Cyclades AlterPath OnBoard Technical Information

AlterPath OnBoard Administrator’s GuideSoftware Version 1.1.0Cyclades Corporation3541 Gateway BoulevardFremont, CA 94538 USA1.888.CYCLADES (292.5233)1

x AlterPath OnBoard Administrator’s Guidecycli Options ... 305cycli P

How Configuration Changes Are Handled 62 AlterPath OnBoard Administrator’s Guide

61Chapter 2Administration Tasks Not Done in the Web ManagerThis chapter describes configuration and maintenance tasks that are performed by an admin

62 AlterPath OnBoard Administrator’s GuideThe following table lists the procedures in this chapter. Adding New Files to Be Backed Up and Restored P

Administration Tasks Not Done in the Web Manager 63 Using MindTerm to Create an SSH TunnelUsing MindTerm to Create an SSH Tunnel The AlterPath OnBo

Specifying the Location for the OTP Databases 64 AlterPath OnBoard Administrator’s GuideThe tunnel is created and the dialog appears similar to the

Administration Tasks Not Done in the Web Manager 65 Specifying the Location for the OTP Databases• Creates the file /mnt/opie/etc/opiekeys• Sets th

Specifying the Location for the OTP Databases 66 AlterPath OnBoard Administrator’s GuideThe following screen example uses nfs_server.cyclades.com as

Administration Tasks Not Done in the Web Manager 67 Specifying the Location for the OTP DatabasesOTP password succeeds, you can safely change the m

How Users are Registered with OTP and Obtain OTP Passwords 68 AlterPath OnBoard Administrator’s Guide4. Save and quit the file.How Users are Registe

Administration Tasks Not Done in the Web Manager 69 How Users are Registered with OTP and Obtain OTP PasswordsThe following procedure shows an exam

Contents xi Device Type Differences ... 348Additional Reasons for Creating Custom Expect

How Users are Registered with OTP and Obtain OTP Passwords 70 AlterPath OnBoard Administrator’s GuideSee the following screen example.c. If you are

Administration Tasks Not Done in the Web Manager 71 How Users are Registered with OTP and Obtain OTP PasswordsIn the example, the opiepasswd comman

Configuring SSH or Bidilink Instead of Telnet for Device Connections 72 AlterPath OnBoard Administrator’s Guide6. Save the changes.Configuring SSH o

Administration Tasks Not Done in the Web Manager 73 Configuring SSH or Bidilink Instead of Telnet for Device ConnectionsFor example, to use TCP wit

Replacing the Self-Signed Certificate With an SSL Certificate for HTTPS 74 AlterPath OnBoard Administrator’s Guide8. Save and quit the file. 9. Assi

Administration Tasks Not Done in the Web Manager 75 Replacing the Self-Signed Certificate With an SSL Certificate for HTTPST To Replace the Self-Si

Replacing the Self-Signed Certificate With an SSL Certificate for HTTPS 76 AlterPath OnBoard Administrator’s GuideSubmit the CSR request to the cert

Administration Tasks Not Done in the Web Manager 77 Configuring the DHCP ServerConfiguring the DHCP ServerTo enable DHCP to configure IP address fo

Configuring the DHCP Server 78 AlterPath OnBoard Administrator’s Guide4. Remove the comment (#) signs at the beginning of the lines.5. Configure a h

Administration Tasks Not Done in the Web Manager 79 Configuring the DHCP ServerFor example, see the following edited host entry. d. Copy and paste

xii AlterPath OnBoard Administrator’s GuideAppendix B: Advanced Boot and Backup Configuration Information...407Bo

Configuring the DHCP Server 80 AlterPath OnBoard Administrator’s Guide8. Open the /etc/dhcpd.sh file for editing. 9. Change the definition ENABLE=NO

Administration Tasks Not Done in the Web Manager 81 Configuring VPN ConnectionsConfiguring VPN ConnectionsThis section describes what the administr

Configuring VPN Connections 82 AlterPath OnBoard Administrator’s Guide• Before attempting to access the “Native IP” feature on the OnBoard, the user

Administration Tasks Not Done in the Web Manager 83 Configuring VPN ConnectionsIPSec VPN ConnectionsFor a user to access native IP functionality on

Configuring VPN Connections 84 AlterPath OnBoard Administrator’s GuideNext hopLeave blank if the user’s workstation and the OnBoard are able to exch

Administration Tasks Not Done in the Web Manager 85 Configuring VPN ConnectionsThe OnBoard administrator must do the following tasks:• Make sure th

Configuring VPN Connections 86 AlterPath OnBoard Administrator’s GuidePPTP VPN ConnectionsFor an authorized user to access native IP functionality o

Administration Tasks Not Done in the Web Manager 87 Configuring Dial-ins Using cycli• Enter the ifconfig or ipconfig command on the command line of

Configuring Dial-ins Using cycli 88 AlterPath OnBoard Administrator’s Guide4. Set the access type for the modem to be “autoppp,” “login,” “ppp, or “

Administration Tasks Not Done in the Web Manager 89 Configuring Dial-ins Using cyclia. Enable authentication as a requirement for PPP connections t

xiiiFiguresFigure 1-1: Recommended Device Configuration... 47Figure 1-2: IP Addressing Example...

Configuring Dial-ins Using cycli 90 AlterPath OnBoard Administrator’s Guidef. Accept the default PPP options or set another by using the options par

Administration Tasks Not Done in the Web Manager 91 Configuring Dial-ins Using cycliThe default is 9600. The following screen example sets the mode

Configuring Dial-ins Using cycli 92 AlterPath OnBoard Administrator’s Guidec. Accept the default remote IP address or set another by using the iploc

Administration Tasks Not Done in the Web Manager 93 Configuring the User’s Console Login MenuConfiguring the User’s Console Login MenuAs described

Configuring the User’s Console Login Menu 94 AlterPath OnBoard Administrator’s GuideCaution! If changing the default menu, the administrator needs t

Administration Tasks Not Done in the Web Manager 95 Configuring the User’s Console Login MenuIn the following screen example, the “One-time_ Passwo

Configuring the User’s Console Login Menu 96 AlterPath OnBoard Administrator’s GuideSee “New User Login Menu Item Example” on page 94.1. Log into th

Administration Tasks Not Done in the Web Manager 97 Configuring Routes With cycli2. Open the /etc/menu.ini file for editing.3. Add new menus and me

Configuring Routes With cycli 98 AlterPath OnBoard Administrator’s Guide5. Add a host route, if desired, by entering the host’s IP address after the

Administration Tasks Not Done in the Web Manager 99 Saving Configuration ChangesSaving Configuration ChangesAs described in “How Configuration Chan

xiv AlterPath OnBoard Administrator’s GuideFigure 4-14: “Configure Primary Ethernet Connection:” Enabled With DHCP ...

Backing Up Configuration Files 100 AlterPath OnBoard Administrator’s GuideBacking Up Configuration FilesOnBoard administrators can create a compress

Administration Tasks Not Done in the Web Manager 101 Restoring Factory Default Configuration FilesRestoring Factory Default Configuration FilesThe

Changing Web Manager Timeouts 102 AlterPath OnBoard Administrator’s Guide4. Add the pathname of the new file to the list. 5. Save and quit the file.

Administration Tasks Not Done in the Web Manager 103 Changing the Sort Order of Device Listings6. Either restart the OnBoard or enter killall cacpd

Changing the Sort Order of Device Listings 104 AlterPath OnBoard Administrator’s Guide

105Chapter 3Web Manager Introduction for Administrative UsersThis chapter provides an overview of the Web Manager features for the administrative us

Logging Into the Web Manager 106 AlterPath OnBoard Administrator’s GuideLogging Into the Web ManagerTwo types of administrative users can access all

Web Manager Introduction 107 Logging Into the Web ManagerOnly one administrative user can connect to the Web Manager at a time. The message shown i

Logging Into the Web Manager 108 AlterPath OnBoard Administrator’s GuideT To Log Into the Web Manager for the Administrative UserThis procedure assu

Web Manager Introduction 109 Features of Administrator’s ScreensFeatures of Administrator’s ScreensCallouts in the following figure indicate unique

Figures xv Figure 6-10:Settings -> IPDU Screen Without AUX Port Configuration ... 161Fig

Features of Administrator’s Screens 110 AlterPath OnBoard Administrator’s GuideAn option in the left menu (such as “IPDU” in Figure 3-2) often has s

Web Manager Introduction 111 Overview of Web Manager MenusFigure 3-3: Example Dialog: Devices Configuration—in Wizard ModeOverview of Web Manager M

Overview of Web Manager Menus 112 AlterPath OnBoard Administrator’s Guide

113Chapter 4Web Manager WizardThis chapter describes how an administrative user can use the Wizard to perform basic configuration.For an overview of

Using the Wizard 114 AlterPath OnBoard Administrator’s GuideUsing the WizardThe Wizard screen displays a list of options in the left menu, as shown

Web Manager Wizard 115 Using the WizardFigure 4-2: “Cancel Wizard” Button DialogThe dialog shown in Figure 4-2 offers the following choices:• Press

Changing the Administrative User’s Password—Wizard 116 AlterPath OnBoard Administrator’s GuideThe following table lists the tasks the administrative

Web Manager Wizard 117 Selecting a Security Profile—WizardCaution! If the default password “cyclades” is still in effect, changing the password now

Selecting a Security Profile—Wizard 118 AlterPath OnBoard Administrator’s GuideFigure 4-5: Config → Security Profile Screen With the “Moderate” Pro

Web Manager Wizard 119 Selecting a Security Profile—WizardThe screens for the three other security profile are described in the following sections:

xvi AlterPath OnBoard Administrator’s GuideFigure 6-32: Settings -> PCMCIA -> Configure WIreless LAN Dialog Without DHCP...

Selecting a Security Profile—Wizard 120 AlterPath OnBoard Administrator’s GuideSecuredThe following figure shows the lists of enabled and disabled f

Web Manager Wizard 121 Selecting a Security Profile—WizardOpenThe following figure shows the lists of enabled and disabled features in the dialog f

Selecting a Security Profile—Wizard 122 AlterPath OnBoard Administrator’s GuideCustomThe following figure shows the features that can be enabled and

Web Manager Wizard 123 Configuring Network Interfaces—Wizard3. Click the “Proceed” button.4. Select a security profile from the “Security Level” pu

Configuring Network Interfaces—Wizard 124 AlterPath OnBoard Administrator’s GuideClicking the “Next” button on the “Network Interfaces” screen bring

Web Manager Wizard 125 Configuring Network Interfaces—WizardConfiguring RoutesConfiguring the network interfaces sets up a default route for the On

Configuring Network Interfaces—Wizard 126 AlterPath OnBoard Administrator’s Guideentered in the fields on the screen shown in Figure 4-12 apply to t

Web Manager Wizard 127 Configuring Network Interfaces—WizardFigure 4-14:“Configure Primary Ethernet Connection:” Enabled With DHCPFigure 4-15 shows

Configuring Network Interfaces—Wizard 128 AlterPath OnBoard Administrator’s GuideT To Configure OnBoard Network Interfaces—Wizard1. Log into the Web

Web Manager Wizard 129 Configuring Network Interfaces—Wizard10. If desired, configure the selected Ethernet port to use a static IP address by perf

Figures xvii Figure 7-18:Config -> Authentication: Radius... 218Figure 7-19: Config -> Authentication: SMB...

Configuring Private Subnets and Virtual Addresses—Wizard 130 AlterPath OnBoard Administrator’s GuideConfiguring Private Subnets and Virtual Addresse

Web Manager Wizard 131 Configuring Private Subnets and Virtual Addresses—WizardOn this screen, the administrative user can also configure a virtual

Configuring Private Subnets and Virtual Addresses—Wizard 132 AlterPath OnBoard Administrator’s GuideThe following table defines the information that

Web Manager Wizard 133 Configuring Private Subnets and Virtual Addresses—WizardSince the broadcast address in the example is 192.168.0.255 (by conv

Configuring Private Subnets and Virtual Addresses—Wizard 134 AlterPath OnBoard Administrator’s Guide4. Click the “Edit” button for the entry for the

Web Manager Wizard 135 Configuring Devices—WizardThe following table defines the information that must be supplied in the fields that define a virt

Configuring Devices—Wizard 136 AlterPath OnBoard Administrator’s Guide• “Edit” and Delete” buttons next to each device’s entry.• The “Add new device

Web Manager Wizard 137 Configuring Regular Users —WizardCaution! All devices connected to the private Ethernet ports of the OnBoard must have a pre

Configuring Regular Users —Wizard 138 AlterPath OnBoard Administrator’s GuideSelecting PPP or PPTP for the user causes the two additional fields to

Web Manager Wizard 139 Configuring Regular Users —Wizard9. Select one of the options from the PPP/PPTP access menu.With any option other than “None

xviii AlterPath OnBoard Administrator’s GuideFigure 7-41: Config -> Device SNMP Settings Dialog With V3 Selected ...

Configuring Regular Users —Wizard 140 AlterPath OnBoard Administrator’s Guide

141Chapter 5Web Manager “Access” Menu OptionsThis chapter describes the menu options available to administrative users under the “Access” top menu o

“Access” Options Only for Administrative Users 142 AlterPath OnBoard Administrator’s Guide“Access” Options Only for Administrative Users When the ad

Web Manager "Access" Menu Options 143 Accessing the OnBoard Console Through the Web ManagerFor the tasks only the administrative user can

Viewing IPDU Status and Managing IPDUs 144 AlterPath OnBoard Administrator’s Guideb. Press the “Yes” button. The login prompt for the OnBoard appear

Web Manager "Access" Menu Options 145 Upgrading AlterPath PM IPDU SoftwareAccess to the first two tabs listed above is the same for admin

Upgrading AlterPath PM IPDU Software 146 AlterPath OnBoard Administrator’s GuideNote: Daisy-chaining only works if all daisy-chained IPDUs are runni

Web Manager "Access" Menu Options 147 Upgrading AlterPath PM IPDU SoftwarePressing OK on the dialog shown in Figure 5-5 brings up the “So

Upgrading AlterPath PM IPDU Software 148 AlterPath OnBoard Administrator’s GuideAfter downloading the software onto the OnBoard by following this pr

Web Manager "Access" Menu Options 149 Upgrading AlterPath PM IPDU Software5. Change directories to /pub/cyclades/alterpath/pm/released an

Figures xix Figure 8-14:Network -> Private Subnets Screen ... 279Figure 8-15: Network -> Private Subnets: Add Subnet Di

Upgrading AlterPath PM IPDU Software 150 AlterPath OnBoard Administrator’s GuideAs shown in the previous screen example, the directory contains a bi

Web Manager "Access" Menu Options 151 Upgrading AlterPath PM IPDU Softwarefilename pmfirmware. For the procedure, see “To Download AlterP

Upgrading AlterPath PM IPDU Software 152 AlterPath OnBoard Administrator’s Guide

153Chapter 6Web Manager “Settings” Menu OptionsThis chapter describes the menu options available to administrative users under the “Settings” top me

Options Under “Settings” 154 AlterPath OnBoard Administrator’s GuideOptions Under “Settings”When an administrative user clicks the “Settings” option

Web Manager "Settings" Menu Options 155 Configuring the AUX Port for Modem Access or for Power ManagementThe following table lists the op

Configuring the AUX Port for Modem Access or for Power Management 156 AlterPath OnBoard Administrator’s GuideThe administrative user can use the Set

Web Manager "Settings" Menu Options 157 Configuring the AUX Port for Modem Access or for Power ManagementConfiguring the AUX Port for a M

Configuring the AUX Port for Modem Access or for Power Management 158 AlterPath OnBoard Administrator’s GuideModem Access Type Menu OptionsIf “Autod

Web Manager "Settings" Menu Options 159 Configuring the AUX Port for Modem Access or for Power ManagementFigure 6-7: Settings → AUX Port

© 2006 Cyclades Corporation, all rights reservedInformation in this document is subject to change without notice.The following are registered or regis

xx AlterPath OnBoard Administrator’s GuideFigure A-10: Example 2: Configuration for a User Account Authorized for Native IP Access to All Configure

Configuring the AUX Port for Modem Access or for Power Management 160 AlterPath OnBoard Administrator’s Guide4. Choose “Login,” “Autodetect,” “PPP,”

Web Manager "Settings" Menu Options 161 Configuring IPDU Power ManagementConfiguring IPDU Power ManagementWhen an administrative user cli

Configuring IPDU Power Management 162 AlterPath OnBoard Administrator’s GuideThe following table lists the tabs on the Settings → IPDU screen with l

Web Manager "Settings" Menu Options 163 Configuring IPDU Power Managementexists), the OnBoard generates an alarm. The type of alarm depen

Configuring IPDU Power Management 164 AlterPath OnBoard Administrator’s GuideT To Enable Overcurrent Protection for an AlterPath PM IPDU 1. Log into

Web Manager "Settings" Menu Options 165 Configuring IPDU Power ManagementFigure 6-14:Settings → IPDU → Users ScreenClicking “Add” brings

Configuring IPDU Power Management 166 AlterPath OnBoard Administrator’s GuideAfter a user is added and the OK button is clicked, the user’s name is

Web Manager "Settings" Menu Options 167 Configuring IPDU Power ManagementConfiguring Names and Power Up Intervals for Outlets on a Connec

Configuring IPDU Power Management 168 AlterPath OnBoard Administrator’s GuideFigure 6-19:Outlet Power Up Interval DialogIntervals can be specified u

Web Manager "Settings" Menu Options 169 Configuring PCMCIA CardsConfiguring PCMCIA CardsWhen an administrative user clicks the PCMCIA opt

xxiTablesTable P-1: Document Organization ... xxxiiTable P-2: Related Documentation...

Configuring PCMCIA Cards 170 AlterPath OnBoard Administrator’s GuideSee the AlterPath OnBoard Installation Guide for a list of supported cards. Also

Web Manager "Settings" Menu Options 171 Configuring PCMCIA CardsFigure 6-22:Example: PCMCIA Ethernet Card inserted in Slot 1Ejecting a PC

Configuring PCMCIA Cards 172 AlterPath OnBoard Administrator’s GuideConfiguring a PCMCIA CardThe following procedure describes the configuration ste

Web Manager "Settings" Menu Options 173 Configuring PCMCIA CardsConfiguring a Modem or GSM PCMCIA CardSelecting either “Modem” or “GSM” f

Configuring PCMCIA Cards 174 AlterPath OnBoard Administrator’s GuideFigure 6-25:Settings → PCMCIA → Configure Modem or GSM CallbackAccess Type Menu

Web Manager "Settings" Menu Options 175 Configuring PCMCIA CardsFigure 6-27:Settings → PCMCIA → Configure Modem or GSM → PPPIf “OTP” is s

Configuring PCMCIA Cards 176 AlterPath OnBoard Administrator’s GuideT To Configure a Modem or GSM PCMCIA CardThis procedure assumes that a modem or

Web Manager "Settings" Menu Options 177 Configuring PCMCIA Cardsf. Enter PPP options as desired in the “PPP Options” field.8. Enable call

Configuring PCMCIA Cards 178 AlterPath OnBoard Administrator’s GuideThe dialog for configuring an Ethernet card displays additional fields when the

Web Manager "Settings" Menu Options 179 Configuring PCMCIA CardsConfiguring a Wireless LAN PCMCIA CardWhen an administrative user selects

xxii AlterPath OnBoard Administrator’s GuideTable 1-20: Modem and Phone Card Field and Menu Definitions...

Configuring PCMCIA Cards 180 AlterPath OnBoard Administrator’s GuideAs shown in Figure 6-32, the dialog for configuring the Wireless LAN card displa

Web Manager "Settings" Menu Options 181 Configuring PCMCIA Cards5. Enter a channel in the “Channel” field.6. Select either “Managed” or “

Configuring PCMCIA Cards 182 AlterPath OnBoard Administrator’s GuideFigure 6-34:Settings → PCMCIA → Configure Compact Flash DialogThe three options

Web Manager "Settings" Menu Options 183 Configuring System Date and TimeConfiguring System Date and TimeWhen an administrative user click

Configuring System Date and Time 184 AlterPath OnBoard Administrator’s GuideFigure 6-36:Settings → Date/time Screen: Timezone Pull-downWhen Enable i

Web Manager "Settings" Menu Options 185 Configuring the Boot File Locationa. Enter the month, day, and year in the “Month,” “Day,” and “Y

Configuring the Boot File Location 186 AlterPath OnBoard Administrator’s GuideSpecifying the Boot File LocationThe “Unit boot from” pull-down menu l

Web Manager "Settings" Menu Options 187 Configuring the Boot File LocationAfter a software upgrade, the boot file location choices are: •

Configuring the Boot File Location 188 AlterPath OnBoard Administrator’s GuideBoot Fields and Menu OptionsThe fields and menu options for boot confi

Web Manager "Settings" Menu Options 189 Configuring Outbound Email5. If configuring network boot, do the following steps.a. Accept or cha

Tables xxiii Table 7-3:Values for Configuring Any Type of Notification ... 226Table 7-4:

Configuring an Alternate Help File Location 190 AlterPath OnBoard Administrator’s Guide3. Enter the email address in the “System email forwarding ad

Web Manager "Settings" Menu Options 191 Configuring an Alternate Help File Location2. Extract the files and put them into the desired dir

Configuring an Alternate Help File Location 192 AlterPath OnBoard Administrator’s Guide

193Chapter 7Web Manager “Config” Menu OptionsThis chapter describes the menu options available to administrative users under the “Config” top menu o

194 AlterPath OnBoard Administrator’s GuideTo Modify a User’s Account Page 206To Create and Authorize User Groups for Device Management Page 207To

Web Manager "Config" Menu Options 195 Options Under “Config”Options Under “Config” When an administrative user clicks the “Config” option

Options Under “Config” 196 AlterPath OnBoard Administrator’s GuideSensor alarms“Configuring Sensor Alarms” on page 233SNMP“Configuring SNMP” on page

Web Manager "Config" Menu Options 197 Configuring DevicesConfiguring DevicesWhen an administrative user goes to Config → Devices, a scree

Configuring Devices 198 AlterPath OnBoard Administrator’s GuideFigure 7-3: Fields in the “Add New Device” or “Edit” DialogCaution! All devices conne

Web Manager "Config" Menu Options 199 Configuring Devicesfind out if a default command template works with the new device and to create a

xxiv AlterPath OnBoard Administrator’s GuideTable A-5: Default Device Types and Corresponding Expect Scripts...

Configuring Users and Groups 200 AlterPath OnBoard Administrator’s GuideConfiguring Users and GroupsWhen an administrative user goes to Config → Use

Web Manager "Config" Menu Options 201 Configuring Users and GroupsConfiguring UsersClicking the “Add new user” or “Edit” buttons shown in

Configuring Users and Groups 202 AlterPath OnBoard Administrator’s GuideIf no configured devices remain to be assigned to the user, the “Add new dev

Web Manager "Config" Menu Options 203 Configuring Users and GroupsConfiguring GroupsClicking the “Add new group” button or clicking the “

Configuring Users and Groups 204 AlterPath OnBoard Administrator’s GuideFigure 7-10:Add or Edit a Group’s Device Access DialogIf no configured devic

Web Manager "Config" Menu Options 205 Configuring Users and GroupsT To Create and Authorize a User for Device Management1. Log into the W

Configuring Users and Groups 206 AlterPath OnBoard Administrator’s Guide6. Click “Save and apply changes.”T To Modify a User’s Account1. Log into th

Web Manager "Config" Menu Options 207 Configuring Users and GroupsThe “Edit username’s device access privileges” screen appears.4. Click

Configuring Device Groups 208 AlterPath OnBoard Administrator’s GuideConfiguring Device GroupsWhen an administrative user goes to “Config → Device g

Web Manager "Config" Menu Options 209 Configuring Device GroupsFigure 7-13:Fields in the “Add New Group” or “Edit” DialogT To Configure D

xxvProceduresChapter 2: Administration Tasks Not Done in the Web Manager...61TTo Use MindTe

Configuring Authentication 210 AlterPath OnBoard Administrator’s GuideConfiguring Authentication The administrative user must decide whether to requ

Web Manager "Config" Menu Options 211 Configuring AuthenticationConfiguring Authentication Servers The administrative user can use the Co

Configuring Authentication 212 AlterPath OnBoard Administrator’s GuideConfiguring a Kerberos Authentication ServerWhen the administrative user goes

Web Manager "Config" Menu Options 213 Configuring AuthenticationT To Configure a Kerberos Authentication ServerPerform this procedure to

Configuring Authentication 214 AlterPath OnBoard Administrator’s Guidevi. Click “Save and apply changes.”3. Make sure that timezone and time and dat

Web Manager "Config" Menu Options 215 Configuring AuthenticationConfiguring an LDAP Authentication ServerWhen an administrative user goes

Configuring Authentication 216 AlterPath OnBoard Administrator’s GuideThe domain name is specified as shown in the following example. For the LDAP d

Web Manager "Config" Menu Options 217 Configuring Authentication5. Replace the default domain name with the name of your LDAP domain. 6.

Configuring Authentication 218 AlterPath OnBoard Administrator’s GuideOnBoard and connected devices know the passwords assigned to the accounts:• An

Web Manager "Config" Menu Options 219 Configuring AuthenticationThe administrative user must obtain the needed information about the Radi

xxvi AlterPath OnBoard Administrator’s GuideTTo Disable Web Manager Timeouts...102TTo Sort the

Configuring Authentication 220 AlterPath OnBoard Administrator’s Guide6. Enter one or more timeout values in the “Timeout” field.7. Enter a number o

Web Manager "Config" Menu Options 221 Configuring AuthenticationT To Configure an SMB Authentication ServerPerform this procedure to iden

Configuring Authentication 222 AlterPath OnBoard Administrator’s GuideConfiguring a TACACS+ Authentication ServerWhen the administrative user goes t

Web Manager "Config" Menu Options 223 Configuring AuthenticationT To Configure a TACACS+ Authentication ServerPerform this procedure to i

Configuring Authentication 224 AlterPath OnBoard Administrator’s GuideConfiguring an Authentication Method for the OnBoardWhen an administrative use

Web Manager "Config" Menu Options 225 Configuring AuthenticationBy default Local authentication is in effect, and no configuration is req

Configuring Notifications 226 AlterPath OnBoard Administrator’s GuideConfiguring NotificationsWhen an administrative user goes to Config → Notificat

Web Manager "Config" Menu Options 227 Configuring NotificationsConfiguring SNMP Trap NotificationsThe following figure shows the fields t

Configuring Notifications 228 AlterPath OnBoard Administrator’s Guideapplication, such as HP Openview, Novell NMS, IBM NetView, or Sun Net Manager.

Web Manager "Config" Menu Options 229 Configuring Notificationsiii. If “Auth & crypt” is selected, select an option from the “Encrypt

Procedures xxvii TTo Configure a Modem or GSM PCMCIA Card...176TTo Configure an Ethernet PCMCIA Card ...

Configuring Notifications 230 AlterPath OnBoard Administrator’s GuideT To Configure Pager NotificationsPerform this procedure to configure an alarm

Web Manager "Config" Menu Options 231 Configuring NotificationsConfiguring Email NotificationsThe following figure shows the fields that

Configuring Notifications 232 AlterPath OnBoard Administrator’s GuideT To Configure an Email NotificationPerform this procedure to configure an alar

Web Manager "Config" Menu Options 233 Configuring Sensor AlarmsConfiguring Sensor AlarmsWhen an administrative user goes to Config → Sens

Configuring Sensor Alarms 234 AlterPath OnBoard Administrator’s GuideT To Begin Configuring a Sensor AlarmPerform this procedure to monitor a sensor

Web Manager "Config" Menu Options 235 Configuring Sensor AlarmsFigure 7-29:Config → Sensor Alarms Syslog Message FieldsThe following item

Configuring Sensor Alarms 236 AlterPath OnBoard Administrator’s GuideFigure 7-30:Config → Sensor Alarms SNMP Trap Fields for V1 and V2cThe fields t

Web Manager "Config" Menu Options 237 Configuring Sensor Alarms5. If either v1 or v2 is selected in Step 4, enter the name of a community

Configuring Sensor Alarms 238 AlterPath OnBoard Administrator’s GuideConfiguring a “Pager” Sensor Alarm ActionThe following figure shows the fields

Web Manager "Config" Menu Options 239 Configuring Sensor Alarms3. Enter the user name required for authentication in the “SMS username” f

xxviii AlterPath OnBoard Administrator’s GuideTTo Configure a Device’s SNMP Settings...246TTo Configur

Configuring SNMP 240 AlterPath OnBoard Administrator’s GuideT To Configure an Email Sensor Alarm Action1. Perform Step 1 through Step 9 in the proce

Web Manager "Config" Menu Options 241 Configuring SNMPFigure 7-34:Config → SNMP Configuration ScreenNote: For SNMP to work you need to ne

Configuring SNMP 242 AlterPath OnBoard Administrator’s GuideConfiguring SNMP Information SettingsUnder the “OnBoard information settings” heading on

Web Manager "Config" Menu Options 243 Configuring SNMPConfiguring SNMP for Devices As shown in Figure 7-36, the names of all configured d

Configuring SNMP 244 AlterPath OnBoard Administrator’s GuideThe administrative user can use the screen shown in Figure 7-37 to configure the followi

Web Manager "Config" Menu Options 245 Configuring SNMPFigure 7-39:Config → SNMP: Device SNMP Access Dialog With V3 SelectedConfiguring SN

Configuring SNMP 246 AlterPath OnBoard Administrator’s GuideThe fields on the screen shown in Figure 7-40 vary according to which SNMP protocol type

Web Manager "Config" Menu Options 247 Configuring SNMPThe “Device devicename SNMP settings” dialog appears.3. Enter the identifier for th

Configuring SNMP 248 AlterPath OnBoard Administrator’s Guided. If a view has been configured, select a “Read view” and “Write view” from the “Securi

Web Manager "Config" Menu Options 249 Configuring SNMPa. Select a read view and write view from the “Auth” menus under the “Read view” a

Procedures xxix Appendix A: Advanced Device Configuration ...345TTo Find Out if An Existing Command Template Works With a New Device353TTo Use the

Configuring Logging of System Messages (Syslogs) 250 AlterPath OnBoard Administrator’s Guide2. Go to Config → SNMP.3. Click the “Add trap” button u

Web Manager "Config" Menu Options 251 Configuring Logging of System Messages (Syslogs)See “Message Logging (With Syslog) on the OnBoard”

Configuring the Event Log Backend 252 AlterPath OnBoard Administrator’s Guide4. On the “Filter system log messages by level” screen, specify which t

Web Manager "Config" Menu Options 253 Configuring the Event Log BackendFigure 7-45:Config → Event Log Backend: Edit DialogT To Configure

Selecting or Configuring a Security Profile 254 AlterPath OnBoard Administrator’s GuideSelecting or Configuring a Security ProfileWhen an administra

Web Manager "Config" Menu Options 255 Selecting or Configuring a Security ProfileFigure 7-47:Config → Security Profile Dialog With the “M

Selecting or Configuring a Security Profile 256 AlterPath OnBoard Administrator’s GuideFigure 7-48:Config → Security Profile Message After a New Pro

Web Manager "Config" Menu Options 257 Selecting or Configuring a Security ProfileNote: Follow the reminder at the bottom of the screen sh

Selecting or Configuring a Security Profile 258 AlterPath OnBoard Administrator’s GuideCustomThe following figure shows the features that can be ena

Web Manager "Config" Menu Options 259 Configuring the OnBoard’s Services5. If you select the “Custom” profile, make sure the checkboxes a

iiiContentsBefore You Begin ...xxxiAudience ...

xxx AlterPath OnBoard Administrator’s Guide

Configuring the OnBoard’s Services 260 AlterPath OnBoard Administrator’s Guide

261Chapter 8Web Manager “Network” Menu OptionsThis chapter describes the menu options available to administrative users under the “Network” top menu

Options Under “Network” 262 AlterPath OnBoard Administrator’s GuideOptions Under “Network”When an administrative user clicks the “Network” option in

Web Manager "Network" Menu Options 263 Configuring Network InterfacesConfiguring Network InterfacesWhen an administrative user clicks the

Configuring Network Interfaces 264 AlterPath OnBoard Administrator’s GuideThe screen shown in Figure 8-2 allows the administrative user to set or ch

Web Manager "Network" Menu Options 265 Configuring Network InterfacesConfiguring RoutesConfiguring the network interfaces sets up a defau

Configuring Network Interfaces 266 AlterPath OnBoard Administrator’s GuideConfiguring Primary and Secondary Ethernet PortsIf failover is disabled, t

Web Manager "Network" Menu Options 267 Configuring Network InterfacesT To Configure OnBoard Network Interfaces1. Log into the Web Manager

Configuring Firewall Rules for OnBoard Packet Filtering 268 AlterPath OnBoard Administrator’s GuideConfiguring Firewall Rules for OnBoard Packet Fil

Web Manager "Network" Menu Options 269 Configuring Firewall Rules for OnBoard Packet FilteringFigure 8-5 shows the six built-in chains. T

xxxiBefore You BeginThis AlterPath OnBoard Administrator’s Guide provides information and procedures for configuring and managing the Cyclades™ Alte

Configuring Firewall Rules for OnBoard Packet Filtering 270 AlterPath OnBoard Administrator’s GuideT To Add a New Packet Filtering (Firewall) Rule1.

Web Manager "Network" Menu Options 271 Configuring Hostsa. Select or accept the protocol selected from the “Protocol” pull-down menu.b. A

Configuring Hosts 272 AlterPath OnBoard Administrator’s Guide• Edit the host’s configuration• Delete host entriesThe following figure shows the dial

Web Manager "Network" Menu Options 273 Configuring Static RoutesConfiguring Static RoutesWhen an administrative user clicks the “Static r

Configuring Static Routes 274 AlterPath OnBoard Administrator’s GuideThe following table describes the fields and menu options that appear when you

Web Manager "Network" Menu Options 275 Configuring VPN ConnectionsConfiguring VPN ConnectionsAn administrative user must configure VPN co

Configuring VPN Connections 276 AlterPath OnBoard Administrator’s GuideConfiguring IPSec VPN ConnectionsSelecting “Add new connection” on the VPN co

Web Manager "Network" Menu Options 277 Configuring VPN Connections6. Select either ESP or “AH” from the “Authentication protocol” pull-do

Configuring VPN Connections 278 AlterPath OnBoard Administrator’s GuideFigure 8-13:PPTP VPN Connection Configuration FieldsThe following table descr

Web Manager "Network" Menu Options 279 Configuring Private Subnets and Virtual Networks6. Make sure that users who are authorized for nat

xxxii AlterPath OnBoard Administrator’s GuideDocument OrganizationThe document contains the chapters listed in the following table.Table P-1: Docum

Configuring Private Subnets and Virtual Networks 280 AlterPath OnBoard Administrator’s GuideInternet via the OnBoard’s public IP address. Any number

Web Manager "Network" Menu Options 281 Configuring Private Subnets and Virtual NetworksThe OnBoard derives the range of addresses in the

Configuring Private Subnets and Virtual Networks 282 AlterPath OnBoard Administrator’s Guidemultiple address ranges and it is not feasible to change

Web Manager "Network" Menu Options 283 Configuring Private Subnets and Virtual Networks6. Click OK.7. Click “Save and apply changes.”T To

Configuring Private Subnets and Virtual Networks 284 AlterPath OnBoard Administrator’s Guide

285Chapter 9Web Manager “Info” and “Mgmt” Menu OptionsThis chapter describes the menu options available to administrative users under the “Info” and

Options Under “Info” 286 AlterPath OnBoard Administrator’s GuideOptions Under “Info”When an administrative user clicks the “Info” option in the top

Introduction 287 Options Under “Info”Viewing Status Information About Active SessionsWhen an administrative user goes to Info → Session status, a s

Options Under “Info” 288 AlterPath OnBoard Administrator’s GuideViewing System InformationWhen an administrative user goes to Info → System informat

Introduction 289 Options Under “Info”The following table lists the types of information available on the system information screen.Table 9-3: Infor

Before You Begin xxxiii 7: Web Manager “Config” Menu OptionsDescribes and provides procedures for how to use the Web Manager menu options that are a

Options Under “Info” 290 AlterPath OnBoard Administrator’s GuideMemory InformationMemTotalMemFreeMemSharedBuffersCachedSwapCachedActiveInActiveHighT

Introduction 291 Options Under “Info”Viewing Information About Detected DevicesWhen an administrative user goes to Info → Detected devices, a scree

Options Under “Info” 292 AlterPath OnBoard Administrator’s GuideDHCP Client?If the OnBoard DHCP server is enabled (as described in “Configuring the

Introduction 293 Options Under “Mgmt”Options Under “Mgmt”Clicking the “Mgmt” (Management) option brings up the left menu options shown in the follo

Options Under “Mgmt” 294 AlterPath OnBoard Administrator’s GuideBacking Up or Restoring Configuration FilesWhen an administrative user goes to Mgmt

Introduction 295 Options Under “Mgmt”T To Back Up Configuration Files 1. Bring up the Web Manager and log in.See “To Log Into the Web Manager for t

Options Under “Mgmt” 296 AlterPath OnBoard Administrator’s GuideUpgrading OnBoard Firmware (Operating System Kernel, Configuration Files, and Applic

Introduction 297 Options Under “Mgmt”Information Needed for Firmware UpgradesThe screen collects information used to automatically download softwar

Options Under “Mgmt” 298 AlterPath OnBoard Administrator’s GuideSpecial Considerations if the Last Boot Was a Network BootIf the OnBoard was last bo

Introduction 299 Options Under “Mgmt”For more details about how images are stored in the OnBoard and about configuration file backups, see Appendix

xxxiv AlterPath OnBoard Administrator’s GuideRelated DocumentsThe following table lists the AlterPath OnBoard documents. As indicated, the QuickSta

Options Under “Mgmt” 300 AlterPath OnBoard Administrator’s GuideRestarting the OnBoardWhen an administrative user goes to Mgmt → Restart, the screen

301Chapter 10Using the cycli Utility This chapter describes the cycli configuration utility that is available for OnBoard administrators to use on t

Accessing the Command Line 302 AlterPath OnBoard Administrator’s GuideAccessing the Command LineAs described in the AlterPath OnBoard User’s Guide,

Using the cycli Utility 303 cycli Utility Overviewcycli Utility OverviewAn administrator (root or admin) can configure the OnBoard using the cycli

Execution Modes 304 AlterPath OnBoard Administrator’s GuideCommand Line ModeCommand line mode refers to when the cycli utility is invoked on the Lin

Using the cycli Utility 305 cycli Optionscycli OptionsAdministrators can invoke the cycli command with a number of different options shown in the f

cycli Parameters and Arguments 306 AlterPath OnBoard Administrator’s Guideetc/param.conf file. Table 10-2 on page 313 shows branches of the tree tha

Using the cycli Utility 307 cycli Parameters and ArgumentsEntering Values With ParametersEnter values that contain spaces within double quotes (“).

cycli Parameters and Arguments 308 AlterPath OnBoard Administrator’s GuideEntering a Command in Batch ModeBased on the example in Figure 10-1, you c

Using the cycli Utility 309 cycli Parameters and ArgumentsIf you want to run multiple cycli commands from a script that is also running other Linux

Before You Begin xxxv Printed versions of this document and all the above listed documents can be ordered from a Cyclades sales representative.Docum

Autocompletion 310 AlterPath OnBoard Administrator’s GuideAutocompletionAutocompletion can be used to find out what commands and parameters are avai

Using the cycli Utility 311 cycli CommandsExample:cycli CommandsThe cycli utility supports the commands that are listed in the following screen exa

cycli Commands 312 AlterPath OnBoard Administrator’s GuideThe add command is used instead of set when multiple parameters of the same type can exist

Using the cycli Utility 313 cycli CommandsThe following table shows the parameters that can be added using the add command. If a parameter is shown

cycli Commands 314 AlterPath OnBoard Administrator’s Guideiptables3nat|filter Add chainname to the list of chains: add iptables nat|filter chainname

Using the cycli Utility 315 cycli Commandsnetwork4hosts Add an IP address for a host: add network hosts IPaddress. Then use the set command to set

cycli Commands 316 AlterPath OnBoard Administrator’s Guidenotifications(continued)If MAIL is set, then use set notifications MAIL with the recipient

Using the cycli Utility 317 cycli Commandsonboard server Add a managed device (SP, server, or device): add server device_name. Also use the set com

cycli Commands 318 AlterPath OnBoard Administrator’s Guideonboard (continued)user|group Add the name of a user or group authorized to access the de

Using the cycli Utility 319 cycli Commandssnmpd6rwcommunity | rocommunityAdd a read-write community [rwcommunity] or a read-only community [rwcommu

xxxvi AlterPath OnBoard Administrator’s GuideThe following table describes other terms and conventions.Table P-4: Other Terms and ConventionsTerm o

cycli Commands 320 AlterPath OnBoard Administrator’s Guidesnmpd (continued) access Adds an access type. add snmpd access type. Also use the set comm

Using the cycli Utility 321 cycli CommandscdSet a parameter prefix for subsequent commands. The prompt then changes to indicate the prefix. Entered

cycli Commands 322 AlterPath OnBoard Administrator’s GuideExample:commit Saves changes in configuration files and creates a compressed copy of the c

Using the cycli Utility 323 cycli CommandsSome parameters cannot be deleted. Parameters that can be added can be deleted. Example:exit See “quit |

cycli Commands 324 AlterPath OnBoard Administrator’s GuideExample:cli > get network network interface failover: nonetwork interface eth0 active:

Using the cycli Utility 325 cycli CommandsIf the system assigns default values, default values are shown next to the automatically added parameter

cycli Commands 326 AlterPath OnBoard Administrator’s Guidequit | exit Quit cycli. (Ctrl+d also quits the cycli utility.) If changes have not been co

Using the cycli Utility 327 cycli CommandsExample:revertDiscard changes and revert to previously committed state.Example:setSet the value(s) of the

cycli Commands 328 AlterPath OnBoard Administrator’s GuideExample:The set command is used to set an existing value, in contrast to add which is used

Using the cycli Utility 329 Summary of How to Configure the Top Level ParametersSummary of How to Configure the Top Level ParametersThe following t

Before You Begin xxxvii Additional ResourcesThe following sections describe how to get technical support, training, and software upgrades.Cyclades T

Summary of How to Configure the Top Level Parameters 330 AlterPath OnBoard Administrator’s Guideauxport• Use the set command to configure the AUX po

Using the cycli Utility 331 Summary of How to Configure the Top Level Parametersipdu• Use the set command to configure an IPDU (set ipdu s1 <Tab

Summary of How to Configure the Top Level Parameters 332 AlterPath OnBoard Administrator’s Guidenetwork hostname • Use the set command to configure

Using the cycli Utility 333 Summary of How to Configure the Top Level Parametersnotifications• Use the add command to add a notification (add notif

Summary of How to Configure the Top Level Parameters 334 AlterPath OnBoard Administrator’s Guideonboard global strict subnetUse the set command to c

Using the cycli Utility 335 Summary of How to Configure the Top Level Parametersonboard user• Use the add onboard user command to configure a user

Summary of How to Configure the Top Level Parameters 336 AlterPath OnBoard Administrator’s Guidesensoralarm• Use the add sensoralarm command to conf

Using the cycli Utility 337 Summary of How to Configure the Top Level Parametersuser• Do not use this command to add a user. Use add onboard user u

Summary of How to Configure the Top Level Parameters 338 AlterPath OnBoard Administrator’s Guide

339Chapter 11TroubleshootingThis chapter provides information related to troubleshooting the OnBoard.This chapter covers the topics in the following

xxxviii AlterPath OnBoard Administrator’s Guide

Connection Methods for Troubleshooting 340 AlterPath OnBoard Administrator’s GuideConnection Methods for TroubleshootingThis section summarizes how

Troubleshooting 341 Recovering From Login FailureT To Recover From Login Failure1. Boot the OnBoard in the U-Boot monitor mode.See “To Boot in U-Bo

Restarting the Web Manager 342 AlterPath OnBoard Administrator’s GuideRestarting the Web ManagerIf the Web Manager stops responding you can perform

Troubleshooting 343 Using the create_cf Command When TroubleshootingUsing the create_cf Command When TroubleshootingYou can use the create_cf comma

Using the create_cf Command When Troubleshooting 344 AlterPath OnBoard Administrator’s Guide

345Appendix AAdvanced Device ConfigurationThis appendix provides detailed information needed to understand how to configure a new device.The followi

OnBoard-specific Tasks for Configuring New Devices 346 AlterPath OnBoard Administrator’s GuideOnBoard-specific Tasks for Configuring New Devices The

Appendix A: Advanced Device Configuration 347 How the OnBoard Manages Communications With DevicesHow the OnBoard Manages Communications With Device

How the OnBoard Manages Communications With Devices 348 AlterPath OnBoard Administrator’s GuideThe device models and firmware in the release notes h

Appendix A: Advanced Device Configuration 349 How the OnBoard Manages Communications With Devicesdocs/OnBoard/Application_Notes/Service_Processor_R

1Chapter 1IntroductionThe administrator configures the OnBoard to enable controlled access to connected devices and also performs maintenance activi

How the OnBoard Manages Communications With Devices 350 AlterPath OnBoard Administrator’s GuideRSA II The RSA II card uses a text-based interface. T

Appendix A: Advanced Device Configuration 351 How the OnBoard Manages Communications With DevicesAdditional Reasons for Creating Custom Expect Scri

How the OnBoard Manages Communications With Devices 352 AlterPath OnBoard Administrator’s GuideCustom scripts can also be deployed for the following

Appendix A: Advanced Device Configuration 353 How the OnBoard Manages Communications With DevicesT To Find Out if An Existing Command Template Work

How the OnBoard Manages Communications With Devices 354 AlterPath OnBoard Administrator’s Guide6. If the device is an RSA II type device, if you can

Appendix A: Advanced Device Configuration 355 How the OnBoard Manages Communications With Devices1. Log into the OnBoard’s console as an administra

How the OnBoard Manages Communications With Devices 356 AlterPath OnBoard Administrator’s Guide15. Enter the command to read the system event log (S

Appendix A: Advanced Device Configuration 357 How the OnBoard Manages Communications With Devices3. At the prompt, confirm that you want to continu

How the OnBoard Manages Communications With Devices 358 AlterPath OnBoard Administrator’s GuideAll templates in the onboard_template.ini file are li

Appendix A: Advanced Device Configuration 359 How the OnBoard Manages Communications With Devices[rack1_dev2_compaq_ilo] type = ilo i

iv AlterPath OnBoard Administrator’s GuideMessage Filtering Levels ... 33Syslog Server

2 AlterPath OnBoard Administrator’s GuidePower Management Options on the OnBoard Page 40Routing on the OnBoard Page 42OnBoard Notifications Page 43

How the OnBoard Manages Communications With Devices 360 AlterPath OnBoard Administrator’s GuideFigure A-1: onboard_server.ini Device Entries With Te

Appendix A: Advanced Device Configuration 361 How the OnBoard Manages Communications With DevicesIssues Affecting the Configuration of RSA-Type Ser

How the OnBoard Manages Communications With Devices 362 AlterPath OnBoard Administrator’s GuideThe default editor used by onbdtemplate is vi. You ca

Appendix A: Advanced Device Configuration 363 How the OnBoard Manages Communications With DevicesIf “Test” is selected, after the administrator sel

How the OnBoard Manages Communications With Devices 364 AlterPath OnBoard Administrator’s Guide“Introduction” under on “OnBoard Authentication Optio

Appendix A: Advanced Device Configuration 365 How the OnBoard Manages Communications With DevicesOnBoard Expect ScriptsThe Expect scripts are locat

How the OnBoard Manages Communications With Devices 366 AlterPath OnBoard Administrator’s GuideAll Expect scripts reside in /libexec/onboard, as sho

Appendix A: Advanced Device Configuration 367 Application Notes Related to Expect Scripts• *_login.exp scripts are special extension scripts that c

Application Notes Related to Expect Scripts 368 AlterPath OnBoard Administrator’s GuideAfter this document is finalized, more application notes may

Appendix A: Advanced Device Configuration 369 Application Notes Related to Expect ScriptsT To Create a Custom IPMI Expect Script1. Log into the OnB

Introduction 3 Overview of OnBoard Features for AdministratorsOverview of OnBoard Features for AdministratorsThe OnBoard mediates between authorize

Application Notes Related to Expect Scripts 370 AlterPath OnBoard Administrator’s GuideactionThe action specifies the action for the script to take.

Appendix A: Advanced Device Configuration 371 Application Notes Related to Expect Scriptsspconsole The native command line of the service processor

Address Configuration for Connected Devices 372 AlterPath OnBoard Administrator’s GuideT To Create a Custom Expect Script 1. Access the command line

Appendix A: Advanced Device Configuration 373 Address Configuration for Connected DevicesPrivate subnet(s) should use IP addresses from one of the

Address Configuration for Connected Devices 374 AlterPath OnBoard Administrator’s GuideUsing Reserved IP Addresses for Private IP AddressingThe OnBo

Appendix A: Advanced Device Configuration 375 Address Configuration for Connected DevicesFor recommendations about which ranges to use for various

Address Configuration for Connected Devices 376 AlterPath OnBoard Administrator’s Guide• When the connected devices’ addresses are already configure

Appendix A: Advanced Device Configuration 377 Address Configuration for Connected DevicesThe range of IP addresses is derived from the information

Address Configuration for Connected Devices 378 AlterPath OnBoard Administrator’s GuideAny routes needed for IPSec VPN can be configured as part of

Appendix A: Advanced Device Configuration 379 Address Configuration for Connected DevicesIn Figure A-2, two devices are connected to the OnBoard. T

OnBoard Authentication Options 4 AlterPath OnBoard Administrator’s GuideOnBoard Authentication OptionsThe OnBoard administrator can configure many c

Address Configuration for Connected Devices 380 AlterPath OnBoard Administrator’s Guidethe Web Manager → Config Devices screen, as part of the imple

Appendix A: Advanced Device Configuration 381 Address Configuration for Connected DevicesExample 2: Two Private Subnets and VPN ConfigurationFigure

Address Configuration for Connected Devices 382 AlterPath OnBoard Administrator’s GuideTwo Private Subnets and User Configuration for Example 2Confi

Appendix A: Advanced Device Configuration 383 Address Configuration for Connected DevicesAs shown in the example output from the ifconfig command o

Address Configuration for Connected Devices 384 AlterPath OnBoard Administrator’s GuideFigure A-9: Example 2: Four Devices Configured on the Web Man

Appendix A: Advanced Device Configuration 385 Address Configuration for Connected DevicesA VPN connection must exist before a user can access nativ

Address Configuration for Connected Devices 386 AlterPath OnBoard Administrator’s Guide• When configuring “connSub1” for access to sub1: Left subnet

Appendix A: Advanced Device Configuration 387 Address Configuration for Connected DevicesFigure A-11:Example 2: IPSec Connection Configuration for

Address Configuration for Connected Devices 388 AlterPath OnBoard Administrator’s Guidecreates the routes needed to get packets flowing through the

Appendix A: Advanced Device Configuration 389 Address Configuration for Connected DevicesNote: The address pools’ IP addresses can be assigned arbi

Introduction 5 OnBoard Authentication Options•The AuthType/Local and AuthType/DownLocal authorization methods are referred to as authentication met

Address Configuration for Connected Devices 390 AlterPath OnBoard Administrator’s GuideThe authorized user must do the following:• Make sure the use

Appendix A: Advanced Device Configuration 391 Address Configuration for Connected Devices• To communicate with “sp3” and “sp4,” a route would neede

Address Configuration for Connected Devices 392 AlterPath OnBoard Administrator’s Guide• Select “Enable native IP” from the list of management actio

Appendix A: Advanced Device Configuration 393 Address Configuration for Connected DevicesOR• In the Web Manager on the OnBoard, clicking the “Servi

Address Configuration for Connected Devices 394 AlterPath OnBoard Administrator’s Guidenetwork would map the IP addresses from the three private sub

Appendix A: Advanced Device Configuration 395 Address Configuration for Connected DevicesAs stated elsewhere, users who have the following types of

Address Configuration for Connected Devices 396 AlterPath OnBoard Administrator’s GuideFigure A-14:Example 3: Virtual Network ConfigurationNote: “sp

Appendix A: Advanced Device Configuration 397 Address Configuration for Connected DevicesVirtual Network and Device Configuration for Example 3 To

Address Configuration for Connected Devices 398 AlterPath OnBoard Administrator’s GuideFigure A-16:Example 1: Device Configuration ExampleFigure A-1

Appendix A: Advanced Device Configuration 399 Address Configuration for Connected DevicesIPSec VPN Configuration for Example 3After the private sub

OnBoard Authentication Options 6 AlterPath OnBoard Administrator’s Guideauthentication methods that are used by SNMP, PPTP, IPSec, or PPP are descri

Address Configuration for Connected Devices 400 AlterPath OnBoard Administrator’s GuideAs in the earlier example, the OnBoard administrator must do

Appendix A: Advanced Device Configuration 401 Address Configuration for Connected DevicesThis first set of bullets are a review of the steps for ob

Address Configuration for Connected Devices 402 AlterPath OnBoard Administrator’s GuideEnabling Native IP and Accessing a Device’s Native Features U

Appendix A: Advanced Device Configuration 403 Address Configuration for Connected DevicesAccessing Native Features for Example 3After enabling nati

Address Configuration for Connected Devices 404 AlterPath OnBoard Administrator’s Guide• Bringing the management application up from the service pro

Appendix A: Advanced Device Configuration 405 Address Configuration for Connected Devicesaddress in the dhcp.conf file, as described in “Configurin

Address Configuration for Connected Devices 406 AlterPath OnBoard Administrator’s Guide

407Appendix BAdvanced Boot and Backup Configuration InformationThis appendix provides information related to configuring boot file locations and man

Boot File Location 408 AlterPath OnBoard Administrator’s GuideBoot File LocationHow the OnBoard boots is introduced at a high level in “Configuring

Appendix B: Advanced Boot and Backup Configuration Information 409 Downloading a New Software VersionRefer to the following text and figure explain

Introduction 7 OnBoard Authentication OptionsLocal/LDAP Uses LDAP authentication if local authentication failsXXNIS Uses user/password configured o

Changing the Boot Image 410 AlterPath OnBoard Administrator’s Guidecurrentimage is changed so that the system boots from the new image.• Do a networ

Appendix B: Advanced Boot and Backup Configuration Information 411 Changing the Boot Image2. Enter the cycli command.The cli> prompt appears.3.

Changing the Boot Image 412 AlterPath OnBoard Administrator’s GuideChanging the Boot Image in U-Boot Monitor ModeYou can access U-Boot monitor mode

Appendix B: Advanced Boot and Backup Configuration Information 413 Changing the Boot ImageT To Boot From an Alternate Image in U-Boot Monitor Mode1

U-Boot Network Boot Options and Caveats 414 AlterPath OnBoard Administrator’s GuideU-Boot Network Boot Options and CaveatsWhen a network boot is per

Appendix B: Advanced Boot and Backup Configuration Information 415 U-Boot Network Boot Options and Caveats2. Set the “bootfile,” “serverip,” and “i

Options for the create_cf Command 416 AlterPath OnBoard Administrator’s GuideThe following command example shows using the --factory_default argumen

Appendix B: Advanced Boot and Backup Configuration Information 417 Options for the create_cf CommandNote: Use the --image[1|2]option to save the im

Options for the create_cf Command 418 AlterPath OnBoard Administrator’s GuideExamples for create_cf Command UsageAll the examples assume you have do

Appendix B: Advanced Boot and Backup Configuration Information 419 Options for the restoreconf CommandOptions for the restoreconf CommandAs describ

OnBoard Authentication Options 8 AlterPath OnBoard Administrator’s GuideSMBUses user/password configured on the SMB authentication server (for Micro

Options for the restoreconf Command 420 AlterPath OnBoard Administrator’s Guide

421Glossary1UOne rack unit (also referred to as 1RU). A standard measurement equal to 1.75” (4.45 cm) of vertical space on a rack or cabinet that is

422 AlterPath OnBoard Administrator’s GuidealiasAn easy-to-remember, usually-short, usually-descriptive name used instead of a full name or IP addr

Glossary 423 is one of the security features provided on Cyclades products to enable customers to enforce their data center security policies. A use

424 AlterPath OnBoard Administrator’s GuideBIOS (basic input/output systemPronounced “bye-ose.” Instructions in the onboard flash memory that start

Glossary 425 CDMA (code division multiple access)A mobile data service available to users of CDMA mobile phones. CHAP (challenge handshake authentic

426 AlterPath OnBoard Administrator’s GuideCLI parameter treeEach version of the Cyclades CLI utility has a set of commands and parameters nested i

Glossary 427 CycladesA corporation founded in 1989 to provide unique networking solutions. Named after the ground-breaking French packet-switching n

428 AlterPath OnBoard Administrator’s GuideDNS (domain name service or system)A service that translates domain names (such as cyclades.com) to netw

Glossary 429 encryptionTranslation of data into a secret format using a series of mathematical functions so that only the recipient can decode it. D

Introduction 9 OnBoard Authentication OptionsAn administrative user can use the Web Manager, and any administrator can use the cycli utility for co

430 AlterPath OnBoard Administrator’s GuideExpect scriptA script written using expect, a scripting language based on Tcl, the Tool Command Language

Glossary 431 HTTP (hypertext transfer protocol)Protocol defining the rules for communication between Web servers and browser across the Internet. HT

432 AlterPath OnBoard Administrator’s GuideIPDU (intelligent power distribution unit)A device with multiple power inlets into which IIT assets can

Glossary 433 secure. Supported on many AlterPath products. In tunnel mode, IPSec is used to form a VPN connection, creating a secure tunnel between

434 AlterPath OnBoard Administrator’s GuideCyclades AlterPath KVM analog switches are one component of the out-of-band infrastructure.LDAP (lightwe

Glossary 435 MIBEach SNMP device has one or more MIBs (management information bases), which describes the device’s manageable objects and attributes

436 AlterPath OnBoard Administrator’s Guidenative command interface (See NCI)native IPA management option that the OnBoard administrator can enable

Glossary 437 resistance, electromagnetic capability, electrical safety, and manufacturing component characteristics, among other attributes.network

438 AlterPath OnBoard Administrator’s Guideauthorized to perform on that server’s service processor. Accessed by administrators by typing/usr/bin/o

Glossary 439 an intelligent power management device (IPDU), a KVM port, or a service processor.point to point protocol (See PPP)point to point tunne

One-time Password Authentication on the OnBoard 10 AlterPath OnBoard Administrator’s GuideFor examples of using cycli scripts that you can adapt to

440 AlterPath OnBoard Administrator’s Guideremote supervisor adapter II (See RSA II)remote system control (See RSC)rmenushThe default login shell f

Glossary 441 center security policies while providing out-of-band access to managed systems.SEL (See event log)serial over LAN (See SoL)service proc

442 AlterPath OnBoard Administrator’s Guidesimple mail transfer protocol (See SMTP)SMB (server message block)A protocol used for file sharing and o

Glossary 443 SNMP server (See SNMP manager)SoL (serial over LAN)Access to the console of a server or other device that supports redirection of seria

444 AlterPath OnBoard Administrator’s GuideSSHSecure shell, developed by SSH Communications Security, Ltd., is a UNIX-based shell and protocol that

Glossary 445 trapAn operation started by an SNMP agent in response to an event of interest on a managed-object in a device, which sends an alert to

446 AlterPath OnBoard Administrator’s Guide

447IndexAaccessing connected devicescontrolling 3planning 14activity, capturing 4adding rules for IP filtering chains 57addressing scheme for device

448 AlterPath OnBoard Administrator’s GuideAUX portsconfiguring for IPDU power management 41connecting IPDUs to 40Bbacking up configuration files 100b

Index 449command templates (continued)creating 348table showing devices to which they apply 357tasks for configuring a new device 347testing 348when n

Introduction 11 One-time Password Authentication on the OnBoardConfigure OTP for various types of access, as desired.The following procedures that

450 AlterPath OnBoard Administrator’s GuideCycladesdownloading updates from 147downloading updates fromftp server for 297cycli utilityadd command 311,

Index 451device management 3actionsevent log 349power 349service processor console 349device types 347differences 348devices 3accessing native IP feat

452 AlterPath OnBoard Administrator’s Guide/etc/config_files fileadding a new file to be backed up/restored 101certificate files pre-added to 76/etc/h

Index 453flash memorypartitions 416PCMCIA card 418saving the boot image on 417unusable, recovering from 414upgrading software on 298flow control 38for

454 AlterPath OnBoard Administrator’s Guideipmitool command 352IPSecauthentication methods 6in the Moderate security profile 16service requiring addit

Index 455modems (continued)initialization string 39introduction 36–39PCMCIA cardconfiguration form 169Web Manager configuration screen 169supported ty

456 AlterPath OnBoard Administrator’s GuideOnBoard (continued)system events generating syslog messages 32understanding authentication on 4unique devic

Index 457user configuration settings 13using to access the Web Manager 106PPTP 6, 13, 16, 22, 81, 82client 82, 86, 389password 86VPN connections 86ppt

458 AlterPath OnBoard Administrator’s Guideroutingfor the OnBoard, understanding 42specifying the OnBoard’s default route 42, 125, 265RPC 16, 22RSA I

Index 459servers authentication, configuringLDAP 216NIS 217RADIUS 219SMB 221TACACS+ 223syslog 33service processorsconnecting multiple to a single priv

Contents v Chapter 2: Administration Tasks Not Done in the Web Manager...61Using MindTerm t

OnBoard User and Group Configuration Options 12 AlterPath OnBoard Administrator’s GuideFor more details about OTP, see: http://www.freebsd.org/doc/e

460 AlterPath OnBoard Administrator’s Guidesyslog (continued)message logging with 32message notifications 44servers 32, 33service 22severity levels 33

Index 461users (continued)configuringfor power management 41in Wizard 116, 137planning device and IPDU outlet access for 14providing username and pass

462 AlterPath OnBoard Administrator’s Guide

Introduction 13 OnBoard User and Group Configuration OptionsParameters for Configuring User AccountsThe OnBoard administrator configures user accou

OnBoard User and Group Configuration Options 14 AlterPath OnBoard Administrator’s GuidePlanning Access to Connected DevicesPlanning should include t

Introduction 15 OnBoard User and Group Configuration OptionsCreate user groups and authorize them for device management the user to an administrati

OnBoard Security Profiles 16 AlterPath OnBoard Administrator’s GuideOnBoard Security ProfilesAn important part of configuring the OnBoard is selecti

Introduction 17 OnBoard Security ProfilesTable 1-7 describes the “Secured” security profileTable 1-9 describes the “Open” security profileDefault a

OnBoard Security Profiles 18 AlterPath OnBoard Administrator’s GuideTable 1-10 describes the services and other functionality that the administrator

Introduction 19 OnBoard Security ProfilesSSH Options• Allow root login using SSH• SSH v1, SSH v2 (allow or disallow)• SSH Port (Assign an alternate

OnBoard Security Profiles 20 AlterPath OnBoard Administrator’s GuideDefault authentication type1 to access devices (applies to devices configured su

Introduction 21 OnBoard ServicesOnBoard ServicesA network service is available on the OnBoard if one of the two following conditions are true:• The

vi AlterPath OnBoard Administrator’s GuideChapter 4: Web Manager Wizard...113Using the Wizard ...

OnBoard Services 22 AlterPath OnBoard Administrator’s GuideIf enabled, the services in the following list are available to users without further con

Introduction 23 Telnet on the OnBoardTelnet on the OnBoardBy default, Telnet is configured as follows:• A Telnet server is present but not enabled,

HTTPS on the OnBoard 24 AlterPath OnBoard Administrator’s Guidecommand line. telnetd can be enabled by an administrative user on the Web Manager Con

Introduction 25 DHCP on the OnBoardDHCP ServerA DHCP server (dhcpd) is present but disabled on the OnBoard by default. The OnBoard administrator ma

SNMP on the OnBoard 26 AlterPath OnBoard Administrator’s GuideConsiderations When Deciding Whether to Use DHCP to Configure Device AddressesBefore d

Introduction 27 SNMP on the OnBoardCaution! The snmpd running on OnBoard allows access to proxied data using the v1 and 2c protocols without the cr

SNMP on the OnBoard 28 AlterPath OnBoard Administrator’s GuideTraps are handled the three following ways:• When access is through a VPN tunnel, the

Introduction 29 SNMP on the OnBoardCommunityFor SNMP v1 and v2c only the community name is used for authentication. An arbitrary string, with a max

SNMP on the OnBoard 30 AlterPath OnBoard Administrator’s GuideStrings are defined as case-sensitive ASCII, not beginning with a hash and delimited b

Introduction 31 SNMP on the OnBoardThe following table describes the values used for configuring SNMP traps. The following table shows the tasks re

Contents vii Configuring Over Current Protection for an IPDU ... 162Configuring Users to Manage Power Outlets on a Connected IPD

VPN on the OnBoard 32 AlterPath OnBoard Administrator’s GuideVPN on the OnBoardAs described in the AlterPath OnBoard User’s Guide, for security reas

Introduction 33 Message Logging (With Syslog) on the OnBoardMessage Filtering LevelsMessages can be filtered according to their severity, based on

Ethernet Ports on the OnBoard 34 AlterPath OnBoard Administrator’s GuideEthernet Ports on the OnBoardThe OnBoard’s two public Ethernet ports are use

Introduction 35 Ethernet Ports on the OnBoardThe secondary Ethernet port on the OnBoard can optionally be configured for failover, which is also re

Dial-in and Callback Access to the OnBoard 36 AlterPath OnBoard Administrator’s GuideTasks for Configuring Ethernet PortsThe following table lists t

Introduction 37 Dial-in and Callback Access to the OnBoardThe following table lists the modem and phone card configuration tasks, with links to whe

Dial-in and Callback Access to the OnBoard 38 AlterPath OnBoard Administrator’s GuideFigure 1-20 shows the configuration options that apply whether

Introduction 39 Dial-in and Callback Access to the OnBoardModem Initialization/initchatA modem initialization string (or chat string) of AT command

Power Management Options on the OnBoard 40 AlterPath OnBoard Administrator’s GuidePower Management Options on the OnBoardAuthorized users and OnBoar

Introduction 41 Power Management Options on the OnBoardTasks for Configuring Power ManagementThe following table lists the tasks for configuring po

viii AlterPath OnBoard Administrator’s GuideConfiguring a NIS Authentication Server ... 217Configuring a Radius A

Adding Options to the User’s Console Login Menu 42 AlterPath OnBoard Administrator’s GuideAdding Options to the User’s Console Login MenuAs describe

Introduction 43 OnBoard NotificationsTasks for Configuring RoutesThe following table lists the tasks for configuring route and provides links to wh

OnBoard Notifications 44 AlterPath OnBoard Administrator’s GuideSupported operators are “and,” “or,” and “not.”The following line shows the syntax f

Introduction 45 OnBoard Sensor AlarmsThe following example shows the two match functions filtering for logins and excluding messages that have the

Device Configuration 46 AlterPath OnBoard Administrator’s GuideSee “Configuring Sensor Alarms” on page 233 for how to configure sensor alarms throug

Introduction 47 Device Configuration• Connect the OnBoard’s primary Ethernet port (eth0) to a local management network and usually to the Internet,

Device Configuration 48 AlterPath OnBoard Administrator’s GuideFigure 1-1: Recommended Device ConfigurationPreparing an Addressing SchemeBefore conf

Introduction 49 Device ConfigurationThe following Figure 1-2 shows some example IP addresses assigned:• A managed public IP address is assigned the

Device Configuration 50 AlterPath OnBoard Administrator’s GuideFigure 1-2: IP Addressing ExampleSee “Address Configuration for Connected Devices” on

Introduction 51 Device ConfigurationParameters for Configuring DevicesThe OnBoard administrator configures connected devices by assigning parameter

Contents ix Configuring Primary and Secondary Ethernet Ports ... 266Configuring Firewall Rules for OnBoard Packet Filtering ...

Device Configuration 52 AlterPath OnBoard Administrator’s GuideData buffering Options for data buffering for the device are “Yes,” “No,” or “Default

Introduction 53 Device ConfigurationCaution! Be careful not to allow any PPP user to use the same IP address that is assigned to any connected devi

Private Subnets on the OnBoard 54 AlterPath OnBoard Administrator’s GuidePrivate Subnets on the OnBoardConnected devices should be isolated (as reco

Introduction 55 Tasks for Configuring IP AddressesTasks for Configuring IP AddressesSee “OnBoard-specific Tasks for Configuring New Devices” on pag

Firewall/Packet Filtering on the OnBoard 56 AlterPath OnBoard Administrator’s GuideFirewall/Packet Filtering on the OnBoardPacket filtering on the O

Introduction 57 Firewall/Packet Filtering on the OnBoardThe OnBoard comes with a number of built-in chains with hidden rules that are preconfigured

Firewall/Packet Filtering on the OnBoard 58 AlterPath OnBoard Administrator’s GuideAdd Rule and Edit Rule OptionsWhen you add or edit a rule you can

Introduction 59 Firewall/Packet Filtering on the OnBoardAny of the options in Table 1-25 can be given the inverted flag, so that the target action

How Configuration Changes Are Handled 60 AlterPath OnBoard Administrator’s GuideHow Configuration Changes Are HandledThe OnBoard handles changes to

Introduction 61 How Configuration Changes Are Handled The following table shows tasks for administrators to save changes to configuration files and