Setting up APC7920 PDU power distribution unit: IP address, web management HTTP, HTTPS, SSL, SSH

Channel:
Austria Donkey Learning IT
Subscribers:
39,000
Published on ● Video Link: https://www.youtube.com/watch?v=SPJvXvPEric


Duration: 29:10
43,647 views
216

00:33 FIRST STEP (optional, do it only if you got a used unit)
=======================================================



04:13 SECOND STEP: SET UP IP ADDRESS VIA FIRMWARE TRAP
=======================================================
Setting an IP address on your PDU in the case if you do have a console cable is really easy.
However, I assume that many people who have a new unit or a used one restored to factory defaults do not have such a proprietary serial cable. This is why the IP setup is done via an APC firmware trap using standard RJ45 ethernet, which should be available for all PDU owners. For the firmware trap, you first need to set up a static ARP entry on your computer connected to the network where the PDU is plugged in. First, check the MAC address of your PDU. Mine has the MAC address of 00:C0:B7:CC:70:F9. It should be printed at the bottom of the unit, or in the slip which came with the new PDU. Figure out the IP address of your PC plugged into the same network as the PDU you are trying to set up.
Linux command:
/sbin/ifconfig eth0 #(substitute eth0 with your ethernet interface)
Windows command:
ipconfig /all #(look through the output and search for your IP)
Next, decide on an unused IP address which you would like to give to the PDU. Ping this IP address to make sure, that it is not being used.
In my case I have picked 192.168.0.33. Both the Linux and Windows command is the same:
ping 192.168.0.33

Next, on your PC you set up a static ARP entry. For this you need to become the Administrator user!
On a Linux PC:
arp -s 192.168.0.33 00:C0:B7:CC:70:F9
On a Windows PC:
arp -s 192.168.0.33 00-C0-B7-CC-70-F9
The MAC address is not case sensitive, so you can use upper or lower-case.

Finally, we set the IP address via pinging it, using a specific packet size of 113Bytes, since the APC firmware trap has been set by the manufacturer to this specific packet type.
On a Linux PC:
ping 192.168.0.33 -s 113
On a Windows PC:
ping 192.168.0.33 -l 113
On a Mac:
ping -s 113 192.168.0.33



10:66 THIRD STEP: WEB MANAGEMENT SETUP, SSL AND HTTPS.
=======================================================
Open up a web-browser on the PC connected to your PDU, which now has an IP address set up on it. Paste into the address bar the IP address of your PDU, and open up an unencrypted HTTP session. Next, make sure, that you use some form of encryption. Although SSLv3 is no longer considered secure, it is still better than sending your precious passwords over a network through clear text. In newer web-browsers you will receive the SSL_ERROR_NO_CYPHER_OVERLAP, since the new browsers no longer allow you to override their security and use SSLv3. This is because SSLv3 has the so called Poodle vulnerability. Many old APC PDUs will not support newer encryptions (like TLS) so you will need to force your browser to open up an HTTPS session with your device. On my 7920 PDU there should be a firmware upgrade available, which makes it possible to use newer encryption than SSL. However, the microcontroller chip running inside these old PDUs and UPS devices is really bogged down even by SSL, meaning that with TLS they will likely get even slower and less responsive. On Linux you can use the Konqueror browser, where you can still add security exceptions.

When it comes to the DHCP setup, if you use a cheap router as your DHCP server, you need to make sure, that you untick the option regarding the vendor specific cookies. This is because the PDU otherwise will not accept DHCP offers from DHCP servers, which are not sending this specific field in their DHCP advertisement and DHCP offer packets. On more advanced DHCP servers you can set this up without issues, but you need to take care of this yourself, it does not work out-of-the-box.



24:51 FOURTH STEP: SET UP SSH VERSION 2
=======================================================
SSH setup for secure-shell access instead of clear-text Telnet.
You should set up SSH version 2 via the web management, and wait a while until the crypto-keys are generated on the PDU. Now you should be able to log in via SSH. I found, that one need to use the -M option to run SSH in master mode due to the old SSH server running on the PDU, and even so I often get "Broken Pipe" errors when I try to log in. The command on a Linux shell to log in via SSH, where apc is the username and 192.168.0.33 is the IP address of the PDU:
ssh -2 -l apc





=======================================================
You should most probably get rid of the static ARP entry from your PC. To do so, either reboot it, or remove them as the Administrator user.
Linux command:
arp -d 192.168.0.33

Windows command:
netsh interface ip delete arpcache



Other Videos By Donkey Learning IT


2017-07-24Howto repair switch mode power supplies #6: Basics of Linear Regulators and voltage references
2017-06-25Howto repair switch mode power supplies #5: Magnetic core materials, ferrite vs steel
2017-06-11Howto repair switch mode power supplies #4: Inductor in electronic circuits P2
2017-06-04Howto repair switch mode power supplies #3: Inductor in electronic circuits P1
2017-05-30Repair Cisco ASA5505 firewall not powering on: video reply to subscriber question
2017-05-04Howto repair switch mode power supplies #2: Stand-by circuit and its functionality
2017-04-02Howto repair switch mode power supplies #1: basics, and block diagram of a PSU
2017-02-25RAID arrays: RAID0 striping, mean time between failure, tracks, sectors, onsite and offsite backup
2017-02-05KVM hypervisor install on virtualization server: BIOS, VT-x, VT-d, Debian bootable USB
2017-02-02Type 1 bare metal vs Type 2 hosted hypervisors, and the VT-x extension: Basics of virtualization
2017-01-21Setting up APC7920 PDU power distribution unit: IP address, web management HTTP, HTTPS, SSL, SSH
2017-01-07Building an IKEA table-rack mounted lab for virtualization, CCNA-CCNP studies, and ZFS
2017-01-06Cheap home lab build: virtualization server, GNS3 for CCNA-CCNP rack, and ZFS
2016-12-25Building an IKEA Lack Rack on wheels for Cisco CCNA and virtualization home lab
2016-09-24Introduction to RAID arrays, basic concepts, sequential vs. random I/O, mechanical vs. SSD drives
2016-09-10Repair of a Cisco 2960G switch with amber LED via RAM chip replacement (FAIL/defect)
2016-09-03How to reflow a GPU from start to finish #2 reflow process and testing the repaired card
2016-09-02How to reflow a GPU from start to finish #1 preparing the card for BGA reflow
2016-08-30Tools for BGA and SMD rework #2 reballing, IR rework station, flux and profile development
2016-08-24Tools for BGA and SMD rework #1 soldering station, multimeter, screw drivers, microscope
2016-08-16500W Be Quiet! ATX power supply teardown, detailed overview and repair


Tags:
APC PDU
APC setup
APC7920
HTTP
HTTPS
SSL
SSH
howto
serial console
web management
security
TLS encryption