IOLAN SDS/SCS/STS/MDC User’s Guide Version 4.
Copyright Statement This document must not be reproduced in any way whatsoever, either printed or electronically, without the consent of: Perle Systems Limited, 60 Renfrew Drive Markham, ON Canada L3R 0E1 Perle reserves the right to make changes without further notice, to any products to improve reliability, function, or design. Perle, the Perle logo, and IOLAN are trademarks of Perle Systems Limited.
Table of Contents Preface ...............................................................................25 About This Book ........................................................................ 25 Intended Audience..................................................................... 25 Documentation........................................................................... 25 Typeface Conventions............................................................... 26 Online Help ..............................
Table of Contents Power Supply Specifications.................................................... 33 Desktop Models ...................................................................................... 33 Power Over Ethernet (PoE) Models................................................... 33 I/O Models ............................................................................................... 34 Rack Mount Models (except Electric Utility models) .......................... 34 DC Power Requirements .....
Table of Contents Medical Unit Models ............................................................................... 46 Terminal Block Models .......................................................................... 46 DC Power Models (excluding Electric Utility models) ........................ 47 Disconnecting 48V Power Supplies from the IOLAN ......................... 48 Electric Utility Models ............................................................................ 48 Wiring ......................
Table of Contents Access Platforms ................................................................................... 63 Features................................................................................................... 63 Connecting to the IOLAN Using the CLI............................................... 63 Through the Network.......................................................................... 63 Through the Serial Port .....................................................................
Table of Contents Easy Configuration Wizard ....................................................... 76 Setting Up the Network ............................................................. 77 Using DeviceManager ............................................................................ 77 Using WebManager ................................................................................ 78 Using a Direct Serial Connection to Specify an IP Address...............
Table of Contents Introduction ................................................................................ 92 IP Settings .................................................................................. 93 IPv4 Settings ........................................................................................... 93 Overview ............................................................................................ 93 Field Descriptions..................................................................
Table of Contents Overview .......................................................................................... 112 Field Descriptions............................................................................. 112 Adding/Editing an IPv6 Tunnel......................................................... 113 Chapter 7 Configuring Serial Ports ...............................114 Introduction .............................................................................. 114 Serial Ports ..................
Table of Contents UDP Sockets Profile ............................................................................. 146 Overview .......................................................................................... 146 Functionality ..................................................................................... 146 General Tab Field Descriptions........................................................ 149 Advanced Tab Field Descriptions ....................................................
Table of Contents Modbus Slave IP Settings Field Descriptions .................................. 182 Adding/Editing Modbus Slave IP Settings........................................ 184 Modbus Slave Advanced Settings Field Descriptions...................... 185 Power Management Profile.................................................................. 187 Overview .......................................................................................... 187 Functionality .....................................
Table of Contents Overview .......................................................................................... 211 Functionality ..................................................................................... 211 Field Definitions................................................................................ 211 Chapter 8 Configuring Users .........................................212 Introduction ..............................................................................
Table of Contents General Field Descriptions............................................................... 226 Attributes Field Descriptions ............................................................ 227 Kerberos................................................................................................ 228 Field Descriptions............................................................................. 228 LDAP/Microsoft Active Directory ........................................................
Table of Contents L2TP/IPsec ............................................................................................ 248 Field Descriptions............................................................................. 248 Exceptions ............................................................................................ 249 Field Descriptions............................................................................. 249 Adding/Editing a VPN Exception...............................................
Table of Contents UDP Functionality................................................................................. 266 Overview .......................................................................................... 266 Field Descriptions............................................................................. 266 I/O UDP Settings.............................................................................. 267 Temperature Functionality .............................................................
Table of Contents I/O Modbus Slave ..................................................................... 292 Modbus Serial Application Connected to the Serial Port ................. 292 Modbus Serial Application Connected to the Network..................... 292 Modbus TCP Application ..................................................................... 293 Modbus I/O Access.................................................................. 293 Function Codes ................................................
Table of Contents Adding Clustering Slaves .................................................................... 306 Overview .......................................................................................... 306 Field Descriptions............................................................................. 306 Advanced Clustering Slave Options................................................... 307 Overview ..........................................................................................
Table of Contents SNMP ..................................................................................................... 319 Overview .......................................................................................... 319 SNMP Tab Field Descriptions .......................................................... 319 SNMP Traps Tab Field Descriptions................................................ 321 Time ................................................................................................
Table of Contents Introduction .............................................................................. 339 Managing Configuration Files ................................................ 339 Saving Configuration Files .................................................................. 339 Downloading Configuration Files ....................................................... 340 Downloading Configuration Files to Multiple IOLANs ...................... 341 Uploading Configuration Files .................
Table of Contents Chapter 16 Applications .................................................352 Introduction .............................................................................. 352 Configuring Modbus................................................................ 352 Overview................................................................................................ 352 Configuring a Master Gateway......................................................... 352 Configuring a Slave Gateway.......
Table of Contents Mapped RADIUS Parameters to IOLAN Parameters ......................... 382 Perle RADIUS Dictionary Example...................................................... 384 TACACS+ .................................................................................. 386 Accessing the IOLAN Through a Serial Port Users .......................... 386 Accessing the IOLAN Through a Serial Port User Example Settings388 Accessing the IOLAN from the Network Users .................................
Table of Contents RJ45................................................................................................. 406 DB9 Male ......................................................................................... 407 Appendix E Setting Jumpers .........................................408 Introduction .............................................................................. 408 1-Port IOLAN DB25 Male/Female ........................................................ 408 1-Port IOLAN RJ45 ......
Table of Contents TruePort .................................................................................... 420 API I/O Access Over TruePort ................................................ 421 API Request Format ............................................................................. 421 API Response Format .......................................................................... 421 Error Codes...................................................................................... 422 Decoder...
Table of Contents RADIUS Authentication Problems.......................................... 438 Login Problems........................................................................ 439 Problems with Terminals ........................................................ 439 Unknown IP Address ............................................................... 440 DHCP/BOOTP Problems.......................................................... 440 Callback Problems......................................................
Table of Contents Configuring the Modbus UID Translation Feature ................ 447 Appendix L Symmetric Key File.....................................449 Symmetric Key File.................................................................. 449 Appendix M Troubleshooting the USB Modem ............450 Modem not connecting to the network. ................................. 450 USB Modem Support and Custom Options.......................... 453 Downloading Custom USB Modem Configuration Files.................
Preface About This Book This guide provides the information you need to: z configure the IOLAN z incorporate the IOLAN into your production environment Intended Audience This guide is for administrators who will be configuring the IOLAN. Some prerequisite knowledge is needed to understand the concepts and examples in this guide: z If you are using an external authentication application(s), working knowledge of the authentication application(s).
Typeface Conventions Typeface Conventions Most text is presented in the typeface used in this paragraph. Other typefaces are used to help you identify certain types of information. The other typefaces are: Typeface Example Usage At the C: prompt, type: This typeface is used for code examples and systemgenerated output. It can represent a line you type in, or a piece of your code, or an example of output. add host Set the value to TRUE.
1 Introduction Chapter 1 About the IOLAN The IOLAN is an Ethernet communications/terminal server that allows serial devices to be connected directly to LANs. The IOLAN can connect to a wide range of devices including: z Terminals for multi-user UNIX systems z Data acquisition equipment (manufacturing, laboratory, scanners, etc.) z Retail point-of-sale equipment (bar coding, registers, etc.
IOLAN Features 60601-1 and has galvanically isolated EIA-232 serial ports. The MDC model has the advanced secure IOLAN feature set in addition to the general IOLAN functionality. z HL— Offered as a 4-port unit (RJ45 only), this model is a Hazard Location model. The SDS HL model is suitable for use in Class I, Divison 2 groups A, B, C, D or unclassified locations. NOTE: z In order to comply with the ATEX directive, the IOLAN SDS4 HL must be installed in an ATEX certified IP54 min.
IOLAN Features Hardware Features Auto Sensing Ethernet Interface IOLAN Models 10/100 z z z z z z z z z 10/100/1000 z z PCI Interface z z Optional V.92 Modem z Power over Ethernet External AC z z I/O Interface Power Supply z z z z z z z z 2 z 2 z Internal AC DC z z z z Dedicated Console Port z z z z z z z z Note 1: Not supported on STS8-D. Note 2: Optional power supply. Software This section describes the supported software features available.
IOLAN Features z ‘Fixed tty’ support for several operating systems using Perle’s TruePort utility. z DHCP/BOOTP for automated network-based setup. z Dynamic statistics and line status information for fast problem diagnosis. z Multisession support when accessing the IOLAN from either the serial port or the network. z Modbus master/slave/gateway support. z An SDK for custom programs and plugin support. z I/O interface on the IOLAN I/O models (Analog, Temperature, Digital, and Relay).
IOLAN Features z SSH client/server connections (SSH 1 and SSH 2). z SSL/TLS client/server data encryption (TLSv1 and SSLv2). z Ability to setup Virtual Private Networks. z Access to firewalled/Nated devices via HTTP tunnels.
2 Hardware and Connectivity Chapter 2 Introduction This chapter describes how to physically set up your IOLAN unit. It includes an overview of the IOLAN hardware components and how to power up the IOLAN to make sure it works correctly.
Power Supply Specifications Available Accessories The following accessories are available for purchase for the various IOLAN models (except medical unit models): z DIN Rail Mounting Kit (35mm) for the desktop models and Electric Utility models.
Power Supply Specifications I/O Models The power supply for a desktop IOLAN I/O model must meet the following requirement: z Output between 9-30V DC and a minimum of 600mA current. z 20 AWG wire. Note: The maximum load for the Relay channel is 1A @ 30VDC or 0.5A @ 120 VAC. Rack Mount Models (except Electric Utility models) DC Power Requirements The IOLAN DC is supplied with an integral Terminal Connections block to facilitate connection to a DC source(s).
Power Supply Specifications highest voltage at some point, in which case the unit will switch to it. No power loss will occur during a switch over. DC Power Requirements HV and DHV models: The IOLAN can be powered via a DC source.
Getting to Know Your IOLAN Getting to Know Your IOLAN This section describes the hardware components found on your IOLAN unit. Overview All IOLANs have the same basic hardware components to allow you to connect to serial devices, connect to the network, monitor LAN and serial activity, and manage the unit. Below is a list of these components: z Serial Port(s)—Connector(s) that will be used to connect to a serial device. z Activity—This LED blinks to indicate LAN activity.
Getting to Know Your IOLAN IOLAN Model LED Label Medical unit Green light Red light Solid — Indicates the IOLAN has completed the power up cycle. Solid — Indicates the IOLAN has a fatal error. Blinks — After power up, a blinking red light means the IOLAN has encountered a critical error. See Hardware Troubleshooting for possible causes. z External Power Supply—For all IOLAN models, this can be an external AC power supply, DC terminal, or power cord, depending on the model.
Getting to Know Your IOLAN The 1-port IOLAN has one serial connection that is one of the following connectors: DB25 male, DB25 female, RJ45, or DB9 male. 2-Port This section describes the components found on the IOLAN 2-port models. External Power Supply Console/Serial Switch Reset Ethernet Power/Ready Link/10/100 Activity (LAN) Serial Activity Serial Ports The 2-port IOLAN has two RJ45 serial connections.
Getting to Know Your IOLAN 4-Port and 8-Port desktop models This section describes the components found on the IOLAN 4-port models. External Power Supply Console/Serial Switch Reset Ethernet Power/Ready Link/10/100 Activity (LAN) Serial Activity Serial Ports The 4-port IOLAN model has four RJ45 serial connections. The STS8-D IOLAN model has eight RJ45 serial connections.
Getting to Know Your IOLAN I/O This sections describes the basic components found on the IOLAN I/O models. Top View The following image shows a typical IOLAN I/O model. Your I/O model may have I/O connectors in slightly different positions. External Power Supply Power/Ready Link/10/100 Activity (LAN) Serial Activity End View The IOLAN I/O model shown is an A4D2. Different IOLAN I/O models have different I/O connector configurations.
Getting to Know Your IOLAN Rack Mount This section describes the basic components of all rack mount IOLAN models. This example uses the IOLAN SCS with dual Ethernet and dual AC power.
Getting to Know Your IOLAN Medical Unit This section describes the basic components found on the IOLAN medical unit models.
Getting to Know Your IOLAN Electric Utility models This section describes the basic components of the Electric Utility models. This example uses the SDS32C DHV model.
Getting to Know Your IOLAN Console/Serial Switch Located at the back of the desktop IOLAN models is a switch that controls whether serial port 1 is in Console or Serial mode. Note: The SDS T (Extended Temperature) models have two switches, Switch 1 is used for Console/Serial mode and Switch 2 is unused. Look at your model to verify the direction of the ON switch position. ON indicates that serial port 1 is in Console mode; otherwise serial port 1 is in Serial mode.
Connecting your IOLAN to the Network Dedicated Console Port The rack mount IOLAN models have a dedicated Console port, located on the LED side of the IOLAN. You can use the supplied Administration cable (with the supplied RJ45JDB9F adapter if needed) to connect a terminal to the Console/Admin port to view diagnostic information and/or configure the IOLAN using the Menu or Command Line Interface (CLI). You can configure the baud rate and flow control of the dedicated Console port.
Powering up your IOLAN z IOLAN I/O models with Analog I/O for setting Voltage/Current. See Appendix E, Setting Jumpers to see how to set the jumpers for your IOLAN desktop model. Medical Unit Models To power up the medical unit IOLAN, perform the following steps: 1. You can attach the multi-function wall plate included with your medical unit IOLAN to the wall, then mount the IOLAN on the wall plate. Alternatively, you can mount the IOLAN on a tabletop or any suitable horizontal surface.
Powering up your IOLAN DC Power Models (excluding Electric Utility models) To power up the IOLAN with DC power requirements, perform the following steps: 1. Verify that the power switch on the IOLAN unit and the power source is in the Off position. 2. Connect the primary and secondary DC input using the following specifications: a. Use wire gauge 12 to 22 AWG. b. Strip insulation 7mm from wire ends.
Powering up your IOLAN Disconnecting 48V Power Supplies from the IOLAN To disconnect the power supply(s) from the IOLAN, do the following: 1. Switch off the IOLAN. 2. Switch off the power source(s). 3. Disconnect all DC power input cables from the IOLAN terminal connector block. 4. Remove any attached devices to the serial or Ethernet port(s). Your IOLAN is ready to be moved. Electric Utility Models To power up the IOLAN, Electric Utility models, perform the following steps: 1.
Powering up your IOLAN Wiring up an HV unit Terminal # Description Usage 1 Normally Open Normally Open is a fail-safe relay connection. Use this with the Common terminal to act as switch contacts that remain open when the unit is powered off or in a failure state. 2 Common Common is a fail-safe relay connection. Use this terminal in conjunction with the Normally Open or Normally Closed terminals. 3 Normally Closed Normally Closed is a fail-safe relay connection.
Powering up your IOLAN Wiring up a DHV unit Terminal # Description Usage 1 Normally Open Normally Open is a fail-safe relay connection. Use this with the Common terminal to act as switch contacts that remain open when the unit is powered off or in a failure state. 2 Common Common is a fail-safe relay connection. Use this terminal in conjunction with the Normally Open or Normally Closed terminals. 3 Normally Closed Normally Closed is a fail-safe relay connection.
Powering up your IOLAN NOTES: 1. For terminal# 1 through 8, the use of ring terminals size #6 (M3.5) is recommended using stranded wire size AWG 18-14. Tighten all screws to a torque of 12 Lb-in (1.36 Nm). 2. For terminal# E, the use of ring terminal size #8 (M4) is recommended using stranded wire size AWG 18-14. Tighten screw to a torque of 12 Lb-in (1.36 Nm). 3. Use the “Chassis Ground” terminal connection for grounding the unit. “Earth Ground” should be used as secondary grounding source only. 4.
Powering up your IOLAN Terminal # Description Usage 6 Input 2+ Input 2+ is connected to the positive (+) input or the DC sources. Use with partner terminal Input 2-. 7 Input 2- Input 2- is connected to the negative (-) input or the DC sources. Use with partner terminal Input 2+. E Chassis Ground Chassis Ground is a connection to the chassis that can be used for earth bonding. NOTES: 1. For terminal# 1 through 7, strip insulation from wire 9/32-5/16 (7 -8mm) using stranded wire size 18-12 AWG.
Powering up your IOLAN A SPDT set of contacts are provided to the user. These three contact connections are known as "Common", "Normally Open" and "Normally Closed", and are electrically isolated to the relay. The contacts are rated for voltages up to 30V DC /AC with a maximum current of 3A.
3 Configuration Methods Chapter 3 Introduction This chapter provides information about the different methods you can use to configure the IOLAN. Before you can configure the IOLAN, you must assign an IP address to the IOLAN. See the Chapter 4, Getting Started to find out how to assign an IP address to the IOLAN. Once an IP address is assigned to the IOLAN, you can use any of the configuration methods to: z Configure users. z Configure IOLAN server parameters. z Configure serial port parameters.
Configuration Methods Overview Configuration Methods Overview Some of the IOLAN configuration methods have the capability of configuring an IP address, which is the first required configuration step for a new IOLAN. Once the IOLAN has been assigned an IP address, any of the configuration methods can be used to configure the IOLAN.
Easy Config Wizard Easy Config Wizard The Easy Config Wizard is a configuration wizard that will configure all the serial ports on your IOLAN to one of the following: z Console Management z TruePort (Virtual COM Port) z TCP Sockets (Raw TCP) z Terminal z Printer (not supported on DS1/TS2 models) z Serial Tunneling You can launch the Easy Config Wizard from the Perle website or from the installation CD-ROM.
DeviceManager DeviceManager Overview The DeviceManager is a Windows®-based application that can be used to connect to the IOLAN to actively manage and configure it or can create new IOLAN configurations offline. See Chapter 5, Using DeviceManager and WebManager for information on configuring/managing the IOLAN with DeviceManager.
DeviceManager All discovered IOLANs will be displayed on the list along with their name and IP address. When a new IOLAN is discovered on the network, that has not yet been assigned an IP address, it will be displayed with an IP Address of Not Configured. To configure the IP address, click on the IOLAN and then click the Assign IP button. Choose the method you want to use to assign an IP address to the IOLAN: z Type in the IP address that you want to assign to this IOLAN.
DeviceManager Using DeviceManager After you have successfully connected to the IOLAN, DeviceManager displays the following window: Menu/Quick Access Buttons Navigation Tree Display Area Download Button Navigating the Options The left-hand navigation tree allows you to quickly and easily navigate the various Configuration and Statistics pages of DeviceManager.
WebManager Downloading the Configuration When you have completed all your configuration changes, click the Download All Changes button to download the configuration to the IOLAN. You must reboot the IOLAN for your configuration changes to take effect. WebManager Overview The WebManager is a web browser-based method of configuring/managing the IOLAN. It follows the same design as the DeviceManager, so it is easy to switch between the WebManager and DeviceManager when configuring your IOLAN.
WebManager Connecting to the IOLAN Using WebManager Before you can connect to the IOLAN using WebManager, the IOLAN must already be configured with a known IP address; see Setting Up the Network to configure an IP address on your IOLAN. To connect to the IOLAN through the WebManager: 1. Open your web browser and type in the IP address of the IOLAN that you want to manage/configure and press Enter; for example: http://123.123.123.123. 2.
WebManager Using WebManager After you have successfully logged into WebManager, you will see the following: Navigation Tree System Information You navigate through the different configuration windows by selecting an option in the left-hand navigation tree. When you click on an option that is under a folder, more navigation options are displayed: Navigation Tabs The Network folder contains two configuration options, IP Address and Advanced.
Command Line Interface Command Line Interface Overview The Command Line Interface (CLI) is a command line option for IOLAN configuration/management. See the Command Line Interface Reference Guide for a full breakdown of all the CLI commands and their functionality. Access Platforms The CLI is accessed by any application that supports a Telnet or SSH session to the IOLAN’s IP address, such as Putty, SecureCRT, or from a command prompt.
Menu Through the Serial Port To connect to the IOLAN through the serial port to configure/manage it using the CLI (or Menu), see Using a Direct Serial Connection to Specify an IP Address . After you have established a connection to the IOLAN, you will get a Login: prompt. You can login as the admin user or as a user with Admin Level rights.
Menu Using the Menu After you have successfully logged in, type screen at the prompt and press Enter. You will be asked to enter a terminal type, and then you will see the following Menu: To navigate through the Menu options, do the following: 1. Highlight a Menu option by using the keyboard up and down arrows to navigate the list. 2.
DHCP/BOOTP DHCP/BOOTP Overview Several IOLAN parameters can be configured through a DHCP/BOOTP server during the IOLAN bootup. This is particularly useful for configuring multiple IOLANs. Not all configuration parameters are supported in the DHCP/BOOTP configuration (see DHCP/BOOTP Parameters for supported configuration parameters), so you will need to use another configuration method, such as DeviceManager, WebManager or CLI, to complete the configuration.
DHCP/BOOTP DHCP/BOOTP Parameters The following parameters can be set in the DHCP/BOOTP bootp file: z SW_FILE—The full path, pre-fixed by hostname/IP address (IPv4 or IPv6), and file name of the firmware update. z CONFIG_FILE—The full path, pre-fixed by hostname/IP address (IPv4 or IPv6), and file name of the configuration file. z GUI_ACCESS—Access to the IOLAN from the HTTP or HTTPS WebManager. Values are on or off. z AUTH_TYPE—The authentication method(s) employed by the IOLAN for all users.
SNMP SNMP Overview The IOLAN supports configuration and management through SNMP. SNMP Management tools (SNMP client/MIB browser software) can be used to set IOLAN configuration parameters and/or view IOLAN statistics. Before you can configure/manage the IOLAN using SNMP, you need to set the IOLAN IP address and configure a read-write user for SNMP version 3 or a community for SNMP version 1 or 2.
SNMP Using the SNMP MIB After you have successfully connected to the IOLAN through your SNMP Management tool or MIB browser, expand the PERLE-IOLAN-SDS-MIB folder to see the IOLAN’s parameter folders. Below is an example of the configurable parameters under the ServicesInfo folder. The first variable in each folder is the Status variable, for example, serviceStatus.
IOLAN+ Interface IOLAN+ Interface Overview For environments that have both IOLAN and IOLAN+ models or for users who prefer to configure using the IOLAN+ Menu or CLI, the IOLAN+ user interface is available. The IOLAN+ interface is supported on all IOLAN SDS, SCS, and STS models up to and including 16 serial ports. Access Platforms The Menu is accessed by any application that supports a Telnet or SSH session to the IOLAN’s IP address, such as Putty, SecureCRT, or from a command prompt.
IOLAN+ Interface Changes to the IOLAN+ Interface You should be aware that the following IOLAN+ configuration fields are no longer supported: z You no longer have the option of selecting access, Authentication/Logging. Also, kill, reboot, and stats are not available.
IOLAN+ Interface z When you select line, Access, the following fields are not available on the Access Menu: ** Administrator ** TTY Name 1 [abcd 2 [abcdef Access ] [Local ] [Local ACCESS MENU Authentication ] N/A ] N/A Mode [Raw [Raw REMOTE-ADMIN UDP Retries Interval ] N/A N/A ] N/A N/A ________________________________________________________________________________ z z Authentication z UDP Retries z Interval When you select line, Options, the following fields are not available on the Options
IOLAN+ Interface z When you select access, Remote access sites.
IOLAN+ Interface When you select server, the following fields are not available on the Server Configuration menu: ** Administrator ** SERVER CONFIGURATION REMOTE-ADMIN Name [wchiewsds2 ] Debug mode N/A IP address [172.16.22.7 ] Subnet mask [255.255.0.
4 Getting Started Chapter 4 Introduction There are several different configuration methods available to configure the IOLAN (see Chapter 3, Configuration Methods for more information).
Easy Configuration Wizard Easy Configuration Wizard The Easy Config Wizard quickly sets up the IOLAN’s network configuration and all serial ports to one of the following: z Console Management—Allows users on the network to connect to a serial device that is connected to a serial port on the IOLAN. z TruePort (Virtual COM Port)—Allows a networked system to communicate with your serial device through a virtual COM or TTY port, using the Perle TruePort software.
Setting Up the Network Setting Up the Network The most important part of setting up the network is assigning an IP address to the IOLAN, whether this is a static IP address or enabling a DHCP/BOOTP-assigned IP address. You should also assign a name to the IOLAN, to make it easier to recognize. This section deals primarily with setting the IP address. Using DeviceManager To use the DeviceManager, you must first install it on a Windows® operating system.
Setting Up the Network Using WebManager To use the WebManager as your configurator, you must first assign an IP address to the IOLAN. You can use the Easy Config Wizard to assign an IP address to the IOLAN or any of the other methods described in this section. Once the IP address is assigned to the IOLAN, simply type the IP address into the Address field of your web browser and press the Enter key.
Setting Up the Network Using a Direct Serial Connection to Enable BOOTP/DHCP If you are using BOOTP, you need to add an entry in the BOOTP server for the IOLAN that associates the MAC address (found on the back of the IOLAN) and the IP address that you want to assign to the IOLAN. After you have made the MAC address/IP address association for BOOTP, use the following directions for BOOTP or DHCP.
Setting Up the Network Using ARP-Ping You can use the ARP-Ping (Address Resolution Protocol) method to temporarily assign an IP address and connect to your IOLAN to assign a permanent IP address. To use ARP-Ping to temporarily assign an IP address: 1. From a local UNIX/Linux host, type the following at the system command shell prompt: arp -s a.b.c.d aa:bb:cc:dd:ee:ff On a Windows® 2000 or newer system, type the following at the command prompt: arp -s a.b.c.d aa-bb-cc-dd-ee-ff (where a.b.c.
Setting Up the Serial Port(s) Setting Up the Serial Port(s) The DeviceManager and WebManager have the following serial port profiles that will simplify serial port setup: z Console Management—The Console Management profile configures a serial port to provide network access to a console or administrative port. This profile sets up a serial port to support a TCP socket that listens for a Telnet or SSH connection from the network.
Setting Up the Serial Port(s) z Virtual Modem—The Virtual Modem (Vmodem) profile configures a serial port to simulate a modem. When the serial device connected to the IOLAN initiates a modem connection, the IOLAN starts up a TCP connection to another IOLAN configured with a Virtual Modem serial port or to a host running a TCP application. z Control Signal I/O—The Control Signal I/O profile enables the use of the EIA-232 serial port signal pins to be used as assigned Digital Inputs or Digital Outputs.
Setting Up Users Setting Up Users When you have a user who is accessing a device connected to a serial port from the network or who is accessing the network from a device connected to a serial port through the IOLAN, you can create a user account and configure the user’s access privileges.
5 Using DeviceManager and WebManager Chapter 5 Introduction The DeviceManager and WebManager IOLAN managers have been designed to be very similar to use. DeviceManager is a Windows®-based application and WebManager is a browser-based application. Both options use the IOLAN’s IP address to access the IOLAN; the DeviceManager can be used to assign an IP address to a new IOLAN and the WebManager requires that the IOLAN already have an IP address before it can be used to configure the IOLAN.
Navigating DeviceManager/WebManager Navigating DeviceManager/WebManager The DeviceManager and WebManager have very similar navigation methods. The left-hand side of the manager is the navigation tree and the center is the configuration area. The DeviceManager has menu and quick access buttons, whereas the WebManager has system information and some navigation options on the far right-hand side.
Navigating DeviceManager/WebManager WebManager The WebManager uses a expandable/collapsible buttons with folders and pages for the navigation tree. You can expand the buttons to view the folders and pages to see the available configuration options. When you access a configuration page, you can often navigate the tabs in the configuration area to access all of the configuration options.
Using DeviceManager to Connect to the IOLAN Using DeviceManager to Connect to the IOLAN DeviceManager can connect to existing IOLANs or assign an IP address to a new IOLAN. Whenever you connect to the IOLAN through the DeviceManager, you connect as the admin user and must supply the password for the admin user. Starting a New Session To start a new session and connect to the IOLAN using the DeviceManager: 1. Start the DeviceManager by selecting Start, All Programs, Perle, DeviceManager, DeviceManager.
Using DeviceManager to Connect to the IOLAN Assigning a Temporary IP Address to a New IOLAN You can temporarily assign an IP address to the IOLAN that is connected to your local network segment, for the purpose of connecting to it and downloading a configuration file (containing a permanent IP address). To temporarily assign an IP address to the IOLAN, do the following: 1. Click the Refresh button. The IOLAN will be displayed in the IP Address column as Not Configured. 2.
Using DeviceManager to Connect to the IOLAN Adding/Deleting IOLANs Manually To permanently add/delete the IOLAN to/from the IOLAN List, click the Add button. The following window is displayed: To permanently add the IOLAN to the IOLAN list, click the Add button and type in the IPv4 or IPv6 address of the IOLAN. To permanently delete the IOLAN from the IOLAN list, select the IOLAN’s IP address and click the Delete button.
Using WebManager to Connect to the IOLAN Using WebManager to Connect to the IOLAN WebManager can only connect to IOLANs that already have an assigned IP address. To connect to the IOLAN, type the IP address of the IOLAN into the Address field as such: http://10.10.234.34. You will see the login screen. Logging into the IOLAN Type in the admin password in the Password field and click the Login button.
Managing the IOLAN Opening an Existing Configuration File If you select the File, Open, a browse window is opened so you can select the configuration file you want to edit. IOLAN configuration files saved in the DeviceManager can be in the IOLAN-native binary format (.dme) or as a text file (.txt), which can be edited with a text editor. Either configuration version can be imported into the DeviceManager. IOLAN configuration files saved from WebManager can also be opened into DeviceManager.
6 Network Settings Chapter 6 Introduction The Network section is used to configure the parameters that identify the IOLAN within the network and how the IOLAN accesses hosts on the network. The following configuration windows are available: z IP Settings—This window configures the IOLAN’s name, IP address, and Ethernet information. See IP Settings for more information.
IP Settings IP Settings IPv4 Settings Overview The parameters in IPv4 settings are used to access the IOLAN and are how the IOLAN accesses the network. . Field Descriptions Configure the following parameters: System Name The System Name is used for informational purposes by such tools as the DeviceManager and is also used in conjunction with the Domain field to construct a fully qualified domain name (FQDN).
IP Settings Default Gateway Specify the gateway IP address that will provide general access beyond the local network. Field Format: IPv4 address Default Gateway Obtain Automatically When DHCP/BOOTP is enabled, you can enable this option to have the IOLAN receive the Default Gateway IP address from the DHCP/BOOTP server. Default: Enabled DNS Server Specify the IP address of a DNS host in your network for host name resolution.
IP Settings IPv6 When enabled, the IOLAN will send out a Router Solicitation message. If a Autoconfiguration Router Advertisement message is received, the IOLAN will configure the IPv6 address(es) and configuration parameters based on the information contained in the advertisement. If no Router Advertisement message is received, the IOLAN will attempt to connect to a DHCPv6 server to obtain IPv6 addresses and other configuration parameters.
IP Settings Adding/Editing a Custom IPv6 Address You can manually add one of the following: z The IPv6 network prefix (and the IOLAN will determine an IPv6 address based on the network prefix and the IOLAN MAC address). z The complete IPv6 address. Configure the following parameters: Create a unique When enabled, the IOLAN will derive an IPv6 address from the entered IPv6 address on the network prefix and the IOLAN’s MAC address. network Default: Enabled Network Prefix Specify the IPv6 network prefix.
IP Settings Advanced Overview The Advanced tab configures Active Standby (SCS and SDS8/16/32C models only), DNS update, IPv6 Advertising Router settings, and the Ethernet interface(s) hardware speed and duplex. Configure the parameters in the Advanced tab only if: z you have already set up Dynamic DNS with DynDNS.
IP Settings Domain Prefix (Dual Ethernet models only) A domain prefix to uniquely identify the Ethernet interface to the DNS when the IOLAN has two Ethernet interfaces. The FQDN that is sent to the DNS will be one of the following formats, depending on what is configured in the System Settings section on the IPv4 Settings tab: z .. z .
IP Settings Interface 1 Hardware Speed and Duplex Define the Ethernet connection speed (desktop models can support up to 100 Mbps and rack mount and medical unit models can support up to 1000 Mbps).
Advanced Advanced Host Table Overview The Host table contains the list of hosts that will be accessed by an IP address or Fully Qualified Domain Name (FQDN) from the IOLAN. This table will contain a symbolic name for the host as well as its IP address or FQDN. When a host entry is required elsewhere in the configuration, the symbolic name will be used.
Advanced Delete Button Deletes a host from the host table Adding/Editing a Host Configure the appropriate parameters: Host Name The name of the host. This is used only for the IOLAN configuration. Field Format: Up to 14 characters, no spaces. IP Address The host’s IP address.
Advanced Route List Overview Entering routes in the routing list enables the identification of gateways to be used for accessing specific hosts or external networks from the IOLAN's local network. Functionality There are three types of routes: z Default—A route that provides general access beyond your local network. z Host—A route defined for accessing a specific host external to your local network. z Network—A route defined for accessing a specific network external to your local network.
Advanced Adding/Editing Routes From the Route List tab, if you click the Add or Edit button, you will be able to add a new or edit an existing route. Configure the appropriate parameters: Type Specify the type of route you want to configure. Data Options: z Host—A route defined for accessing a specific host external to your local network. z Network—A route defined for accessing a specific network external to your local network. z Default—A route which provides general access beyond your local network.
Advanced Interface The Interface list is comprised of configured IPv6 tunnels and serial ports defined for Remote Access (PPP) and Remote Access (SLIP) profiles. Select this option when you want to use the specified interface as the gateway to the destination.
Advanced Editing/Adding DNS/WINS Servers Configure the parameter: DNS IP Address You can configure up to four DNS servers. Field Format: IPv4 or IPv6 address WINS IP Address You can configure up to four WINS servers. Field Format: IPv4 address RIP Overview The Routing Information Protocol (RIP) is a routing protocol used with almost every TCP/IP implementation. Its function is to pass routing information from a router or gateway to a neighboring router(s) or gateway(s).
Advanced Field Descriptions Configure the appropriate parameters: Ethernet Mode Enable/disable RIP (Routing Information Protocol) mode for the Ethernet interface. Data Options: z None—Disables RIP over the Ethernet interface. z Send—Sends RIP over the Ethernet interface. z Listen—Listens for RIP over the Ethernet interface. z Send and Listen—Sends RIP and listens for RIP over the Ethernet interface. Default: None Authentication Method Specify the type of RIP authentication.
Advanced End Time The time that the MD5 key becomes invalid. The time format is dependent on your system’s settings. Key The MD5 key that is being used by your routers. Confirm Key Retype the MD5 key that is being used by your routers to verify that it was typed correctly. Dynamic DNS Overview Dynamic DNS Service providers enable users to access a server connected to the internet that has been assigned a dynamic IP address. The IOLAN product line has built-in support for the DynDNS.
Advanced User Name Specify the user name used to access the account set up on the DynDNS.org server. Password Specify the password used to access the account set up on the DynDNS.org server. Account Settings Button Click this button to configure the Dynamic DNS DynDNS.org account information. Account Settings Enter the information about your DynDNS.com account so the IOLAN can communicate IP address updates. These settings are global and apply to all Dynamic DNS settings.
Advanced Validate Peer Certificate Enables/disables peer validation between the DynDNS.org server and the IOLAN. This may be desirable, since the DynDNS user name and password are sent from the Terminal Server to the DynDNS server when the IP address needs to be updated and when an account refresh is performed. Account refreshes are done periodically to ensure that DynDNS accounts do not auto-delete should the IP address change infrequently.
Advanced Adding/Editing a Cipher Suite To see a list of valid cipher suite combinations, see Appendix B, SSL/TLS Ciphers. Configure the following parameters: Encryption Select the type of encryption that will be used for the SSL connection. Data Options: z Any—Will use the first encryption format that can be negotiated. z AES z 3DES z DES z ARCFOUR z ARCTWO Default: Any Min Key Size The minimum key size value that will be used for the specified encryption type.
Advanced HMAC Select the key-hashing for message authentication method for your encryption type. Data Options: z Any z MD5 z SHA1 Default: Any Validation Criteria Field Descriptions If you choose to configure validation criteria, the information in the peer SSL/TLS certificate must match exactly the information configured in this window in order to pass peer authentication and create a valid SSL/TLS connection. Configure the following parameters: Country A country code; for example, US.
Advanced Common Name An entry for common name; for example, the host name or fully qualified domain name. This field is case sensitive in order to successfully match the information in the peer SSL/TLS certificate. Data Options: Maximum 64 characters Email An entry for an email address; for example, acct@anycompany.com. This field is case sensitive in order to successfully match the information in the peer SSL/TLS certificate.
Advanced Adding/Editing an IPv6 Tunnel When you add/edit an IPv6 tunnel, you are determining how an IPv6 message will reach an IPv6 device through an IPv4 network. Configure the following parameters: Name The name of the IPv6 tunnel. Field Format: Maximum 16 alphanumeric characters Default: ipv6_tunnel1 Mode The method or protocol that is used to create the IPv6 tunnel. z Manual—When enabled, the IOLAN will manually create the IPv6 tunnel to the specified Remote Host through the specified Interface.
7 Configuring Serial Ports Chapter 7 Introduction The Serial section is used to configure the serial ports on your IOLAN. The following configuration windows are available: z Serial Ports—Configures the type of connection that the serial port is being used for. This is accomplished by selecting a connection profile and then configuring the applicable parameters for that profile. See Serial Ports for more information. z Port Buffering—Configures serial port data buffering preferences.
Serial Ports Editing a Serial Port In the Serial Port Settings window, click on a serial port and then click the Edit button, the following window is displayed: 115
Serial Ports Click the Change Profile button to select a different serial port profile if you don’t want the displayed profile: As you select the different serial port profiles, a short description and a picture representing a typical application of the profile is displayed. When you have selected the appropriate profile for the serial port, click OK and those serial port profile configuration options will be displayed.
Serial Port Profiles Resetting a Serial Port When you change a serial port’s configuration, you can download the configuration file to the IOLAN and then reset a specific serial port(s) to see how you change affects the serial port’s behavior. To reset a serial port, select Tools, Reset, Serial Port(s). Serial Port Profiles Common Tabs Overview There are several functions that are common to more than one profile. These functions are: z Hardware—Configure the physical serial line parameters.
Serial Port Profiles Hardware Tab Field Descriptions The Hardware tab configures all the serial port hardware connection information. The window below shows an SDS1 model; your Hardware tab might display a subset of the parameters described, depending on the IOLAN model and supported hardware. Configure the following parameters: Serial Interface Specifies the type of serial line that is being used with the IOLAN. Data Options: EIA-232, EIA-422, or EIA-485. SCS/STS/MDC models support only EIA-232.
Serial Port Profiles Duplex Used with a EIA-485 serial interface, specify whether the serial port is Full Duplex (communication both ways at the same time) or Half Duplex (communication in one direction at a time). Default: Full TX Driver Control Used with a EIA-485 serial interface, if your application supports RTS (Request To Send), select this option. Otherwise, select Auto. Default: Auto Flow Control Defines whether the data flow is handled by the software (Soft), hardware (Hard), Both, or None.
Serial Port Profiles Enable Line Termination Used with EIA-422 and EIA-485 on SDS 8-port and 16-port rack mount IOLAN models, specifies whether or not the line is terminated; use this option when the serial port is connected to a device at the end of the serial network. Default: Disabled Email Alert Tab Field Descriptions Email notification can be set at the Server and/or serial port levels.
Serial Port Profiles From This field can contain an email address that might identify the IOLAN name or some other value. Reply To The email address to whom all replies to the email notification should go. Packet Forwarding Tab Field Descriptions The Packet Forwarding tab can be used to control/define how and when serial port data packets are sent from the IOLAN to the network.
Serial Port Profiles Custom Packet Forwarding This option allows you to define the packet forwarding rules based on the packet definition or the frame definition. Default: Disabled Packet Definition When enabled, this group of parameters allows you to set a variety of packet definition options. The first criteria that is met causes the packet to be transmitted.
Serial Port Profiles Transmit SOF Character(s) When enabled, the SOF1 or SOF1/SOF2 characters will be transmitted with the frame. If not enabled, the SOF1 or SOF1/SOF2 characters will be stripped from the transmission. Default: Disabled EOF1 Character Specifies the End of Frame character, which defines when the frame is ready to be transmitted. The actual transmission of the frame is based on the Trigger Forwarding Rule.
Serial Port Profiles SSL/TLS Settings Tab Field Descriptions You can create an encrypted connection using SSL/TLS for the following profiles: TruePort, TCP Sockets, Terminal (the user’s Service must be set to SSL_Raw), Serial Tunneling, Virtual Modem, and Modbus. When you enable this feature, it will automatically use the global SSL/TLS settings (configured on Security, SSL/TLS), although you can configure unique SSL/TLS settings for the serial port.
Serial Port Profiles Validation Criteria Click this button to create peer certificate validation criteria that must be met Button for a valid SSL/TLS connection. See Validation Criteria Field Descriptions for more information. Cipher Suite Field Descriptions The SSL/TLS cipher suite is used to encrypt data between the IOLAN and the client. You can specify up to five cipher groups. Note: Some combinations of cipher groups may not be available on some firmware versions.
Serial Port Profiles Adding/Editing a Cipher Suite To see a list of valid cipher suite combinations, see Appendix B, SSL/TLS Ciphers. Configure the following parameters: Encryption Select the type of encryption that will be used for the SSL connection. Data Options: z Any—Will use the first encryption format that can be negotiated. z AES z 3DES z DES z ARCFOUR z ARCTWO Default: Any Min Key Size The minimum key size value that will be used for the specified encryption type.
Serial Port Profiles HMAC Select the key-hashing for message authentication method for your encryption type. Data Options: z Any z MD5 z SHA1 Default: Any Validation Criteria Field Descriptions If you choose to configure validation criteria, the information in the peer SSL/TLS certificate must match exactly the information configured in this window in order to pass peer authentication and create a valid SSL/TLS connection. Configure the following parameters: Country A country code; for example, US.
Serial Port Profiles Common Name An entry for common name; for example, the host name or fully qualified domain name. This field is case sensitive in order to successfully match the information in the peer SSL/TLS certificate. Data Options: Maximum 64 characters Email An entry for an email address; for example, acct@anycompany.com. This field is case sensitive in order to successfully match the information in the peer SSL/TLS certificate.
Serial Port Profiles Console Management Profile Overview The Console Management profile provides access through the network to a console or administrative port of a server or router attached to the IOLAN’s serial port. This profile configures the IOLAN’s serial port to set up a TCP socket that will listen for a Telnet or SSH connection from the network. Functionality Use the Console Management profile when you are configuring users who need to access a serial console port from the network.
Serial Port Profiles IP Address Users can access serial devices connected to the IOLAN through the network by the specified Internet Address (or host name that can be resolved to the Internet Address in a DNS network). Field Format: IPv4 or IPv6 Address Advanced Tab Field Descriptions The Console Management Advanced tab configures serial port options that may be required by certain applications.
Serial Port Profiles Multisessions The number of extra network connections available on a serial port, in addition to the single session that is always available. Enabling multisessions will permit multiple users to monitor the same console port. Each user monitoring the port can be assigned different privileges to this port.
Serial Port Profiles Session Strings Controls the sending of ASCII strings to serial devices at session start and session termination as follows; z Send at Start - If configured, this string will be sent to the serial device on power-up of the IOLAN, or when a kill line command is issued on this serial port. If the "monitor DSR" or "monitor DCD" options are set, the string will also be sent when the monitored signal is raised. Range: 0-127 alpha-numeric characters.
Serial Port Profiles TruePort Profile Overview TruePort is especially useful when you want to improve data security, as you can enable an SSL/TLS connection between the TruePort host port and the IOLAN. TruePort is COM Port redirector that is supplied with the IOLAN. TruePort can be installed as a client on a Workstation or Server and supports a variety of operating systems.
Serial Port Profiles Configure the following parameters: Connect to remote When enabled, the IOLAN initiates communication to the TruePort client. system Default: Enabled Host Name The configured host that the IOLAN will connect to (must be running TruePort). Default: None TCP Port The TCP Port that the IOLAN will use to communicate through to the TruePort client.
Serial Port Profiles Allow Multiple Hosts to Connect When this option is enabled, multiple hosts can connect to a serial device that is connected to this serial port. Note: These multiple clients (Hosts) need to be running TruePort in Lite mode. Default: Disabled Adding/Editing Additional TruePort Hosts You can define a list of hosts that the serial device will communicate to through TruePort Lite or a primary/backup host.
Serial Port Profiles Primary Host Specify a preconfigured host that the serial device will communicate to through the IOLAN. Default: None TCP Port Specify the TCP port that the IOLAN will use to communicate to the Primary Host. Default: 0 Backup Host Specify a preconfigured host that the serial device will communicate to through the IOLAN if the IOLAN cannot communicate with the Primary Host. Default: None TCP Port Specify the TCP port that the IOLAN will use to communicate to the Backup Host.
Serial Port Profiles Configure the following parameters: Signals high when... This option has the following impact based on the state of the TruePort connection: z TruePort Lite Mode—When enabled, the EIA-232 signals remain active before, during, and after the TruePort connection is established. When disabled, the EIA-232 signals remain inactive during and after the Trueport connection is established.
Serial Port Profiles Enable Data Logging When enabled, serial data will be buffered if the TCP connection is lost. When the TCP connection is re-established, the buffered serial data will be sent to its destination. If using the Trueport profile, data logging is only supported in Lite Mode. The minimum data buffer size for all models is 1 KB. The maximum data buffer size is 2000 KB for DS1/TS2/STS8D, all other models are 4000 KB.
Serial Port Profiles Dial Retry The number of times the IOLAN will attempt to re-establish a connection with a remote modem. Range: 0-99 Default: 2 Modem The name of the predefined modem that is used on this line. Phone The phone number to use when Dial Out is enabled.
Serial Port Profiles TCP Sockets Profile Overview The TCP Socket profile allows for a serial device to communicate over a TCP network. The TCP connection can be initiated from a host on the network and/or a serial device. This is typically used with an application on a Workstation or Server that communicates to a device using a specific TCP socket. This is often referred to as a RAW connection.
Serial Port Profiles TCP Port The TCP port that the IOLAN will use to listen for incoming connections. Default: 10000 plus the serial port number, so serial port 5 would have a default of 10005 Allow Multiple Hosts to Connect When this option is enabled, multiple hosts can connect to the serial device that is connected to this serial port.
Serial Port Profiles Adding/Editing Additional Hosts You can define a list of hosts that the serial device will communicate to or a primary/backup host. Configure the following parameters: Define additional When this option is enabled, you can define up to 49 hosts that the serial device hosts to connect to connected to this serial port will attempt communicate to. With this mode of operation, the IOLAN will connect to multiple hosts simultaneously.
Serial Port Profiles TCP Port Specify the TCP port that the IOLAN will use to communicate to the Host.
Serial Port Profiles Advanced Tab Field Descriptions Configure the following parameters: Authenticate User Enables/disables login/password authentication for users connecting from the network. Default: Disabled Enable TCP Keepalive Enables a per-connection TCP keepalive feature. After the configured number of seconds, the connection will send a gratuitous ACK to the network peer, thus either ensuring the connection stays active OR causing a dropped connection condition to be recognized.
Serial Port Profiles Idle Timeout Session Timeout Use this timer to close a connection because of inactivity. When the Idle Timeout expires, the IOLAN will end the connection. Range: 0-4294967 seconds (about 49 days) Default: 0 seconds so the port will never timeout Use this timer to forcibly close the session/connection when the Session Timeout expires.
Serial Port Profiles UDP Sockets Profile Overview The UDP profile configures a serial port to send or receive data to/from the LAN using the UDP protocol. Functionality You can use UDP profile in the following two basic modes. The first is to send data coming from the serial device to one or more UDP listeners on the LAN. The second is to accept UDP datagrams coming from one or more UDP senders on the LAN and forward this data to the serial device.
Serial Port Profiles The role of each of the configurable parameters in an entry depends on the “Direction” selected. When the direction is "LAN to Serial" the role of the additional parameters is as follow; z Start IP Address - This is the IP address of the host from which the UDP data will originate. If the data will originate from a number of hosts, this becomes the starting IP address of a range.
Serial Port Profiles z Port - Serial data being forwarded to the LAN from the serial device will sent to this UDP port. Only data originating from the UDP port configured here (as well as originating from a host in the IP range defined for this entry) will be forwarded to the serial device. Special values for "Start IP address" z 0.0.0.0 - This is the "auto learn IP address” value which is valid only in conjunction with the "LAN to Serial" setting.
Serial Port Profiles This entry is disabled since Direction is set to Disabled. General Tab Field Descriptions Configure the following parameters: Listen for connections on UDP port The IOLAN will listen for UDP packets on the specified port. Default: 1000+ (for example, 10001 for serial port 1) Direction The direction in which information is received or relayed: z Disabled—UDP service not enabled.
Serial Port Profiles Port The UDP port to use. Default: 0 (zero) Advanced Tab Field Descriptions Configure the following parameters: Session Strings Controls the sending of ASCII strings to serial devices at session start as follows; z Send at Start—If configured, this string will be sent to the serial device on power-up of the IOLAN or when a kill line command is issued on this serial port.
Serial Port Profiles Terminal Profile Overview The Terminal profile allows network access from a terminal connected to the IOLAN’s serial port. This profile is used to access pre-defined hosts on the network from the terminal. Functionality This profile can be configured for users: z who must be authenticated by the IOLAN first and then a connection to a host can be established. z who are connecting through the serial port directly to a host.
Serial Port Profiles Terminal Type Specifies the type of terminal connected to the line. Data Options: z Dumb z WYSE60 z VT100 z ANSI z TVI925 z IBM3151TE z VT320 (specifically supporting VT320-7) z HP700 (specifically supporting HP700/44) z Term1, Term2, Term3 (user-defined terminals) Default: Dumb Require Login When users access the IOLAN through the serial port, they must be authenticated, using either the local user database or an external authentication server.
Serial Port Profiles When any data is received Initiates a connection to the specified host when any data is received on the serial port. Default: Disabled When is received Initiates a connection to the specified host only when the specified character is received on the serial port. Default: Disabled Advanced Tab Field Descriptions Configure the following parameters: Enable Message of Enables/disables the display of the message of the day.
Serial Port Profiles Hotkey Prefix The prefix that a user types to lock a serial port or redraw the Menu. Data Range: z ^a l—(Lowercase L) Locks the serial port until the user unlocks it. The user is prompted for a password (any password, excluding spaces) and locks the serial port. Next, the user must retype the password to unlock the serial port. z ^r—When you switch from a session back to the Menu, the screen may not be redrawn correctly. If this happens, use this command to redraw it properly.
Serial Port Profiles User Service Settings Login Settings These settings apply to users who are accessing the network from a terminal connected to the IOLAN’s serial port. The Telnet, Rlogin, SSH, SLIP, PPP settings take effect when the connection method is defined in the user’s profile (or are passed to the IOLAN by a RADIUS or TACACS+ server when those authentication methods are being used).
Serial Port Profiles Enable Local Echo Toggles between local echo of entered characters and suppressing local echo. Local echo is used for normal processing, while suppressing the echo is convenient for entering text that should not be displayed on the screen, such as passwords. This parameter can be used only when Enable Line Mode is enabled.
Serial Port Profiles When Connect to remote system is selected, the Rlogin window requires the name of the user who is connecting to the host. Configure the following parameters: Terminal Type Type of terminal attached to this serial port; for example, ANSI or WYSE60. User This name is passed on to the specified host for the Rlogin session, so that the user is only prompted for a password.
Serial Port Profiles Strict Host Key Checking When enabled, a host public key (for each host you wish to ssh to) must be downloaded into the IOLAN. Default: Enabled Auto Login When enabled, creates an automatic SSH login, using the Name and Password values. Default: Disabled Name The name of the user logging into the SSH session. Field Format: Up to 20 alphanumeric characters, excluding spaces Password The user’s password when Auto Login is enabled.
Serial Port Profiles Configure the following parameters: Local IP Address The IPv4 address of the IOLAN end of the SLIP link. For routing to work you must enter an IP address in this field. Choose an address that is part of the same network or subnetwork as the remote end; for example, if the remote end is address 192.101.34.146, your local IP address can be 192.101.34.145. Do not use the IOLAN’s (main) IP address in this field; if you do so, routing will not take place correctly.
Serial Port Profiles VJ Compression When enabled, Van Jacobson compression is used on this link. When enabled, C-SLIP, or compressed SLIP, is used. When disabled, plain SLIP is used. CSLIP greatly improves the performance of interactive traffic, such as Telnet or Rlogin. If your user is authenticated by the IOLAN, this VJ compression value will be overridden if you have set a Framed Compression value for a user.
Serial Port Profiles PPP Settings The PPP settings apply when the User Service is set to PPP. Configure the following parameters: IPv4 Local IP Address The IPV4 IP address of the IOLAN end of the PPP link. For routing to work, you must enter a local IP address. Choose an address that is part of the same network or subnetwork as the remote end; for example, if the remote end is address 192.101.34.146, your local IP address can be 192.101.34.145.
Serial Port Profiles IPv6 Remote The remote IPv6 interface identifier of the remote end of the PPP link. Choose Interface Identifier an address that is part of the same network or subnetwork as the IOLAN. If you enable Negotiate IP Address Automatically, the IOLAN will ignore the remote IP address value you enter here and will allow the remote end to specify its IP address.
Serial Port Profiles User Complete this field only if you have specified PAP or CHAP (security protocols) in the Authentication field, and z you wish to dedicate this line to a single remote user, who will be authenticated by the IOLAN, or z you are using the IOLAN as a router (back-to-back with another IOLAN). When Connect is set to Dial Out or both Dial In/Dial Out are enabled, the User is the name the remote device will use to authenticate a port on this IOLAN.
Serial Port Profiles Remote Password Complete this field only if you have specified PAP or CHAP (security protocols) in the Security field, and z you wish to dedicate this serial port to a single remote user, and this user will be authenticated by the IOLAN, or z you are using the IOLAN as a router (back-to-back with another IOLAN) Remote password means the following: z When PAP is specified, this is the password the IOLAN will use to authenticate the remote device.
Serial Port Profiles Authentication Timeout The timeout, in minutes, during which successful PAP or CHAP authentication must take place (when PAP or CHAP are specified). If the timer expires before the remote end has been authenticated successfully, the link will be terminated. Range: 1-255 Default: 1 minute Roaming Callback A user can enter a telephone number that the IOLAN will use to callback him/her. This feature is particularly useful for a mobile user.
Serial Port Profiles Dynamic DNS Button Launches the Dynamic DNS window when IP Address Negotiation is enabled, which can then update the DNS server with the IP address that is negotiated and accepted for the PPP session.
Serial Port Profiles Printer Profile Overview The Printer profile allows for the serial port to be configured to support a serial printer device that can be access by the network. General Tab Field Descriptions Configure the following parameter: Map CR to CR/LF Defines the default end-of-line terminator as CR/LF (ASCII carriage-return line-feed) when enabled.
Serial Port Profiles Advanced Tab Field Descriptions Configure the following parameter: Session Strings Controls the sending of ASCII strings to serial device at session start as follows; z Send at Start—If configured, this string will be sent to the serial device on power-up of the IOLAN, or when a kill line command is issued on this serial port. If the "monitor DSR" or "monitor DCD" options are set, the string will also be sent when the monitored signal is raised.
Serial Port Profiles Serial Tunneling Profile Overview The Serial Tunneling profile allows two IOLANs to be connected back-to-back over the network to establish a virtual link between two serial ports based on RFC 2217. Functionality The serial device that initiates the connection is the Tunnel Client and the destination is the Tunnel Server, although once the serial communication tunnel has been successfully established, communication can go both ways.
Serial Port Profiles General Tab Field Descriptions Configure the following parameters: Act As Tunnel Server The IOLAN will listen for an incoming connection request on the specified Internet Address on the specified TCP Port. Default: Enabled TCP Port The TCP port that the IOLAN will listen for incoming connection on. Default: 10000+serial port number; so serial port 5 is 10005. Act as Tunnel Client The IOLAN will initiate the connection the Tunnel Server.
Serial Port Profiles Advanced Tab Field Descriptions Configure the following parameters: Break Length When the IOLAN receives a command from its peer to issue a break signal, this paramters defines the length of time the break condition will be asserted on the serial port Default: 1000ms (1 second) Delay After Break This parameter defines the delay between the termination of a a break condition and the time data will be sent out the serial port. Default: 0ms (no delay).
Serial Port Profiles Virtual Modem Profile Overview Virtual Modem (Vmodem) is a feature of the IOLAN that provides a modem interface to a serial device. It will respond to AT commands and provide signals in the same way that a serially attached modem would. This feature is typically used when you are replacing dial-up modems with the IOLAN in order to provide Ethernet network connectivity. Functionality The serial port will behave in exactly the same fashion as it would if it were connected to a modem.
Serial Port Profiles Listen on TCP Port The IOLAN TCP port that the IOLAN will listen on. Default: 10000 + serial port number (for example, serial port 12 defaults to 10012) Connect Automatically At Startup When enabled, automatically establishes the virtual modem connection when the serial port becomes active. Default: Enabled Host Name The preconfigured target host name. TCP Port The port number the target host is listening on for messages.
Serial Port Profiles Advanced Tab Field Descriptions Configure the following parameters: Echo characters in When enabled, echoes back characters that are typed in (equivalent to command mode ATE0/ATE1 commands). Default: Disabled DTR Signal Always Specify this option to make the DTR signal always act as a DTR signal. On Default: Enabled DTR Signal Acts as Specify this option to make the DTR signal always act as a DCD signal.
Serial Port Profiles Additional modem You can specify additional virtual modem commands that will affect how initialization virtual modem starts. The following commands are supported: ATQn, ATVn, ATEn, +++ATH, ATA, ATI0, ATI3, ATS0, AT&Z1, AT&Sn, AT&Rn, AT&Cn, AT&F, ATS2, ATS12, ATO (ATD with no phone number), and ATDS1. See Appendix C, Virtual Modem AT Commands for a more detailed explanation of the support initialization commands.
Serial Port Profiles Phone Number to Host Mapping If your modem application dials using a phone number, you can add an entry in the Phone Number to Host Mapping window that can be accessed by all serial ports configured as Virtual Modem. You need to enter the phone number sent by your modem application and the IOLAN IP address and TCP Port that will be receiving the “call”.
Serial Port Profiles Host IP Address Specify the IP address of the IOLAN that is receiving the virtual modem connection. Field Format: IPv4 or IPv6 address Host Specify the host name (from the host table) of the IOLAN that is receiving the virtual modem connection. TCP Port Specify the TCP Port on the IOLAN that is set to receive the virtual modem connection. Default: 0 Control Signal I/O Profile Overview The Control Signal I/O profile is only available on IOLAN I/O models.
Serial Port Profiles Input Signal Field Descriptions See Digital I/O Extension for information about the I/O Extension tab. Configure the following parameters: Description Provide a description of the channel, making it easier to identify. Data Options: Maximum 20 characters, including spaces Latch Latches (remembers) the activity transition (active to inactive or inactive to active).
Serial Port Profiles Email When enabled, sends an email alert to an email account(s) set up in the System settings when an alarm is triggered or cleared. The email alert data includes the severity level and the value that caused the alarm to trigger or clear. The Email Alert is associated with Level Critical. Default: Disabled Syslog When enabled, sends a message to syslog when an alarm is triggered or cleared.
Serial Port Profiles Modbus Gateway Profile Overview Each serial port can be configured as either a Modbus Master gateway or a Modbus Slave gateway, depending on your configuration and requirements. If your model supports I/O, see Modbus I/O Access for more information on using the Modbus protocol to access I/O data. Functionality The Modbus Gateway profile configures a serial port to act as a Modbus Master Gateway or a Modbus Slave Gateway.
Serial Port Profiles Configure the following parameters: Mode Specify how the Modbus Gateway is defined on the serial port. Data Options: z Modbus Master—Typically, the Modbus Master is connected to the Serial Port and is communicating to Modbus Slaves on the network. z Modbus Slave—Typically, the Modbus Master is accessing the IOLAN through the network to communicated to Modbus Slaves connected to the IOLAN’s Serial Ports.
Serial Port Profiles Idle Timeout Use this timer to close a connection because of inactivity. When the Idle Timeout expires, the IOLAN will end the connection. Range: 0-4294967 seconds (about 49 days) Default: 0 (zero), which does not timeout, so the connection is permanently open.
Serial Port Profiles The following buttons are available: Add Button Adds an entry into the Modbus Destination Slave IP Settings table. Edit Button Edits an entry in the Modbus Destination Slave IP Settings table. Delete Button Deletes an entry from the Modbus Destination Slave IP Settings table.
Serial Port Profiles Adding/Editing Modbus Slave IP Settings Configure the following parameters: UID Start When Destination is set to Host and you have sequential Modbus Slave IP addresses (for example, 10.10.10.1, 10.10.10.2, 10.10.10.3, etc.), you can specify a UID range (not supported with IPv6 addresses) and the IOLAN will automatically increment the last digit of the configured IP address.
Serial Port Profiles End IP Address Displays the ending IP address of the TCP/Ethernet Modbus Slaves, based on the Start IP address and the UID range (not supported for IPv6 addresses). Field Format: IPv4 address Protocol Specify the protocol that is used between the Modbus Master and Modbus Slave(s). Data Options: TCP or UDP Default: TCP UDP/TCP Port The destination port of the remote Modbus TCP Slave that the IOLAN will connect to.
Serial Port Profiles Embedded When this option is selected, the address of the slave Modbus device is embedded in the message header. Default: Enabled Remapped Used for single device/port operation. Older Modbus devices may not include a UID in their transmission header. When this option is selected, you can specify the UID that will be inserted into the message header for the Modbus slave device. This feature supersedes the Broadcast feature.
Serial Port Profiles Power Management Profile Overview The Power Management profile applies when there is a Perle Remote Power Switch (RPS) connected to the serial port. This profile is used to configure the RPS. See RPS Control for information on how to actively management the RPS. Functionality The Power Management profile configures a serial port to communicate with a Remote Power Switch’s (RPS) administration port.
Serial Port Profiles Configure the following parameters: Session Strings Controls the sending of ASCII strings to serial devices at session start as follows; z Send at Start—If configured, this string will be sent to the serial device on power-up of the IOLAN or when a kill line command is issued on this serial port. If the "monitor DSR" or "monitor DCD" options are set, the string will also be sent when the monitored signal is raised.
Serial Port Profiles Monitoring Tab Field Descriptions Configure the following parameters: Monitor Host This is the host which is to be monitored via PINGs. If the host stops responding to the PINGs, the power on this plug will be cycled in an attempt to recover the host. Default: None Ping Interval -Specify the frequency ( in minutes ) at which the configured host will be PING’ed.
Serial Port Profiles Wait Before Cycling Power Enables a delay before cycling the power on the plug. This delay allows for the sending of notification(s) of the impending power cycle. Notifications can be sent to a user on the console port of the host being monitored and/or via email. This gives system administrators the time to take appropriate action. Default: Disabled z Delay—Specify a delay (in minutes) before cycling the power on the plug.
Serial Port Profiles Remote Access (PPP) Profile Overview The Remote Access (PPP) profile configures a serial port to allow a remote user to establish a PPP connection to the IOLAN’s serial port. This is typically used with a modem for dial-in or dial-out access to the network or a wireless WAN card. Functionality There are two options for PPP user authentication: 1. You can configure a specific user/password and a specific remote user/password per a serial port. 2.
Serial Port Profiles General Tab Field Descriptions Configure the following parameters: IPv4 Local IP Address The IPV4 IP address of the IOLAN end of the PPP link. For routing to work, you must enter a local IP address. Choose an address that is part of the same network or subnetwork as the remote end; for example, if the remote end is address 192.101.34.146, your local IP address can be 192.101.34.145.
Serial Port Profiles IPv6 Local The local IPv6 interface identifier of the IOLAN end of the PPP link. For Interface Identifier routing to work, you must enter a local IP address. Choose an address that is part of the same network or subnetwork as the remote end. Do not use the IOLAN’s (main) IP address in this field; if you do so, routing will not take place correctly. Field Format: The first 64 bits of the Interface Identifier must be zero, therefore, ::abcd:abcd:abcd:abcd is the expected format.
Serial Port Profiles Password Specify the password used to access the DNS server. Account Settings Button Click this button to configure the Dynamic DNS DynDNS.org account information. See Account Settings for information on how to configure the Account Settings window. Authentication Tab Field Descriptions Configure the following parameters: Authentication The type of authentication that will be done on the link.
Serial Port Profiles User Complete this field only if you have specified PAP or CHAP (security protocols) in the Authentication field, and z you wish to dedicate this line to a single remote user, who will be authenticated by the IOLAN, or z you are using the IOLAN as a router (back-to-back with another IOLAN). When Connect is set to Dial Out or both Dial In/Dial Out are enabled, the User is the name the remote device will use to authenticate a port on this IOLAN.
Serial Port Profiles Remote Password Complete this field only if you have specified PAP or CHAP (security protocols) in the Security field, and z you wish to dedicate this serial port to a single remote user, and this user will be authenticated by the IOLAN, or z you are using the IOLAN as a router (back-to-back with another IOLAN) Remote password means the following: z When PAP is specified, this is the password the IOLAN will use to authenticate the remote device.
Serial Port Profiles Advanced Tab Field Descriptions Configure the following parameters: Routing Determines the routing mode (RIP, Routing Information Protocol) used on the PPP interface.This is the same function as the Framed-Routing attribute for RADIUS authenticated users. Data Options z None—Disables RIP over the PPP interface. z Send—Sends RIP over the PPP interface. z Listen—Listens for RIP over the PPP interface. z Send and Listen—Sends RIP and listens for RIP over the PPP interface.
Serial Port Profiles Configure Request The maximum time, in seconds, that LCP (Link Control Protocol) will wait Timeout before it considers a configure request packet to have been lost. Range: 1-255 Default: 3 seconds Configure Request The maximum number of times a configure request packet will be re-sent Retries before the link is terminated.
Serial Port Profiles Dial In If the device is remote and will be dialing in via modem or ISDN TA, enable this parameter. Default: Disabled Dial Out If you want the modem to dial a number when the serial port is started, enable this parameter.
Serial Port Profiles Remote Access (SLIP) Profile Overview The Remote Access (SLIP) profile configures a serial port to allow a remote user to establish a SLIP connection to the IOLAN’s serial port. This is typically used with a modem for dial-in or dial-out access to the network. General Tab Field Descriptions Configure the following parameters: Local IP Address The IPv4 address of the IOLAN end of the SLIP link. For routing to work you must enter an IP address in this field.
Serial Port Profiles Advanced Tab Field Descriptions Configure the following parameters: MTU The Maximum Transmission Unit (MTU) parameter restricts the size of individual SLIP packets being sent by the IOLAN. Enter a value between 256 and 1006 bytes; for example, 512. The default value is 256. If your user is authenticated by the IOLAN, this MTU value will be overridden when you have set a Framed MTU value for the user.
Serial Port Profiles Session Strings Controls the sending of ASCII strings to serial device at session start as follows; z Send at Start—If configured, this string will be sent to the serial device on power-up of the IOLAN, or when a kill line command is issued on this serial port. If the "monitor DSR" or "monitor DCD" options are set, the string will also be sent when the monitored signal is raised.
Serial Port Profiles Custom Application Profile Overview The Custom App/Plugin profile is used in conjunction with custom applications created for the IOLAN by using the Perle SDK. See the SDK Programmer’s Guide (the SDK and guide are accessible via a request form located on the Perle website at www.perle.com/supportfiles/SDK_Request.shtml) for information about the functions that are supported.
Serial Port Profiles Session Strings Controls the sending of ASCII strings to serial device at session start as follows; z Send at Start—If configured, this string will be sent to the serial device on power-up of the IOLAN, or when a kill line command is issued on this serial port. If the "monitor DSR" or "monitor DCD" options are set, the string will also be sent when the monitored signal is raised.
Port Buffering Port Buffering Overview The Port Buffering feature allows data activity on the IOLAN’s serial ports to be held in memory for viewing at a later stage without affecting the normal operation of the serial ports. Note: Port Buffering is only supported on serial port(s) configured for the Console Management profile. Functionality Port Buffering is required by system administrators to capture important information from devices attached to the IOLAN.
Port Buffering Remote Port Buffers The Remote Port Buffering feature allows data received from serial ports on the IOLAN to be sent to a remote server on the LAN. The remote server, supporting Network File System (NFS), allows administrators to capture and analyze data and messages from the serial device connected to the IOLAN serial port. Remote Port Buffering data can be encrypted or raw and/or time stamped.
Port Buffering Enable Remote (NFS) Buffering Enables/disables port buffering on a remote system. When you enable this option, you have the ability to save the buffered data to a file(s) (one file is created for each serial port) and/or send it to the Syslog host for viewing on the Syslog host’s monitor. Default: Disabled NFS Host The NFS host that the IOLAN will send data to for its Remote Port Buffering feature.
Advanced Advanced Advanced Serial Settings Tab Overview Advanced serial port settings apply to all serial ports. Field Descriptions Configure the following parameters: Process Break Signals Enables/disables proprietary inband SSH break signal processing, the Telnet break signal, and the out-of-band break signals for TruePort. Default: Disabled Flush Data Before When enabled, deletes any pending outbound data when a port is closed.
Advanced Data Logging Buffer Size The minimum data buffer size for all models is 1 KB. The maximum data buffer size is 2000 KB for DS1/TS2/STS8D, all other models are 4000 KB. If the data buffer is filled, incoming serial data will overwrite the oldest data. Values: 1-2000 KB (DS1/TS1/STS8D) - Default 4 KB Values: 1-4000 KB (all other models) - Default 256 KB The Data Logging buffer size is a valid option for the TruePort Profile and TCP Sockets Profile . Default: Disabled Pre V4.
Advanced Modems Tab Overview You need to configure a modem if there is a modem connected to the IOLAN. If your IOLAN model contains an internal modem or a PCI slot (SCS models) for a modem card, a permanent modem string called internal_modem or IOLAN modem, respectively, exists permanently in your configuration. Functionality Modems are usually configured for PPP/SLIP dial in/out connections, although some modems do support raw data communication.
Advanced TruePort Baud Rate Tab Overview The TruePort utility acts as a COM port redirector that allows applications to talk to serial devices across a network as though the serial devices were directly attached to the server. For IOLAN I/O models, you can also monitor and control I/O through the TruePort client. Functionality Since some older applications may not support the higher baud rates that the IOLAN is capable of achieving, the baud rate can be mapped to a different value on the IOLAN.
8 Configuring Users Chapter 8 Introduction You can configure up to four users in the IOLAN’s local user database for all DS, SDS, and STS 1-port to 4-port desktop models, in addition to the admin user. You can configure up to 48 users in the IOLAN’s local user database for all STS, SCS, and SDS rack mount models and all MDC medical unit models, in addition to the admin user. A user can even represent a device, like a barcode reader or a card swipe device, that you want to be authenticated.
User Settings User Settings Overview The Users window allows you to add, edit, and delete users from the IOLAN. Functionality The Users window displays the users who have been configured. You can add users, edit existing users, or delete users from this window. You cannot delete the pre configured admin user. See Adding/Editing Users for information on the parameters available when adding or editing a user.
Adding/Editing Users Adding/Editing Users General Tab Overview The General tab configures the basic user information. Functionality You must, minimally, provide a User Name and Level for a user. Field Descriptions Configure the following parameters: User Name The name of the user. Restrictions: Do not use spaces. Password The password the user will need to enter to login to the IOLAN. Confirm Password Enter the user’s password again to verify it is entered correctly.
Adding/Editing Users Level The access that a user is allowed. Data Options: z Admin—The admin level user has total access to the IOLAN. You can create more than one admin user account but we recommend that you only have one. They can monitor and configure the IOLAN. Users configured with this level can access the unit either via serial Terminal Profile connection or via a network originated Telnet or SSH connection to the IOLAN. z Normal—The Normal level user has limited access to the IOLAN.
Adding/Editing Users Services Tab Overview The Services tab configures the connection parameters for a user. Any connection parameters configured in this window will override the serial port connection parameters. Functionality When a Terminal profile is set for the serial port and Require Login has been selected, user’s accessing the IOLAN through the serial port will be authenticated. Once authentication is successful, the Service specified here is started.
Adding/Editing Users TCP Port When the User Service is Telnet, this is the target port number. The default value will change based on the type of Service selected; the most common known port numbers are used as the default values. IPv4 Address Used for User Service PPP or SLIP, sets the IP address of the remote user. Enter the address in dot decimal notation as follows: z n.n.n.n—(where n is a number) Enter the IP address of your choice.
Adding/Editing Users Enable VJ Compression Used for User Service PPP or SLIP, determines whether Van Jacobsen Compression is used on the link. VJ compression is a means of reducing the standard TCP/IP header from 40 octets to approximately 5 octets. This gives a significant performance improvement, particularly when interactive applications are being used. For example, when the user is typing, a single character can be transmitted and thus have the overhead of the full TCP/IP header.
Adding/Editing Users Session Timeout The amount of time, in seconds, before the IOLAN forcibly closes a user’s session (connection). The default value is 0 (zero), meaning that the session timer will not expire (the session is open permanently, or until the user logs out). The User Session Timeout will override all other Serial Port Session Timeout parameters.
Adding/Editing Users Sessions Tab Overview The Sessions tab is used to configure specific connections for users who are accessing the network through the IOLAN’s serial port. Functionality Users who have successfully logged into the IOLAN (User Service set to DSprompt) can start up to four login sessions on network hosts. These users start sessions through the EasyPort Menu option Sessions. Multiple sessions can be run simultaneously to the same host or to different hosts.
Adding/Editing Users Session 1, 2, 3, 4 You can configure up to four (4) sessions that the user can select from to connect to a specific host after that user has successfully logged into the IOLAN (used only on serial ports configured for the Terminal profile). Data Options: z None—No connection is configured for this session. z Telnet—For information on the Telnet connection window, see Telnet Settings . z SSH—For information on the SSH connection window, see SSH Settings .
Adding/Editing Users Serial Port Access Tab Overview The Serial Port Access tab controls the user’s read/write access on any given IOLAN serial port. This pertains to users that are connecting from the network to a serial over a Console Management type session. This can be useful when you have multiple users connecting to the same serial device and you wish to control the viewing and/or the write to and from the device.
9 Configuring Security Chapter 9 Introduction The Security group includes the following configuration options: z Authentication—When a serial port is configured for the Console Management or TCP Sockets profile, the user can be authenticated either locally in the IOLAN user profile or externally. This option configures the external authentication server. SeeAuthentication for more information. z SSH—This configuration window configures the SSH server in the IOLAN. See SSH for more information.
Authentication connection. Therefore, any parameters configured by RADIUS or TACACS+ will override the same parameters configured in the IOLAN. See Appendix A, RADIUS and TACACS+ for more information. Authentication In the Authentication window, you can select up to two methods of authentication made up of external authentication options and/or the local user database. Configure the following parameters: Primary Authentication Method The first authentication method that the IOLAN attempts.
Authentication Local Overview When Local authentication is selected, the user must either be configured in the IOLAN’s User List or you must enable Guest users. Field Descriptions Configure the following parameters: Enable Guest Mode Allow users who are not defined in the Users database to log into the IOLAN with any user ID and the specified password. Guest users inherit their settings from the Default User ’s configuration.
Authentication RADIUS Overview RADIUS is an authentication method that the IOLAN supports that can send back User information; see RADIUS on page 363 for more information on the User parameters that can be sent back by RADIUS. General Field Descriptions Configure the following parameters: First Authentication Name of the primary RADIUS authentication host. Host Default: None Second Name of the secondary RADIUS authentication host, should the first RADIUS Authentication Host host fail to respond.
Authentication Account Port The port that the RADIUS host listens to for accounting requests. Default: 1813 Enable Accounting Enables/disables whether or not the IOLAN validates the RADIUS accounting Authenticator response. Default: Enabled Retry The number of times the IOLAN tries to connect to the RADIUS server before erroring out. Range: 0-255 Default: 5 Timeout The time, in seconds, that the IOLAN waits to receive a reply after sending out a request to a RADIUS accounting or authentication host.
Authentication Use the following NAS-IP-Address When enabled, the IOLAN will send the specified IPv4 address to the RADIUS server. Default: Disabled IP Address The IPv4 address that the IOLAN will send to the RADIUS server. Default: 0.0.0.0 Automatically determine NASIPv6-Address When enabled, the IOLAN will send the IOLAN’s IPv6 address to the RADIUS server. Default: Enabled Use the following When enabled, the IOLAN will send the specified IPv6 address to the RADIUS NAS-IPv6-Address server.
Authentication LDAP/Microsoft Active Directory Overview LDAP (Lightweight Directory Access Protocol) is an application protocol for querying and modifying directory services running over TCP/IP. It is also used as a method of authenticating users. Microsoft Active Directory is an LDAP like directory service. It can be used for authenticating users in a similar fashion to LDAP. In this manual, the use of LDAP is synonymous with Microsoft Active Directory.
Authentication User Attribute This defines the name of the attribute used to communicate the user name to the server. Options: z OpenLDAP(uid)—Chose this option if you are using an OpenLDAP server. The user attribute on this server is “uid”. z Microsoft Active Directory(sAMAccountName)—Chose this option if your LDAP server is a Microsoft Active Directory server. The user attribute on this server is “sAMAccountName”.
Authentication TACACS+ Overview TACACS+ is an authentication method that the IOLAN supports that can send back User information; see Appendix A, RADIUS and TACACS+ for more information on the User parameters that can be sent back by TACACS+. Field Descriptions Configure the following parameters: Authentication/ Authorization Primary Host The primary TACACS+ host that is used for authentication.
Authentication Accounting Primary Host The primary TACACS+ host that is used for accounting. Default: None Accounting Secondary Host The secondary TACACS+ host that is used for accounting, should the primary accounting TACACS+ host fail to respond. Default: None Accounting Port The port number that TACACS+ listens to for accounting requests. Default: 49 Accounting Secret The TACACS+ shared secret is used to encrypt/decrypt TACACS+ packets in communications between two devices.
Authentication Encryption Type Legacy The type of encryption that will be used for SecurID server communication. Data Options: DES, SDI Default: SDI s If you are running SecurID 3.x or 4.x, you need to run in Legacy Mode. If you are running SecurID 5.x or above, do not select Legacy Mode. Default: Disabled NIS Field Descriptions Configure the following parameters: NIS Domain The NIS domain name. Primary NIS Host The primary NIS host that is used for authentication.
SSH SSH Overview The IOLAN contains SSH Server software that you need to configure if the IOLAN is going to be accessed via SSH. If you specify more than one Authentication method and/or Cipher, the IOLAN will negotiate with the client and use the first authentication method and cipher that is compatible with both systems. Functionality When you are using the SSH connection protocol, keys need to be distributed to all users and the IOLAN.
SSH Users Passing Through the IOLAN Using SSH (Dir/Sil) This scenario applies to serial ports configured for the Terminal profile and are required to login to the IOLAN. The user’s service is set to the SSH protocol, therefore, users first log into the IOLAN and then are connected to a specified host (configured for the user when User Service SSH is selected) through an SSH connection.
SSH Field Descriptions Configure the following parameters: Note: Some combinations of cipher groups are not available on FIPS firmware versions. SSH-1 protocol is not available on FIPS firmware versions. Allow SSH-1 Protocol Allows the user’s client to negotiate an SSH-1 connection, in addition to SSH2. Default: Disabled RSA When a client SSH session requests RSA authentication, the IOLAN’s SSH server will authenticate the user via RSA.
SSL/TLS AES The IOLAN SSH server’s AES encryption is enabled/disabled. Default: Enabled Break String The break string used for inband SSH break signal processing. A break signal is generated on a specific serial port only when the server's break option is enabled and the user currently connected using reverse SSH has typed the break string exactly. Field Format: maximum 8 characters Default: ~break, where ~ is tilde Enable Verbose Output Displays debug messages on the terminal.
SSL/TLS Field Descriptions Configure the following parameters: SSL/TLS Version Specify whether you want to use: z Any—The IOLAN will try a TLSv1 connection first. If that fails, it will try an SSLv3 connection. If that fails, it will try an SSLv2 connection. z TLSv1—The connection will use only TLSv1. z SSLv3—The connection will use only SSLv3. Default: Any SSL/TLS Type Specify whether the IOLAN serial port will act as an SSL/TLS client or server.
SSL/TLS Cipher Suite Field Descriptions Note: Some combinations of cipher groups may not be available on some firmware versions. The SSL/TLS cipher suite is used to encrypt data between the IOLAN and the client. You can specify up to five cipher groups. The following buttons are available on the Cipher Suite window: Add Button Adds a cipher to the cipher list. Edit Button Edits a cipher in the cipher list. Delete Button Deletes a cipher from the cipher list.
SSL/TLS Adding/Editing a Cipher See Appendix B, SSL/TLS Ciphers on page 375 for a list of valid SSL/TLS ciphers. Configure the following parameters: Encryption Select the type of encryption that will be used for the SSL connection. Data Options: z Any—Will use the first encryption format that can be negotiated. z AES z 3DES z DES z ARCFOUR z ARCTWO Default: Any Min Key Size The minimum key size value that will be used for the specified encryption type.
SSL/TLS HMAC Select the key-hashing for message authentication method for your encryption type. Data Options: z Any z MD5 z SHA1 Default: Any Validation Criteria Field Descriptions If you choose to configure validation criteria, then the information in the peer SSL/TLS certificate must match exactly the information configured in this window in order to pass peer authentication and create a valid SSL/TLS connection. Configure the following parameters: Country A country code; for example, US.
VPN Common Name An entry for common name; for example, the host name or fully qualified domain name. This field is case sensitive in order to successfully match the information in the peer SSL/TLS certificate. Data Options: Maximum 64 characters Email An entry for an email address; for example, acct@anycompany.com. This field is case sensitive in order to successfully match the information in the peer SSL/TLS certificate.
VPN IKE Phase 1 Proposals The following IKE Phase 1 proposals are supported by the IOLAN VPN gateway: z Ciphers—3DES, AES z Hashes—MD5, SHA1 z Diffie-Hellman Groups—2 (MODP1024), 5 (MODP1536), 14 (MODP2048), 15 (MODP3072), 16 (MODP4096), 17 (MODP6144), 18 (MODP8192) ESP Phase 2 Proposals The following ESP Phase 2 proposals are supported by the IOLAN VPN gateway: z Ciphers—3DES, AES z Authentication Algorithms—MD5, SHA1, SHA2 IPsec When an IPsec tunnel becomes active, you are requiring that all ac
VPN Adding/Editing the IPsec Tunnel When you click the Add button or select an IPsec tunnel and click the Edit button, the following window is displayed: Configure the following parameters: Name Provide a name for the IPsec VPN tunnel to make it easy to identify. Text Characteristics: Maximum of 16 characters, spaces not allowed Authentication Method Specify the authentication method that will be used between VPN peers to authenticate the VPN tunnel.
VPN Secret/Remote Depending on the Authentication Method: Validation Criteria Shared Secret—Specify the text-based secret that is used to authenticate the Button IPsec tunnel (case sensitive). This applies to all VPN tunnels (IPsec and L2TP/IPsec). X.509 Certificate—Specify the remote X.509 certificate validation criteria that must match for successful authentication (case sensitive). Note that all validation criteria must be configured to match the X.509 certificate.
VPN Remote Next Hop The IP address of the router/gateway that will forward data packets to the IOLAN (if required). The router/gateway must reside on the same subnet at the remote VPN. Field Format: IPv4 or IPv6 address Remote Host/Network Address The IP address of a specific host or the network address that the IOLAN will provide a VPN connection to. If the IPsec tunnel is listening for connections (Boot Action set to Add), and the field value is left at 0.0.0.
VPN Remote Validation Criteria Field Descriptions When the Authentication Method is set to X.509 Certificate, you can configure the remote validation criteria. The information in the remote X.509 certificate must match exactly the information configured in this window in order to successfully authenticate and create a valid connection. Configure the following parameters: Country A country code; for example, US. This field is case sensitive in order to successfully match the information in the remote X.
VPN L2TP/IPsec In order to create a VPN tunnel on Windows XP® , you must use the L2TP/IPsec protocol. When L2TP/IPsec is enabled, the IOLAN will listen for L2TP/IPsec VPN tunnel requests.
VPN Remote Validation Depending on the Authentication Method: Criteria Shared Secret—Specify the text-based secret that is used to authenticate the IPsec tunnel (case sensitive). This applies to all VPN tunnels (IPsec and L2TP/IPsec). X.509 Certificate—Specify the remote X.509 certificate validation criteria that must match for successful authentication (case sensitive). Note that all validation criteria must be configured to match the X.509 certificate. An asterisk (*) is valid as a wildcard.
VPN Delete Button Highlight an Exception List entry and click the Delete button to remove the entry from the list. Adding/Editing a VPN Exception The following parameters are available: IP Address The IP address of the host that will communicate with the IOLAN outside of the VPN tunnel. Field Format: IPv4 or IPv6 address Network The network address that will communicate with the IOLAN outside of the VPN tunnel.
HTTP Tunneling HTTP Tunneling Overview A HTTP tunnel is a firewall-safe communication channel between two IOLAN’s. HTTP tunnels can transport arbitrary TCP/IP or UDP/IP data for applications such as Telnet/SSH or any other TCP application and most UDP applications.
HTTP Tunneling Configuring HTTP Tunnel Field Descriptions The following parameters are available for configuring a HTTP Tunnel.: Name Provide a name for this tunnel. This name must match the tunnel name on the tunnel peer IOLAN DS. Connect to Provide the Host name or IP address of the listening IOLAN DS. Proxy Settings If a proxy server is being used, allows for the configuration of proxy specific parameters.
HTTP Tunneling Configuring HTTP Tunnel Proxy Proxy servers are used in larger companies and organizations. Ask your network administrator if you need to configure a Proxy server. Field Descriptions . The following parameters are available for configuring the Proxy specific parameters. Use HTTP Proxy Enables the Proxy parameters. Host/IP The Host name or IP address of the Proxy server. Port The HTTP/HTTPS port number of the Proxy server. Default: 8080.
HTTP Tunneling Configuring HTTP Tunnel Proxy Advanced Field Descriptions Keepalive Interval The number of seconds between sending keepalives for HTTP connections. Keepalives are used to prevent idle connections from closing. In most cases this value does not need to be changed. Default: 30 seconds Maximum Connection Age The maximum amount of time an HTTP connection will stay open in minutes. In most cases this value does not need to be changed. Default: 1440 mins. (1 day).
HTTP Tunneling Edit Button Highlight an HTTP Tunnel Destination entry and click the Edit button to change the entry. Delete Button Highlight an HTTP Tunnel Destination entry and click the Delete button to remove the entry from the list. Field Descriptions Configure the following parameters if host access via a tunnel is needed. Each entry in the list box defines the application and port numbers an external client will use to access the destination host or application.
HTTP Tunneling Destination Port The port number used by the destination host or destination application. Local IP Alias Users can access the HTTP tunnel through this IP address. Typically this field is only needed if the IOLAN has a listener on the same local TCP port. If not entered, the IP address of the IOLAN is used. Limited access to attached serial devices only Allow only attached serial devices to connect to this destination. Add button Acts like an "apply" button.
Services Services Overview Services are either daemon or client processes that run on the IOLAN. You can disable any of the services for security reasons. Functionality If you disable any of the daemons, it can affect how the IOLAN can be used or accessed. For example, if you disable WebManager (HTTPS and HTTP) services, you will not be able to access the IOLAN with the WebManager. If you disable the DeviceManager service, the DeviceManager will not be able to connect to the IOLAN.
Services DeviceManager DeviceManager daemon process in the IOLAN. If you disable this service, you will not be able to connect to the IOLAN with the DeviceManager application. The DeviceManager listens on port 33812 and sends on port 33813. Default: Enabled WebManager (HTTP) WebManager daemon process in the IOLAN listening on port 80. Default: Enabled WebManager (HTTPS) Secure WebManager daemon process in the IOLAN listening on port 443.
Keys and Certificates Keys and Certificates When you are using SSH, SSL/TLS, LDAP/Microsoft Active Directory, or HTTPS, you will need to install keys and/or certificates or get server keys in order to make those options work properly. All certificates need to be created and all keys need to be generated outside of the IOLAN, with the exception of the IOLAN SSH Public keys, which already exist in the IOLAN. SSH keys must be generated using the OpenSSH format.
Keys and Certificates Host Name The name of the host for which you are downloading the SSH Host Public or Private Key to the IOLAN. IPsec Tunnel Name Select the IPsec tunnel that the RSA public key is being used to authenticate.
10 Configuring I/O Interfaces Chapter 10 Introduction There is a line of IOLANs that can control/monitor the following types of I/O: z Analog Input z Digital Input/Output z Relay Output z Temperature Input Some of the models are I/O combinations and some of the models support one I/O type, although all of the SDS I/O models are extensions of the feature rich SDS IOLAN.
Settings Settings Overview The I/O Interfaces Settings window configures the parameters that are global to all I/O channels. I/O Access Functionality Field Descriptions Configure the following parameters: Enable I/O Access Enables/disables Modbus as the communication protocol for all the I/O to Modbus protocol channels. Default: Disabled UID This is the UID you are assigning to the IOLAN, which is acting as a Modbus slave.
Settings Idle Timeout Use this timer to close a connection because of inactivity. When the Idle Timeout expires, the IOLAN will end the connection. Range: 0-4294967 seconds (about 49 days) Default: 0 (zero), which does not timeout, so the connection is permanently open.
Settings TCP/UDP Port The network port number that the Slave Gateway will listen on for both TCP and UDP messages. Default: 502 Next Request Delay A delay, in milliseconds, to allow serial slave(s) to re-enable receivers before issuing next Modbus Master request. Range: 0-1000 Default: 50 ms Enable Serial When enabled, a UID of 0 (zero) indicates that the message will be broadcast to Modbus Broadcasts all Modbus Slaves.
Settings Failsafe Timer Functionality Overview The Failsafe Timer tab configures the I/O failsafe timer. The Failsafe Timer is enabled on a global basis and provides a trigger mechanism that can be configured for each channel when no I/O traffic has occurred for the specified amount of time. This traffic information would include any statistical data updates based on the refresh timer for Statistics.
Settings UDP Functionality Overview The UDP tab configures the I/O UDP broadcast settings. The I/O UDP broadcast feature periodically broadcasts the I/O channel status in a UDP message. You can configure up to four sets of IP address entries (each entry consisting of a start and end IP address range) to broadcast I/O status data. The broadcast frequency of the UDP packets to the configured UDP IP addresses can be defined to accommodate network traffic and monitoring PC application requirements.
Settings I/O UDP Settings Configure the following parameters: UDP Entry When enabled, broadcasts I/O status (data) to the specified range of IP addresses. Default: Disabled Start IP Address The first host IP address in the range of IP addresses (for IPV4 or IPV6) that the IOLAN will listen for messages from and/or send messages to.
Settings Temperature Functionality Overview The Temperature tab configures the temperature scale settings for T4 models. Field Descriptions Configure the following parameter: Temperature Scale Select the temperature scale that will be used to display temperature data.
Channels Channels The Channels section displays the I/O Channels window, through which you can enable/disable the I/O channels. Highlight a channel and then click the Edit button to configure the parameters for that channel. Analog Overview Analog channels monitor current/voltage input. Note that the internal jumpers must match the software setting (by default, they are set to Current); see Analog Input Module to find out how to set the internal jumpers.
Channels Field Descriptions Configure the following parameters: Description Provide a description of the channel, making it easier to identify. Data Options: Maximum 20 characters, including spaces Type Select the type of input being measured. Data Options: Current or Voltage Default: Current Range Select the range for the measurement type. Data Options: z Current—0-20 mA, 4-20 mA z Voltage—+/- 10V, +/- 5V, +/- 1V, +/- 500mV, +/- 150mV Default: Current is 0-20 mA. Voltage is +/- 10V.
Channels Digital Input Overview When the channel is set for digital input, it monitors voltage or current. Note that the internal jumpers must match the software setting and must be set to Input, which is the default; see Digital I/O Module to find out how to set the internal jumpers. Functionality The Digital input channels allow you to configure the following options: z You can choose to remember the last state change, or latch, that occurred.
Channels Field Descriptions Configure the following parameters: Description Provide a description of the channel, making it easier to identify. Data Options: Maximum 20 characters, including spaces Input Mode When selected, the channel will be reading the status of the line (input). The internal jumpers must match the software configuration; the internal jumpers are factory configured for Input Mode.
Channels Auto Clear Mode When enabled, automatically clears the alarm when the trigger condition changes; for example, if the Trigger is Inactive and the alarm is triggered, once the input becomes active again, the alarm will automatically be cleared Default: Enabled Manual Clear Mode When enabled, a triggered alarm must be manually cleared. Default: Disabled Email When enabled, sends an email alert to an email account(s) set up in the System settings when an alarm is triggered or cleared.
Channels Digital Output Overview When the channel is set for digital output, either voltage is applied to the channel or the channel is grounded. Note that the internal jumpers must match the software setting and must be set to Output (by default, they are set to Input); see Digital I/O Module to find out how to set the internal jumpers. Functionality The Digital output channels support three types of Digital output: sink (voltage), source (ground), and sink and source (apply voltage or ground).
Channels Field Descriptions Configure the following parameters: Description Provide a description of the channel, making it easier to identify. Data Options: Maximum 20 characters, including spaces Output Mode When selected, the channel will drive the line (output). The internal jumpers must match the software configuration, so if you change this setting to Output Mode, you will have to also change the internal hardware jumpers. Default: Disabled Type Specify the type of digital output.
Channels Pulse Mode When Output is set to Pulse, you can specify the manner of the pulse. Data Options: z Continuous—Continuously pulses active and inactive. z Count—Pulses an active/inactive sequence for the specified number of times. Default: Continuous Pulse Count The channel output will pulse for the specified number of times; each count consists of an active/inactive sequence. Default: 1 Inactive Signal Width How long the channel will remain inactive during pulse mode.
Channels Relay Overview Relay channels can open or close a contact for a higher voltage circuit using a lower level control voltage. The Relay output channels work as a physical on/off switch, and are used to drive higher voltage devices with a lower controlling voltage. You can configure the following Relay output channel options: z You can choose to manually activate/deactivate the Relay output.
Channels Field Descriptions Configure the following parameters: Description Provide a description of the channel, making it easier to identify. Data Options: Maximum 20 characters, including spaces Output Specify how the channel output will be handled. Data Options: z Manual—You must manually manipulate the channel output. z Pulse—Activates and deactivates the channel output activity in intervals after it is manually activated.
Channels Active Signal Width How long the channel will be active during the pulse mode. Range: 1-9999 x 100 ms Default: 1 (100 ms) Delay When a deactivate command is issued, a delay is implemented before the command is executed. Range: 1-9999 x 100 ms Default: 1 (100 ms) Failsafe Action When there has been no I/O activity within the specified time (set in the I/O Interfaces, Settings on the Failsafe Timer tab) and the Failsafe Timer is triggered.
Channels Functionality The Digital I/O extension feature requires the digital input to be connected to one or more digital outputs/relays (local or on another IOLAN model), output serial signal pins, and/or TCP/IP applications. In order to create a successful connection between the input and output or application, one side must be must be set to Listen for connection and the other side must be set to Connect to.
Channels Field Descriptions The Local connection option is different depending on whether you are configuring a Digital Input or a Digital Output/Relay channel. The Local connection option for Digital Input lists all the local Digital Output channels or output serial signal pins that it is associated with. Digital Input can be connected to multiple local Digital Output or Relay channels or output serial signal pins.
Channels Allow Multiple Hosts to Connect When this option is enabled, multiple I/O channels and/or TCP/IP applications can connect to this channel/serial signal pin. Default: Disabled Connect to When enabled, the channel/serial signal pin initiates communication to another I/O channel or a TCP/IP application. Default: Enabled Host Name The configured host or another IOLAN that the I/O channel will connect to.
Channels Adding/Editing Additional Hosts You can define a list of hosts that the I/O channel will communicate to or a primary/backup host. Configure the following parameters: Define additional When this option is enabled, you can define up to 49 hosts/IOLANs that the hosts to connect to I/O channel or serial signal pin will attempt communicate to. With this mode of operation, the I/O channel will connect to multiple hosts/IOLANs simultaneously.
Channels TCP Port Specify the TCP port that the I/O channel or serial signal pin will use to communicate to the Host. Default: 0 Temperature Temperature input channels monitor RTD or thermocouple temperature sensors inputs for the most common ranges. You can also configure severity alarms that can send an email, a syslog message, and/or an SNMP trap when an alarm is triggered or cleared; See Alarm Settings for more information about the alarms.
Channels Field Descriptions Configure the following parameters: Description Provide a description of the channel, making it easier to identify. Data Options: Maximum 20 characters, including spaces Type Specify the type of sensor you are using to measure temperature. Data Options: RTD, Thermocouple Default: RTD Range Specify the temperature range that you want to measure.
Channels Alarm Settings Analog and Temperature input models support an Alarm mechanism in which you can specify up to five severity levels of alarm triggers and clear levels; the alarm triggers/clear levels can activate in either increasing or decreasing severity levels.
Channels Send Syslog Alert When enabled, sends a message to syslog when an alarm is triggered or cleared. The syslog entry includes the severity level and the value that caused the alarm to trigger or clear. The syslog message is associated with Level Critical. Default: Disabled Send SNMP Alert When enabled, sends an SNMP trap when an alarm is triggered or cleared. The trap consists of the severity level and whether the alarm was triggered or cleared.
Channels Trigger If the Trigger Type is Low, an alarm is triggered when the input drops below the specified Trigger value; other severity level trigger values must decrease in value with each subsequent level. If the Trigger Type is High, an alarm is triggered when the input is higher than the specified Trigger value; other severity level trigger values must increase in value with each subsequent level.
I/O UDP I/O UDP Industrial applications often monitor the status of I/O devices such as sensors, alarms, relays, etc. by polling for I/O data. The IOLAN’s I/O UDP feature can help to minimize network traffic by broadcasting I/O status to industrial applications on specified intervals, providing I/O status in a timely manner. The IOLAN’s I/O UDP broadcast feature sends the status of attached I/O devices to defined hosts on the network.
I/O UDP Analog Section The Analog Section of the UDP packet is comprised of I/O data for each enabled Analog channel. Note: If the IOLAN I/O model does not support Analog channels, the Analog Channel Data subsection of the Analog Section will NOT be present in the UDP packet.
I/O UDP Digital/Relay Section The Digital/Relay Section of the UDP packet provides the status of Digital and Relay channels. The data for the status of each channel is represented by 1 byte, with each bit representing a channel (least significant bit format). Note: The Digital/Relay Channel Data subsection is present in the UDP packet regardless of whether or not the IOLAN model supports Digital/Relay channels.
I/O Modbus Slave UDP Unicast Example For an example of the I/O UDP unicast, see the sample program, ioudpbcast.c, found on your CDROM. I/O Modbus Slave If you have a Modbus serial or TCP application, it can access I/O connected to the IOLAN when the I/O Global Modbus Slave is enabled. You must supply a unique UID for the IOLAN, as it will act as a Modbus Slave. There are three ways your Modbus Application can connect to the IOLAN to access I/O.
Modbus I/O Access Modbus TCP Application If you have a Modbus RTU or Modbus ASCII program, you can access the I/O by connecting to the IOLAN over the network. UID: 15 PC running a Modbus RTU or ASCII Application Power perle Network IOLAN I/O Digital Output Modbus I/O Access The section defines the function codes and registers you will need to access the I/O through Modbus TCP, Modbus serial, or Modbus serial/TruePort.
Modbus I/O Access I/O Coil/Register Descriptions This section contains descriptions of I/O coils: z MB_REG_DI_SENSOR—Status of Digital input. 1 is Active, 0 is Inactive. If Invert Signal is configured on, 0 is Active, 1 is Inactive. If input is Latched, returns latched status. z MB_REG_DI_SENSOR_ALARM_STATE—Indication if input is in alarm state. 1 is In Alarm state, 0 is Not in Alarm state. A write of any value clears the alarm state. z MB_REG_DO_SENSOR—Status of Digital output.
Modbus I/O Access Serial Port Coil/Register Descriptions This section contains descriptions of serial port coils: z MB_REG_DI_DSR—The status of the DSR input signal. 1 is Active, 0 is Inactive. If Invert Signal is configured on, 0 is Active, 1 is Inactive. If input is Latched, returns latched status. z MB_REG_DI_DSR_ALARM_STATE—The alarm state of DSR input signal. 1 is In Alarm state, 0 is Not in Alarm state. A write of any value clears the alarm state. z MB_REG_DI_DCD—The status of DCD line.
Modbus I/O Access A4D2/A4R2 Registers The following coils and registers are supported by the IOLAN A4D2 and A4R2 I/O models: Data Model A1 A2 A3 A4 D1/R1 D2/R2 R/W ----- ----- ----- ----- 6149 6150 R ----- ----- ----- ----- 6213 6214 R/W ----- ----- ----- ----- 6661 6662 R/W MB_REG_HR_DI_SENSOR_LATCH ----- ----- ----- ----- 6149 6150 R/W MB_REG_HR_DO_SENSOR_PULSE_ISW ----- ----- ----- ----- 6213 6214 R/W MB_REG_HR_DO_SENSOR_PULSE_ASW ----- ----- ----- ----- 6
Modbus I/O Access D4/D2R2 Registers The following coils and registers are supported by the IOLAN D4 and D2R2 I/O models: Data Model D1 D2 D3/R1 D4/R2 R/W 6145 6146 6147 6148 R 6209 6210 6211 6212 R/W 6657 6658 6659 6660 R/W MB_REG_HR_DI_SENSOR_LATCH 6145 6146 6147 6148 R/W MB_REG_HR_DO_SENSOR_PULSE_ISW 6209 6210 6211 6212 R/W MB_REG_HR_DO_SENSOR_PULSE_ASW 6273 6274 6275 6276 R/W MB_REG_HR_DO_SENSOR_PULSE_COUNT 6337 6338 6339 6340 R/W Coils: MB_REG_DI_SENSOR * MB
TruePort I/O TruePort I/O You can see a sample API I/O over TruePort program called ioapiotp.c on the CD-ROM. TruePort/Modbus Combination If you have a Modbus serial application running on a PC that is connected to a network, you can use TruePort as a virtual serial connection to communicate with the IOLAN over the network to access I/O data.
TruePort I/O API Over TruePort Only If you have a custom application that talks to a serial port, you can use TruePort as a virtual serial port to communicate with the IOLAN over the network to access I/O data using the Perle API. You also have the option of enabling SSL as a security option to encrypt the data that is communicated between the IOLAN and the host machine (SSL/TLS must be configured in the Server settings and on the TruePort host).
Accessing I/O Data Via TruePort Accessing I/O Data Via TruePort Introduction Analog and Digital I/O data, as well as output control, can be accessed in several ways. To have access from an application running on a workstation or server, the I/O Applications Program Interface (API) provided within Trueport can be used. This API uses a command/response format to get or set data on each individual I/O channel register. A sample program (ioapiotp.
Accessing I/O Data Via TruePort Format of API Commands There are two groups of commands: z Get Commands—Retrieve values of the I/O channel registers z Set Commands—Set values on the I/O channel registers. Note: All commands need to be written to the COM port as a single write. I/O Channel registers are all assigned unique addresses, which need to be referenced in all of the commands. Please refer to the documentation specific you the applicable mode, for the list and addresses of all the registers.
Accessing I/O Data Via TruePort Example 1: Read the status of the first digital input (DI1) on a D2R2 unit. DI1 sensor is a coil register with the decimal value of 6145 (hex 0x1801). Request: 0x01 0x18 0x01 0x00 0x01 Response: 0x01 0x01 0x01 (Digital input 1 is active) Example 2: Read the values for the Inactive Signal Width, Active Signal Width, and Pulse count for the second digital output (DO2) on a D4 unit.
Accessing I/O Data Via TruePort Successful Response Format Byte(s) # of Bytes Value 1 1 Command code (from request). 2 2 Starting register number (see A4/T4 Registers , A4D2/A4R2 Registers , or D4/D2R2 Registers for this value) from request. 4 2 Number of registers written. Unsuccessful Response Format Byte(s) # of Bytes Value 1 1 Command that this is a response to. If an error has been detected, the command value will have the high bit set (OR with 0x80).
I/O SNMP Traps Error Codes Code Name Description 01 Illegal Function The function code received in the query is not an allowable action for the server (or slave). 02 Illegal Data Address The data address received in the query is not an allowable address for the server (or slave). 03 Illegal Data Value A value contained in the query data field is not an allowable value for server (or slave).
11 Configuring Clustering Chapter 11 Introduction Clustering is a way to provide access to the serial ports of many IOLANs through a single IP address. Clustering Slave List Overview The IP address that will be used to access all clustered serial ports will be that of the Master IOLAN in the cluster. All other IOLANs in the cluster will be referred to as Slave IOLANs.
Clustering Slave List Adding Clustering Slaves Overview When you add a clustering slave IOLAN entry, you are adding the IOLAN that users will access through this master IOLAN. Field Descriptions Configure the following parameters: Server Name Specify a name for the slave IOLAN in the clustering group. This name does not have to correspond to the proper host name, as it is just used within the IOLAN.
Clustering Slave List Advanced Clustering Slave Options Overview The Advanced button provides a means of configuring each individual serial port’s name, connection protocol, and port association in the clustered IOLAN slave. The Clustering Slave Settings window displays each clustered serial port slave entry, you need to click the Edit button to configure the individual serial port settings.
Clustering Slave List Slave TCP Port Specify the TCP Port number configured on the Slave IOLAN that is associated to the port number you are configuring. Range: 1-99999 Master TCP Port Specify the TCP port number you want to map to the Slave IOLAN TCP Port. User’s will use this TCP port number to access the Slave IOLAN’s port. Default: 1024, and then increments by one for each new slave entry Protocol Specify the protocol that will be used to access the port.
12 Configuring the Option Card Chapter 12 Introduction SCS models have a built-in option card slot that supports one of the following options cards (purchased separately): Perle IOLAN modem card PCMCIA Wireless Wan card USB modem card Fiber optic card offered in Fast Ethernet or Gigabit speeds. Perle PCI Adapter card for use with a user supplied USB modem card. Perle PCI Adapter card for use with a user supplied wireless WAN card.
Configuring a Wireless (PCMCIA) WAN Card Configuring a Wireless (PCMCIA) WAN Card Overview SCS IOLAN models support a wireless WAN card that can be installed to permit access to the IOLAN via the internet or other WAN network. If you are using a USB modem, please see Configuring a USB Modem . When the PCI card type has been configured to be a Wireless WAN card, the serial port associated with the wireless WAN card is automatically set to PPP. No other PPP configuration is typically required.
Configuring a Wireless (PCMCIA) WAN Card APN Specify the APN required by your internet provider to access their network. See the internet provider documentation for more information. User Name Specify the name required by your internet provider to access their network. Password Specify the password required by your internet provider to access their network. Phone Number Specify the phone number provided by your service provider to access their wireless network.
Configuring a USB Modem Configuring a USB Modem Overview SCS IOLAN models support a USB Wireless Modem that can be installed to permit access to the IOLAN via the internet or other WAN network. If you are using a PCMCIA Wireless Card, See Configuring a Wireless (PCMCIA) WAN Card . When the PCI card type has been configured to be USB, the serial port associated with the USB Modem is automatically set to PPP. No other PPP configuration is typically required.
Configuring a USB Modem PIN If you have locked your SIM using a PIN, you must enter this PIN here in order to allow the IOLAN to access it. If you have never locked your SIM card, leave this field blank. You can enter up to 8 digits for the PIN. When you click the Advanced button, the Remote Access (PPP) profile is displayed. The USB modem uses PPP to communicate with its wireless provider. See Remote Access (PPP) Profile for information on how to configure PPP.
Configuring a Fiber Optic Card Configuring a Fiber Optic Card Overview SCS IOLAN models support the ability to replace the second Ethernet interface with a fiber optic connection. Field Descriptions Configure the following parameters: Card Specify the type of fiber card you will be using. z KTI KG-500F—Gigabit fiber card. z Transition Networks N-FX-SC5-02—100MB card. The type selected must match the card installed in the PCI slot. No additional configuration is required for the fiber card.
13 Configuring the System Chapter 13 Introduction This chapter describes the alerts (email and syslog) that can be configured for the IOLAN and the advanced options (SNMP, time, custom applications/plugins, and other miscellaneous configuration options) that you will want to look at to see if they are required for your implementation. Alerts Email Alerts Overview Email notification can be set at the Server and/or Line levels.
Alerts Field Descriptions Configure the following parameters: Enable Email Alert Enables/disables a global email alerts setting. Even if this option is disabled, you can still configure individual serial port email alerts. When this option is enabled, individual serial ports can inherit these email alerts settings. Default: Disabled Level Choose the event level that triggers an email notification.
Alerts Password Enter the password associated with the user configured in “Username”. Maximum size of password is 64 characters. Encryption Choose the type of encryption desired. Valid options are; None - All information is sent in the clear. SSL - Select this if your email server requires SSL. TLS - Select this if your email server requires TLS Verify Peer Certificate When checked this will enable the validation of the certificate presented by the email server.
Alerts Syslog Overview The IOLAN can be configured to send system log messages to a syslog daemon running on a remote host if the Syslog service is activated. You can configure a primary and secondary host for the syslog information and specify the level for which you want syslog information sent. Note: You must ensure that the Syslog Client service in the Security, Services window is enabled (by default it is enabled) for these settings to work.
Management Management SNMP Overview If you are using SNMP to manage/configure the IOLAN, or to view statistics or traps, you must set up a User in SNMP version 3 or a Community in SNMP version 1,2 to allow your SNMP manager to connect to the IOLAN; this can be done in the DeviceManager, WebManager, CLI, or Menu. You must then load the perle-sds.MIB (found on the CD-ROM packaged with the IOLAN) file into your SNMP manager before you connect to the IOLAN.
Management Internet Address The IP address of the SNMP manager that will send requests to the IOLAN. If the address is 0.0.0.0, any SNMP manager with the Community name can access the IOLAN. If you specify a network address, for example 172.16.0.0, any SNMP manager within the local network with the Community name can access the IOLAN. Field Format: IPv4 or IPv6 address Permissions Permits the IOLAN to respond to SNMP requests. Data Options: z None—There is no response to requests from SNMP.
Management V3 Read-Only Auth Specify the authentication algorithm that will be used for the read-only user. Algorithm Data Options: MD5, SHA Default: MD5 V3 Read-Only Auth Type in the read-only user’s authentication password. Password V3 Read-Only Retype the user’s authentication password. Confirm Password V3 Read-Only Specify the read-only user’s privacy algorithm (encryption).
Management Type Select between Trap and Inform. Inform requires the host receiving the trap to acknowledge the receipt of the trap. Community The name of the group that devices and management stations running SNMP belong to. Community only applies to SNMP v1 and v2c Timeout This is only used for Inform traps. Select the number of seconds to wait for the acknowledgement of the trap. Default: 1 second Retries This is only used for Inform traps.
Management V3 Create EngineID Using String The string entered in this field will be combined with the defined string in hex of 800007AE04 to form the Engine ID. Ensure each string is unique for each IOLAN on your network. Time Overview You can set standard and summer time (daylight savings time) in the IOLAN. You can specify the summer time settings as absolute, on a fixed date and time, or relative, on something like the third day of the third week at this time in June.
Management NTP/SNTP Mode The NTP/SNTP mode. Data Options: z None—NTP/SNTP is turned off. z Unicast—Sends a request packet periodically to the Primary host. If communication with the Primary host fails, the request will be sent to the Secondary host. z Broadcast/Multicast—Listen for any broadcasts from an NTP/SNTP server and then synchronizes its internal clock to the message. z Manycast/Anycast—Sends a request packet as a broadcast on the LAN to get a response from any NTP/SNTP server.
Management Time Zone/Summer Time Tab Field Descriptions You can configure an automatic summer time (daylight savings time) time change. Configure the following parameters: Time Zone Name The name of the time zone to be displayed during standard time. Field Format: Maximum 4 characters and minimum 3 characters (do not use angled brackets < >) Time Zone Offset The offset from UTC for your local time zone.
Management Recurring Start Date Sets the relative date and time in which the IOLAN’s clock will change to summer time (daylight saving time) hours. Sunday is considered the first day of the week. Recurring End Date Sets the relative date and time in which the IOLAN’s clock will end summer time hours and change to standard time. Sunday is considered the first day of the week. Custom App/Plugin Overview You can create custom applications for the IOLAN by using the Perle SDK.
Management Advanced Tab Field Descriptions Configure the following parameters: Bootup Files Tab Field Descriptions Use System Name in Prompts Displays the System Name field value instead of default product name. When enabled, the Server Name is displayed in the IOLAN login prompt, CLI prompt, WebManager login screen, and the heading of the Menu. Default: Disabled Display Login Banner This parameter concerns the banner information (product name/software version).
Management Select Java if communication is via port 23(Telnet) or port 22(SSH) and the IOLAN is not restricted by a firewall. Select Javascript if you need to communicate through a firewall on port 8080 using EasyPort Web. To end and close a Telnet session, type CTRL] then type quit To end and close a SSH session, on a new line type ~. (period). EasyPort Web You must have a SFTP/TFTP server running on any host that you are uploading or downloading files to/from.
Management Message of the Day (MOTD) Tab Field Descriptions The message of the day is displayed when users log into the IOLAN through a telnet or SSH session or through WebManager or EasyPort Web. There are two ways to retrieve the message of the day to be displayed to users when they log into the IOLAN: z The message of the day file is retrieved from a SFTP/TFTP server every time a user logs into the IOLAN.
Management TFTP Tab Field Descriptions You must have a TFTP server running on any host that you are uploading or downloading files to/from. Note: TFTP file transfers send via UDP packets. When the packet delivery is interrupted for any reason and a timeout occurs, that packet is resent if the retry count allows it. Therefore, if a very large file is being transferred and is interrupted, the entire file is not resent, just the part of the file that was not received.
Management SFTP Tab Field Descriptions You must have a SFTP server running on any host that you are uploading or downloading files to/from. These are global SFTP settings. They are used whenever the user specifies “SFTP” as the protocol to be used for the file transfer. Note: Some combinations of cipher groups are not available on FIPS firmware versions. SSH-1 protocol is not available on FIPS firmware versions. Configure the following parameters: Enable Compression Enables compression of all data.
Management Authentication RSA Allow RSA to be used as the method of authenticating the IOLAN. Authentication DSA Allow DSA to be used as the method of authenticating the IOLAN. Authentication Keyboard Interactive Allow “Keyboard Interactive” to be used as the method of authenticating the IOLAN. Console Port Tab Field Descriptions This tab is found on rack mount models and is used to configure the Admin/Console port.
14 Controlling the RPS, I/O Channels, IPsec Chapter 14 Introduction The Control section appears when the IOLAN is connected to a Remote Power Switch and/or an I/O model or you want to control the IPsec tunnel.
RPS Control Plug Control Overview When you click the Plug Control button, you can power on/off individual plugs. Field Descriptions The “Power Status” field above can contain the following values; • On - Power is currently being applied to the plug. • Off - Power is currently not being applied to the plug. The “Monitor Host Status” field above can contain the following values; • Disabled - Feature is currently disabled. • Discovering- Host has never responded to a PING.
RPS Control Power Monitor Host OK Button Controls the power state of the plug as follows; On Button - Turns the selected plug on. Off Button - Turns the selected plug off. Cycle Button - Turns the selected plug off and then on. If host monitoring has been enabled on this plug, these buttons control the state of the feature as follows; On Button - Enables the host monitor function. Off Button - Disables the host monitor function.
Serial Port Power Control Serial Port Power Control Overview The Serial Port Power Control window allows you to manage the power plugs that have been associated with the serial devices connected to the IOLAN. Field Descriptions The following buttons are available: On Button Turns the selected plug on. Off Button Turns the selected plug off. Cycle Button Turns the selected plug off and then on.
I/O Channels I/O Channels Overview When the DeviceManager is connected to an I/O model IOLAN, the I/O Status/Control option is available. You can view the I/O status and manually control such options as clearing alarms, clearing minimum/maximum values, resetting the channel(s), and activating/deactivating output. The following buttons are available: Reset Channel Button Resets the highlighted channel (click on a channel to highlight it). Clear Alarm Button Clears the alarm.
IPsec Tunnel Control IPsec Tunnel Control You can start, stop, and restart all the IPsec tunnels. When you start the IPsec tunnels, the Boot Action configured for each IPsec tunnel is what determines its state. The following buttons are available: Start Button Starts all IPsec VPN tunnels. Stop Button Stops all IPsec VPN tunnels. Restart Button Stops and then starts all IPsec VPN tunnels.
15 System Administration Chapter 15 Introduction This chapter addresses the functions that the admin user or a user with Admin Level privileges might do. This chapter uses the DeviceManager as the configuration method described in most administrative functions. As a general rule, administrative functions are accessed from the menu bar in the DeviceManager and under the Administration option in the WebManager’s navigation tree.
Managing Configuration Files Downloading Configuration Files You can download a configuration file to the IOLAN by doing the following: z z In DeviceManager: 1. Connect to the IOLAN to retrieve the current configuration file. 2. Open the configuration file you want to download to the IOLAN by selecting File, Import Configuration from a File and then browsing to the configuration file. This will replace the retrieved configuration file. 3.
Managing Configuration Files Downloading Configuration Files to Multiple IOLANs You can download a configuration file to multiple IOLANs at the same time by doing the following in DeviceManager (DeviceManager is the only configurator that does this function): 1. Select Tools, Download Configuration to Multiple IOLANs. 2. Specify the IOLANs that you want to download the configuration to: Enter the following information for each IOLAN that you want to configure with the same configuration file: 3.
Managing Configuration Files 4. Click the Download> button to start the download process. A status window will display with the configuration download status. Uploading Configuration Files When you upload a configuration to the DeviceManager, you are uploading the IOLAN’s working configuration file. In most other configurators (the exception being SNMP), you are always seeing the working configuration file. In DeviceManager, select Tools, Upload Configuration from IOLAN.
Downloading IOLAN Firmware Resetting the IOLAN to the Default Configuration The RESET button is available on all IOLAN models (except medical unit models). The button allows you to reset the IOLAN to its Perle or custom factory default configuration. The Power/Ready LED color and the resetting of the IOLAN default configuration vary depending on how long you press and hold the RESET button, as shown in the table below. When you press and hold the RESET button for...
Calibrating I/O Calibrating Voltage When calibrating the IOLAN Analog input for voltage, you will need a calibration meter that is better than .1% volts precision. When you calibrate one channel, all voltage channels are automatically calibrated for that range; if another channel is set for a different range, you will need to calibrate that channel separately, but all channels that use that range are also automatically calibrated.
Calibrating I/O Calibrating Analog Channels Analog Input can be calibrated for Analog and Temperature IOLAN models. Select the channel you want to calibrate. This example uses an A4 model that has channel A1 set to Current with a Range of 0 to 20mA. If you have not disabled confirmation messages (Tools, Options in DeviceManager only), you will get prompted to verify channel calibration. Click Yes to proceed with calibration.
Setting the IOLAN’s Date and Time Setting the IOLAN’s Date and Time When you set the IOLAN’s time, the connection method and time zone settings can affect the actual internal clock time that is being set. For example, if you are connecting to the IOLAN through the DeviceManager and your PC’s time zone is set to Pacific Standard Time (GMT -8:00) and the IOLAN’s time zone is set to Eastern Standard Time (GMT -5:00), the IOLAN’s time is actually three hours ahead of your PC’s time.
Resetting the SecurID Node Secret Resetting the SecurID Node Secret If you are using SecurID external authentication, you can select Tools, Reset, Reset SecurID Node Secret in DeviceManager and Administration, Reset, SecurID Secret in WebManager to reset the node secret. You do not need to reboot the IOLAN for this to take effect, it works instantly. Language Support Two language files, in addition to English, are supplied on the supplemental CD, French and German.
Language Support Note: If you download a new software version, you can continue to use your language unchanged; however, we recommend translating the new strings, which will be added to the end of the language file. A Reset to Factory Defaults will reload the Customlang as English. On successful download, the Customlang in the IOLAN will be overwritten by the new language.
Downloading Terminal Definitions Downloading Terminal Definitions All terminal types can be used on the IOLAN. Some terminal types which are not already defined in the IOLAN, however, are unable to use Full Screen mode (menus) and may not be able to page through sessions properly. When installed, the IOLAN has several defined terminal types—Dumb, WYSE60, VT100, ANSI, TVI925, IBM3151, VT320-7, and HP700/44.
Resetting Configuration Parameters For example: term=AT386 | at386| 386AT |386at |at/386 console acsc=jYk?lZm@qDtCu4x3 bold=\E[1m civis= clear=\E[2J\E[H cnorm= cup=\E[%i%p1%02d;%p2%02dH rev=\E4A rmacs=\E[10m rmso=\E[m smacs=\E[12m smso=\E[7m page= circ=n Note: As you can see from the example, capabilities which are not defined in the terminfo file must still be included (albeit with no value). Each entry has an 80 character limit.
Lost admin Password Lost admin Password If the admin user password is lost, there are only two possible ways to recover it: z reset the IOLAN to the factory defaults z have another user that has Admin level rights, if one is already configured, reset the admin password 351
16 Applications Chapter 16 Introduction This chapter provides examples of how to integrate the IOLAN within different network environments or applications. Each scenario provides an example of a typical setup and describes the configuration steps to achieve the IOLAN functionality feature. Configuring Modbus This sections provides a brief overview of the steps required to configure the IOLAN for your Modbus environment.
Configuring Modbus Modbus Gateway Settings The scenarios in this section are used to illustrate how the IOLAN’s Modbus Gateway settings are incorporated into a Modbus device environment. Depending on how your Modbus Master or Slave devices are distributed, the IOLAN can act as both a Slave and Master Gateway(s) on a multiport IOLAN or as either a Slave or Master Gateway on a single port IOLAN.
Configuring Modbus Modbus Serial Port Settings Modbus Master Settings When the Modbus Masters is attached to the IOLAN’s serial port, configure that serial port to the Modbus Gateway profile acting as a Modbus Master. You must configure the Modbus TCP Slaves on the TCP/Ethernet side so the IOLAN can properly route messages, using the Modbus Slave’s UIDs, to the appropriate TCP-attached devices. Modbus Slave IP: 10.10.10.12 UID: 23 Master Gateway TCP IOLAN IP: 10.10.10.10 Modbus Slave IP: 10.10.10.
Configuring Modbus Modbus Slave Settings When you have Modbus Slaves on the serial side of the IOLAN, configure the serial port to the Modbus Gateway profile acting as a Modbus Slave. There is only one Slave Gateway in the IOLAN, so all Modbus serial Slaves must be configured uniquely for that one Slave Gateway; all serial Modbus Slaves must have unique UIDs, even if they reside on different serial ports, because they all must be configured to communicate through the one Slave Gateway.
Configuring PPP Dial On Demand Configuring PPP Dial On Demand The IOLAN can be configured to access remote networks via modems connected to the serial interface of the IOLAN. By configuring the IOLAN for the Remote Access (PPP) profile, data that is destined for the remote network will initiate a modem connection to the remote network to route the data to its appropriate destination. 172.16.0.0 PPP Local IP Addr: 195.16.20.23 PPP Remote IP Addr: 195.16.20.24 Local Host perle Network IOLAN 204.16.0.
Setting Up Printers 6. Next you need to create a gateway and destination route entry. Select Network, Advanced, and the Route List tab. For the destination, if you want the connection to be able to reach any host in the remote network, set the Type to Network and specify the network IP address and subnet/prefix bits; if you want the connection to go directly to a specific remote host, set the Type to Host and specify the host’s IP address.
Setting Up Printers Remote Printing Using RCP When setting up a serial port that accesses a printer using RCP, do the following: 1. Set the serial port to Printer and configure the Speed, Flow Control, Stop Bits, Parity, and Bits parameters so that they match the printer’s port settings. 2. Save your settings and restart the serial port. 3.
Configuring a Virtual Private Network Configuring a Virtual Private Network You can configure the IOLAN to act as a Virtual Private Network (VPN) gateway using the IPsec protocol. Any of the following scenarios can be configured using one IOLAN and a host/server running IPsec software or two IOLANs, each acting as the VPN gateway. All the examples have NAT Traversal (NAT_T) enabled, since both VPN gateways are running through routers.
Configuring a Virtual Private Network 360
Configuring a Virtual Private Network 2. Use a utility (for example, Openswan’s newhostkey/showhostkey utilities) to generate the RSA signature public key.
Configuring a Virtual Private Network Network-to-Network The following examples shows how to configure a network-to-network IPsec tunnel. This example uses the X.509 Certificate authentication method, so it includes the configuration requirements for the X.509 certificate. NAT Traversal (NAT_T) is enabled in this example (on both sides) because the VPN tunnel is going private network to public network to private network.
Configuring a Virtual Private Network 3. If the signer of the remote X.509 certificate has not already been included in the CA list file that has already been downloaded to the IOLAN, you need to add (append) the signer of the X.509 certificate to the CA list file and then download the file to the IOLAN by selecting Tools, Advanced, Keys and Certificates. In the Keys and Certificates window, select Download SSL/TLS CA and the file name and click OK.
Configuring a Virtual Private Network %defaultroute is entered for the Local IP Address because the IP address is DHCP assigned and is therefore subject to change. 2. The following window configures the Right IOLAN VPN Gateway: %defaultroute is entered for the Local IP Address because the IP address is DHCP assigned and is therefore subject to change.
Configuring a Virtual Private Network VPN Client-to-Network The following example shows how to configure a VPN client-to-network IPsec tunnel. In this example, the IOLAN will accept VPN connections from multiple VPN clients on private networks that want to access the public 199.24.0.0 subnetwork through the VPN gateway. NAT Traversal (NAT_T) is disabled in this example (on both sides) because the VPN tunnel is going private network to public network.
Configuring HTTP Tunnels Configuring HTTP Tunnels Note: When HTTP tunneling is used TCP and UDP ports 50000 and above are reserved and should not be configured by the user. Serial-to Serial The following example will demonstrate how to set up a serial device (VT100 Terminal) to serial device (Linux host, console port) connection via an HTTPS tunnel. HTTPS will be used because data security is required. Because IOLAN 1 is behind the firewall, it will need to initiate the HTTP tunnel connection.
Configuring HTTP Tunnels Configure a “Listen for connection” HTTP tunnel on IOLAN 2 Match name on IOLAN 1 Check HTTPS for secure tunnel connection. This must match configuration IOLAN 1 On IOLAN 1, under Serial port configuration, select serial ports and configure for Terminal profile.
Configuring HTTP Tunnels On IOLAN 2, under serial port configuration, select serial port and configure for Console Management profile.. Protocol - Telnet TCP port number must match TCP port number on IOLAN 1 The setup for HTTP Tunnel serial-to-serial is now complete. Serial-to Host The following example will demonstrate how to setup a serial device (Point of Sale terminal) to an IP host (100.10.60.3) connection via an HTTP tunnel.
Configuring HTTP Tunnels Configure a “connect to” HTTP tunnel on IOLAN 1 Match name on IOLAN 2 IP address of IOLAN 2 Configure a “Listen for connection” HTTP tunnel on IOLAN 2 Match name on IOLAN 1 Add The IP host to the host table on IOLAN 2.
Configuring HTTP Tunnels Configure the serial port on IOLAN 2, as follows; Use TCP Sockets Select “connect to” Select the IP host from host table. Match TCP port number IP host is listening on. Configure connection to use “tunnel1”. When IOLAN 1 boots, it will establish an HTTP tunnel to IOLAN 2. IOLAN 2 will initiate a connection between the serial device and the IP host. The connection will use the destination TCP port 20001. The setup for HTTP Tunnel Host-to-Serial is now complete.
Configuring HTTP Tunnels TFTP Server TFTP Client IOLAN 1 10.10.100.2 IOLAN 2 100.10.50.1 10.10.50.2 100.10.50.
Configuring HTTP Tunnels Configure a “Listen for connection” HTTP tunnel. Match name on IOLAN 1 On IOLAN 1, under HTTP Tunnel, add a Tunnel destination. Select predefined tunnel entry IP address of TFTP Server Select UDP Destination Port number for TFTP packets Local Port number for TFTP packets The setup for HTTP Tunnel Host-to-Host is now complete.
Configuring HTTP Tunnels Tunnel Relay The following example will demonstrate how to setup an IP host (10.10.10.10) to an IP Host (10.10.11.11) connection using HTTP tunnels when both hosts are sitting behind a firewall. To do this, a third IOLAN which is not behind a firewall is required. Because IOLAN 1 and IOLAN 3 are both behind a firewall, each will need to initiate a connection to IOLAN2 who is in the open. For more HTTP tunneling configuration parameters see IOLAN 1 10.10.50.
Configuring HTTP Tunnels Configure a “Listen for connection” HTTP tunnel on IOLAN 2 Match name on IOLAN 1 Configure a second “Listen for connection to IOLAN Match name on IOLAN 3 374
Configuring HTTP Tunnels Configure a “connect to” HTTP tunnel on IOLAN 3 Match name on IOLAN 2 IP address of IOLAN 2 On IOLAN 1, under HTTP Tunnel, add a Tunnel destination Select tunnel1 Select Same asTunnel Select TCP Destination port number to be used by IOLAN 1 for communications. Default starts at 40001. This is the port number the telnet client will use.
Configuring HTTP Tunnels On IOLAN 2, under HTTP Tunnel, add a Tunnel destination. Select tunnel2 IP address of final destination Telnet host Select TCP Destination port set to 23 for Telnet protocol Local port number to be used by IOLAN 2 for communications. Note: This value must match destination port number on IOLAN 1 The setup for HTTP Tunnel Relay is now complete.
A RADIUS and TACACS+ Appendix A Introduction This chapter describes the parameters that can be passed to the IOLAN when a user logs into the IOLAN (serial port set to profile Terminal) from external authentication RADIUS and TACACS+ servers. RADIUS Although RADIUS can be used strictly for external authentication, it can also be used to configure line and user parameters.
RADIUS Type Name 6 Service-Type Description Response Indicates the service to use to connect the user to the IOLAN. A value of 6 indicates administrative access to the IOLAN. Supported values are: z 1—Login z 3—Callback-Login Equivalent to the IOLAN User Service set by Type 15, Login-Service. z z z z z z 2—Framed 4—Callback-Framed Equivalent to the IOLAN User Service set by Type 7, Framed-Protocol. 7—NAS prompt 9—Callback NAS-prompt Equivalent to IOLAN User Service DSLogin.
RADIUS Type Name Description 16 Login-TCP-Port Response Indicates the TCP port with which the user is to be connected when the Service-Type is set to 1 (Login) or 3 (Callback-Login). 19 Callback-Number Response Specifies the callback phone number. This is the same implementation as 20 (Callback-ID), but takes precedence if 20 is set. 20 Callback-ID Response Specifies the callback phone number. This is the same implementation as 19 (Callback-Number), but 19 takes precedence if both are set.
RADIUS Type Name Description 61 NAS-Port-Type Response For reverse telnet and reverse ssh connections, a type of Virtual (5) will be sent. For a PPP connection type a type of Async (0) will be sent. For all direct connect service types a type of Async (0) will be sent. 87 NAS-Port-Id Response For sessions originating from the serial port: or “SERIAL:xx”, where xx starts at serial port 1.
RADIUS Accounting Message This section describes the attributes which will be included by the IOLAN when sending an accounting message to the RADIUS server. Type Name Description 1 User-Name The name of the user to be authenticated. 4 NAS-IP-Address IP Address of IOLAN LAN interface. 5 NAS-Port If the user is connected to a physical port then the port number of the port is sent. If the user is connected to the IOLAN itself then a port number of 0 is sent.
RADIUS Type Name Description 46 Acct-Session-Time Number of seconds for which the user has been connected to a specific session. 47 Acct-Input-Packets Number of packets which were received from the user during this session. 48 Acct-Output-Packets Number of packets which were transmitted to the user during this session.
RADIUS Framed-Address Framed-Netmask Remote IP Address field under either SLIP or PPP. Caution: the exception to the above rule is a Framed-Address value of 255.255.255.254. When this value is specified in the RADIUS file, the unit will use the Remote IP address configured for a PPP line in the IOLAN. IPv4 Subnet Mask field under either SLIP or PPP. Framed-Compression VJ Compression field under either SLIP or PPP. Framed-MTU MTU field under SLIP. MRU field under PPP.
RADIUS Perle RADIUS Dictionary Example The IOLAN has defined Vendor Specific RADIUS attributes in order for the RADIUS server to be configured to support the IOLAN features of Line Access Rights and User Level. These attributes have been defined in Supported RADIUS Parameters on page 377 to allow the RADIUS server to be configured for RADIUS users to have this level of configuration.
RADIUS ATTRIBUTE ATTRIBUTE ATTRIBUTE ATTRIBUTE ATTRIBUTE ATTRIBUTE ATTRIBUTE ATTRIBUTE ATTRIBUTE ATTRIBUTE ATTRIBUTE ATTRIBUTE ATTRIBUTE ATTRIBUTE ATTRIBUTE ATTRIBUTE ATTRIBUTE ATTRIBUTE ATTRIBUTE ATTRIBUTE Perle-Line-Access-Port-30 Perle-Line-Access-Port-31 Perle-Line-Access-Port-32 Perle-Line-Access-Port-33 Perle-Line-Access-Port-34 Perle-Line-Access-Port-35 Perle-Line-Access-Port-36 Perle-Line-Access-Port-37 Perle-Line-Access-Port-38 Perle-Line-Access-Port-39 Perle-Line-Access-Port-40 Perle-Line-Access
TACACS+ VALUE Perle-Line-Access-Port-3 Read-Output-Input-Write 7 VALUE VALUE VALUE VALUE VALUE VALUE VALUE VALUE Perle-Line-Access-Port-4 Perle-Line-Access-Port-4 Perle-Line-Access-Port-4 Perle-Line-Access-Port-4 Perle-Line-Access-Port-4 Perle-Line-Access-Port-4 Perle-Line-Access-Port-4 Perle-Line-Access-Port-4 Disabled Read-Write Read-Input Read-Input-Write Read-Output Read-Output-Write Read-Output-Input Read-Output-Input-Write 0 1 2 3 4 5 6 7 ...
TACACS+ Name service = tcp_clear { addr = port = } service = slip { routing = addr = Value(s) Description Settings when Perle_User_Service is set to 2. IPv4 or IPv6 address TCP port number Settings when Perle_User_Service is set to 3. true (Send and Listen) false (None) IPv4 or IPv6 address } service = ppp { routing = Settings when Perle_User_Service is set to 4. service = ssh { addr = port = } Settings when Perle_User_Service is set to 5.
TACACS+ Accessing the IOLAN Through a Serial Port User Example Settings The following example shows the parameters that can be set for users who are accessing the IOLAN from the serial side. These settings should be included in the TACACS+ user configuration file.
TACACS+ service = ppp { routing=x # x = true (Send and Listen) # x = false (None) addr = x.x.x.x # ipv4 or ipv6 addr ppp-vj-slot-compression = x # x =true or false callback-dialstring = x # x = number to callback on } service = ssh { addr = x.x.x.x port = x } # ipv4 or ipv6 addr # tcp_port # service = ssl_raw { addr = x.x.x.
TACACS+ Accessing the IOLAN from the Network User Example Settings The following example shows the parameters that can be set for users who are accessing the IOLAN from the Ethernet side. These settings should be included in the TACACS+ user configuration file.
B SSL/TLS Ciphers Appendix B Introduction This appendix contains a table that shows valid SSL/TLS cipher combinations. Note: Some combinations of cipher groups are not available on FIPS firmware versions. Valid SSL/TLS Ciphers This chart displays all of the valid SSL/TLS combinations. Full Name SSL Ver.
Valid SSL/TLS Ciphers Full Name SSL Ver.
C Virtual Modem AT Commands Appendix C Virtual Modem Initialization Commands Note: Virtual Modem initialization commands are only supported on IOLAN firmware and configurators version 3.2 or higher. You can initialize the modem connection using any of the following commands: Command Description Options ATQn Quiet mode. Determines if result codes will be n=0, result codes will be sent. sent to the connected terminal.
Virtual Modem Initialization Commands Command Description Options AT&Z1 Set command allows the user to store an IP address and port number or phone number to use when making a connection. The user will issue an ATDS1 to cause the IOLAN to initiate the connection. AT&Sn Sets the behavior of IOLAN’s DTR signal. (DSR from a DCE perspective) AT&Rn Sets the behavior of IOLAN’s RTS signal. (CTS n=0, RTS always high. (default). from a DCE perspective) n=3, RTS signal acts as DCD.
D Pinouts and Cabling Diagrams Appendix D Serial Pinouts DB25 Male This section defines the pinouts for the DB25 male connection used on the 1-port IOLAN. The power out pin (Pin 9) is available in the SDS model only.
Serial Pinouts Pinout EIA-232 EIA-485 Full Duplex EIA-422 18 RTS+ 19 RTS- EIA-485 Half Duplex 20 (out) DTR 21 RxD+ RxD+ 22 RxD- RxD- 25 CTS+ The power in pin (pin 12) can be 9-30V DC. DB25 Female This section defines the pinouts for the DB25 female connection used on the 1-port IOLAN. The power out pin (Pin 9) is available in the SDS model only.
Serial Pinouts EIA-422 EIA-485 Full Duplex 15 RxD- RxD- 18 CTS+ 19 CTS- Pinout 20 (in) EIA-232 EIA-485 Half Duplex DSR 21 TxD+ TxD+ DATA+ 22 TxD- TxD- DATA- 25 RTS+ The power in pin (pin 12) can be 9-30V DC. RJ45 The RJ45 serial connector is available on IOLAN rack mount, desktop, Sun/Cisco, and medical unit models. The RJ45 pinouts vary depending on the IOLAN model. See the appropriate section for the RJ45 pinout information specific to your IOLAN model.
Serial Pinouts RJ45 (for desktop and rack mount models) This section defines the pinouts for the RJ45 connection. 1-port, 2-port, and 4-port desktop IOLAN models have a 10-pin RJ45 connector, however they can support an 8-pin connector if there is no requirement for power in (pin 1) or power out (pin 10). The STS8-D and all rack mount IOLAN models have an 8-pin RJ45 connector.
Serial Pinouts RJ45 (for SCS48C/SCS32C/SCS16C/SCS8C models) This section defines the pinouts for the RJ45 connection for the SCS48C/SCS32C/SCS16C/SCS8C (Sun/Cisco) models only.
Serial Pinouts RJ45 (for SDS32C/SDS16C/SDS8C) Dual Ethernet and Electric Utility models This section defines the pinouts for the RJ45 connection for the Dual Ethernet (SDSxxC models) and Electric Utility models. The serial ports can be set to operate in EIA-232, EIA-422 or EIA-485 mode. The table provides the pinout for each of the modes of operation. The console port is an EIA-232 dedicated port. It’s pinout is detailed in a separate table below.
Serial Pinouts RJ45 (for medical unit models) This section defines the pinouts for the RJ45 connection for the medical unit models.
Power Over Ethernet Pinouts DB9 Male I/O This section defines the pinouts for the DB9 male connection used on the 1-port IOLAN I/O models.
EIA-232 Cabling Diagrams EIA-232 Cabling Diagrams This section shows how to create EIA-232 cables that are compatible with the Device Server. Terminal DB25 Connector The following diagrams show how the null modem cable should be configured when connecting to a terminal DB25.
EIA-232 Cabling Diagrams RJ45 This cabling table does NOT apply to SCS48C/SCS32C/SCS16C/SCS8C (Sun/Cisco), SDS32C/SDS16C/SDS8C (Electrical Utility) or medical unit models. Terminal DB25 (DTE) IOLAN RJ45 10-pin 8-pin 4 (DSR) 3 20 (DTR) 3 (RTS) 2 5 (CTS) 5 (TxD) 4 3 (RxD) 6 (RxD) 5 2 (TxD) 7 (GND) 6 7 (GND) 8 (CTS) 7 4 (RTS) 9 (DTR) 8 6 (DSR) Cabling for SCS48C/SCS32C/SCS16C/SCS8C (Sun/Cisco) and SDS32C/SDS16C/SDS8C (Electrical Utility).
EIA-232 Cabling Diagrams DB9 Male IOLAN DS1 DB9 Male Terminal DB25 (DTE) 3 (TxD) 3 (RxD) 2 (RxD) 2 (TxD) 7 (RTS) 5 (CTS) 8 (CTS) 4 (RTS) 6 (DSR) 20 (DTR) 5 (GND) 7 (GND) 4 (DTR) 6 (DSR) Pinouts and Cabling Diagrams 405
EIA-232 Cabling Diagrams Modem DB25 Connector The following diagrams show how a standard straight through cable should be configured when connecting to a DB25 modem. DB25 Male IOLAN DS1 DB25 (DTE) Modem DB25 (DCE) 2 (TxD) 2 (RxD) 3 (RxD) 3 (TxD) 4 (RTS) 4 (CTS) 5 (CTS) 5 (RTS) 6 (DSR) 6 (DSR) 7 (GND) 7 (GND) 8 (DCD) 8 (DCD) 20 (DTR) 20 (DTR) RJ45 This cabling table does NOT apply to SCS48C/SCS32C/SCS16C/SCS8C (Sun/Cisco), SDS32C/SDS16C/SDS8C (Electrical Utility) or medical unit models.
EIA-232 Cabling Diagrams DB9 Male IOLAN DS1 DB9 Male Modem DB25 (DCE) 1 (DCD) 8 (DCD) 2 (RxD) 3 (TxD) 3 (TxD) 2 (RxD) 4 (DTR) 20 (DTR) 5 (GND) 7 (GND) 6 (DSR) 6 (DSR) 7 (RTS) 4 (CTS) 8 (CTS) 5 (RTS) Pinouts and Cabling Diagrams 407
E Setting Jumpers Appendix E Introduction The IOLAN contains jumpers that you might need to set before you configure it and put it into production. You can set the power out pin, pin 9, to a fixed 5V DC output or to the external adapter output; this can range from 9-30V DC (if an external adapter is shipped with the IOLAN, it has a 12V DC output); maximum output power is 1 (one) watt per a serial port. By default, the power out pin is set to no power.
Introduction 1-Port IOLAN RJ45 To change the settings, do the following: 1. Unplug the IOLAN from the electrical outlet and disconnect everything from the box. 2. Open the case by unscrewing the two side screws, one on each side, and lifting off the top of the case. You should see the following: Screw J4 Power Pin1 RJ45 Serial DIP Switch Reset RJ45 J9 J1 Screw 3. To change the power pin out, locate J4. For the fixed 5V DC output, jumper pins 1 and 2.
Introduction 1-Port IOLAN DB9 To change the settings, do the following: 1. Unplug the IOLAN from the electrical outlet and disconnect everything from the box. 2. Open the case by unscrewing the two side screws, one on each side, and lifting off the top of the case. You should see the following: Screw Power J9 J1 DB9 Serial DIP Switch Reset RJ45 Screw 3. To turn line termination on, locate and jumper J1 for Full Duplex Rx (422) or J9 for Half Duplex Rx/Tx (485). 4.
Introduction 2-Port IOLAN To change the settings, do the following: 1. Unplug the IOLAN from the electrical outlet and disconnect everything from the box. 2. Open the case by unscrewing the two side screws, one on each side, and lifting off the top of the case. You should see the following: Screw J4 Power 1 RJ45 Pin1 Pin1 J7 J9 J8 J11 DIP Switch Reset 2 RJ45 RJ45 Screw 3.
Introduction 5. Close the IOLAN case by replacing the case lid and the two screws. You can now power it on with the new settings. Note: Serial power in is not supported in the SDS2 PoE model. 4-Port Desktop IOLAN To change the settings, do the following: 1. Unplug the IOLAN from the electrical outlet and disconnect everything from the box. 2. Open the case by unscrewing the two side screws, one on each side, and lifting off the top of the case.
Introduction Digital I/O Module IOLANs that have Digital I/O have an input/output jumper that must be set for each channel and must match the software configuration for each channel. Depending on the model, the placement of the digital I/O board can change, so the diagram below shows how to set jumper for any digital board.To change the settings, do the following: 1. Detach the IOLAN from the electrical power source and disconnect everything from the box. 2.
Introduction 2. Open the case by unscrewing the five side screws, two on each side plus the grounding screw, and lifting off the top of the case. You should see the following configuration for the analog input board: Channel 1 JP1 I/O Channel 4 Channel 2 Channel 3 JP2 JP3 I/O JP4 3. To configure Channel 1 for Voltage, no jumper should be set (as shown); this is the default setting. To configure Channel 2 for Current, jumper both J2 pins (as shown). 4.
F I/O Wiring Diagrams Appendix F Wiring I/O Diagrams This section describes how to wire the various IOLAN I/O models. Digital I/O Make sure the Digital I/O jumpers support the software setting; see Digital I/O Module for jumper settings. Digital Input Wet Contact VCC COM GND D1 D2 If you are using a wet contact for your Digital input, for channel D1 connect one wire to D1 and the other wire to GND. The power source is supplied by external sources.
Wiring I/O Diagrams Digital Output Sink + + - VCC COM GND D1 D2 For a Digital output sink (ground) configuration for channel D1, follow the diagram below. Battery Device Digital Output Source VCC COM GND D1 D2 For a Digital output source (voltage) configuration for channel D1, follow the diagram below.
Wiring I/O Diagrams Analog Input Make sure the Analog jumpers support the software setting; see Analog Input Module for jumper settings. Current + - GND A4- A4+ A3+ A3- A2- A2+ A1+ A1- To connect channel A1 with a 2-wire shielded cable, connect the positive wire to A1+, the negative wire to A1-, and optionally the shield to GND. shield If you have the positive/negative wires reversed, the output will always read 0 (zero).
Wiring I/O Diagrams Temperature Input If you are using RTD sensors, a short detected status will be displayed if the wires are connected improperly. RTD or thermocouple sensors will display an open detection status when the circuit is broken. Thermocouple + A4A4s A4+ A3s A3+ A3- A2A2s A2+ A1s A1+ A1- To connect to Channel A1 with a 2-wire cable, connect the positive wire to A1+ and the negative wire to A1-; you will not be using the A1s connection.
Wiring I/O Diagrams RTD 4-Wire A4A4s A4+ A3s A3+ A3- A2A2s A2+ A1s sense excite return A1+ A1- In a 4-wire RTD configuration, connect the return wire to A1+, the excite wire to A1-, the sense wire to A1s, and leave the fourth wire disconnected. Relay Output Normally Open Contact R2 NC NO COM NO R1 COM NC To connect Relay channel R1 for a circuit that is normally inactive, connect one wire to the COM (common) connector and one wire to the NO (normally open) connector.
G Utilities Appendix G Introduction This chapter provides information on the TruePort and Decoder utilities. TruePort TruePort is a com port redirector utility for the IOLAN. It can be run in two modes: z TruePort Full mode—This mode allows complete device control and operates exactly like a directly connected serial port. It provides a complete COM port interface between the attached serial device and the network.
API I/O Access Over TruePort API I/O Access Over TruePort You can access IOLAN I/O data through TruePort using the Perle API. The API uses the command/response format. See the ioapiotp.c sample program, found on the product CD-ROM, for an example implementation. API Request Format All data in the Request must be sent as a single write to the COM port.
Decoder Error Codes Code Name Description 01 Illegal Function The function code received in the query is not an allowable action for the server (or slave). 02 Illegal Data Address The data address received in the query is not an allowable address for the server (or slave). 03 Illegal Data Value A value contained in the query data field is not an allowable value for server (or slave).
H Accessories Appendix H Introduction This chapter provides information about peripheral IOLAN options that can be ordered separately from the product. Contact your sales representative to find out how to order the products listed in this appendix. Installing a Perle PCI Card This sections describes how to install the Perle IOLAN modem card and the Perle PCI adapter card, used with a wireless WAN card, in your SCS rack mount model.
Installing a Perle PCI Card 2. Unscrew the four screws along the bottom of the serial side of the SCS IOLAN. On the SCS 8port/16-port/32-port models, this includes the screw that is at the bottom of the PCI face plate. 3. Slide the top of the IOLAN off of the chassis. 4. Carefully holding the bracket just behind the face plate, unscrew the two screws at the top of the 8-port/16-port/32-port removable face plate or the two side screws of the 48-port removable face plate of the piece you just took off.
Installing a Perle PCI Card 7. The black bracket should then fit on the inside of the PCI adapter card bracket. Align the adapter card bracket and then insert the screw and tighten it to keep it firmly in place. 32-port model Note: 48-port model You must attach the bracket to the PCI adapter card before you slide it into the PCI slot. 8. If you are installing the PCI Adapter card, slide the wireless WAN card into the adapter card. 9. Slide the PCI adapter card into the PCI slot. 10.
Starter Kit (Adapters/Cable) Starter Kit (Adapters/Cable) The IOLAN Starter Kit includes the following for all IOLAN models (except the medical unit models): z RJ45F to DB25M DTE Crossover Adapter z RJ45F to DB25M DCE Modem Adapter z RJ45F to DB25F DTE Crossover Adapter z RJ45F to DB9M DTE Crossover Adapter z RJ45F to DB9F DTE Crossover Adapter z Sun/Cisco RJ45M Connector Cable for Rack Mount Models The adapters/cable can be purchased as a kit or individually.
Starter Kit (Adapters/Cable) RJ45F to DB25M DCE Modem Adapter The following diagram shows the IOLAN RJ45FJDB25M DCE modem adapter pinouts. This is model number DBA0013.
Starter Kit (Adapters/Cable) RJ45F to DB25F DTE Crossover Adapter The following diagram shows the IOLAN RJ45JDB25F DTE crossover adapter pinouts. This is model number DBA0010.
Starter Kit (Adapters/Cable) RJ45F to DB9M DTE Crossover Adapter The following diagram shows the IOLAN RJ45JDB9M crossover adapter pinouts. This is model number DBA0021.
Starter Kit (Adapters/Cable) RJ45F to DB9F DTE Crossover Adapter The following diagram shows the IOLAN RJ45FJDB9F crossover adapter pinouts. This is model number DBA0020. RJ45F DB9F (TxD) 4 2 (RxD) (RxD) 5 3 (TxD) (GND) 6 5 (GND) (DTR) 8 1 (DCD) 6 (DSR) (DSR) 3 4 (DTR) (RTS) 2 8 (CTS) (CTS) 7 7 (RTS) Sun/Cisco RJ45M Connector Cable for Rack Mount Models This is a 3 meter RJ45MJRJ45M 8-wire Sun/Cisco modular cable.
SCS48C/SCS32C/SCS16C/SCS8C Starter Kit SCS48C/SCS32C/SCS16C/SCS8C Starter Kit (Adapters/Cable) The IOLAN Starter Kit includes the following for the SCS48C/SCS32C/SCS16C/SCS8C (Sun/Cisco) models: z RJ45F to DB25M DTE Crossover Adapter z RJ45F to DB25M DCE Modem Adapter z RJ45F to DB25F DTE Crossover Adapter z RJ45F to DB9M DTE Crossover Adapter z RJ45F to DB9F DTE Crossover Adapter z Sun/Cisco Roll-Over Adapter for Rack Mount Models The adapters/cable can be purchased as a kit or individually.
SCS48C/SCS32C/SCS16C/SCS8C Starter Kit RJ45F to DB25M DCE Modem Adapter The following diagram shows the IOLAN RJ45FJDB25M DCE modem adapter pinouts. This is model number DBA0013C.
SCS48C/SCS32C/SCS16C/SCS8C Starter Kit RJ45F to DB25F DTE Crossover Adapter The following diagram shows the IOLAN RJ45JDB25F DTE crossover adapter pinouts. This is model number DBA0010C.
SCS48C/SCS32C/SCS16C/SCS8C Starter Kit RJ45F to DB9M DTE Crossover Adapter The following diagram shows the IOLAN RJ45JDB9M crossover adapter pinouts. This is model number DBA0021C.
SCS48C/SCS32C/SCS16C/SCS8C Starter Kit RJ45F to DB9F DTE Crossover Adapter The following diagram shows the IOLAN RJ45FJDB9F crossover adapter pinouts. This is model number DBA0020C. RJ45F DB9F (TxD) 3 2 (RxD) (RxD) 6 3 (TxD) (GND) 4 (GND) 5 5 (GND) (DTR) 2 1 (DCD) 6 (DSR) (DSR) 7 4 (DTR) (RTS) 1 8 (CTS) (CTS) 8 7 (RTS) Sun/Cisco Roll-Over Adapter for Rack Mount Models This is a RJ45MJRJ45F Sun/Cisco adapter. This model number is DBA0031C.
I Troubleshooting Appendix I Introduction This chapter provides information that can help resolve problems with the IOLAN. Hardware Troubleshooting The Power/Ready LED stays red after a boot (See Getting to Know Your IOLAN for the LED label on your IOLAN unit.): If the IOLAN Power/Ready LED is red and stays red for over 10 seconds, you have a hardware problem that might require factory service. First, try the following: z If the IOLAN is not in Console mode, do the following: a.
Communication Issues z Non-critical Error Boot: When the IOLAN cycles through a boot and a non-critical error occurs, such as a bad port, the LED will blink red briefly before displaying a solid green. You should reboot the IOLAN while monitoring the Console port to view the error information. z Critical Error Boot: When the IOLAN cycles through a boot and a critical error occurs, such as corrupted firmware, the LED continues to blink red.
Host Problems Host Problems Cannot access a host by name: z If using DNS or if DNS is required, ensure a nameserver is configured on your IOLAN and is accessible (ping it). z If not using DNS, verify that the host is configured in the Host Table. Check access to the host by pinging it using the host’s IP address. Cannot access a host on a local network, verify: z The network address is correct. z The subnet mask is set correctly and reflects the network configuration.
Login Problems Login Problems You cannot obtain a login on any of the serial ports z Connect via the Admin port and check the settings of the front-mounted ports; they have probably been set to a profile that does support serial connections, such as the Console Management profile (in CLI or Menu, ‘direct’ or ‘silent’ telnet/rlogin). Try setting the serial port(s) to the Terminal profile (DSlogin in CLI or Menu). You have lost or don't know your password (as Admin user).
Unknown IP Address Unknown IP Address You have already configured the IOLAN and you do know your password, and have lost, misconfigured, or don't know the IP address of the IOLAN, so you cannot obtain a successful login. z If the IOLAN resides within the local network segment, you can use DeviceManager to find the IOLAN. z You can connect directly to the serial port of the IOLAN, as explained in Using a Direct Serial Connection to Specify an IP Address .
Modem Problems Modem Problems The IOLAN is not initializing the modem. z Check your Line Service is set to SLIP or PPP. If your line service is set to any other type, the IOLAN will not initialize a modem. You will need to configure the modem manually. PPP Problems The link fails on start-up when there are remote IP addresses set for both a user (Framed IP value) and a line (Remote IP address). z Check the IP address set for the user; this is used in preference to the IP address set for a line.
SSL/TLS SSL/TLS If you are experiencing problems obtaining a successful SSL/TLS connection, you can set your Syslog Level to Notice and view the syslog for the following messages: Line not SSL enabled. Abort connection when a user who is configured for Service SSL_RAW tries to login on the serial port. The user has been configured for an SSL_RAW connection, but the line has not been configured to enable SSL.
IPv6 Issues IPv6 Issues You are not seeing the IPv6 address value when you attempt to connect to the IOLAN. Many Windows® based systems have IPv6 support already enabled, however, if you need to install IPv6 then follow the procedure below. To install IPv6 support do the following: 1. In Control Panel, double-click the Network Connections icon. 2. Double-click the Local Area Connection entry. 3. In the Local Area Connection Status window, click the Properties button on the General tab. 4.
Contacting Technical Support Contacting Technical Support Making a Technical Support Query Who To Contact Note: Perle offers free technical support to Perle Authorized Distributors and Registered Perle Resellers. If you bought your product from a registered Perle supplier, you must contact their Technical Support department; they are qualified to deal with your problem.
Contacting Technical Support Repair Procedure Before sending the IOLAN for repair, you must contact your Perle supplier. If, however, you bought your product directly from Perle you can contact directly. Customers who are in Europe, Africa or Middle East can submit repair details via a website form. This form is on the Perle website, www.perle.com, in the Support/Services area. Click here to access our web site at the following URL: http://www.perle.com/support_services/rma_form.
J Data Logging Appendix J Introduction This appendix provides additional information about the Data Logging Feature Trueport Profile The following features are not compatible when using the Data Logging feature. z Allow Multiple Hosts to connect z Connect to Multiple Hosts z Monitor DSR or DCD z Signals high when not under Trueport client control z Message of the day z Session timeout TCP Socket Profile The following features are not compatible when using the Data Logging feature.
K Modbus Remapping Appendix K Introduction This appendix provides additional information about the Modbus Remapping feature. Modbus Remapping Feature The Modbus remapping feature allows a TCP Modbus Master to poll a Modbus slave device and have the IOLAN translate the UID to a different UID for the slave device. The Master UID has to be unique on the IOLAN. The Slave UID must be unique on each serial port. The translate rules are controlled by a file downloaded to the IOLAN.
Configuring the Modbus UID Translation Feature 2.
L Symmetric Key File Appendix L Symmetric Key File This section defines the layout of the NTP/SNTP Symmetric Key file that must be downloaded to the IOLAN in order to use NTP/SNTP server authentication feature. Each line of the NTP/SNTP symmetric key file consists of three fields: a key ID in the range 1 to 65,534, inclusive, a key type and a message digest key consisting of a printable ASCII string equal to or less than 20 characters or a 40 character hex digit string.
M Troubleshooting the USB Modem Appendix M Modem not connecting to the network. This appendix provides some helpful troubleshooting tips for getting your USB modem to connect to your wireless network. In most cases, the IOLAN will be able to detect, initialize and operate the USB modem automatically.
Modem not connecting to the network. “No USB modem device detected. Please connect a USB modem to one of the USB ports.” Action: The software is not detecting a USB modem in the USB port. If one is inserted, please make sure that it is properly seated in the USB connector. Output: Manufacturer: manufacturer name Product: product name Vendor id: id Stor. Prod Id: id “USB modem detected and appears to be in storage mode.” Action: None. This is displayed prior to initializing the USB modem.
Modem not connecting to the network. Action: Try a different USB modem or search the internet linux community for possible updates to the usb_modeswitch configuration file for that vendor and product id. The USB modem may also be defective. Contact Perle support if there is no information on the internet pertaining to your USB modem. When searching the internet look for “usb_modeswitch vvvv:pppp” (vvvv is the vendor Id and pppp is the product Id from output above).
USB Modem Support and Custom Options As far as the driver can tell, the USB modem is functioning correctly. If there is no wireless network connectivity, verify the APN, phone number and optional PIN#, user and password settings. Each service provider’s network will have different requirements. See Configuring a USB Modem . If this does not resolve the problem, use the Vendor id and product id to search the linux community for any problems with this particular device.
USB Modem Support and Custom Options vvvv = Vendor ID pppp = Storage Product ID At this point, you can either re-boot the IOLAN or kill the PCI port to re-try the USB modem.
Glossary This chapter provides definitions for Device Server terms. BOOTP (BOOTstrap Protocol) An Internet protocol that enables a diskless workstation to discover its own IP address, the IP address of a BOOTP server on the network, and a file to be loaded into memory to boot the machine. This enables the workstation to boot without requiring a hard or floppy disk drive. Callback A security feature where the Device Server calls back the User at a predetermined number defined in the User’s account.
PAP (Password Authentication Protocol) Standard authentication protocol for PPP connections. see CHAP RADIUS (Remote An open standard network security server that communicates with the PAP protocol. Authentication Dial In Users Services) Reverse Connection Connections that originate from a host that go directly to a serial device through the Device Server. RIP (Routing A protocol that allows gateways and hosts to exchange information about various routes to Information Protocol) different networks.
Index A admin default password 77 lost password 351 analog calibrating 343 API I/O commands 300, 421 TruePort 299 ARP-Ping, setting an IP address 80 authentication, general 223 B binary configuration file 91 BOOTP parameters 67 setting an IP address 79 C cabling, EIA-232 403 calibrating analog 343 temperature 344 certificates LDAP CA list 259 SSH, OpenSSH 259 SSL 259 CLI IOLAN+ interface 63 configuration files formats 91 connecting to the Device Server console mode 44 serial mode 44 setting IP address 55
J Index rack mount 45 interface, IOLAN+ 70 I/O Modbus 293 UDP 289 I/O SNMP traps 304 IOLAN+ interface 70 CLI 63 Menu 64 IOLAN+, supported models 70 IPsec 243 IPv6, setting an IP address 80 models, Device Server 27 modem card 423 modem parameters 210 J online help, using 26 OpenSSH 259 N NFS Decoder utility 422 port buffering 205 NIS parameters 233 O jumpers line termination 408 power out 408 setting 408 P K keys HTTPS 259 SSH 259 L L2TP/IPsec 248 language translating 348 upgrading firmware 348 LDA
R Index host-based 358 LPD 357 RCP 358 product repair 445 R rack mount description 41, 43 installing 45 RADIUS parameters 226 supported RADIUS parameters 382 RCP printing 358 resetting to factory defaults 350 RIP overview 105 RJ45 ethernet pinouts 402 MDC serial pinouts 401 SCS48C serial pinouts 399 serial pinouts 398, 400, 449 RJ45 serial power in pin 398 S SecurID parameters 232 Serial 366 serial mode 44 Serial-to Host 368, 370, 373 Serial-to Serial 366 services line printer 357 signal I/O 177 UDP 146