Remote RMM-1400 Intelligent Remote Site Management Device Configuration Guide

Transcription

1 Remote RMM-1400 Intelligent Remote Site Management Device Configuration Guide Version 5.0x Part Number by Kentrox, Inc. All rights reserved.

2 Copyright 2013 by Kentrox, Inc. All Rights Reserved. The material discussed in this publication is the proprietary property of Kentrox, Inc. Kentrox retains all rights to reproduction and distribution of this publication. Kentrox is a registered trademark of Kentrox, Inc. Kentrox, the Kentrox logo, Applied Innovation, Applied Innovation Inc., the AI logo, and other names are the intellectual property of Kentrox. All other product names are trademarks or registered trademarks of their respective owners. Information published here is current as of this document s date of publication, but is subject to change without notice. You may verify product information by contacting our headquarters. Kentrox is an Equal Opportunity/Affirmative Action employer. Kentrox, Inc Innovation Dr. Dublin, Ohio USA Toll Free: (800) International: +1 (614) Fax: +1 (614)

3 About this Document This document explains how to install, configure and operate the Remote RMM-1400 intelligent remote site management device and RMB peripheral units. Remote RMM-1400 system administrators should have a working knowledge of: Telecommunications networks, TCP/IP networking, including Telnet and FTP FTP tools SNMP DHCP IP tables i

4 Remote RMM-1400 Version 5.0xx Configuration Guide About this Document: Document Conventions Document Conventions Table 1 describes the text conventions used in this document. Table 1 Document Conventions Convention Screen Text, Menu Items, System Prompts, Messages and Reports Static Command Text Variable Command Text Meaning This style indicates Kentrox configuration screen text, menu items, system prompts, messages and reports. In a command statement, this style indicates text that should be entered exactly as shown at a command line. In a command statement, this style indicates user-specified text.... In a command statement, ellipses (...) signify that the preceding parameter can be repeated a number of times. [ ] [ ] In a command statement, square brackets indicate an optional parameter. Two or more parameters in square brackets with a vertical bar ( ) between them indicate a choice of optional parameters. { } In a command statement, two or more parameters in braces with a vertical bar ( ) between them indicate a choice of required parameters. Menus and Menu Commands Dialog Boxes, Tabs, Fields, Check Boxes and Command Buttons Variable Field Text KEYS This style indicates menu and menu commands. A right arrow ( > ) separates the menus from the submenus or menu commands. The right arrow also indicates the order in which you should click the menus, submenus and menu commands. This style indicates dialog boxes, tabs, fields, check boxes and command buttons. This style indicates variable information you type in a dialog box field. Uppercase body text indicates keys on a keyboard, such as the TAB or ENTER keys. Keys used in combination are connected with a plus symbol (+). ii

5 Remote RMM-1400 Version 5.0xx Configuration Guide About this Document: Document Conventions Table 1 Document Conventions (Continued) Labels Note: Important: Tip: CAUTION: This style designates physical components on Kentrox products such as jumpers, switches and cable connectors. Note messages emphasize or supplement important points of the main text. Important messages provide information that is essential to the completion of a task. Tip messages provide information that assists users in operating equipment more effectively. Caution messages indicate that failure to take a specified action could result in loss of data and/or harm to the software or hardware. iii

6 Remote RMM-1400 Version 5.0xx Configuration Guide About this Document: Cautions and Warnings Cautions and Warnings Electrostatic Discharge Caution CAUTION: Kentrox equipment and its peripherals contain electrostatic sensitive components. Proper handling, shipping and storage precautions must be exercised: Ground Caution You must remove and install cards in a static-free environment. Wear an antistatic wrist strap that is plugged into the Kentrox equipment so you are grounded at the same point as the equipment. Do not remove cards from their antistatic plastic bags until you are ready to install them into the chassis. Immediately after you remove a card from the chassis, you must insert it into its antistatic bag. When the cards are not in use, keep them in their antistatic plastic bags. Do not ship or store cards near strong electrostatic, electromagnetic, or radioactive fields. CAUTION: For Kentrox equipment to operate safely and correctly, there must be a safety ground strap between the equipment ground bolts and the office ground. FCC Warning The Federal Communications Commission has set limits for emitted radio interference and Remote RMM-1400 is constructed with this electromagnetic interference (EMI) limitation in mind. Remote RMM-1400 is classified under FCC regulations as a Class A device, that is, a device for use in commercial environments and not in residential areas. This device has been tested and shown to comply with the following FCC rule: Part 15 Subpart J. Operation of this equipment in a residential area may cause interference to radio and TV reception, requiring the user to take whatever steps are necessary to correct the interference. Information is available from the FCC describing possible corrective actions. To maintain low EMI levels, we suggest that you use only metal connectors and shielded cable grounded to the frame. Specifications are subject to change without notice. iv

7 Remote RMM-1400 Version 5.0xx Configuration Guide About this Document: Customer Assistance Customer Assistance All customers, partners and resellers who have a valid Kentrox Support and Services Agreement have complete access to the technical support resources. Kentrox offers technical support from 8 a.m. to 8 p.m. Eastern time, Monday - Friday. Before you contact Kentrox for assistance, please have the following information available: The version of hardware and software you are currently running The error number and exact wording of any messages that appeared on your screen What happened and what you were doing when the problem occurred How you tried to solve the problem Kentrox Online Knowledge Base The Kentrox Online Knowledge Base provides online documents and tools to help troubleshoot and resolve technical issues with Kentrox products and technologies. To access the Kentrox Online Knowledge Base, use this URL: Support support is available. You may send at any time during the day; however, responses will be only be provided during normal business hours, in accordance with your Service and Support Agreement. To contact Technical Support, send to: support@kentrox.com Telephone Support Pre-sales support Available, at no charge, to anyone who needs technical assistance in determining how Kentrox products or solutions can help solve your technical needs. Phone number: , option 2 Hours of Operation: 8 a.m. 8 p.m. Eastern Time Post-sales support Available to qualified Kentrox customers or partners who have not been able to resolve their technical issue by using our online services. To qualify for support, you must have a valid Support and Services Agreement. v

8 Remote RMM-1400 Version 5.0xx Configuration Guide About this Document: Customer Assistance Phone number: , option 3 Normal Business Hours: 8 a.m. to 8 p.m. Eastern time After-Hours Support: Available to qualified customers who are experiencing serviceaffecting outages that cannot wait until the next business day. To qualify for afterhours support, you must have a valid 24x7 Support and Services Agreement. Call the number above, option 3 and follow the prompts for after-hours service. Product Documentation You can also access and view the most current versions of Kentrox product documentation on our Web site at: vi

9 Table of Contents Chapter 1: Remote RMM-1400 Product Overview Remote Product Overview Summary of Remote RMM-1400 Functions Remote Features Remote RMM-1400 Hardware Configuration RMB Peripheral Units RMB-1 Peripheral Unit RMB-2 Peripheral Unit Chapter 2: Getting Started Accessing the CLI Using a Local Connection Setting Up the Initial Remote RMM-1400 Configuration Accessing the CLI Using a Remote Connection Accessing the Web Interface Chapter 3: Configuring Users in the CLI Adding a New User Enabling the Strong Password Feature Changing a User Password Deleting a User Creating a Custom Profile Chapter 4: Saving and Applying Configurations Saving the Running Configuration Applying Configuration Fragments to an Existing Configuration File Restoring Factory Defaults Restoring Basic Network Settings Chapter 5: Configuring Network Setup Parameters Configuring the Domain Name, DNS Servers and IP Forwarding Configuring an IPv6 Address Configuring NTP Configuring System Clock Settings Configuring Default Settings Configuring Custom System Clock Settings TOC-1

10 Table of Contents Configuring a Timezone Definition File Configuring RAS Settings Configuring SNMP Chapter 6: Understanding Controllers and Interfaces Controller Descriptions Bridge Controllers Ethernet Controllers OpenVPN Controllers Serial Controllers Interface Descriptions Bridge Interfaces Ethernet Interfaces OpenVPN Interfaces Serial Interfaces Chapter 7: Configuring Static Routes Adding an IPv4 Static Route to the IP Routing Table Adding a Default IPv4 Static Route to the IP Routing Table Adding an IPv6 Static Route to the IP Routing Table Adding a Default IPv6 Static Route to the IP Routing Table Chapter 8: Configuring a Wireless Network with Remote RMM Getting Started Wireless Network Overview Required Components Initial Setup Sample Configuration Configuring the Wireless Modem Configuring the VPN Chapter 9: Configuring a Site VPN Connection Getting Started Configuration Requirements Optima Redirect Configuration Example Configuring the Site LAN Configuring the Site VPN Verifying the VPN Connection from the Client Chapter 10: Configuring Actions, Events and Responses TOC-2

11 Table of Contents Overview Event Components Response Components Action Components Configuring an Event, Response and Action Chapter 11: Configuring Technician Laptop Access for Remote RMM Configuration Overview Assigning IP Addresses to Technician Laptops Configuring IPTables for Network Address Translation Chapter 12: Configuring Event Correlations Overview Event Correlation Components Correlation Expression Components Originator Types and States Operators Expression Evaluation Configuring a Time Period (Optional) Configuring an Event Correlation Chapter 13: Configuring Alarm Entries in the Central Alarm Table Overview Alarm Protocol Formats Raw SNMP Configuring an Alarm Entry for a Temperature Sensor Configuring Analog Input Values Configuring an Alarm Entry for a Discrete Input Configuring an Alarm Entry for a Serial Connection Failure Configuring an Alarm Entry for a TCP Connection that Goes Down Configuring an Alarm Entry for a Telnet Connection that Comes Up Testing Alarm Table Configurations Chapter 14: Configuring Measurements and the Measurement Table 14-1 Overview Use with Alarm Table Entries Use with Event Correlations Use with Proxied SNMP NEs Configuring a Measurement Table Entry for a Temperature Sensor TOC-3

12 Table of Contents Sample Configuration for SiteBus Temperature Sensor Configuring an Alarm Entry for a Measurement Configuring an Event Correlation for a Measurement Chapter 15: Configuring Mediation Connections Overview Secure Terminal Server Access Terminal Server User Access Configuring a TCP to Asynchronous Serial Connection Configuring a Telnet to Asynchronous Serial Connection Configuring a SSH to Asynchronous Serial Connection Configuring an Asynchronous Serial to Asynchronous Serial Connection Configuring an Asynchronous Serial to TCP Connection Chapter 16: Configuring the DHCP Server DHCP Server Overview Configuring a DHCP Server Configuring a DHCP Server Subnet Configuring a Host on a DHCP Server Configuring BOOTP/DHCP Relay Configuring DHCP Client Support Chapter 17: Configuring the Peripheral Management Subsystem Peripheral Management Subsystem Overview RMB-1 Peripheral Unit RMB-2 Peripheral Unit Expansion Peripheral Unit Discovery Expansion Peripheral States Configuring Remote RMM-1400 to Manage an Expansion Peripheral Configuring Discrete I/O Points on an Expansion Peripheral Configuring Alarms for an Expansion Peripheral Configuring SNMP to Operate a Relay Output Directly Controlling a Relay Output Configuring SiteBus Devices for an Expansion Peripheral Disconnecting a Managed Expansion Peripheral Chapter 18: Configuring the SNMP Proxy SNMP Proxy Feature Overview SNMP Proxy Configuration Information SNMP Templates SNMP NE SNMP Manager TOC-4

13 Table of Contents Configuring a Mediation SNMP Event Template Configuring a Mediation SNMP Point Template Configuring a Mediation SNMP NE Template Configuring a Mediation SNMP Measurement Template Configuring a Mediation SNMP Network Element Configuration Results Chapter 19: Configuring Jobs Job Configuration Overview Script Package Components Configuring Access to a Central FTP Package Server Installing a Script Package Configuring a Job with a Script Package and Script Configuring a Job with a Job Property Configuring a Job with a Job Task Configuring Job Start Times Configuring Dynamic Memory for a Job Chapter 20: Configuring Modules Module Configuration Overview Installing Modules Realizing and Configuring Network Elements Configuring an NE Set Initiating a Control Action Chapter 21: Using Configuration Wizards Configuration Wizard Overview Using the initsetup Wizard Using the bistate-alarms Wizard Using the serial-port Wizard Appendix A: Command Identifications... A-1 Glossary...Glossary-1 TOC-5

14 TOC-6 Table of Contents

15 1 Remote RMM-1400 Product Overview This chapter provides a high level overview of Remote product features and functionality. In addition, the hardware architecture and components of the Remote RMM-1400 and RMB peripheral units are described. Guide to this Chapter Remote Product Overview Remote RMM-1400 Hardware Configuration RMB Peripheral Units 1-1

16 Remote RMM-1400 Product Overview: Remote Product Overview Remote Product Overview The Remote product family includes Remote, Remote RMM-1400, Remote RMX and Remote RMM-1200 (previously known as Remote Mini). The Remote lineup consists of several models that provide various features, as well as a number of peripheral units that provide additional functionality. In general, the Remote products are monitoring and control devices that provide IP management connectivity to remote sites, including environmentally hardened locations. An integral part of the Kentrox Optima Site Manager solution, the Remote products reside at your network s remote locations and connect to each element via a wide variety of interface options. The Remote RMM-1400 performs protocol mediation and interface conversion, collects alarms and monitoring data and supports bi-directional management control with the Optima Management Portal via Ethernet or wireless communication options. Together, Remote and the Optima Management Portal provide detailed monitoring, remote control and management for virtually all remote site devices. Figure 1-1 depicts Remote and Optima Management Portal functionality. Figure 1-1 Remote and Optima Integration for Remote Site Management Summary of Remote RMM-1400 Functions Remote RMM-1400 product functions include: Compatibility with Optima Management Portal or any standard SNMP-based management system Intelligent connectivity to remote network elements Powerful event-response subsystem Custom application extension support Security and network access control 1-2

17 Remote RMM-1400 Product Overview: Remote Product Overview Remote Features All Remote products include the following features: Telnet to asynchronous craft and alarm ports Discrete and analog input alarm mediation and reporting Operations Support Systems (OSS) to relay output mediation Aggregation of performance data Mediation between OSS equipment and network elements Scripts designed for performing corrective actions on monitored equipment 1-3

18 Remote RMM-1400 Product Overview: Remote RMM-1400 Hardware Configuration Remote RMM-1400 Hardware Configuration Figure 1-2 shows the Remote RMM-1400 unit, which incorporates the following connectors and counts: Four Ethernet ports provide for connections to your network. Ports 1 and 2 can be used as standard ports and can also provide 48V PoE to 802.3af-compliant devices. Four serial ports provide connectivity to any asynchronous device and can be used as part of the Telnet to asynchronous protocol mediation application. Serial ports 1 and 2 operate only in RS-232 mode. Serial ports 3 and 4 operate in RS- 422 mode or RS-485 mode. Serial port 4 can serve as a console port to provide local asynchronous access for configuration and diagnostics from a laptop or PC. Tx/Rx and Diversity antenna connections for the optional wireless modem. Dual VDC power inputs with voltage monitoring. An auxiliary 0-60 VDC voltage monitoring input. Figure 1-2 Remote RMM

19 Remote RMM-1400 Product Overview: RMB Peripheral Units RMB Peripheral Units RMB-1 Peripheral Unit The RMB-1 peripheral unit (shown in Figure 1-3) can be connected to and powered from one of Remote RMM-1400 s PoE-capable Ethernet ports. RMB-1 adds the following connectors and counts: 64 digital bistate inputs Four relay outputs Four current inputs (4-20 ma) Four voltage inputs (0-10V, positive only) A four-terminal SiteBus Four sets of auxiliary terminals, which are not electrically connected to other RMB-1 I/O terminals Built-in temperature and humidity sensors For details on physically connecting to RMB-1 terminals, see the Remote RMM-1400 Installation Guide. Figure 1-3 RMB-1 Peripheral Unit 1-5

20 Remote RMM-1400 Product Overview: RMB Peripheral Units RMB-2 Peripheral Unit The RMB-2 peripheral unit (shown in Figure 1-4) offers similar capabilities to RMB-1 in a chassis that is sized to be easily mounted in a standard 19-inch, 21-inch, or 23- inch rack. RMB-2 s digital bistate inputs support both wet and dry contacts, while RMB-1 s digital bistate inputs support dry contacts only. Figure 1-4 RMB-2 Peripheral Unit For technical specifications on RMB-1 and RMB-2 and for details on physically connecting to RMB terminals, see the Remote RMM-1400 Installation Guide. 1-6

21 2 Getting Started This chapter provides information on getting started with Remote RMM It includes step-bystep scenarios on how to access the CLI, set up the initial configuration and access the Web interface. Guide to this Chapter Accessing the CLI Using a Local Connection Setting Up the Initial Remote RMM-1400 Configuration Accessing the CLI Using a Remote Connection Accessing the Web Interface 2-1

22 Getting Started: Accessing the CLI Using a Local Connection Accessing the CLI Using a Local Connection In this scenario, you will: Connect and log into Remote RMM-1400 locally (optional) Access help information Note: When a new Remote RMM-1400 is booted for the first time, it does not have a configured IP address. As a result, the initial configuration for Remote RMM-1400 must be performed onsite. For information about configuring an IP address for remote logins, refer to Setting Up the Initial Remote RMM Configuration on page 2-4. To access the CLI using a local connection: 1. If you haven t already done so, install Kentrox Redirect software on your laptop or PC. When the installation is complete, Kentrox Redirect and Kentrox Kickstart icons appear on your desktop. 2. Use a standard CAT5 Ethernet cable (such as Kentrox part number CAB182-10) to connect the PC or laptop to an Ethernet port on Remote RMM Launch Kentrox Kickstart. Kickstart discovers the Remote RMM-1400 device, as shown below. Note: If the Remote RMM-1400 device is not discovered within one minute, select Help > About in Kentrox Kickstart, then click the Network Troubleshooting Guide link for instructions. 4. Click Telnet Terminal (or select Tools > Telnet Terminal). A Telnet window opens, displaying the Remote RMM-1400 login prompt. 5. At the login prompt, enter your user name: admin 2-2

23 Getting Started: Accessing the CLI Using a Local Connection 6. At the password prompt, enter your password: password Notes: Passwords are case-sensitive. admin is the default user name and password is the default password. Remote RMM-1400 allows you to log in only five times using the default password. On your sixth login, Remote RMM-1400 will prompt you to change the default password to a new password. The main CLI prompt appears. / / \ _ \ / \ \ \ / / / / \ \ (_) -- \ \/ / ( \ \ _ / ( ) ) ( \ \ \ \ \ -- / /\ \ _ \_\ _ \_ _ _ \_\ \ / /_/ \_\ RMM-1400 login: admin Password: You have 4 grace logins remaining using the default user password. (Kentrox)> 7. (optional) Access help information: help or? Note: For more information on using the CLI, refer to section CLI Overview in the Remote RMM-1400 Command Reference Guide. 2-3

24 Getting Started: Setting Up the Initial Remote RMM-1400 Configuration Setting Up the Initial Remote RMM-1400 Configuration In this scenario, you will: Configure a new user with a supervisor profile Configure the login banner Configure a CLI session timeout Configure a hostname Configure an IP address for remote logins Configure a default route (gateway) Configure the remote access protocol to accept Telnet and FTP connections To set up the initial Remote RMM-1400 configuration: 1. At the main prompt, add user janedoe and assign the supervisor profile: config users add janedoe supervisor 2. At the password prompt, enter the password mypassword. For security purposes, the characters that you enter do not display, but appear as asterisks as shown below: ********** 3. When prompted to confirm, re-enter the password. Again, the characters that you enter appear as asterisks: ********** 4. Configure a banner with # as the delimiting character: config banner # The following message appears: Enter the banner text. End the banner with a # character. 5. Configure the banner with display text This is my banner and the current date and time: This is my banner. \d \t # The prompt re-appears. 2-4

25 Getting Started: Setting Up the Initial Remote RMM-1400 Configuration 6. Configure the CLI session timeout as 20 minutes: config timeout Configure the host name as Dub: config hostname Dub 8. Configure IP address. Note: The Remote RMM-1400 supports IPv4 and IPv6 and provides the ability to configure both IP protocols at the same time. Refer to Chapter 5: Configuring Network Setup Parameters for more information on how to configure an IPv6 address. For this scenario, use IP address and subnet mask : config interface bridge switch ip address Note: The bridge switch interface forwards IP packets to the switched Ethernet ports. You must assign an IP address to allow remote access to Remote RMM This IP address is the primary Remote RMM-1400 IP address. 9. Add a default route with gateway address : config ip route default Configure the remote access protocol as telnet-ftp. config remote-access telnet-ftp enable Note: Additional remote access protocols supported include SSH-SFTP, HTTP and HTTPS. Refer to the remote access configuration commands in the Remote RMM-1400 Command Reference Guide for more information. 2-5

26 Getting Started: Setting Up the Initial Remote RMM-1400 Configuration 11. (optional) Verify that the user environment has been set up properly: running-config The command response similar to the following displays: (Dub)>running-config # Product: Remote RMM-1400 # Version: 2.00 # Created: ,12:52:06.0,-05:00 # User: janedoe # Bootloader Version: 1.00 config banner # This is my banner. \d \t # config hostname Dub config ip route default config timeout 20 config users add janedoe supervisor -e$1$kwade3g5$ozzeyqxk1cqloyvm8/5pu. -e$1$kw ade3g5$ozzeyqxk1cqloyvm8/5pu. config interface bridge switch ip address /16 (Dub)> Notes: The preceding example was obtained using a supervisor profile, which displays the entire configuration; users with management and status profiles can view limited configuration data. The -e preceding the encrypted text indicates that the password and password confirmation have been encrypted. 12. Save the configuration. (Refer to Saving the Running Configuration on page 4-2.) 2-6

27 Getting Started: Accessing the CLI Using a Remote Connection Accessing the CLI Using a Remote Connection In this scenario, you will connect and log into Remote RMM-1400 remotely using either a Telnet or an SSH connection. Note: You can also connect remotely to Remote RMM-1400 using the HTTP or HTTPS protocols. To access the CLI using a remote connection: 1. Use a PC or laptop with terminal emulation software to connect to Remote RMM For information on operating your particular terminal emulation software, refer to the documentation provided with the program. 2. Set up your terminal emulation software to connect using either a Telnet or an SSH connection. Notes: Individual procedures for making this connection will vary based on the type of software you are using. To log into Remote RMM-1400 via SSH, you must execute command config remote-access ssh-sftp enable 3. Enter the IP address of the Remote RMM-1400 to which you want to connect. 4. At the login prompt, enter your user name: janedoe 5. At the password prompt, enter your password: mypassword Notes: Passwords are case-sensitive. admin is the default user name and password is the default password. Remote RMM-1400 lets you log in only five times using the default password. On your sixth login, Remote RMM-1400 will prompt you to change the default password to a new password. 2-7

28 Getting Started: Accessing the Web Interface Accessing the Web Interface From the Remote RMM-1400 Web interface, you can perform the following functions: Enable/disable alarm test mode Save, restore or erase system configuration View system log Manage jobs, packages and scripts Display system information including version number Before you can access the Remote RMM-1400 Web interface you must: Enable the remote access protocol (either HTTP or HTTPS). Configure the IP address. For more information, refer to Setting Up the Initial Remote RMM-1400 Configuration on page 2-4. Important: If using the HTTPS protocol and accessing the Web interface for the first time, an error page will display indicating that there is a problem with the website's security certificate. Click Continue to this website to accept the security certificate and continue with the acceptance options as prompted. In this scenario, you will: Enable remote access (either HTTP or HTTPS). Open a Web browser and access Remote RMM-1400 using a specific IP address. To access the Remote RMM-1400 Web interface: 1. Open a Web browser. 2. In the URL address field, enter the Remote RMM-1400 IP address: The login window appears. 3. Enter your user name: janedoe 2-8

29 Getting Started: Accessing the Web Interface 4. Enter your password: mypassword The Web interface opens to the Home page as shown in Figure To display the system information, click the System button on the left side of the screen, or click the System Info link. Figure 2-1 Remote RMM-1400 Web Interface Home Page 2-9

30 Getting Started: Accessing the Web Interface 2-10

31 3 Configuring Users in the CLI This chapter provides step-by-step scenarios on how to configure users. Guide to this Chapter Adding a New User Enabling the Strong Password Feature Changing a User Password Deleting a User Creating a Custom Profile 3-1

32 Configuring Users in the CLI: Adding a New User Adding a New User In this scenario, you will add a new user. To add a new user: 1. At the main prompt, add a new user with user name johndoe and assign profile status: config users add johndoe status 2. At the password prompt, enter the new password. Note that the characters that you enter do not display, but appear as asterisks: ********** 3. When prompted to confirm, enter the same password. Again, the characters that you enter appear as asterisks: ********** Notes: User names and passwords are case-sensitive. Available profiles are status, management, supervisor and restricted. For more information on these profiles, refer to the Remote RMM-1400 Command Reference Guide. 4. (optional) Verify that the new user has been added properly: show users The command response similar to the following displays: (Dub)>show users Login Name Profile 1. janedoe supervisor 2. johndoe status 3. test supervisor (Dub)> 5. Save the configuration. 3-2

33 Configuring Users in the CLI: Enabling the Strong Password Feature Enabling the Strong Password Feature The strong password is an optional security feature that enforces additional validations on new or changed user passwords. The password validations apply to passwords entered for local users only. The strong password feature is disabled by default. In this scenario, you will: Enable the strong password feature. Change an existing user password. To enable the strong password feature: 1. At the main prompt, enable the strong password: config users strong-password enable 2. (optional) Verify that the strong-password feature is enabled: show users The command response similar to the following displays: (Dub)>show users Strong Password Support: enabled Login Name Profile 1. bob restricted 2. ebh restricted 3. jeff status 4. tech management 5. test supervisor (Dub)> 3. Change the existing password for user ebh. The following example shows the additional restrictions of the strong password feature. (Dub)>config users password ebh Please enter the new password. ******** Please confirm the new password. ******** [ATHM0029] Password must contain at least one character from three of the following types: upper-case, lower-case, numerical and special punctuation. (Dub)>config users password ebh Please enter the new password. ********* Please confirm the new password. ********* (Dub)> 3-3

34 Configuring Users in the CLI: Changing a User Password Changing a User Password In this scenario, you will change the password for an existing user. To change a user password: 1. At the main prompt, change the password for user johndoe to oldguy: config users password johndoe The following message displays: Please enter the new password. 2. Enter the new password: oldguy Note: Passwords are case-sensitive and appear as asterisks (*) on the screen as you type them. The following message displays: Please confirm the new password. 3. Re-enter the new password. oldguy Note: Passwords always appear in an encrypted format within the system. There is no way to verify that the user password has been changed. 4. Save the configuration. 3-4

35 Configuring Users in the CLI: Deleting a User Deleting a User In this scenario, you will delete a user. To delete a user: 1. At the main prompt, delete user johndoe: config users delete johndoe 2. (optional) Verify that the user has been deleted properly: show users The command response similar to the following displays: (Dub)>show users Login Name Profile 1. janedoe supervisor 2. test supervisor (Dub)> Note: If the user has been deleted, it will no longer appear in the list of users. 3. Save the configuration. 3-5

36 Configuring Users in the CLI: Creating a Custom Profile Creating a Custom Profile In this scenario, you will: Create a custom user profile to include and exclude specific command sets (IDs) for that profile. Add a user to the newly created custom profile. To configure a custom profile: 1. At the main prompt, configure a new profile with the name tech and privilege level 5 (status): config profile tech priv-lvl 5 2. Configure the base type for the new tech profile as status: config profile tech copy status 3. Include the command sets /config/controller/eth (config controller ethernet) and /config/interface/eth (config interface ethernet) in the tech profile: config profile tech include /config/controller/eth config profile tech include /config/interface/eth Note: For a list of valid command identifications, see Appendix A : Command Identifications. 4. Exclude the command set /show/resource-tracking from the tech profile: config profile tech exclude /show/resource-tracking 5. Add user ebh to the newly created tech profile with password technician: config users add ebh tech technician technician 6. (optional) Verify that the custom profile has been configured properly: show profile tech The command response similar to the following displays: (Dub)>show profile tech Name: tech Base Type: status Privilege Level: 5 Command ID /config/controller/eth /config/interface/eth /show/resource-tracking (Dub)> Action include include exclude 7. (Optional) Save the configuration. 3-6

37 4 Saving and Applying Configurations This chapter provides information on saving and applying configurations. Guide to this Chapter Saving the Running Configuration Applying Configuration Fragments to an Existing Configuration File Restoring Factory Defaults Restoring Basic Network Settings 4-1

38 Saving and Applying Configurations: Saving the Running Configuration Saving the Running Configuration In this scenario, you will save the running configuration. Note: You should save the configuration each time you make a change that you want to keep. If you reset Remote RMM-1400 without first saving the configuration, any unsaved changes will be lost. To save the configuration, copy the running configuration to the startup configuration: copy running-config startup-config You can also save the running configuration from the Remote RMM-1400 Web interface as follows: 1. Click the Configuration button on the left side of the screen or Configuration from the Main Menu. 2. In the Save section of the screen, click one of the three options and make the appropriate selection or entry as required. 3. Click the Save link. The screen refreshes and confirms your selection. See Accessing the Web Interface on page 2-8 for details. 4-2

39 Saving and Applying Configurations: Applying Configuration Fragments to an Existing Configuration File Applying Configuration Fragments to an Existing Configuration File In this scenario, you will apply a configuration fragment (patch file) to an existing configuration file. This feature lets you apply a group of configuration commands without individually entering each one in the CLI. Patch files are transferred to their own directory on Remote RMM-1400 (/config/patches) with an FTP utility. Once a patch file is in this directory, the user can show, copy, or erase it using the existing CLI commands. Note: Patches are separated into supervisor and non-supervisor groups. A user with a supervisor profile can read, upload and apply supervisor patches only. Non-supervisor users have a separate set of patches to read, upload and apply. Remote checks user permissions to ensure appropriate safeguards for uploading and applying all patch files. Important: Before you begin this procedure, you must obtain or create a configuration patch file with a.pat extension. Files without this extension cannot be saved in the patch file directory. The patch file cannot have the same name as any configuration file already loaded on Remote RMM To apply a configuration fragment to an existing configuration file: 1. Using an FTP utility, transfer the patch file (patch1.pat) to Remote RMM-1400 directory /config/patches. 2. At the CLI prompt, apply patch file patch1 to file running-config: config apply-patch patch1 running-config The individual command lines are displayed as the patch file is applied: (Dub)>config apply-patch patch1 running-config config users add manager1 manage test test config no timeout config ntp disable config clock daylight-savings DST (Dub)> 4-3

40 Saving and Applying Configurations: Restoring Factory Defaults Restoring Factory Defaults In this scenario, you will restore Remote RMM-1400 s factory default settings. Important: When you copy the factory configuration to the running configuration, all configured settings are removed. You need a console port connection to re-establish communications with Remote RMM To restore the factory default settings, copy the factory configuration to the running configuration: copy factory-config running-config 4-4

41 Saving and Applying Configurations: Restoring Basic Network Settings Restoring Basic Network Settings In this scenario, you will restore Remote RMM-1400 s basic network settings. These settings are entered in the initsetup wizard. The running-config file is now automatically saved to a network-recovery file when the you run the initsetup wizard and apply the output to the running-config file. If the running configuration is lost, users can save file network-recovery to file running-config to restore the initial system configuration. Note: For more information on the initsetup wizard, refer to Using the initsetup Wizard on page To restore the basic network settings, copy the network recovery file to the running configuration: copy network-recovery running-config You can also restore the network settings from the Remote Web interface as follows: 1. Click the Configuration button on the left side of the screen or Configuration from the Main Menu. 2. In the Restore section of the screen, click From backup file:, then select network-recovery from the drop-down menu. 3. Click the Restore link. The screen refreshes and confirms your selection. See Accessing the Web Interface on page 2-8 for details. 4-5

42 Saving and Applying Configurations: Restoring Basic Network Settings 4-6

43 5 Configuring Network Setup Parameters This chapter provides step-by-step scenarios on how to configure network setup parameters for Remote RMM Guide to this Chapter Configuring the Domain Name, DNS Servers and IP Forwarding Configuring an IPv6 Address Configuring NTP Configuring System Clock Settings Configuring Custom System Clock Settings Configuring a Timezone Definition File Configuring RAS Settings Configuring SNMP 5-1

44 Configuring Network Setup Parameters: Configuring the Domain Name, DNS Servers and IP Forwarding Configuring the Domain Name, DNS Servers and IP Forwarding In this scenario, you will: Configure a domain name Configure a primary and secondary DNS server Enable IP forwarding To configure the IP settings: 1. At the main prompt, configure domain name config ip domain-name 2. Configure the primary DNS server with IP address : config ip name-server Configure the secondary DNS server with IP address : config ip name-server Enable IP forwarding: config ip forward 5-2

45 Configuring Network Setup Parameters: Configuring the Domain Name, DNS Servers and IP Forwarding 5. (optional) Verify that the IP settings have been configured properly: running-config The command response appears similar to the following display: (Dub)>running-config # Product: Remote RMM-1400 # Version: 2.00 # Created: ,16:46:13.0,+0000 # User: janedoe # Bootloader Version: 1.00 config banner # This is my banner. \d \t # config hostname Dub config ip domain-name config ip forward config ip name-server config ip name-server config ip route default config timeout 20 config users add janedoe supervisor -e$1$kwade3g5$ozzeyqxk1cqloyvm8/5pu. -e$1$kw ade3g5$ozzeyqxk1cqloyvm8/5pu. config interface bridge switch ip address /16 (Dub)> Tip: You can also use the show ip domain-name, show ip forward and show ip name-server commands to verify the individual IP configurations. 6. Save the configuration. 5-3

46 Configuring Network Setup Parameters: Configuring an IPv6 Address Configuring an IPv6 Address In this scenario, you will configure an IPv6 address. To configure an IPv6 address: 1. Configure interface bridge switch IPv6 address fd10::39:0:0:100/64 config interface bridge switch ipv6 address fd10::39:0:0:100/64 Note: If an IPv6 router is advertising itself on the network and IPv6 is enabled on the interface, the Remote RMM-1400 may acquire an IPv6 address from the router in addition to the address configured. 2. (Optional) Verify that the interface bridge switch has been configured properly with the IPv6 address: show interfaces bridge Note: The command response will also contain the link-local IPv6 address. The command response similar to the following displays: (Dub)>show interfaces bridge bridge switch system-name=br_switch status=enabled link-state=up address= /16 link-local-address= /16 ipv6 admin-state=enabled oper-state=enabled address=fc10::39:240:72ff:fe0e:678d/64 valid= sec preferred=604793sec dynamic address=fd10::39:0:0:100/64 valid=forever preferred=forever address=fd::39:0:0:100/64 valid=forever preferred=forever address=fe80::240:72ff:fe0e:678d/64 valid=forever preferred=forever (Dub)> 3. Save the configuration. 5-4

47 Configuring Network Setup Parameters: Configuring NTP Configuring NTP In this scenario, you will: Configure a primary and secondary NTP server Configure a minimum and maximum NTP polling interval Enable NTP To configure system clock parameters using the common clock time maintained by the Remote RMM-1400 NTP server: 1. At the main prompt, configure the preferred NTP server with IP address : config ntp server Tip: The first server configured becomes the preferred server and the second server configured becomes the secondary server, unless indicated otherwise by entering prefer as in step Configure the second NTP server with IP address and set it as the preferred server: config ntp server prefer 3. Define the minimum NTP polling interval as 7 (128 seconds) and maximum NTP polling interval as 12 (4096 seconds): config ntp poll-interval 7 12 Tip: The value for the interval is 2 raised to the power of the value entered. 4. Enable NTP on Remote RMM-1400: config ntp enable 5-5

48 Configuring Network Setup Parameters: Configuring NTP 5. (optional) Verify that the clock parameters have been configured properly: running-config The command response similar to the following displays: (Dub)>running-config # Product: Remote RMM-1400 # Version: 2.00 # Created: ,16:46:13.0,+0000 # User: janedoe # Bootloader Version: 1.00 config banner # This is my banner. \d \t # config hostname Dub config ip domain-name config ip forward config ip name-server config ip name-server config ip route default config ntp enable config ntp poll-interval 7 12 config ntp server prefer config ntp server config timeout 20 config users add janedoe supervisor -e$1$kwade3g5$ozzeyqxk1cqloyvm8/5pu. -e$1$kw ade3g5$ozzeyqxk1cqloyvm8/5pu. config interface bridge switch ip address /16 (Dub)> Tip: You can also use the show ntp command to verify the NTP configuration. 6. Save the configuration. 5-6

49 Configuring Network Setup Parameters: Configuring System Clock Settings Configuring System Clock Settings Remote RMM-1400 lets you configure timezones and daylight savings rules for any location. Three methods are available for configuring timezone and daylight savings settings: Configure a timezone and use the default daylight savings settings. See Configuring Default Settings for details. Configure a timezone and define custom daylight savings settings. See Configuring Custom System Clock Settings for details. Apply daylight savings rules from a timezone definition file. See Configuring a Timezone Definition File for details. Each method has a specific format for configuring a timezone. Depending upon the format used, the daylight savings command will have different usages. Configuring Default Settings In this scenario, you will: Configure the timezone in default mode Enable daylight savings default parameters Configure the local time and date Important: You must disable NTP before you can configure the Remote RMM-1400 system clock locally. 1. At the config clock prompt, configure the timezone as EST with an offset of -5:00. This puts the daylight savings configuration into default mode: config clock timezone EST -5:00 2. Enable U.S. daylight savings rules and configure the name that displays when daylight savings time is in effect: config clock daylight-savings EDT 3. Configure the local time as 11:22:30 and the local date as 01/20/2010: config clock local-time 11:22:30 01/20/

50 Configuring Network Setup Parameters: Configuring System Clock Settings 4. (optional) Verify that the clock parameters have been configured properly: show clock The command response appears similar to the following display: (Dub)>show clock Wed Jan 20 11:22:30 EDT 2010 Uptime 4 days, 0:17 The timezone is named EST and has an offset of -05:00 GMT. Daylight savings time is named EDT and using default U.S rules. Log timestamps are using GMT. (Dub)> Tip: In the command response for show clock, the name assigned to indicate that daylight savings is enabled will appear in the timestamp during daylight savings. After daylight savings, the name of the configured timezone will appear in the timestamp. 5. Save the configuration. Configuring Custom System Clock Settings If you configure the timezone in custom mode, you can use subcommands to customize the daylight savings parameters. In this scenario, you will: Configure the timezone in custom mode Enable daylight savings in custom mode Configure custom daylight savings time parameters Important: You must disable NTP before you can configure the Remote RMM-1400 system clock locally. 1. At the config clock prompt, configure the timezone as EST with an offset of -5:00 and set the daylight savings configuration in the custom mode: config clock timezone custom EST -5:00 5-8

51 Configuring Network Setup Parameters: Configuring System Clock Settings 2. Set the following custom daylight savings time parameters: (Dub)>config (Dub) config>clock (Dub) config clock>daylight-savings (Dub) config clock daylight-savings ->indicator EDT (Dub) config clock daylight-savings ->start-month march (Dub) config clock daylight-savings ->start-day 23 (Dub) config clock daylight-savings ->start-time 01:00:00 (Dub) config clock daylight-savings ->end-month november (Dub) config clock daylight-savings ->end-time 02:00:00 (Dub) config clock daylight-savings ->save-amount 01:45:00 (Dub) config clock daylight-savings -> 3. (optional) Verify that the clock parameters have been configured properly: show clock The command response appears similar to the following display: (Dub)>show (Dub) show>clock Fri Feb 12 14:18:24 EST 2010 Uptime 9 days, 17:48 The timezone is named EST and has an offset of -05:00 GMT. Daylight savings time is named EDT and using custom rules: Starts on 23 of March at 01:00:00, saving 01:45:00. Ends on 23 of November at 02:00:00. Log timestamps are using GMT. (Dub) show> 4. Save the configuration. 5-9

52 Configuring Network Setup Parameters: Configuring System Clock Settings Configuring a Timezone Definition File You can load and apply daylight savings rules to your system from a timezone definition file. A timezone definition file is derived from the public domain timezone database and consists of: Zone entries, which identify the available timezones with their GMT offsets and any applicable rules Rules, which define valid date and time ranges and the amount of time saved. In this scenario, you will: Install the timezone definition file Apply daylight savings rules from the timezone definition file 1. To install a timezone definition file, establish an FTP connection into the system and upload the definition file from your local workstation. A new directory will be added under the config directory with a single file named timezones.def. 2. At the config clock prompt, apply the installed timezone definition file: config clock timezone from-file EST 3. (optional) Verify that the clock parameters have been configured properly: show clock The command response appears similar to the following display: (Dub)>show (Dub) show>clock Wed Jan 20 11:22:30 EDT 2010 Uptime 4 days, 0:17 The timezone is named EST and has an offset of -05:00 GMT. Daylight savings time is currently active and is saving 01:00. These settings were loaded from the timezone definition file. (Dub) show> 4. Save the configuration. 5-10

53 Configuring Network Setup Parameters: Configuring RAS Settings Configuring RAS Settings In this scenario, you will: Configure the RAS server type Configure the RAS server address and settings Enable RAS accounting Configure the RAS authorization mode Configure the number of times Remote RMM-1400 attempts to connect to the RAS server Configure the RAS timeout period for a remote authentication attempt To configure RAS settings: 1. At the main prompt, configure the RAS server type as tacacs+ with fallback enabled: config ras shell tacacs+ fallback Note: A message displays indicating that the shell type configuration will not take effect until the server is configured. 2. Configure the primary RAS server with the following settings: IP address Port 100 Secret tserver1 Phases accounting, authentication and authorization: config ras server port 100 config ras server secret tserver1 config ras server phase accounting authentication authorization 3. Enable RAS accounting: config ras accounting enable 4. Configure privilege level RAS authorization: config ras authorization privilege Note: RAS accounting and authorization take effect only when TACACS+ is configured as the server type. 5-11

54 Configuring Network Setup Parameters: Configuring RAS Settings 5. Configure Remote RMM-1400 to make 5 connection attempts to the RAS server before failing: config ras retry 5 6. Configure how long Remote RMM-1400 waits for a response from the RAS server before falling back on local authentication: config ras timeout (optional) Verify that the remote authentication settings have been configured properly: show ras The command response similar to the following displays: (Dub)>show ras Shell RAS option: TACACS+ with Local Fallback RAS Accounting: enabled RAS Authorization: privilege RAS Retry: 5 RAS Timeout: 30 RAS Servers IP Port Secret Phases tserver1 authen author account (Dub)> 8. Save the configuration. 5-12

55 Configuring Network Setup Parameters: Configuring SNMP Configuring SNMP In this scenario, you will: Configure an SNMP version 1 community string Configure an IPv4 SNMP management station Configure an IPv6 SNMP management station for version 2 inform requests Enable authentication trap transfer Enable the SNMP trap queue Configure the priority level on a trap OID Note: This scenario applies only when an SNMP management system is used to manage Remote RMM Note: The following management information bases (MIBs) are available for Remote RMM-1400: aiidefs.mib aimediationv2.mib aiperiphdiscrete.mib aiperipheral.mib aisyscfg.mib aisyscfgconfig.mib aisystem.mib aisysteminv.mib airosetta.mib ktxmeasurement.mib To access the available MIBs for Remote RMM-1400, go to: To configure SNMP: 1. At the main prompt, configure an SNMP version 1 community string named newadministrator and assign read-only access to objects in the MIB: config snmp community public v1 readonly 5-13

56 Configuring Network Setup Parameters: Configuring SNMP 2. Configure a management station with IPv4 address , port number 162 and community string public for sending SNMP traps: config snmp host public v1 3. Configure an IPv6 management station for version 2 inform requests: config snmp host fd10::39:0:0: public v2-inform 4. Enable the sending of authentication traps: config snmp auth-trap enable 5. Enable the SNMP trap queue: config snmp trap-queue enable Notes: The queuing state occurs on an SNMP host when a ping fails and traps are waiting to be sent. The sending state occurs on an SNMP host for all other conditions related to trap queuing. Trap queuing is always enabled for v2-inform type hosts, however ping is not used. Instead, the oldest request in the queue is retried until a response is received. 6. Assign a high priority for a linkdown trap with OID : config snmp trap-queue priority high 7. (optional) Verify that SNMP has been configured properly: show snmp summary The command response similar to the following displays: verify the response (Dub)>show snmp summary Authentication traps: enabled Trap queue: enabled Communities: Name User Type Auth Mode administrator v1 noauth readwrite public v1 noauth readonly V3 Users: Username Auth Priv Hosts: IP Address Port Type Auth Community/User Queue v1 noauth public sending fd10::39:0:0: v2-inform noauth public sending Priority: Trap OID Priority high (Dub)> 8. Save the configuration. 5-14

57 Configuring Network Setup Parameters: Configuring SNMP In this scenario, you will: Configure an SNMP version 3 user Configure an SNMP v3 community Configure an SNMP v3 host 1. At the main prompt, configure a v3 user (eric) with md5 authentication (passphrase: ericauthphrase) and des encryption (passphrase: ericprivphrase): config snmp user eric md5 ericauthphrase des ericprivphrase 2. Configure a community (dublinusers)with a v3 user (eric) that has authentication and encryption (priv) with read and write access (readwrite): config snmp community dublinusers v3 user eric priv readwrite 3. Configure a host with the ip address of , port number 2, user name eric, community type v3, with authentication (auth) but no encryption: config snmp host eric v3 auth 4. (optional) Verify that SNMP has been configured properly: show snmp summary The command response similar to the following displays: (Dub)>show snmp summary Authentication traps: enabled Trap queue: disabled Communities: Name User Type Auth Mode administrator v1 noauth readwrite dublinusers eric v3 priv readwrite public v1 noauth readonly v3comm v3user v3 priv readwrite V3 Users: Username Auth Priv eric md5 des v3user md5 aes-128 Hosts: IP Address Port Type Auth Community/User Queue v1 noauth administrator sending v3 auth eric sending Priority: Trap OID Priority (Dub)> 5-15

58 Configuring Network Setup Parameters: Configuring SNMP 5-16

59 6 Understanding Controllers and Interfaces This chapter provides information about controllers and interfaces and how they operate on Remote RMM Guide to this Chapter Controller Descriptions Interface Descriptions 6-1

60 Understanding Controllers and Interfaces: Controller Descriptions Controller Descriptions A controller is a software object on Remote RMM-1400 that serves as a destination for a data bit stream. There are four types of controllers that can be configured in the Remote RMM-1400 CLI: Bridge Controllers Ethernet Controllers OpenVPN Controllers Serial Controllers Bridge Controllers There is only one bridge controller on Remote RMM The controller is named bridge switch because it is a bridge that (by default) includes all four of the Ethernet switch ports. Controller bridge switch can be configured to include or exclude individual Ethernet ports. This and the next section imply that Ethernet controllers are always on the bridge. Ethernet Controllers There are four Ethernet controllers on every Remote RMM-1400 model. They represent the four local switched Ethernet ports and can be included or excluded on the bridge controller. The Remote RMM-1400 supports up to 12 optional RME-E8 expansion cards. The RME-E8 ports are automatically included on the bridge controller with the on-board Ethernet ports. The RME-E8 ports cannot be excluded from the bridge controller but they can be disabled. Each individual controller on the RME-E8 can be enabled or disabled. Disabled ports are unable to carry traffic preventing unauthorized access to the network. Each controller is set to enable by default and can be managed separately. The controllers are created when the RME-E8 peripheral type is configured on a unit and removed when the type is removed. The controllers have a limited set of configuration options compared to on-board Ethernet controllers. OpenVPN Controllers OpenVPN controllers use the OpenVPN software package to manage VPN connections. The Remote RMM-1400 OpenVPN controllers can be configured for either client mode or site-server mode. An OpenVPN controller in the client mode is used to establish a VPN connection between a Remote RMM-1400 client and the Connect SCS server. This VPN connection provides a secure link between remote sites and the protected customer management network. 6-2

61 Understanding Controllers and Interfaces: Interface Descriptions An OpenVPN controller in the site-server mode establishes a VPN connection between a technician's laptop running the Kentrox Redirect application and a Remote RMM This VPN connection provides a secure link for accessing network elements at a remote site from the technician's laptop. Serial Controllers Remote RMM-1400 has four asynchronous serial controllers. In addition, Remote RMM-1400 can be equipped with an EvDO or UMTS phone module. The phone is identified as serial modem. Interface Descriptions An interface is an entity to which you can route IP packets. Interfaces must be associated with controllers, which may be underlying physical ports. There are four types of interfaces that can be configured in the Remote RMM-1400 CLI: Bridge Interfaces Ethernet Interfaces OpenVPN Interfaces Serial Interfaces Bridge Interfaces The bridge interface works in conjunction with the bridge controller switch. It is used to bridge Ethernet ports and initially includes the four switched Ethernet ports. An IP address can be assigned to the bridge switch interface, providing a mechanism to route IP packets to the four switched Ethernet ports on Remote RMM The IP address assigned to the bridge interface is Remote RMM-1400 s primary IP address. For more information, refer to Setting Up the Initial Remote RMM-1400 Configuration on page 2-4. Ethernet Interfaces Ethernet interfaces are individually configurable on Remote RMM-1400, allowing you to set them up with static routes. By default, Ethernet interfaces are part of the bridge switch. To configure an Ethernet interface with its own IP address, you must first remove it from the bridge switch with the command: config controller ethernet port no bridge Refer to the Remote RMM-1400 Command Reference Guide for details on using this command. 6-3

62 Understanding Controllers and Interfaces: Interface Descriptions OpenVPN Interfaces Like Ethernet interfaces, OpenVPN interfaces are individually configurable on Remote RMM This capability lets users set them up with static routes. The OpenVPN interface can be associated with two types of OpenVPN controller modes, client and site-server. Serial Interfaces Interfaces are not configurable for Remote RMM-1400 s four asynchronous serial ports. However, an interface can be configured for the wireless phone module (serial modem). The modem interface works in conjunction with the serial controller connected to the wireless modem. By configuring an IP address for the modem interface, IP packets can be routed through the modem. 6-4

63 7 Configuring Static Routes This chapter provides step-by-step scenarios on how to configure static routes in the IP routing table. Guide to this Chapter Adding an IPv4 Static Route to the IP Routing Table Adding a Default IPv4 Static Route to the IP Routing Table Adding an IPv6 Static Route to the IP Routing Table Adding a Default IPv6 Static Route to the IP Routing Table 7-1

64 Configuring Static Routes: Adding an IPv4 Static Route to the IP Routing Table Adding an IPv4 Static Route to the IP Routing Table In this scenario, you will add an IPv4 static route to the IP routing table. To add an IPv4 static route to the IP routing table: 1. At the main prompt, add an IPv4 static route with destination address , subnet mask length 16 and gateway address : config ip route / (optional) Verify that the IPv4 static route has been added properly: show ip route The command response similar to the following displays: (Dub)>show ip route Destination Gateway Interface Flags / bridge switch Up / * Reject Up / lo Host Up / bridge switch Up (Dub)> 3. Save the configuration. 7-2

65 Configuring Static Routes: Adding a Default IPv4 Static Route to the IP Routing Table Adding a Default IPv4 Static Route to the IP Routing Table In this scenario, you will add a default IPv4 static route to the IP routing table. To add a default IPv4 static route to the IP routing table: 1. At the main prompt, add the default IPv4 static route with gateway address : config ip route default (optional) Verify the default static route has been added properly: show ip route The command response similar to the following displays: (Dub)>show ip route Destination Gateway Interface Flags / openvpn client Up / bridge switch Up / * Reject Up / lo Up Host / bridge switch Up / serial wan/1 Up Host (Dub)> 3. Save the configuration. 7-3

66 Configuring Static Routes: Adding an IPv6 Static Route to the IP Routing Table Adding an IPv6 Static Route to the IP Routing Table In this scenario, you will add an IPv6 static route to the IP routing table. To add an IPv6 static route to the IP routing table: 1. At the main prompt, add an IPv6 static route with destination address fd11:0:0:40::, subnet mask length 64 and gateway address fd10::39:0:0:0:1: config ip route-v6 fd11:0:0:40::/64 fd10::39:0:0:1:1 2. (optional) Verify that the IPv6 static route has been added properly: show ip route The command response similar to the following displays: (Dub)>show ip route Destination Gateway Interface Flags / bridge switch Up / bridge switch Up / * Up Reject / lo Up Host / bridge switch Up fc10:0:0:39::/64 :: bridge switch Up fd10:0:0:39::/64 :: bridge switch Up fd11:0:0:40::/64 fd10::39:0:0:1:1 bridge switch Up fe80::/64 :: bridge switch Up ff00::/8 :: bridge switch Up ff02::fb/128 ff02::fb bridge switch Up ff02::1:ffcb:4e8b/128 ff02::1:ffcb:4e8b bridge switch Up (Dub)> 3. Save the configuration. 7-4

67 Configuring Static Routes: Adding a Default IPv6 Static Route to the IP Routing Table Adding a Default IPv6 Static Route to the IP Routing Table In this scenario, you will add a default IPv6 static route to the IP routing table. To add a default IPv6 static route to the IP routing table: 1. At the main prompt, add the default static route with an IPv6 address fd10::39:0:0:1 config ip route-v6 default fd10::39:0:0:1 2. (optional) Verify the default IPv6 static route has been properly added: show ip route The command response similar to the following displays: (Dub)>show ip route Destination Gateway Interface Flags / bridge switch Up / bridge switch Up / * Up Reject / lo Up Host / bridge switch Up / openvpn site Up Host / openvpn site Up / lo Up Host default fe80::e611:5bff:fecb:4e8b bridge switch Up ::/0 fd10::39:0:0:1 bridge switch Up fc10:0:0:39::/64 :: bridge switch Up fd10::/64 :: bridge switch Up fe80::/64 :: bridge switch Up ff00::/8 :: bridge switch Up ff02::1/128 ff02::1 bridge switch Up (Dub)> Note: If an IPv6 router is advertising itself on the network and IPv6 is enabled on the interface, the Remote RMM-1400 route table may include a route which uses the router s link-local IPV6 address as the default IPv6 static route. 3. Save the configuration. 7-5

68 Configuring Static Routes: Adding a Default IPv6 Static Route to the IP Routing Table 7-6

69 8 Configuring a Wireless Network with Remote RMM-1400 This chapter provides information about configuring a wireless network with Remote RMM Guide to this Chapter Getting Started Sample Configuration Configuring the Wireless Modem Configuring the VPN 8-1

70 Configuring a Wireless Network with Remote RMM-1400: Getting Started Getting Started This section discusses the following topics: Wireless Network Overview Required Components Initial Setup Wireless Network Overview Remote RMM-1400 models can be equipped with EvDO or UMTS modules. These modules allow users to locate Remote RMM-1400s in areas that do not have traditional WAN connectivity. Additionally, Remote RMM-1400s located at cell sites do not require a dedicated T1/E1 channel for management. Full T1/E1 bandwidth is available for wireless customers and management data can be carried over the customer network. A wireless Remote RMM-1400 should appear as if it is a wired extension of the management network. The goal is to provide two-way, reliable connections with no restrictions on protocols over the network. The wireless Remote RMM-1400 communicates with the service provider s management network by delivering alarms to it. The management network tries to establish connections to Remote RMM-1400 or to network elements connected to the Remote RMM Required Components When operating in a wireless network, Remote RMM-1400 works in conjunction with the following Kentrox products: Connect SCS Connect SCS acts as the VPN server for Remote RMM For more information about Connect SCS, refer to the Connect SCS Configuration Guide. Director SCD Director SCD manages VPN clients and servers. It uses Director models and protocols to identify NEs as VPN clients or servers and manages associations between the clients and servers. Additionally, Director SCD manages client and server tokens. Note: A token is created by the SCD for each VPN client or server. The token must be installed on the client or server before it can connect to the VPN. The token is contained in a configuration bundle with a patch file for configuring the VPN. 8-2

71 Configuring a Wireless Network with Remote RMM-1400: Getting Started The Client OpenVPN controller on the Remote RMM-1400 uses OpenVPN software to establish the VPN between Connect SCS and Remote RMM SSL is used to manage the VPN connection and encrypted UDP packets are used for data transmission. Both the management and data traffic are passed as UDP packets on a single port and are able to travel through the customer s firewalls. The customers external firewall needs to open one port to the Connect SCS for all connected client network elements. Keep-alive packets are sent by both the Remote RMM-1400 and Connect SCS to detect connection failures and to keep an active firewall state. Initial Setup Users must set up the following configurations for Remote RMM-1400 to operate in a wireless network. To set up the initial configurations: 1. Connect to Remote RMM-1400, log into the CLI and run the initsetup wizard using command config use-wizard initsetup. 2. Configure the standard configuration parameters (such as users, SNMP, networking and time). 3. (optional) If the management network is available, then connect to it and run the Director SCD client application. Once the Director SCD client application is running, the technician must: Add Remote RMM-1400 as a new client Create an association between Remote RMM-1400 and the appropriate Connect SCS VPN server Generate a new token for Remote RMM (optional) If management network access is not available, then the technician must: Access the SCD client from a location that has network access. Add the Remote RMM-1400 to be installed Generate a new token Save the token as a file on the laptop Use a local Ethernet connection to the Remote RMM-1400 bridge to transfer the token via FTP/SFTP to file /config/openvpn/bundle/bundle.cfg on the Remote RMM Verify that Remote RMM-1400 is connected to the management network. 8-3

72 Configuring a Wireless Network with Remote RMM-1400: Sample Configuration Sample Configuration Figure 8-1 displays Remote RMM-1400 being used in a wireless network with Connect SCS, which acts as the VPN server and Director SCD, which manages the VPN client and server. Figure 8-1 Wireless Network Example Sections Configuring the Wireless Modem on page 8-5 and Configuring the VPN on page 8-8 provide procedures for making the above configurations on Remote RMM

73 Configuring a Wireless Network with Remote RMM-1400: Configuring the Wireless Modem Configuring the Wireless Modem Important: If you use the initsetup wizard to provision the wireless modem, then this procedure is unnecessary. Note: This procedure configures a UMTS wireless modem. The same procedure can be used to configure an EvDO wireless modem with the addition of the activation step (see note below). In this scenario, you will: Configure a description for the wireless modem Configure a connection string for the wireless modem Assign the wireless modem as a resource Configure the PPP encapsulation settings Configure the UMTS wireless modem interface Activate an EvDO wireless modem. To configure the UMTS wireless modem settings: 1. Configure description UMTS wireless modem for controller serial modem: config controller serial modem description UMTS wireless modem 2. Configure the modem serial controller s connection string as AT+CGDCONT=1, "IP", "i2gold" AT ATD*99***1#: config controller serial modem connect string AT+CGDCONT=1, "IP", "i2gold" AT ATD*99***1# 3. Assign controller serial modem as a resource: config controller serial modem assign Note: For an EvDO modem only, activate the network name: diag controller serial modem activate <network name> 8-5

74 Configuring a Wireless Network with Remote RMM-1400: Configuring the Wireless Modem 4. Configure the following ppp encapsulation settings: Remote method pap Remote username isp@providerx.com and password PROVIDER1 A default route that uses the same subnet as the corresponding interface Notes: This command overrides the default route assigned to Remote RMM via command config ip route default. PPP configured with the default route option and command config ip route default are mutually exclusive. You should not have both configured. PPP username and password may vary by wireless carrier. Consult your network provider for the proper identification information. Disabled LCP requests config controller serial modem encapsulation ppp config controller serial modem encapsulation ppp remote method pap config controller serial modem encapsulation ppp remote identity isp@providerx.com PROVIDER1 config controller serial modem encapsulation ppp defaultroute config controller serial modem encapsulation ppp lcp-requests disable 5. (optional) Verify that the UMTS serial controller has been configured properly: show controllers serial modem The command response similar to the following displays: (Dub)>show controllers serial modem serial modem status=enabled link-state=up encapsulation=ppp init-string=at+cgdcont=1, "IP", "i2gold" AT ATD*99***1# resource-state=assigned signal-strength=fair (-82 dbm) prl-version=51281 prl-size=5736 Next PRL update in: (unavailable) description=umts wireless modem ppp defaultroute=true local-method=none local-identity= remote-method=pap remote-identity=isp@providerx.com mru=1520 mtu=1520 lcp-requests=disabled (Dub)> 6. Enable interface serial modem: config interface serial modem enable Note: The IP address of the serial modem interface is assigned automatically by PPP. 8-6

75 Configuring a Wireless Network with Remote RMM-1400: Configuring the Wireless Modem 7. (optional) Verify that the UMTS serial interface has been configured properly: show interfaces serial modem The command response similar to the following displays: (Dub)>show interface serial modem serial modem name=serial modem system-name=ppp_umts status=enabled link-state=up address= pointopoint= Stats: Bytes Packets Errors Dropped Overrun Framing Rx Tx (Dub)> 8-7

76 Configuring a Wireless Network with Remote RMM-1400: Configuring the VPN Configuring the VPN Important: Most users will use the Director SCD extension to either configure the VPN, or to send a configuration bundle (containing the VPN configuration) to Remote RMM If you used one of these methods to configure the VPN, then you do not need to do this procedure. In this scenario, you will: Configure an OpenVPN controller Configure an OpenVPN interface To configure the VPN: 1. Enable OpenVPN controller client: config controller openvpn client enable 2. Configure encryption option aes-256 for OpenVPN controller client: config controller openvpn client cipher aes-256 Note: The cipher configured for Remote RMM-1400 must match what is configured on the Connect SCS. If there's a mismatch, the VPN will not be established. 3. Configure server IP address and port number 1194 for OpenVPN controller client: config controller openvpn client server (optional) Verify that the OpenVPN controller has been configured properly: show controllers openvpn The command response similar to the following displays: (Dub)>show controllers openvpn openvpn client system-name=ovpn_client status=enabled link-state=up hardware-address=00:ff:8c:a5:63:89 default-address=00:ff:8c:a5:63:89 mode=client server= :1194 cipher=aes-256 vpn-state=connected, Tue Feb 9 15:52:03 EST 2010 cert-subject=/o=ai/cn=vpn-client3 cert-validity-start=mon Sep 18 04:00:00 GMT 2006 cert-validity-end=sun Sep 18 04:00:00 GMT 2011 vpn-rx-bytes= vpn-tx-bytes= (Dub)> 8-8

77 Configuring a Wireless Network with Remote RMM-1400: Configuring the VPN 5. Configure IP address and subnet mask length 24 for OpenVPN interface client: config interface openvpn client ip address /24 The command response similar to the following displays: (Dub)>show interfaces openvpn openvpn client system-name=ovpn_client status=enabled link-state=up address= /24 (Dub)> 8-9

78 Configuring a Wireless Network with Remote RMM-1400: Configuring the VPN 8-10

79 9 Configuring a Site VPN Connection This chapter provides a detailed site VPN configuration example. Also included in this chapter are step-by-step scenarios on how to configure the site LAN, the site VPN and how to establish the VPN from the client using the Remote RMM Guide to this Chapter Getting Started Configuration Example Configuring the Site LAN Configuring the Site VPN Verifying the VPN Connection from the Client 9-1

80 Configuring a Site VPN Connection: Getting Started Getting Started A major feature of the Remote RMM-1400 is the ability to provide secure remote access to site network elements. A site VPN connection can be temporarily established between a client and the Remote RMM The Remote RMM-1400 uses the OpenVPN software package to establish the VPN connection. A VPN connection from the client to the site allows IP connectivity without the problems of using port based NAT. A firewall is implemented on the Remote RMM-1400 to restrict the traffic to approved IP addresses and ports at the site. Configuration Requirements The Remote RMM-1400 uses an OpenVPN controller instance configured in the site-server mode to establish the site VPN connection from the client. An OpenVPN controller instance in the site-server mode can be used in addition to an OpenVPN controller instance in the client mode for secure wireless backhaul. Optima Optima is a web-based software application that provides complete visibility and control of network infrastructure sites, such as cell sites, substations and remote communication huts and all its systems including power, environmental, security and networking. Optima provides a Remote RMM-1400 connectivity page that displays detailed information (protocol, port and cipher) about the site VPN. Redirect uses the site VPN information passed by Optima to establish the site VPN connection before launching applications to the site network elements. Redirect The Redirect software manages the site VPN connection to the Remote RMM-1400 that enables access to the network elements on the site's private LAN. Redirect bundles OpenVPN client and supporting Kentrox data (e.g. server authentication certificates) to perform the site VPN connection. Redirect supports one VPN connection at a time. To establish a new VPN connection to a different site, Redirect automatically disconnects the previous connection and establishes the new connection. 9-2

81 Configuring a Site VPN Connection: Configuration Example Configuration Example Figure 9-1 provides a detailed example of how the site VPN connection between Client 1 and Remote RMM-1400 is configured. In the following example, both Client 1 and Remote RMM-1400 are connected to the Intranet. Redirect on Client 1 uses the IP address on the Remote RMM-1400 on the Intranet to establish the site VPN connection to access Site NE 1 and Site NE 2. Figure 9-1 Site VPN Connection between Client 1 and the Remote RMM-1400 The site LAN network in this example is /24. The IP address of Site NE 1 is /24 and the IP address of Site NE 2 is /24. The IP address of the site VPN interface on the Remote RMM-1400 is /

82 Configuring a Site VPN Connection: Configuration Example After the site VPN connection is established between Client 1 and the Remote RMM- 1400, the client is assigned a point-to-point (site VPN) IP address /30. The peer s IP address is /30 on the Remote RMM The routes to the site LAN network are pushed to Client 1. These routes are listed in the Routes added box at the top of the diagram. The firewall rules are added based on the allowaccess configurations on the Remote RMM-1400 defined by the user. The Remote RMM-1400 must be configured with the IP address, protocol and port number that will be used when making connections from the clients to the site network elements. All other traffic will be blocked by the firewall on the Remote RMM

83 Configuring a Site VPN Connection: Configuring the Site LAN Configuring the Site LAN Note: The type of interface to be used for the site LAN must be decided upon before a site VPN connection can be configured. In the following scenario, ethernet port 3 interface is used. In this scenario, you will: Remove the ethernet controller from bridge group Configure the IP address for the ethernet controller Enable IP forwarding Note: In order to configure the site LAN, first remove the ethernet controller from the bridge group. To configure the site LAN: 1. Remove controller ethernet 3 from bridge group: config controller ethernet 3 no bridge 2. Configure IP address /24 for ethernet port 3: config interface ethernet 3 ip address /24 3. Enable IP forwarding: config ip forward 9-5

84 Configuring a Site VPN Connection: Configuring the Site VPN Configuring the Site VPN In this scenario, you will: Configure the site VPN controller Configure the interface for client routes Configure the IP address and ports to access over the site VPN Verify the configuration Show the number of clients connected to the site VPN To configure the site VPN: 1. Configure the site VPN controller with instance name site with default cipher, keep-alive, port and protocol. config controller openvpn site mode site-server 2. Configure site interface with IP address /24 config interface openvpn site ip address /24 3. Configure the routes for the site VPN clients to reach the site LAN: config controller openvpn site client-route ethernet 3 4. Configure the IP addresses and ports of the site NEs to be accessed over the site VPN: config controller openvpn allow-access tcp tcp 443 udp 161 config controller openvpn allow-access tcp tcp 443 udp 161 Notes: By default, the Remote RMM-1400 blocks all traffic to the site LAN. ICMP ping requests and replies are automatically allowed for each IP address specified. 9-6

85 Configuring a Site VPN Connection: Configuring the Site VPN 5. Verify the configuration: show controllers openvpn site The command response similar to the following displays: (Dub)>show controllers openvpn site openvpn site system-name=ovpn_site status=enabled link-state=up mode=site-server protocol=udp port=1194 cipher=blowfish-128 keep-alive-inactive=30 keep-alive-disconnect=120 client-route=ethernet 3 vpn-state=connected, Thu Jan 10 14:00:45 EDT 2013 cert-subject=/c=us/st=oh/o=kentrox, Inc./CN=openvpn token cert-validity-start=wed Oct 10 14:42:32 ex 2012 cert-validity-end=wed Jan 31 17:13:31 EDT 2029 allow-access= tcp tcp 443 udp 161 allow-access= tcp tcp 443 udp 161 (Dub)> 6. Show the number of clients that are currently connected to the site VPN: show controllers openvpn site client-count The command response similar to the following displays: (Dub)>show controllers openvpn site client-count Number of known clients: 0 Number of authenticated clients: 0 (Dub)> 9-7

86 Configuring a Site VPN Connection: Verifying the VPN Connection from the Client Verifying the VPN Connection from the Client The VPN connection between the client and the Remote RMM-1400 can be established in two ways. The connection can be made by launching an application from Optima or by manually opening a connection from Redirect running on the client computer. In either case, Optima or Redirect must be configured to use the site VPN. Note: Refer to the Optima and Redirect documentation for additional information on how to establish VPN connections. In this scenario, you will: Verify that a client is connected Verify the number of clients that are connected Note: A connection from the client to the Remote RMM-1400 using Optima or Redirect must first be opened before performing the following procedure. To verify that a client is connected: show controllers openvpn site clients The command response similar to the following displays: (Dub)>show controllers openvpn site clients >test addr virtual-addr= connected=mon Dec 10 13:27:30 EST 2012 rx-bytes=24617 tx-bytes=32053 (Dub)> To verify the number of clients that are connected: show controllers openvpn site client-count The command response similar to the following displays: (Dub)>show controllers openvpn site client-count Number of known clients: 1 Number of authenticated clients: 1 (Dub)> Note: From the client, site NE 1 (IP address ) and site NE 2 ( ) can be accessed using ping, telnet, ssh, http, https or snmp. 9-8

87 10 Configuring Actions, Events and Responses This chapter provides information about actions, events and responses. Guide to this Chapter Overview Event Components Response Components Action Components Configuring an Event, Response and Action 10-1

88 Configuring Actions, Events and Responses: Overview Overview Actions are rules in Remote RMM-1400 that provide a flexible mechanism for managing system mediation by letting users associate events and responses. Actions provide the ability to configure an extensive range of behavior in response to external or internal events. Actions consist of three components: Events System occurrences related to changes in Remote RMM-1400 s equipment or the environment. Responses Behaviors that are executed in response to system events. Actions Rules that create associations between responses and events. During normal Remote RMM-1400 operation, internal event messages are generated. A subsystem called the Action Manager keeps a list of actions and monitors all the event messages. When an event message matches an event configured in an action, the Action Manager generates the corresponding response message. Each responder in the system monitors the response messages and executes responses directed to it. Note: Several commands exist in the Remote RMM-1400 CLI that display diagnostic information related to actions: show actions, show events, show responses, show audit actions, show audit events, show audit responses and diag mmdisplay. For more information about display and diagnostic commands, refer to the Remote RMM-1400 Command Reference Guide. 10-2

89 Configuring Actions, Events and Responses: Event Components Event Components Figure 10-1 illustrates a sample event configuration: event name originator event type config event MyEvent content input 1/1 close Figure 10-1 Example of the Event Command Event declarations consist of the following elements: An event name, which is a user-defined name for the event. An event originator, which is a system component that generates the event. An event type, which is a system occurrence that signifies the event. Options for the event type vary based on the event originator. Note: For more information about event configuration commands and parameters, refer to the Remote RMM-1400 Command Reference Guide. 10-3

90 Configuring Actions, Events and Responses: Response Components Response Components Figure 10-2 illustrates a sample response configuration: response name responder response type config response MyResponse content output 1/3 close Figure 10-2 Example of the Response Command Response declarations consist of the following elements: A response name, which is a user-defined name for the response. A responder, which is a system component that processes the response. A response type, which defines what the response does when the associated event occurs. Options for the response type vary based on the responder. Note: For more information about response configuration commands and parameters, refer to the Remote RMM-1400 Command Reference Guide. 10-4

91 Configuring Actions, Events and Responses: Action Components Action Components Figure 10-3 illustrates a sample action configuration: action name event name response name config action MyAction event MyEvent response MyResponse Figure 10-3 Example of the Action Command Action declarations consist of the following elements: An action name, which is a user-defined name for the action. An event name, which is a previously user-defined name of an event. The response name, which is a previously user-defined name of a response. Note: For more information about this command, refer to the Remote RMM-1400 Command Reference Guide. 10-5

92 Configuring Actions, Events and Responses: Configuring an Event, Response and Action Configuring an Event, Response and Action In this scenario, you will: Configure an event that occurs when the temperature on RMB goes above a high threshold Configure a response that opens a relay output point Configure an action that associates the event with the response. To configure the event, response and action: 1. At the main prompt, configure event High_Temp with event originator analog 1/temperature and event type high: config event High_Temp content analog 1/temperature high Note: For information about specific event originators and event types, refer to command config event content in the Remote RMM-1400 Command Reference Guide. 2. Configure response Output1_3 with responder output 1/3 and response type open: config response Output1_3 content output 1/3 open Note: For information about specific responders and response types, refer to the response configuration commands in the Remote RMM-1400 Command Reference Guide. 3. Configure action Chassis_Temp_High with event High_Temp and response Output1_3: config action Chassis_Temp_High event High_Temp response Output1_3 10-6

93 Configuring Actions, Events and Responses: Configuring an Event, Response and Action 4. (optional) Verify that the action has been configured properly: show actions Chassis_Temp_High The command response similar to the following displays: (Dub)>show actions Chassis_Temp_High Action Name : Chassis_Temp_High Action Description : Event Name : High_Temp Event Description : Event Originator : analog 1/temperature Event Type : high Response Name : Output1_3 Response Description : Response Responder : output 1/3 Response Type : open Response Parameters : No parameters configured for this response. (Dub)> 5. Save the configuration. 10-7

94 Configuring Actions, Events and Responses: Configuring an Event, Response and Action 10-8

95 11 Configuring Technician Laptop Access for Remote RMM-1400 This chapter provides information on configuring Remote RMM-1400 network access to locallyconnected technician laptops. Guide to this Chapter Configuration Overview Assigning IP Addresses to Technician Laptops Configuring IPTables for Network Address Translation Draft - For internal review only. Do not distribute. 11-1

96 Configuring Technician Laptop Access for Remote RMM-1400: Configuration Overview Configuration Overview Figure 11-1 displays what happens when a technician s laptop accesses the network by connecting to Remote RMM IP Network (Public Address) IPTables rules allow laptops on the private network to send packets to the WAN with Remote RMM-1400 s public address. ( ) Server IPTables DHCP Server The DHCP Server assigns a private IP address to the technician laptop. Remote RMM-1400 Technician Laptop (Private Address) Figure 11-1 Technician Laptop Access via Remote RMM Draft - For internal review only. Do not distribute.

97 Configuring Technician Laptop Access for Remote RMM-1400: Configuration Overview When the technician s laptop is connected to one of the Ethernet ports on Remote RMM-1400, the DHCP server automatically assigns an IP address to the laptop. IP addresses that may be assigned to the technician s laptop are configured using DHCP server configuration commands in the Remote RMM-1400 CLI. For more information on configuring the DHCP server, refer to section Assigning IP Addresses to Technician Laptops on page IPTables is configured for Network Address Translation (NAT) to allow multiple laptops to use private IP addresses on the local network and a single public IP address on the WAN. For more information on configuring IPTables and NAT, refer to section Configuring IPTables for Network Address Translation on page Tip: If you have available public IP addresses, DHCP can assign them to connected laptops, which lets you skip the IPTables configuration. Draft - For internal review only. Do not distribute. 11-3

98 Configuring Technician Laptop Access for Remote RMM-1400: Assigning IP Addresses to Technician Laptops Assigning IP Addresses to Technician Laptops Remote RMM-1400 uses the DHCP server to assign IP addresses to network devices. CLI commands are entered to specify valid ranges of IP addresses that may be assigned. Important: For a laptop to access the network through Remote RMM-1400 using this procedure, the laptop must be configured to obtain its IP address automatically. In this scenario, you will: Enable the DHCP server Configure a secondary bridge switch IP address Configure the DHCP server interface Configure the DHCP server subnet Configure the DHCP server router Configure the DHCP server IP address range Configure the default time that a network device can keep a DHCP server-assigned IP address Configure the maximum time that a network device can keep a DHCP server-assigned IP address. To configure the DHCP server to assign IP addresses to technician laptops: 1. Enable the DHCP server: config dhcp-server enable 2. Configure secondary bridge switch IP address /24: config interface bridge switch ip address /24 secondary Important: This step is important because an interface must exist on the same subnet that the DHCP server will be servicing. If this interface does not exist, the DHCP server will not start up. 3. Configure the DHCP server interface as bridge switch: config dhcp-server interface bridge switch 4. Configure the DHCP server subnet as /24: config dhcp-server subnet /24 5. Configure the DHCP server router as : config dhcp-server subnet /24 router Draft - For internal review only. Do not distribute.

99 Configuring Technician Laptop Access for Remote RMM-1400: Assigning IP Addresses to Technician Laptops 6. Configure the DHCP server IP address range as to : config dhcp-server subnet /24 range Note: When the DHCP server assigns IP addresses to network devices, it automatically starts with the highest value IP address in the range. 7. Configure the default time that a network device can keep an IP address assigned by the DHCP server as 4500 seconds: config dhcp-server subnet /24 default-lease Configure the maximum time that a network device can keep an IP address assigned by the DHCP server as 6000 seconds: config dhcp-server subnet /24 max-lease (optional) Verify that the DHCP server has been configured properly: show dhcp-server The command response similar to the following displays: (Dub)>show dhcp-server Admin State: enabled Broadcast: disabled Authority: disabled Config file: Note: User specified configuration files will override configured DHCP server settings. Interfaces: bridge switch Subnets: /24 range= / router= default-lease=4500 max-lease=6000 DNS: Hosts: test MAC=00:00:00:00:00:00 IP= (Dub)> 10. Save the configuration. Draft - For internal review only. Do not distribute. 11-5

100 Configuring Technician Laptop Access for Remote RMM-1400: Configuring IPTables for Network Address Translation Configuring IPTables for Network Address Translation IPTables rules must be configured to enable network address translation for laptops on the private network. Without NAT, devices with private addresses cannot send packets to devices outside the LAN. Note: For more information on IPTables, refer to an IPTables man page (version 1.2.7a). In this scenario, you will: Flush all Iptables Configure a rule in the PREROUTING chain that accepts all packets from a source subnet that go to a specified destination address Set the default action for the PREROUTING chain to drop all packets Configure a rule in the POSTROUTING chain that masquerades all TCP packets from a specified source subnet. To configure IPTables for address translation: 1. Flush all IPTables: config iptables -t nat -F config iptables -t filter -F config iptables -t mangle -F 2. Configure a rule in the PREROUTING chain in the mangle table that accepts all packets from source subnet /24 and to destination address : config iptables -t mangle -A PREROUTING -s /24 -d j ACCEPT 3. Set the default action for the PREROUTING chain to drop all packets: config iptables t mangle P PREROUTING DROP CAUTION: If you are connected to Remote RMM-1400 via a Telnet connection and you set the default action to drop all packets without first configuring a rule to accept packets between your workstation and Remote RMM-1400 (as in step 2), your connection to Remote RMM will be lost Draft - For internal review only. Do not distribute.

101 Configuring Technician Laptop Access for Remote RMM-1400: Configuring IPTables for Network Address Translation 4. Configure a rule in the POSTROUTING chain that masquerades all tcp packets from source subnet /24: config iptables -t nat -A POSTROUTING -s /24 -p tcp -j MASQUERADE 5. (optional) Verify that the IPTables commands have been configured properly: show iptables configuration The command response similar to the following displays: (Dub)>show iptables configuration Table nat Chain PREROUTING (policy ACCEPT) Chain POSTROUTING (policy ACCEPT) -s /24 -p tcp -j MASQUERADE Chain OUTPUT (policy ACCEPT) Table filter Chain INPUT (policy ACCEPT) -i lo -j ACCEPT Chain FORWARD (policy ACCEPT) Chain OUTPUT (policy ACCEPT) -d /8 -j ACCEPT Table mangle Chain PREROUTING (policy DROP) -i lo -j ACCEPT -s /24 -d j ACCEPT Chain INPUT (policy ACCEPT) -i lo -j ACCEPT Chain FORWARD (policy ACCEPT) Chain OUTPUT (policy ACCEPT) -d /8 -j ACCEPT Chain POSTROUTING (policy ACCEPT) -d /8 -j ACCEPT (Dub)> 6. Save the configuration. Draft - For internal review only. Do not distribute. 11-7

102 Configuring Technician Laptop Access for Remote RMM-1400: Configuring IPTables for Network Address Translation 11-8 Draft - For internal review only. Do not distribute.

103 12 Configuring Event Correlations This chapter provides information about configuring event correlations. Guide to this Chapter Overview Correlation Expression Components Configuring an Event Correlation 12-1

104 Configuring Event Correlations: Overview Overview Event correlation is the ability to identify a unique condition by comparing the states of multiple events and aggregating into a single event. The goals of Remote RMM-1400 event correlation are to: Report the correlated condition to a network management system Include the correlated condition as an individual component in other event correlations (if defined) Perform an automatic response (if defined) Event Correlation Components Event correlation is represented by an event originator named correlation and the following components: A description of the event correlation A boolean-like expression to define the event correlation Properties controlling how the expression is evaluated. The evaluation of the correlation expression results in a true or false state for the event correlation. 12-2

105 Configuring Event Correlations: Correlation Expression Components Correlation Expression Components The following illustrates a basic expression configuration: Term Operator Term OriginatorType Instance State and OriginatorType Instance State Figure 12-1 Correlation Expression Example A Term in a correlation expression is used to test the current state of an originator. The Term consists collectively of the following elements: OriginatorType, which is one of the Remote RMM-1400 event originator types. The type can also be correlation, which refers to other event correlations. Instance value, which is one of the valid instances for the specified type, for example, 1/1, 2. State, which is a valid state for the originator. In the case of a measurement, the state may be a relational operator and a numeric value (for example, < 48 or > 95). Originator Types and States Table 12-1 lists the types of originators that are valid for the correlation expressions, the associated events that are valid as a state comparison and those originators that can be used as multi-originators. Multi-originators must have either an any or an all operator before the multiple instance token. See Operators on page 12-4 for details. Table 12-1 Event Originator Types and States Originator Type Valid State Events Multi Support analog high, in-band, inputsaturated, loss of signal, low yes - point ranges input close, open yes - point ranges output close, open yes - point ranges correlation false, true no measurement high, in-band, inputsaturated, loss of signal, low, <, <=, =, >=, >,!= yes - point ranges 12-3

106 Configuring Event Correlations: Correlation Expression Components Examples Examples of these components combined are shown below: analog 1/1 high correlation examplecorr false measurement ExtTemp1 > 90 Operators The valid operators that can be used in a correlation expression are listed in the following table, along with possible usages and example results for each. Table 12-2 Operators and Usage Operator Usage Example Result and expression analog 1/4 high and output 1/2 open or expression analog 1/4 high or measurement exttemp > 110 When both expressions are true, the evaluation is true. When either expression is true, the evaluation is true. not all any expression not analog 1/4 in-band expression all output 1/1-4 close expression any 3 input 1/1-4 close When negating a true expression, the evaluation is false. When all expressions are true, the evaluation is true. When at least three (3) expressions are true, the evaluation is true. If no number is entered after any, the default value is 1. Expression Evaluation In an expression, the precedence order for evaluation is as follows: 1. Term 2. not 3. and 4. or If a Term is a nested expression, it is fully evaluated as the evaluation of the Term, as is typical with most programming languages. Nested expressions in parentheses are supported, allowing complex expressions to be contained in a single correlation expression. The use of parentheses can improve the readability of expressions which mix and, not and or operators. 12-4

107 Configuring Event Correlations: Correlation Expression Components Example Expressions The examples below show various forms of Terms in nested expressions. all input 1/1-4 open and ( analog 1/1 loss-of-signal or analog 1/1 low ) not ( any 3 analog 1/1-4 in-band and correlation mycorrelation false ) all input 1/1,3,5,7 open and correlation mycorrelation true all input 1,2/1-4 open Configuring a Time Period (Optional) You can optionally configure a time period (duration) during which a correlation expression must remain in a true or false state before the correlation itself changes state to match the expression. For example, you may want to configure a scenario where an alarm is generated when a door is open for an extended period of time rather than a brief open/close situation. 12-5

108 Configuring Event Correlations: Configuring an Event Correlation Configuring an Event Correlation In this scenario, you will: Configure a correlation expression for two open door alarm events Configure the time (duration) for which the expression must remain true or false before the correlation matches the expression s state Create two alarm table entries for the open door events. To configure an event correlation for two open door alarm events: 1. At the main prompt, configure an event correlation named DoorAlarms with a description of Correlation for open door alarms: config correlation DoorAlarms description Correlation for open door alarms 2. Configure the true duration time in the expression for 900 seconds, meaning an alarm will be sent if the door is open for 15 minutes; set the false duration time to 0 seconds (immediate), meaning an alarm will be sent immediately upon closure: config correlation DoorAlarms duration Configure the correlation expression for the two doors as input 1/1 open and input 1/2 open: config correlation DoorAlarms expression input 1/1 open and input 1/2 open 4. (optional) Verify that the action has been configured properly: show correlation DoorAlarms The command response similar to the following displays: (Dub)>show correlation DoorAlarms Name : DoorAlarms Expression : input 1/1 open and input 1/2 open True Duration : 900 False Duration : 0 Evaluation : false and false = false Value : false Description : Correlation for open door alarms (Dub)> 12-6

109 Configuring Event Correlations: Configuring an Event Correlation To configure the alarm table entry for the open door correlation: 1. At the main prompt, configure the alarm entry name dooropen: config alarm-entry dooropen 2. Configure the alarm entry dooropen with the following parameters: event originator correlation DoorAlarms event type true event severity major alarm message Door is open config alarm-entry dooropen event correlation DoorAlarms true major Door is open 3. Configure the alarm entry dooropen with the following parameters: event originator correlation DoorAlarms event type false event severity normal alarm message Door is closed config alarm-entry dooropen event correlation DoorAlarms false normal Door is closed 4. Save the configuration. Note: For an example of configuring an event correlation using a measurement, see section Configuring an Event Correlation for a Measurement in Chapter 14: Configuring Measurements and the Measurement Table. 12-7

110 Configuring Event Correlations: Configuring an Event Correlation 12-8

111 13 Configuring Alarm Entries in the Central Alarm Table This chapter provides an overview of the central alarm table along with step-by-step scenarios for configuring and using alarm entries in the central alarm table. Guide to this Chapter Overview Alarm Protocol Formats Configuring an Alarm Entry for a Temperature Sensor Configuring an Alarm Entry for a Discrete Input Configuring an Alarm Entry for a Serial Connection Failure Configuring an Alarm Entry for a TCP Connection that Goes Down Configuring an Alarm Entry for a Telnet Connection that Comes Up Testing Alarm Table Configurations 13-1

112 Configuring Alarm Entries in the Central Alarm Table: Overview Overview The central alarm table collects and communicates the state of all alarms reported by Remote RMM It is a table of alarm entries that contains information for each attainable severity level and has the following features: Event/alarm associations The central alarm table lets users associate events with alarm responses in a single command. This is easier than configuring events and alarm responses using the action subsystem, which requires three commands for associating events with alarm responses. Alarm Nagging Alarm nagging causes an alarm entry to send an alarm message in all formats enabled for that entry at a specified time interval. For information about configuring the alarm nagging interval, refer to section Configuring an Alarm Entry for a Temperature Sensor on page Alarm reporting in a variety of formats The central alarm table can report alarm statuses in raw format, or in SNMP format. For more information on these formats, refer to section Alarm Protocol Formats on page For information about commands that configure central alarm table entries and data, refer to the Remote RMM-1400 Command Reference Guide. 13-2

113 Configuring Alarm Entries in the Central Alarm Table: Alarm Protocol Formats Alarm Protocol Formats The central alarm table supports two alarm protocol formats: Raw SNMP You can enable and disable each alarm protocol format independently of the other (meaning that you can have both formats enabled). Raw The central alarm table supports raw alarm output that can be used for alarm formats that are not directly supported by Remote RMM A script or application can take the alarm information from the raw output and translate it into any type of alarm message. SNMP The central alarm table supports SNMP through alarm traps in the aimediationv2.mib. Alarm traps are sent to all enabled SNMP management hosts. In order to receive alarm traps, at least one SNMP management host must be configured. 13-3

114 Configuring Alarm Entries in the Central Alarm Table: Configuring an Alarm Entry for a Temperature Sensor Configuring an Alarm Entry for a Temperature Sensor In this scenario, you will: Configure an alarm entry description Configure a category name Configure SNMP trap support Configure the interval at which the alarm will send its state Configure a network element name Configure the alarm actions that signal when the detected temperature has exceeded a maximum threshold, passed below a minimum threshold, or entered into an acceptable range. Important: This scenario does not show how to configure the analog input that is associated with the alarm entry. For information on configuring analog inputs, refer to command config discrete analog in the Remote RMM-1400 Command Reference Guide. To configure the temperature sensor alarm entry: 1. At the main prompt, configure description Temperature sensor: config alarm-entry tempsensor description Temperature sensor 2. Configure category name envalms: config alarm-entry tempsensor category envalms 3. Enable SNMP trap support: config alarm-entry tempsensor trap enable 4. Configure the SNMP trap priority level to high: config alarm-entry tempsensor trap priority high 5. Configure the interval at which the alarm entry sends its state information to 5 seconds when the alarm state is critical: config alarm-entry tempsensor nagging 5 critical 6. Configure network element name sensorunit: config alarm-entry tempsensor ne-name sensorunit 13-4

115 Configuring Alarm Entries in the Central Alarm Table: Configuring an Alarm Entry for a Temperature Sensor 7. Configure an event for alarm entry tempsensor with the following settings: Event originator analog 1/1 Event trigger high Event severity level critical Alarm event message Temperature above safe threshold - followed by the actual high value for the alarm entry. config alarm-entry tempsensor event analog 1/1 high critical Temperature above safe threshold - $(value) Note: Keyword $(value) is replaced with the current value of the analog input. If the event associated with the analog input does not contain an event message value, no substitution takes place. 8. Configure a second event for alarm entry tempsensor with the following settings: Event originator analog 1/1 Important: All events configured for an alarm entry must have the same event originator. Event trigger low Event severity level minor Alarm event message Temperature below low threshold - followed by the actual low value for the alarm entry. config alarm-entry tempsensor event analog 1/1 low minor Temperature below low threshold - $(value) 9. Configure a third event for alarm entry tempsensor with the following settings: Event originator analog 1/1 Event trigger in-band Event severity level normal Alarm event message Temperature in normal range. config alarm-entry tempsensor event analog 1/1 in-band normal Temperature in normal range 13-5

116 Configuring Alarm Entries in the Central Alarm Table: Configuring an Alarm Entry for a Temperature Sensor 10. (optional) Verify that the alarm entry has been configured properly: show alarm-entries name tempsensor The command response similar to the following displays: (Dub)>show alarm-entries name tempsensor Name - tempsensor State - normal Current Message - Description - Temperature sensor Nagging Interval - 5 Nagging Level - critical Trap - enabled Trap Priority - high Raw - enabled Category - envalms NE Name - TempSensor Originator - input 1/1 Alarm Actions: Severity Trigger Message critical high Temperature above safe thresho minor low Temperature below low threshol normal in-band Temperature in normal range (Dub)> 11. Save the configuration. Configuring Analog Input Values The values reported by Remote analog inputs often show rapid fluctuations as compared to the values read from a digital multi-meter. This is by design and does not indicate a problem with the Remote. Digital multi-meters utilize sophisticated internal circuitry to minimize these inherent fluctuations when displaying measurements to the user. To compensate for these variations, Remote provides two analog input features: analog averaging and analog adjustment. 13-6

117 Configuring Alarm Entries in the Central Alarm Table: Configuring an Alarm Entry for a Temperature Sensor Analog Averaging Users can specify the level at which Remote will average measurement values. The goal is for a reasonable, steady-state value to measure consistently with both the Remote and an external meter. Summarized in Table 13-1 are the valid averaging values with typical examples of when they may be applied to a measurement. Table 13-1 Analog Averaging Values Value high medium low none Description Provides the most averaging, but provides slower response to rapid changes in the measured value. This setting is typically used with environmental or other sensors which measure conditions that do not change quickly. The typical value used when the unscaled value fluctuates by +/-.01 V or ma. This setting is recommended for measurements which are not expected to change instantaneously, but may change significantly over a short period of time (for example, 1 minute). Provides faster response to value fluctuation while still providing a small level of averaging. This setting is recommended for measurements which may change very rapidly during alarm conditions, but which will still benefit from the smoothing feature during steady-state operation. No averaging will be applied and raw values will be reported. This is the default value. Measurement Example Temperature/Humidity Fuel Level Battery Voltage The following example shows how to configure discrete analog 1/1 with medium level averaging: config discrete analog 1/1 averaging medium Analog Adjustment A fixed adjustment can be applied to an analog input value to raise or lower the value to match a reference value. By adjusting both the minimum and maximum sensor readings by the same amount, the offset can be applied without changing the scaling factor of the analog input. Note that these values affect only the current conditions. 13-7

118 Configuring Alarm Entries in the Central Alarm Table: Configuring an Alarm Entry for a Temperature Sensor For example, to configure a voltage sensor for 0-10V scaling to gallons of fuel, an offset of +7 gallons can be applied by scaling the 0-10V to gallons. This scenario is configured as follows: config discrete analog 1/1 minimum 0 7 config discrete analog 1/1 maximum

119 Configuring Alarm Entries in the Central Alarm Table: Configuring an Alarm Entry for a Discrete Input Configuring an Alarm Entry for a Discrete Input In this scenario, you will: Configure an alarm entry description Configure SNMP alarm protocol support Configure an alarm action that occurs when a light turns off, which opens an input Configure an alarm action that occurs when a light turns on, which closes an input. Important: This scenario does not show how to configure the discrete input that is associated with the alarm entry. For information on configuring discrete inputs, refer to command config discrete input in the Remote RMM-1400 Command Reference Guide. To configure the open input alarm entry: 1. At the main prompt, configure description Light switch: config alarm-entry input1_1 description Light Switch 2. Enable trap alarm protocol support: config alarm-entry input1_1 trap enable 3. Configure an event for alarm entry input1_1 with the following settings: Event originator input 1/1 Event trigger open Event severity level major Alarm event message Light off. config alarm-entry input1_1 event input 1/1 open major Light off 4. Configure an event for alarm entry input1_1 with the following settings: Event originator input 1/1 Event trigger close Event severity level major Alarm event message Light on. config alarm-entry input1_1 event input 1/1 close major Light on 13-9

120 Configuring Alarm Entries in the Central Alarm Table: Configuring an Alarm Entry for a Discrete Input 5. (optional) Verify that the alarm entry has been configured properly: show alarm-entries name input1_1 The command response similar to the following displays: (Dub)>show alarm-entries name input1_1 Name - input1_1 State - normal Current Message - Description - Nagging Interval - 0 Nagging Level - major Trap - enabled Trap Priority - disabled Raw - disabled Category - NE Name - Originator - input 1/1 Alarm Actions: Severity Trigger Message major open Light off major close Light on (Dub)> 6. Save the configuration

121 Configuring Alarm Entries in the Central Alarm Table: Configuring an Alarm Entry for a Serial Connection Failure Configuring an Alarm Entry for a Serial Connection Failure In this scenario, you will: Configure an alarm entry description Configure SNMP alarm protocol support Configure an alarm action that signals that a serial connection failure has occurred. Important: This scenario does not show how to configure the serial port that is associated with the alarm entry. For information on configuring serial ports, refer to command config controller serial in the Remote RMM-1400 Command Reference Guide. To configure an alarm entry for a serial connection failure: 1. At the main prompt, configure description Serial connection failure: config alarm-entry SerConnFail description Serial connection failure 2. Enable SNMP trap alarm protocol support: config alarm-entry SerConnFail trap enable 3. Configure an event for alarm entry SerConnFail with the following settings: Event originator serial 3 Event trigger conn-failed Event severity level major Alarm event message The serial connection has failed. config alarm-entry SerConnFail event serial 3 conn-failed major The serial connection has failed 13-11

122 Configuring Alarm Entries in the Central Alarm Table: Configuring an Alarm Entry for a Serial Connection Failure 4. (optional) Verify that the alarm entry has been configured properly: show alarm-entries name SerConnFail The command response similar to the following displays: (Dub)>show alarm-entries name SerConnFail Name - SerConnFail State - normal Current Message - Description - Serial connection failure Nagging Interval - 0 Nagging Level - major Trap - enabled Trap Priority - disabled Raw - disabled Category - NE Name - Originator - serial 3 Alarm Actions: Severity Trigger Message major conn-failed The serial connection has fail (Dub)> 5. Save the configuration

123 Configuring Alarm Entries in the Central Alarm Table: Configuring an Alarm Entry for a TCP Connection that Goes Down Configuring an Alarm Entry for a TCP Connection that Goes Down In this scenario, you will: Configure an alarm entry description Configure SNMP alarm protocol support Configure an alarm action that signals that a TCP connection has gone down. To configure an alarm entry for a TCP connection that goes down: 1. At the main prompt, configure description TCP connection down: config alarm-entry TCPConnDown description TCP connection down 2. Enable SNMP trap alarm protocol support: config alarm-entry TCPConnDown trap enable 3. Configure an event for alarm entry TCPConnDown with the following settings: Event originator tcp :5001 Event trigger conn-down Event severity level major Alarm event message TCP connection down. config alarm-entry TCPConnDown event tcp :5001 conndown major TCP connection down 13-13

124 Configuring Alarm Entries in the Central Alarm Table: Configuring an Alarm Entry for a TCP Connection that Goes Down 4. (optional) Verify that the alarm entry has been configured properly: show alarm-entries name TCPConnDown The command response similar to the following displays: (Dub)>show alarm-entries name TCPConnDown Name - TCPConnDown State - normal Current Message - Description - TCP connection down Nagging Interval - 0 Nagging Level - major Trap - enabled Trap Priority - disabled Raw - disabled Category - NE Name - Originator - tcp :5001 Alarm Actions: Severity Trigger Message major conn-down TCP connection down (Dub)> 5. Save the configuration

125 Configuring Alarm Entries in the Central Alarm Table: Configuring an Alarm Entry for a Telnet Connection that Comes Up Configuring an Alarm Entry for a Telnet Connection that Comes Up In this scenario, you will: Configure an alarm entry description Configure SNMP alarm protocol support Configure an alarm action that signals that a Telnet connection has come up. To configure the Telnet connection up alarm entry: 1. At the main prompt, configure description Telnet connection up: config alarm-entry TelnetConnUp description Telnet connection up 2. Enable SNMP trap alarm protocol support: config alarm-entry TelnetConnUp trap enable 3. Configure an event for alarm entry TelnetConnUp with the following settings: Event originator telnet :6001 Event trigger conn-up Event severity level normal Alarm event message Telnet connection now up. config alarm-entry TelnetConnUp event telnet :6001 conn-up normal Telnet connection now up Tip: This same scenario can be followed to configure a connection up alarm entry for SSH. Simply substitute SSH for Telnet

126 Configuring Alarm Entries in the Central Alarm Table: Configuring an Alarm Entry for a Telnet Connection that Comes Up 4. (optional) Verify that the alarm entry has been configured properly: show alarm-entries name TelnetConnUp The command response similar to the following displays: (Dub)>show alarm-entries name TelnetConnUp Name - TelnetConnUp State - normal Current Message - Description - Telnet connection up Nagging Interval - 0 Nagging Level - major Trap - enabled Trap Priority - disabled Raw - disabled Category - NE Name - Originator - telnet :6001 Alarm Actions: Severity Trigger Message normal conn-up Telnet connection now up (Dub)> 5. Save the configuration

127 Configuring Alarm Entries in the Central Alarm Table: Testing Alarm Table Configurations Testing Alarm Table Configurations After you configure alarm table entries, you can simulate test traps from the alarm table to test your alarm table configurations before actual alarm traps are sent. Test mode traps are sent to the management station. In this scenario, you will: Enable the alarm table test mode. Simulate a test trap from Remote for a specific alarm entry. To simulate a test trap from the Remote alarm table: 1. At the main prompt, enable the alarm table test mode using the default timeout period (10 minutes): diag test mode enable 2. Simulate a test trap for alarm entry GPS_Failure: diag test alarm-entry GPS_Failure 3. (optional) Verify that the GPS_Failure alarm entry is being simulated: show test alarm-entries This command response displays the alarm entries that are currently being simulated (in test mode). (Dub)>show (Dub) show>test (Dub) show test> alarm-entries Name State Current alarm message Explosive_Gas normal Explosive Gas Not Detected GPS_Failure normal GPS Normal Generator_OilPressur normal --- NewTest normal --- Toxic_Gas normal --- (Dub) show test 13-17

128 Configuring Alarm Entries in the Central Alarm Table: Testing Alarm Table Configurations 13-18

129 14 Configuring Measurements and the Measurement Table This chapter provides an overview of Remote RMM-1400 s measurement table along with stepby-step scenarios for configuring a measurement table entry, an alarm entry for a measurement and an event correlation for a measurement. Guide to this Chapter Overview Configuring a Measurement Table Entry for a Temperature Sensor Configuring an Alarm Entry for a Measurement Configuring an Event Correlation for a Measurement 14-1

130 Configuring Measurements and the Measurement Table: Overview Overview In addition to its central alarm table, Remote RMM-1400 provides a measurement table that collects analog measurement values and reports these values to a central management station, such as Optima. These measurement values can be sourced from an analog input monitored by Remote RMM-1400, from a script running on Remote RMM-1400 that monitors an attached network element, or via SNMP from a network element that is monitored by SNMP proxy. The Remote RMM-1400 measurement table stores a 24-hour history of collected values. Figure 14-1 Remote RMM-1400 Measurement Table Each entry in the measurement table is identified by a name and contains an analog value, units of measure (such as V, %, deg C, or deg F), the originator of the data (such as analog 1/1 or script jobname_measurementname), the NE name, an optional description and category and the maximum, minimum and average measured values over the reporting interval. 14-2

131 Configuring Measurements and the Measurement Table: Overview You can configure a measurement table entry such that the state of the measurement will change based on the current value of the measurement. These states include: Loss-of-signal The value has passed below the minimum measurable threshold Low The value has passed below the minimum value that is considered normal In-band The value falls between the minimum normal value and the maximum normal value High The value has passed above the maximum value that is considered normal Input-saturated The value has passed above the maximum measurable threshold Offline The originator of the value has gone offline and is not reporting a value Use with Alarm Table Entries Measurement table entries can be used in connection with Remote RMM-1400 s alarm table. You can set up alarm entries with different events that are triggered in response to fluctuations in the current state of a measurement. See section Configuring an Alarm Entry for a Measurement for an example. Use with Event Correlations You can create event correlations to be used with measurement table entries. The example in section Configuring an Event Correlation for a Measurement correlates a temperature measurement exceeding a specified value with an input being open to create an alarm for fire danger. For more information on configuring correlations, see Chapter 12: Configuring Event Correlations. Use with Proxied SNMP NEs See Chapter 18: Configuring the SNMP Proxy for information on how to use the measurement table with proxied SNMP NEs. Relevant topics include Configuring a Mediation SNMP Measurement Template and Configuring a Mediation SNMP Network Element. 14-3

132 Configuring Measurements and the Measurement Table: Configuring a Measurement Table Entry for a Temperature Sensor Configuring a Measurement Table Entry for a Temperature Sensor In this scenario, you will: Configure a measurement table entry with name and description Configure a category name Configure measurement units Configure a network element name Configure the normal (in-band), maximum and minimum values Configure the originator for a measurement table entry Enable the measurement table entry To configure a measurement table entry for an external temperature sensor: 1. At the main prompt, configure measurement table entry ExtTemp1 with description External temperature sensor: config meas-table entry ExtTemp1 description External temperature sensor 2. Configure category name envalms: config meas-table entry ExtTemp1 category envalms 3. Configure measurement units Degrees F: config meas-table entry ExtTemp1 units Degrees F 4. Configure network element name sensorunit: config meas-table entry ExtTemp1 ne-name sensorunit 5. Configure the normal range for measurement values: config meas-table entry ExtTemp1 band Configure the maximum measurable value: config meas-table entry ExtTemp1 maximum Configure the minimum measurable value: config meas-table entry ExtTemp1 minimum Configure the originator for this measurement: config meas-table entry ExtTemp1 originator analog 1/4 9. Enable the measurement table entry: config meas-table entry ExtTemp1 enable 14-4

133 Configuring Measurements and the Measurement Table: Configuring a Measurement Table Entry for a Temperature Sensor 10. (optional) Verify that the measurement table entry has been configured properly: show meas-table entries ExtTemp1 The command response similar to the following displays: (Dub)>show meas-table entries ExtTemp1 Name - ExtTemp1 (static) State - offline Originator - analog 1/4 Description - External temperature sensor NE Name - sensorunit Category - envalms Report Interval - 0 Low-Band High-Band Hysteresis - 0. Max-Limit Min-Limit Units - Degrees F Current Value - 76 Interval Value - 76 Interval Minimum - 76 Interval Maximum - 76 Interval Average - 76 (Dub)> 11. Save the configuration. Sample Configuration for SiteBus Temperature Sensor The following is a sample configuration for a measurement table entry for the SiteBus temperature sensor used with RMB-1 and RMB-2. Adjust the sensor name, NE name and other values to fit your specific implementation. config meas-table entry TempSensor1 config meas-table entry TempSensor1 category Temp Sensor config meas-table entry TempSensor1 description One Wire Temp Sensor config meas-table entry TempSensor1 originator sitebus Temp/temperatureF config meas-table entry TempSensor1 report-interval 15 config meas-table entry TempSensor1 band config meas-table entry TempSensor1 hysteresis 2 config meas-table entry TempSensor1 maximum 150 config meas-table entry TempSensor1 minimum -10 config meas-table entry TempSensor1 ne-name Test_RMM1400 config meas-table entry TempSensor1 units degrees Fahrenheit 14-5

134 Configuring Measurements and the Measurement Table: Configuring an Alarm Entry for a Measurement Configuring an Alarm Entry for a Measurement In this scenario, you will: Configure an alarm entry description and category Configure the network element name associated with this alarm entry Configure SNMP trap alarm protocol support Configure different alarm actions that occur when a measurement is normal, low, high, falls below the measurable range, or rises above the measurable range To configure the measurement alarm entry: 1. At the main prompt, configure alarm entry ExtTemp with description External temperature alarm: config alarm-entry ExtTemp description External temperature alarm 2. Configure category name envalms: config alarm-entry ExtTemp category envalms 3. Configure network element name sensorunit: config alarm-entry ExtTemp ne-name sensorunit 4. Enable SNMP trap alarm protocol support with priority normal: config alarm-entry ExtTemp trap enable config alarm-entry ExtTemp trap priority normal 5. Configure an event for alarm entry ExtTemp with the following settings: Event originator measurement ExtTemp1 Event trigger high Event severity level major Alarm event message $(value). Note: Keyword $(value) is replaced with the current measurement value. config alarm-entry ExtTemp event measurement ExtTemp1 high major $(value) 14-6

135 Configuring Measurements and the Measurement Table: Configuring an Alarm Entry for a Measurement 6. Configure an event for alarm entry ExtTemp with the following settings: Event originator measurement ExtTemp1 Event trigger low Event severity level major Alarm event message $(value). config alarm-entry ExtTemp event measurement ExtTemp1 low major $(value) 7. Configure an event for alarm entry ExtTemp with the following settings: Event originator measurement ExtTemp1 Event trigger in-band Event severity level normal Alarm event message $(value). config alarm-entry ExtTemp event measurement ExtTemp1 in-band normal $(value) 8. Configure an event for alarm entry ExtTemp with the following settings: Event originator measurement ExtTemp1 Event trigger input-saturated Event severity level critical Alarm event message Input saturated. config alarm-entry ExtTemp event measurement ExtTemp1 inputsaturated critical Input saturated 9. Configure an event for alarm entry ExtTemp with the following settings: Event originator measurement ExtTemp1 Event trigger loss-of-signal Event severity level critical Alarm event message Signal loss. config alarm-entry ExtTemp event measurement ExtTemp1 loss-ofsignal critical Signal loss 14-7

136 Configuring Measurements and the Measurement Table: Configuring an Alarm Entry for a Measurement 10. (optional) Verify that the alarm entry has been configured properly: show alarm-entries name ExtTemp The command response similar to the following displays: (Dub)>show alarm-entries name ExtTemp Name - ExtTemp State - normal Current Message - Description - Exterior temperature alarm Nagging Interval - 0 Nagging Level - major Trap - enabled Trap Priority - normal Raw - disabled Category - envalms NE Name - sensorunit Originator - measurement ExtTemp1 Alarm Actions: Severity Trigger Message major high $(value) major low $(value) normal in-band $(value) critical input-saturated Input saturated critical loss-of-signal Signal loss (Dub)> 11. Save the configuration. 14-8

137 Configuring Measurements and the Measurement Table: Configuring an Event Correlation for a Measurement Configuring an Event Correlation for a Measurement In this scenario, you will: Configure a correlation expression for fire danger, when a measurement from a temperature sensor exceeds a specified value while an alarm event from a smoke detector (connected to input 1/3) exists Configure the time (duration) for which the expression must remain true or false before the correlation matches the expression s state Create two alarm table entries for the correlation. To configure an event correlation for fire danger: 1. At the main prompt, configure an event correlation named FireDanger with description Correlation for temperature and smoke: config correlation FireDanger description Correlation for temperature and smoke 2. Configure the correlation expression for the value of measurement ExtTemp1 as greater than or equal to 90 and the smoke detector (input 1/3) as open: config correlation FireDanger expression measurement ExtTemp1 >= 90 and input 1/3 open 3. Configure the true duration time in the expression for 120 seconds, meaning an alarm will be sent if these conditions persist for two minutes; set the false duration time to 0 seconds (immediate), meaning an alarm will be sent immediately when either condition no longer exists: config correlation FireDanger duration (optional) Verify that the action has been configured properly: show correlations FireDanger The command response similar to the following displays: (Dub)>show correlations FireDanger Name : FireDanger Expression : measurement ExtTemp1 >= 90 and input 1/3 open True Duration : 90 False Duration : 0 Evaluation : false and false = false Value : false Description : Correlation for temperature and smoke (Dub)> 14-9

138 Configuring Measurements and the Measurement Table: Configuring an Event Correlation for a Measurement To configure the alarm table entry for the fire danger correlation: 1. At the main prompt, configure the alarm entry name dooropen: config alarm-entry firedanger 2. Configure the alarm entry dooropen with the following parameters: event originator correlation FireDanger event type true event severity critical alarm message Fire alarm exists config alarm-entry firedanger event correlation FireDanger true critical Fire alarm exists 3. Configure the alarm entry doorclosed with the following parameters: event originator correlation FireDanger event type false event severity normal alarm message Fire alarm is cleared config alarm-entry dooropen event correlation FireDanger false normal Fire alarm is cleared 4. Save the configuration

139 15 Configuring Mediation Connections This chapter provides information about how to configure mediation connections, events, responses and actions. Guide to this Chapter Overview Secure Terminal Server Access Configuring a TCP to Asynchronous Serial Connection Configuring a Telnet to Asynchronous Serial Connection Configuring a SSH to Asynchronous Serial Connection Configuring an Asynchronous Serial to Asynchronous Serial Connection Configuring an Asynchronous Serial to TCP Connection 15-1

140 Configuring Mediation Connections: Overview Overview Mediation connections allow you to connect different protocols. Examples of mediation connections include: Asynchronous to TCP connections and TCP to asynchronous connections Asynchronous to asynchronous connections A mediation connection can be configured to have multiple hops; however, the connection must have a source endpoint and a destination endpoint at a minimum. In addition, the connection can have data filters in the middle, for example, the Telnet filter acts as a Telnet server proxy. Mediation connections are established through the configuration of events, responses and actions. 15-2

141 Configuring Mediation Connections: Secure Terminal Server Access Secure Terminal Server Access The secure terminal server access feature provides a layer of encryption and authentication, creating a secure connection from a workstation to Remote RMM to access a connected NE. The connection from Remote RMM-1400 to the NEs is not secure. The Secure Shell Protocol (SSH) is used to provide the secure connection and is suitable for both an interactive user session via a client like PuTTY or through any available SSH client library. The Redirect application provides SSH as an option for a virtual serial port s protocol in addition to TCP and Telnet protocols. Redirect also allows for user authentication options to be configured. Figure 15-1 shows the secure connection using SSH and a non-secure connection using Telnet. Figure 15-1 Secure and Non-Secure Connections Terminal Server User Access A built-in user profile called restricted is available for users, which allows terminal server access but no CLI or FTP access. At the CLI, a user with the restricted profile will only be able to log out; no files will be available for retrieval via FTP. 15-3

142 Configuring Mediation Connections: Configuring a TCP to Asynchronous Serial Connection Configuring a TCP to Asynchronous Serial Connection In this scenario, you will configure a mediation connection between a TCP port and an asynchronous serial controller. You will set up an action, event and response that cause the TCP port and controller to connect. To configure a TCP connection to an asynchronous connection: 1. Configure event tcp40010 with originator tcp :40010 and event type incoming-connection: config event tcp40010 content tcp :40010 incomingconnection Note: The TCP originator IP address is optional if it is the same as the Remote RMM-1400 bridge switch interface IP address. 2. Configure response tcp40010toserial2 with responder tcp :40010 and response type dest serial 2: config response tcp40010toserial2 content tcp :40010 connect dest serial 2 3. Configure action tcptoserial2 with event tcp40010 and response tcp40010toserial2: config action tcptoserial2 event tcp40010 response tcp40010toserial2 4. (optional) Verify that the TCP to asynchronous connection has been configured properly: show actions tcptoserial2 The command response similar to the following displays: (Dub)>show actions tcptoserial2 Action Name : tcptoserial2 Action Description : Event Name : tcp40010 Event Description : Event Originator : tcp :40010 Event Type : incoming-connection Response Name : tcp40010toserial2 Response Description : Response Responder : tcp :40010 Response Type : connect Response Parameters : dest=serial 2 (Dub)> 15-4

143 Configuring Mediation Connections: Configuring a TCP to Asynchronous Serial Connection 5. Configure controller serial 2 to connect and disconnect as DCD goes active and inactive: config controller serial 2 connect mode dcd config controller serial 2 disconnect mode dcd 6. Configure the application mode as destination: config controller serial 2 application destination 7. (optional) Verify that a connection is established: show connections The command response similar to the following displays: (Dub)>show connections tcp :40010:4 -> serial 2 (Dub)> Note: The 4 that comes after the TCP port number is an internal reference number generated by Remote RMM Save the configuration. 15-5

144 Configuring Mediation Connections: Configuring a Telnet to Asynchronous Serial Connection Configuring a Telnet to Asynchronous Serial Connection In this scenario, you will configure a mediation connection between a Telnet port and an asynchronous serial controller. You will set up an action, event and response that cause the Telnet port and controller to connect. To configure a Telnet to asynchronous serial connection: 1. Configure event IncTelnetConn to signal that an incoming telnet connection request has been received on port at IP address : config event IncTelnetConn content telnet :60002 incoming-connection 2. Configure response telnet60002toserial3 to connect Telnet port at IP address to destination serial 3: config response telnet60002toserial3 content telnet :60002 connect dest serial 3 3. Configure response telnet60002toserial3 to cause a Telnet connection from port at IP address to operate in binary mode: config response telnet60002toserial3 content telnet :60002 connect options -b 4. Configure action telnettoserial to associate event IncTelnetConn with response telnet60002toserial3: config action telnettoserial event IncTelnetConn response telnet60002toserial3 15-6

145 Configuring Mediation Connections: Configuring a Telnet to Asynchronous Serial Connection 5. (optional) Verify that the Telnet to asynchronous connection has been configured properly: show actions telnettoserial The command response similar to the following displays: (Dub)>show actions telnettoserial Action Name : telnettoserial Action Description : Event Name : IncTelnetConn Event Description : Event Originator : telnet :60002 Event Type : incoming-connection Response Name : telnet60002toserial3 Response Description : Response Responder : telnet :60002 Response Type : connect Response Parameters : dest=serial 3 options=-b (Dub)> 6. Configure controller serial 5 to connect and disconnect as DCD goes active and inactive: config controller serial 3 connect mode dcd config controller serial 3 disconnect mode dcd 7. Configure the application mode as destination: config controller serial 3 application destination 8. (optional) Verify that a connection is established: show connections The command response similar to the following displays: (Dub)>show connections telnet :60002:4 -> serial 3 (Dub)> Note: The 4 that comes after the TCP port number is an internal reference number generated by Remote RMM Save the configuration. 15-7

146 Configuring Mediation Connections: Configuring a SSH to Asynchronous Serial Connection Configuring a SSH to Asynchronous Serial Connection In this scenario, you will configure a mediation connection between an SSH port and an asynchronous serial controller. You will set up an action, event and response that cause the SSH port and controller to connect. In addition, you will configure a user profile authorized for terminal server access To configure an SSH to asynchronous serial connection: 1. Configure event IncSSHConn to signal that an incoming SSH connection request has been received on port at IP address : config event IncSSHConn content ssh :20001 incoming-connection 2. Configure response SSH20001ToSerial4 to connect SSH port at IP address to destination serial 4: config response SSH20001ToSerial4 content ssh :20001 connect dest serial 4 3. Configure action SSHToSerial to associate event IncSSHConn with response SSH20001ToSerial4: config action SSHToSerial event IncSSHConn response ssh20001toserial4 4. (optional) Verify that the SSH to asynchronous connection has been configured properly: show actions SSHToSerial The command response similar to the following displays: (Dub)>show actions SSHToSerial Action Name : SSHToSerial Action Description : Event Name : IncSSHConn Event Description : Event Originator : ssh :20001 Event Type : incoming-connection Response Name : SSH20001ToSerial4 Response Description : Response Responder : ssh :20001 Response Type : connect Response Parameters : dest=serial 4 (Dub)> 15-8

147 Configuring Mediation Connections: Configuring a SSH to Asynchronous Serial Connection 5. Configure controller serial 4 to connect and disconnect as DCD goes active and inactive: config controller serial 4 connect mode dcd config controller serial 4 disconnect mode dcd 6. Configure the application mode as destination: config controller serial 4 application destination 7. (optional) Verify that a connection is established: show connections The command response similar to the following displays: (Dub)>show connections ssh :20001:4 -> serial 4 (Dub)> Note: The 4 that comes after the TCP port number is an internal reference number generated by Remote RMM Save the configuration. 15-9

148 Configuring Mediation Connections: Configuring an Asynchronous Serial to Asynchronous Serial Connection Configuring an Asynchronous Serial to Asynchronous Serial Connection In this scenario, you will configure a mediation connection between two asynchronous serial controllers. You will set up an action, event and response that cause the controllers to connect. To configure an asynchronous serial to asynchronous serial connection: 1. Configure event serial2up with originator serial 2 and event type up: config event serial2up content serial 2 up 2. Configure response serial2connect with responder serial 2 and response type connect with destination serial 1: config response serial2connect content serial 2 connect dest serial 1 3. Configure action serial2toserial1 with event serial2up and response serial2connect: config action serial2toserial1 event serial2up response serial2connect 4. (optional) Verify that the asynchronous to asynchronous connection has been configured properly: show actions serial2toserial1 The command response similar to the following displays: (Dub)>show actions serial2toserial1 Action Name : serial2toserial1 Action Description : Event Name : serial2up Event Description : Event Originator : serial 2 Event Type : up Response Name : serial2connect Response Description : Response Responder : serial 2 Response Type : connect Response Parameters : dest=serial 1 (Dub)> 15-10

149 Configuring Mediation Connections: Configuring an Asynchronous Serial to Asynchronous Serial Connection 5. (optional) At the main prompt, configure controller serial 1 with application mode destination: config controller serial 1 application destination Note: By default, asynchronous serial controllers are configured to act as both sources and destinations for connections, which makes configuration of this command optional. 6. (optional) Configure connection mode activity: config controller serial 1 connect mode activity 7. Configure controller serial 2 application mode as source: config controller serial 2 application source 8. Configure connection mode dcd: config controller serial 2 connect mode dcd 15-11

150 Configuring Mediation Connections: Configuring an Asynchronous Serial to Asynchronous Serial Connection 9. (optional) Verify that the serial controllers have been configured properly: show controllers serial 1 The command response similar to the following displays: (Dub)>show controllers serial 1 serial 1 status=enabled link-state=down encapsulation= baud=9600 databits=8 stopbits=1 parity=none resource-state=unassigned flow-control=none linemode=rs232 dial-timer=1 init-string= connect-mode= activity rts-connect-mode=on dtr-connect-mode=on disconnect-mode= rts-disconnect-mode=off dtr-disconnect-mode=off parity-errors=0 description=asynchronous port application=destination (Dub)> show controllers serial 2 The command response similar to the following displays: (Dub)>show controllers serial 2 serial 2 status=enabled link-state=down encapsulation= baud=9600 databits=8 stopbits=1 parity=none resource-state=unassigned flow-control=none linemode=rs232 dial-timer=1 init-string= connect-mode=dcd rts-connect-mode=on dtr-connect-mode=on disconnect-mode= rts-disconnect-mode=off dtr-disconnect-mode=off parity-errors=0 description=asynchronous port application=source (Dub)> 10. (optional) Manually connect a device to controller serial 2 and send data. 11. (optional) Verify that a connection is established: show connections The command response similar to the following displays: (Dub)>show connections serial 2 -> serial 1 (Dub)> 12. Save the configuration

151 Configuring Mediation Connections: Configuring an Asynchronous Serial to TCP Connection Configuring an Asynchronous Serial to TCP Connection In this scenario, you will configure a mediation connection between an asynchronous serial controller and a TCP port. You will set up an action, event and response that cause the controller and TCP port to connect. To configure an asynchronous to TCP connection: 1. Configure event serial3up with originator serial 3 and event type up: config event serial3up content serial 3 up 2. Configure response serial3connecttonoc with responder serial 3 and response type connect. The destination of the connect response is TCP port 5001 at IP address : config response serial3connecttonoc content serial 3 connect dest tcp : Configure action serial3tonoc with event serial3up and response serial3connecttonoc: config action serial3tonoc event serial3up response serial3connecttonoc 4. (optional) Verify that the asynchronous to TCP connection has been configured properly: show actions serial3tonoc The command response similar to the following displays: (Dub)>show actions serial3tonoc Action Name : serial3tonoc Action Description : Event Name : serial3up Event Description : Event Originator : serial 3 Event Type : up Response Name : serial3connecttonoc Response Description : Response Responder : serial 3 Response Type : connect Response Parameters : dest=tcp :5001 (Dub)> 5. Configure the application mode as source: config controller serial 3 application source 15-13

152 Configuring Mediation Connections: Configuring an Asynchronous Serial to TCP Connection 6. (optional) Verify that a connection is established: show connections The command response similar to the following displays: (Dub)>show connections serial 3 -> tcp :5001 (Dub)> 7. Save the configuration

153 16 Configuring the DHCP Server This chapter provides information on configuring the DHCP server with an associated host and subnet. Guide to this Chapter DHCP Server Overview Configuring a DHCP Server Configuring a DHCP Server Subnet Configuring a Host on a DHCP Server Configuring BOOTP/DHCP Relay Configuring DHCP Client Support 16-1

154 Configuring the DHCP Server: DHCP Server Overview DHCP Server Overview The DHCP server lets hosts connected to Remote RMM-1400's Ethernet interfaces or bridge WAN interfaces request and obtain IP addresses from Remote RMM It also lets hosts discover information about the network to which they are attached. Available IP addresses are allocated by a network administrator who enters them into a DHCP configuration file. The DHCP protocol then automatically assigns new IP addresses to hosts from the pool of IP addresses. At startup, the DHCP server reads the DHCP configuration file and stores a list of available addresses on each subnet in memory. When a client requests an address, the DHCP server allocates an address for it. Each client is assigned a lease that expires after an amount of time chosen by the administrator. Clients to which leases are assigned are expected to renew them in order to continue to use the addresses. Once a lease has expired, the client to which that lease was assigned is no longer permitted to use the leased IP address. For more information on the DHCP client/server interaction, refer to Figure 16-1 on page

155 Configuring the DHCP Server: DHCP Server Overview The following example displays how the DHCP server distributes an IP address to a requesting client: Figure 16-1 DHCP Client/Server Interaction 16-3

156 Configuring the DHCP Server: Configuring a DHCP Server Configuring a DHCP Server In this scenario, you will: Enable DHCP authority mode Enable DHCP broadcast mode Configure the DHCP server to use a configuration file Configure the DHCP server to run on the bridge interface Configure the DHCP server subnet with an IP address and subnet mask. To configure the DHCP server settings: 1. At the main prompt, enable the DHCP authority mode: config dhcp-server authority 2. Enable the DHCP broadcast mode: config dhcp-server broadcast 3. Configure the DHCP server to run on interface bridge switch: config dhcp-server interface bridge switch 4. Configure the DHCP server subnet with IP address and subnet mask : config dhcp-server subnet Note: Up to 25 subnets are configurable on the DHCP server. For information on further DHCP server subnet configurations, refer to section Configuring a DHCP Server Subnet on page

157 Configuring the DHCP Server: Configuring a DHCP Server 5. (optional) Verify that the DHCP server has been configured properly: show dhcp-server The command response similar to the following displays: (Dub)>show dhcp-server Admin State: disabled Broadcast: enabled Authority: enabled Config file: Note: User specified configuration files will override configured DHCP server settings. Interfaces: bridge switch Subnets: /16 range= / router= default-lease=3600 max-lease=28800 DNS: Hosts: (Dub)> 6. Save the configuration. Tip: Remote RMM-1400 lets you specify a DHCP server configuration file. This file overrides any DHCP server settings configured in the Remote RMM-1400 CLI. If you do not specify the correct DHCP server configuration file, Remote RMM generates an error. The following command specifies file dhcpconfig1.txt as the DHCP configuration file: config dhcp-server config-file dhcpconfig1.txt The DHCP server configuration file must exist in Remote RMM-1400 directory /config/dhcp before you can specify it as the configuration file in the Remote RMM-1400 CLI. For information about creating a DHCP server configuration file, refer to the dhcpd.conf man page. 16-5

158 Configuring the DHCP Server: Configuring a DHCP Server Subnet Configuring a DHCP Server Subnet In this scenario, you will set up the following items for a DHCP server subnet: Configure a maximum lease time Configure a default lease time Configure a domain name server address Configure an IP address range Configure a router address. To configure settings for DHCP server subnet /16: 1. Configure maximum lease time 40000: config dhcp-server subnet /16 max-lease Configure default lease time 36000: config dhcp-server subnet /16 default-lease Configure domain name server : config dhcp-server subnet /16 domain-name-server Configure IP address range to : config dhcp-server subnet /16 range Configure router : config dhcp-server subnet /16 router

159 Configuring the DHCP Server: Configuring a DHCP Server Subnet 6. (optional) Verify that the DHCP server has been configured properly: show dhcp-server The command response similar to the following displays: (Dub)>show dhcp-server Admin State: disabled Broadcast: enabled Authority: enabled Config file: Note: User specified configuration files will override configured DHCP server settings. Interfaces: bridge switch Subnets: /16 range= / router= default-lease=36000 max-lease=40000 DNS: Hosts: (Dub)> 7. Save the configuration. 16-7

160 Configuring the DHCP Server: Configuring a Host on a DHCP Server Configuring a Host on a DHCP Server In this scenario, you will: Configure a DHCP server host Configure a host hardware address Configure a host IP address. To configure a host on a DHCP server: 1. Configure host firsthostconfig with hardware address 12:e3:a2:45:c5:b3: config dhcp-server host firsthostconfig hardware-address 12:e3:a2:45:c5:b3 2. Configure host firsthostconfig with IP address : config dhcp-server host firsthostconfig ip address Note: The host IP address must be within one of the subnetworks being served by the DHCP server. For more information, refer to section Configuring a DHCP Server Subnet on page (optional) Verify that the DHCP server has been configured properly: show dhcp-server The command response similar to the following displays: (Dub)>show dhcp-server Admin State: disabled Broadcast: enabled Authority: enabled Config file: Note: User specified configuration files will override configured DHCP server settings. Interfaces: bridge switch Subnets: /16 range= / router= default-lease=36000 max-lease=40000 DNS: Hosts: firsthostconfig MAC=12:E3:A2:45:C5:B3 IP= (Dub)> 4. Save the configuration. 16-8

161 Configuring the DHCP Server: Configuring BOOTP/DHCP Relay Configuring BOOTP/DHCP Relay In this scenario, you will configure the BOOTP/DHCP server and enable BOOTP/DHCP relay. When BOOTP/DHCP relay is enabled, Remote RMM-1400 acts as a BOOTP/DHCP relay agent; it passes BOOTP/DHCP configuration information between BOOTP/DHCP clients and servers. To configure and enable BOOTP/DHCP relay: 1. Configure the BOOTP/DHCP server IP address as : config dhcp-relay server Enable BOOTP/DHCP relay: config dhcp-relay enable 3. (optional) Verify that the BOOTP/DHCP relay settings have been configured properly: show dhcp-relay The command response similar to the following displays: (Dub)>show dhcp-relay bootp/dhcp relay is enabled bootp/dhcp relay servers: (Dub)> 4. Save the configuration. 16-9

162 Configuring the DHCP Server: Configuring DHCP Client Support Configuring DHCP Client Support In this scenario, you will enable DHCP client support and configure a ten-minute interval for Remote RMM-1400 to retry contacting the DHCP server. Note: DHCP client support cannot be enabled on the bridge group switch if a static IP address has already been configured. You must remove the static IP address before enabling DHCP client support. To enable DHCP client support and configure the retry-timeout interval: 1. Enable DHCP client support: config interface bridge switch ip dhcp enable 2. Configure the DHCP retry-timeout value as 10 minutes: config interface bridge switch ip dhcp retry-timeout (optional) Verify that the DHCP client settings have been configured properly: show interface bridge switch The command response similar to the following displays: Note: The DHCP-related statements (shown below in boldface type) do not appear unless DHCP client support is enabled. (Dub)>show interface bridge switch bridge switch system-name=br_switch status=enabled link-state=up address= /16 dhcp-status=enabled dhcp-state=bound dhcp-retry-timeout=10 dhcp-address= /16 dhcp-lease-acquired=fri Sep 17 13:57:37 EST 2010 dhcp-lease-expires=sun Sep 19 13:57:37 EST 2010 dhcp-routers= dhcp-server-id= Stats: Bytes Packets Errors Dropped Overrun Framing Rx Tx (Dub)> ethernet 4 Stats: Bytes Packets Errors Dropped Overrun Framing Rx Tx Save the configuration

163 17 Configuring the Peripheral Management Subsystem This chapter provides information on the expansion peripheral management subsystem and gives examples of how to configure RMB peripheral units. This subsystem provides communication, coordination, auto-discovery and state maintenance for Remote RMM-1400 peripheral management. Guide to this Chapter Peripheral Management Subsystem Overview Expansion Peripheral Unit Discovery Expansion Peripheral States Configuring Remote RMM-1400 to Manage an Expansion Peripheral Configuring Discrete I/O Points on an Expansion Peripheral Configuring Alarms for an Expansion Peripheral Configuring SNMP to Operate a Relay Output Directly Controlling a Relay Output Configuring SiteBus Devices for an Expansion Peripheral Disconnecting a Managed Expansion Peripheral 17-1

164 Configuring the Peripheral Management Subsystem: Peripheral Management Subsystem Overview Peripheral Management Subsystem Overview The peripheral management subsystem lets Remote RMM-1400 manage one or more peripheral units. The only peripheral units expressly supported by Remote RMM-1400 are the RMB-1 Peripheral Unit and RMB-2 Peripheral Unit. RMB-1 Peripheral Unit The RMB-1 peripheral unit (shown in Figure 17-1) contains the following inputs and outputs: Sixty-four digital bistate inputs Four relay outputs Four current inputs (4-20 ma) Four voltage inputs (0-10V, positive only) A four-terminal SiteBus Four sets of auxiliary terminals, which are not electrically connected to other RMB-1 I/O terminals Built-in temperature and humidity sensors Figure 17-1 RMB-1 Peripheral Unit 17-2

165 Configuring the Peripheral Management Subsystem: Peripheral Management Subsystem Overview RMB-2 Peripheral Unit The RMB-2 peripheral unit (shown in Figure 17-2) offers similar capabilities to RMB-1 in a chassis that is sized to be easily mounted in a standard 19-inch, 21-inch, or 23- inch rack. RMB-2 s digital bistate inputs support both wet and dry contacts, while RMB-1 s digital bistate inputs support dry contacts only. Figure 17-2 RMB-2 Peripheral Unit For technical specifications on RMB-1 and RMB-2 and for details on physically connecting to RMB terminals, see the Remote RMM-1400 Installation Guide. RMB-1 and RMB-2 Identification Each RMB peripheral unit has a name that is defined in the following format: RMB1-XXXXXX XXXXXX represents the low-order three bytes of the peripheral s MAC address (for example, RMB1-0E68F4). Note that the name begins with RMB1 regardless of whether the peripheral unit is an RMB-1 or an RMB