Avocent Switch CPS1610 CPS User Manual

CPS

CPS810

CPS1610

Installer/User Guide

Download from Www.Somanuals.com. All Manuals Search And Download.

CPS

Installer/User Guide

Avocent, the Avocent logo, The Power of Being There, CPS,

DSView and AVWorks are trademarks or registered trademarks

of Avocent Corporation. All other marks are the property of their

respective owners.

Download from Www.Somanuals.com. All Manuals Search And Download.

USA Notification

Warning: Changes or modifications to this unit not expressly approved by the party

responsible for compliance could void the user's authority to operate the equipment.

Note: This equipment has been tested and found to comply with the limits for a Class A

digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide

reasonable protection against harmful interference when the equipment is operated

in a commercial environment. This equipment generates, uses and can radiate radio

frequency energy and, if not installed and used in accordance with the instruction

manual, may cause harmful interference to radio communications. Operation of this

equipment in a residential area is likely to cause harmful interference in which case the

user will be required to correct the interference at his own expense.

Canadian Notification

This digital apparatus does not exceed the Class A limits for radio noise emissions

from digital apparatus set out in the Radio Interference Regulations of the Canadian

Department of Communications.

Le présent appareil numérique n’émet pas de bruits radioélectriques dépassant les

limites applicables aux appareils numériques de la classe A prescrites dans le Règlement

sur le brouillage radioélectrique édicté par le Ministère des Communications du Canada.

Japanese Notification

Agency Approvals

UL 1950, CSA C22.2 No. 950, EN60950, IEC 950

FCC part 15A, EN55022, EN610003-2, EN610003-3, EN5502

Download from Www.Somanuals.com. All Manuals Search And Download.

Table of Contents

Chapter 1: Product Overview

Features and Benefits . . . . . . . . . . . . . . . . . . . . . . . . . 3

Safety Precautions . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

Chapter 2: Installation and Configuration

Hardware Overview . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Installing the CPS . . . . . . . . . . . . . . . . . . . . . . . . . . 10

Configuring the CPS . . . . . . . . . . . . . . . . . . . . . . . . 10

Reinitializing the CPS . . . . . . . . . . . . . . . . . . . . . . . 14

Chapter 3: Operations

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Configuring Serial Port Settings . . . . . . . . . . . . . . . 17

Connecting to Serial Devices . . . . . . . . . . . . . . . . . . 19

Managing User Accounts . . . . . . . . . . . . . . . . . . . . 28

Using Authentication and Encryption . . . . . . . . . . 31

Using Security Lock-out . . . . . . . . . . . . . . . . . . . . . 35

Managing the Port History Buffer . . . . . . . . . . . . . 36

Managing SNMP Structures . . . . . . . . . . . . . . . . . . 39

Chapter 4: Using CPS Commands

Accessing the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

Entering Commands . . . . . . . . . . . . . . . . . . . . . . . . 45

Understanding Conventions . . . . . . . . . . . . . . . . . . 46

Command Summary . . . . . . . . . . . . . . . . . . . . . . . . 48

Chapter 5: CPS Commands

Connect Command . . . . . . . . . . . . . . . . . . . . . . . . . 53

Disconnect Command . . . . . . . . . . . . . . . . . . . . . . . 53

Help Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

Port Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54

Quit Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60

Resume Command . . . . . . . . . . . . . . . . . . . . . . . . . . 60

Server Commands . . . . . . . . . . . . . . . . . . . . . . . . . . 60

Show Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

SPC Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77

User Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78

Appendices

Appendix A: Technical Specifications . . . . . . . . . . 85

Appendix B: Device Cabling . . . . . . . . . . . . . . . . . . 86

Appendix C: Ports Used . . . . . . . . . . . . . . . . . . . . . . 89

Appendix D: Technical Support . . . . . . . . . . . . . . . 90

Download from Www.Somanuals.com. All Manuals Search And Download.

Product Overview

Contents

Features and Benefits . . . . . . . . . . . . . . . . . . . . . . . . . 3

Safety Precautions . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

Download from Www.Somanuals.com. All Manuals Search And Download.

Chapter 1: Product Overview

Features and Benefits

Overview

The CPS is a serial over IP network appliance that provides non-blocked

access and control for multiplatform servers and serial devices such as routers,

power management devices and firewalls. This includes Avocent SPC power

distribution units that provide advanced power management and security.

You may connect up to 8 serial devices to a CPS810, and 16 serial devices to

a CPS1610. A single 10/100 Ethernet port provides network connectivity on

each CPS. Two CPS appliances may be mounted in 1U of vertical space in a

standard 19 inch rack.

Figure 1.1: CPS Model 1610

Serial device access options

You may choose from among several available Telnet options to access the CPS

and its attached serial devices:

•

The proprietary DS family of access and management interfaces, includ-

ing DSAdmin, DSAuth and DSView™, which offers a built-in enhanced

Telnet client

•

Third-party Telnet clients

Access to attached serial devices is also possible via a serial Command Line

Interface (CLI) connection, a PPP (Point to Point Protocol) dial-in connection to

a serial CLI modem or from a third-party SSH client.

User authentication and data security

The CPS user database supports up to 64 user accounts, which include

usernames, passwords and/or keys, plus specifications of access rights to CPS

ports and commands. User definitions may be changed at any time. You may

choose to have user access authenticated locally at the CPS user database, at

one or more DS authentication servers or at one or more RADIUS (Remote

Access Dial-In User Service) servers. Data security may be enhanced via

industry-standard Secure Socket Layer (SSL) and SSH encryption methods.

Download from Www.Somanuals.com. All Manuals Search And Download.

CPS Installer/User Guide

Extensive command set

The CPS offers a wide range of commands that allow administrators to

easily configure, control and display information about the CPS operating

environment, including its ports, user accounts and active sessions. The user

interface also offers descriptive error message data and built-in command help

information. On-board Trivial File Transfer Protocol (TFTP) support allows

administrators to upload new functionality to CPS units in the field.

Port history

Each CPS port has a buffer that holds the most recent 64K bytes of online and

offline serial data. A separate history command mode lets you navigate within

a port’s current history file and conduct tailored searches.

Safety Precautions

To avoid potential device problems when using Avocent products, if the building

has 3-phase AC power, ensure that a computer and its monitor (if used) are on

the same phase. For best results, they should be on the same circuit.

To avoid potentially fatal shock hazard and possible damage to equipment,

please observe the following precautions:

•

Do not use a 2-wire extension cord in any Avocent product conﬁguration.

Test AC outlets at the computer and monitor (if used) for proper polarity

and grounding.

•

Use only with grounded outlets at both the computer and monitor. When

using a backup Uninterruptible Power Supply (UPS), power the computer,

the monitor and the CPS unit off the supply.

NOTE: The AC inlet is the main disconnect.

Rack mount safety considerations

•

Elevated Ambient Temperature: If installed in a closed rack assembly, the

operation temperature of the rack environment may be greater than room

ambient. Use care not to exceed the rated maximum ambient temperature

of the unit.

•

Reduced Airﬂow: Installation of the equipment in a rack should be such

that the amount of airﬂow required for safe operation of the equipment is

not compromised.

Mechanical Loading: Mounting of the equipment in the rack should be

such that a hazardous condition is not achieved due to uneven

mechanical loading.

Download from Www.Somanuals.com. All Manuals Search And Download.

Chapter 1: Product Overview

•

Circuit Overloading: Consideration should be given to the connection

of the equipment to the supply circuit and the effect that overloading of

circuits might have on overcurrent protection and supply wiring. Consider

equipment nameplate ratings for maximum current.

Reliable Earthing: Reliable earthing of rack mounted equipment should

be maintained. Pay particular attention to supply connections other than

direct connections to the branch circuit (for example, use of power strips).

Download from Www.Somanuals.com. All Manuals Search And Download.

CPS Installer/User Guide

Download from Www.Somanuals.com. All Manuals Search And Download.

Installation and

Configuration

Contents

Hardware Overview . . . . . . . . . . . . . . . . . . . . . . . . . 9

Installing the CPS . . . . . . . . . . . . . . . . . . . . . . . . . . 10

Configuring the CPS . . . . . . . . . . . . . . . . . . . . . . . . 10

Reinitializing the CPS . . . . . . . . . . . . . . . . . . . . . . . 14

Download from Www.Somanuals.com. All Manuals Search And Download.

Chapter 2: Installation and Configuration

Hardware Overview

Figure 2.1 shows the front panel of a CPS1610.

Figure 2.1: CPS1610 Front Panel

The lower left area of the front panel contains five LEDs and two buttons,

which are described in the following table.

CPS LEDs and Buttons

LED/Button

Description

POWER

The POWER LED illuminates when the CPS is connected to a

power source.

ONLINE

LINK

The ONLINE LED illuminates steadily (not blinking) when the CPS

self-test and initialization procedures complete successfully.

The LINK LED illuminates when the CPS establishes a connection

to the network.

TRAFFIC

100MBps

The TRAFFIC LED blinks when there is network trafﬁc.

The 100MBps LED illuminates when the CPS is connected to a 100

MBps LAN.

RESET

INIT

The RESET button, when pressed, reboots the CPS.

The INIT button, when pressed, restores the CPS to factory defaults;

for more information, see Reinitializing the CPS in this chapter.

As shown in Figure 2.2, the back of the CPS contains 8 (CPS810) or 16

(CPS1610) RJ-45 connectors for serial cabling, a LAN connector for a 10BaseT

or 100BaseT interface cable and a power receptacle.

Figure 2.2: CPS1610 Back Panel

Download from Www.Somanuals.com. All Manuals Search And Download.

CPS Installer/User Guide

Installing the CPS

See Appendix B for device cabling information.

WARNING: The power outlet should be installed near the equipment and should be

easily accessible.

To install the CPS hardware:

1. Locate the CPS where you can connect cables between the serial devices

and the CPS serial ports, and where you can connect a LAN interface

cable between the Ethernet hub or switch and the CPS LAN connector.

If you are using a CPS rack mount kit, follow the instructions included

with the kit.

2. Attach a 10BaseT or 100BaseT LAN interface cable to the LAN connector on

the back of the CPS. The CPS requires a CAT 5 cable for 100BaseT operation.

3. Insert the power cord into the back of the CPS. Insert the other end of the

power cord into a grounded electrical receptacle.

4. Check that the POWER LED is illuminated. If not, check the power cable

to ensure that it is inserted snugly into the back of the CPS. The ONLINE

LED will illuminate within one minute to indicate that the CPS self-test is

complete. If the ONLINE LED blinks, contact Avocent Technical Support

for assistance.

5. Check that the LINK LED is also illuminated. If not, check the Ethernet

cable to ensure that both ends are correctly inserted into their jacks. If the

CPS is not correctly connected to an Ethernet hub or switch, you will not

be able to conﬁgure the CPS for operation. If the CPS is connected to a 100

MB Ethernet hub, the 100MBps LED will also be illuminated.

6. Once the POWER, ONLINE and LINK LEDs are illuminated, remove

power from the CPS and proceed with the conﬁguration process.

WARNING: The CPS and all attached devices should be powered down before servicing the

unit. Always disconnect the power cord from the wall outlet.

Configuring the CPS

To configure the CPS, you must enter a unique IP address and the network’s

subnet mask. This information will be stored in the CPS configuration

database. During initial login, you will specify a password for the Admin user.

Download from Www.Somanuals.com. All Manuals Search And Download.

Chapter 2: Installation and Configuration

Configuring the IP address and subnet mask

You may use any of three methods to configure the CPS IP address and subnet

mask: BootP, Telnet Command Line Interface (CLI) or the serial CLI on port 1.

These methods work as documented on most Windows® and UNIX systems;

however, the actual implementation on your system may differ from the

instructions provided. Refer to your system administrator guide.

To conﬁgure the IP address and subnet mask using BootP:

1. Ensure that there is a BootP server on your network that is conﬁgured

to correctly respond to a BootP request from the CPS. BootP servers

require the Ethernet MAC address of network devices. The CPS Ethernet

MAC address is located on the back panel above the LAN connector.

See your BootP server’s system administrator guide for information about

conﬁguring the BootP server.

2. After you have conﬁgured your network’s BootP server with the CPS

Ethernet MAC address, IP address and subnet mask, restore power to the

CPS and wait for the ONLINE LED to illuminate. Once this occurs, the

CPS has completed the BootP protocol, obtained its IP address and subnet

mask and stored these in FLASH.

3. You may verify that the BootP process was successful with a ping command,

which tests network connectivity. The ping command is entered as:

ping <ip_address>

For example, the following command tests the network connectivity of a

CPS with the IP address 192.168.0.5.

ping 192.168.0.5

4. If the CPS completes the BootP successfully, you will see a display similar

to the following.

Pinging 192.168.0.5 with 32 bytes of data:

Reply from 192.168.0.5: bytes=32 time<10ms TTL=128

If the CPS did not successfully obtain its IP address with the BootP

protocol, you will see a display similar to the following.

Pinging 192.168.0.5 with 32 bytes of data:

Request timed out.

In this case, check the MAC address and IP address provided to the BootP

server to conﬁrm they are correct. Verify that the Ethernet LAN adaptor

cable is correctly installed on the CPS and the Ethernet hub.

Download from Www.Somanuals.com. All Manuals Search And Download.

CPS Installer/User Guide

After the IP address is configured successfully, launch a Telnet session to the

CPS IP address. Then, see Initial CPS login in this chapter.

To conﬁgure the IP address and subnet mask using a Telnet CLI:

1. Ensure that your server or workstation has a Telnet client and is located on

the same LAN segment as the CPS.

2. Use the arp command to update the server or workstation with the CPS

IP address and Ethernet MAC address. The CPS Ethernet MAC address is

located on the back panel above the LAN connector. The arp command

is entered as:

arp -s <ip_address> <mac_address>

For example, the following command assigns the IP address 192.168.0.5

and the Ethernet MAC address 00-80-7d-54-01-54 to the CPS.

arp -s 192.168.0.5 00-80-7d-54-01-54

On a UNIX platform, the MAC address may require colons (:) instead of

dashes (-), for example, 00:80:7d:54:01:54.

3. You may verify that you entered the information correctly by using an arp

command with the -a option.

arp -a

This command shows all arp entries for the server or workstation. See

your system administrator guide if you need additional help with the

arp command.

4. After the above arp command is entered correctly, launch a Telnet client to

the assigned IP address. Then, continue with Initial CPS login in this chapter.

To conﬁgure the CPS using the serial CLI:

1. By factory default, port 1 of the CPS is conﬁgured for the serial CLI. To

access the serial CLI, attach a compatible device to port 1. The compatible

device types are: ASCII, VT52, VT100, VT102, VT220 and VT320.

Appendix B lists the required cables and adaptors. You may also use any

terminal emulation program that is available on your system.

2. Conﬁgure your terminal or terminal emulation program as follows.

Baud rate

Bits per character

Parity

9600

None

Stop bits

Flow control

None

3. Press the Return or Enter key until a prompt appears, requesting your

username. If you do not receive a prompt after pressing the key ﬁve times,

check your cable and serial settings to be sure that they are correct.

Download from Www.Somanuals.com. All Manuals Search And Download.

Chapter 2: Installation and Configuration

4. Proceed to Initial CPS login in this chapter.

After you complete the CPS configuration, you may reconfigure the CLI on

another port or disable it completely and use port 1 with an attached device.

For more information, see Connecting to devices from the serial CLI port in

Chapter 3.

Initial CPS login

The CPS ships with a single user defined in its user database. The first time you

connect to the CPS via Telnet or serial CLI, you are prompted for a username.

To log in to the CPS for the ﬁrst time:

1. At the Username prompt, type Admin. There is no factory default

password for the Admin user. At the Password prompt, press Return.

Avocent CPS1610 S/W Version 2.1 (ASCII)

Username: Admin

Password:

Authentication Complete

CPS configuration is required.

2. Once authentication completes, the CPS prompts for any missing

conﬁguration values that are required for operation.

If you already provided the IP address and subnet mask, you will not be

prompted for those values again.

If you have not already provided the IP address and subnet mask, you will

be prompted for them. Enter the CPS IP address and subnet mask using

standard dot notation.

CPS configuration is required

Enter CPS IP address > 192.168.0.5

Enter CPS Subnet mask > 255.255.255.0

3. You are prompted for a new Admin password. Passwords are case

sensitive and must contain 3-16 alphanumeric characters. You must enter

the new password twice to conﬁrm that you entered it correctly.

Enter CPS New Admin Password > *****

Confirm New Admin Password > *****

After you have provided the required configuration information, a

confirmation message appears while the CPS stores the values in its

configuration database.

You have now completed the initial login, and you may enter additional

commands at the CLI prompt (>). To configure other CPS ports, see

Configuring Serial Port Settings in Chapter 3.

Download from Www.Somanuals.com. All Manuals Search And Download.

CPS Installer/User Guide

Reinitializing the CPS

Reinitializing the CPS removes configured information. This may be useful

when reinstalling the CPS at another location in your network.

The CPS stores configuration information in FLASH databases. During

reinitialization, the FLASH erase has two phases. The first phase erases the

CPS configuration database, which contains all nonvolatile data except the IP

address. The second phase erases the IP address and restores the CPS to its

factory default settings.

To reinitialize the CPS:

1. Locate the recessed INIT button on the front of the CPS. You will need a

non-conductive, non-metallic tool that ﬁts inside the recess.

2. Insert the tool in the recess, then depress and hold the button. The

ONLINE LED will blink, indicating a CPS initialization has been

requested. You have approximately seven seconds to release the button

before any action is taken.

After seven seconds, the ONLINE LED will blink more rapidly to conﬁrm

that the CPS conﬁguration database has been erased. Continuing to hold

the INIT button for a few more seconds will erase the IP address as well.

The ONLINE LED will blink faster to conﬁrm the deletion.

If any portion of FLASH is erased, the CPS reboots when the INIT button is released.

You can also use the Server FLASH command to update the CPS FLASH

application or boot program. For more information, see Server FLASH

command in Chapter 5.

Download from Www.Somanuals.com. All Manuals Search And Download.

Operations

Contents

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Configuring Serial Port Settings . . . . . . . . . . . . . . . 17

Connecting to Serial Devices . . . . . . . . . . . . . . . . . . 19

Managing User Accounts . . . . . . . . . . . . . . . . . . . . 28

Using Authentication and Encryption . . . . . . . . . . 31

Using Security Lock-out . . . . . . . . . . . . . . . . . . . . . 35

Managing the Port History Buffer . . . . . . . . . . . . . 36

Managing SNMP Structures . . . . . . . . . . . . . . . . . . 39

Download from Www.Somanuals.com. All Manuals Search And Download.

Chapter 3: Operations

Overview

The CPS and its ports can be easily configured and managed to meet your

requirements for device connection, user authentication, access control, power

status monitoring, port history information display and SNMP compliance for

use with third-party network management products. Support for SSH (Secure

Shell) access via third-party clients is also provided.

Configuring Serial Port Settings

You can configure a CPS port to support one of two types of target devices

(TDs): SPC and console.

The SPC power distribution TD provides enhanced security options, including

password protection, port-specific access rights and port groupings. For more

information, see the SPC Installer/User Guide.

A console TD can be a router, firewall, server or other supported serial device.

By default, CPS ports are configured with the following settings.

Target device

Name

Console

xx-xx-xx Pn (last 3 octets of MAC address

plus the port number)

Baud rate

9600

Bits per character

Parity

None

Stop bits

Flow control

Time-out

None

15 minutes

CLI access character

Power

Use Server CLI setting (^D)

None

Most of these settings are standard serial port operating characteristics.

The CLI access character parameter specifies how you access the CLI. For

more information, see CLI mode in this chapter.

The Power parameter instructs the CPS to monitor the state of a specified

control signal. The parameter value indicates an inbound control signal

(CTS, DCD or DSR) and the state of that signal (low or high). When the

defined signal is true, the CPS interprets it as a power on condition for the

attached device; when the signal is false, a power off condition for the device

is assumed. The signal specified for flow control cannot be used for power

control, and vice versa.

Download from Www.Somanuals.com. All Manuals Search And Download.

CPS Installer/User Guide

To conﬁgure serial console port settings:

Issue a Port Set command. You may specify settings for one or all ports.

PORT [<port>|ALL] SET TD=CONSOLE [NAME=<name>]

[BAUD=<baud>] [SIZE=<size>] [PARITY=<parity>] [STOP=<stop_bits>]

[FLOW=<ﬂow_ctrl>] [TIMEOUT=<time-out] [SOCKET=<socket>]

[CHAR=^<cli_char>] [TOGGLE=NONE|DTR] [POWER=<signal>]

To conﬁgure SPC ports and settings:

Issue a Port Set command with the TD=SPC parameter.

PORT <port> SET TD=SPC

When a port is configured as an SPC, you cannot change the serial port

settings. However, you can use the SPC command to change certain

configuration values for the SPC and its 8 or 16 individual sockets.

SPC <port>|ALL [MINLOAD=<amps>] [MAXLOAD=<amps>]

[SOCKET <socket>|ALL] [WAKE=ON|OFF] [ONMIN=<time>]

[OFFmin=<time>]

For more information, see Port Set command and SPC Command in Chapter 5.

When you specify TD=SPC, you may configure the SPC and control its

individual sockets using DSView. Existing users who already have an SPC and

use its native command interfaces should specify TD=Console.

To display serial port settings:

Issue a Show Port command.

SHOW PORT [<port>|ALL|NAMES]

When you request information about a console port, the display includes

configuration information, current power status (if power status monitoring

has been enabled), plus transmit, receive and error counts. When you request

information about a single console port and a user is currently accessing

that port, the display also includes the username, access rights and other

information about the current session.

When you request information about a single SPC port, the display includes

information configured with the SPC command. A Show Port All command

will indicate which ports are SPC ports.

When you request information about port names, the display includes the port

numbers and names. If a port’s name has not been changed with a Port Set

command, the logical name is displayed.

For more information, see Show Port command in Chapter 5.

Download from Www.Somanuals.com. All Manuals Search And Download.

Chapter 3: Operations

Connecting to Serial Devices

The CPS offers several methods for connecting to attached serial devices:

Telnet, serial CLI, PPP and SSH.

If a user attempts to connect to a port that is already in use, and if the

user attempting to connect has an access level equal to or higher than the

currently-connected user, the connecting user will be prompted with the

choice of preempting the current user or dropping the connection. For more

information, see Access rights and levels in this chapter.

Session time-out

The CPS monitors data traffic when you are connected to an attached serial

device. You may specify a time-out value with the Server CLI command. You

may also specify a time-out value for each port with the Port Set command.

When no data is received from the connected user for the configured number

of minutes, the connection is terminated.

The following time-out values are used:

•

For a Telnet session, the Server CLI time-out value is used.

For a serial port session, if the port’s conﬁgured time-out value is Ø, the

Server CLI time-out value is used, even if it is also Ø.

•

For a serial port session, if the port’s conﬁgured time-out value is non-Ø,

that value is used.

Preemption

Depending on configured access levels, a user who is connecting to a port (the

connecting user) may disconnect another user of equal or lower access (the

current user).

If the connecting user’s access level is lower than the current user’s access

level, the connecting user will receive an In Use message and the connection

will be dropped.

If the connecting user’s access level is equal to or higher than the owning

user’s access level, an In Use by owning user message will be displayed. The

connecting user may then choose to preempt the current user’s session. If the

current user’s session is preempted, an appropriate message is displayed.

For more information about access levels, see Access rights and levels in

this chapter.

Download from Www.Somanuals.com. All Manuals Search And Download.

CPS Installer/User Guide

Connecting to devices using Telnet

Each CPS serial port is directly addressable via a unique TCP port number that

provides a connection to the attached serial device.

To connect to a device using Telnet:

Type telnet, followed by the CPS IP address and the appropriate TCP port

number, which by default is 3000 plus the physical port number, in decimal

format. (The TCP port number can be changed for any CPS port.) For example,

the following Telnet command connects to the serial device attached to

physical port 14 of the CPS.

telnet 192.168.0.5 3014

If an authentication method other than None has been configured for the CPS,

you will be prompted for a username and password. Once authentication

completes, your connection is confirmed. When you successfully connect to

the serial device, you will see a display similar to the following.

Avocent CPS1610 S/W Version 2.1

Username: Myname

Password: ******

Authentication Complete

Connected to Port: 7 9600,8,N,1,XON/XOFF

If the authentication method is configured as None, you can Telnet and

connect to a serial device without entering credentials; however, credentials

are always required when connecting to the CPS CLI.

Data entered at the Telnet client is written to the attached serial device. Any

data received by the CPS from the serial device is output to your Telnet client.

You may access the CPS and its ports using Avocent-provided or third-party

Telnet client applications.

You may connect using either SSH or plain text (not SSL).

DS application software

The Avocent DS software offers an interface to access devices attached to

Avocent digital Keyboard, Video and Mouse (KVM) appliances and CPS

appliances. The Telnet client built into DSView and DSAdmin uses Windows

server-based authentication and a DS authentication server to control access.

Third-party Telnet clients may be supported with DS management software,

depending on the encryption values configured for the CPS. For more

information, see the DSView Installer/User Guide.

Download from Www.Somanuals.com. All Manuals Search And Download.

Chapter 3: Operations

Standalone third-party Telnet clients

You may use third-party Telnet clients to access the CPS directly without DS

management software.

Connecting to devices from the serial CLI port

By factory default, port 1 of the CPS is configured with the serial CLI, which

prohibits the use of port 1 with an attached serial device. You can configure

the CLI on a different port, but only one port may be configured as the serial

CLI port at one time. For example, if you attempt to enable the CLI interface

on port n, and it is already active on port p, then the CLI will automatically be

disabled on port p.

You may connect to one serial device at a time through the serial CLI port

using a local terminal or a local PC using a terminal emulation program. If you

connect an external modem to the serial CLI port, you can also access devices

through a remote terminal or PC that can dial into the CPS external modem.

For information about modem connections, see Configuring and using dial-in

connections in this chapter and Server CLI command in Chapter 5.

To conﬁgure a port for the serial CLI:

1. Issue a Server CLI command, using the Port parameter to specify the CLI

port and the Type parameter to specify the terminal type.

SERVER CLI PORT=<port> TYPE=<type>

2. To disable the CLI that was previously conﬁgured on a port, issue a Server

CLI command, indicating Type=Off.

For more information, see Server CLI command in Chapter 5.

To display CLI port information:

Issue a Show Server CLI command.

SHOW SERVER CLI

The display includes the CLI port number and terminal type, plus the CLI

access character. For more information, see Show Server CLI command in

Chapter 5.

To connect to a device from the serial CLI port:

1. Issue a Server CLI command, using the Connect parameter to enable the

use of the Connect command from the serial CLI port.

SERVER CLI CONNECT=ON

2. Issue a Connect command to the desired port.

CONNECT <port>

Download from Www.Somanuals.com. All Manuals Search And Download.

CPS Installer/User Guide

3. To end a device session that was initiated with a Connect command, issue

a Disconnect command.

DISCONNECT

For more information, see Server CLI command, Connect Command and

Disconnect Command in Chapter 5.

Connecting to devices using PPP

The CPS supports remote PPP access using an auto-answer modem that answers

calls and establishes the PPP protocol with a dial-in client.

The PPP dial-in can be used to access a remote CPS that does not warrant a

WAN (Wide Area Network) link to the Ethernet interface. In this case, the PPP

connection allows a remote PC with Telnet capability to dial the CPS and then

establish a Telnet connection to a CPS port.

The PPP dial-in can also be used to access a subnet containing remote CPS

devices in the event of a WAN link failure. In this case, the PPP provides an

alternate path to one or more remote CPS devices.

Once the PPP connection is established, you must launch an application

that connects to the CPS or to one of its ports. The PPP connection is only a

communications interface to the CPS.

The CPS implements a PPP server that uses CHAP (Challenge Authentication

Protocol). Passwords are not accepted in the clear on PPP connections.

To enable or disable a PPP server on the serial CLI port:

1. To enable a PPP server on the serial CLI port, issue a Show Server CLI

command to ensure that a serial CLI port has been deﬁned.

SHOW SERVER CLI

2. Issue a Server PPP command with the Enable parameter.

SERVER PPP ENABLE LOCALIP=<local_ip> REMOTEIP=<rem_ip>

[MASK=<subnet>]

You must specify local and remote IP addresses to be used for the CPS

and client ends of the PPP connection respectively. You are prompted to

conﬁrm or cancel the changes. Enter Y to conﬁrm or N to cancel.

3. To disable a PPP server, issue a Server PPP command with the

Disable parameter.

SERVER PPP DISABLE

Download from Www.Somanuals.com. All Manuals Search And Download.

Chapter 3: Operations

For more information, see Show Server CLI command and Server PPP

command in Chapter 5.

To display PPP conﬁguration information:

Issue a Show Server PPP command.

SHOW SERVER PPP

For more information, see Show Server PPP command in Chapter 5.

Configuring and using dial-in connections

You can attach an external modem to the CPS serial CLI port for dial-in serial

CLI access to the CPS. This may be used as a backup connection if the CPS is

not accessible from the network. It may also be used as a primary connection

at remote sites that do not have Ethernet network capability. The modem must

be Hayes compatible.

To specify a modem initialization string:

1. Issue a Show Server CLI command to ensure that the port where the

modem is connected has been deﬁned as the serial CLI port.

SHOW SERVER CLI

2. Issue a Server CLI command, using the Modeminit parameter to specify

the modem initialization string.

SERVER CLI MODEMINIT=“<string>”

The string must be enclosed in quotes and must include at least the

command settings ATV1 and SO=1, which cause the modem to issue

verbose response strings and auto-answer the phone on the ﬁrst ring. For

more information, see Server CLI command in Chapter 5.

The modem initialization string is sent to the cabled modem when any of

the following conditions occur:

•

CPS initialization

Detection of a transition of DSR from low to high

Completion of a call when DCD changes from high to low

3. Upon successful modem connection, press the Enter key until the login

prompt appears.

To display modem conﬁguration information:

Issue a Show Server CLI command.

SHOW SERVER CLI

For more information, see Show Server CLI command in Chapter 5.

Download from Www.Somanuals.com. All Manuals Search And Download.

CPS Installer/User Guide

Connecting to devices using SSH

The CPS supports version 2 of the SSH (Secure Shell) protocol (SSH2). The CPS

SSH server operates on the standard SSH port 22. The shell for this connection

provides a CLI prompt as if you had established a Telnet connection on port

23. The shell request for this connection is for CLI access.

Additional CPS SSH servers operate on TCP ports that are numbered with

values 100 greater than the standard 30xx Telnet ports for the CPS. For

example, if port 7 is configured for Telnet access on port 3007, then port 3107

will be a direct SSH connection for port 7. When SSH is enabled, connecting to

Telnet port 23 can be tunneled via a connection to SSH port 22.

Telnet, DSView and SSH clients may authenticate using a specified DS

authentication server.

SSH server keys

When SSH is enabled for the first time, the CPS generates an SSH server key.

The key generation process may take up to ten minutes. The key is computed

at random and is stored in the CPS configuration database.

In most cases, the SSH server key should not be modified because most SSH

clients will associate the key with the IP address of the CPS. During the first

connection to a new SSH server, the client will display the SSH server key and

ask if you want to store it on the SSH client. After the first connection, most

SSH clients will validate the key when connecting to the CPS. This provides

an extra layer of security because the SSH client can verify the key sent by the

server each time it connects.

If you disable SSH and later reenable it, you may either use the existing server

key or compute a new one. If you are reenabling the same server at the same

IP address, it is recommended that you use the existing key, as SSH clients may

be using it for verification. If you are moving the CPS to another location and

changing the IP address, you may want to generate a new SSH server key.

Authenticating an SSH user

SSH is enabled and disabled with the Server SSH command. When you enable

SSH, you may specify the authentication method(s) that will be used for SSH

connections. The method may be a password, an SSH key or both. A user’s

password and SSH key are specified with a User Add or User Set command. All

SSH keys must be RSA keys. DSA keys are not supported.

The following table lists and describes the valid SSH authentication methods

that can be specified with a Server SSH command.

Download from Www.Somanuals.com. All Manuals Search And Download.

Chapter 3: Operations

SSH Authentication Methods

Method

Description

PW (default)

SSH connections will be authenticated with a username/

password. With this method, a user’s deﬁnition must include

a valid password in order for that user to authenticate an SSH

session. A password can authenticate to a DSAuth or RADIUS

server or to the local user database.

KEY

SSH connections will be authenticated with an SSH key. With this

method, a user’s deﬁnition must include valid SSH key information

in order for that user to authenticate an SSH session. Key

authentication is always local; RADIUS is not supported. For more

information, see SSH user keys in this chapter.

PW|KEY or KEY|PW

SSH connections will be authenticated with either a username/

password or an SSH key. If a user has only a password deﬁned, that

user must authenticate an SSH session with a username/password.

If a user has only an SSH key deﬁned, that user must authenticate

an SSH session using the key. If a user has both a password and an

SSH key deﬁned, that user may use either a username/password or

the SSH key to authenticate an SSH session. This method allows the

CPS administrator to deﬁne how each user will authenticate an SSH

session based on information provided in the User Add/Set command.

PW authentication will be local, RADIUS or DS as speciﬁed in

the Encrypt parameter of the Server Security command. Key

authentication is always local.

PW&KEY or KEY&PW SSH connections will be authenticated using both a username/

password and an SSH key. With this method, a user’s deﬁnition

must include a password and SSH key information for that user to

authenticate an SSH session.

PW authentication will be local, RADIUS or DS as speciﬁed in

the Encrypt parameter of the Server Security command. Key

authentication is always local.

A user’s access rights are determined from the authentication method used.

SSH key authentication always uses the access rights from the local user

database. Depending on the server authentication mode specified with the

Server Security command, SSH password authentication will use either the

access rights from the local user database, the DS authentication server or the

values returned by the RADIUS server.

With either of the “or” methods (PW|KEY and KEY|PW), the user access rights

are determined from the method used to authenticate the user.

With either of the “and” methods (PW&KEY and KEY&PW), the user access

rights are determined from the first method specified. If PW&KEY is specified,

the access rights from the password authentication will be used. If KEY&PW is

specified, the access rights from the key authentication will be used.

Download from Www.Somanuals.com. All Manuals Search And Download.

CPS Installer/User Guide

For more information, see Using Authentication Modes and Encryption in

this chapter.

SSH user keys

A user’s SSH key is specified in a User Add or User Set command. You may

define a key even if SSH is not currently enabled. The key can be specified in

one of two ways:

•

When using the SSHKEY and FTPIP keyword pair to deﬁne the network

location of a user’s SSH key ﬁle, the SSHKEY parameter speciﬁes the

name of the uuencoded (Unix to Unix encoded) public key ﬁle on an FTP

server. The maximum ﬁle size that can be received is 4K bytes. The FTPIP

parameter speciﬁes the FTP server’s IP address.

When this method is speciﬁed, the CPS initiates an FTP client request

to the speciﬁed IP address. The CPS then prompts the user for an FTP

username and password for connection. When connected, the CPS will

GET the speciﬁed key ﬁle and the FTP connection will be closed. The CPS

then stores the SSH key with the username in the CPS user database.

•

When using the KEY keyword to specify the SSH key, the KEY param-

eter speciﬁes the actual uuencoded SSH key. This is for conﬁgurations

that do not implement an FTP server. The CPS stores the speciﬁed key

in the CPS user database.

The CPS processes a uuencoded SSH2 public key file with the format described

in the IETF document draft-ietf-secshpublickeyfile-02. The key must follow all

format requirements. The UNIX ssh-keygen2 generates this file format. The

CPS also processes a uuencoded SSH1 public key file. The UNIX ssh-keygen

generates this file format.

To enable SSH session access to the CPS:

1. Issue a Show Server Security command to ensure that you are using an

authentication method other than None.

SHOW SERVER SECURITY

2. Issue a Server SSH command with the Enable parameter. You may also

specify an authentication method.

SERVER SSH ENABLE AUTH=<auth>

If an authentication method is not speciﬁed, the previous authentication

parameter will be used. The default value is AUTH=PW.

3. If you are enabling SSH for the ﬁrst time, you are advised that all other

CPS sessions will be terminated. Enter Y to continue or N to cancel.

Download from Www.Somanuals.com. All Manuals Search And Download.

Chapter 3: Operations

4. If you are reenabling SSH, you are prompted to use the existing SSH server

key or generate a new key. Enter Y to use the existing key or N to generate

a new key.

For more information, see Server SSH command in Chapter 5.

To disable SSH session access to the CPS:

Issue a Server SSH command with the Disable parameter.

SERVER SSH DISABLE

When SSH is disabled, the CPS operates in plain text mode, unless SSL encryption

is enabled. In that case, either plain text or SSL connections are accepted.

To display SSH information:

Issue a Show Server Security command.

SHOW SERVER SECURITY

If SSH is enabled, the display will include SSH2. Regardless of whether SSH is

enabled, the display will indicate the authentication method that was speciﬁed

with the Server SSH command.

CLI mode

While you are connected to an attached serial device, you may enter CLI mode

and enter CPS commands.

To enter or exit CLI mode when connected to a serial device:

1. To enter CLI mode, type the CLI access character, which is Ctrl-D by

default. At the CLI prompt (>), you may enter CPS commands.

2. To exit CLI mode and return to the session with the attached device, issue

a Resume command.

RESUME

For more information, see Resume Command in Chapter 5.

To change the CLI access character:

Issue a Server CLI command or a Port Set command, using the Char parameter

to specify the CLI access character.

SERVER CLI CHAR=^<char>

- or -

PORT SET CHAR=^<char>

If you issue a Port Set command with Char=None, then the CLI access

character specified in the Server CLI command will be used. The Port Set

Download from Www.Somanuals.com. All Manuals Search And Download.

CPS Installer/User Guide

command may be used to override the Server CLI access character on a

per-port basis. For more information, see Server CLI command and Port Set

command in Chapter 5.

To display CLI access character information:

Issue a Show Server CLI command.

SHOW SERVER CLI

For more information, see Show Server CLI command in Chapter 5.

Ending device sessions

To end your CPS session:

Enter CLI mode and issue a Quit command or a User Logout command.

QUIT

- or -

If you initiated the device session with a Connect command, enter CLI mode

and issue a Disconnect command.

DISCONNECT

- or -

Allow the port to time-out due to inactivity. In this case, a notification message

is issued and the serial CLI session returns to CLI mode. This time-out may

occur while you are in CLI mode.

- or -

For modem connections, if a carrier drop occurs, the serial CLI session is

automatically logged off.

To end another user’s CPS session:

Issue a User Logout command.

USER LOGOUT <username>

A message is sent and the Telnet or SSH connection is dropped. For more

information, see User Logout command, Disconnect Command, and Quit

Command in Chapter 5. For information about preempting a user’s session,

see Preemption in this chapter.

Managing User Accounts

The CPS user database can store information for up to 64 user accounts.

Download from Www.Somanuals.com. All Manuals Search And Download.

Chapter 3: Operations

To add a user:

Issue a User Add command.

USER ADD <username> [PASSWORD=<pwd>] [SSHKEY=<keyﬁle>]

[FTPIP=<ftpadd>] [KEY=<sshkey>] [ACCESS=<access>]

You must specify a username. You must also specify a password or SSH user

key information, or you may specify both. You may also include an access

level or access rights. For more information, see Connecting to devices using

SSH and Access rights and levels in this chapter and User Add command in

Chapter 5.

To change a user’s conﬁguration information:

Issue a User Set command.

USER SET <username> [PASSWORD=<pwd>] [SSHKEY=<keyﬁle>]

[FTPIP=<ftpadd>] [KEY=<sshkey>] [ACCESS=<access>]

You may change your own password at any time. You must have USER access

rights to change another user’s password or to change any user’s SSH user key

information and access rights.

To remove an SSH user key or password, specify Key=“” or Password=“”.

You cannot remove both the password and the SSH key from a user’s

definition; one must remain in the user database. Also, you cannot remove a

user’s key or password if that removal would result in no valid users having

USER access rights.

For more information, see Connecting to devices using SSH and Access rights and

levels in this chapter and User Set command in Chapter 5.

To delete a user:

Issue a User Delete command.

USER DELETE <username>

If the specified user is currently logged in, a message is sent to the user

indicating that access is no longer permitted, and the user’s Telnet session is

terminated. For more information, see User Delete command in Chapter 5.

To display user conﬁguration information:

1. To display information about one user, issue a Show User command,

specifying the username.

SHOW USER <username>

Download from Www.Somanuals.com. All Manuals Search And Download.

CPS Installer/User Guide

2. To display information about all users, issue a Show User command with

the All parameter.

SHOW USER ALL

For more information, see Show User command in Chapter 5.

Access rights and levels

Most CPS commands require the user to have access rights to use the

commands. The access rights for each CPS command are listed in Chapter 4.

The following table describes the access rights a user may be given.

Access Rights

Access Right

Description

PCON

The PCON (Port Conﬁguration) access right allows the user to

modify port settings. Grant PCON access only to users who need to

issue the Port Set command.

SCON

SMON

USER

The SCON (Server Conﬁguration) access right allows the user to

change the CPS conﬁgurations, including setting the IP address and

updating the CPS program load in FLASH. Grant SCON access

only to users who need to administer the CPS.

The SMON (Server Monitor) access right allows the user to view

CPS status and monitor serial port activity. Grant SMON access

only to users who need to assist other users in accessing attached

serial devices.

The USER access right allows the user to modify the user database.

Grant USER access only to users who need to add users, change

user speciﬁcations or delete users. At least one user must have USER

access rights; otherwise, the user database cannot be changed.

BREAK

The BREAK access right allows the user to send a serial break

sequence to the attached serial device. On certain devices, this

sequence has a special meaning. Grant BREAK access only to

users who need to use the Port Break command.

The P (Port) access right gives a user access to one or more serial

ports and the attached serial devices. You may grant Port access

rights to speciﬁc ports (Pn), a range of ports (Px-y) or all ports (PALL).

Access levels

When you specify a user’s access rights, you may either specify the

individual rights or you may use a shortcut that specifies an access level.

The APPLIANCEADMIN and ADMIN levels are equivalent to the following

individual specifications:

•

The APPLIANCEADMIN level is equivalent to PALL, USER, SCON, SMON,

PCON and BREAK

Download from Www.Somanuals.com. All Manuals Search And Download.

Chapter 3: Operations

•

The ADMIN level is equivalent to PALL, USER, SMON, PCON and BREAK

A user’s access level can be used for preemption. For example, assume User A

is connected to a port. User B tries to connect to the same port. If User B has an

access level equal to or greater than User A’s access level, then User B will be

given the option of preempting User A.

When using DSView software, there are two access rights levels: user and

administrator. DSView users with administrator level rights are given all CPS

access rights: PCON, SCON, SMON, USER, BREAK and PALL. DSView users

with user level rights can access the serial device to which they are connected.

They also have BREAK access for the port they are accessing.

To manage a user’s access rights/levels:

1. To conﬁgure a user’s access rights/level, issue a User Add command,

using the Access parameter to specify the rights or a level.

USER ADD <username> ACCESS=<access>

2. To change a user’s access rights/level, issue a User Set command, using

the Access parameter to specify the rights or a level.

USER SET <username> ACCESS=<access>

3. To display the access rights and level for one or all users, issue a Show

User command.

SHOW USER <username>|ALL

For more information, see Managing Users in this chapter, plus User Add

command, User Set command and Show User command in Chapter 5.

Using Authentication and Encryption

The CPS supports four methods for authenticating users: DS, RADIUS, local

and none. Multiple connection and authentication methods may operate

concurrently. The authentication method can affect the type of encryption that

will be used. For more information, see Encryption in this chapter. By default,

authentication is done at the local CPS user database and no encryption is used.

DS authentication

DS authentication uses an Avocent DS authentication service (DSAuth) to

authenticate CPS users. Encryption is automatically enabled. You must specify

either the IP address of a primary DS authentication server and optionally, the

IP address of a secondary DS authentication server, or you must indicate that

any DS authentication server may be used. DSView clients always use the DS

authentication server. For more information, see the DSView Installer/User Guide.

Download from Www.Somanuals.com. All Manuals Search And Download.

CPS Installer/User Guide

Local authentication

Local authentication uses the CPS unit’s internal user database to

authenticate users.

RADIUS authentication

RADIUS authentication uses an external third-party RADIUS server containing

a user database to authenticate CPS users. The CPS, functioning as a RADIUS

client, sends usernames and passwords to the RADIUS server. If a username

and password do not agree with equivalent information on the RADIUS server,

the CPS is informed and the user is denied CPS access. If the username and

password are successfully validated on the RADIUS server, the RADIUS server

returns an attribute that indicates the access rights defined for that username.

To use RADIUS authentication, you must specify information about the

primary RADIUS server and optionally, a secondary RADIUS server to be used

as a backup.

The RADIUS server definition values specified in CPS commands must match

corresponding values configured on the RADIUS server.

On the RADIUS server, you must include CPS-specific information: the list of

valid users and their access rights for the CPS. Each user-rights attribute in the

RADIUS server’s dictionary must be specified as a string containing the user’s

access rights for the CPS, exactly matching the syntax used in the CPS User

Add command.

Consult your RADIUS administrator’s manual for information about specifying

users and their attributes. The exact process depends on the RADIUS server

you are using.

No authentication

When authentication is disabled, users are not authenticated. Telnet sessions

to serial ports are accepted immediately, and users are not asked for a

username or password. In this case, users are granted access only to the port

to which they are connected, including Break access. When authentication is

disabled, so is encryption.

Connections to the Telnet port (23), serial CLI and PPP are still authenticated

using the local CPS user database, even when authentication is expressly

disabled. Generally, these communications paths are used only by

administrators, and authentication is enforced in order to establish appropriate

access rights.

Download from Www.Somanuals.com. All Manuals Search And Download.

Chapter 3: Operations

This method cannot be used when SSH connections are enabled, nor can it be

combined with any other authentication method.

Authentication summary

The CPS allows concurrent use of multiple authentication modes. This allows

Telnet, SSH and DSView clients to all access a single CPS as long as the

appropriate authentication methods are enabled.

For example, if you enable DS and local authentication, DSView clients will

always be authenticated using DSAuth. Telnet, SSL and SSH clients will be

authenticated using DS first, and the CPS local user database second.

Similarly, if you enable DS and RADIUS authentication, DSView clients will

always be authenticated using DSAuth. Telnet, SSL and SSH clients will be

authenticated using the RADIUS servers.

As indicated above, the DS authentication server will always be used for DSView

clients. For Telnet, SSL and SSH clients, the order in which you specify the

authentication methods determines the order in which each method is used.

For example, if you enable local and RADIUS authentication (in that order),

authentication uses the CPS user database. If that fails, authentication goes to

the defined RADIUS servers. If you enable RADIUS and local authentication

(in that order), authentication goes first to the defined RADIUS servers. If that

fails, the local CPS user database is used.

To specify the authentication mode:

1. For RADIUS authentication, issue a Server RADIUS command.

SERVER RADIUS PRIMARY|SECONDARY IP=<radius_ip>

SECRET=<secret> USER-RIGHTS=<attr> [AUTHPORT=<udp>]

[TIMEOUT=<time-out>] [RETRIES=<retry>]

You must specify the server’s IP address, the UDP port to be used and a

“secret” to be used. You must also specify a user-rights attribute value that

matches a value in the RADIUS server’s dictionary.

You may also use this command to delete a RADIUS server deﬁnition.

SERVER RADIUS PRIMARY|SECONDARY DELETE

For more information, see Server RADIUS command in Chapter 5.

2. Issue a Server Security command, using the Authentication parameter to

specify the authentication mode and the Encrypt parameter to specify the

encryption type.

SERVER SECURITY AUTHENTICATION=<auth_mode>

Download from Www.Somanuals.com. All Manuals Search And Download.

CPS Installer/User Guide

ENCRYPT=<encrypt> DSAUTH=<dsauth>

If you specify DS authentication, you must:

Specify the IP address of a primary DS authentication server and

optionally, the IP address of a secondary DS authentication server.

- or -

Indicate that any DS authentication server may be used.

If you specify DS authentication, encryption is automatically enabled.

3. You are prompted to save the information. Enter Y to conﬁrm or N to cancel.

To display authentication conﬁguration information:

1. Issue a Show Server Security command.

SHOW SERVER SECURITY

The display includes the current CPS authentication and encryption

settings that were conﬁgured with the Server Security command. If SSH

access has been enabled, the display indicates SSH2. Regardless of whether

SSH is enabled, the display includes the authentication method speciﬁed

with the Server SSH command.

2. To display CPS RADIUS settings that were conﬁgured with the Server

RADIUS command, issue a Show Server RADIUS command.

SHOW SERVER RADIUS

For more information, see Server Security command, Show Server Security

command and Show Server RADIUS command in Chapter 5, plus Connecting

to devices using SSH and Encryption in this chapter.

Encryption

When you use any authentication method other than None, you may indicate

the encryption type to be used. The following table lists the valid types.

Encryption Types

Value

None

DES

Encryption Type

None.

SSL Single DES encryption. *

SSLTriple DES encryption. *

3DES

128

SSL 128-bit encryption, which is compatible with the Avocent Telnet

client that uses RC4 encryption. *

SSH

SSH2 encryption.

* When you specify more than one SSL encryption type, the CPS negotiates the strongest

algorithm that is supported by both sides. The strongest algorithm is 128, followed by 3DES

and DES. The order in which you specify the SSL types is not signiﬁcant.

Download from Www.Somanuals.com. All Manuals Search And Download.

Chapter 3: Operations

Since the CPS allows multiple connection modes to operate concurrently, you

can specify multiple encryption types. For example, the following command

enables connections via Telnet and via DSView SSL Telnet using Triple DES

or RC4 encryption.

server security encrypt=none,3des,128

The following command enables connections via DSView SSL Telnet using

only DES. SSH2 client connections are also enabled, but plain text Telnet

sessions are not allowed.

server security encrypt=des,ssh

The following command enables connections via SSH2 clients only. Plain text

Telnet and Avocent SSL connections will be refused.

server security encrypt=ssh

To specify encryption method(s):

Issue a Server Security command, using the Encrypt parameter to specify one

or more encryption algorithm values, separated by commas.

SERVER SECURITY ENCRYPT=<encrypt>

If you specify DS authentication and do not specify an encryption algorithm, a

default value of 128,3DES,DES is used.

If you disable authentication (Auth=None), you cannot specify any encryption.

You may disable encryption for all authentication methods except DS.

For more information, see Server Security command in Chapter 5.

To display encryption conﬁguration information:

Issue a Show Server Security command.

SHOW SERVER SECURITY

For more information, see Show Server Security command in Chapter 5.

Using Security Lock-out

When the Security Lock-out feature is enabled, a user will be locked-out after

five consecutive authentication failures. A successful authentication will

reset the counter to zero. You may configure a lock-out period of from 1-99

hours. Specifying a lock-out period of Ø disables the feature; that is, users

will not be locked-out.

Download from Www.Somanuals.com. All Manuals Search And Download.

CPS Installer/User Guide

A locked-out user will remain locked-out until the specified time elapses,

the CPS is power-cycled or the user is unlocked by an administrator with

the User Unlock command. A user with the ADMIN access level can unlock

all users except a user with the APPLIANCEADMIN level. A user with the

APPLIANCEADMIN level can unlock all users.

To enable or disable Security Lock-out:

1. To enable Security Lock-out, issue a Server Security command, using the

Lockout parameter with a value between 1-99.

2. To disable Security Lock-out, issue a Server Security command, using the

Lockout=Ø parameter.

To unlock a locked-out user:

Issue a User Unlock command with the username.

Managing the Port History Buffer

Each CPS serial port has a circular history buffer that contains the latest 64K

bytes of data received from the attached serial device. This information may be

helpful in analyzing device anomalies.

The history buffer begins filling with received data upon completion of CPS

initialization, even if no user is connected. When you connect to a serial

port, the data that was received from the attached serial device prior to the

connection is available in the buffer. Once online, new data continues to be

stored in the buffer. You may choose whether to display the history buffer’s

content automatically when you connect and whether to keep or discard the

history buffer’s content at the end of a session.

When more than 64K bytes of data are sent to the history buffer, data at the top

of the buffer is discarded to make room for the new data. As a result, the buffer

always contains the most recent 64K bytes of port history.

Using port history mode commands

Once you are in port history mode, you may issue the commands listed in the

following table. Only the first letter of the command is required.

Download from Www.Somanuals.com. All Manuals Search And Download.

Chapter 3: Operations

Port History Mode Commands

Command

Description

Bottom

B sets the view location to the bottom of the ﬁle minus 23 history

display lines, if available.

Clear

C clears the port history buffer.

N increments the current history display line by the number of lines

per page and outputs a new history display page.

P decrements the current history display line by the number of lines

per page and outputs a new history display page.

Quit

Q returns to the normal CLI.

Resume

R leaves port history mode and CLI mode and resumes the session

with the attached serial device. This single command is equivalent to

sequentially using the Quit and Resume commands.

S searches the port history buffer for a speciﬁed text string. Search

strings with embedded spaces must be enclosed in quotes.

By default, the search is case sensitive. To ignore case, enter -i before

the string. To specify direction, type -u to search up from the current

line toward the top of the buffer or -d to search down from the current

line toward the bottom of the buffer. The search direction remains in

effect for subsequent searches until you change the search direction.

If the string is found, the current history display line is set to the line

containing the string, and the CPS outputs a history display page. If the

string is not found, an error message is displayed, no other information

is output and the current history display line is not changed.

Entering the Search command with no parameters searches again

for the previous string in the same direction as the previous search.

Top

T sets the current history display line to one and outputs a history

display page.

The following examples assume the user is in port history mode.

The following command searches the history buffer in the upward direction

for the string Abort Process.

PORT HISTORY> s -u “Abort Process”

The following command searches the history buffer for the string Process,

ignoring case.

PORT HISTORY> s -i Process

For more information, see Server CLI command and Port History command in

Chapter 5.

Download from Www.Somanuals.com. All Manuals Search And Download.

CPS Installer/User Guide

To access port history mode:

Issue a Port History command.

PORT HISTORY

The PORT HISTORY > prompt appears.

To control the port history buffer display when you connect:

Issue a Server CLI command, using the History parameter to specify the Hold

or Auto option:

SERVER CLI HISTORY=HOLD|AUTO

•

If Hold is speciﬁed, the number of bytes in the history buffer is displayed,

but none of the history data is output. In this case, you must access the

CLI and use the Port History command to view the port’s history buffer

content. This is the default mode.

If Auto is speciﬁed, the number of bytes in the history buffer is displayed

and the entire content of the buffer is output to the Telnet session. In this

mode, the history buffer’s content can be reviewed in the Telnet client’s

scrolling window. You may also use the Port History command to view the

port’s history buffer content.

To control the port history buffer content when you end a session:

Issue a Server CLI command, using the History parameter to specify the Clear

or Keep option:

SERVER CLI HISTORY=CLEAR|KEEP

•

If Clear is speciﬁed, the port history buffer is cleared and all data is

discarded at the end of a session.

If Keep is speciﬁed, the port history buffer’s content is retained at the end

of a session.

To clear and discard all data in a port history buffer:

Issue a Clear command while you are in port history mode.

CLEAR

- or -

Issue a Server CLI command, indicating History=Clear.

SERVER CLI HISTORY=CLEAR

In this case, the port’s history buffer is cleared at the end of each device session.

Download from Www.Somanuals.com. All Manuals Search And Download.

Chapter 3: Operations

Managing SNMP Structures

The CPS provides a set of commands that create and manage SNMP structures

for use by third-party network management products. These commands cover

the following operations:

•

Enabling and disabling SNMP UDP port 161 SNMP processing

Deﬁning read, write and trap community names

Deﬁning and deleting up to four SNMP management entity IP addresses

Enabling and disabling SNMP traps

Deﬁning and deleting up to four trap destination IP addresses

Deﬁning, copying and deleting up to ten alert strings for each port

To enable or disable SNMP processing:

1. To enable SNMP processing, issue a Server SNMP command with the

Enable parameter. This is the default setting.

SERVER SNMP ENABLE

2. To disable SNMP processing, issue a Server SNMP command with the

Disable parameter.

SERVER SNMP DISABLE

For more information, see Server SNMP command in Chapter 5.

To specify SNMP community names:

Issue a Server SNMP Community command, using the Readcomm, Writecomm

and Trapcomm parameters to specify community names.

SERVER SNMP COMMUNITY READCOMM=<name>

WRITECOMM=<name> TRAPCOMM=<name>

Although all three community names default to public, if you specify a trap

community name with this command, it must be different from the read and

write community names.

For more information, see Server SNMP Community command in Chapter 5.

To add or delete SNMP management entity addresses:

1. To add an SNMP management entity address, issue a Server SNMP

Manager command with the Add parameter and the management

entity’s IP address. You may deﬁne up to four SNMP management entity

addresses, using separate commands.

SERVER SNMP MANAGER ADD <ip_address>

Download from Www.Somanuals.com. All Manuals Search And Download.

CPS Installer/User Guide

When you deﬁne at least one SNMP manager, SNMP requests are processed

if they are from one of the deﬁned SNMP managers. If a request is not from

one of the deﬁned SNMP managers, the SNMP request is discarded.

2. To delete an SNMP management entity address, issue a Server SNMP

Manager command with the Delete parameter and the management

entity’s IP address.

SERVER SNMP MANAGER DELETE <ip_address>

For more information, see Server SNMP Manager command in Chapter 5.

To enable or disable SNMP traps:

1. To enable SNMP traps, issue a Server SNMP Trap command with the

Enable parameter.

SERVER SNMP TRAP ENABLE

The CPS will display a numbered list of traps that are currently disabled

with a prompt requesting you to select trap(s) to enable. Indicate the traps

to be enabled by entering a trap’s list number, several numbers separated

by commas, a range of numbers separated by a dash or a combination

of numbers with commas and dashes. To enable all traps, type ALL. To

cancel the command, press Enter.

- or -

To enable all SNMP traps, issue a Server SNMP Trap command with the

Enable and All parameters. In this case, the numbered list is not displayed.

SERVER SNMP TRAP ENABLE ALL

2. To disable SNMP traps, issue a Server SNMP Trap command with the

Disable parameter.

SERVER SNMP TRAP DISABLE

The CPS will display a numbered list of traps that are currently enabled

with a prompt requesting you to select trap(s) to disable. Indicate the traps

to be disabled by entering a trap’s list number, several numbers separated

by commas, a range of numbers separated by a dash or a combination

of numbers with commas and dashes. To disable all traps, type ALL. To

cancel the command, press Enter.

- or -

To disable all SNMP traps, issue a Server SNMP Trap command with the

Disable and All parameters. In this case, the numbered list is not displayed.

SERVER SNMP TRAP DISABLE ALL

For more information, see Server SNMP Trap command in Chapter 5. The

Avocent web site www.avocent.com/support describes the supported traps.

Download from Www.Somanuals.com. All Manuals Search And Download.

Chapter 3: Operations

To add or delete SNMP trap destination addresses:

1. To add an SNMP trap destination address, issue a Server SNMP Trap

Destination command with the Add parameter and the destination’s

IP address. You may deﬁne up to four destination addresses, using

separate commands.

SERVER SNMP TRAP DESTINATION ADD <ip_address>

2. To delete an SNMP trap destination address, issue a Server SNMP Trap

Destination command with the Delete parameter and the destination’s

IP address.

SERVER SNMP TRAP DESTINATION DELETE <ip_address>

For more information, see Server SNMP Trap Destination command in Chapter 5.

To add, copy or delete port alert strings:

1. To add a port alert string, issue a Port Alert Add command, specifying the

port number and a 3-32 character string. You may deﬁne up to ten strings

for each port, using separate commands. The alert string will only generate

a trap if the portAlert trap is enabled with a Server SNMP Trap command.

PORT <port> ALERT ADD “<string>”

2. To delete a port alert string, issue a Port Alert Delete command, specifying

a port number.

PORT <port> ALERT DELETE

The CPS displays a numbered list of alert strings that have been deﬁned

for the speciﬁed port with a prompt requesting you to select alert string(s)

to delete. Indicate the alert strings to be deleted by entering an alert

string’s list number, several numbers separated by commas, a range of

numbers separated by a dash or a combination of numbers with commas

and dashes. To delete all alert strings, type ALL. To cancel the command,

press Enter.

3. To copy the deﬁned alert strings from one port to another port, issue a Port

Alert Copy command, specifying the port numbers to be copied to and from.

PORT <to_port> ALERT COPY <from_port>

At the conﬁrmation prompt, press Y to conﬁrm or N to cancel. When the

copy operation occurs, all previously deﬁned strings on the port being

copied to will be replaced.

For more information, see Port Alert Add command, Port Alert Copy command

and Port Alert Delete command in Chapter 5.

Download from Www.Somanuals.com. All Manuals Search And Download.

CPS Installer/User Guide

To display SNMP conﬁguration information:

Issue a Show Server SNMP command.

SHOW SERVER SNMP

The display includes information specified with the Server SNMP, Server

SNMP Community, Server SNMP Manager, Server SNMP Trap and Server

SNMP Trap Destination commands.

For more information, see Show Server SNMP command in Chapter 5.

To display port alert string information:

Issue a Show Port Alert command, specifying a port number.

SHOW PORT <port> ALERT

The display lists all the port’s defined alert strings.

For more information, see Show Port Alert command in Chapter 5.

Download from Www.Somanuals.com. All Manuals Search And Download.

Using CPS Commands

Contents

Accessing the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

Entering Commands . . . . . . . . . . . . . . . . . . . . . . . . 45

Understanding Conventions . . . . . . . . . . . . . . . . . . 46

Command Summary . . . . . . . . . . . . . . . . . . . . . . . . 48

Download from Www.Somanuals.com. All Manuals Search And Download.

Chapter 4: Using CPS Commands

Accessing the CLI

You may access the CLI in three ways: using the Telnet CLI, using the serial CLI

or entering the CLI access character during a session to a serial device. When

the CLI is accessed, its prompt appears (>), indicating you may type a command.

Entering Commands

At the command prompt, type a command and then press Return or Enter.

When the key is pressed, the command line comprises all characters to the left

of the cursor. The character at the cursor and any characters to the right of the

cursor are ignored. The following table lists the line editing operations for VT100

compatible devices.

Line Editing Operations for VT100 Compatible Devices

Operation

Backspace

Action

The character immediately before the cursor is erased and all text at

and to the right of the cursor moves one character to the left.

Left Arrow

Right Arrow

Up Arrow

If the cursor is not at the beginning of the line, the cursor moves one

character to the left. If the cursor is at the beginning of the line, no

action is taken.

If the cursor is not at the end of the line, the cursor moves one

character to the right. If the cursor is at the end of the line, no

action is taken.

The CLI maintains a buffer containing the last 16 typed command

lines. If there is a previous command line, it will be output as the

current command line and can be edited. If there is no previous

command line in the command line buffer, the command line is set to

blanks and you may enter a new command.

Down Arrow

Delete

The next command in the CLI command line buffer is made available

for edit. If there is no next command line, the command line is set to

blanks and you may enter a new command.

The character at the cursor position is deleted and all characters to

the right of the cursor position are moved left one character.

The following table lists the line editing operations for ASCII TTY devices.

There is no command line buffer available on an ASCII TTY device.

Line Editing Operations for ASCII TTY Devices

Operation

Backspace

Esc

Action

Erases the last character typed.

Erases the current command line.

Download from Www.Somanuals.com. All Manuals Search And Download.

CPS Installer/User Guide

When commands take effect

Each command is completely processed before the next command can be entered.

Some commands prompt for confirmation before they are processed. In these

cases, you must confirm or cancel by entering Y or N respectively.

If you enter a Server FLASH command or if you change the CPS IP address with

a Server Set command, a CPS reboot is required before the change becomes

effective. In these cases, the CPS database is updated when you enter the

command and you are prompted that the change will not take effect until the

CPS reboots. You may choose to reboot at that time, or you may decline. When

the CPS reboots, your session and all other sessions on the CPS are terminated.

Understanding Conventions

This section describes the parts of a CPS command and the conventions used

in this document to describe a command’s syntax.

Command syntax

A command may have four types of syntax: positional commands, positional

parameters, keyword parameters and keyword values. The following examples

demonstrate the syntax types.

The following Set Port command changes the baud rate and flow control

settings for port 2.

> PORT 2 SET BAUD=57600 FLOW=XONXOF

Command Syntax Types in Example Command

Value

PORT

Syntax

Positional command.

Positional parameter that indicates the port number for the command.

Positional command that indicates port settings are to be changed.

Keyword parameter, which is always followed by an equal (=) sign.

SET

BAUD

57600

Keyword value indicating the baud rate value for the BAUD

keyword parameter.

FLOW

Keyword parameter, which is always followed by an equal (=) sign.

Keyword value.

XONXOF

Not every command will contain all syntax types. For example, the following

command reboots the CPS.

>SERVER REBOOT

Download from Www.Somanuals.com. All Manuals Search And Download.

Chapter 4: Using CPS Commands

In this case, both SERVER and REBOOT are positional commands.

In most cases, one or more spaces separate positional commands, positional

parameters and keyword parameters.

For most positional commands, positional parameters or keyword parameters,

you only need to enter the first three characters. The exceptions are:

•

When you specify a terminal type with the Type parameter in the Server

CLI command, you must enter all characters.

When you specify an authentication method with the Auth parameter in

the Server SSH command, you must enter all characters.

When you specify control signal monitoring with the Power parameter in

the Port Set command, you must enter all characters.

With the exception of usernames and passwords, commands are not case

sensitive; they can be entered in uppercase, lowercase or a combination. For

example, all of the following commands are correct.

> PORT 2 SET BAUD=57600 FLOW=XON

> POR 2 SET BAU=57600 FLOW=XON

> por 2 Set Baud=57600 flow=xon

> port 2 set baud=57600 flow=xon

NOTE: Usernames and passwords are case sensitive. These values are stored exactly as

you enter them. For example, the username “Ann” must be entered with an uppercase “A”

and all other letters lowercase. The username “ANN” will not be accepted by the CPS as the

username “Ann.” Usernames and passwords must contain 3-16 alphanumeric characters.

Any syntax errors are displayed, and where applicable, the error is underlined.

In the following example, the keyword parameter “baud” is misspelled. Even if

more than three characters are entered, they must all be correct.

> port 2 Set Baux=57600 flow=xon

----

ERR 26 - SET keyword parameter invalid

In the following example, the keyword value “576” is not valid. Numeric

keyword values must be fully specified and may not be shortened to

three characters.

> POR 2 SET BAUD=576 FLOW=XON

---

ERR 27 - SET keyword value invalid

Download from Www.Somanuals.com. All Manuals Search And Download.

CPS Installer/User Guide

In the following example, there are spaces between BAUD, the equal sign and

the value 57600. Spaces are not permitted between keyword parameters and

their values.

> POR 2 SET BAUD = 57600 FLOW=XON

------------

ERR 26 - SET keyword parameter invalid

Syntax conventions

This manual uses the following command syntax conventions:

•

Brackets [ ] surround optional keywords and values.

Angle brackets < > surround user-supplied positional parameters and

keyword parameter values.

•

In most cases, choices are separated by a vertical bar |. The description

indicates if you may specify more than one of the choices and how to

separate multiple values. The exception is the Server SSH command. In

this case, the vertical bar is speciﬁed on the command line when you

want to enable the “password or key” method (PW|KEY) or the “key or

password” method (KEY|PW).

Command Summary

The following table lists the CPS commands, including a brief description plus

the required access rights and level.

CPS Command Summary

Command

Description, Access Right and Access Level *

Connect

Accesses devices from the serial CLI port.

Access right: port-speciﬁc; Access level: A and AA **

Disconnect

Help

Ends a device session initiated with Connect command.

Access right: port-speciﬁc; Access level: A and AA **

Displays information about commands.

Access right: none needed; Access level: all

Port Alert Add

Port Alert Copy

Port Alert Delete

Port Break

Adds a port alert string.

Access right: SCON or PCON; Access level: A and AA

Copies a port’s alert strings to another port.

Access right: SCON or PCON; Access level: A and AA

Deletes one or more port alert strings.

Access right: SCON or PCON; Access level: A and AA

Sends a break signal to the attached device.

Access right: BREAK; Access level: A and AA

Port History

Accesses the port history buffer.

Access right: none needed; Access level: all

Download from Www.Somanuals.com. All Manuals Search And Download.

Chapter 4: Using CPS Commands

CPS Command Summary (Continued)

Command

Description, Access Right and Access Level *

Port Logout

Terminates the CPS session on a speciﬁed port.

Access right: USER; Access level: A and AA

Port Set

Quit

Changes port settings.

Access right: SCON or PCON; Access level: A and AA

Terminates the current CPS session.

Access right: none needed; Access level: all

Resume

Server CLI

Resumes device connection after being in CLI mode.

Access right: none needed; Access level: all

Speciﬁes the serial CLI port, port type and access

character; enables/disables device connection from the CLI

port; speciﬁes a modem initialization string; speciﬁes port

history mode operations and a port time-out value.

Access right: SCON; Access level: AA

Server FLASH

Server PPP

Updates the CPS FLASH.

Access right: SCON; Access level: AA

Enables/disables a PPP server on the serial CLI port.

Access right: SCON; Access level: AA

Server RADIUS

Server Reboot

Server Security

Speciﬁes RADIUS server parameters.

Access right: SCON; Access level: AA

Reboots the CPS.

Access right: SCON; Access level: AA

Speciﬁes user authentication mode, encryption algorithms

and security lock-out.

Access right: SCON; Access level: AA

Server Set

Changes CPS addresses.

Access right: SCON; Access level: AA

Server SNMP

Enables/disables UDP port 161 SNMP processing.

Access right: SCON; Access level: AA

Server SNMP Community

Server SNMP Manager

Server SNMPTrap

Deﬁnes read, write and trap SNMP community strings.

Access right: SCON; Access level: AA

Deﬁnes/deletes SNMP management entities.

Access right: SCON; Access level: AA

Enables/disables SNMP traps.

Access right: SCON; Access level: AA

Server SNMPTrap Destination Deﬁnes/deletes destinations for enabled SNMP traps.

Access right: SCON; Access level: AA

Server SSH

Enables/disables SSH session access to the CPS and

speciﬁes the SSH authentication method.

Access right: SCON; Access level: AA

Show Port

Displays port conﬁguration information and statistics.

Access right: SMON; Access level: A and AA

Download from Www.Somanuals.com. All Manuals Search And Download.

CPS Installer/User Guide

CPS Command Summary (Continued)

Command

Description, Access Right and Access Level *

Show Port Alert

Displays a port’s alert strings.

Access right: SMON; Access level: A and AA

Show Server

Show Server CLI

Show Server PPP

Show Server RADIUS

Show Server Security

Show Server SNMP

Show User

Displays CPS conﬁguration, statistics and session information.

Access right: SMON; Access level: A and AA

Displays information speciﬁed with the Server CLI command.

Access right: SMON; Access level: A and AA

Displays PPP settings.

Access right: SMON; Access level: A and AA

Displays RADIUS settings.

Access right: SMON; Access level: A and AA

Displays authentication, encryption and lock-out settings.

Access right: SMON; Access level: A and AA

Displays SNMP conﬁguration information.

Access right: SMON; Access level: A and AA.

Displays user conﬁguration and session information.

Access right: SMON; Access level: A and AA

SPC

Changes SPC port settings.

Access right: SCON or PCON; Access level: A and AA

User Add

Adds a new user.

Access right: USER; Access level: A and AA

User Delete

Deletes a user.

Access right: USER; Access level: A and AA

User Logout

Terminates a user’s session.

Access right: USER; Access level: A*** and AA

User Set

Changes a user’s conﬁguration information.

Access right: USER; Access level: A and AA

User Unlock

Unlocks a locked-out user.

Access right: USER; Access level: A*** and AA

* A indicates ADMINISTRATOR level, AA indicates APPLIANCEADMIN level.

** Users who do not have the ADMINISTRATOR or APPLIANCEADMIN level must have the

appropriate port access conﬁgured to issue this command.

*** A user with ADMINISTRATOR level can issue a User Logout or User Unlock command for

users with any level other than APPLIANCEADMIN.

Download from Www.Somanuals.com. All Manuals Search And Download.

CPS Commands