IPv6, Packet Filtering | Avocent ACS 5000 guide

6Cyclades® ACS 5000 Installation/Administration/User Guide

IPv6

The console server is compliant with IPv4, IPv6 and dual stack protocols so that you can enable IPv4 only, IPv6 only or both protocols, with support for dial-up connections and primary network connections. You can configure the appliance to obtain its IPv6 network parameters from a DHCPv6 server, by static configuration (IP address, prefix length and default gateway) or stateless auto-configuration. You can add an appliance to the local network using either its IPv6 address or a DNS name.

Services not supporting IPv6

The following services do not support IPv6:

•NIS authentication

•NFS data logging

•Virtual ports

VPN

The console server administrator can set up VPN connections to establish an encrypted communication between the console server and a host on a remote network. The encryption creates a security tunnel for dedicated communications.

You can use the VPN features on the console server to create a secure connection between the console server and every machine on the subnet at the remote location or between the console server and a single remote host.

To set up a security gateway, install IPSec on any machine performing networking over IP, including routers, firewall machines, application servers and end-user machines.

The ESP and AH authentication protocols are supported. RSA Public Keys and Shared Secret are supported.

For detailed information and procedures to configure a VPN connection, see VPN Connections on page 75.

Packet Filtering

The administrator can configure the device to filter packets like a firewall. IP filtering is controlled by chains and rules.

Structure of IP filtering

The Firewall Configuration form in the web manager is structured on two levels:

Image 14

Avocent ACS 5000 manual Packet Filtering, Services not supporting IPv6, Structure of IP filtering

Contents

Cyclades ACS FCC Warning Statement Canadian DOC Notice Cyclades ACS Symbols Used B L E of C on T E N T S Configuring the Console Server in Wizard Mode Vii Network Menu and Forms Appendix a Technical Specifications 143 Connectors on the Console Server Overview Accessing the Console Server and Connected Devices ACS 5000 Console Server Connectors Number Description Prerequisites for Using the Web Manager Web Manager Security AuthenticationTypes of Users Authentication Methods Supported Authentication Type Definition Packet Filtering Services not supporting IPv6IPv6 Structure of IP filtering Rule Add rule and edit rule optionsChain Add Rule and Edit Rule Option Definitions Filter Options UDP protocol options Numeric protocol optionsTCP protocol options Icmp protocol options Syslog servers Notifications, Alarms and Data BufferingExample of using facility numbers Prerequisites for logging to syslog servers Common Administrator Tasks for Configuring Software Console Server and Power ManagementConfiguring access to connected devices Managing Users of Connected Devices Additional requirements for Server Technology IPDUs Conventions used to identify outlets Configuring power management Configuring ports for power management by authorized users Hostname Discovery Options for managing powerPower management through the web manager Cyclades ACS 5000 Installation/Administration/User Guide Mounting the console server Important Pre-installation RequirementsBasic Installation Procedures To connect devices to serial ports Making an Ethernet connectionTo rack mount the console server To connect to the console port Console server serial port pin-out information To turn on the console server To use the wiz command to configure network parametersTurning on the console server and the connected devices To turn on connected devices To configure for IPv4 protocol To configure for IPv6 protocol Selecting a security profile using the web manager To use a dynamic IP address to access the web manager Other Methods of Accessing the Web ManagerAdding users and configuring ports using the web manager Selecting a security profile Connecting third-party IPDUs Connecting PDUsTo use the default IP address to access the web manager To daisy-chain PDUs to the console server To log into the web manager Using the Web ManagerFeatures of Regular User Forms Form area Connect to the console server Port access requirementsConnect Connect to serial ports Connection protocols for serial ports Ipdu Power Management Outlets Manager Bulb Outlets Group CtrlView Ipdu info Padlock PDU Power Factor Form Heading Description Example To change your password Common Features of Administrator Forms Administrator Web Manager Buttons Button name Use Try changes Click the try changes button Logging Into the Web Manager Overview of Administrative ModesWizard mode Expert mode Example of Web Manager Form in Wizard Mode Example of Web Manager Form in Expert Mode Cyclades ACS 5000 Installation/Administration/User Guide Pre-defined security profiles Default security profileSecurity Profile Custom security profile Http Serial port settings and security profiles To select or configure a security profile Port Profile Network SettingsTo configure the network settings Port Profile Setup Options Parameter Options Parameter Options AccessTo set parameters for all serial ports To add a user To delete a user To change a passwordData Buffering Wizard Data Buffering Field Names and Definitions Field name To configure data buffering System Log To add a syslog server To delete a syslog server Cyclades ACS 5000 Installation/Administration/User Guide Configuring the Console Server in Expert Mode Overview of menus and forms Expert Mode Screen Elements Number Description Applications Menu and Forms Connecting to the console serverConnecting to devices connected to the serial ports Connect To connect to a device through a serial port Ipdu Power ManagementApplications Ipdu Power Mgmt Outlets Manager Expert Outlets Manager Icons Description ButtonPurpose OFF Third-party Ipdu information displayed To view status, lock, unlock, rename or cycle power outletsAvocent PM PDU information displayed Expert Ouatlet Groups Ctrl Information Form Heading Applications Ipdu Power Mgmt. Outlets Group CtrlApplications Ipdu Power Mgmt. View IPDUs Info PM20i/30A Applications Ipdu Power Mgmt. Configuration To view and reset Ipdu information Ipdu Power Mgmt Configuration Description Shown Element Type To upgrade software on non-Cyclades IPDUs Applications Ipdu Power Mgmt. Software UpgradeTo upgrade software on a Cyclades PM Ipdu Expert To download Cyclades Ipdu software Applications PMD Configuration- Outlet Groups Expert Applications PMD ConfigurationApplications PMD Configuration- General To upgrade software on a Avocent PM PDU To authorize a user for Ipdu power management Applications PMD Configuration Users ManagementTo configure an outlet group To delete an outlet group Outlet entry conventions Prefix Group Expert Applications Terminal Profile Menu To create a menu for a local server terminal Click apply changes Host Settings Expert Network Menu Descriptions Menu Selection Disabling and enabling IPv4 or IPv6 protocols General host settingsDNS Service Disabling IPv4 IPv4 settings Disabling/Enabling IPv6 IPv6 settings IPv6 PPP interfaces IPv6 Ethernet interfacesIPv6 serial interfaces Other interfaces To configure host settings Expert from the General form To configure IPv4 protocol To configure IPv6 protocol Syslog VPN Connections MYCOMPANYDOMAIN-VPN To configure VPN Click on apply changes Description To configure Snmp Example, 193.168.44.0/24 Firewall Configuration Add button Edit buttonDelete button Edit Rules button Source or destination IP and mask Inverted checkboxesTarget pull-down menu options Protocol UDP protocol fields Numeric protocol fieldsTCP protocol fields Expert TCP Options Fields Field/Menu Option LOG target Icmp protocol fieldsInput interface, output interface and fragments To add a chain Firewall configuration proceduresReject target To edit a chain To add a rule To edit a rule To define the console server’s IP address and hostname Host TableStatic Routes To configure static routes Expert Field or Menu Name Definition Cyclades ACS 5000 Installation/Administration/User Guide Security Menu and Forms Users and Groups To delete a user or group Adding a UserAdding a Group Expert Add User Dialog Field Names and Definitions To add a group To change a user’s passwordActive Ports Sessions To modify a group To view, kill or refresh active user sessions TTY Configuring authentication for console server logins To configure the console servers login authentication method To configure a TACACS+ authentication server To configure a Radius authentication serverGroup authorization on Radius Group authorization on TACACS+ To configure an Ldap authentication server To configure a Kerberos authentication server To configure Ldap authenticationGroup Authorization on Ldap Go to Security Authentication Kerberos in Expert mode To configure a NIS authentication server Security Profiles Custom security profile Serial port settings and security profiles Security certificates Certificate for Http security User configured digital certificate Certificate on ssh 103 To enable or disable serial portsPhysical Ports To select one or more serial ports Connection profiles Console Access Server CAS profile connection protocolsGeneral form Ports Menu and Forms Terminal Server TS profile connection protocols Bidirectional Telnet protocol Modem and power management connection protocols Connection Protocols for Modems or IPDUs Protocol Name Cyclades ACS 5000 Installation/Administration/User Guide Click apply changes To configure a power management protocol for an Ipdu To associate an alias to a serial port Access Form Menu and Fields FieldDescription AccessTo configure user access to serial ports Authentication methods and fallback mechanism To configure a serial port login authentication method Data Buffering Mode Local Destination Data Buffering Form Fields Field Name Definition To configure data buffering for serial ports Field Name Definition Multi User Expert Multi User Form Fields Field Name Definition Power Management Expert Power Management Form Fields Field Name To configure a serial port for Ipdu power management To configure a serial port for Ipmi power management Other 10 Other Form Fields Field Name Definition TCP Port To configure terminal server connection options Virtual Ports 11 New/Modify Port Dialog Box Fields Field Name Definition To cluster console servers or modify cluster configuration To assign names to slave ports in the cluster Ports Status Ports Statistics Expert Ports Hostname Discovery 14 Expert Ports Hostname Discovery Fields Cyclades ACS 5000 Installation/Administration/User Guide System Information Form InformationParameters System Information129 Information Parameters NotificationsTo view system information Email Notifications Dialog Box Fields Field Name Definition Email Notifications EntryNotifications Form Fields Field Name Definition Pager notifications entry Snmp trap notifications entry Untitled dropdown field Cold Start Time/Date Serial ports alarm notificationTo configure a trigger for serial port alarm notification To set the time and date manually To create a custom timezone selection To configure time and date using an NTP serverSetting up a customized timezone configuration To use the custom option to set daylight savings time Boot Configuration Boot Configuration Form Fields Field Name Definition To configure the console server boot Select Flash or Network from the Unit boot from menu Backup Configuration Go to Administration Backup Config in Expert mode Upgrade Firmware To upgrade the console server firmware Online Help RebootTo reboot the console server To configure the local online help path Environmental Appendix a Technical Specifications143 Hardware Temperatur TemperatureElevated operating ambient temperature Erhöhte Umgebungstemperatur im betrieb Sicherer mechanischer Aufbau Safety precautions for operating the console serverMechanical loading Circuit overloading Appendices Electrostatic Discharge ESD Precautions Working inside the console server Arbeiten am Cyclades ACS Replacing the battery Austausch der BatterieRemplacement de la batterie Vorsichtsmassnahmen gegen Elektrostatische Entladung ESD Canadian DOC notice BaterìaFCC warning statement To resolve an issue Appendix C Technical Support Cyclades ACS 5000 Installation/Administration/User Guide For Technical Support