Cyclades AlterPath OnBoard Guía de usuario Pagina 1

AlterPath™ OnSite Administrator’s and User’s GuideSoftware Version 1.1.0Cyclades Corporation3541 Gateway BoulevardFremont, CA 94538 USA1.888.CYCLADES

xAlterPath OnSite Administrator’s and User’s GuideFirewall Configuration: ICMP Protocol Fields ... 335Firewall Configurat

Power Management 52AlterPath OnSite Administrator’s and User’s GuidePower Management Configuration TasksSee the following table for power management

Introduction 53 SNMP on the OnSiteSNMP on the OnSiteThe OnSite administrator can activate Simple Network Management Protocol (SNMP) agent software

VPN on the OnSite 54AlterPath OnSite Administrator’s and User’s GuideVPN on the OnSiteThe OnSite administrator can set up VPN (Virtual Private Netwo

Introduction 55 VPN on the OnSiteIn summary, you can use the VPN features on the OnSite to create the two following types of connections:• Create a

Monitoring Temperatures 56AlterPath OnSite Administrator’s and User’s GuideThe following table provides links to related information and procedures.

Introduction 57 Monitoring TemperaturesThe temperature sensors are located at the following locations within the OnSite:• FPGA (field programmable

Monitoring Temperatures 58AlterPath OnSite Administrator’s and User’s GuideThe following table shows graph features that can be saved in reusable pr

Introduction 59 Monitoring TemperaturesYou can create one or more profiles that store a set of display parameters you specify, so that you can appl

Administering Users of Connected Devices 60AlterPath OnSite Administrator’s and User’s Guide‘In the “File Name” field, you can enter a name for a pr

Introduction 61 Administering Users of Connected Devices• Obtain usernames and passwords for connected devices to give to the users of connected de

Contents xi Power Management Through the OSD ... 382IPDU Power Management (OSD) ...

Administering Users of Connected Devices 62AlterPath OnSite Administrator’s and User’s GuideAt any time the OnSite administrator can do the common t

Introduction 63 Configuring Keyboard Shortcuts (Hot Keys)Configuring Keyboard Shortcuts (Hot Keys)Predefined keyboard shortcuts (also called hot ke

Configuring Keyboard Shortcuts (Hot Keys) 64AlterPath OnSite Administrator’s and User’s GuideConfiguring Sun Keyboard Equivalent Hot KeysThe OnSite

Introduction 65 Packet Filtering on the OnSitePacket Filtering on the OnSiteThe OnSite administrator can configure the OnSite to filter packets lik

Packet Filtering on the OnSite 66AlterPath OnSite Administrator’s and User’s GuideRulesEach chain can have one or more rules that define the followi

Introduction 67 Packet Filtering on the OnSiteYou can flag any of the above elements with inverted so that the target action is performed on packet

Packet Filtering on the OnSite 68AlterPath OnSite Administrator’s and User’s GuideTCP Protocol OptionsIf you select TCP as the protocol when specify

Introduction 69 Packet Filtering on the OnSite• destination-unreachable• network-unreachable• host-unreachable• port-unreachable• fragmentation nee

Packet Filtering on the OnSite 70AlterPath OnSite Administrator’s and User’s Guide• RETURN•LOG•REJECTIf the “LOG” and “REJECT” targets are selected,

Introduction 71 Packet Filtering on the OnSite• echo-reply• tcp-resetFirewall Configuration ProceduresThe following table has links to the procedur

xiiAlterPath OnSite Administrator’s and User’s GuideConfigure>KVM Ports Screens [OSD] ... 436Configurin

Packet Filtering on the OnSite 72AlterPath OnSite Administrator’s and User’s Guide

73Chapter 2Accessing Connected Devices and Managing PowerThis chapter gives an overview of the options for accessing servers and other devices that

74AlterPath OnSite Administrator’s and User’s GuideTo Share a KVM Port Connection Page 97To Cycle Through All Authorized KVM Ports Page 97To Connec

Accessing Connected Devices and Managing Power 75 Options for Accessing Connected DevicesOptions for Accessing Connected DevicesAuthorized users are

Power Management 76AlterPath OnSite Administrator’s and User’s GuideChapter 7, “OSD for All User Types” for how to access connected devices through

Accessing Connected Devices and Managing Power 77 Using the AlterPath ViewerThe following table lists the options for OnSite administrators and regu

Using the AlterPath Viewer 78AlterPath OnSite Administrator’s and User’s GuideIf no one else is logged in, a login screen or prompt from the server

Accessing Connected Devices and Managing Power 79 Ending an AlterPath Viewer SessionEnding an AlterPath Viewer SessionThe four ways you can end an A

Configuring the AlterPath Viewer 80AlterPath OnSite Administrator’s and User’s GuideThe following table describes the items in the Options menu, whi

Accessing Connected Devices and Managing Power 81 Configuring the AlterPath ViewerSetting the AlterPath Viewer OptionsThe Viewer Options window allo

Contents xiii Configuring Groups on LDAP, NTLM, RADIUS, and TACACS+ Authentication Servers ... 512Co

Configuring the AlterPath Viewer 82AlterPath OnSite Administrator’s and User’s GuideAlterPath Viewer Connection MenuThe following table describes th

Accessing Connected Devices and Managing Power 83 What You See When Connected to a KVM PortWhat You See When Connected to a KVM PortWhen anyone conn

Shortcuts While Connected to KVM Ports 84AlterPath OnSite Administrator’s and User’s GuideFigure 2-2 shows an example login dialog for a Windows 200

Accessing Connected Devices and Managing Power 85 Shortcuts While Connected to KVM Ports• The Print Screen key See “Print Screen Key” on page 85.• P

Shortcuts While Connected to KVM Ports 86AlterPath OnSite Administrator’s and User’s Guide KVM Port Shortcut Hot KeysThe default KVM port shortcut h

Accessing Connected Devices and Managing Power 87 Shortcuts While Connected to KVM PortsCtrl+k p Power management. Brings up the Power Management sc

Sun Keyboard Emulation Hot Keys 88AlterPath OnSite Administrator’s and User’s GuideThe OnSite administrator may redefine the KVM port connection hot

Accessing Connected Devices and Managing Power 89 Sun Keyboard Emulation Hot KeysFor example, to use the Sun Find key, you would press the Windows k

Connection Menu 90AlterPath OnSite Administrator’s and User’s GuideConnection MenuThe Connection Menu appears in the following cases:• When an OnSit

Accessing Connected Devices and Managing Power 91 Cycling Among KVM Ports in the OSD• Type one or more keys that uniquely identify an option if it i

xivAlterPath OnSite Administrator’s and User’s GuideConfiguring the /etc/pcmcia/serial.opts File ... 555Configuring A

Sharing KVM Port Connections 92AlterPath OnSite Administrator’s and User’s GuideCycle Using a Hot Key SequenceUsers can use hot keys to move from vi

Accessing Connected Devices and Managing Power 93 Sharing KVM Port ConnectionsQuit this sessionEnds the connection attempt and returns the user to t

Common Procedures for Accessing KVM Ports 94AlterPath OnSite Administrator’s and User’s GuideKill other sessionKills the existing session and connec

Accessing Connected Devices and Managing Power 95 Common Procedures for Accessing KVM PortsT To Log Into a Server Connected to a KVM PortPerform thi

Common Procedures for Accessing KVM Ports 96AlterPath OnSite Administrator’s and User’s GuideThe procedures for navigating among KVM ports are the s

Accessing Connected Devices and Managing Power 97 Common Procedures for Accessing KVM PortsT To Share a KVM Port Connection Follow this procedure af

Common Procedures for Accessing KVM Ports 98AlterPath OnSite Administrator’s and User’s Guidea. If the “Cycle” option is not visible, type the lette

Accessing Connected Devices and Managing Power 99 Common Procedures for Accessing KVM Ports• You can adjust for varying cable lengths on the followi

Common Procedures for Accessing KVM Ports 100AlterPath OnSite Administrator’s and User’s GuideT To Power On, Off, or Cycle a Server While Connected

Accessing Connected Devices and Managing Power 101 Serial Port ConnectionsSee “To Log Into a Server Connected to a KVM Port” on page 95, if needed.2

xvFiguresFigure 1-1: KVM Port Permissions Hierarchy ... 35Figure 1-2: Web Manager Login Fields With KVM Port Direct Acces

Serial Port Connections 102AlterPath OnSite Administrator’s and User’s GuideWhen a Dumb Terminal is Connected to a Serial PortIf the dumb terminal i

Accessing Connected Devices and Managing Power 103 Serial Port Connections1. Turn on the terminal.If the dumb terminal is configured as a dedicated

Serial Port Connections 104AlterPath OnSite Administrator’s and User’s GuideThe Java applet viewer shows the serial port number or administratively-

Accessing Connected Devices and Managing Power 105 Serial Port Connections1. To use telnet on the command line in a shell, enter the following comma

Serial Port Connections 106AlterPath OnSite Administrator’s and User’s GuideThe ssh session is started on the connected device’s console port and th

Accessing Connected Devices and Managing Power 107 Serial Port ConnectionsT To Log Into a Device’s Console Through a Serial PortSee “Serial Port Con

Serial Port Connections 108AlterPath OnSite Administrator’s and User’s GuideSee “To Log Into a Device’s Console Through a Serial Port” on page 107,

Accessing Connected Devices and Managing Power 109 Serial Port ConnectionsIf you have permission to perform IPMI power management while connected to

Serial Port Connections 110AlterPath OnSite Administrator’s and User’s GuideThe following message appears.T To Use ts_menu to Connect to a Serial Po

Accessing Connected Devices and Managing Power 111 Serial Port Connections2. Enter the ts_menu command at the prompt.The ts_menu displays a numbered

xviAlterPath OnSite Administrator’s and User’s GuideFigure 4-9: IPDU Multi-Outlet Ctrl Screen... 155Figure 4-10: Web M

Dial-in Connections 112AlterPath OnSite Administrator’s and User’s GuideDial-in Connections“Dial-in Connections” on page 112 lists the types of devi

Accessing Connected Devices and Managing Power 113 Dial-in ConnectionsBefore configuring PPP, you need the following:• A modem connected to your com

Dial-in Connections 114AlterPath OnSite Administrator’s and User’s GuideT To Configure a Reusable PPP ConnectionPerform this procedure on a remote c

Accessing Connected Devices and Managing Power 115 Dial-in Connections8. Type the phone number for the OnSite’s modem in the “Phone number” field an

Dial-in Connections 116AlterPath OnSite Administrator’s and User’s GuideNote: The following steps work if you are on a computer running Windows XP.

Accessing Connected Devices and Managing Power 117 Dial-in Connections5. Select a country or region from the “Country/region” pull-down menu.6. Fill

Obtaining and Using One Time Passwords for Dial-ins 118AlterPath OnSite Administrator’s and User’s Guide3. If call back is enabled, enter cbuser at

Accessing Connected Devices and Managing Power 119 Obtaining and Using One Time Passwords for Dial-insSome sites choose to print out hard copy lists

Managing IPDU Outlets With PM Commands 120AlterPath OnSite Administrator’s and User’s GuideThe opiekey program generates a six word OTP password, su

Accessing Connected Devices and Managing Power 121 Managing IPDU Outlets With PM CommandsUse a1 to specify AUX port 1 and a2 to specify AUX port 2.

Figures xvii Figure 6-9:Web Manager IPDU Multi-Outlet Ctrl ... 202Figure 6-10: Web Manager Access>IPMI Power Mgmt. Screen .. 20

Managing IPDU Outlets With PM Commands 122AlterPath OnSite Administrator’s and User’s GuideTyping “help” at the prompt shown in the previous screen

Accessing Connected Devices and Managing Power 123 Managing IPDU Outlets With PM CommandsEntering menu at the prompt brings up the same menu as the

Managing IPDU Outlets With PM Commands 124AlterPath OnSite Administrator’s and User’s Guide3. At the prompt, enter the number that corresponds to th

125Chapter 3Web Manager IntroductionThis chapter describes the rules and prerequisites for accessing the Cyclades Web Manager on the OnSite, introdu

Accessing the Web Manager 126AlterPath OnSite Administrator’s and User’s GuideAccessing the Web ManagerBoth OnSite administrative users and authoriz

Introduction 127 Prerequisites for Using the Web ManagerFigure 3-1: Web Manager Prompt When Another Administrative User is Logged InIf the dialog i

Prerequisites for Using the Web Manager 128AlterPath OnSite Administrator’s and User’s GuideIf DHCP is enabled and you do not know how to find out t

Introduction 129 Other Web Manager Login and Port Connection Options and RequirementsSee Chapter 5, “Web Manager Wizard Mode,” for how to perform c

Other Web Manager Login and Port Connection Options and Requirements 130AlterPath OnSite Administrator’s and User’s GuideKVM Port Connection Options

Introduction 131 Other Web Manager Login and Port Connection Options and RequirementsFigure 3-2: Web Manager Login Fields With KVM Port Direct Acce

xviiiAlterPath OnSite Administrator’s and User’s GuideFigure 6-30:Web Manager Serial/AUX>Physical Ports>Data Buffering Fields and Menu Option

Other Web Manager Login and Port Connection Options and Requirements 132AlterPath OnSite Administrator’s and User’s GuideFigure 3-3: Web Manager Log

Introduction 133 Other Web Manager Login and Port Connection Options and RequirementsTable 3-2 gives the sequence for logging into servers connecte

Other Web Manager Login and Port Connection Options and Requirements 134AlterPath OnSite Administrator’s and User’s Guidewhere IP_address is the IP

Introduction 135 Web Manager Inactivity TimeoutsWeb Manager Inactivity TimeoutsAn inactivity timeout period is set in the Web Manager for security.

Common Features of Administrative User’s Windows 136AlterPath OnSite Administrator’s and User’s GuideCommon Features of Administrative User’s Window

Introduction 137 Common Features of Administrative User’s WindowsTrying, Saving, and Restoring Configuration ChangesThe various options for trying,

Common Features of Administrative User’s Windows 138AlterPath OnSite Administrator’s and User’s GuideSee “How Configuration Files Changes Are Manage

139Chapter 4Web Manager for Regular UsersThis chapter provides procedures and requirements for regular users to use the Web Manager to do the follow

Features of Regular Users’ Windows 140AlterPath OnSite Administrator’s and User’s GuideFeatures of Regular Users’ WindowsThe following figure shows

Web Manager for Regular Users 141 Connect to ServerThe following table lists the sections where the options on the user’s menu are described. Conne

Figures xix Figure 6-45:Web Manager Configuration>Inband Edit Screen... 274Figure 6-46: Web Manager Configuration>Security Menu Options...

Connect to Server 142AlterPath OnSite Administrator’s and User’s GuideFigure 4-1: Connect to Server Screen [User]On the latest versions of the OnSit

Web Manager for Regular Users 143 Connect to Server>Connect to OnSiteConnect to Server>Connect to OnSiteClicking the “Connect to OnSite” radi

Connect to Server>Connect to Serial Ports 144AlterPath OnSite Administrator’s and User’s GuideConnect to Server>Connect to Serial PortsThe lis

Web Manager for Regular Users 145 Connect to Server>Connect to KVM PortsNote: If you are a regular user and the menu of KVM ports is empty or do

Connect to Server>Connect to KVM Ports 146AlterPath OnSite Administrator’s and User’s GuideShow Connections Link and DialogOn the latest versions

Web Manager for Regular Users 147 Connect to Server>Connect to KVM PortsFigure 4-7: Show Connections DialogIf the Show Connections Dialog is ava

IPDU Power Mgmt. [User] 148AlterPath OnSite Administrator’s and User’s GuideIPDU Power Mgmt. [User]When you select the “IPDU Power Mgmt.” option in

Web Manager for Regular Users 149 IPDU Power Mgmt.>Outlets Manager [User]A screen like the one in the following figure appears if the current us

IPDU Power Mgmt.>Outlets Manager [User] 150AlterPath OnSite Administrator’s and User’s GuideYellow bulbs indicate an outlet is switched on. Gray

Web Manager for Regular Users 151 IPDU Power Mgmt.>View IPDUs Info4. To momentarily power an outlet off and then on again, click the adjacent “C

© 2006 Cyclades Corporation, all rights reservedInformation in this document is subject to change without notice.The following are registered or regis

xxAlterPath OnSite Administrator’s and User’s GuideFigure 6-65:Web Manager Configuration>Network> ...Host Settings Scree

IPDU Power Mgmt.>View IPDUs Info 152AlterPath OnSite Administrator’s and User’s GuideA separate entry appears for each port that is configured fo

Web Manager for Regular Users 153 IPDU Power Mgmt.>View IPDUs InfoYou can view the following information about each IPDU (under Unit Information

IPDU Power Mgmt.>IPDU Multi-Outlet Ctrl 154AlterPath OnSite Administrator’s and User’s GuideIPDU Power Mgmt.>IPDU Multi-Outlet CtrlWhen an aut

Web Manager for Regular Users 155 IPDU Power Mgmt.>IPDU Multi-Outlet CtrlFigure 4-8: IPDU Multi-Outlet Ctrl Error ScreenA screen like the follo

IPDU Power Mgmt.>IPDU Multi-Outlet Ctrl 156AlterPath OnSite Administrator’s and User’s GuideTable 4-4: IPDU Multi-Outlet Ctrl. Form IconsNote: Th

Web Manager for Regular Users 157 Security [User]Security [User]When you select the “Security” menu option as a regular user, a screen for changing

Temperature Sensors [User] 158AlterPath OnSite Administrator’s and User’s GuideTemperature Sensors [User]When you select the “Temperature Sensors” o

Web Manager for Regular Users 159 Temperature Sensors [User]2. Select “FPGA,” “Power Supply,” “CPU” from the pull-down menu.3. Click “Connect.” The

Temperature Sensors [User] 160AlterPath OnSite Administrator’s and User’s Guide

161Chapter 5Web Manager Wizard ModeThis chapter describes the Web Manager Wizard mode on the OnSite. The following table lists the topics in this ch

Figures xxi Figure 6-84:“New/Mod SNMP v1 v2” Configuration Dialog Box... 3

Wizard Screen Features 162AlterPath OnSite Administrator’s and User’s GuideWizard Screen FeaturesThe following figure shows the features of the Wiza

Introduction 163 Step 1: Security Profile [Wizard]Step 1: Security Profile [Wizard]In Wizard Mode, when “Step 1: Security Profile” is selected, a s

Step 1: Security Profile [Wizard] 164AlterPath OnSite Administrator’s and User’s GuideAfter the OK button is clicked, a screen reappears showing the

Introduction 165 Step 1: Security Profile>SecuredOtherwise, a dialog appears like the one shown in the following screen example.The Web Manager

Step 1: Security Profile>Open 166AlterPath OnSite Administrator’s and User’s GuideNote: If you select the “Secured” security profile, make sure t

Introduction 167 Step 1: Security Profile>CustomStep 1: Security Profile>CustomThe following figure shows the features that can be enabled an

Step 2: Network Settings [Wizard] 168AlterPath OnSite Administrator’s and User’s Guide3. Click the appropriate button to select a security profile.4

Introduction 169 Step 2: Network Settings [Wizard]Figure 5-7: Web Manager Wizard Step 2: Network Settings screen—Without DHCPIf the “DHCP” checkbox

Step 2: Network Settings [Wizard] 170AlterPath OnSite Administrator’s and User’s GuideBefore making any changes to existing network settings, you ma

Introduction 171 Step 3: Serial Port Profile [Wizard]Step 3: Serial Port Profile [Wizard]In Wizard mode, selecting “Step 3: Serial Port Profile” br

xxiiAlterPath OnSite Administrator’s and User’s GuideFigure 6-102:Firewall Configuration “Add Rule” and “Edit Rule” Input and Output Interface Fiel

Step 3: Serial Port Profile [Wizard] 172AlterPath OnSite Administrator’s and User’s GuideExpert mode provides many additional options for custom con

Introduction 173 Step 3: Serial Port Profile [Wizard]Note: You cannot configure KVM ports in Wizard mode. To configure KVM ports, see “Configuratio

Step 3: Serial Port Profile [Wizard] 174AlterPath OnSite Administrator’s and User’s GuideT To Configure Serial Ports [Wizard]Perform this procedure

Introduction 175 Step 4: Access [Wizard]6. To change the data size, select an option from 5 to 8 from the “Data Size” pull-down menu.The default is

Step 4: Access [Wizard] 176AlterPath OnSite Administrator’s and User’s Guide•Admin• Generic UserThe Admin (the “admin” account) has access to all fu

Introduction 177 Step 4: Access [Wizard]Note: To perform advanced configuration for users and groups, such as, for example, to restrict user access

Step 4: Access [Wizard] 178AlterPath OnSite Administrator’s and User’s Guide3. Enter the username and password in the “User Name” and “Password” fie

Introduction 179 Step 5: Data Buffering [Wizard]For example, select “admin.”3. Click “Change Password.” The “Change User Password” dialog box displ

Step 5: Data Buffering [Wizard] 180AlterPath OnSite Administrator’s and User’s GuideFigure 5-12:“Step 5: Data Buffering” Screen—RemoteMake sure that

Introduction 181 Step 5: Data Buffering [Wizard]You can perform advanced configuration in Expert mode including the option of setting up data buffe

Figures xxiii Figure 6-121:Web Manager Information>Serial Port Statistics Screen...

Step 6: System Log [Wizard] 182AlterPath OnSite Administrator’s and User’s Guidea. In the “NFS File Path” field, enter the pathname for the mount po

Introduction 183 Step 6: System Log [Wizard]Before setting up syslogging, make sure an already-configured syslog server is available on the same ne

Step 6: System Log [Wizard] 184AlterPath OnSite Administrator’s and User’s GuideT To Delete a Syslog Server [Wizard]1. In Wizard mode, go to “Step 6

185Chapter 6Web Manager for AdministratorsThis chapter is for administrative users who use the Web Manager to configure the OnSite and who can also

Common Tasks 186AlterPath OnSite Administrator’s and User’s GuideCommon TasksCommon OnSite administration tasks are listed in the following table. T

Web Manager for OnSite Administrators 187 Common TasksConfigure local or remote data buffering (to save console input to a log file) and specify al

Common Tasks 188AlterPath OnSite Administrator’s and User’s Guide• Logins to devices through serial ports. • “To Configure a Serial Port Authenticat

Web Manager for OnSite Administrators 189 Expert ModeExpert ModeIf you are in Wizard mode and need to perform advanced configuration, click the Exp

Expert Mode 190AlterPath OnSite Administrator’s and User’s GuideNote: Shortcuts are often used to indicate how to get to Web Manager screens. For ex

Web Manager for OnSite Administrators 191 Overview of Menus and Screens in Expert ModeOverview of Menus and Screens in Expert ModeThe following fig

xxivAlterPath OnSite Administrator’s and User’s GuideFigure 7-16:Selecting SNMP From the OSD Network Configuration Menu...

Access 192AlterPath OnSite Administrator’s and User’s GuideAccessUnder “Access” in Expert mode, six options appear in the left menu, as shown in the

Web Manager for OnSite Administrators 193 Access>IPDU Power Mgmt.T To Connect to the OnSite Console as admin [Expert]This procedure logs the adm

Access>IPDU Power Mgmt. 194AlterPath OnSite Administrator’s and User’s GuideUsers can manage power using the tabbed screens if the following two

Web Manager for OnSite Administrators 195 Access>IPDU Power Mgmt.>Users ManagerAccess>IPDU Power Mgmt.>Users ManagerSelecting the “User

Access>IPDU Power Mgmt.>Users Manager 196AlterPath OnSite Administrator’s and User’s GuideBy default, only administrative users can perform IP

Web Manager for OnSite Administrators 197 Access>IPDU Power Mgmt.>ConfigurationThe “Add/Edit User x Outlets” dialog box appears.4. To add a n

Access>IPDU Power Mgmt.>Configuration 198AlterPath OnSite Administrator’s and User’s Guidevaries according to the model of the connected PM. T

Web Manager for OnSite Administrators 199 Access>IPDU Power Mgmt.>Software Upgradec. If enabling over-current protection, a buzzer, or alarm

Access>IPDU Power Mgmt.>Software Upgrade 200AlterPath OnSite Administrator’s and User’s Guidethe software version it contains is more recent t

Web Manager for OnSite Administrators 201 Access>IPDU Multi-Outlet CtrlFor example, the version of AlterPath PM firmware in the previous figure

Figures xxv Figure 7-41:Configure>User Station: Mouse/Keyboard Reset Screen...

Access>IPDU Multi-Outlet Ctrl 202AlterPath OnSite Administrator’s and User’s Guideand manage the power on a group of outlets that provide power t

Web Manager for OnSite Administrators 203 Access>IPDU Multi-Outlet CtrlOutlets on multiple IPDUs can be managed as a group from this screen. An

Access>IPMI Power Mgmt. 204AlterPath OnSite Administrator’s and User’s GuideAccess>IPMI Power Mgmt.On the “IPMI Power Mgmt.” screen under “Acc

Web Manager for OnSite Administrators 205 Access>IPMI Power Mgmt.Figure 6-11:Web Manager IPMI Power Mgmt. “Add/Edit IPMI Device” Dialog Boxes Af

Access>IPMI Power Mgmt. 206AlterPath OnSite Administrator’s and User’s GuidePower Management of IPMI devices has the following prerequisites:• Th

Web Manager for OnSite Administrators 207 Access>IPMI Power Mgmt.2. To delete a previously-added IPMI device, select the device’s name and then

Access>Terminal Profile Menu 208AlterPath OnSite Administrator’s and User’s GuideAccess>Terminal Profile MenuSelecting the “Terminal Profile”

Web Manager for OnSite Administrators 209 Access>Terminal Profile MenuFigure 6-14:Web Manager Terminal Profile Menu “Add Option” Dialog BoxFor e

Access>Temperature Sensors 210AlterPath OnSite Administrator’s and User’s Guidea. Enter a title for the menu option in the “Title” field.b. Enter

Web Manager for OnSite Administrators 211 ConfigurationDefault and user-added profiles are saved in: /new_web/normal/applications/appl/profiles/See

xxviAlterPath OnSite Administrator’s and User’s Guide

Configuration>KVM 212AlterPath OnSite Administrator’s and User’s Guide• “Configuration>Serial/AUX” on page 227• “Configuration>Inband” on p

Web Manager for OnSite Administrators 213 Configuration>KVM>General>GeneralConfiguration>KVM>General>GeneralOn the General screen

Configuration>KVM>General>General 214AlterPath OnSite Administrator’s and User’s GuideEnabling Direct Access to KVM PortsWhen direct access

Web Manager for OnSite Administrators 215 Configuration>KVM>General>Generalredefine the common escape sequence portion of each hot key sep

Configuration>KVM>General>General 216AlterPath OnSite Administrator’s and User’s Guide3. To redefine the command key portion of any AlterPa

Web Manager for OnSite Administrators 217 Configuration>KVM>General>General• RADIUS (either RADIUS or RADIUS/DownLocal• TACACS+ (either TA

Configuration>KVM>General>Local User 218AlterPath OnSite Administrator’s and User’s GuideConfiguration>KVM>General>Local User Sele

Web Manager for OnSite Administrators 219 Configuration>KVM>General>IP UsersConfiguration>KVM>General>IP UsersOn the “IP Users” s

Configuration>KVM>General>IP Users 220AlterPath OnSite Administrator’s and User’s GuideFigure 6-20:Web Manager KVM>General>IP Users S

Web Manager for OnSite Administrators 221 Configuration>KVM>General>IP UsersT To Configure Local User Sessions [Expert]Perform this proced

xxviiTablesTable P-1: Document Organization ... xlivTable P-2: Typographic Conventions ...

Configuration>KVM>General>IP Users 222AlterPath OnSite Administrator’s and User’s Guide3. To change the screen saver timeout, enter a diffe

Web Manager for OnSite Administrators 223 Configuration>KVM>General>IP UsersKVM PortsSelecting Configuration>KVM>KVM Ports in Expert

Configuration>KVM>General>IP Users 224AlterPath OnSite Administrator’s and User’s GuideWhen you select a port and click the “Modify” button

Web Manager for OnSite Administrators 225 Configuration>KVM>General>IP UsersNote: On this version of the OnSite, cascading OnSites is not

Configuration>KVM>General>IP Users 226AlterPath OnSite Administrator’s and User’s GuideT To Configure an Alias for a KVM Port [Expert]1. Go

Web Manager for OnSite Administrators 227 Configuration>Serial/AUXConfiguration>Serial/AUXSelecting Configuration>Serial/AUX in Expert mod

Configuration>Serial/AUX>Physical Ports 228AlterPath OnSite Administrator’s and User’s GuideSee this procedure for how to select ports for mod

Web Manager for OnSite Administrators 229 Configuration>Serial/AUX>Physical Ports3. Go to the desired procedure from the following list.T To

Configuration>Serial/AUX>Physical Ports> General 230AlterPath OnSite Administrator’s and User’s GuideConfiguration>Serial/AUX>Physica

Web Manager for OnSite Administrators 231 Configuration>Serial/AUX>Physical Ports> GeneralAn administrative user can use the General scree

xxviiiAlterPath OnSite Administrator’s and User’s GuideTable 1-20: Port Numbers, Names, Device Filenames, TCP Port Numbers ...

Configuration>Serial/AUX>Physical Ports> General 232AlterPath OnSite Administrator’s and User’s GuideSerial/AUX>Physical Ports>Genera

Web Manager for OnSite Administrators 233 Configuration>Serial/AUX>Physical Ports> GeneralThe remaining serial port connection protocol op

Configuration>Serial/AUX>Physical Ports> General 234AlterPath OnSite Administrator’s and User’s GuideThe following table shows the tasks re

Web Manager for OnSite Administrators 235 Configuration>Serial/AUX>Physical Ports> GeneralSerial/AUX>Physical Ports>General>Modem

Configuration>Serial/AUX>Physical Ports> General 236AlterPath OnSite Administrator’s and User’s GuideT To Configure a Serial Port Connectio

Web Manager for OnSite Administrators 237 Configuration>Serial/AUX>Physical Ports> GeneralT To Configure a Serial Port Connection Protocol

Configuration>Serial/AUX>Physical Ports> General 238AlterPath OnSite Administrator’s and User’s GuideT To Configure an Alias for a Serial P

Web Manager for OnSite Administrators 239 Configuration>Serial/AUX>Physical Ports> AccessThe default is None.5. To change the data size, s

Configuration>Serial/AUX>Physical Ports> Access 240AlterPath OnSite Administrator’s and User’s GuideOn the Access screen under Configuratio

Web Manager for OnSite Administrators 241 Configuration>Serial/AUX>Physical Ports> AccessThe Access screen appears.3. To restrict access t

Tables xxixTable 3-1: Connecting to KVM Ports Via Web Manager When Direct Access is not Enabled...130Table 3-2: Connecting to

Configuration>Serial/AUX>Physical Ports>Data Buffering 242AlterPath OnSite Administrator’s and User’s GuideConfiguration>Serial/AUX>P

Web Manager for OnSite Administrators 243 Configuration>Serial/AUX>Physical Ports>Data BufferingFigure 6-30:Web Manager Serial/AUX>Phys

Configuration>Serial/AUX>Physical Ports>Data Buffering 244AlterPath OnSite Administrator’s and User’s Guidea. From the “Destination” pull-d

Web Manager for OnSite Administrators 245 Configuration>Serial/AUX>Physical Ports>Multi User7. Click “apply changes.”To configure alarm no

Configuration>Serial/AUX>Physical Ports>Multi User 246AlterPath OnSite Administrator’s and User’s GuideThe “Sniff Mode” pull-down menu opti

Web Manager for OnSite Administrators 247 Configuration>Serial/AUX>Physical Ports>Power ManagementConfiguration>Serial/AUX>Physical

Configuration>Serial/AUX>Physical Ports>Power Management 248AlterPath OnSite Administrator’s and User’s GuideNote: The checkbox next to “En

Web Manager for OnSite Administrators 249 Configuration>Serial/AUX>Physical Ports>Power Management• IPMI power management can be configure

Configuration>Serial/AUX>Physical Ports>Power Management 250AlterPath OnSite Administrator’s and User’s Guideport 3 is plugged into outlets

Web Manager for OnSite Administrators 251 Configuration>Serial/AUX>Physical Ports>Power Management3. To enable Power Management of a devic

iiiContentsBefore You Begin ...xliiiAudience ...

xxxAlterPath OnSite Administrator’s and User’s GuideTable 6-11: Tasks for Configuring Serial Ports (General)... 231Table 6-12: Protocols f

Configuration>Serial/AUX>Physical Ports>Power Management 252AlterPath OnSite Administrator’s and User’s Guide6. Click “apply changes.”T To

Web Manager for OnSite Administrators 253 Configuration>Serial/AUX>Physical Ports>OtherConfiguration>Serial/AUX>Physical Ports>Ot

Configuration>Serial/AUX>Physical Ports>Other 254AlterPath OnSite Administrator’s and User’s GuideWhen one of the dumb terminal connection

Web Manager for OnSite Administrators 255 Configuration>Serial/AUX>Physical Ports>Other2. Select the “Other” tab.The Other screen appears.

Configuration>Serial/AUX>Physical Ports>Other 256AlterPath OnSite Administrator’s and User’s GuideWhen one of the dumb terminal connection

Web Manager for OnSite Administrators 257 Configuration>Serial/AUX>Aux/Modem PortConfiguration>Serial/AUX>Aux/Modem PortSelecting Confi

Configuration>Serial/AUX>Aux/Modem Port 258AlterPath OnSite Administrator’s and User’s Guide• AUX port 2 can be used for power management whil

Web Manager for OnSite Administrators 259 Configuration>Serial/AUX>Aux/Modem PortPPP and the AUX and Modem PortsWhen configuring PPP connecti

Configuration>Serial/AUX>Aux/Modem Port 260AlterPath OnSite Administrator’s and User’s GuideFigure 6-41:Web Manager Configuration>Serial/AU

Web Manager for OnSite Administrators 261 Configuration>Serial/AUX>Aux/Modem Port Table 6-19: Fields for Configuring PPP on AuxPort or ModemP

Tables xxxiTable 6-33: Firmware Upgrade Screen Fields and Menu Items ...367Table 6-34: Microcode Filename Formats, Terminology, and Component...

Configuration>Serial/AUX>Aux/Modem Port 262AlterPath OnSite Administrator’s and User’s GuideModem InitializationThe modem initialization strin

Web Manager for OnSite Administrators 263 Configuration>Serial/AUX>Aux/Modem PortAT Commands for Modem InitializationIn most cases, the defau

Configuration>Serial/AUX>Aux/Modem Port 264AlterPath OnSite Administrator’s and User’s GuideDs Dial telephone number s, where s is the dial st

Web Manager for OnSite Administrators 265 Configuration>Serial/AUX>Aux/Modem PortHnHook control.n = 0 or 1Default: 0H0 – Go on-hook (hang up)

Configuration>Serial/AUX>Aux/Modem Port 266AlterPath OnSite Administrator’s and User’s GuideT To Configure an AUX Port for IPDU Power Manageme

Web Manager for OnSite Administrators 267 Configuration>Serial/AUX>Aux/Modem Port5. Accept or change the following values to match the modem’

Configuration>Serial/AUX>Notifications 268AlterPath OnSite Administrator’s and User’s Guide5. Accept or make any changes desired to the modem

Web Manager for OnSite Administrators 269 Configuration>Serial/AUX>NotificationsCaution! Alarms are not generated unless the checkbox is chec

Configuration>Serial/AUX>Notifications 270AlterPath OnSite Administrator’s and User’s GuideFigure 6-43:Web Manager Configuration>Serial/AUX

Web Manager for OnSite Administrators 271 Configuration>Serial/AUX>Notifications3. Select “Email,” “Pager,” or “SNMP trap” from the pull-down

xxxiiAlterPath OnSite Administrator’s and User’s GuideTable 7-24: Unique LDAP Authentication Server Configuration Screens [OSD]...

Configuration>Serial/AUX>Notifications 272AlterPath OnSite Administrator’s and User’s GuideT To Configure a Trigger for Pager Notification for

Web Manager for OnSite Administrators 273 Configuration>InbandThe choices are “Cold Start,” “Warm Start,” “Link Down,” “Link up,” “Authenticatio

Configuration>Inband 274AlterPath OnSite Administrator’s and User’s GuideClicking the “Add” or “Edit” buttons brings up a dialog with the fields

Web Manager for OnSite Administrators 275 Configuration>SecurityConfiguration>SecuritySelecting Configuration>Security in Expert mode brin

Configuration>Security>Authentication 276AlterPath OnSite Administrator’s and User’s GuideConfiguration>Security>AuthenticationSelecting

Web Manager for OnSite Administrators 277 Configuration>Security>AuthenticationConfiguring Authentication for OnSite LoginsThe default authen

Configuration>Security>Authentication 278AlterPath OnSite Administrator’s and User’s GuideConfiguring Authentication ServersThe administrator

Web Manager for OnSite Administrators 279 Configuration>Security>AuthenticationT To Configure a Kerberos Authentication Server [Expert]Perfor

Configuration>Security>Authentication 280AlterPath OnSite Administrator’s and User’s GuideNote: Kerberos authentication depends on time synchr

Web Manager for OnSite Administrators 281 Configuration>Security>Authenticationc. Enter the number of the timezone where the OnSite is locate

xxxiiiProceduresChapter 2: Accessing Connected Devices and Managing Power ...73TTo Log Into a Ser

Configuration>Security>Authentication 282AlterPath OnSite Administrator’s and User’s GuideBefore starting this procedure, find out the followi

Web Manager for OnSite Administrators 283 Configuration>Security>AuthenticationFigure 6-50:Web Manager LDAP Authentication Server Screen2. Su

Configuration>Security>Authentication 284AlterPath OnSite Administrator’s and User’s GuideWork with the NTLM server’s administrator to ensure

Web Manager for OnSite Administrators 285 Configuration>Security>AuthenticationT To Configure a NIS Authentication Server [Expert]Perform thi

Configuration>Security>Authentication 286AlterPath OnSite Administrator’s and User’s GuideFigure 6-53:Web Manager Radius Authentication Server

Web Manager for OnSite Administrators 287 Configuration>Security>AuthenticationSee “Configuring Groups for TACACS+” on page 512 for how the g

Configuration>Security>Users & Groups 288AlterPath OnSite Administrator’s and User’s GuideThe changes are stored in /etc/tacplus.conf on t

Web Manager for OnSite Administrators 289 Configuration>Security>Users & GroupsKVM port access permissions differently as described under

Configuration>Security>Users & Groups 290AlterPath OnSite Administrator’s and User’s GuideAdding a GroupIf the “Add” button is clicked the

Web Manager for OnSite Administrators 291 Configuration>Security>Users & GroupsSetting KVM Port PermissionsIf a user or group name is sel

xxxivAlterPath OnSite Administrator’s and User’s GuideChapter 3: Web Manager Introduction...125TTo Log Into the Web Manager...

Configuration>Security>Users & Groups 292AlterPath OnSite Administrator’s and User’s GuideFigure 6-59:KVM Access List “Default Permissions

Web Manager for OnSite Administrators 293 Configuration>Security>Users & GroupsSeparate lists of ports can be specified with any of the f

Configuration>Security>Users & Groups 294AlterPath OnSite Administrator’s and User’s GuideTo continue the example, because of the KVM perm

Web Manager for OnSite Administrators 295 Configuration>Security>Users & Groups2. Select the name of the user whose password you want to

Configuration>Security>Users & Groups 296AlterPath OnSite Administrator’s and User’s GuideT To Select Users and Groups for Assigning KVM P

Web Manager for OnSite Administrators 297 Configuration>Security>ProfilesThe “Set KVM Permissions for the device” dialog box displays as show

Configuration>Network 298AlterPath OnSite Administrator’s and User’s GuideConfiguration>NetworkSelecting Configuration>Network in Expert mo

Web Manager for OnSite Administrators 299 Configuration>Network>Host SettingsConfiguration>Network>Host SettingsWhen Configuration>N

Configuration>Network>Host Settings 300AlterPath OnSite Administrator’s and User’s GuideFigure 6-66:Web Manager Configuration>Network>Ho

Web Manager for OnSite Administrators 301 Configuration>Network>Host SettingsT To Configure Hosts [Expert]1. Go to Configuration>Network&g

Procedures xxxv TTo Delete, Add, or Edit an IPMI Device to Enable or Disable IPMI Power Management [Expert]...

Configuration>Network>Host Settings 302AlterPath OnSite Administrator’s and User’s Guidea. Enter the name assigned to the IP address of the On

Web Manager for OnSite Administrators 303 Configuration>Network>SyslogConfiguration>Network>SyslogWhen Configuration>Network>Sysl

Configuration>Network>Syslog 304AlterPath OnSite Administrator’s and User’s GuideThe top of the screen is used to tell the OnSite where to sen

Web Manager for OnSite Administrators 305 Configuration>Network>PCMCIA Management6. Click “apply changes.”Configuration>Network>PCMCIA

Configuration>Network>PCMCIA Management 306AlterPath OnSite Administrator’s and User’s GuideWhile configuring a PCMCIA card, you must inserted

Web Manager for OnSite Administrators 307 Configuration>Network>PCMCIA ManagementConfiguring a Modem PCMCIA CardAn administrative user can us

Configuration>Network>PCMCIA Management 308AlterPath OnSite Administrator’s and User’s Guide Figure 6-71:Modem PCMCIA Card Configuration Dialo

Web Manager for OnSite Administrators 309 Configuration>Network>PCMCIA ManagementBy default, the IP address 10.0.0.1 is assigned. Only change

Configuration>Network>PCMCIA Management 310AlterPath OnSite Administrator’s and User’s GuideFigure 6-73: ISDN PCMCIA Card Configuration Dialog

Web Manager for OnSite Administrators 311 Configuration>Network>PCMCIA Management6. Click “apply changes.”Configuring a GSM PCMCIA CardAn adm

xxxviAlterPath OnSite Administrator’s and User’s GuideTTo Configure an AUX Port for PPP [Expert]...266TTo Co

Configuration>Network>PCMCIA Management 312AlterPath OnSite Administrator’s and User’s GuideFigure 6-75:GSM PCMCIA Card Configuration Dialog B

Web Manager for OnSite Administrators 313 Configuration>Network>PCMCIA Managementb. Enter a number for the OnSite to use to call back the GSM

Configuration>Network>PCMCIA Management 314AlterPath OnSite Administrator’s and User’s GuideSee “To Begin Configuring a PCMCIA Card [Expert]”

Web Manager for OnSite Administrators 315 Configuration>Network>PCMCIA ManagementT To Configure a Compact Flash or Hard Disk PCMCIA Card [Exp

Configuration>Network>PCMCIA Management 316AlterPath OnSite Administrator’s and User’s GuideT To Configure a Wireless LAN PCMCIA Card [Expert]

Web Manager for OnSite Administrators 317 Configuration>Network>PCMCIA ManagementFigure 6-79:CDMA PCMCIA Card Configuration DialogAs shown in

Configuration>Network>PCMCIA Management 318AlterPath OnSite Administrator’s and User’s GuideFigure 6-80:CDMA PCMCIA Card Configuration Dialog

Web Manager for OnSite Administrators 319 Configuration>Network>PCMCIA Management6. To configure authentication using OTP passwords, check th

Configuration>Network>VPN Connections 320AlterPath OnSite Administrator’s and User’s GuideConfiguration>Network>VPN ConnectionsWhen Conf

Web Manager for OnSite Administrators 321 Configuration>Network>VPN ConnectionsFigure 6-82:VPN “New/Modify Connection” Dialog BoxThe OnSite i

Procedures xxxvii TTo Configure SNMP [Expert]...326TTo Add a Chain [Expert]...

Configuration>Network>VPN Connections 322AlterPath OnSite Administrator’s and User’s GuideT To Configure VPN [Expert]To enable VPN, make sure

Web Manager for OnSite Administrators 323 Configuration>Network>SNMP9. Click “apply changes.”Configuration>Network>SNMPSelecting Config

Configuration>Network>SNMP 324AlterPath OnSite Administrator’s and User’s GuideThe values you need to complete the screen and associated dialo

Web Manager for OnSite Administrators 325 Configuration>Network>SNMPClicking the “Add” or “Edit” buttons under “SNMPv1/SNMPv2 Configuration”

Configuration>Network>SNMP 326AlterPath OnSite Administrator’s and User’s GuideThe related tasks are listed in the following table.T To Config

Web Manager for OnSite Administrators 327 Configuration>Network>Firewall Configurationa. Enter the user name in the “User name” field.b. Ente

Configuration>Network>Firewall Configuration 328AlterPath OnSite Administrator’s and User’s GuideThe list by default has three built-in chains

Web Manager for OnSite Administrators 329 Configuration>Network>Firewall ConfigurationFigure 6-88:Firewall Configuration “Edit Chain” Policy

Configuration>Network>Firewall Configuration 330AlterPath OnSite Administrator’s and User’s Guide Figure 6-91:Firewall Configuration “Add Chai

Web Manager for OnSite Administrators 331 Configuration>Network>Firewall ConfigurationFirewall Configuration: Options on the “Add Rule” and “

xxxviiiAlterPath OnSite Administrator’s and User’s Guide[OSD]...

Configuration>Network>Firewall Configuration 332AlterPath OnSite Administrator’s and User’s GuideFigure 6-95:Firewall Configuration “Add Rule”

Web Manager for OnSite Administrators 333 Configuration>Network>Firewall ConfigurationFigure 6-97:Firewall Configuration “Add Rule” and “Edit

Configuration>Network>Firewall Configuration 334AlterPath OnSite Administrator’s and User’s GuideFigure 6-99:Firewall Configuration “Add Rule”

Web Manager for OnSite Administrators 335 Configuration>Network>Firewall ConfigurationFirewall Configuration: ICMP Protocol FieldsIf ICMP is

Configuration>Network>Firewall Configuration 336AlterPath OnSite Administrator’s and User’s GuideFigure 6-101:Firewall Configuration “Add Rule

Web Manager for OnSite Administrators 337 Configuration>Network>Firewall ConfigurationFirewall Configuration: Input Interface, Output Interfa

Configuration>Network>Firewall Configuration 338AlterPath OnSite Administrator’s and User’s GuideFirewall Configuration: LOG TargetNote: If yo

Web Manager for OnSite Administrators 339 Configuration>Network>Firewall ConfigurationFirewall Configuration: REJECT TargetIf REJECT is selec

Configuration>Network>Firewall Configuration 340AlterPath OnSite Administrator’s and User’s GuideNote: Spaces are not allowed in the chain nam

Web Manager for OnSite Administrators 341 Configuration>Network>Firewall ConfigurationT To Edit a Rule [Expert]1. Go to Configuration>Netw

Procedures xxxix TTo Give a User Access to KVM Ports [OSD] ...463TTo Edit a User or Group’s Access to KVM Port

Configuration>Network>Host Tables 342AlterPath OnSite Administrator’s and User’s GuideConfiguration>Network>Host TablesSelecting Configu

Web Manager for OnSite Administrators 343 Configuration>Network>Static RoutesConfiguration>Network>Static RoutesSelecting Configuration

Configuration>Network>Static Routes 344AlterPath OnSite Administrator’s and User’s GuideFigure 6-107:Static Routes “Add” and “Edit” Fields and

Web Manager for OnSite Administrators 345 Configuration>Network>Static RoutesFigure 6-109:Static Routes “Add” and “Edit” Fields and Menu Opti

Configuration>Network>Static Routes 346AlterPath OnSite Administrator’s and User’s GuideT To Configure Static Routes [Expert]See Table 6-30, “

Web Manager for OnSite Administrators 347 Configuration>SystemConfiguration>SystemSelecting Configuration>System in Expert mode brings up

Configuration>System>Time/Date 348AlterPath OnSite Administrator’s and User’s GuideIf “Disable” is selected from the Network Time Protocol men

Web Manager for OnSite Administrators 349 Configuration>System>Time/DateSelecting From the Timezone MenuThe “Timezone” menu is shown in the f

Configuration>System>Time/Date 350AlterPath OnSite Administrator’s and User’s Guideii. Enter an acronym in the “Standard Time Acronym” field.i

Web Manager for OnSite Administrators 351 Configuration>System>Boot Configuration3. To configure time and date manually, do the following ste

ivAlterPath OnSite Administrator’s and User’s GuidePrerequisites for Logging to Syslog Servers ... 28OnSite System Logg

xlAlterPath OnSite Administrator’s and User’s GuideChapter 8: Miscellaneous Procedures...501TTo Disable Web Manager Timeouts...

Configuration>System>Boot Configuration 352AlterPath OnSite Administrator’s and User’s GuideLocal Boot OptionsTo understand the “Unit boot fro

Web Manager for OnSite Administrators 353 Configuration>System>Boot ConfigurationBackup Configuration Information” for where these advanced c

Configuration>System>Boot Configuration 354AlterPath OnSite Administrator’s and User’s GuideT To Configure OnSite Boot [Expert]For more inform

Web Manager for OnSite Administrators 355 Configuration>System>Online HelpConfiguration>System>Online HelpSelecting Configuration>Sy

Configuration>System>Online Help 356AlterPath OnSite Administrator’s and User’s GuideT To Configure a New Location for OnSite Help Files 1. Do

Web Manager for OnSite Administrators 357 Information5. Click “apply changes.” InformationUnder “Information” in Expert mode, four options appear i

Information>General 358AlterPath OnSite Administrator’s and User’s GuideInformation>GeneralSelecting Information>General in Expert mode bri

Web Manager for OnSite Administrators 359 Information>GeneralAdministrative users can view information in the following categories on the screen

Information>KVM User Status 360AlterPath OnSite Administrator’s and User’s GuideInformation>KVM User StatusSelecting Information>KVM User S

Web Manager for OnSite Administrators 361 Information>Serial Ports StatusInformation>Serial Ports StatusSelecting Information>Serial Port

Procedures xli Chapter 9: Troubleshooting...559TTo Recover from root Authentication Failure ...

Information>Serial Ports Statistics 362AlterPath OnSite Administrator’s and User’s GuideInformation>Serial Ports StatisticsSelecting Informati

Web Manager for OnSite Administrators 363 ManagementManagementUnder “Management” in Expert mode, six options appear in the left menu, as shown in t

Management>Backup Configuration 364AlterPath OnSite Administrator’s and User’s Guide• OnSite firmware (for upgrading the operating system kernel,

Web Manager for OnSite Administrators 365 Management>Backup ConfigurationThe “Save” and “Load” buttons appear when either the “FTP” and the “Sto

Management>Firmware Upgrade 366AlterPath OnSite Administrator’s and User’s GuideT To Back Up or Download the OnSite Configuration Files [Expert]1

Web Manager for OnSite Administrators 367 Management>Firmware UpgradeAn administrative user can use the screen to upgrade the OnSite’s operating

Management>Firmware Upgrade 368AlterPath OnSite Administrator’s and User’s GuideT To Find the Cyclades Pathname for Software or Microcode Upgrade

Web Manager for OnSite Administrators 369 Management>Firmware Upgrade5. If upgrading the microcode on microcontrollers that translate PS2 signal

Management>Microcode Upgrade 370AlterPath OnSite Administrator’s and User’s Guide8. Click “cancel changes” (to restore the backed up configuratio

Web Manager for OnSite Administrators 371 Management>Microcode UpgradeThe actual pathname components must be entered in the “Directory” and “Fil

xliiAlterPath OnSite Administrator’s and User’s Guide

Management>Microcode Upgrade 372AlterPath OnSite Administrator’s and User’s GuideT To Download Microcode From an FTP Server [Expert]1. Go to Mana

Web Manager for OnSite Administrators 373 Management>Microcode ResetManagement>Microcode ResetSelecting Management>Microcode Reset in Expe

Management>Reboot 374AlterPath OnSite Administrator’s and User’s Guide4. To reset the microcode on an IP module, select the radio button next to

375Chapter 7OSD for All User TypesThis chapter describes how to access, navigate, and use the onscreen display (OSD) application. This chapter cover

376AlterPath OnSite Administrator’s and User’s GuideConfiguring Users and Groups [OSD] Page 458Configure>Users and Groups Screens [OSD] Page 450

OSD for All User Types 377 Accessing the OSDAccessing the OSDLocal OnSite administrators and authorized users can access the OSD through the Local

Accessing the OSD 378AlterPath OnSite Administrator’s and User’s GuideThe following table lists tasks performed using the OSD and provides links to

OSD for All User Types 379 Logging Into the OSDLogging Into the OSDThe OSD login screen appears when the connected monitor is on. Figure 7-1: OSD L

Logging Into the OSD 380AlterPath OnSite Administrator’s and User’s GuideFigure 7-3: OSD Connection MenuThe Connection Menu includes the Exit option

OSD for All User Types 381 Navigating the OSDNavigating the OSDUsers can use navigation keys to move between the OSD screens and to make menu selec

xliiiBefore You BeginThis administrator’s and users guide provides background information and procedures for installing, configuring, and administer

Power Management Through the OSD 382AlterPath OnSite Administrator’s and User’s GuideCommon OSD Navigation ActionsThe “Action” column in Table 7-3 s

OSD for All User Types 383 OSD Fan Failure WarningPower Management While Connected to a KVM Port (OSD)Both administrative users and authorized user

Power Management Menu [OSD] 384AlterPath OnSite Administrator’s and User’s GuidePower Management Menu [OSD]Choosing “Power Management” from the OSD

OSD for All User Types 385 Power Management Menu [OSD]Figure 7-6: Outlet Status Screen—Outlet UnlockedWhen an outlet is off and unlocked, the “On,”

Configure Menu Overview [OSD] 386AlterPath OnSite Administrator’s and User’s Guide4. Select On, Off, Lock, Unlock, or Cycle as appropriate.5. To cha

OSD for All User Types 387 Configure Menu Overview [OSD]Date/TimeEnable/disable NTP or manually configure the system date and time. “Configure>N

Understanding OSD Configure Screen Series 388AlterPath OnSite Administrator’s and User’s GuideUnderstanding OSD Configure Screen SeriesSelecting an

OSD for All User Types 389 Configure>General Screens [OSD]Note: The Save button on every screen saves configuration changes into the configurati

Configure>General Screens [OSD] 390AlterPath OnSite Administrator’s and User’s GuideTable 7-6 gives a brief description of the sequence of Genera

OSD for All User Types 391 Configure>General: Authentication Type ScreenConfigure>General: Authentication Type ScreenAn administrative user c

xlivAlterPath OnSite Administrator’s and User’s GuideDocument OrganizationThe document contains the chapters listed and described in the following

Configure>General: Syslog Facility Screen 392AlterPath OnSite Administrator’s and User’s Guideconfigured for the selected type of method. See “On

OSD for All User Types 393 Configure>General: Sun Keyboard Screencan change the first portion of the hot keys. See “Configuring Keyboard Shortcu

Configure>General: 3DES Screen 394AlterPath OnSite Administrator’s and User’s Guide2. On the IP Security screen, select the IP security level (No

OSD for All User Types 395 Configure>Network Menu Options [OSD]Note: Do not use reserved port numbers 1 through 1024. T To Assign Alternate TCP

Configure>Network Menu Options [OSD] 396AlterPath OnSite Administrator’s and User’s GuideSelecting Network brings up the Network Configuration Me

OSD for All User Types 397 Configure>Network>Network Screens [OSD]Configure>Network>Network Screens [OSD]An administrative user can sel

Configure>Network>Network Screens [OSD] 398AlterPath OnSite Administrator’s and User’s GuideTable 7-7 gives a description of all the related c

OSD for All User Types 399 Configure>Network>Network Screens [OSD]T To Configure Basic Networking [OSD]1. From the OSD Main Menu, go to Confi

Configure>Network>SNMP Screens [OSD] 400AlterPath OnSite Administrator’s and User’s Guideb. Press Enter.The IP address screen appears.c. Ente

OSD for All User Types 401 Configure>Network>SNMP Screens [OSD]Figure 7-17:OSD Configure>Network>SNMP ScreensSee “SNMP on the OnSite” o

Before You Begin xlv Related DocumentsThe following document for the Cyclades AlterPath OnSite is shipped with the product.• AlterPath OnSite QuickS

Configure>Network>SNMP Screens [OSD] 402AlterPath OnSite Administrator’s and User’s GuideSysLocationThe physical location of the OnSite.Access

OSD for All User Types 403 Configure>Network>VPN Screens [OSD]Configure>Network>VPN Screens [OSD]An administrative user can select the

Configure>Network>VPN Screens [OSD] 404AlterPath OnSite Administrator’s and User’s Guideconfigured VPN connection. See “VPN on the OnSite” on

OSD for All User Types 405 Configure>Network>VPN Screens [OSD]Figure 7-20:OSD Configure>Network>VPN Options and ScreensTable 7-9 gives

Configure>Network>VPN Screens [OSD] 406AlterPath OnSite Administrator’s and User’s GuideLocal IDThe hostname of the OnSite, referred to as the

OSD for All User Types 407 Configure>Network>VPN Screens [OSD]Remote IP The IP address of the remote host or security gateway.Remote NexthopT

Configure>Network>IP Filtering Screens [OSD] 408AlterPath OnSite Administrator’s and User’s GuideConfigure>Network>IP Filtering Screens

OSD for All User Types 409 Configure>Network>IP Filtering Screens [OSD]Figure 7-21:OSD Configure>Network>IP Filtering Screens

Configure>Network>IP Filtering Screens [OSD] 410AlterPath OnSite Administrator’s and User’s GuideThe following table shows the IP filtering sc

OSD for All User Types 411 Configure>Network>IP Filtering Screens [OSD]Chain - CHAIN_NAME Edit optionsAppears when a default chain is selecte

xlviAlterPath OnSite Administrator’s and User’s GuideTypographic and Other ConventionsThe following table describes the typographic conventions use

Configure>Network>IP Filtering Screens [OSD] 412AlterPath OnSite Administrator’s and User’s GuideUser ChainAppears when “User Defined Chain” i

OSD for All User Types 413 Configure>Network>IP Filtering Screens [OSD]ProtocolChoices are “All,” “Numeric,” “TCP,” “UDP,” “ICMP.” Protocol N

Configure>Network>IP Filtering Screens [OSD] 414AlterPath OnSite Administrator’s and User’s GuideACK Flag“ACK” (acknowledge), appears only if

OSD for All User Types 415 Configure>Network>IP Filtering Screens [OSD]Output InterfaceAppears only if “All,” “Numeric,” “TCP,” “UDP,” or “IC

Configure>Network>IP Filtering Screens [OSD] 416AlterPath OnSite Administrator’s and User’s GuideICMP Type Options are listed in the following

OSD for All User Types 417 Configure>Network>Hosts Screens [OSD]Configure>Network>Hosts Screens [OSD]An administrative user can select

Configure>Network>Hosts Screens [OSD] 418AlterPath OnSite Administrator’s and User’s GuideFigure 7-22:OSD Configure>Network>Hosts Screen

OSD for All User Types 419 Configuring Hosts [OSD]Configuring Hosts [OSD]An administrative user can use the Configure>Network>Hosts screen to

Configure>Network>Static Routes Screens [OSD] 420AlterPath OnSite Administrator’s and User’s GuideConfigure>Network>Static Routes Screen

OSD for All User Types 421 Configure>Network>Static Routes Screens [OSD]Figure 7-23:OSD Configure>Network>Static Routes ScreensThe foll

Before You Begin xlvii The following table describes other terms and conventions.Table P-3: Other Terms and Conventions Term or Convention Meaning E

Configuring Static Routes [OSD] 422AlterPath OnSite Administrator’s and User’s GuideConfiguring Static Routes [OSD]An administrative user can use th

OSD for All User Types 423 Configuring Static Routes [OSD]T To Add a Static Route [OSD]1. Go to Configure>Static Routes.The Static Routes Action

Configuring Static Routes [OSD] 424AlterPath OnSite Administrator’s and User’s Guide6. To add a static route to a gateway, do the following:a. Selec

OSD for All User Types 425 Configuring Static Routes [OSD]c. If you select “Gateway,” go to Step 6d. If you select “Network Device,” go to Step 75.

Configure>Network>Date/time Screens [OSD] 426AlterPath OnSite Administrator’s and User’s GuideThe “Metric” screen appears.9. On the “Metric” s

OSD for All User Types 427 Configure>User Station Screens [OSD]Figure 7-24:OSD Configure>Date/time ScreensIf NTP is enabled, the following sc

Configure>User Station Screens [OSD] 428AlterPath OnSite Administrator’s and User’s GuideThe following diagram lists the configuration screens ac

OSD for All User Types 429 Configure>User Station Screens [OSD]Scr. saver timeout The period of inactivity before the screen saver starts. Def

Configure>User Station Screens [OSD] 430AlterPath OnSite Administrator’s and User’s GuideMouse/Keyboard Redefine the command key portion of t

OSD for All User Types 431 Configuring User Station Screens [OSD]Configuring User Station Screens [OSD]An administrative user can use the screens u

xlviiiAlterPath OnSite Administrator’s and User’s GuideAdditional ResourcesThe following sections describe how to get technical support, training,

Configuring User Station Screens [OSD] 432AlterPath OnSite Administrator’s and User’s GuideSpecify the type of keyboard connected to the Local User

OSD for All User Types 433 Configure>User Station: Idle Timeout [OSD]Configure>User Station: Idle Timeout [OSD]The system logs out users afte

Configure>Users Station>Cycle Time [OSD] 434AlterPath OnSite Administrator’s and User’s GuideFigure 7-28:Configure>User Station: Scr. Saver

OSD for All User Types 435 Configure>Users Station: Keyboard Type [OSD]2. Use the forward or back button to adjust the time in minutes.3. Select

Configure>KVM Ports Screens [OSD] 436AlterPath OnSite Administrator’s and User’s GuideFigure 7-31:Configure>User Station: Quit ScreenT To Spec

OSD for All User Types 437 Configure>KVM Ports Screens [OSD]The following table shows the KVM port configuration screens.Table 7-15: KVM Port Co

Configuring KVM Ports [OSD] 438AlterPath OnSite Administrator’s and User’s GuideConfiguring KVM Ports [OSD]An administrative user can use the screen

OSD for All User Types 439 Configuring KVM Ports [OSD]• Type the first letters of the port name until the desired port is highlighted in the port l

Configure>Serial Ports Screens [OSD] 440AlterPath OnSite Administrator’s and User’s Guidea. To verify the new server name, select Save.The KVM Po

OSD for All User Types 441 Configure>Serial Ports Screens [OSD]Note: The OSD does not support connecting to serial ports. However, authorized us

1Chapter 1IntroductionThis chapter gives an overview of the features of the AlterPath OnSite and of how to use the features to securely access and m

Configure>Serial Ports Screens [OSD] 442AlterPath OnSite Administrator’s and User’s GuideThe following table shows the serial port configuration

OSD for All User Types 443 Configure>Serial Ports Screens [OSD]Server alias Appears only when a single port is selected. Lets you assign a descr

Configure>Serial Ports Screens [OSD] 444AlterPath OnSite Administrator’s and User’s GuideConfig power outlet Appears only when a single port is s

OSD for All User Types 445 Configure>Serial Ports Screens [OSD]Port permissions Choices are: “Port access list” or “Grant/Deny access.”By defaul

Configuring Serial Ports [OSD] 446AlterPath OnSite Administrator’s and User’s GuideConfiguring Serial Ports [OSD]An administrative user can use the

OSD for All User Types 447 Configuring Serial Ports [OSD]The “Serial ports” menu appears with the name of the selected port displayed on the first

Configuring Serial Ports [OSD] 448AlterPath OnSite Administrator’s and User’s GuideT To Enable Power Management Through a Serial Port [OSD]This proc

OSD for All User Types 449 Configuring Serial Ports [OSD]T To Configure Who Can Access Serial Ports [OSD]After selecting a serial port, an administ

Configure>Users and Groups Screens [OSD] 450AlterPath OnSite Administrator’s and User’s Guide9. Select “grant” or “deny” as desired.10. Select “A

OSD for All User Types 451 Configure>Users and Groups Screens [OSD]When “Users and Groups” is selected, the “Choose an option” screen appears, a

Contents v VPN on the OnSite ... 54Monitoring Temperatures ...

2AlterPath OnSite Administrator’s and User’s GuideConfiguring Keyboard Shortcuts (Hot Keys) Page 63Packet Filtering on the OnSite Page 65

Configure>Users and Groups Screens [OSD] 452AlterPath OnSite Administrator’s and User’s GuideFigure 7-35:OSD Configure>Users and Groups Screen

OSD for All User Types 453 Configure>Users and Groups Screens [OSD]The following table shows the configuration screens that appear when the “Loc

Configure>Users and Groups Screens [OSD] 454AlterPath OnSite Administrator’s and User’s GuideThe following table shows the configuration screens

OSD for All User Types 455 Configure>Users and Groups Screens [OSD]An administrative user can use the User Access Lists menu to view and change

Configure>Users and Groups Screens [OSD] 456AlterPath OnSite Administrator’s and User’s Guideadministratively-configured users and groups. See “U

OSD for All User Types 457 Configure>Users and Groups Screens [OSD]Access list for username - select the server The access list includes the “Re

Configuring Users and Groups [OSD] 458AlterPath OnSite Administrator’s and User’s GuideConfiguring Users and Groups [OSD]An administrative user can

OSD for All User Types 459 Configuring Users and Groups [OSD]To understand how the hierarchy of permissions work when creating user permissions bet

Configuring Users and Groups [OSD] 460AlterPath OnSite Administrator’s and User’s GuideT To Add a User [OSD]1. Go to Configure>Users and Groups&g

OSD for All User Types 461 Configuring Users and Groups [OSD]The system displays a message to confirm your deletion.3. Click OK to return to the ma

Introduction 3 Connectors on the AlterPath OnSiteConnectors on the AlterPath OnSiteThe following table describes the purpose of the connectors on t

Configuring Users and Groups [OSD] 462AlterPath OnSite Administrator’s and User’s Guide3. Enter the username of the user to add to the group and pre

OSD for All User Types 463 Configuring Users and Groups [OSD]2. Choose from the following tasks:T To Give a User Access to KVM Ports [OSD]1. Go to

Configuring Users and Groups [OSD] 464AlterPath OnSite Administrator’s and User’s GuideT To Edit a User or Group’s Access to KVM Ports [OSD]1. Go to

OSD for All User Types 465 Configuring Users and Groups [OSD]• w – Write•p – Power. 8. To reapply the default permissions to a particular user or g

Configure>Syslog Screens [OSD] 466AlterPath OnSite Administrator’s and User’s GuideConfigure>Syslog Screens [OSD]An administrative user can se

OSD for All User Types 467 Configure>PCMCIA Screens [OSD]The following diagram lists the screens for configuring PCMCIA modem cards.Figure 7-36:

Configure>PCMCIA Screens [OSD] 468AlterPath OnSite Administrator’s and User’s GuideWhen configuring a new card, the administrative user selects t

OSD for All User Types 469 Configure>PCMCIA Screens [OSD]PCMCIA ModemAppears only when PPP is enabled. Choices are: “PPP” for disabling and enab

Configure>Authentication Screens [OSD] 470AlterPath OnSite Administrator’s and User’s GuideCaution! Before physically ejecting a card, always sel

OSD for All User Types 471 Configure>Authentication Screens [OSD]The following diagram lists the Authentication screens.Figure 7-37:OSD Configur

Connectors on the AlterPath OnSite 4AlterPath OnSite Administrator’s and User’s GuideSerial PortsSerial ports provide remote access to many types of

Configure>Authentication Screens [OSD] 472AlterPath OnSite Administrator’s and User’s GuideThe following tables show the screens that appear when

OSD for All User Types 473 Configure>Authentication Screens [OSD]The following table shows the unique screens for configuring an LDAP server, wh

Configure>Authentication Screens [OSD] 474AlterPath OnSite Administrator’s and User’s GuideThe following table shows the configuration screens fo

OSD for All User Types 475 Configure>Authentication Screens [OSD]Acct. Server1 and Acct. Server2 IP addresses of one or two optional accounting

Configure>Authentication Screens [OSD] 476AlterPath OnSite Administrator’s and User’s GuideThe following table shows the screens for configuring

OSD for All User Types 477 Configuration>Save/Load Configuration Screens [OSD]See “Configuring Authentication [OSD]” on page 491 for more inform

Configuration>Save/Load Configuration Screens [OSD] 478AlterPath OnSite Administrator’s and User’s GuideThe following diagram lists the Save/Load

OSD for All User Types 479 Configuration>Save/Load Configuration Screens [OSD]The following table shows the screens that appear when the “Save/L

Configure>Date/Time [OSD] 480AlterPath OnSite Administrator’s and User’s GuideSee “Configuring the Saving and Restoring of Configuration Files [O

OSD for All User Types 481 Configure>Date/Time [OSD]T To Enable the NTP Server to Set the Time and Date [OSD]1. From the Main menu of the OSD, g

Introduction 5 Overview of OnSite FeaturesWhen a KVM port is accessed through the Web Manager the AlterPath Viewer appears and displays the video f

Configure>Date/Time [OSD] 482AlterPath OnSite Administrator’s and User’s Guide2. On the NTP screen, select “disabled.”The Date entry screen appea

OSD for All User Types 483 Configure>User Station: Power Management Command Key [OSD]Configure>User Station: Power Management Command Key [OS

Configure>User Station: Video Configuration Command Key [OSD] 484AlterPath OnSite Administrator’s and User’s GuideFigure 7-41:Configure>User S

OSD for All User Types 485 Configure>User Station: Switch Next Command Key [OSD]T To Specify the User Station Video Configuration Command Key [O

Configure>User Station: Switch Previous Command Key [OSD] 486AlterPath OnSite Administrator’s and User’s GuideConfigure>User Station: Switch P

OSD for All User Types 487 Configuring PCMCIA Cards [OSD]Figure 7-45:Configure>User Station: Port Info ScreenT To Specify the Keys Used in the C

Configuring the Saving and Restoring of Configuration Files [OSD] 488AlterPath OnSite Administrator’s and User’s Guide• To disable PPP, select the “

OSD for All User Types 489 Configuring the Saving and Restoring of Configuration Files [OSD]3. Select OK to complete the procedure. T To Load The C

Configuring the Saving and Restoring of Configuration Files [OSD] 490AlterPath OnSite Administrator’s and User’s GuideT To Save Configuration Files

OSD for All User Types 491 Configuring Authentication [OSD]6. Type the password used to access the FTP server.7. Select Save to restore the configu

Overview of OnSite Features 6AlterPath OnSite Administrator’s and User’s GuideThe following table lists the security features that administrators ca

Configuring Authentication [OSD] 492AlterPath OnSite Administrator’s and User’s GuideSee Table 7-29 for a list of tasks for configuring authenticati

OSD for All User Types 493 Configuring Authentication [OSD]Work with the Kerberos server’s administrator to ensure that following types of accounts

Configuring Authentication [OSD] 494AlterPath OnSite Administrator’s and User’s Guideb. Enter set_timezone.A list of timezones appears followed by a

OSD for All User Types 495 Configuring Authentication [OSD]An administrative user can enter information in the following two fields, but an entry i

Configuring Authentication [OSD] 496AlterPath OnSite Administrator’s and User’s GuideThe changes are stored in /etc/ldap.conf on the OnSite.T To Con

OSD for All User Types 497 System Info Menu [OSD]T To Configure an SMB Authentication Server [OSD]Perform the following to identify the authenticat

System Info Menu [OSD] 498AlterPath OnSite Administrator’s and User’s GuideThe following table shows the type of information displayed on the System

OSD for All User Types 499 Reboot [OSD]Reboot [OSD]An administrative user can choose the Reboot option on the OSD Main Menu to reboot the OnSite. T

Reboot [OSD] 500AlterPath OnSite Administrator’s and User’s Guide

501Chapter 8Miscellaneous ProceduresThis chapter describes how to perform configuration procedures that cannot be performed using the Web Manager.Di

Introduction 7 OnSite Authentication OptionsOnSite Authentication OptionsAnyone accessing the OnSite must log in by entering a username and passwor

Disabling or Modifying Inactivity Timeouts 502AlterPath OnSite Administrator’s and User’s GuideDisabling or Modifying Inactivity TimeoutsAn inactivi

Miscellaneous Procedures 503 OTP ConfigurationOTP ConfigurationAs introduced in “One Time Password Authentication on the OnSite” on page 18, OPIE (

OTP Configuration 504AlterPath OnSite Administrator’s and User’s GuideThe following table lists the OTP authentication configuration tasks and where

Miscellaneous Procedures 505 OTP ConfigurationFor more details about OTP, see: http://www.freebsd.org/doc/en/books/handbook/one-time-passwords.html

OTP Configuration 506AlterPath OnSite Administrator’s and User’s GuideEditing the otp.conf File OTP expects its user databases to reside in /mnt/opi

Miscellaneous Procedures 507 OTP ConfigurationT To Specify the Location for the OTP Databases1. Log in to the OnSite’s console as root.2. Change to

OTP Configuration 508AlterPath OnSite Administrator’s and User’s Guideexodus.cyclades.com and the path to a /home/opie directory on the NFS server.5

Miscellaneous Procedures 509 OTP Configuration3. Perform the procedure under“To Register and Generate OTP Passwords for Users” on page 510.How User

OTP Configuration 510AlterPath OnSite Administrator’s and User’s GuideT To Register and Generate OTP Passwords for Users Do this procedure for each

Miscellaneous Procedures 511 OTP ConfigurationIn the example, the opiepasswd command generates a default OPIE sequence number of 499 and a creates

OnSite Authentication Options 8AlterPath OnSite Administrator’s and User’s GuideNote: KVM port authentication only applies when KVM ports are config

Configuring Groups on LDAP, NTLM, RADIUS, and TACACS+ Authentication Servers 512AlterPath OnSite Administrator’s and User’s GuideConfiguring Groups

Miscellaneous Procedures 513 Configuring Groups on LDAP, NTLM, RADIUS, and TACACS+ Authentication Servers•Add the raccess service to each user’s co

Configuring Groups on LDAP, NTLM, RADIUS, and TACACS+ Authentication Servers 514AlterPath OnSite Administrator’s and User’s Guide• timeout: The time

Miscellaneous Procedures 515 Configuring Groups on LDAP, NTLM, RADIUS, and TACACS+ Authentication Serverswhere: • auth1: The first RADIUS authentic

Configuring Groups on LDAP, NTLM, RADIUS, and TACACS+ Authentication Servers 516AlterPath OnSite Administrator’s and User’s GuideConfiguring a RADIU

Miscellaneous Procedures 517 Configuring Groups on LDAP, NTLM, RADIUS, and TACACS+ Authentication ServersThe following screen example shows entries

Configuring Groups on LDAP, NTLM, RADIUS, and TACACS+ Authentication Servers 518AlterPath OnSite Administrator’s and User’s Guidea. Log into the OnS

Miscellaneous Procedures 519 Configuring Groups on LDAP, NTLM, RADIUS, and TACACS+ Authentication ServersT To Configure Active Directory Schema1. I

Administering Security Certificates for HTTPS and SSH on the OnSite 520AlterPath OnSite Administrator’s and User’s GuideAdministering Security Certi

Miscellaneous Procedures 521 Administering Security Certificates for HTTPS and SSH on the OnSiteConfiguring Security CertificatesOnSite generates i

Introduction 9 OnSite Authentication OptionsThe following table lists the supported authentication methods and indicates which methods are availabl

Administering Security Certificates for HTTPS and SSH on the OnSite 522AlterPath OnSite Administrator’s and User’s Guide############################

Miscellaneous Procedures 523 Administering Security Certificates for HTTPS and SSH on the OnSitedefault_keyfile = ./private/cakey.pemdefault_md = m

Administering Security Certificates for HTTPS and SSH on the OnSite 524AlterPath OnSite Administrator’s and User’s GuideT To Configure an SSL Certif

Miscellaneous Procedures 525 Administering Security Certificates for HTTPS and SSH on the OnSite3. Replace the default Cyclades data with your orga

Administering Security Certificates for HTTPS and SSH on the OnSite 526AlterPath OnSite Administrator’s and User’s GuideT To Obtain an Signed Certif

Miscellaneous Procedures 527 Administering Security Certificates for HTTPS and SSH on the OnSiteNote: The generated request includes the public key

Administering Security Certificates for HTTPS and SSH on the OnSite 528AlterPath OnSite Administrator’s and User’s GuideThe following screen example

Miscellaneous Procedures 529 Administering Security Certificates for HTTPS and SSH on the OnSitePrerequisites for Enabling and Using X.509 Certific

Administering Security Certificates for HTTPS and SSH on the OnSite 530AlterPath OnSite Administrator’s and User’s GuideThe following screen example

Miscellaneous Procedures 531 Administering Security Certificates for HTTPS and SSH on the OnSiteb. Uncomment the lines shown in the following scree

OnSite Authentication Options 10AlterPath OnSite Administrator’s and User’s GuideKerberos Down/Local Uses local authentication if Kerberos server is

Using the CLI Utility 532AlterPath OnSite Administrator’s and User’s GuideNote: All the file and pathnames edited in this procedure are listed in th

Miscellaneous Procedures 533 Using the CLI Utility• By remote logins through SSH, an IPSec VPN tunnel, dial-ins through PPP or a terminal emulation

Using the CLI Utility 534AlterPath OnSite Administrator’s and User’s GuideThe following screen example shows CLI entered like any other command on t

Miscellaneous Procedures 535 Using the CLI UtilityAs shown in the previous example, usage information appears before the cli> prompt appears.As

Using the CLI Utility 536AlterPath OnSite Administrator’s and User’s GuideThe following screen example shows entering the CLI command with the -s op

Miscellaneous Procedures 537 Using the CLI Utility• Any type of shell can be used to run CLI commands along with other commands. For a very simple

Using the CLI Utility 538AlterPath OnSite Administrator’s and User’s GuideYou could then make the script executable and execute it on the command li

Miscellaneous Procedures 539 Using the CLI UtilityExample:Pressing the Tab key after a parameter shows the parameters at the next level down in the

Using the CLI Utility 540AlterPath OnSite Administrator’s and User’s GuideSaving CLI ChangesConfiguration changes made in any of the CLI modes are o

Miscellaneous Procedures 541 Using the CLI UtilityThe following table shows CLI hot keys that are supported in interactive mode.:Viewing the CLI Co

Introduction 11 OnSite Authentication OptionsLDAP/Local Uses local authentication if LDAP authentication failsXXLocal/LDAP Uses LDAP authentication

Using the CLI Utility 542AlterPath OnSite Administrator’s and User’s GuideThe CLI command history buffer stores last 500 commands. The history is cu

Miscellaneous Procedures 543 Using the CLI UtilityThe following screen example illustrates the use of the info command. Entering info administratio

Using the CLI Utility 544AlterPath OnSite Administrator’s and User’s GuideShowThe following screen example shows the use of the show command. After

Miscellaneous Procedures 545 Using the CLI UtilityT To Add a User With CLI1. Log into the OnSite console and bring up the CLI utility.2. Add the us

Configuring Dial-Out 546AlterPath OnSite Administrator’s and User’s GuideConfiguring Dial-OutDial-out through the OnSite is required by certain appl

Miscellaneous Procedures 547 Configuring Dial-OutConfiguring the /etc/generic-dial.conf FileThe file /etc/generic-dial.conf defines dial-out instan

Configuring Dial-Out 548AlterPath OnSite Administrator’s and User’s GuideinPort.device /dev/ttyXXThe device name for the port to be controlled by th

Miscellaneous Procedures 549 Configuring Dial-OutThe following screen example shows the tail of an /etc/generic-dial.conf file with a dial-out inst

Configuring Dial-Out 550AlterPath OnSite Administrator’s and User’s Guidenumber is defined as 7001. An appl.retry definition is added that changes t

Miscellaneous Procedures 551 Configuring Dial-Out2. Remove the pound signs from the sample dial-out instance.3. Change the instance name, inPort.na

viAlterPath OnSite Administrator’s and User’s GuideSharing KVM Port Connections ... 92KVM Por

OnSite Authentication Options 12AlterPath OnSite Administrator’s and User’s GuideNTLM (Windows NT/2000/2003 Domain)Uses user/password configured on

Configuring Dial-Out 552AlterPath OnSite Administrator’s and User’s GuideConfiguring the /etc/ppp/peers FileThe default file in /etc/ppp/peers is ca

Miscellaneous Procedures 553 Configuring Dial-OutIf the administrator chooses to create another chat file in /etc/chatscripts, the administrator mu

Configuring Dial-Out 554AlterPath OnSite Administrator’s and User’s GuideConfiguring the /etc/chatscripts/wireless FileBy default, the /etc/ppp/peer

Miscellaneous Procedures 555 Configuring Dial-OutConfiguring the /etc/pcmcia/serial.opts FilePerform the following procedure to do the following:•

Configuring Dial-Out 556AlterPath OnSite Administrator’s and User’s GuideT To Configure Automatic Restart of Dial-Out in the /etc/daemon.d/gendial.s

Miscellaneous Procedures 557 Configuring Dial-Out3. Save and quit the file.4. Check the route(s) by issuing the following command.Configuring Dial-

Configuring Dial-Out 558AlterPath OnSite Administrator’s and User’s GuideThe following screen example shows the format.where <N> is the serial

559Chapter 9TroubleshootingThis chapter provides information related to troubleshooting the OnSite.The following table lists the sections in this ch

Connection Methods for Troubleshooting 560AlterPath OnSite Administrator’s and User’s GuideConnection Methods for TroubleshootingThis section summar

Troubleshooting 561 Recovering from root Authentication Failure Recovering from root Authentication FailureUse the following procedure if an attemp

Introduction 13 OnSite Authentication OptionsRADIUS Down/LocalUses local authentication if RADIUS server is down.X XXRADIUS/LocalUses local authent

Recovering from root Authentication Failure 562AlterPath OnSite Administrator’s and User’s GuideFor example, in the portion of the nsswitch.conf fil

Troubleshooting 563 Restarting the Web ManagerRestarting the Web ManagerIf the Web Manager stops responding the web server may be either inactive o

Replacing a Boot Image for Troubleshooting 564AlterPath OnSite Administrator’s and User’s GuideReplacing a Boot Image for TroubleshootingInformation

565AAdvanced Boot and Backup Configuration InformationThis appendix provides information related to configuring boot file locations and managing con

Boot File Location Information 566AlterPath OnSite Administrator’s and User’s GuideBoot File Location InformationThe information in this section is

Advanced Boot and Backup Configuration Information 567 Downloading a New Software Version(which is mounted read only), and the third partition (whi

Changing the Boot Image 568AlterPath OnSite Administrator’s and User’s Guidecurrentimage is changed so that the system boots from the new image.• Do

Advanced Boot and Backup Configuration Information 569 Changing the Boot ImageThe cli> prompt appears.3. Enter config administration bootconfig.

Changing the Boot Image 570AlterPath OnSite Administrator’s and User’s GuideChanging the Boot Image in U-Boot Monitor ModeYou can access U-Boot moni

Advanced Boot and Backup Configuration Information 571 Changing the Boot ImageT To Boot from an Alternate Image in U-Boot Monitor Mode1. Go to U-Bo

OnSite Authentication Options 14AlterPath OnSite Administrator’s and User’s GuideAuthentication Server RequirementsIf configuring any authentication

Network Boot Options and Caveats 572AlterPath OnSite Administrator’s and User’s GuideNetwork Boot Options and CaveatsWhen a network boot is performe

Advanced Boot and Backup Configuration Information 573 Network Boot Options and Caveats2. Set the “bootfile,” “serverip,” and “ipaddr” environment

How Configuration Files Changes Are Managed 574AlterPath OnSite Administrator’s and User’s GuideNote: Be aware that the --doformat option erases the

Advanced Boot and Backup Configuration Information 575 How Configuration Files Changes Are ManagedChanges to configuration files can be both made a

How Configuration Files Changes Are Managed 576AlterPath OnSite Administrator’s and User’s GuideHow Factory Defaults Are SavedA compressed copy of t

Advanced Boot and Backup Configuration Information 577 Options for the create_cf Command2. If you are logged into the OnSite console as root throug

Options for the create_cf Command 578AlterPath OnSite Administrator’s and User’s GuideThe following table provides more information about the create

Advanced Boot and Backup Configuration Information 579 Options for the create_cf CommandExamples for create_cf Command UsageAll the examples assume

Options for the restoreconf Command 580AlterPath OnSite Administrator’s and User’s GuideOptions for the restoreconf CommandAs described in other sec

581Glossary1UOne rack unit (also referred to as 1RU). A standard measurement equal to 1.75” (4.45 cm) of vertical space on a rack or cabinet that i

Introduction 15 OnSite Authentication OptionsTasks for Configuring AuthenticationAdministrative users usually use the Web Manager for configuring a

582AlterPath OnSite Administrator’s and User’s GuidealiasAn easy-to-remember, usually-short, usually-descriptive name used instead of a full name

Glossary 583 is one of the security features provided on Cyclades products to enable customers to enforce their data center security policies. A us

584AlterPath OnSite Administrator’s and User’s GuideBIOS (basic input/output systemPronounced “bye-ose.” Instructions in the onboard flash memory

Glossary 585 CDMA (code division multiple access)A mobile data service available to users of CDMA mobile phones. CHAP (challenge handshake authenti

586AlterPath OnSite Administrator’s and User’s GuideCLI parameter treeEach version of the Cyclades CLI utility has a set of commands and parameter

Glossary 587 CycladesA corporation founded in 1989 to provide unique networking solutions. Named after the ground-breaking French packet-switching

588AlterPath OnSite Administrator’s and User’s GuideDNS (domain name service or system)A service that translates domain names (such as cyclades.co

Glossary 589 encryptionTranslation of data into a secret format using a series of mathematical functions so that only the recipient can decode it.

590AlterPath OnSite Administrator’s and User’s GuideExpect scriptA script written using expect, a scripting language based on Tcl, the Tool Comman

Glossary 591 HTTP (hypertext transfer protocol)Protocol defining the rules for communication between Web servers and browser across the Internet. H

OnSite Authentication Options 16AlterPath OnSite Administrator’s and User’s GuideConfigure the authentication method for KVM port access or accept t

592AlterPath OnSite Administrator’s and User’s GuideIPDUs that can be remotely managed when they are connected to AlterPath devices, such as the A

Glossary 593 end. Has two modes, transport and tunnel mode. Tunnel mode encrypts the entire packet. Transport mode encrypts application headers, TC

594AlterPath OnSite Administrator’s and User’s GuideLDAP (lightweight directory access protocol)A directory service protocol used for authenticati

Glossary 595 MIIMONA value set when configuring Ethernet failure to specify how often the active interface is inspected for link failures. A value

596AlterPath OnSite Administrator’s and User’s Guidefeatures supported by the service processor, the user must be a trusted user who is specifical

Glossary 597 network time protocol (See NTP)netmaskThe dotted-decimal expression that determines which portion of an IP address represents the netw

598AlterPath OnSite Administrator’s and User’s GuideOOBI (Out-of-band Infrastructure)An integrated systems approach to remote administration. Cons

Glossary 599 point to point protocol (See PPP)point to point tunneling protocol (See PPTP)PPP (point to point protocol)A method that creates a conn

600AlterPath OnSite Administrator’s and User’s Guideremote supervisor adapter II (See RSA II)remote system control (See RSC)rmenushThe default log

Glossary 601 center security policies while providing out-of-band access to managed systems.Also provided in most Cyclades products are security pr

Introduction 17 OnSite Authentication OptionsThe following table shows the options for configuring authentication using the Web Manager, OSD or CLI

602AlterPath OnSite Administrator’s and User’s GuideshellA command interpreter on UNIX-based operating systems (like the Linux operating system

Glossary 603 SNMP manager Any computer running SNMP manager software. Also called a network management station or SNMP server. SNMP manager softwar

604AlterPath OnSite Administrator’s and User’s Guideconsolidation, SRM substantially lowers the cost and complexity of deploying service processor

Glossary 605 some administrators as a more-reliable protocol than the UDP protocol used by RADIUS. One of many standard authentication protocols su

606AlterPath OnSite Administrator’s and User’s Guide

607IndexNumerics10.0.0.1 IP addressfor Ethernet card 312, 318for ISDN card 310for modem card 309100BaseT, 10BaseT Ethernet ports 33DES encryptionin

608AlterPath OnSite Administrator’s and User’s Guidealiasesfor IPDUs, configuring with Web Manager 198for IPMI devices, configuring with Web Manager

Index 609 authentication servers, configuring (continued)LDAPwith OSD 494with Web Manager 281list of tasks 15NISwith OSD 497NTLMwith OSD 497with Web M

610AlterPath OnSite Administrator’s and User’s GuideBIOS access 4, 5bonding 301boot configurationfields and options, Web Manager 353Web Manager scree

Index 611 chains, packet filtering 65, 340configuring with Web Manager 339channel number, for PCMCIA wireless card configuration 316clear max detected

OnSite Authentication Options 18AlterPath OnSite Administrator’s and User’s GuideOne Time Password Authentication on the OnSiteOPIE (one-time passwo

612AlterPath OnSite Administrator’s and User’s Guideconfiguration (continued)KVM Web Manager options 212, 223–226, 227local groups, with OSD 461local

Index 613 configuring (continued)userspasswords with Wizard 175power managemen authorizations with Web Manager 196with Wizard 175VPN connectionsfield

614AlterPath OnSite Administrator’s and User’s GuideDdaemon.sh command 563restart GDF 556restart WEB 502, 528, 531WEB option 563daisy-chaining Alter

Index 615 DHCP (continued)OSD configuration screen 398diagnostic information, accessing 4dial-insintroduction 41–42accessing Web Manager through 126co

616AlterPath OnSite Administrator’s and User’s Guideencryption (continued)AlterPath Viewer 82recommendations 79configuringwith OSD 391, 394with Web M

Index 617 factory defaultsconfiguration 577, 578, 579to restore 576, 577configuration files 388, 576to restore the configuration 577failover 301fan, v

618AlterPath OnSite Administrator’s and User’s GuideGeneric Userconfiguring KVM port permissions with OSD 465default permissions 38using to assign th

Index 619 hot keys (continued)previous port 87quit 86reset keyboard and mouse 88, 99configuring with OSD 483switch next, configuring with OSD 485switc

620AlterPath OnSite Administrator’s and User’s Guideinverted options for packet filteringintroduction 67configuring with Web Manager 331IP addressesc

Index 621 IPMI power management (continued)serial port hot key 104serial port menu 109with Web Manager 204, 208ipmitool command 51IPSecintroduction 54

Introduction 19 Types of UsersTypes of UsersThe AlterPath OnSite supports three types of users: • Predefined administrators who can administer the

622AlterPath OnSite Administrator’s and User’s GuideKVM ports, configuring (continued)authentication for direct accesswith Web Manager 46direct acces

Index 623 Linuxcommands 578kernel 566Linux operating system 4, 112commands, using on a dumb terminal 234on connected devices 4on the OnSite 40localacc

624AlterPath OnSite Administrator’s and User’s Guidelogins (continued)to the OnSite 7default authentication 7Web Manager options 76with OSD 379logout

Index 625 modems (continued)PCMCIA cards 41configuringauthentication for dial-ins 18with Web Manager 305configuring with OSD 487used for troubleshooti

626AlterPath OnSite Administrator’s and User’s GuideNotes (continued)about configuringdial in on Windows servers 116, 117multiple serial ports 446NFS

Index 627 OnSite (continued)configuring authentication for 17features overview 1–71host name displayed 138IP address displayed 138model displayed 138m

628AlterPath OnSite Administrator’s and User’s GuidePpacket filteringintroduction 65–71rules 66editing 341options 331pagersnotifications, configuring

Index 629 ports5900 48See also AUX ports, KVM ports, serial ports, port sharing, port numbersaccess permissions, introduction 32–38aliases 47conventio

630AlterPath OnSite Administrator’s and User’s Guideprotocols (continued)configuring 68, 335options 68IP filtering 332serial port, configuring for a

Index 631 RETURN target action 70Right host 54RJ-45 ports 3root useraccessing the OSD 377cannot log in 561managing IPDUs on the command line 120runnin

Types of Users 20AlterPath OnSite Administrator’s and User’s GuideParameters for Configuring User AccountsThe OnSite administrator configures user a

632AlterPath OnSite Administrator’s and User’s Guideserial ports 4authenticationdefaults 7footnote 18configuringaccess with Web Manager 240alarmswith

Index 633 serial ports (continued)using ssh to connect to 105viewer hot keys 63viewing status information, with Web Manager 361, 362Serial Ports Confi

634AlterPath OnSite Administrator’s and User’s GuideSNMP (continued)enbabling versions with Web Manager 326trap notificationsconfiguring, with Web Ma

Index 635 syslogconfiguringwith OSD 390, 392with Web Manager 303–305with Wizard 182data buffering 242facility numbersintroduction 28configuringwith OS

636AlterPath OnSite Administrator’s and User’s GuideTCP port numbers (continued)for raw socket sessionsconfiguringwith Web Manager 234for the Java ap

Index 637 time and dateconfiguring with OSD 426setting manuallywith OSD 481with Web Manager 349setting with an NTP serverwith OSD 481with Web Manager

638AlterPath OnSite Administrator’s and User’s Guideusers (continued)configuringIPDU power management user authorizations with Web Manager 196, 197,

Index 639 Web Manager (continued)for administrative users 185–374for regular users 139–159logging infor administrative users 128login screen 133option

640AlterPath OnSite Administrator’s and User’s Guide

Introduction 21 Types of UsersThe administrator can also authorize a user to access devices connected to KVM ports and to manage power outlets on a

Contents vii Connect to Server ... 141Connect to Server>Connect to OnSi

OnSite Security Profiles 22AlterPath OnSite Administrator’s and User’s Guide OnSite Security ProfilesAn important part of configuring the OnSite is

Introduction 23 OnSite Security Profiles•ICMP• SSHv1• SSHv2•SNMP•Telnet• Whether the following types of access are permitted to serial ports:• SSH

OnSite Security Profiles 24AlterPath OnSite Administrator’s and User’s GuideThe following tables describes the services that are enabled and disable

Introduction 25 OnSite Security ProfilesTable 1-11 describes the “Open” security profile.ICMP Default port numbers are not redefined:• HTTP port nu

OnSite Security Profiles 26AlterPath OnSite Administrator’s and User’s GuideTable 1-12 describes the “Secured” security profileIPSecRPCSNMP (any ver

Introduction 27 OnSite Security ProfilesThe security profiles can be selected and a custom security profile can be created using any of the followi

Notifications, Alarms, and Data Buffering 28AlterPath OnSite Administrator’s and User’s GuideNotifications, Alarms, and Data BufferingThe administra

Introduction 29 Notifications, Alarms, and Data Bufferinglocations. The available facility numbers are: Local 0 through Local 7. The administrator

Notifications, Alarms, and Data Buffering 30AlterPath OnSite Administrator’s and User’s Guidenotifications can be configured to be sent to an OnSite

Introduction 31 Encryptionadministrative user an configure notifications to be sent either by email, pager, or SNMP trap.” on page 268• “Configurat

viiiAlterPath OnSite Administrator’s and User’s GuideAccess>IPDU Power Mgmt.>Software Upgrade ... 199Access>IPDU

OnSite Port Permissions 32AlterPath OnSite Administrator’s and User’s GuideSee “Configuration>Security” on page 275 for the Web Manager screen an

Introduction 33 OnSite Port Permissions KVM port permissions for generic users, for all other types of users and for groups are configured by assig

OnSite Port Permissions 34AlterPath OnSite Administrator’s and User’s GuideKVM Port Permissions HierarchyAn administrator can give the same access t

Introduction 35 OnSite Port PermissionsFigure 1-1: KVM Port Permissions HierarchyUser attempts to access KVM port1.User has specific KVM port permi

OnSite Port Permissions 36AlterPath OnSite Administrator’s and User’s GuideDecision 2: Check Group’s KVM Port Permissions2. Is the user a member of

Introduction 37 OnSite Port PermissionsExample for Decision 3• If user jerry is trying to access port 4, and the Generic User has port 4 in a list

Support for Multiple Types of Access 38AlterPath OnSite Administrator’s and User’s Guide• If no, go to decision 6.Example for Decision 5• If user jo

Introduction 39 Support for Multiple Types of Accessdial-in connection to the internal modem, optional phone or wireless cards in the PCMCIA slots,

Support for Multiple Types of Access 40AlterPath OnSite Administrator’s and User’s Guide By connecting a terminal or computer running a terminal emu

Introduction 41 Dial-in Access Types and OptionsDial-in Access Types and OptionsAuthorized users can dial into the OnSite through any of the three

Contents ix Configuration>Security ... 275Configuration>Security>Authentic

Browser Access With the Web Manager 42AlterPath OnSite Administrator’s and User’s GuideThe following table lists the modem installation and configur

Introduction 43 Port Access PrerequisitesPort Access PrerequisitesConnecting to a port and accessing a server or other device requires the followin

Port Access Prerequisites 44AlterPath OnSite Administrator’s and User’s GuideAfter configuration, AdaptiveKVM provides network-efficient inband conn

Introduction 45 Port Access PrerequisitesConditions for Serial Port AccessIf port sharing is not enabled, then one user at a time can access a devi

Port Access Prerequisites 46AlterPath OnSite Administrator’s and User’s GuideFigure 1-2: Web Manager Login Fields With KVM Port Direct Access Enable

Introduction 47 Port Access PrerequisitesThe options for configuring direct access to KVM ports in the Web Manager and in the OSD are listed in the

Port Access Prerequisites 48AlterPath OnSite Administrator’s and User’s GuideThe TCP port numbers for serial ports are used when a user connects to

Introduction 49 Port Access PrerequisitesSpecial circumstances may require OnSite administrators to configure TCP port numbers different from the d

Power Management 50AlterPath OnSite Administrator’s and User’s GuidePower Management OnSite administrators and users who are authorized for power ma

Introduction 51 Power ManagementIPDU Power ManagementIPDU power management allows authorized users to control power for devices that are plugged in