Tripp Lite B096-016, B096-048, 93-2879 - page 198

_____________________________________________________________________

B096-016 B096-048 and B092-016 User Manual Page 198

-f <password_file>

Specifies a file containing the rem ote server password. If this option is absent, or if

password_file is empty, the password will default to NULL.

-h Get basic usage help from the command line.

-H <address>

Remote server address can be an IP a ddress or hostname. This option is required for lan

and lanplus interfaces.

-I <interface>

Selects IPMI interface to use. Suppo rted interfaces that are compile d in and visible in

the usage help output.

-L <privlvl>

Force session privilege level. Can be CALLBACK, USER, OPERATOR , ADMIN. Default is

ADMIN.

-m <local_address>

Set the local IPMB address. The defa ult is 0x20 and there should be n o need to change it

for normal operation.

-o <oemtype>

Select OEM type to support. This usua lly involves minor hacks in place in the code to

work around quirks in various BMCs from various manufacturers. Use -o list to see a list

of current supported OEM types.

-p <port>

Remote server UDP port to connect to. D efault is 623.

-P <password>

Remote server password is specified on the command line. If supported, it will be

obscured in the process list. Note! Specifying the password as a command line o ption is

not recommended.

-t <target_address>

Bridge IPMI requests to the remote target address.

-U <username>

Remote server username, default is NULL user.

-v Increase verbose output level. This option may be spe cified multiple times to increas e

the level of debug output. If given t hree times, you will get hexdumps of all incoming

and outgoing packets.

-V Display version information.

If no password method is specif ied, then ipmitool will prompt the user for a pass word. If no

password is entered at the prompt, t he remote server password will de fault to NULL.

SECURITY

The ipmitool documentation highlights that there are several security issues to be considered

before enabling the IPMI LAN interface. A remote station has the ability to control a system's

power state as well as being able to gather certain platform information. To reduce

vulnerability, it is strongly advised that the IPMI LAN inter face only be enabled in 'trust ed'

Contents

Main Owners Manual INDEX Page Page Page Page Page Page 1. INTRODUCTION This Manual FCC Information RoHS User Notice Manual Organization 11 Types of users I. II. Management Console Manual Conventions Note Text presented like this indicates issues which need to be noted Publishing history 2. INSTALLATION Introduction 2.1 Models 2.2 Power connection 2.3 Network connection 2.4 Serial Port connection 17 2.5 USB Port Connection 2.6 Rackmount Console / KVM Connect ion (B092-016 only) 18 3. INITIAL SYSTEM CONFIGURATION Introduction 3.1 Management C onsole Connection 3.1.1 Connected computer set up Page 20 Note If you are not able to connect to the Management Console at 192.168.0.1 or if the default 21 3.2 Administrator Password Note: 22 Note If you are not confident your Console Server has been supplied with the current release of 3.3 Network IP address 23 Note If you have changed the Console Server IP address, you may need to reconfigure your Computer Page Page 26 27 3.5 Communications Software Page 3.6 Management Network Configurati on (B096-048/016 only) Page Page Page 4. SERIAL PORT AND NETWORK HOST Introduction 4.1 Configuring Serial Ports 34 Note Page 36 Note Page Page Page 40 4.2 Add/Edit Users 42 Note: Page 44 Note There are no specific limits on the number of users you can set up; nor on the number of users 4.3 Authentication 4.4 Network Hosts Page 4.5 Trusted Networks 47 Note 4.6 Serial Port Cascading 48 Note 49 Note 50 Note Page 52 5. FAILOVER AND OUT-OF-BAND ACCESS Introduction 5.1 OoB Dial-In Access Note The B096-048/016 Console Servers have an internal modem for dial-up OoB access. The B092- Page Page Page 56 Note 5.2 OoB Broadband Access (B096- 048/016 only) 5.3 Broadband Et hernet Failover (B096-048/016 onl y) Page 5.4 Dial-Out Failover Page 6. SECURE TUNNELING AND SDT CONNECTOR 6.1 Configuring for SDT Tunneli ng to Hosts 6.2 SDT Connector Configuration 62 Note 63 Note Page 65 Note Page Page 68 Note Page Page Page Page Page 74 Note How secure is VNC? VNC access generally allows access to your whole computer, so security is 6.3 SDT Connector to Management C onsole 6.4 SDT Connector - Telnet or SSH co nnect to serially attached devices 6.5 Using SDT Connector for out-of-b and connection to the gateway 6.6 Importing (and exporting) pr eferences 6.7 SDT Connector Public Key Authentication 6.8 Setting up SDT for Remote Desktop A ccess 81 Note Note With Windows XP Professional and Vista, you have only one Remote Desktop session and it Page 83 Note The Remote Desktop Connection software is pre-installed on Windows XP. However, for earli er Page 6.9 SDT SHH Tunnel for VNC 86 Note To make VNC faster, when you set up the Viewer: Page 88 Note For general background reading on Remote Desktop and VNC access, we recommend the 6.10 Using SDT to IP connect to hosts tha t are serially attached to the gateway Page 90 Note You can choose any TCP/IP addresses as long as they are addresses which are not used 91 Note The above notes describe setting up an incoming connection for Windows XP. The steps are the 92 7. ALERTS AND LOGGING Introduction 7.1 Configure SMTP/SMS/SNMP/Nagios al ert service Page Page 96 Note The Console Servers have an snmptrap daemon to send traps/notifications to remote SNMP 7.2 Activate Alert Events and Notifications Page Page 99 Note 7.3 Remote Log Storage 7.4 Serial Port Logging Page POWER & ENVIRONMENTAL MANAGEMENT Introduction 8.1 Remote Power Control (RPC) Page Page 8.2 Uninterruptible Power Supply Co ntrol (UPS) Page Page Page Page 111 Select UPS Logs and you will be presented with the log table of the load, battery charge level, Page 8.3 Environmental Monitoring Page Page Page AUTHENTICATION Introduction 9.1 Authentication Configuration 118 119 120 Page 9.2 PAM (Pluggable Authentication Modules ) 9.3 Secure Management Console Access Page NAGIOS INTEGRATION Introduction 10.1 Nagios Overview Page Page Page 10.3 Configuring Nagios distributed monitoring Page Page Page Page Page 10.4 Advanced Distributed Monitoring Config uration Page Page Page Page 11. SYSTEM MANAGEMENT Introduction 11.1 System Administration and Reset 11.2 Upgrade Firmware 11.3 Configure Date and Time 12. STATUS REPORTS Introduction 12.1 Port Access and Active Users 12.2 Statistics 12.3 Support Reports 12.4 Syslog Page 13. MANAGEMENT Introduction 13.1 Device Management 13.2 Port & Host Management 13.3 Power Management 13.4 Serial Port Terminal Connection Page 13.5 Remote C onsole Access (B092-016 only) Page 14. BASIC CONFIGURATION - LINUX COMMANDS 14.1 Options 14.2 Administration Configuration System Settings Authentication Configuration 14.3 Date and T ime Configuration Manually Change Clock Settings Network Time Protocol Time Zone 14.4 Network Configuration IP Configuration DHCP Static Dial-in Configuration Services Configuration 14.5 Serial Port Configuration Serial Port Settings Supported Protocol Configuration Users Trusted Networks 14.6 Event Logging Configuration Remote Serial Port Log Storage Alert Configuration 14.7 SDT Host Configuration SDT host TCP Ports Page 14.8 Configuration backup and restore _____________________________________________________________________ As SSH uses these keys to avoid man- in-the-middle attacks, logging in ma y be disrupted. 14.9 General Linux command usage Page 15. ADVANCED CONFIGURATION 15.1 Advanced Portmanager pmshell pmchat pmusers Portmanager Daemon Signals 15.2 External Scripts and Alerts Page 15.3 Raw Access to Serial Ports Access to Serial Ports Accessing the Console Port 15.4 IP- Filtering Standard IP-Filter configuration: /etc/config/ipfilter Customizing the IP-Filter: Resources 15.5 Modifying SNMP Configurati on /etc/config/snmpd.conf Adding more than one SNMP server 15.6 Secur e Shell (SSH) Public Key Authenticati on SSH Overview Generating Public Keys (Linux) Installing the SSH Public/Privat e Keys (Clustering) Installing SSH Public Key Authentic ation (Linux) Page Generating public/private keys for SSH (Windows) Test the Public Key by logging in as "t estuser". Test the Public Key by log ging in as Fingerprinting SSH tunneled serial bridging Page Page SDT Connector Public Key Authentication 15.7 Secure Sockets Layer (SSL) Support 15.8 HTTPS Page 15.9 Power Strip Control PowerMan Page pmpower Adding new RPC devices Page 15.10 IPMItool Page Page Page _____________________________________________________________________ 15.11 Scripts for Managing S laves Page 16. THIN CLIENT (B092-016) Introduction 16.1 Local Client Service Connections Page Page Page Page _____________________________________________________________________ Page Page 16.2 Advanced Control Panel Page 16.3 Remote control Appendix A Hardware Specification Appendix B Serial Port Connectivity Serial Port Pinout Connectors included in Console Serv er _____________________________________________________________________ Appendix C End User License Agreement READ BEFORE USING THE ACCOMPANYING SOFTWARE Page JSch License SDT Connector License Page Page SUN Java License Page Appendix D Service and Warranty Limited Warranty Warranty Registration