Menu > Articles de la revue de presse : - l'ensemble [tous | francophone] - par mots clé [tous] - par site [tous] - le tagwall [voir] - Top bi-hebdo de la revue de presse [Voir]

---

S'abonner au fil RSS global de la revue de presse

---

Présentation : For years, I've wanted to put together a collection of lab hardware for public use, but had many technical obstacles to overcome. Many people starting out in networking have grown accustomed to deploying old Cisco 2511 routers as access servers for labs. While these might suffice for an individual, they're hardly a robust solution and simply unfit for a managed lab. For serious console access over IP, I needed something more. It wasn't until I came across a line of console servers produced by Opengear that a free community lab became a real possibility. With Opengear's help, the community lab I had envisioned quickly became a reality. Many readers have asked for a more in-depth explanation of how access to the lab is managed, so here it is. The Opengear CM4116 ------------------- The heart of the lab is an Opengear CM4116. CM4116_hardware.jpg This is a solid-state, ultra-low-power 1U box with 16 RS-232 serial ports the CM4000 line also offers port densities of 1, 8, and 48 . Each port can be connected to an out-of-band console interface of various hardware, such as the console or auxiliary ports on most Cisco hardware. The box itself is attached to an Ethernet LAN and provides connectivity to the serial ports through a variety of means, such as Telnet or SSH. The box runs a custom-built lightweight Linux operating system, which is available without a software license and even customizable through Opengear's custom development kit CDK . It can be managed both through console and an HTTPS interface as pictured below. CM4116_dashboard_sm.png Serial Port Configuration ------------------------- Anyone who has used HyperTerminal or a similar terminal emulator before will find console port configuration very familiar. CM4116_port_configuration_sm.png Beside typical settings like baud rate and flow control, each port can be configured independently to function in one of several modes Console Server - Provides access to the serial port over IP via Telnet, SSH, raw TCP, and or RFC 2217 bridging SDT - Secure tunneling through Opengear's SDT Connector software Java-based Terminal Server - Enables TTY login for a local terminal Serial Bridge - Connect two serial endpoints over IP using RFC 2217 In console server mode, ports can be independently configured for allowed protocol, logging level, syslog facility, and other parameters. Optionally, the entire serial stream of a port can be exported to a remote server via syslog. Console access is achieved by connecting via Telnet or SSH on the TCP port for a given serial port. User authentication is provided either locally, by a centralized RADIUS, TACACS , or LDAP server, or by a combination thereof. telnet 192.168.20.2 2003 Trying 192.168.20.2... Connected to 192.168.20.2. Escape character is ' '. login root Password R3 R3 Power Management ---------------- One especially handy feature is inline power management utilizing SNMP-controlled UPS or RPC devices. First, an UPS or RPC device is configured and its available outlets automatically discovered. CM4116_rpc_configuration_sm.png Next, the administrator creates a managed device, which is essentially a mapping of serial port to UPS RPC outlet. CM4116_md_configuration_sm.png When power control is enabled under the serial port configuration, a logged-in user can then manipulate the power outlet of the device he's consoled into directly from the console R3 p Power Commands O - Power ON P - Power OFF R - Power cycle off then on again s - Show current power status . - Exit power menu - Show this message R3 Power R Cycling power ... Connection 1 Unknown R3 Power . System Bootstrap, Version 12.3 8r T9, RELEASE SOFTWARE fc1 Technical Support http www.cisco.com techsupport Copyright c 2004 by cisco Systems, Inc. PLD version 0x10 GIO ASIC version 0x127 c1841 processor with 262144 Kbytes of main memory Main memory is configured to 64 bit mode with parity disabled ... This is a critical feature, allowing remote users to perform hard reboots for tasks like password recovery. Console Pattern Matching and Alerts ----------------------------------- Opengear provides a very elegant solution for what is, in my opinion, the most daunting concern for anyone running a multi-user lab How do you grant a newbie full control over a device, yet protect the device from accidental software erasures and the like The CM4116 software allows for pattern matching against the input and output serial streams of each port. With just a rudimentary understanding of regular expressions, an administrator can define an alert to look for certain strings and perform a variety of actions. CM4116_alert_configuration_sm.png For example, I have defined a number of alerts on the lab's CM4116 to protect against corruption or deletion of the IOS and ASA software images, or formatting of the Flash filesystems. These simple alerts have already saved me hours of having to xmodem a new software image onto corrupted devices. Here is an example of such an alert in action R3 format flash Format operation may take a while. Continue confirm C R3 R3 R3 ABUSIVE COMMAND DETECTED on port03 R3 R3 Connection closed by foreign host. When a specific output from the device is detected, the alert fires and executes a custom script. In this case, the script has injected a control character ctrl-c to cancel the command, printed an error message, and kicked off the user. Additionally, it has notified the administrator of the event by email. Note that this is simply what I've chosen to do with a little knowledge of bash scripting, you can make an alert do just about anything. Management via Console ---------------------- Hardcore engineers know never to rely solely on a graphical interface for systems management, and the folks at Opengear are well aware of this maxim. Unmitigated root access to the console server is available via Telnet or SSH. The config utility is provided for easy inspection and manipulation of configuration parameters. config -g config.ports.port5.speed config.ports.port5.speed 9600 config -s config.ports.port5.parity None config -g config.ports.port5.parity config.ports.port5.parity None Coupled with remote command execution via SSH, config makes automated changes a snap. Final Thoughts -------------- I have been thoroughly pleased with the capabilities of this console server. I have no doubt that without it, I would still be searching for a lab access solution. Opengear's CM4000 series is an ideal solution for both critical out-of-band console access and robust lab management.






Les derniers articles du site "PacketLife.net Community Blog" :

- Using 6to4 for IPv6 at Home
- 6to4 IPv6 Tunneling
- RFC 5798 Brings IPv6 to VRRP
- The Science of Network Troubleshooting
- Navigating Cisco.com Documentation
- Cisco links reference in the wiki
- Teaching binary and other bases
- OSPFv2 versus OSPFv3
- IGP posters on sale for 9.99 this week
- Experimenting with VLAN hopping

---

S'abonner au fil RSS global de la revue de presse

---