![Aten SN0148CO [20/203] Security](/img/pdf.png)
Aten SN0148CO [20/203] Security
![Aten SN0132CO [20/203] Security](/views2/1977639/page20/bg14.png)
Serial Console Server User Manual
4
Command filter – administrators can restrict users to execute only pre-
defined commands
Multiple users can simultaneously access the same port – up to 16
connections per port
Modes for simultaneous access – Exclusive/Occupy/Share
Supports LLDP
Integrates with ATEN PDU* products for power management of each port
(SN01xxCO only)
Note: PON port reserved for PG Series PDU.
Security
Supports secure login from browsers with TLS 1.2 data encryption and
RSA 2048-bit certificates
Configurable user permissions for port access and control
Local and remote authentication and login
Third-party authentication via RADIUS, TACACS+, LDAP/AD and
Kerberos
IP and MAC address filter for enhanced security protection
High-Grade Security – supports FIPS 140-2 level 1 security standards that
use an embedded FIPS 140-2 certified OpenSSL cryptographic module
(Certificate #1747, #2398, #2473)
System Management
System configuration via web browser, Telnet/SSH client and local
console
System log and event login
Event Destination – Event logs will be saved to Log server, Syslog server,
and USB drive* (supports file system FAT8, FAT16 and FAT32)
SNMP agent
Event notification – supports notification of SMTP email, SNMP Trap,
and SMS* (with additional mobile devices)
Backup / Restore system configuration and upgradeable firmware
Multi-browser support – Internet Explorer, Chrome, Firefox
NTP for time server synchronization
Содержание
- Compliance statements 2
- Be sure to register your product at our online support center 3
- For telephone support call this number 3
- Industry canada statement this class a digital apparatus complies with canadian ices 003 3
- Online registration 3
- Rohs this product is rohs compliant 3
- Telephone support 3
- The sn0132co sn9108co and sn9116co are vcci compliant 3
- User information 3
- Vcci statement 3
- Batterie avis de sécurité 4
- Battery safety notice 4
- Safety notice 4
- User notice 4
- Package contents 5
- Product information 5
- Sn0108co sn0116co 5
- Sn0108cod sn0116cod 5
- Sn0132co sn0148co 6
- Sn0132cod sn0148cod 6
- Sn9108co sn9116co 6
- Chapter 1 7
- Contents 7
- Introduction 7
- Chapter 2 8
- Chapter 3 8
- Chapter 4 8
- Hardware setup 8
- Super administrator setup 8
- The user interface 8
- Chapter 5 9
- Chapter 6 9
- Port access 9
- Port operating modes 9
- Chapter 7 10
- Chapter 8 10
- Device management 10
- User management 10
- Appendix 11
- Chapter 10 11
- Chapter 9 11
- Maintenance 11
- About this manual 13
- Overview 13
- Conventions 14
- Terminology 15
- This page intentionally left blank 16
- Chapter 1 17
- Introduction 17
- Overview 17
- Features 19
- Serial console management 19
- System accessibility and availability 19
- Security 20
- System management 20
- Language 21
- Serial device management 21
- Requirements 22
- Dte dce auto sensing 23
- Browser version 24
- Browsers 24
- Serial console server user manual 24
- Supported browsers for logging into the device include the following 24
- Components 25
- Sn0108co sn0108cod front view 25
- Sn0116co sn0116cod front view 25
- Sn0132co sn0132cod front view 27
- Sn0148co sn0148cod front view 27
- Sn9108co front view 29
- Sn9116co front view 29
- Sn0108co rear view 31
- Sn0116co rear view 31
- Sn0108cod rear view dc power 32
- Sn0116cod rear view dc power 32
- Sn0132co rear view 33
- Sn0148co rear view 33
- Sn0132cod rear view dc power 34
- Sn0148cod rear view dc power 34
- Sn9108co rear view 35
- Sn9116co rear view 35
- This page intentionally left blank 36
- Before you begin 37
- Chapter 2 37
- Hardware setup 37
- Stacking 37
- Stacking and rack mounting 37
- Rack mounting 39
- Rack mounting front 39
- Rack mounting rear 41
- Serial console server installation 43
- Sn0108co sn0116co sn0132co sn0148co installation 43
- Chapter 2 hardware setup 45
- Note the example above shows a sn0148co serial console server the sn0108co sn0116co sn0132co units have the same ports and switches but with slightly different layouts see components page 9 for details 45
- Sn0108co sn0116co sn0132co sn0148co installation diagram 45
- Sn9108co sn9116co installation 46
- Sn9108co sn9116co installation diagram 47
- This page intentionally left blank 48
- Chapter 3 49
- First time setup 49
- Local login 49
- Overview 49
- Super administrator setup 49
- Console login hyperterminal 50
- Laptop usb console luc login snviewerusb 50
- Local console main menu 51
- Putty login 52
- Remote login 52
- Telnet login 52
- Browser login 53
- Network setup 54
- Changing the super administrator login 55
- Access 57
- Chapter 4 57
- Overview 57
- The user interface 57
- Local console operation 58
- Remote operation 59
- Web browser login 59
- Note the screen depicts a super administrator s page depending on a user s 60
- Page components 60
- The web browser main page 60
- The web page screen components are described in the table below 60
- To ensure multi platform operability access to the serial console server can be accomplished with most standard web browsers the chapters following this one give detailed information about each section of the web browser once users log in and are authenticated see page 43 the web browser main page comes up with the port access page displayed 60
- Type and permissions not all of these elements appear 60
- The number and type of icons that appear on the tab bar at the top of the page are determined by the user s type super administrator administrator user and the permissions assigned when the user s account was created the chapters following this one give detailed information about each section of the web browser the functions associated with each of the icons are explained in the table below 62
- The tab bar 62
- There are two small icons at the extreme right of the page their functions are described in the table below 62
- Snviewer 63
- Snviewer control panel 63
- Control panel functions 64
- The control panel functions are described below and in the following sections 64
- Data import 65
- The data import page opens a standard browse menu to import data files as shown below 65
- Encode 66
- Message display panel 66
- The message board 66
- Compose panel 67
- Macros 67
- Terminal application 67
- User list panel 67
- Terminal settings 68
- The telnet and putty main menus are the text based equivalent of the browser based configuration and control functions described throughout this manual you can reference the information provided for the browser version as you work your way through the submenus once you login the following text based menu s appear 68
- The terminal settings page allows you make changes to the appearance of the terminal window as described below 68
- Telnet menu driven text ui 70
- Terminal application 70
- Chapter 5 73
- Overview 73
- Port operating modes 73
- Console management 74
- Operating mode 74
- Real com port 74
- Tcp server raw tcp 74
- Tcp server tcp client serial tunnel 74
- Tcp client 75
- Udp mode 75
- Virtual modem 75
- Console management direct 76
- Disabled 76
- Chapter 6 77
- Overview 77
- Port access 77
- The sidebar 78
- The sidebar tree structure 78
- A show is displayed on the bottom left hand corner of the page it is a filter function that allows you to control the number and type of ports that display in the sidebar when you click show the bottom of the panel changes to look similar to the image below 79
- Filter 79
- The meanings of the choices are explained in the following table 79
- Connections 80
- The main panel on the connections page displays the port list from here you can select and connect to the serial devices via the port they are connected to 80
- Port attributes 81
- Telnet ssh 81
- Favorites 83
- History 83
- Preferences 84
- The page settings are explained in the following table 84
- The preferences page allows users to set up their own individual working environments the serial console server stores a separate configuration record for each user profile and sets up the working configuration according to the username that was keyed into the login dialog box 84
- Note 1 the session page is not available for ordinary users 85
- Sessions 85
- The session page lets the administrator and users with user management permissions see at a glance which users are currently logged into the serial console server and provides information about each of their sessions 85
- Users with user management permissions can only see the sessions of ordinary users 85
- Access 86
- Use the radio buttons to configure access rights on the user access and group access page the meaning of the columns are given in the table below 87
- Properties 88
- Save copy 89
- Save copy at the bottom right side of each properties page you can click save to save the settings for the selected port or save copy which allows you to copy and save the current port settings for any all other ports as shown here 89
- Simply select the ports you want to save the current setting to and click ok 89
- Port buffering 90
- Console management 91
- Operating mode 91
- Alert strings 92
- The port alert strings dialog box provides a way for you to be informed about problems that occur on the devices connected to the serial console server s ports 92
- Check enable to encrypt all data being transfered through the session 94
- Probe string is the string the system sends for response check the default is x0d x0d represents enter x1b represents esc 94
- Query frequency is how often you send the response check the default is 30 in seconds enter a number between 10 9999 94
- Real com port 94
- Tcp server 94
- Tcp client 95
- Check enable to encrypt all data being transfered through the session 96
- Udp mode 96
- Virtual modem 96
- Console management direct 97
- General settings 97
- Disabled 98
- Chapter 7 99
- Overview 99
- User management 99
- Adding users 100
- Click add at the bottom of the main panel the user notebook opens with the user tab selected 100
- Select users in the sidebar 100
- The serial console server supports three user types as shown in the table for up to a maximum of 64 users allowing 64 concurrent logins to access the system 100
- To add a user and assign user permissions do the following 100
- Enter the required information in the appropriate fields a description of each of the fields is given in the table below 101
- At this point you can assign the new user to a group by selecting the groups tab the groups page is discussed on page 91 you can also assign the user s port access rights by selecting the devices tab the devices page is discussed on page 96 102
- Groups and come back to it later 102
- Note optionally you can skip this step now to add more users and create 102
- When the operation succeeded message appears click ok 102
- When your selections have been made click save 102
- Deleting user accounts 103
- Modifying user accounts 103
- Creating groups 104
- Groups 104
- Deleting groups 106
- Modifying groups 106
- Assigning users to a group from the user s notebook 107
- Users and groups 107
- Removing users from a group from the user s notebook 109
- Assigning users to a group from the group s notebook 110
- Removing users from a group from the group s notebook 111
- Assigning device permissions under user settings 112
- Device assignment 112
- In the confirmation popup that appears click ok 113
- Make your permission settings for each port according to the information provided below 113
- Note in any of the columns you can use shift click or ctrl click to select a group of ports to configure clicking to cycle through the choices on any one of the selected ports causes all of them to cycle in unison 113
- When you have finished making your choices click save 113
- Assigning device permissions under group settings 114
- Chapter 8 115
- Device management 115
- Devices 115
- General 115
- Mounted devices 116
- External usb drive 117
- Nfs settings 117
- Syslog settings for port logs 117
- Port name auto discovery 118
- Ip installer 119
- Network 119
- Service ports 119
- Network configuration 120
- Event destination 124
- Authentication and authorization 128
- In each case the user s access rights are the ones assigned that were assigned when the user of group was created on the serial console server see adding users page 84 129
- Ldap ad settings 129
- To allow authentication and authorization for the serial console server via ldap ad refer to the information in the table below 129
- Use the same username group name on both the radius server and the serial console server 129
- Cc management settings 131
- Console port settings 133
- Sn0108co sn0116co sn0132co sn0148co 133
- Enable dial back 135
- Enable dial back when you enable out of band access the enable dial back and enable dial out functions become available as described in the sections that follow as an added security feature if this function is enabled the serial console server disconnects the calls that dial in to it and dials back to one of the entries specified in the table below 135
- Enable dial out 135
- Enable dial out for the dial out function you must establish an account with an internet service provider and use a modem to dial up to your isp account an explanation of the enable dial out items is given in the table below 135
- When you have finished making your settings on this page click save 137
- For increased security the login failures section allows administrators to set policies governing what happens when a user fails to log in successfully 138
- Login failures 138
- Note if a login fail policy is not enabled users can attempt to log in an unlimited number of times with no restrictions for security purposes we recommend that you enable this function and enable the lockout policies 138
- Security 138
- The security page is divided into 4 main panels as described in the sections that follow 138
- To set login failures check one of the login fail policy checkboxes the meanings of the entries are explained in the table below 138
- Security level 139
- Working mode 139
- Ip mac filter 140
- Account policy 142
- In the account policy section system administrators can set policies governing usernames and passwords 142
- The meanings of the account policy entries are explained in the table below 142
- Association 143
- Current system time 144
- Date time 144
- New system time 145
- Time zone 145
- This page intentionally left blank 146
- Chapter 9 147
- Overview 147
- System log 147
- The log file tracks a maximum of 512 events when the limit is reached the oldest events get discarded as new events come in the purpose of the buttons at the bottom of the page are described in the table 147
- The serial console server logs all the events that take place on it to view the contents of the log click the log tab the device s system log page appears 147
- The system log page displays events that take place on the serial console server and provides a breakdown of the time the severity the user and a description of each one you can change the sort order of the display by clicking on the column headings 147
- A description of the filter items is given in the table below 148
- Filter 148
- Filter lets you narrow the log event display to ones that occurred at specific times ones containing specific words or strings or ones involving specific users when you access this function the log filter dialog box appears at the bottom of the page 148
- Log notification settings 150
- Backup restore 151
- Chapter 10 151
- Maintenance 151
- Overview 151
- Backup 152
- Restore 152
- Firmware upgrade 153
- Certificates 154
- Private certificate 154
- Certificate signing request 155
- Certificate signing request the certificate signing request csr section provides an automated way of obtaining and installing a ca signed ssl server certificate 155
- Click new the following dialog box appears 155
- Fill in the form with entries that are valid for your site according to the example information in the following table 155
- Note clicking restore defaults returns the device to using the default aten certificate 155
- To perform this operation do the following 155
- Appendix 157
- General 157
- Safety instructions 157
- Dc power 159
- Rack mount 160
- International 161
- North america 161
- Technical support 161
- Function sn0108co sn0116co 162
- Serial console server user manual 162
- Sn0108co sn0116co axa platform 162
- Specifications 162
- Appendix 163
- Function sn0108co sn0116co 163
- Sn0108co sn0116co ax platform 163
- Function sn0108cod sn0116cod 164
- Serial console server user manual 164
- Sn0108cod sn0116cod axa platform 164
- Appendix 165
- Function sn0108cod sn0116cod 165
- Sn0108cod sn0116cod ax platform 165
- Function sn0132co sn0148co 166
- Serial console server user manual 166
- Sn0132co sn0148co axa platform 166
- Appendix 167
- Function sn0132co sn0148co 167
- Sn0132co sn0148co ax platform 167
- Function sn0132cod sn0148cod 168
- Serial console server user manual 168
- Sn0132cod sn0148cod axa platform 168
- Appendix 169
- Function sn0132cod sn0148cod 169
- Sn0132cod sn0148cod ax platform 169
- Function sn9108co sn9116co 170
- Serial console server user manual 170
- Sn9108co sn9116co axa platform 170
- Appendix 171
- Function sn9108co sn9116co 171
- Sn9108co sn9116co ax platform 171
- Ip address determination 172
- Ip installer 172
- The local console 172
- Browser 173
- Link local ipv6 address 174
- Ipv6 stateless autoconfiguration 175
- At command set support 176
- Command operation response 176
- Serial console server user manual 176
- The serial console server s virtual modem function emulates a hardware modem to provide high speed serial modem functionality over an ethernet lan or wan using tcp ip rather than over slower less reliable telephone lines 176
- The serial console server supports a subset of the standard hayes command set as well as some extended commands as shown in the following table 176
- Virtual modem details 176
- Appendix 177
- Command operation response 177
- Continued from previous page 177
- Distance vs baud rate 178
- Port forwarding 178
- Clear login information 179
- Dce mode pin assignment 180
- Dte mode pin assignment 180
- Pin assignment 180
- The pin assignment for the serial ports under different mode is shown below 180
- The serial console server has dte dce auto sensing feature to connect directly to cisco network switches and other compatible devices 180
- Db 9 db 25 interface 181
- If you wish to use db 9 or db 25 interface please refer to the tables below 181
- Self signing ssl tls certificate 182
- Cli command set 183
- System setting commands 183
- Network setting commands 186
- User management commands 188
- Serial port setting commands 193
- Backup restore config commands 195
- Firmware upgrade commands 198
- Ip filter commands 199
- Account policy commands 201
- Aten standard warranty policy 203
- Limited hardware warranty 203
Похожие устройства
- Aten SN0132CO Краткое руководство по установке
- Aten SN0132CO Руководство пользователя
- Aten SN0116CO Краткое руководство по установке
- Aten SN0116CO Руководство пользователя
- Aten SN0108CO Краткое руководство по установке
- Aten SN0108CO Руководство пользователя
- Aten VK2100A Интерфейс командной строки
- Aten VK2100A Руководство пользователя
- Aten VK2100A Руководство по установке
- Aten VK1100A Интерфейс командной строки
- Aten VK1100A Руководство пользователя
- Aten VK1100A Руководство по Установке
- Aten VK2200 Интерфейс командной строки
- Aten VK2200 Руководство пользователя
- Aten VK2200 Руководство по Установке
- Aten VK1200 Интерфейс командной строки
- Aten VK1200 Руководство по Установке
- Aten VK1200 Руководство Пользователя
- Aten VK2100 Интерфейс командной строки
- Aten VK2100 Руководство Пользователя