WTI SRM User Manual

Download or browse on-line these Operation & User’s Manual for WTI SRM Modem.

WTI SRM Manual Information:

This manual for WTI SRM, given in the PDF format, is available for free online viewing and download without logging on. The guide contains 128 pages, and the size of the file at download is . The document type is Operation & User’s Manual.

Download Manual

Summary of Contents:

[Page 1] WTI SRM

WTI Part No. 14439 Rev. A SRM Secure Rack Modems User's Guide ...

[Page 2] WTI SRM

i Warnings and Cautions: Installation Instructions Secure Racking If Secure Racked units are installed in a closed or multi-unit rack assembly, they may require further evaluation by Certification Agencies. The following items must be considered. ...

[Page 3] WTI SRM

ii Warnings and Cautions Disconnect Power If any of the following events are noted, immediately disconnect the unit from the outlet and contact qualified service personnel: 1. If the power cord becomes frayed or damaged. 2. If liquid has been spil...

[Page 4] WTI SRM

iii Agency Approvals FCC Part 15 Regulation This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to part 15 of the FCC Rules. These limits are designed to provide reasonable protection against ha...

[Page 5] WTI SRM

iv Table of Contents 1. Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 2. UnitDescription. . . . . . . . . . . . . . . . . . . . . . . . . . . ....

[Page 6] WTI SRM

Table of Contents v 6. ConfigurationOptions(continued) 6.4. Managing User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-17 6.4.1. Viewing User Accounts . . . . . . . . . . . ...

[Page 7] WTI SRM

Table of Contents vi 9. Telnet&SSHFunctions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-1 9.1. Network Port Numbers . . . . . . . . . . . . . . . . . . . . . . . . . . ...

[Page 8] WTI SRM

Table of Contents vii List of Figures 2.1. Front Panel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1 2.2. Back Panel . . . . . . . . . . . . . . . . . . . . . . . . . ...

[Page 9] WTI SRM

1-1 1. Introduction The SRM Secure Rack Modem is designed for applications that require secure, dial-up access to remote, rack mounted network elements. In addition to password security and a multi-level user directory, the SRM also supports SSHv...

[Page 10] WTI SRM

1-2 Introduction Typographic Conventions ^ (e.g. ^X) Indicates a control character. For example, the text "^X" (Control X) indicates the [Ctrl] key and the [X] key must be pressed simultaneously. COURIER FONT Indicates characters t...

[Page 11] WTI SRM

2-1 2. Unit Description 2.1. Front Panel As shown in Figure 2.1, the SRM front panel includes the following components:  RESET: Can be used to restart the SRM operating system as described in Section 2.3.  DEFAULT: Can be used to init...

[Page 12] WTI SRM

2-2 Unit Description 2.2. Back Panel As shown in Figure 2.2, the SRM Back Panel includes the following components:  PowerInlet: An IEC-320-C14 inlet, for connection to your 100 to 240 VAC power supply. Note: 48 VDC powered models includ...

[Page 13] WTI SRM

2-3 Unit Description 2.3. Front Panel Button Functions The front panel buttons can be used to perform several functions described below: Notes: • FrontPanelbuttonfunctionscanalsobedisabledviatheSystemParameters�...

[Page 14] WTI SRM

3-1 3. Getting Started This section describes a simplified installation procedure for the SRM hardware, which will allow you to communicate with the unit in order to demonstrate basic features and check for proper operation. Note that this Quick ...

[Page 15] WTI SRM

3-2 Getting Started 3.3. Communicating with the SRM The SRM command mode can be used to configure the unit's internal modem, selected communication parameters, define user accounts and to perform other unit management related functions. When...

[Page 16] WTI SRM

3-3 Getting Started 2. Username/PasswordPrompt: A message will be displayed, which prompts you to enter your username (Login) and password.. The default username is "super" (all lower case, no quotes), and the default password...

[Page 17] WTI SRM

3-4 Getting Started 3.4. Basic Modem Commands This section describes basic Modem AT commands that can be used to demonstrate basic modem capabilities. For a complete list of available modem commands, please refer to the AT Command Reference Guide...

[Page 18] WTI SRM

3-5 Getting Started 3.5. The WMU Enterprise Management Solution The WMU Enterprise Management Solution provides a centralized interface that can be used to configure, manage and control multiple WTI out-of-band management devices spread throughout...

[Page 19] WTI SRM

4-1 4. Hardware Installation 4.1. Connecting the Power Supply Cables 4.1.1. Connect the SRM to Your Power Supply Refer to the cautions listed below and at the beginning of this User's Guide, and then connect the SRM unit to an appropriate po...

[Page 20] WTI SRM

4-2 Hardware Installation 4.2. Cable Connection 4.2.1. Connecting the Network Cable The Network Port is an RJ45 Ethernet jack, for connection to a TCP/IP network. Connect your 100Base-T cable to the Network Port. Note that the SRM includes a de...

[Page 21] WTI SRM

5-1 5. Basic Operation 5.1. Communicating with the SRM Unit via Network or Setup Port In order to configure the SRM, you must connect to the unit via Network or Setup Port, and access command mode. Note that, the SRM offers two separate configura...

[Page 22] WTI SRM

5-2 Basic Operation To access command mode via the Text Interface, proceed as follows: Note: Whencommunicatingwiththeunitforthefirsttime,youwillnotbeable tocontacttheunitviaTelnetuntilyo...

[Page 23] WTI SRM

5-3 Basic Operation 5.1.2. The Web Browser Interface The Web Browser Interface consists of a series of web forms, which can be used to select configuration parameters by selecting buttons and/or entering text into designated fields. Note:In�...

[Page 24] WTI SRM

5-4 Basic Operation 5.2. Configuring the SRM for Common Applications Depending on the configuration parameters selected, the SRM can be used for the following types of applications: • Dial-UpAccesstoaDeviceConnectedtothe�...

[Page 25] WTI SRM

5-5 Basic Operation 5.2.2. Network Accessible Shared Modem The second most common application for the SRM is to serve as a network accessible shared modem. This type of application provides users who do have network access but don't have a m...

[Page 26] WTI SRM

5-6 Basic Operation 5.2.3. Dial-Up Access to Outbound SSH/Telnet This application allows users to dial-in to the SRM unit, and then create an outbound SSH or Telnet connection to other devices on the network where the SRM resides. In cases where ...

[Page 27] WTI SRM

6-1 6. Configuration Options This section describes the basic configuration options for SRM units. 6.1. Configuration Menus Although the Web Browser Interface and Text Interface (Command Line Interface) provide two separate means for selecting p...

[Page 28] WTI SRM

6-2 Configuration Options 6.2. Defining System Parameters The System Parameters menus are used to define the Site ID Message, set the system clock and calendar, set up data logging functions and calibrate temperature readings. In the Text Interfa...

[Page 29] WTI SRM

6-3 Configuration Options • TemperatureFormat: Determines whether the temperature is displayed as Fahrenheit or Celsius. (Default = Fahrenheit) • TemperatureCalibration: Used to calibrate the unit's internal temperature sensi...

[Page 30] WTI SRM

6-4 Configuration Options • ScriptingOptions: Provides access to parameters that are used to set up the SRM unit for running various scripts as described in Section 6.2.5. Notes: • ThefunctionsprovidedbytheScriptingO...

[Page 31] WTI SRM

6-5 Configuration Options 6.2.1. The Real Time Clock and Calendar The Real Time Clock menu is used to set the SRM's internal clock and calendar. The configuration menu for the Real Time Clock offers the following options: • Date: Sets t...

[Page 32] WTI SRM

6-6 Configuration Options • SecondaryNTPAddress: Defines the IPv4 and/or IPv6 protocol IP address or domain name for the secondary, fallback NTP Server. (Default = undefined) Notes: • Inordertousedomainnamesfor...

[Page 33] WTI SRM

6-7 Configuration Options 6.2.2. The Serial Port Invalid Access Lockout Feature When properly configured and enabled, the Invalid Access Lockout feature can watch all login attempts made via SSH connection, Telnet connection, web browser or the se...

[Page 34] WTI SRM

6-8 Configuration Options • SSHProtection: Enables/Disables and configures the Invalid Access function for SSH connections. When this item is enabled and excessive Invalid Access Attempts via SSH are detected, then the SRM will lock out t...

[Page 35] WTI SRM

6-9 Configuration Options • WebProtection: Enables/Disables and configures the Invalid Access function for Web connections. When this item is enabled and excessive Invalid Access Attempts via Web are detected, then the SRM will lock out t...

[Page 36] WTI SRM

6-10 Configuration Options 6.2.3. Log Configuration This feature allows you to create records of command activity, alarm actions and temperature readings for the SRM unit. The Log features are enabled and configured via the System Parameters Menu...

[Page 37] WTI SRM

6-11 Configuration Options 6.2.3.3. Reading, Downloading and Erasing Logs To read or download the status logs, proceed as follows: • TextInterface: Type /L and press [Enter] to access the Display Log menu. Key in the number for the desire...

[Page 38] WTI SRM

6-12 Configuration Options 6.2.4. Callback Security The Callback function provides an additional layer of security when users attempt to access the SRM's command mode via modem. When this function is properly configured, modem users will not...

[Page 39] WTI SRM

6-13 Configuration Options • CallbackDelay: The amount of time that the SRM will wait between Callback attempts. (Default = 30 seconds) Notes: • AfterconfiguringandenablingCallbackSecurity,youmustthendefine�...

[Page 40] WTI SRM

6-14 Configuration Options • ReverseDNS: Determines the manner in which ARP requests are handled. When enabled (On,) the unit will check an external DNS in order to resolve domain names. When disabled (Off,) the unit will not check an ex...

[Page 41] WTI SRM

6-15 Configuration Options 6.3. User Accounts Each time you attempt to access command mode, you will be prompted to enter a username (login) and password. The username and password entered at login determine which serial port(s) you will be allow...

[Page 42] WTI SRM

6-16 Configuration Options In the default state, the SRM includes one predefined account that provides access to Administrator commands and allows to control of all of the SRM's serial ports. The default username for this account is "sup...

[Page 43] WTI SRM

6-17 Configuration Options 6.4. Managing User Accounts The User Directory function is employed to create new accounts, display parameters for existing accounts, modify accounts and delete accounts. Up to 128 different user accounts can be created...

[Page 44] WTI SRM

6-18 Configuration Options • PortAccess: Determines which SRM Serial Ports this account will be allowed to access. (Defaults; Administrator & SuperUser = All Ports On, User and ViewOnly = undefined) Notes: • Administratoran...

[Page 45] WTI SRM

6-19 Configuration Options • AuthorizationKeys: This item can be used to assign an SSH Authorization Key to the user account, view assigned authorization keys or delete assigned authorization keys. When a valid authorization key is assign...

[Page 46] WTI SRM

6-20 Configuration Options 6.5. Modem and Serial Port Configuration The Serial Port Configuration menus allow you to select parameters for the SRM's serial RJ45 SetUp Port, Modem Port and internal modem. When responding to prompts, invoking ...

[Page 47] WTI SRM

6-21 Configuration Options 6.5.2.1. Serial SetUp Port Parameters The Serial Port Configuration menu allows the following parameters to be defined for the Serial SetUp Port. Note: ParametersdefinedfortheSerialSetUpPortwill...

[Page 48] WTI SRM

6-22 Configuration Options 6.5.2.3. Internal Modem Parameters The Serial Port Configuration menu allows the following parameters to be defined for the Internal Modem. CommunicationSettings: • BaudRate: Any standard rate from 300 bps t...

[Page 49] WTI SRM

6-23 Configuration Options ModemParameters: • PortMode: Sets the operation mode for the internal modem to either Modem Mode (standard modem mode) or Modem PPP Mode. (Default = Modem Mode) Depending on the Port Mode selected, the SRM...

[Page 50] WTI SRM

6-24 Configuration Options  Reset/NoDialtoneScaler: Determines the number of Periodic Modem Reset sequences that must occur in order to initiate a No Dialtone Check. If this parameter is set to "0," then the No Dialtone Alarm ...

[Page 51] WTI SRM

6-25 Configuration Options  Reset/NoDialtoneScaler: Determines the number of Periodic Modem Reset sequences that must occur in order to initiate a No Dialtone Check. If this parameter is set to "0," then the No Dialtone Alarm ...

[Page 52] WTI SRM

6-26 Configuration Options 6.6. Network Configuration The Network Parameters Menus are used to select parameters and options for the Network Port and also allow you to implement various security and authentication features. To access the Network ...

[Page 53] WTI SRM

6-27 Configuration Options 6.6.1. Network Port Parameters In the Text Interface, these parameters are found in the main Network Configuration menu In the Web Browser Interface, these parameters are found by placing the cursor over the "Netwo...

[Page 54] WTI SRM

6-28 Configuration Options • InactivityTimeout: Enables and selects the Inactivity Timeout period for the Network Port. If enabled, and the port does not receive or transmit data for the specified time period, the port will disconnect. (...

[Page 55] WTI SRM

6-29 Configuration Options 6.6.2. Network Parameters In the Text Interface, these parameters are accessed via the main Network Configuration menu, which is activated by typing /N (for IPv4 parameters) or /N6 (for IPv6 parameters) and then pressing...

[Page 56] WTI SRM

6-30 Configuration Options • TelnetAccess: Enables/disables Telnet access. When Telnet Access is "Off," users will not be allowed to establish a Telnet connection to the unit or initiate outbound Telnet or SSH connections. (Def...

[Page 57] WTI SRM

6-31 Configuration Options • HTTPSPort: Selects the TCP/IP port number that will be used for HTTPS connections. (Default = 443) Notes: • IntheTextInterface,HTTPandHTTPSparametersresideinaseparate su...

[Page 58] WTI SRM

6-32 Configuration Options • SNMPAccess: Displays a submenu which is used to define SNMP Access parameters as described in Section 6.6.6. Note:TodefineSNMPAccessparametersviatheWebBrowserplacethe curso...

[Page 59] WTI SRM

6-33 Configuration Options • OutboundAccess: Enables/Disables the ability to create outbound Telnet and/ or SSH connections via the SRM's Network Port. When enabled, users who are connected to the SRM command mode via one of the seria...

[Page 60] WTI SRM

6-34 Configuration Options 6.6.3. IP Security The IP Security feature allows the SRM to restrict unauthorized IPv4 or IPv6 format IP addresses from establishing inbound Telnet connections to the unit. This allows you to grant Telnet access to onl...

[Page 61] WTI SRM

6-35 Configuration Options 6.6.3.1. Adding IP Addresses to the Allow and Deny Lists To add an IPv4 or IPv6 format IP Address to the Allow or Deny list, and begin configuring the IP Security feature, proceed as follows. Notes: • Boththe...

[Page 62] WTI SRM

6-36 Configuration Options 6.6.3.2. Linux Operators and Wild Cards In addition to merely entering a specific IP address or partial IP address in the Allow or Deny list, you may also use any standard Linux operator or wild card. In most cases, the...

[Page 63] WTI SRM

6-37 Configuration Options 2. MostlyOpen: Access is granted by default, and the only clients denied access, are those explicitly listed in the Deny list, and as exceptions in the Allow list. To allow access to all clients except 192.255.255.1...

[Page 64] WTI SRM

6-38 Configuration Options 6.6.6. SNMP Access Parameters These menus are used to select access parameters for the SNMP feature. In the Text Interface, the SNMP Access Parameters menu is accessed via the Network Configuration menu. In the Web Bro...

[Page 65] WTI SRM

6-39 Configuration Options • Authentication/Privacy: Configures the Authentication and Privacy features for SNMPv3 communication. The Authentication / Privacy parameter offers two options, which function as follows: 1. Auth/noPriv: A...

[Page 66] WTI SRM

6-40 Configuration Options 6.6.7. SNMP Trap Parameters These menus are used to select parameters that will be used when SNMP traps are sent. For more information on SNMP Traps, please refer to Section 11. In the Text Interface, the SNMP Trap Par...

[Page 67] WTI SRM

6-41 Configuration Options 6.6.8. LDAP Parameters The SRM supports LDAP (Lightweight Directory Access Protocol,) which allows authentication via the "Active Directory" network Directory Service. When LDAP is enabled, command access righ...

[Page 68] WTI SRM

6-42 Configuration Options • LDAPPort: Defines the port that will be used to communicate with the LDAP server. (Default = 389) • TLS/SSL: Enables/Disables TLS/SSL encryption. Note that when TLS/SSL encryption is enabled, the LDAP P...

[Page 69] WTI SRM

6-43 Configuration Options • Debug: This option is used to assist WTI Technical Support personnel with the diagnosis of LDAP issues. (Default = Off) • PingTest: Allows you to ping IP addresses or domain names that have been defined ...

[Page 70] WTI SRM

6-44 Configuration Options 6.6.8.2 Viewing LDAP Groups If you want to examine an existing LDAP group definition, the "View LDAP Groups" function can be used to review the group's parameters. 6.6.8.3. Modifying LDAP Groups If you wan...

[Page 71] WTI SRM

6-45 Configuration Options 6.6.9. TACACS Parameters The TACACS Configuration Menus offer the following options: • Enable: Enables/disables the TACACS feature at the Network Port. (Default = Off) • PrimaryAddress: The IP address or do...

[Page 72] WTI SRM

6-46 Configuration Options  PortAccess: Determines the default Port Access setting for new TACACS users. The Port Access setting determines which serial ports each account will be allowed to control. (Defaults; Administrator and SuperUser...

[Page 73] WTI SRM

6-47 Configuration Options 6.6.10. RADIUS Parameters In the Text Interface, the RADIUS Parameters menu is accessed via the Network Configuration menu (/N for IPv4 parameters or /N6 for IPv6 parameters.) In the Web Browser Interface, both IPv4 and...

[Page 74] WTI SRM

6-48 Configuration Options • AccountingPort: The Accounting Port number for the RADIUS function. (Default = 1813) • Debug: (Text Interface Only) When enabled, the SRM will put RADIUS debug information into Syslog. (Default = Off) �...

[Page 75] WTI SRM

6-49 Configuration Options 6.6.10.1. Dictionary Support for RADIUS The RADIUS dictionary file can allow you to define a user and assign command access rights and port access rights from a central location. The RADIUS dictionary file, "dictiona...

[Page 76] WTI SRM

6-50 Configuration Options 6.6.11. Email Messaging Parameters The Email Messaging menu is used to define parameters for email messages that the SRM can send to notify you when an alarm is triggered. To define email message parameters, access the ...

[Page 77] WTI SRM

6-51 Configuration Options 6.7. Save User Selected Parameters It is strongly recommended to save all user-defined parameters to a file as described in Section 13. This will allow quick recovery in the event of accidental deletion or reconfigurati...

[Page 78] WTI SRM

7-1 7. Alarm Configuration When properly configured, the SRM can monitor temperature readings, ping command response and a number of other factors at network installation sites and log this information for future review. When any monitored condit...

[Page 79] WTI SRM

7-2 Alarm Configuration 7.1. The Over Temperature Alarms The Over Temperature Alarms can inform you when temperatures inside your equipment rack reach or exceed user specified trigger levels. There are two separate Over Temperature Alarms; the In...

[Page 80] WTI SRM

7-3 Alarm Configuration • AlarmSetThreshold: The trigger level for this alarm. When temperature exceeds the Alarm Set Threshold, the SRM can send an alarm (if enabled.) (Initial Threshold: Default = 110°F or 43°C, Critical Threshol...

[Page 81] WTI SRM

7-4 Alarm Configuration 7.2. The Ping-No-Answer Alarm The Ping-No-Answer Alarm can be used to provide notification when a device at a target IP address fails to respond to a ping command. When properly configured and enabled, the Ping-No-Answer A...

[Page 82] WTI SRM

7-5 Alarm Configuration Note that both the Text Interface and the Web Browser Interface include menu options that allow you to either View previously defined Ping No Answer IP Addresses, add new Ping No Answer Addresses, Modify previously defined P...

[Page 83] WTI SRM

7-6 Alarm Configuration • PNAAction: Determines how the Ping No Answer Alarm will react when this IP address fails to respond to a ping. If "Continuous Alarm" is selected, the SRM will continue to generate new alarms until the P...

[Page 84] WTI SRM

7-7 Alarm Configuration • EmailMessage: Enables/Disables email notification for this alarm. (Default = On) • Address1,2,and3: These parameters are used to select which of the three email addresses defined via the "Em...

[Page 85] WTI SRM

7-8 Alarm Configuration 7.3. The Serial Port Invalid Access Lockout Alarm The Serial Port Invalid Access Lockout Alarm can provide notification when the SRM has locked the serial SetUp port due to repeated, invalid attempts to access command mode...

[Page 86] WTI SRM

7-9 Alarm Configuration • ResendDelay: Determines how long the SRM will wait to resend an email message generated by this alarm, when the initial attempt to send the notification was unsuccessful. (Default = 60 Minutes) • NotifyUp...

[Page 87] WTI SRM

7-10 Alarm Configuration 7.4. The Power Cycle Alarm The Power Cycle Alarm can provide notification when all input power to the SRM unit is lost and then restored. When the power supply is lost and then restored, the SRM can provide notification v...

[Page 88] WTI SRM

7-11 Alarm Configuration 7.5. The No Dialtone Alarm The No Dialtone Alarm enables the SRM to monitor the phone line connected to the SRM phone port, and then provide notification if the SRM detects that the phone line is dead or no dialtone is pre...

[Page 89] WTI SRM

7-12 Alarm Configuration • ResendDelay: Determines how long the SRM will wait to resend an email message generated by this alarm, when the initial attempt to send the notification was unsuccessful. (Default = 60 Minutes) • NotifyU...

[Page 90] WTI SRM

8-1 8. The Status Screens The Status Screens are used to display status information about the SRM serial ports, Network Port, Temperature Log, Alarm Log and Audit Log. The Status Screens are available via both the Text Interface and Web Browser I...

[Page 91] WTI SRM

8-2 The Status Screens 8.3. The Port Status Screen The Port Status screen shows the current status of the SRM's Serial SetUp Port, Serial Modem Port and Modem, including the user-defined port name and port mode for each Serial Port, as well a...

[Page 92] WTI SRM

8-3 The Status Screens 8.6. The Port Parameters Screens The /W (Who) command displays more detailed information about an individual SRM serial port. Rather than listing general connection information for all ports, the Port Parameters screen lis...

[Page 93] WTI SRM

8-4 The Status Screens 8.7. The Event Logs The Event Logs can be used to review recent user activity, alarm events and temperature trends that have been recorded by the SRM unit. In order to view, download or erase the event logs, you must access...

[Page 94] WTI SRM

9-1 9. Telnet & SSH Functions 9.1. Network Port Numbers Whenever an inbound Telnet or SSH session connects to the SRM's serial SetUp port, the Port Status Screen and Port Diagnostics Screen will indicate that the serial port is presently...

[Page 95] WTI SRM

9-2 Telnet & SSH Functions 9.3. Creating an Outbound Telnet Connection The SRM includes a /TELNET command, that can be used to create an outbound Telnet connection. In order to use the /TELNET command, you must access the SRM's Text Inte...

[Page 96] WTI SRM

9-3 Telnet & SSH Functions 9.4. Creating an Outbound SSH Connection The SRM's /SSH command can be used to create an outbound SSH connection. In order to use the /SSH command, you must access the SRM's Text Interface command mode usi...

[Page 97] WTI SRM

10-1 10. Syslog Messages The Syslog feature can create log records of each Alarm Event. As these event records are created, they are sent to a Syslog Daemon, located at an IP address defined via the Network Parameters menu. 10.1. Configuration I...

[Page 98] WTI SRM

11-1 11. Operation via SNMP If SNMP Access Parameters have been defined as described in Section 6.6.6, then you will be able to manage user accounts, control power and reboot switching and display unit status via SNMP. This section describes SNMP...

[Page 99] WTI SRM

11-2 Operation via SNMP 11.3. Configuration via SNMP SRM User accounts can be viewed, created, modified, and deleted via SNMP. User accounts are arranged in a table of 128 rows, and indexed 1-128. User account parameters, as seen through the SNM...

[Page 100] WTI SRM

11-3 Operation via SNMP 11.3.1. Viewing Users To view users, issue a GET request on any of the user parameters for the index corresponding to the desired user. 11.3.2. Adding Users For an empty index, issue a SET request on the desired parameters....