Coordinated Universal Time UTC formerly Greenwich Mean Time Update Interval Define how often in hours the Rack PDU accesses the NTP Server for an update Minimum 1 Maximum 8760 1 year Update Using NTP Now Initiate an immediate updat
163. tate of the dry contact inputs type cli gt inReading E000 Success 1 Open 2 Open oF choke olAssignUsr Access Administrator Description Assign control of outlets to an outlet user that exists in the local database Argument Description all All device outlets lt outlet The name configured for a specific outlet See olName name gt lt outlet gt A single number or a range of numbers separated with a dash or a comma separated list of single outlet numbers and number ranges lt user gt A user that exists in the local database See userAdd Example 1 To assign a user named Bobby to outlets 3 5 through 7 and 10 type cli gt olAssignUsr 3 5 7 10 bobby E000 Success Example 2 To assign a user named Billy to all outlets type cli gt olAssignUsr all billy E000 Success olCancelCmd Access Administrator Device User and Outlet User but only for outlets to which the user is assigned Description Cancels all pending commands for an outlet or group of outlets Argument Description all All device outlets lt outlet The name configured for a specific outlet See olName name gt lt outlet gt A single number or a range of numbers separated with a dash or a comma separated list of single outlet numbers and number ranges Example To cancel all commands for outlet 3 type cli gt olCancelCmd 3 E000 Success oF choke ol
164. te is signed by a trusted certifying authority Each major browser manufacturer distributes CA root certificates of the commercial Certificate Authorities in the certificate store cache of its browser so that it can compare the signature on the server certificate to the signature on a CA root certificate oF choke You can use the Rack PDU Security Wizard to create a certificate signing request to an external Certificate Authority or if you do not want to use an existing Certificate Authority you can create a Dell root certificate to upload to the certificate store cache of the browser You can also use the Wizard to create a server certificate to upload to the Rack PDU See Creating and Installing Digital Certificates for a summary of how these certificates are used To create certificates and certificate requests see Create a Root Certificate and Server Certificates and Create a Server Certificate and Signing Request SSL also uses various algorithms and encryption ciphers to authenticate the server encrypt data and ensure the integrity of the data i e that it has not been intercepted and sent by another server Web pages that you have recently accessed are saved in the cache of your Q Web browser and allow you to return to those pages without re entering your user name and password Always close your browser session before you leave your computer unattended Creating and Installing Digital Certificates Purpose For netwo
165. terface page e Name A name that fully identifies the target or purpose of the link e Address Any URL for example the URL of another device or server About the Rack PDU Path Administration gt General gt About The hardware information is useful for troubleshooting problems with the Rack PDU The serial number and MAC address are also available on the Rack PDU itself Firmware information for the Application Module Dell OS AOS and Boot Monitor indicates the name the firmware version and the date and time each firmware module was Created This information is also useful in troubleshooting Management Uptime is the length of time the interface has been running continuously How to Export Configuration Settings Retrieving and Exporting the ini File Summary of the procedure An Administrator can retrieve the ini file of a Rack PDU and export it to another Rack PDU or to multiple Rack PDUs 1 Configure a Rack PDU to have the settings you want to export 2 Retrieve the ini file from that Rack PDU 3 Customize the file to change at least the TCP IP settings 4 Use a file transfer protocol supported by the Rack PDU to transfer a copy to one or more other Rack PDUs For a transfer to multiple Rack PDUs use an FTP or SCP script Each receiving Rack PDU uses the file to reconfigure its own settings and then deletes it Contents of the ini file The config ini file you retrieve from a Rack PDU contains the fol
166. the network This appendix documents the following protocols and features how to select which ones are appropriate for your situation and how to set up and use them within an overall security system e Telnet and Secure Shell SSH e Secure Sockets Layer SSL e RADIUS e SNMPv1 and SNMPv3 In addition this appendix documents how to use the Rack PDU Security Wizard to create the components required for the high security available through SSL and SSH Security Features Protection of passwords and passphrases No password or passphrase is stored on the Rack PDU in plain text e Passwords are hashed using a one way hash algorithm e Passphrases which are used for authentication and encryption are encrypted before they are stored on the Rack PDU Summary of access methods Serial access to the command line interface Security Access Description Access is by user name and Always enabled password Remote access to the command line interface Security Access Description Available methods For high security use SSH e User name and password With Telnet the user name and password are transmitted as e Selectable server port plain text e Access protocols that can be Enabling SSH disables Telnet and provides encrypted access enabled or disabled to the command line interface to provide additional protection e Secure Shell SSH from attempts to intercept forge or alter data during transmi
167. to send the e mail only once On a busy remote SMTP server the time out may prevent some e mail from being sent When the recipient uses the Rack PDU s SMTP server this setting has no effect Format The long format contains Name Location Contact IP address serial number of the device date and time event code and event description The short format provides only the event description User Name Password Confirm Password If your mail server requires authentication type your user name and password here This performs a simple authentication not SSI E mail test Path Administration gt Notification gt E mail gt test Send a test message to a configured recipient oF choke SNMP traps Trap Receivers Path Administration gt Notification gt SNMP Traps gt trap receivers View trap receivers by NMS IP Host Name You can configure up to six trap receivers To configure a new trap receiver click Add Trap Receiver To modify or delete a trap receiver first click its IP address or host name to access its settings If you delete a trap receiver all notification settings configured under Event Actions for the deleted trap receiver are set to their default values To specify the trap type for a trap receiver select either the SNMPv1 or SNMPv3 radio button For an NMS to receive both types of traps you must configure two trap receivers for that NMS one for each trap type Item Definition
168. trator user name and password to test the RADIUS server path that you have configured Skip Test and Apply Do not test the RADIUS server path Configuring the RADIUS Server Summary of the configuration procedure You must configure your RADIUS server to work with the Rack PDU For examples of the RADIUS users file with Vendor Specific Attributes VSAs and an example of an entry in the dictionary file on the RADIUS server see Appendix B Security Handbook 1 Add the IP address of the Rack PDU to the RADIUS server client list file 2 Users must be configured with Service Type attributes unless Vendor Specific Attributes VSAs are defined If no Service Type attributes are configured users will have read only access on the Web interface only See your RADIUS server documentation for information about the RADIUS users file and see Appendix B Security Handbook for an example 3 VSAs can be used instead of the Service Type attributes provided by the RADIUS server VSAs require a dictionary entry and a RADIUS users file In the dictionary file define the names for the ATTRIBUTE and VALUE keywords but not for the numeric values If you change numeric values RADIUS authentication and authorization will fail VSAs take precedence over standard RADIUS attributes oF choke Configuring a RADIUS server on UNIX with shadow passwords If UNIX shadow password files are used etc passwd with the RADIUS dict
169. ty hysteresis is 8 The humidity falls below 18 violating the threshold It then wavers up to 24 and down to 13 repeatedly but no clearing event and no new violation occur For the existing violation to clear the humidity would have to rise to above 26 8 past the threshold oF choke Configuring Dry Contact Inputs Path Environment gt Dry Contact Inputs Through the Dry Contact Inputs page view the current status and state for the dry contacts and configure the dry contacts Parameter Description Name A name for this input contact Maximum 20 characters Alarm Normal if this input contact is not reporting an alarm or the severity of the alarm if Status this input contact is reporting an alarm State The current state of this input contact Closed or Open Alarm Enable or disable this input contact When disabled the contact generates no Generation alarm even when it is in the abnormal position Normal The normal non alarm state of this input contact Closed or Open State Home Device Manager Events log reverse lookup size Data log graphing interval rotation size Syslog servers settings test Link 1 Link 2 Link 3 Environment Event Log Filtering Event Time Last 2days From 10 23 2010 20 33 to 10 25 2010 20 33 Administration Qo Alarms Apply J Clear Log Clear Log Filter Log Filter
170. uery 155 e mail recipient settings 142 RADIUS server path 133 trap receiver 144 Time setting 168 Time Zone for synchronizing with NTP server 168 Timeout setting for RADIUS 133 227 To Address e mail recipients 141 Trap generation for trap receivers 143 Traps trap receivers 143 Troubleshooting management card access problems 186 RADIUS only setting when RADIUS is unavailable 132 verification checklist 186 U Unit Preference 171 lH cloak Up Time control console main screen 19 in Web interface 173 Update Interval Date amp Time setting 168 Update Using NTP Now Date amp Time setting 168 Upgrade firmware 180 Upload event 178 URL address formats 86 User access identification in control console interface 19 User access types of accounts 3 User configuration files contents 174 176 exporting system time separately 176 messages for undiscovered devices 179 overriding device specific values 174 retrieving and exporting 174 upload event and error messages 178 177 152 User Name default by account type 85 User Name change immediately for security 197 User names defining for each account type 131 maximum number of characters for RADIUS 132 W Web interface 88 configuring access 157 loggingon 85 troubleshooting access problems 187 URL address formats 86 X XMODEM to transfer firmware files 184 Information in this document is subject to change without notice 2010 Dell Inc All rights reserved Reprodu
171. ult setting The prompt is four characters long cli gt Example To include the account type of the currently logged in user in the command prompt type prompt s long quit Access Administrator Device User Outlet User Description Exit from the command line interface session this works the same as the exit command oF choke radius Access Administrator only Description View the existing RADIUS settings enable or disable RADIUS authentication and configure basic authentication parameters for up to two RADIUS servers For a summary of RADIUS server configuration and a list of supported RADIUS servers see Configuring the RADIUS Server Additional authentication parameters for RADIUS servers are available at the Web interface of the Rack PDU See RADIUS for more information For detailed information about configuring your RADIUS server see Appendix B Security Handbook Option Argument Description a local radiusLocal radius Configure RADIUS authentication 1local RADIUS is disabled Local authentication is enabled radiusLocal RADIUS then Local Authentication RADIUS and local authentication are enabled Authentication is requested from the RADIUS server first If the RADIUS server fails to respond local authentication is used radius RADIUS is enabled Local authentication is disabled p1 p2 lt server IP gt The server name or IP addre
172. ust also differ 6 On the next screen review the summary of the certificate Scroll downward to view the certificate s unique serial number and fingerprints To make any changes to the information you provided click Back Revise the information 7 The last screen verifies that the certificate has been created and instructs you to load the server certificate to the Rack PDU It displays the location and name of the Server Certificate which has a p15 file suffix and contains the private key and public root certificate of the Rack PDU Load the server certificate to the Rack PDU 1 On the Administration tab select Network on the top menu bar and ssl certificate under the Web heading on the left navigation menu 2 Select Add or Replace Certificate File and browse to the server certificate the p15 file you created in the procedure Create a Root Certificate and Server Certificates The default location is C Program Files Dell Rack PDU Security Wizard You can use FTP or Secure CoPy SCP instead to transfer the server Q certificate For SCP the command to transfer a certificate named cert p15 to a Rack PDU with an IP address of 156 205 6 185 would be scp cert p15 del1 156 205 6 185 oF choke Create a Server Certificate and Signing Request Summary Use this procedure if your company or agency has its own Certificate Authority or if you plan to use a commercial Certificate Authority to sign your server certificates e Cr
173. uthority regarding the signing and issuing of server certificates Import the signed certificate When the external Certificate Authority returns the signed certificate import the certificate This procedure combines the signed certificate and the private key into an SSL server certificate that you then upload to the Rack PDU 1 On the Windows Start menu select Programs then Rack PDU Security Wizard 2 On the screen labeled Step 1 select Import Signed Certificate 3 Browse to and select the signed server certificate that you received from the external Certificate Authority The file has a cer or crt suffix 4 Browse to and select the file you created in step 4 of the task Create the Certificate Signing Request CSR This file has a p15 extension contains the private key of the Rack PDU and by default is in the installation folder C Program Files Dell Rack PDU Security Wizard 5 Specify a name for the output file that will be the signed server certificate that you upload to the Rack PDU The file must have a p15 suffix 6 Click Next to generate the server certificate Issuer Information on the summary screen confirms that the external Certificate Authority signed the certificate 7 The last screen verifies that the certificate has been created and instructs you to load the server certificate to the Rack PDU It displays the location and name of the server certificate which has a p15 file extension and contains the
174. ve Help link and Log off link are located in the upper right corner About the Home Tab Use the Home tab to view active alarms the load status of the Rack PDU and the most recent Rack PDU events Device Manager Environment Logs Administration i No Alarms Active Alarms tf No Alarms Present Load Status Managed Rack PDU Parameters Device Load 0 58 kw Name John Doe Phase L1 Load 5 0 A i E Contact Unknown Location Unknown Model Number DELL6605 Rating 19 204 User Administrator UpTime 25 Days 20 Hours 57 Minutes Recent Device Events Date Time Event 10 25 2010 19 45 54 Managed Rack PDU Outlet 2 Outlet 2 off 10 25 2010 19 45 54 Managed Rack PDU Outlet 1 Outlet 1 off 10 20 2000 19 22 58 Managed Rack PDU Device low load cleared 10 20 2000 19 22 56 Managed Rack PDU Phase low load cleared on phase 1 10 20 2000 19 18 59 Managed Rack PDU Outlet 3 Outlet 3 on More Events gt Link 1 Link 2 Link 3 Managed Rack PDU DOLL The Overview view Path Home gt Overview The top of the Overview indicates the alarm status If one or more alarms are present the number and type of alarms are indicated with a link to the Alarm Status view where you can view descriptions of each alarm If no alarms exist the Overview displays No Alarms Present oF choke In the Load Status area view the load for the device in kW and for the phases in Amps as applicable The green yellow and red
175. ver port e FTP Server and access protocols that can be enabled or disabled e Secure CoPy SCP With FTP the user name and password are transmitted as plain text and files are transferred without encryption Use SCP to encrypt the user name and password and the files being transferred such as firmware updates configuration files log files Secure Sockets Layer SSL certificates and Secure Shell SSH host keys If you choose SCP as your file transfer protocol enable SSH and disable FTP Web server Security Access Description Available methods e User name and password e Selectable server port e Web interface access that can be enabled or disabled e Secure Sockets Layer SSL In basic HTTP authentication mode the user name and password are transmitted base 64 encoded with no encryption SSL is available on Web browsers supported for use with the Management Card or network enabled device and on most Web servers The Web protocol HyperText Transfer Protocol over Secure Sockets Layer HTTPS encrypts and decrypts page requests to the Web server and pages returned by the Web server to the user RADIUS Security Access Description Available methods e Centralized authentication of access rights A server secret shared between the RADIUS server and the Rack PDU or device RADIUS Remote Authentication Dial In User Service is an authentication authorization
176. wala User s Guide Managed Rack Power Distribution Unit Contents Introduction 1 Product Features i2 05 cee cickds chee eas let cade ees 1 Getting Started rcivsad dead ahaddesbaceercs acdenrinawa ns 4 Establishing Network Settings 0 0 eee e eee eee eee 5 Recovering from a Lost Password 00 cece eee e eee e eee 9 Rack PDU Front Panel 11 Command Line Interface 15 About the Command Line Interface 000 0 eee eens 15 Logging on to the Command Line Interface 0000500s 15 About the Main Screen 0 065 fsd0 ce eedetea ees ca eeene ees 18 Using the Command Line Interface 000 cee e eens 21 Command Syhtax 6242666246540 25S30h 6464545684050 0 0506 22 Command Response CodesS 00 000 cece eee eens 23 Network Management Card Command Descriptions 24 Device Command Descriptions 00c eee eee eens 46 Web Interface 84 Supported Web Browsers 0000 cece eee eee ees 84 Logging On to the Web Interface 00 cee eee eee eee 85 Web Interface Features 0 00 cece es 88 About the Home Tab 0 000 cece es 91 Device Management 94 About the Device Manager Tab 000 eee eee eee eee 95 Viewing the load status and peak load 000 cece eens 95 Configuring Load Thresholds 000 cece eee eee eens 96 Configuring the Name and Location of the Rack PD
177. within that time e mail cannot be sent Therefore use DNS servers on the same segment as the Rack PDU or ona nearby segment but not across a wide area network WAN After you define the IP addresses of the DNS servers verify that DNS is working correctly by entering the DNS name of a computer on your network to look up the IP address for that computer Host Name After you configure a host name here and a domain name in the Domain Name field users can enter a host name in any field in the Rack PDU interface except e mail addresses that accepts a domain name Domain Name IPv4 You need to configure the domain name here only In all other fields in the Rack PDU interface except e mail addresses that accept domain names the Rack PDU adds this domain name when only a host name is entered To override all instances of the expansion of a specified host name by the addition of the domain name set the domain name field to its default somedomain com orto 0 0 0 0 To override the expansion of a specific host name entry for example when defining a trap receiver include a trailing period The Rack PDU recognizes a host name with a trailing period such as mySnmpServer as if it were a fully qualified domain name and does not append the domain name Domain Name IPv6 Specify the IPv6 domain name here Select test to send a DNS query that tests the setup of your DNS servers oF choke As Query Type select the meth
178. wly configured event action enabled for this group of events or to disable the action oF choke Active Automatic Direct Notification E mail notification Overview of setup Use the Simple Mail Transfer Protocol SMTP to send e mail to up to four recipients when an event occurs To use the e mail feature you must define the following settings The IP addresses of the primary and optionally the secondary Domain Name System DNS servers You can use the To Address setting of the recipients option to send e mail to a text based pager oF choke SMTP Path Administration gt Notification gt E mail gt server Setting Description Local The IPv4 IPv6 address or DNS name of the local SMTP server MIP NOTE This definition is required only when SMTP Server is set to Local See E mail Server EF recipients From The contents of the From field in e mail messages sent by the Rack PDU Address In the format user IP_address if an IP address is specified as Local SMTP Server e In the format user domain if DNS is configured and the DNS name is specified as Local SMTP Server in the e mail messages NOTE The local SMTP server may require that you use a valid user account on the server for this setting See the server s documentation E mail recipients Path Administration gt Notification gt E mail gt recipients Identify up to four e mail recipients Setting Description
Download Pdf Manuals
Related Search