Port assignments, Authentication versus Encryption | APC AP7900

Switched Rack PDU

USER’S GUIDE

®

Port assignments

If a Telnet, FTP, SSH/SCP, or Web/SSL/TLS server uses a non-standard port, a user must specify the port when using the client interface, such as a Web browser. The non-standard port address becomes an extra “password,” hiding the server to provide an additional level of security. The TCP ports for which these servers listen are initially set at the standard “well known ports” for the protocols. To hide the interfaces, use any port numbers from 5000 to 32768.

User names, passwords, community names (SNMP)

All user names, passwords, and community names for SNMP are transferred over the network as plain text. A user who is capable of monitoring the network traffic can determine the user names and passwords required to log on to the accounts of the control console or Web interface of the Switched Rack PDU. If your network requires the higher security of the encryption-based options available for the control console and Web interface, be sure to disable SNMP access or set its access to read-only. (Read-only access allows you to receive status information and to use SNMP traps.)

Authentication versus Encryption

You can select to use security features for the Switched Rack PDU that control access by providing basic authentication through user names, passwords, and IP addresses, without using encryption. These basic security features are sufficient for most environments in which sensitive data are not being transferred.

120

Image 123

APC AP7900 manual Port assignments, User names, passwords, community names Snmp, Authentication versus Encryption

Contents

Contents Data Menu Web Interface Only File Transfers Features of the Switched Rack PDU IntroductionProduct Description Initial setup Access Procedures Access priority for logging onOverview Types of user accounts Switched Rack PDU How to Recover From a Lost Password Switched Rack PDU Upgrading Firmware through a Serial Connection Switched Rack PDU Front Panel Single-phase Three-phase See Link-RX/TX 10/100 LED Function Condition Description Link-RX/TX 10/100 LED Load indicator LED Status LEDCurrent Overload threshold Watchdog Features Resetting the network timerNetwork interface watchdog mechanism Control Console How to Log On Remote access to the control console Local access to the control console Example main screen Main Screen Main screen information fields Information and status fields Main screen status fields Menu structure Control Console Menus Device Manager option Main menu System option Network option Web Interface Supported Web browsers URL address formats Status Summary Quick status tab Events menu Data menu Network menu System menu Navigation Menu To do the following, see Data Menu Web Interface Only Selecting a menu to perform a task Help menu Control Administrator and Device Manager access Links menu How to Configure and Control Outlet Groups Device and Outlet Management MenusOutlet group terminology Purpose and benefits of outlet groups System requirements for outlet groups Rules for configuring outlet groups How to enable outlet groups How to create a local outlet group Web interfaceParameter Description How to edit or delete an outlet group How to create multiple global outlet groups Web interface Typical outlet group configurations Switched Rack PDU Verify your setup and configuration for global outlet groups How to initiate a control action Outlet Settings for Outlets and Outlet Groups Option Description Value for Power On Delay.†For Reboot Duration.† Power On Delay. † Setting Description How to configure outlet settings and outlet name Switched Rack PDU Configure Load Thresholds Switched Rack PDU Settings How to configure Device Settings Power Supply Status control console only On Delay . † Scheduling Outlet Actions Web Interface OnlyActions you can schedule Power Off Delay.† How to schedule an outlet event How to edit, disable, enable, or delete an outlet event Event-Related Menus IntroductionMenu options Switched Rack PDU Event Log Logged events Web interfaceControl console How to use FTP or SCP to retrieve a log file Secure CoPy SCP Ftpget event.txt or Ftpget data.txt See Event log action Event Actions Web Interface Only Event log action Severity levels Syslog action Snmp traps actionEmail action Definition Trap Receiver settingsIdentified by the Receiver NMS IP/Domain Name setting Event Recipients Smtp Mail Feature Smtp settings DNS serversEmail Recipients Switched Rack PDU Smtp Code Description Severity How to Configure Individual EventsDetailed Event Action Configuration Event List Log Option Data Menu Web Interface Only Configuration Option Network Menu TCP/IP DNS TCP/IP Option Settings Switched Rack PDU Switched Rack PDU DNS FTP Server Ping utility control console only Telnet/SSH Switched Rack PDU If you are using SSH version 2, expect a noticeable delay Telnet SSH Server Configuration During that time Configuration Setting Definition Console, choose Advanced SSH Configuration and then Host Key See Smtp settings and E-mail Feature Syslog Severe is mapped to Critical Informational is mapped to Info Web/SSL Web/SSL/TLS in the control console Switched Rack PDU Web/SSL Network Configuration Http//159.215.12.1145000 Name and Password settings SSL/TSL Server Configuration Advanced SSL/TLS Configuration Organization O and Organizational Unit OU The name ISX Protocol control console only WAP System Menu Radius Device , by default, for Device Manager User Readonly , by default, for Read Only UserUser Manager Outlet User Manager 100 Radius Primary Server Radius Setting Definition AccessAccess setting to Local Only or Radius then Local Timeout Example Radius users file Example Radius users file with VSAs Date & Time Identification 106 Action Definition Tools APC’s Web Site , Testdrive Demo , and Remote Monitoring Links Web interfaceModem not supported About System 109 Boot Mode See Switched Rack PDU settings Dhcp & Bootp boot process Switched Rack PDU settings Dhcp Configuration Settings 113 APC Cookie. Tag 1, Len 4, Data 1APC Dhcp response options Boot Mode Transition. Tag 2, Len 1, Data 1/2 116 Security Access Description Security FeaturesPlanning and implementing security features Summary of access methods Snmp Web Server Changing default user names and passwords immediately User names, passwords, community names Snmp Authentication versus EncryptionPort assignments 121 Secure SHell SSH and Secure CoPy SCP Encryption 123 Secure Sockets Layer SSL/Transport Layer Security TLS See also and Signing Request Purpose Creating and Installing Digital Certificates Advantages Choosing a method for your system 128 129 Disadvantage 131 132 Firewalls Using the APC Security Wizard AuthenticationOverview Files you create for SSL and SSH security 136 Summary Create a Root Certificate & Server Certificates Procedure 139 140 Scp cert.p15 apc@156.205.6.185\sec\cert.p15 Create a Server Certificate and Signing Request 143 144 145 Create an SSH Host Key Load the host key to the Rack PDU. Perform these steps System requirements APC Device IP Configuration WizardPurpose configure basic TCP/IP settings Purpose and Requirements Install the Wizard Automated installationManual installation Configure the basic TCP/IP settings remotely Use the WizardLaunch the Wizard Select Remotely over the network, and click Next Select Locally through the serial port, and click Next Configure or reconfigure the TCP/IP settings locally How to Export Configuration Settings Summary of the procedureRetrieving and Exporting the .ini File Contents of the .ini file Detailed procedures NTPEnable=enabled Ftp put filename.ini Event and its error messages Upload Event and Error Messages Errors generated by overridden values Messages in config.ini Using the APC Device IP Configuration Wizard File Transfers Firmware files Switched Rack PDU Upgrading Firmware Methods and ToolsBenefits of upgrading firmware Obtain the latest firmware version 164 Firmware file transfer methods Apchw02aos264.bin Apchw02app266.bin Use FTP or SCP to upgrade one Rack PDU Ftp open 150.250.6.10 How to upgrade multiple Rack PDUs See Release Notes ini File Utility, version Use Xmodem to upgrade one Rack PDU 169 Verifying Upgrades and Updates Last Transfer Result codesCode Description Product Information Warranty and ServiceLimited warranty Warranty limitations Obtaining service Life-Support Policy General policyExamples of life-support devices Index Bootp Dhcp Error messages Keywords SCP Smtp TCP/IP Up Time APC Worldwide Customer Support Copyright