/2 |
Home > |
|---|
The HSM appliance is pre-configured with network settings left over from our manufacturing process and not recommended for your production network. The following procedure assumes that your network uses DNS. If you are configuring without a DNS server available, some of the commands on this and subsequent pages might be affected.
The SafeNet Network HSM supports port bonding, which allows you to bond eth0 and eth1 into a single port, bond0, to provide redundancy. See "SafeNet Network HSM Appliance Port Bonding" on page 1 for configuration instructions.
Note: Use a locally connected serial terminal when changing the appliance IP address, to avoid SSH admin console disconnection due to the change.
1.Use the network show command to display the current settings, to see how they need to be modified for your network.
lunash:>network show
Hostname: "mylunasa6"
Domain: "amer.sfnt.local"
IP Address (eth0): 172.20.17.200
HW Address (eth0): 00:15:B2:A1:AC:00
Mask (eth0): 255.255.255.0
Gateway (eth0): 172.20.17.10
Name Servers: 172.20.10.20 172.16.2.14
Search Domain(s): amer.sfnt.local sfnt.local
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
172.20.17.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
0.0.0.0 172.20.17.10 0.0.0.0 UG 0 0 0 eth0
Link status
eth0: Configured
Settings for eth0:
Supported ports: [ TP ]
Supported link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Full
Supports auto-negotiation: Yes
Advertised link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Full
Advertised auto-negotiation: Yes
Speed: 100Mb/s
Duplex: Full
Port: Twisted Pair
PHYAD: 2
Transceiver: internal
Auto-negotiation: on
Supports Wake-on: pumbg
Wake-on: g
Current message level: 0x00000007 (7)
Link detected: yes
eth1: Not configured
Command Result : 0 (Success)
2.Use network
hostname to set the hostname of the HSM appliance (use lowercase
characters).
lunash:> network hostname myluna3
Note: To access the HSM appliance, the hostname must be resolvable to an IP address on your network. See your Network Administrator for assistance with completing this step.
Note: The net hostname command expects a single-word text string. If you supply a name that includes a space, all text after the space is ignored. For example, if you typed: net hostname host name the system would assign a hostname of “host”. Therefore, if you want "host name", use "host_name" or "host-name" or "hostname" or similar.
Note: Enter a meaningful hostname to allow you to identify and manage multiple SafeNet appliances in your network.
3.Use network
domain to set the name of the network domain in which the HSM Server (appliance) is to operate.
lunash:> net domain safenet-inc.com
4.Use ‘network
dns add nameserver’ to set the Nameserver IP Address (address for the
local name server).
lunash:> net dns add nameserver 192.168.1.3
(substitute an appropriate address for the example; ask your Network
Administrator).
Note: Your network could have multiple DNS name servers. Repeat this step for any additional name servers.
Note: This command manually sets a DNS parameter for the HSM appliance. If you elect to use a DHCP server (see the net -interface command later in this section) rather than static IP, then this parameter is overwritten for the HSM appliance. In general, we strongly recommend against using DHCP for HSM appliances.
5.Use net dns add searchdomain to set the DNS Search Domain (the search list to be
used for hostname lookups).
lunash:> net dns add searchdomain safenet-inc.com
Note: Setting the Search Domain is important so that you can use short names for your client machines.
Note: Your network could have multiple DNS search domains. Repeat this step to add all search domains.
Note: This command manually sets a DNS parameter for the HSM appliance. If you elect to use a DHCP server (see the net -interface command later in this section) rather than static IP, then this parameter is overwritten for the SafeNet Network HSM.
6.Use network
interface to change network configuration settings.
All of the network
interface parameters are required for the IP setup of the ethernet
device, and must be set at the same time for the HSM appliance to connect
with your network.
lunash:>net interface -device eth0 -ip 192.168.11.82
-netmask 255.255.0.0 -gateway 192.168.1.1
Use addresses and mask values as provided by your network
administrator.
Note: The first [top] ethernet port (eth0) and the [bottom] ethernet port (eth1) on the HSM appliance's
back panel, are labeled 1/2
If you choose to configure the second ethernet port (eth1), repeat the network interface command, above, substituting ‘eth1’ and the appropriate address for that device. Even if you do not have a need for the second ethernet port, you should configure it, specifically to a test network (e.g., network interface –device eth1 –ip 192.168.1.254 –netmask 255.255.255.0) so that it does not affect the behavior of other SafeNet features (e.g., remote PED).
Note: If either interface is configured to use DHCP,
then the DNS parameters are overwritten for the entire HSM appliance.
It is not possible to have manual settings preserved for one interface,
while DHCP-derived settings are used for the other. In general, we
recommend against using DHCP for HSM appliances.
Note: If you have chosen to perform setup via ssh, rather than via the direct (serial) administrative connection, then you will likely lose your network connection at this point, as you confirm the change of IP address from the default setting.
View the new network settings with network show.
lunash:> network show
The network show command (described earlier) displays the current settings, so you can verify that they are now correct for your environment before attempting to use them.
(Next, go to Make Your Network Connection )