Opengear User Manual
Total Page:16
File Type:pdf, Size:1020Kb
User Manual ACM5000 & ACM5500 Management Gateways IM4200 Infrastructure Managers CM4100 Console Servers SD4000 Secure Device Servers Rev: 4.8 th April 9 2013 Data Center and Remote Site Management - User Manual 1 Safety Please take care to follow the safety precautions below when installing and operating the console server: - Do not remove the metal covers. There are no operator serviceable components inside. Opening or removing the cover may expose you to dangerous voltage which may cause fire or electric shock. Refer all service to Opengear qualified personnel - To avoid electric shock the power cord protective grounding conductor must be connected through to ground. - Always pull on the plug, not the cable, when disconnecting the power cord from the socket. Do not connect or disconnect the console server during an electrical storm. Also it is recommended you use a surge suppressor or UPS to protect the equipment from transients. FCC Warning Statement This device complies with Part 15 of the FCC rules. Operation of this device is subject to the following conditions: (1) This device may not cause harmful interference, and (2) this device must accept any interference that may cause undesired operation. Proper back-up systems and necessary safety devices should be utilized to protect against injury, death or property damage due to system failure. Such protection is the responsibility of the user. This console server device is not approved for use as a life-support or medical system. Any changes or modifications made to this console server device without the explicit approval or consent of Opengear will void Opengear of any liability or responsibility of injury or loss caused by any malfunction. This equipment is for indoor use and all the communication wirings are limited to inside of the building. Publishing history Date Revision Update details Jan 2010 3.8.4 SD4001 product Mar 2010 3.8.5 ACM5004-G, fixed Failover details and added DDNS June 2010 3.9 V3.1 (shadow password, deg F, SNMP, SMS gateway) and ACM5004-I Aug 2010 3.9.1 V3.2 (OpenVPN, Zenoss, config commit, Call Home) Dec 2010 4.0 V3.3 (Firewall router, Web Terminal, SNMP updates) June 2011 4.1 V3.4 (GPS support, SNMP traffic monitoring and IPv6, 32 port models, SMS over cellular) Oct 2011 4.2 V3.5 (Auto-Response) Nov 2011 4.3 V3.5.2 (PPTP, GRE, Groups, FTP server, multiple dial-in, pmshell). Add IM4216-34 Feb 2012 4.4 V3.5.2u3 (Kerberos, Cisco RJ in SD4000, Add ACM5500, Remove KCS) April 2012 4.5 V3.5.2u14 (Cellular redial) July 2012 4.6 V3.5.3 (SMS ARM, simple key, Services page) and SD4001 Rev-01, EoL CM4001/4008 Dec 2012 4.7 V3.6 (Authenticated NTP), ACM5504-5-G-W-I release and EoL IM4004-5 April 2013 4.8 V3.7 4G LTE support Copyright ©Opengear Inc. 2013. All Rights Reserved. Information in this document is subject to change without notice and does not represent a commitment on the part of Opengear. Opengear provides this document “as is,” without warranty of any kind, expressed or implied, including, but not limited to, the implied warranties of fitness or merchantability for a particular purpose. Opengear may make improvements and/or changes in this manual or in the product(s) and/or the program(s) described in this manual at any time. This product could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein; these changes may be incorporated in new editions of the publication. Data Center and Remote Site Management - User Manual 3 Table of Contents TABLE OF CONTENTS THIS MANUAL 12 INSTALLATION 16 2.1 Models 16 2.1.1 IM4208-2, IM4216-2, IM4232-2, IM4248-2 and IM4216-34 kit components 17 2.1.2 CM4116, CM4132 and CM4148 kit components 18 2.1.3 SD4002 kit components 18 2.1.4 SD4001 kit components 19 2.1.5 ACM5000 kit components 19 2.1.6 ACM5500 kit components 20 2.2 Power Connection 20 2.2.1 All IM4200-DAC models 20 2.2.2 All CM4100-SAC models 21 2.2.3 SD4002 and SD4001 power 21 2.2.4 All ACM5000 models 21 2.2.5 All ACM5500 models 22 2.2.6 IM4216-34-DDC, IM4208-2-DDC, IM4216-2-DDC, IM4232-2-DDC and IM4248-2-DDC power 22 2.3 Network Connection 23 2.4 Serial Port Connection 24 2.4.1 Opengear Classic RJ45 pinout (option –X0) 25 2.4.2 Cisco Rolled (Cyclades) RJ45 pinout (option -X1) 25 2.4.3 Cisco RJ45 pinout (option -X2) 25 2.5 USB Port Connection 26 2.6 Fitting Cellular SIM and Antennas 26 2.6.1 ACM5004-G models 27 2.6.2 ACM5500-G models 27 2.6.3 ACM5500-L models 28 2.6.4 IM4200-G models 29 2.6.5 External USB cellular modems 29 2.7 Digital I/O and Environmental Sensors 29 SYSTEM CONFIGURATION 30 3.1 Management Console Connection 30 3.1.1 Connected computer set up 30 3.1.2 Browser connection 31 3.2 Administrator Set up 32 3.2.1 Change default root System Password 32 3.2.2 Set up a new Administrator 33 3.2.3 Name the System 33 3.3 Network Configuration 34 3.3.1 IPv6 configuration 35 3.3.2 Dynamic DNS (DDNS) configuration 35 3.4 Services and Service Access 37 3.5 Communications Software 40 3.5.1 SDT Connector 40 3.5.2 PuTTY 41 3.5.3 SSHTerm 42 3.6 Management Network Configuration 42 3.6.1 Enable the Management LAN 42 3.6.2 Configure the DHCP server 44 3.6.3 Select Failover or broadband OOB 45 3.6.4 Aggregating the network ports 46 3.6.5 Wi-Fi Wireless LAN 47 3.6.7 Static routes 50 SERIAL PORT, HOST, DEVICE & USER CONFIGURATION 52 4 Data Center and Remote Site Management - User Manual User Manual 4.1 Configure Serial Ports 52 4.1.1 Common Settings 53 4.1.2 Console Server Mode 54 4.1.3 SDT Mode 58 4.1.4 Device (RPC, UPS, EMD) Mode 58 4.1.5 Terminal Server Mode 59 4.1.6 Serial Bridging Mode 59 4.1.7 Syslog 60 4.1.8 NMEA Streaming 60 4.1.9 Cisco USB console connection 61 4.2 Add/ Edit Users 62 4.2.1 Set up new Group 64 4.2.2 Set up new Users 64 4.3 Authentication 66 4.4 Network Hosts 66 4.5 Trusted Networks 68 4.6 Serial Port Cascading 69 4.6.1 Automatically generate and upload SSH keys 69 4.6.2 Manually generate and upload SSH keys 71 4.6.3 Configure the slaves and their serial ports 72 4.6.4 Managing the slaves 73 4.7 Serial Port Redirection (PortShare) 73 4.8 Managed Devices 74 4.9 IPsec VPN 76 4.9.1 Enable the VPN gateway 77 4.10 OpenVPN 78 4.10.1 Enable the OpenVPN 79 4.10.2 Configure as Server or Client 80 4.10.3 Windows OpenVPN Client and Server set up 83 4.11 PPTP VPN 87 4.11.1 Enable the PPTP VPN server 87 4.11.2 Add a PPTP user 89 4.11.3 Set up a remote PPTP client 89 4.12 Call Home 91 4.12.1 Set up Call Home candidate 91 4.12.2 Accept Call Home candidate as Managed Console Server on CMS 92 4.12.3 Calling Home to a generic central SSH server 94 FIREWALL, FAILOVER & OOB ACCESS 96 5.1 Dialup Modem Connection 96 5.2 OOB Dial-In Access 96 5.2.1 Configure Dial-In PPP 96 5.2.2 Using SDT Connector client 99 5.2.3 Set up Windows XP/ 2003/Vista/7 client 99 5.2.4 Set up earlier Windows clients 99 5.2.5 Set up Linux clients 100 5.3 Dial-Out Access 100 5.3.1 Always-on dial-out 100 5.3.2 Failover dial-out 101 5.4 OOB Broadband Ethernet Access 103 5.5 Broadband Ethernet Failover 104 5.6 Cellular Modem Connection 105 5.6.1 Connecting to a GSM HSUPA/UMTS carrier network 106 5.6.2 Connecting to a CDMA EV-DO carrier network 107 5.6.3 Connecting to a 4G LTE carrier network 109 5.6.4 Verifying the cellular connection 110 Data Center and Remote Site Management - User Manual 5 Table of Contents 5.6.5 Cellular modem watchdog 111 5.7 Cellular Operation 111 5.7.1 OOB access set up 112 5.7.2 Cellular failover setup 112 5.7.3 Cellular routing 114 5.7.4 Cellular CSD dial-in setup 114 5.8 Firewall & Forwarding 115 5.8.1 Configuring network forwarding and IP masquerading 116 5.8.2 Configuring client devices 118 5.8.3 Port / Protocol forwarding 120 5.8.4 Firewall rules 121 SSH TUNNELS & SDT CONNECTOR 124 6.1 Configuring for SSH Tunneling to Hosts 125 6.2 SDT Connector Client Configuration 125 6.2.1 SDT Connector client installation 125 6.2.2 Configuring a new gateway in the SDT Connector client 126 6.2.3 Auto-configure SDT Connector client with the user’s access privileges 128 6.2.4 Make an SDT connection through the gateway to a host 128 6.2.5 Manually adding hosts to the SDT Connector gateway 129 6.2.6 Manually adding new services to the new hosts 130 6.2.7 Adding a client program to be started for the new service 132 6.2.8 Dial in configuration 133 6.3 SDT Connector to Management Console 134 6.4 SDT Connector - telnet or SSH connect to serially attached devices 135 6.5 Using SDT Connector for out-of-band connection to the gateway 136 6.6 Importing (and exporting) preferences 137 6.7 SDT Connector Public Key Authentication 138 6.8 Setting up SDT for Remote Desktop access 138 6.8.1 Enable Remote Desktop on the target Windows computer to be accessed 138 6.8.2 Configure the Remote Desktop Connection client 140 6.9 SDT SSH Tunnel for VNC 142 6.9.1 Install and configure the VNC Server on the computer to be accessed 142 6.9.2 Install, configure and connect the VNC Viewer 144 6.10 Using SDT to IP connect to hosts that are serially attached to the gateway 145 6.10.1 Establish a PPP connection between the host COM port and console server 146 6.10.2 Set up SDT Serial Ports on console server 148 6.10.3 Set up SDT Connector to ssh port forward over the console server Serial Port 149 6.11 SSH Tunneling using other SSH clients (e.g.