User Manual ACM5000 Remote Site Managers ACM5500 Management Gateways ACM7000 Resilience Gateways IM7200 & IM4200 Infrastructure Managers CM7100 Console Servers Revision 4.3 2016-11-09 User Manual Copyright © Opengear Inc. 2016. All Rights Reserved. Informa!on in this document is subject to change without no!ce and does not represent a commitment on the part of Opengear. Opengear provides this document “as is,” without warranty of any kind, expressed or implied, including, but not limited to, the implied warran!es of fitness or merchantability for a par!cular purpose. Opengear may make improvements and/or changes in this manual or in the product(s) and/or the program(s) described in this manual at any !me. This product could include technical inaccuracies or typographical errors. Changes are periodically made to the informa!on herein; these changes may be incorporated in new edi!ons of the publica!on. Safety Follow the safety precau!ons below when installing and opera!ng the console server: • do not remove the metal covers. There are no operator serviceable components inside. Opening or removing the cover may expose you to dangerous voltage which may cause fire or electric shock. Refer all service to Opengear-qualified personnel. • to avoid electric shock the power cord protec!ve grounding conductor must be connected through to ground. • always pull on the plug, not the cable, when disconnec!ng the power cord from the socket. • do not connect or disconnect the console server during an electrical storm. It is recommended you use a surge suppressor or UPS to protect the equipment from transients. Proper back-up systems and necessary safety devices should be u!lized to protect against injury, death or property damage due to system failure. Such protec!on is the responsibility of the user. This console server device is not approved for use as a life-support or medical system. Any changes or modifica!ons made to this console server device without the explicit approval and consent of Opengear will void Opengear of any liability or responsibility of injury or loss caused by any malfunc!on. This equipment is for indoor use only. All the console’s communica!on wirings are limited to use inside of a building. FCC warning statement This device complies with Part 15 of the FCC rules. Opera!on of this device is subject to the following condi!ons: (1) This device may not cause harmful interference, and (2) this device must accept any interference that may cause undesired opera!on. Opengear User Manual. Page 4. Publishing history date ed so!ware models features 2010/01 3.8.4 SD4001 2010/03 3.8.5 ACM5004-G fixed Failover details & added DDNS. 2010/06 3.9 3.1 ACM5004-I Shadow password, °F, SNMP, SMS gateway. 2010/08 3.9.1 3.2 OpenVPN, Zenoss, config commit, & Call Home. 2010/12 4.0 3.3 Firewall router, Web Terminal, & SNMP updates. 2011/06 4.1 3.4 GPS, SNMP monitoring & IPv6, 32-port models, & SMS over cellular. 2011/10 4.2 3.5 Auto-Response. 2011/11 4.3 3.5.2 IM4216-34 PPTP, GRE, Groups, FTP server, mul!ple dial- in, & pmshell. 2012/02 4.4 3.5.2u3 ACM5500 Kerberos, Cisco RJ in SD4000, & remove KCS. 2012/04 4.5 3.5.2u14 Cellular redial. 2012/07 4.6 3.5.3 SD4001 rev-01 & SMS ARM, simple key, & Services page. CM4001/4008 EoL. 2012/12 4.7 3.6 ACM5504-5-G-W-I Authen!cated NTP. & IM4004-5 EoL. 2013/04 4.8 3.7 4G LTE support. 2013/09 4.9 3.8 IM7200 2013/10 4.10 IM7208 & DDC models 2014/01 4.11 3.9 Dual SIM, SNMP DIO, bulk provisioning, & WEEE. 2014/03 4.12 3.10 Connec!on Manager network management backend & Auto-Response extensions. 2014/07 4.13 3.11 New SNMP MIB, OpenLDAP, & LDAPS. 2014/09 4.14 3.12 New Manage Devices UI & brute force protec!on. 2014/10 4.15 CM7100 2015/01 4.16 3.15 IP Passthrough 2015/02 4.17 3.15.1 CM4100 EoL. ZTP 2015/06 4.18 3.16 ACM7000 2015/11 4.19 3.16.2 SD4000 EoL. Unauthen!cated SSH & mul!carrier cellular. 2016/03 4.20 3.16.4u2 ACM7004-5 2016/04 4.21 Minor document cleanup. 2016/06 4.22 ACM7004-5 RSG Link Layer Discovery Protocol (LLDP). 2016/07 4.23 3.16.5u1 IM7216-2-24U-DAC disabling AAA accoun!ng UI. 2016/09 4.24 ZTP (configura!on over DHCP) & USB consoles. 2016/11 4.3 Edits, Copy-edits and re-format throughout. Opengear User Manual. Page 5. This manual The Opengear User Manual describes the features and capabili!es of the following Opengear product lines, and provides instruc!ons to best take advantage of them: Remote Management Gateways ACM5504-5-G/GV-W-I ACM5508-2 ACM5504-5-G/GV-I ACM5508-2-M ACM5504-5-LA/LR/LV-I ACM5008-2-P ACM7005-4 Remote Site Managers ACM5002-F-E ACM5004-F-E and -G, -GV, -GS, and -LR models ACM5003-M-F-E ACM5004-2-I with cellular support. Infrastructure Managers IM7248-2-DAC and -LA, -LR, and -LV models IM7232-2-DAC with 4G LTE. IM7216-2-DAC Infrastructure Managers IM4248-2-DAC IM4216-2-DAC and -G and -GV models IM4248-2-DDC IM4216-2-DDC with cellular support. IM4232-2-DAC IM4216-34-DAC IM4232-2-DDC IM4216-34-DDC IM4208-2-DAC Console Servers CM7116-2-DAC CM7132-2-DAC CM7148-2-DAC Each of these products is referred to generically in this manual as a console server. Where appropriate, product groups may be referred to as console servers, gateways or by specific product line name or product group (for example the IM4200 family or the ACM5500). Who should read this user manual? You should read this manual if you are responsible for evalua!ng, installing, opera!ng, or managing an Opengear appliance. This manual assumes you are familiar with the internal network of your organiza!on, and are familiar with the Internet, IP networks, HTTP, FTP and basic security opera!ons. Opengear User Manual. Page 6. Manual organisa"on The Opengear User Manual is structured as follows: 1. Introductory material An overview of the console server’s features and informa!on regarding this manual. 2. Installa!on Physical installa!on of the console server and the interconnec!ng of managed devices. 3. System configura!on Ini!al installa!on and configura!on of the console server and the supported services. 4. Serial port, host, device & user configura!on Configuring serial ports and connected network hosts, and se$ng up users. 5. Firewall, failover, & OOB access Set up the firewall and the high availability access features of the console server. 6. SSH tunnels & SDT connector Secure remote access using SSH and con- figure for RDP, VNC, HTTP, HTTPS &c access to network- and serially-connected devices. 7. Alerts, auto-response & logging Set up local and remote event and data logs. Configure auto-responses to trigger events. 8. Power, environment, & digital I/O Manage USB, serial and network a%ached power strips and UPS supplies. Also EMD environmental sensor configura!on. 9. Authen!ca!on Access to the console server requires authenitcated usernames and passwords. 10.Nagios integra!on Set Nagios central management. Configure console server as a distributed Nagios server. 11.System management Access to and configura!on of services to be run on the console server. 12.Status reports The dashboard summary and detailed status and logs of serial and network connected devices (ports, hosts, power and environment). 13.Management Port controls and user-accessible reports. 14.Configura!on from the command line Command line installa!on and configura!on using the config command. 15.Advanced configura!on Advanced command line configura!on ac!vi!es using Linux commands. 16.Appendices Command defini!ons, specifica!ons, cer!fica!ons, terminology defini!ons, licenses, service and warranty details. The most recent version of this manual is always at h%p://opengear.com/support/ documenta!on/. Opengear User Manual. Page 7. Types of users The console server supports two classes of users: 1. First there are administra!ve users, who have unlimited configura!on and management privileges over the console server; and all the connected devices. Administra!ve users are set up as members of the admin user group. Users in this class are referred to in this manual as Administrators. An Administrator can access and control the console server using the config u!lity, the Linux command line or the browser-based Management Console. By default, the Administrator has access to all services and ports to control all the serial connected devices and network connected devices (hosts). 2. The second class of users embraces those who have been set up by an Administrator with specific limits of their access and control authority. These users are set up as members of one of the pre-configured user groups (pptpd, dialin, &p, pmshell or users) or another user groups an Administrator has added. They are only authorized to perform specified controls on specific connected devices and are referred to as Users. These Users (when authorized) can access serial or network connected devices; and control these devices using the specified services (eg Telnet, HHTPS, RDP, IPMI, Serial-over-LAN, Power Control). An authorized User also has a limited view the Management Console and can only access authorized configured devices and review port logs. In this manual, when the term user (lower case) is used, it is referring to both classes of users above. This document also uses the term remote users to describe users who are not on the same LAN segment as the console server. These remote users may be users, who are on the road connec!ng to managed devices over the public Internet. They may be an Administrator in another office connec!ng to the console server itself over the enterprise VPN. Or the remote user may be in the same room or the same office but connected on a separate VLAN to the console server. Management console The features of your console server are configured and monitored using the Opengear Management Console. When you first browse to the Management Console, you can use the menu displayed on the le& side to configure the console server. Once you have completed the ini!al configura!on, you can con!nue to use the Management Console runs in a browser and provides a view of the console server and all the connected devices. Opengear User Manual. Page 8. Administrators can use the Management Console, either locally or from a remote loca!on, to configure and manage the console server, users, ports, hosts, power devices and associated logs and alerts. Users can also use the Management Console, but have limited menu access to control select devices, review their logs and access them using the in-built Web terminal or control power to them. The console server runs an embedded Linux opera!ng system, and experienced Linux and UNIX users may prefer to undertake configura!on at the command line. You can gain command line access by cellular, dial-in, or by directly connec!ng to the console server’s serial console port (aka the console server’s modem port). The shell can also be accessed by using ssh or Telnet to connect to the console server over a LAN (or by connec!ng with PPTP, IPsec or OpenVPN). Manual conven"ons The Opengear User Manual uses typeface ‘colour’ to dis!nguish between different so&ware elements. • Procedure steps are denoted with bullet-points like this. • Bullet-pointed text is also, on occasion, used to present related items in a list. Bold text in a procedure indicates a user interface element you click on or navigate to. Italic text in a procedure indicates a user interface element that references a variable you can change or set. Italics are also used in the standard typographic fashion to indicate a formal name (the book "tle in the first paragraph of this sec"on, for example). The phrase ‘console server’ — when referring to any of Opengear’s hardware products — is also italicised throughout. Links, both to external resources and to other places in the manual are set in blue. Mono-spaced type indicates a file-name or shell-based interface element, such as a bash script or application that runs from the bash shell or the Windows command-line. If you might enter the mono- spaced string at a shell-prompt or in a text-editor, it will be set thus. Note: Not a user-interface element. Indented text set in italics and prefixed with the word ‘Note:’ is text to pay specific a"en#on to. The Opengear User Manual equivalent to the rare but now famous phrase ‘hic sunt dracones’ (here be dragons). Where to find addi"onal informa"on 1. The Quick Start Guide that came with your console server. This provides instruc!ons for the installa!on and configura!on of Opengear hardware. 2. The Opengear Knowledge Base at h%ps://opengear.zendesk.com/. This online resource includes technical how-to ar!cles, !ps, FAQs and important no!fica!ons. Opengear User Manual. Page 9. 1.Installa!on 1.1. Models This chapter describes how to install the console server hardware, and connect it to controlled devices. There are mul!ple families and models, each with a different number of network/serial/USB ports or power supply and wireless configura!ons. Opengear User Manual. Page 10.