EDS Device Servers and Terminal Servers User Guide ♦ EDS4100 ♦ EDS8PR ♦ EDS16PR ♦ EDS32PR ♦ EDS8PS ♦ EDS16PS Part Number 900-433 Revision H May 2009
Copyright & Trademark © 2009 Lantronix. All rights reserved. No part of the contents of this book may be transmitted or reproduced in any form or by any means without the written permission of Lantronix. Printed in the United States of America. Ethernet is a trademark of XEROX Corporation. UNIX is a registered trademark of The Open Group. Windows 95, Windows 98, Windows 2000, and Windows NT are trademarks of Microsoft Corp. Netscape is a trademark of Netscape Communications Corporation.
Contents Copyright & Trademark.................................................................................................2 Contacts ........................................................................................................................2 Disclaimer .....................................................................................................................2 Revision History .........................................................................................................
Contents Hardware Address _______________________________________________ 20 IP Address _____________________________________________________ 20 Port Numbers ___________________________________________________ 20 Product Information Label...........................................................................................21 3: Installation of EDS8PS and EDS16PS 22 Package Contents.......................................................................................................
Contents LEDs__________________________________________________________ 35 Reset Button____________________________________________________ 36 Installing the EDS8/16/32PR ......................................................................................36 Finding a Suitable Location ________________________________________ 36 Connecting the EDS8/16/32PR _____________________________________ 36 6: Using DeviceInstaller 38 Accessing an EDS using DeviceInstaller.........................................
Contents Login Connect Menu...................................................................................................76 Preview the Login Connect Menu...............................................................................76 10: Services Settings 78 DNS Configuration ......................................................................................................78 SNMP Configuration ...................................................................................................
Contents MIB-II Statistics ________________________________________________ 111 IP Sockets ____________________________________________________ 112 Ping _________________________________________________________ 112 Traceroute ____________________________________________________ 113 DNS Lookup ___________________________________________________ 114 Memory_______________________________________________________ 115 Buffer Pools ___________________________________________________ 115 Processes_________________
Contents Cipher Suites __________________________________________________ 144 Certificates ____________________________________________________ 145 Utilities _______________________________________________________ 146 16: Branding the EDS 148 Web Manager Customization ...................................................................................148 Command Mode .......................................................................................................
Contents Figures Figure 2-1. EDS8PS Device Server......................................................................................................13 Figure 2-2. EDS4100 4 Port Device Server..........................................................................................15 Figure 2-3. EDS16PR Device Server ...................................................................................................16 Figure 2-4. Sample Hardware Address ....................................................
Contents Figure 11-2. SSH Server: Authorized Users.........................................................................................95 Figure 11-3. SSH Client: Known Hosts.................................................................................................96 Figure 11-4. SSH Client: Users.............................................................................................................97 Figure 11-5. SSL ..........................................................................
1: Using This Guide Purpose and Audience This guide provides the information needed to configure, use, and update the EDS™ Device Server. The intended audience is users who will use the EDS to networkenable their serial devices. Summary of Chapters The remaining chapters in this guide include: Chapter Description 2. Introduction Main features of the product and the protocols it supports. Includes technical specifications. 3.
1: Using This Guide Chapter Description 14. Tunneling Tunneling allows serial devices to communicate over a network, without “being aware” of the devices which establish the network connection between them. 15. Security in Detail Configuring the EDS for SSH or SSL security. 16. Branding the EDS Customizing the EDS Web Manager and Command Line Interface (CLI). 17. Updating Firmware Obtaining up-to-date firmware and release notes. A: Technical Support Contacting Lantronix Technical Support.
2: Introduction This chapter introduces the Lantronix EDS family of device servers. It provides an overview of the products, lists their key features, and describes the applications for which they are suited. EDS is a unique, hybrid Ethernet terminal and multi-port device server product designed to remotely access and manage virtually all of your IT/networking equipment and servers.
2: Introduction 8 (EDS8PS) or 16 (EDS16PS) serial ports with hardware handshaking signals. RS-232 support. An RJ45 Ethernet port. 8 MB Flash memory. 32 MB random access memory (RAM). Lantronix Evolution OS™. A dedicated console port. AES, SSH, or SSL secure data encryption. Three convenient configuration methods (Web, command line, and XML). Print server functionality (LPR/LPD). See Chapter 3: Installation of EDS8PS and EDS16PS for installation instructions.
2: Introduction Figure 2-2. EDS4100 4 Port Device Server Features The key features of the EDS4100 include Dual-purpose Ethernet terminal server and device server design. Four serial ports with hardware handshaking signals. RS-232 and RS-422/485. One RJ45 Ethernet port. IEEE 802.3af standard for Power-over-Ethernet (PoE). 8 MB Flash memory. 32 MB Random Access Memory (RAM). Lantronix Evolution OS™. AES, SSH, or SSL secure data encryption.
2: Introduction EDS8PR, EDS16PR, and EDS32PR Overview The EDS8PR (8 serial ports), EDS16PR (16 serial ports), and EDS32PR (32 serial ports) are compact easy-to-use, rack-mountable device servers that give you the ability to network-enable asynchronous RS-232 serial devices. They provide fully transparent RS-232 point-to-point connections without requiring modifications to existing software or hardware components in your application. Figure 2-3.
2: Introduction Protocols Supported The EDS contains a full-featured TCP/IP stack. Supported protocols include: ARP, IP, UDP, TCP, ICMP, BOOTP, DHCP, Auto IP, Telnet, DNS, FTP, TFTP, HTTP(S), SSH, SSL/TLS, SNMP, SMTP, RSS, PPP, and Syslog for network communications and management. TCP, UDP, TCP/AES, UDP/AES, Telnet, SSH, and SSL/TLS for tunneling to the serial port. TFTP, FTP, and HTTP for file upload. FTP and HTTP for firmware upgrade. Evolution OS™ EDS incorporates The Lantronix Evolution OS™.
2: Introduction the Evolution OS™ uses a Command Line Interface (CLI) whose syntax is very similar to that used by data center equipment such as routers and hubs. SNMP Management The EDS supports full SNMP management, making it ideal for applications where device management and monitoring are critical. These features allow networks with SNMP capabilities to correctly diagnose and monitor the EDS.
2: Introduction device. SCPR is a Windows application that creates a secure communications path over a network between the computer and serial-based devices that are traditionally controlled via a COM port. With SCPR installed at each computer, computers that were formerly “hard-wired” by serial cabling for security purposes or to accommodate applications that only understood serial data can instead communicate over an Ethernet network or the Internet.
2: Introduction Addresses and Port Numbers Hardware Address The hardware address is also referred to as the Ethernet address or MAC address. The first three bytes of the Ethernet address are fixed and read 00-20-4A, identifying the unit as a Lantronix product. The fourth, fifth, and sixth bytes are unique numbers assigned to each unit. Figure 2-4. Sample Hardware Address 00-20-4A-14-01-18 or 00:20:4A:14:01:18 IP Address Every device connected to an IP network must have a unique IP address.
2: Introduction Product Information Label The product information label on the bottom of the device contains the following information: Bar code Product ID (name) Product Revision Part number Hardware Address (MAC Address) EDS User Guide 21
3: Installation of EDS8PS and EDS16PS This chapter describes how to install the EDS8PS and EDS16PS device servers. Package Contents Your EDS package includes the following items: One EDS device server (EDS8PS or EDS16PS) One RJ45-to-DB9F serial cable One product CD that includes this User Guide, the Command Reference, and the Quick Start guide. A printed Quick Start guide Your package may also include a power supply.
3: Installation of EDS8PS and EDS16PS Identifying Hardware Components Figure 3-1 shows the front of the EDS8PS. Figure 3-2 shows the back of the EDS8PS. Figure 3-1. Front View of the EDS8PS Figure 3-2.
3: Installation of EDS8PS and EDS16PS Serial Ports The EDS8PS has 8 serial ports and the EDS16PS has 16 serial ports on the back panel. All are configured as DTE and support up to 230,400 baud. Console Port The front panel of the EDS8/16/32PR provides an RJ45 Console port. It is an extra serial port configured as DTE and supports baud rates up to 230,400 baud. Figure 3-3. RJ45 Serial Port Ethernet Port The back panel of the EDS8/16PS provides a network interface via the rightmost RJ45 port.
3: Installation of EDS8PS and EDS16PS LED Description Speed (yellow) On = EDS is connected to a 100 Mbps Fast Ethernet network. Off = EDS is connected to a 10 Mbps Ethernet network. Activity (green) Blink = EDS is sending data to or receiving data from the Ethernet network. Reset Button The reset button is on the rear of the device to the right of the Ethernet port, accessible through a hole in the case. You can use it to reboot the unit or to reload factory defaults. Reboot the device: 1.
3: Installation of EDS8PS and EDS16PS 4. Insert the power cord into the back of the EDS8/16PS. Plug the other end into an AC wall outlet. 5. Power up the serial devices. Figure 3-4.
4: Installation of EDS4100 This chapter describes how to install the EDS4100 device server. See EDS4100 Overview on page 14 for connection and protocol specifications. Package Contents Your EDS4100 package includes the following items: One EDS4100 device server. One DB9F-to-DB9Fnull modem cable. A CD that includes this User Guide, the Command Reference Guide, and the Quick Start Guide. A printed Quick Start Guide. Your package may also include a power supply.
4: Installation of EDS4100 Identifying Hardware Components The following two figures show the front and back of the EDS4100. Figure 4-1. Front View of the EDS4100 Figure 4-2. Back View of the EDS4100 The bottom of the EDS4100 (not shown) has a product information label.
4: Installation of EDS4100 All four serial ports support RS-232 devices. See Figure 4-3 for pin assignments. Serial ports 1 and 3 also support RS-422 and RS-485 serial devices. See Figure 4-4 for pin assignments. All four serial ports are configured as DTE. Ports 1 & 3 support up to 921600 Ports 2 & 4 support up to 230400 Figure 4-3. RS-232 Serial Port Pins (Serial Ports 1, 2, 3, 4) Figure 4-4.
4: Installation of EDS4100 LED on the back of the EDS4100 shows the connection of the attached Ethernet network. The EDS4100 can be configured to operate at a fixed Ethernet speed and duplex mode (half- or full-duplex) or auto-negotiate the connection to the Ethernet network. Terminal Block Connector The back of the EDS4100 has a socket for a terminal block screw connector (not included) for attaching to an appropriate power source, such as those used in automation and manufacturing industries.
4: Installation of EDS4100 LED Description (green) network. Reset Button The reset button is on the back of the EDS4100, to the left of the power connector. Pressing this button reboots the EDS4100 and terminates all data activity occurring on the serial and Ethernet ports. Physically Installing the EDS4100 Finding a Suitable Location Place the EDS4100 on a flat horizontal or vertical surface.
4: Installation of EDS4100 Barrel power connector: The barrel power connector supports a power range of 9 to 30 VDC. Insert the round end of the supplied power cord into the barrel power connector on the back of the EDS4100. Plug the other end into an AC wall outlet. Terminal block connector: The terminal block connector supports a power range of 42 VDC to 56 VDC. Attach the power source to the terminal block connector on the back of the EDS4100.
5: Installation of EDS8PR, EDS16PR, or EDS32PR This chapter describes installing the EDS8PR, EDS16PR and EDS32PR device servers. See EDS8PR, EDS16PR, and EDS32PR Overview on page 16, for overview information. Package Contents Your EDS package includes the following items: One EDS device server (EDS8PR, EDS16PR or EDS32PR). One RJ45-to-DB9F serial cable. A CD that includes this User Guide, the Command Reference Guide, and the Quick Start Guide. A printed Quick Start guide.
5: Installation of EDS8PR, EDS16PR, or EDS32PR Identifying Hardware Components The following two figures show the components on the front and back of the EDS16PR. Figure 5-1. Front View of the EDS16PR Figure 5-2.
5: Installation of EDS8PR, EDS16PR, or EDS32PR The EDS16PR has 16 serial ports. The EDS32PR has 32 serial ports. Console Port The front panel has an RJ45 Console port. It is an extra serial port configured as DTE and supports up to 230,400 baud. Figure 5-3. RJ45 Serial Port Ethernet Port The back panel has an RJ45 Ethernet port. This port can connect to an Ethernet (10 Mbps) or Fast Ethernet (100 Mbps) network.
5: Installation of EDS8PR, EDS16PR, or EDS32PR LED Description Status (yellow) Fast blink = initial startup (loading OS). Slow blink (once per second) = operating system startup. On = unit has finished booting. Speed (yellow) On = EDS is connected to a 100 Mbps Fast Ethernet network. Off = EDS is connected to a 10 Mbps Ethernet network. Activity (green) Blink = EDS is sending data to or receiving data from the Ethernet network.
5: Installation of EDS8PR, EDS16PR, or EDS32PR Figure 5-4.
6: Using DeviceInstaller This chapter covers the steps for locating an EDS unit and viewing its properties and device details. For instructions on using DeviceInstaller to configure the IP address and related settings or for more advanced features, see the Device Installer online Help. Accessing an EDS using DeviceInstaller Note: Write down the MAC address from the product label. You will need it to locate the EDS using DeviceInstaller.
6: Using DeviceInstaller Device Details Summary Note: The settings in this table are Display Only unless otherwise noted. Current Settings Description Name Name identifying the EDS. Group Configurable field. Enter a group to categorize the EDS. Double-click the field, type in the value, and press Enter to complete. This group name is local to this PC and is not visible on other PCs or laptops using DeviceInstaller. Comments Configurable field. Enter comments for the EDS.
6: Using DeviceInstaller EDS User Guide Current Settings Description Gateway Shows the IP address of the router of this network. There is no default. Number of Ports Shows the number of serial ports on this MarchPort AR. Supports Configurable Pins Shows False, indicating configurable pins are available on the EDS. Supports Email Triggers Shows True, indicating email triggers are available on the EDS. Telnet Enabled Indicates whether Telnet is enabled on this EDS.
7: Configuration Using Web Manager This chapter describes how to configure the EDS using Web Manager, the Lantronix browser-based configuration tool. The unit configuration is stored in nonvolatile memory and is retained without power. All changes take effect immediately, unless otherwise noted. Accessing Web Manager through a Web Browser Access the Web Manager: Select the Web Configuration tab on the DeviceInstaller window. —Or— 1. Open a standard web browser (such as Netscape Navigator 6.
7: Configuration Using Web Manager Figure 7-1.
7: Configuration Using Web Manager Web Manager Page Components Use Figure 7-2 to orient yourself to the areas of the EDS Web Manager page. Figure 7-2. Components of the Web Manager Page Header Links to subpages Menu Bar Configuration & Status Area Footer Information, instructions and Help The Orange Menu Bar always appears at the left of the page. It lists the names of the pages available in the Web Manager. To bring up a page, click it in the menu bar.
7: Configuration Using Web Manager The Footer appears at the bottom of the page. It contains copyright information and a link to the Lantronix home page. Navigating the Web Manager The Web Manager provides an intuitive point-and-click interface. A menu bar at the left side of each page provides links you can click to navigate from one page to another. Some pages are read-only, while others let you change configuration settings.
7: Configuration Using Web Manager Web Menu Link Description See Page (RSS) settings. SNMP Lets you change the current Simple Network Management Protocol (SNMP) configuration settings. SSH Lets you change the configuration settings for SSH server host keys, SSH server authorized users, SSH client known hosts, and SSH client users. SSL Lets you upload an existing certificate or create a new self-signed certificate.
7: Configuration Using Web Manager Device Status Page The Device Status page is the first page that appears when you log into the Web Manager. It also appears when you click the Status link in the menu bar. This read-only page shows EDS product information, network settings, line settings, and tunneling settings. Figure 7-3.
8: Network Settings 8: Network Settings The Network Settings pages show the status of the Ethernet link and let you configure it on the EDS device. Network Settings Network 1 (eth0) Interface Status This page shows the status of the Ethernet network interface. View the network interface status: 1. Click Network. 2. Click Network 1, Interface, and Status. (Default) The Network 1 (eth0) Interface Status page appears.
8: Network Settings Figure 8-1. Network 1 (eth0) Interface Status Network 1 (eth0) Interface Configuration This page shows the configuration settings for the Ethernet connection and lets you change these settings.
8: Network Settings View and configure network interface settings: 1. Click Network 1, Interface, and Configuration. The Network 1 (eth0) Interface Configuration page appears. Figure 8-2. Network 1 (eth0) Interface Configuration 2. Enter or modify the following settings: Network 1 Interface Configuration Page Settings Description BOOTP Client Select On or Off. At boot up the EDS will attempt to obtain an IP address from a BOOTP server.
8: Network Settings Network 1 Interface Configuration Page Settings Description DHCP Client Select On or Off. At boot up the EDS will attempt to lease an IP address from a DHCP server and maintain the lease at regular intervals. Note: Overrides BOOTP, the configured IP address, network mask, gateway, hostname, and domain. IP Address Enter the EDS static IP address. You may enter it alone, in CIDR format, or with an explicit mask.
8: Network Settings Note: If DHCP or BOOTP fails, AutoIP intervenes and assigns an address. In this case, the static IP (if configured) is ignored. Network 1 Ethernet Link This page shows the current negotiated Ethernet settings and lets you change the speed and duplex settings. View and configure the Ethernet link: 1. Click Network on the menu bar. 2. Then click Network 1 and Link at the top of the page, as shown below. The Network 1 (eth0) Ethernet Link page appears. Figure 8-3.
9: Line, Tunnel, Terminal, and Host Settings Line Settings The Line Settings pages display the status and statistics for each of the serial lines (ports). They also let you change the character format and Command Mode settings for the serial lines. The following section describes the steps to view and configure Line settings. Line Statistics This read-only page shows the status and statistics for the serial line selected at the top of this page.
9: Line, Tunnel, Terminal, and Host Settings Configure Line n: 1. Click Line n and Configuration. The Line n Configuration page appears. Figure 9-2. Line n Configuration 2. Enter or modify the following settings: EDS User Guide Line Configuration Page Settings Description Name Enter a name for the line. The default Name is blank. State Indicates whether the current line is enabled. To change the state, select Enabled or Disabled from the drop-down menu.
9: Line, Tunnel, Terminal, and Host Settings Line Configuration Page Settings Description default is None. Xon Char Specify the character to use to start the flow of data when Flow Control is set to Software. Prefix a decimal character with \ or a hexadecimal character with 0x, or provide a single printable character. The default Xon char is 0x11. Xoff Char Specify the character to use to stop the flow of data when Flow Control is set to Software.
9: Line, Tunnel, Terminal, and Host Settings Line Command Mode Setting Command Mode enables the command line interface (CLI) on the serial line. Configure Line n Command Mode: 1. Click Line n and Command Mode. The Line n Command Mode page appears. Figure 9-3. Line n Command Mode 2. Enter or modify the following settings: Line Command Mode Page Settings Description Mode Select the method of enabling Command Mode or choose to disable Command Mode.
9: Line, Tunnel, Terminal, and Host Settings Line Command Mode Page Settings Description required delay. Binary = string of characters representing byte values where each hexadecimal byte value starts with \0x and each decimal byte value starts with \. Echo Serial String Select Yes to enable echoing of the serial string at boot-up. Sign-on Message Enter the boot-up sign-on message. Select a string type. Text = string of bytes sent on the serial line during boot time.
9: Line, Tunnel, Terminal, and Host Settings Tunnel Settings The Tunnel pages allow you to view current statistics and configure serial settings, Connect Mode, Accept Mode, Disconnect Mode, Packing Mode, start and stop characters, modem emulation, and AES keys. View Tunnel – Statistics Click Tunnel on the menu bar then pick a tunnel from the drop down list. The Tunnel Statistics page appears. Figure 9-4.
9: Line, Tunnel, Terminal, and Host Settings Accept Mode In Accept Mode, the EDS listens (waits) for incoming connections. Configure Accept Mode: 1. Click Tunnel n and Accept Mode at the top of the page. The Tunnel n Accept Mode page appears. Figure 9-5.
9: Line, Tunnel, Terminal, and Host Settings 2. Enter or modify the following settings: Tunnel Accept Mode Page Settings Description Mode Select the method used to start a tunnel in Accept mode. Choices are: Disabled = do not accept an incoming connection. Enabled = accept an incoming connection. (default) Any Character = start waiting for an incoming connection when any character is read on the serial line.
9: Line, Tunnel, Terminal, and Host Settings Tunnel Accept Mode Page Settings Description only alphanumeric characters and punctuation. When set, the password sent to the EDS must be terminated with one of the following: (a) 0x0A (LF), (b) 0x00, (c) 0x0D 0x0A (CR LF), or (d) 0x0D 0x00. Prompt for Password Indicate whether to prompt the user for the password upon connection. On = prompt for a password upon connection. Off = do not prompt for a password upon connection. 3. Click Submit.
9: Line, Tunnel, Terminal, and Host Settings Figure 9-6a. Tunnel n Packing Mode (Mode = Disable) Figure 9-7b.
9: Line, Tunnel, Terminal, and Host Settings Figure 9-8c. Tunnel n Packing Mode (Mode = Send Character) 2. Enter or modify the following settings: Tunnel - Packing Mode Page Settings Description Mode Select Disable to disable Packing Mode completely. Select Timeout to send data after the specified time has elapsed. Select Send Character to send the queued data when the send character is received.
9: Line, Tunnel, Terminal, and Host Settings Serial Settings This page allows you to view and change the settings for the tunnel selected. Configure serial settings: 1. Click Tunnel n and Serial Settings at the top of the page. The Tunnel n Serial Settings page appears. Figure 9-9. Tunnel n Serial Settings 2. View or modify the following settings: Tunnel Serial Settings Page Settings Description Line Settings Current serial settings for the line. Protocol The protocol being used on the line.
9: Line, Tunnel, Terminal, and Host Settings Connect Mode Connect mode defines how the unit makes an outgoing connection. Configure Connect Mode: 1. Select Tunnel n and Connect Mode at the top of the page. The Tunnel n Connect Mode page appears. Figure 9-10.
9: Line, Tunnel, Terminal, and Host Settings 2. Enter or modify the following settings: Tunnel – Connect Mode Page Settings Description Mode The method to be used to connect to a remote host or device. Disabled = An outgoing connection is never attempted. (This is the default). Enabled = A connection is attempted until one is made. If the connection gets disconnected, the EDS retries until it makes a connection. Any Character = A connection is attempted when any character is read on the serial line.
9: Line, Tunnel, Terminal, and Host Settings Tunnel – Connect Mode Page Settings Description SSH Username Enter the SSH username. The tunnel uses the SSH keys associated with the client username. Block Serial Data Select On to block (not tunnel) serial data transmitted to the EDS. Block Network Data Select On to block (not tunnel) network data transmitted to the EDS.
9: Line, Tunnel, Terminal, and Host Settings Modem Emulation You can initiate a tunnel in Connect Mode using modem commands from the Serial Line. The modem emulation page enables you to configure the modem emulation settings when you select Modem Emulation as the Tunnel n or Tunnel 2 Connect Mode type. Configure modem emulation: 1. Select Tunnel n and then Modem Emulation at the top of the page. The Tunnel n Modem Emulation page appears. Figure 9-11.
9: Line, Tunnel, Terminal, and Host Settings 2. Enter or modify the following settings: Tunnel- Modem Emulation Page Settings Description Echo Pluses Select Enabled to echo +++ when entering modem Command Mode. Echo Commands Select Enabled (same as modem command ATE1)to echo the modem commands to the console. Verbose Response Select Enabled (same as modem command ATQ0)to send modem response codes out on the serial line.
9: Line, Tunnel, Terminal, and Host Settings Start and Stop Characters The Start/Stop Chars page enables you to configure the EDS to start a tunnel when it receives a specific start character from the serial port and to disconnect upon receiving the stop character. Configure the start and stop characters mode: 1. Select Tunnel n and Start/Stop Chars at the top of the page. The Tunnel n Start/Stop Chars page appears. Figure 9-12. Tunnel n Start/Stop Chars 2.
9: Line, Tunnel, Terminal, and Host Settings Disconnect Mode Disconnect Mode is disabled by default. When enabled, Disconnect Mode runs in the background of an active connection to determine when a disconnection is required. Configure the tunnel Disconnect Mode: 1. Click Tunnel n and Disconnect Mode at the top of the page. The Tunnel n Disconnect Mode page appears. Figure 9-13. Tunnel n Disconnect Mode 2.
9: Line, Tunnel, Terminal, and Host Settings AES Keys Advanced Encryption Standard (AES) is an encryption algorithm for securing sensitive information by government agencies. Configure the AES keys for connect or Accept Mode: 1. Click Tunnel n and AES Keys. The Tunnel n AES Keys page appears. Figure 9-14. Tunnel n AES Keys 2. Enter or modify the following settings: Note: Empty trailing byes that are not specified are set to 0.
9: Line, Tunnel, Terminal, and Host Settings Tunnel – AES Keys Page Settings Description starts with \0x and each decimal byte value starts with \. Decrypt Key Enter the value for each byte of the decrypt key. Select the format for the bytes as either Text or Binary. Connect Mode AES Keys Encrypt Key Enter the value for each byte. Select the format for the byte as either Text or Binary. Decrypt Key Enter the value for each byte of the decrypt key.
9: Line, Tunnel, Terminal, and Host Settings 2. Enter or modify the following settings: Terminal on Line Configuration Page Settings Description Terminal Type Enter text to describe the type of terminal. The text will be sent to a host via IAC. Note: IAC means, “interpret as command.” It is a way to send commands over the network such as send break or start echoing. Login Connect Menu Select the interface to display when the user logs in. Choices are: Enabled = shows the Login Connect Menu.
9: Line, Tunnel, Terminal, and Host Settings Network Terminal Configuration Configure menu features applicable to CLI access via the network: 1. Click Terminal on the menu then Network at the top of the page. Configuration is automatically selected. The Terminal on Network Configuration page appears. Figure 9-16. Terminal on Network Configuration 2. Enter or modify the following settings: Terminal on Line Configuration Page Description Terminal Type Enter text to describe the type of terminal.
9: Line, Tunnel, Terminal, and Host Settings Terminal on Line Configuration Page Description Echo Applies only to Connect Mode Telnet connections, not to Accept Mode. Only disable Echo if your terminal echoes, in which case you will see double of each character typed. 3. Click Submit. Host Configuration This page shows current settings for a remote host and lets you change these settings. Use these settings to add host destinations to the Login Connect Menu. 1.
9: Line, Tunnel, Terminal, and Host Settings Host Page Settings Description Remote Address IP address for the host. Remote Port Port on the host to which the EDS will connect. 3. Click Submit. Login Connect Menu As an administrator, you can set up a menu on the EDS for terminal users. For a terminal attached to serial Line N, set as follows: Line[N] Protocol = None Line[N] Command Mode = Always Terminal[Line N] Login Connect Menu = Enabled.
9: Line, Tunnel, Terminal, and Host Settings From the Web Manager, go to the Terminal page. If “Login Connect Menu” is enabled, you will see a preview layout in the lower part of the page. From the Command Line Interface, go to the config-terminal level. Use the “preview connect menu” command.
10: Services Settings DNS Configuration This page shows the active run-time settings for the domain name system (DNS) protocol. The primary and secondary DNS addresses come from the active interface. The static addresses from the Network Interface Configuration page may be overridden by DHCP or BOOTP. The DNS page also shows any contents in the DNS cache. When a DNS name is resolved using a forward lookup, the results are stored in the DNS cache temporarily.
10: Services Settings Figure 10-2. SNMP Configuration 2. Enter or modify the following settings: EDS User Guide SNMP Page Settings Description SNMP Agent Select On to enable SNMP. Read Community Enter the SNMP read-only community string. Write Community Enter the SNMP read/write community string. System Contact Enter the name of the system contact. System Name Enter the system name. System Description Enter the system description. System Location Enter the system location.
10: Services Settings SNMP Page Settings Description during system boot. Primary Trap Dest IP Enter the primary SNMP trap host. Secondary Trap Dest IP Enter the secondary SNMP trap host. 3. Click Submit. 4. In the Current Configuration table, delete and clear currently stored settings as necessary. FTP Configuration This page shows the current File Transfer Protocol (FTP) configuration and connection status and various statistics about the FTP server. Configure FTP: 1. Click FTP on the menu bar.
10: Services Settings 2. Enter or modify the following settings: FTP Page Settings Description FTP Server Select On to enable the FTP server. Username Enter the username to use when logging in via FTP. Password Enter the password to use when logging in via FTP. 3. Click Submit. Click [Reset] to reset the FTP Password. TFTP Configuration This page shows the status and various statistics about the Trivial File Transfer Protocol (TFTP) server. Configure TFTP: 1. Click TFTP on the menu bar.
10: Services Settings 2. Enter or modify the following settings: TFTP Page Settings Description TFTP Server Select On to enable the TFTP server. Allow TFTP File Creation Select whether to allow the creation of new files stored on the TFTP server. 3. Click Submit. Syslog Configuration The Syslog page shows the current configuration, status, and statistics of the syslog. Here you can configure the syslog destination and the severity of the events to log.
10: Services Settings 2. Enter or modify the following settings: Syslog Page Settings Description Syslog Select to enable or disable the syslog. Host Enter the IP address of the remote server to which system logs are sent for storage. Local Port Enter the number of the local port on the EDS from which system logs are sent. Remote Port Enter the number of the port on the remote server that supports logging services. The default is 514.
10: Services Settings View HTTP statistics: Click HTTP on the menu bar and then Statistics at the top of the page. The HTTP Statistics page appears. Figure 10-6.
10: Services Settings Change HTTP Configuration On this page you can change HTTP configuration settings. Configure HTTP: 1. Click HTTP on the menu bar and then Configuration at the top of the page. The HTTP Configuration page opens. Figure 10-7. HTTP Configuration 2. Enter or modify the following settings: EDS User Guide HTTP Configuration Description HTTP Server Select On to enable the HTTP server.
10: Services Settings HTTP Configuration Description HTTP Port Enter the port for the HTTP server to use. The default is 80. HTTPS Port Enter the port for the HTTPS server to use. The default is 443. The HTTP server only listens on the HTTPS Port when an SSL certificate is configured. HTTPS Protocols Select to enable or disable the following protocols: SSL3 = Secure Sockets Layer version 3 TLS1.0 = Transport Layer Security version 1.0. TLS 1.0 is the successor of SSL3 as defined by the IETF. TLS1.
10: Services Settings HTTP Authentication HTTP Authentication enables you to require usernames and passwords to access specific web pages or directories on the EDS's built-in web server. More than one Username per URI is permitted. Click Submit and enter the next Username as necessary. The URI, realm, username, and password are user-specified, free-form fields. The URI must match the directory created on the EDS file system. Configure HTTP authentication settings: 1.
10: Services Settings 2. Enter or modify the following settings: HTTP Authentication Settings Description URI Enter the Uniform Resource Identifier (URI). The URI must begin with ‘/’ to refer to the file system. Realm Enter the domain, or realm, used for HTTP. Required with the URI field. Auth Type Select the authentication type: None = no authentication is necessary. Basic = encodes passwords using Base64. Digest = encodes passwords using MD5.
10: Services Settings RSS Settings EDS devices support RSS feeds with up-to-date information about configuration changes. RSS feeds allow you to view new information about changes made to the EDS over the web. On the RSS Settings page, you can turn RSS feeds on or off. On means the device will create RSS feeds and make them accessible. RSS feeds may be viewed online or saved to the file system cfg_log.txt file. Tip: To view the EDS RSS feed from your browser, enter the IP address of the device.
10: Services Settings LPD Settings In addition to its other functions, the EDS acts as a print server if a printer is connected to one of its serial ports. Clicking the LPD (Line Printer Daemon) link in the menu bar, shows a LPD page. This page has three links at the top for viewing print queue statistics, changing print queue configuration, and printing a test page. Because the LPD lines operate independently, you can specify different configuration settings for each.
10: Services Settings LPD Configuration Page Here you can change LPD configuration settings. Configure LPD settings: 1. Click LPD on the menu bar, select the LPD line and click Configuration. The LPD Configuration page appears. Figure 10-11.
10: Services Settings 2. Enter or modify the following settings: LPD Configuration Page Settings Description Banner Select Enabled to print the banner even if the print job does not specify to do so. Selected by default. Binary Select Enabled for the EDS to pass the entire file to the printer unchanged. Otherwise, the EDS passes only valid ASCII and valid control characters to the printer. Valid control characters include the tab, linefeed, formfeed, backspace, and newline characters.
11: Security Settings SSH and SSL are protocols for managing the security of data transmissions over the Internet. SSH Settings Secure Shell (SSH) is a protocol used to access a remote computer over an encrypted channel. It is a protocol for managing the security of data transmission over the Internet. It provides encryption, authentication, and message integrity services.
11: Security Settings SSH Server: Host Keys Description Key upload or use the Browse button to select the key. Be sure the private key will not be compromised in transit. This implies the data is uploaded over some kind of secure private network. Public Key Enter the path and name of the existing public key you want to upload or use the Browse button to select the key. Key Type Select a key type to use: RSA = use this key with SSH1 and SSH2 protocols. DSA = use this key with the SSH2 protocol.
11: Security Settings SSH Server Authorized Users On the SSH Server page you can change SSH server settings for Authorized Users. SSH Server Authorized Users are accounts on the EDS that can be used to log into the EDS using SSH. For instance, these accounts can be used to SSH into the CLI or open an SSH connection to a device port. Every account must have a password. The users’ public keys are optional and only necessary if public key authentication is required.
11: Security Settings SSH Server: Authorized Users Page Settings Description you want to use with this user or use the Browse button to select the key. If authentication is successful with the key, no password is required. 3. Click Submit. SSH Client Known Hosts On this page you can change SSH client settings for known hosts. Note: You do not have to complete the fields on this page for communication to occur.
11: Security Settings Note: These settings are not required for communication. They protect against Man-In-The-Middle (MITM) attacks. 3. Click Submit. 4. In the Current Configuration table, delete currently stored settings as necessary. SSH Client User Configuration On this page you can change SSH client settings for users. SSH client known users are used by all applications that play the role of an SSH client, specifically tunneling in Connect Mode.
11: Security Settings SSH Client: Users Page Settings Description Username Enter the name that the EDS uses to connect to a SSH server. Password Enter the password associated with the username. Remote Command Enter the command that can be executed remotely. Default is shell, which tells the SSH server to execute a remote shell upon connection. This command can be changed to anything the remote host can perform.
11: Security Settings SSL Settings Secure Sockets Layer (SSL) is a protocol for managing the security of data transmission over the Internet. It provides encryption, authentication, and message integrity services. SSL is widely used for secure communication to a web server. Certificate/Private key combinations can be obtained from an external Certificate Authority (CA) and downloaded into the unit. Self-signed certificates with associated private key can be generated by the device server itself.
11: Security Settings 2. Enter or modify the following settings: SSL Page Settings Description Upload Certificate New Certificate This certificate identifies the EDS to peers. It is used for HTTPS and SSL Tunneling. Enter the path and name of the certificate you want to upload, or use the Browse button to select the certificate. RSA or DSA certificates with 512 to 1024 bit public keys are allowed. The format of the file must be PEM.
11: Security Settings SSL Page Settings Description State/Province Enter the state or province to be assigned to the new self-signed certificate. Locality (City) Enter the city or locality to be assigned to the new selfsigned certificate. Organization Enter the organization to be associated with the new selfsigned certificate. Example: If your company is called Widgets, and you are setting up a web server for the Sales department, enter Widgets for the organization.
11: Security Settings SSL Page Settings Description DSA = Digital Signature Algorithm also based on large prime numbers, but can only be used for signing. Developed by the US government to avoid the patents on RSA.
12: Maintenance and Diagnostics Settings This chapter describes how you can View current file diagnostics or modify files. Configure the EDS network stack protocols. Specify the hosts and subnets permitted to communicate with the EDS. Configure automatic discovery of the device by the DeviceInstaller utility. View or change the current date or time. Configure the EDS system settings. And how you can use several other tools for diagnostics and statistics.
12: Maintenance and Diagnostics Settings To view file system statistics, compact, or format the EDS file system: 1. Back up all files as necessary. 2. Click Filesystem on the menu bar. The File system page opens and shows the current file system statistics and usage. 3. To compact the files, click Compact. CAUTION: In the next step, all files and configuration settings on the file system are destroyed upon formatting. Back up all files as necessary. Upon formatting, the current configuration is retained.
12: Maintenance and Diagnostics Settings 3. Click the X next to a filename to delete the file or directory. You can only delete a directory if it is empty. 4. Enter or modify the following settings: Note: Changes apply to the current directory view. To make changes within other folders, click the folder or directory and then enter the parameters in the settings listed below. File system Browser Page Settings Description Create File Enter the name of the file you want to create, and then click Create.
12: Maintenance and Diagnostics Settings File system Browser Page Settings Port Description Enter the number of the port involved in TFTP operations. Click Transfer to perform the TFTP transfer. Protocol Stack Configuration Configure the EDS network stack protocols: 1. Click Protocol Stack on the menu bar. The Protocol page appears with links to the TCP, IP, ICMP, and ARP protocols. 2. Click on one of the protocol names to see the details of the settings for that protocol. TCP Settings Figure 12-3.
12: Maintenance and Diagnostics Settings Ack Limit: The Ack Limit specifies how many packets must be received before an ACK is forced. If there is a large amount of data to acknowledge, an ACK will be forced before this. If the sender TCP implementation waits for an ACK before sending more data even though the window is open, setting Ack Limit to "1" packet will improve performance by forcing immediate acknowledgements. Send Data: The Send Data selection governs when data may be sent into the network.
12: Maintenance and Diagnostics Settings ARP Settings On the ARP page, you set the maximum time an address remains in the cache, and you specify both the IP and MAC addresses for the ARP cache. Both addresses are required. Figure 12-6. ARP Protocol Page 1. Enter the time, in hours, minutes and seconds, for the timeout. 2. Enter the IP address to add to the ARP cache. 3. Enter the MAC address to add to the ARP cache. 4. Click Add after supplying both fields.
12: Maintenance and Diagnostics Settings IP Address Filter The IP address filter specifies the hosts and subnets permitted to communicate with the EDS. Note: If using DHCP/BOOTP, ensure the DHCP/BOOTP server is in this list. Configure the IP address filter: 1. Click IP Address Filter on the menu bar. The IP Address Filter page opens to display the current configuration. Figure 12-7. IP Address Filter Configuration 2.
12: Maintenance and Diagnostics Settings Query Port The query port is used for the automatic discovery of the device by the DeviceInstaller utility. Only 0x77FE discover messages from DeviceInstaller are supported. For more information on DeviceInstaller, see Using DeviceInstaller on page 38. Configure the query port server: 1. Click Query Port on the menu bar. The Query Port page opens to display the current configuration. Figure 12-8. Query Port Configuration 2.
12: Maintenance and Diagnostics Settings Figure 12-9. Diagnostics: Hardware MIB-II Statistics The MIB-II Network Statistics page shows the various SNMP-served Management Information Bases (MIBs) available on the EDS. View EDS MIB-II statistics: 1. Click Diagnostics on the menu bar and then MIB-II at the top of the page menu. The MIB-II Network Statistics page opens. Figure 12-10. MIB-II Network Statistics 2. Click any of the links to open the corresponding table and statistics.
12: Maintenance and Diagnostics Settings RFC 2011 Updated definitions for IP and ICMP. RFC 2012 Updated definitions for TCP. RFC 2013 Updated definitions for UDP. RFC 2096 Definitions for IP forwarding. IP Sockets The IP Sockets page opens and shows all of the open network sockets on the EDS. Display open network sockets on the EDS: Click Diagnostics on the menu bar and then IP Sockets. Figure 12-11. IP Sockets Ping You can ping a remote device or computer from your EDS.
12: Maintenance and Diagnostics Settings Figure 12-12. Diagnostics: Ping 2. Enter or modify the following settings: Diagnostics: Ping Page Settings Description Host Enter the IP address or host name to ping. Count Enter the number of ping packets to send to the Host. The default is 3. Timeout Enter the time, in seconds, to wait for a response from the host before timing out. The default is 5 seconds. 3. Click Submit. The results of the ping appear in the page.
12: Maintenance and Diagnostics Settings 2. Enter or modify the IP address or DNS hostname. 3. Click Submit. The results of the traceroute appear in the page. DNS Lookup You can specify a DNS Hostname for a forward lookup or an IP address for a reverse lookup. You can also perform a lookup for a Mail (MX) record by prefixing a DNS Hostname with @. Note: A DNS server must be configured for DNS Lookup to work. Use forward or reverse DNS lookup: 1.
12: Maintenance and Diagnostics Settings Memory This read-only page shows the total memory and available memory (in bytes), along with the number of fragments, allocated blocks, and memory status. Display memory statistics for the EDS: Click Diagnostics on the menu bar then Memory at the top of the page. The Diagnostics: Memory page appears. Figure 12-15. Diagnostics: Memory Buffer Pools Several parts of the EDS system use private buffer pools to ensure deterministic memory management.
12: Maintenance and Diagnostics Settings Figure 12-16.
12: Maintenance and Diagnostics Settings Processes The EDS Processes page shows all the processes currently running on the system. It shows the Process ID (PID), the percentage of total CPU cycles a process used within the last three seconds, the total stack space available, the maximum amount of stack space used by the process since it started, and the process name. Display the processes running on the EDS: Click Diagnostics on the menu bar then Processes at the top of the page. Figure 12-17.
12: Maintenance and Diagnostics Settings Note: The Adobe SVG plug-in is required to view the CPU Load Graph.
12: Maintenance and Diagnostics Settings Real Time Clock Page You can view or change the current date or time configured on the EDS. Figure 12:-18. Real Time Clock Page Real Time Clock Page settings 1. Modify the following settings to set change the current date and time: Real Time Clock Page Settings Description Time Zone From the drop-down list, select the time zone corresponding to the location of the EDS.
12: Maintenance and Diagnostics Settings System Configuration You can reboot the device, restore factory defaults, upload new firmware, configure the short and long name, and view the current system configuration. Configure the EDS system settings: 1. Click System on the menu bar. The System page appears. Figure 12-19. System Page 2. Configure the following settings: System Page Settings EDS User Guide Description Reboot Device Click Reboot to reboot the EDS.
13: Advanced Settings This chapter presents information for advanced activities, modes, and statistics. Email alerts. CLI settings. CLI servers on Telnet and SSH ports. Export or import an EDS configuration files. Accept Mode. Connect Mode. Disconnect Mode. Packing Mode. Modem Emulation mode. Serial Line Settings. Tunneling Statistics. Email Configuration You can view and configure email alerts from the EDS. This section tells you how to configure alerts.
13: Advanced Settings View email statistics. Click Email from the main menu, then choose an email profile, from the drop down list, e.g. Email 1, then click Statistics. Figure 13-1. Email Statistics To clear the log, click Clear.
13: Advanced Settings Email Configuration You can set up to 8 email profiles. Each profile can have multiple email addresses or email address groups, separated by semicolons. Configure EDS email settings: 1. Click Email on the menu bar and then Email n and Configuration at the top of the page. The Email 1 - Configuration page appears. Figure 13-2. Email Configuration 2. Enter or modify any of the settings. 3. Click Submit. 4.
13: Advanced Settings To test your configuration, you can send an email immediately by clicking Send Email at the top of the page. Refer to the Statistics page for a log of the transaction. Command Line Interface Settings The Command Line Interface pages enable you to view statistics about the CLI servers listening on the Telnet and SSH ports, and to configure CLI settings. Command Line Interface Statistics This shows the current connection status of the CLI servers listening on the Telnet and SSH ports.
13: Advanced Settings CLI Configuration On this page you can change CLI configuration settings. Configure the CLI: 1. Click CLI on the menu then Configuration at the top of the page. The Command Line Interface Configuration page appears. Figure 13-4. Command Line Interface Configuration 2. Enter or modify the following settings: EDS User Guide Command Line Interface Configuration Settings Description Telnet Access Select On to enable Telnet access. Telnet is enabled by default.
13: Advanced Settings Command Line Interface Configuration Settings Description Sessions SSH Access Select On to enable SSH access. SSH is enabled by default. SSH Port Enter the SSH port to use for SSH access. The default is 22. SSH Max Sessions Maximum number of simultaneous SSH sessions. Login Password Enter the password for Telnet access. Enable Level Password Enter the password for access to the Command Mode Enable level. There is no password by default.
13: Advanced Settings Export a system configuration record: 1. Click XML on the menu bar then Export Configuration at the top of the page. Figure 13-5. XML: Export Configuration 2. Enter or modify the following settings: XML Export Configuration Page Settings EDS User Guide Description Export to browser Select this option to export the XCR data in the selected fields to a web browser. Export to local file Select this option to export the XCR data to a file on the device.
13: Advanced Settings XML Export Configuration Page Settings Description Export secrets Only use this with extreme caution. If selected, secret password and key information will be exported. Use only with a secure link, and save only in secure locations. Lines to Export Select the instances you want to export in the line, LPD, PPP, tunnel, and terminal groups. Groups to Export Check the configuration groups that are to be exported to the XML configuration record. 3. Click Export.
13: Advanced Settings XML: Export Status You can export the current system status in XML format to a web browser or to a file on the file system. 1. Click XML on menu bar and then Export Status at the top of the page. The XML Status Record: Export Status page appears. Figure 13-6. XML Status Record: Export Status 2.
13: Advanced Settings XML Status Record: Export System Status Page Settings Description Groups to Export Check the configuration groups that are to be exported into the XML status record. 3. Click the Export button. The groups display if exporting the data to the browser. If exporting to the file system, the file is stored on the file system. XML: Import System Configuration Page You can also import a system configuration from an XML file.
13: Advanced Settings Import Configuration from External File This selection shows a field for entering the path and file name of the entire external XCR file to import. You can also browse to select the XCR file. Figure 13-8. XML: Import Configuration from External File Import Configuration from the Filesystem This selection shows a page for entering the file system and your import requirements – groups, lines, and instances.
13: Advanced Settings Figure 13-9. XML: Import from Filesystem 1. Enter the filename of the XCR file with the groups to import. 2. Enter or modify the following settings: Import Configuration from File system Settings Description Filename Enter the name of the file on the EDS (local to its file system) that contains XCR data. Lines to Import Select the lines whose settings you want to import. Click the Select All link to select all the serial lines and the network lines.
13: Advanced Settings Import Configuration from File system Settings Description Whole Groups to Import Select the configuration groups to import from the XML configuration record. This option imports all instances of each selected group unless it is one of the Lines to Import. Note: By default, all groups are checked except those pertaining to the network configuration; this is so that import will not break your network connectivity.
13: Advanced Settings Import Line(s) from Single Line Settings on the File system This selection copies line settings from the single line instance in the input file to selected lines. The import file may only contain records from a single line instance; this is done by selecting a single Line to Export when exporting the file. Figure 13-10. XML: Import Line(s) from Single Line Settings on the File system XML: Import Lines from Single Line(s) Settings 1.
13: Advanced Settings Import Line(s) Settings Description Lines to Import Select the line(s) of settings to import. Click the Select All link to select all the serial lines and the network lines. Click the Clear All link clear all of the checkboxes. By default, all serial line instances are selected. Whole Groups to Import Select the configuration groups to import from the XML configuration record.
14: Tunneling Tunneling allows serial devices to communicate over a network, without “being aware” of the devices which establish the network connection between them. Tunneling parameters are configured as described in Tunnel Settings, on page 57—or via the Command Mode Tunnel Menu (see the EDS Command Reference for the full list of commands.) The EDS supports two tunneling connections simultaneously per serial port. One of these connections is Connect Mode; the other connection is Accept Mode.
14: Tunneling Telnet UDP (Connect Mode only) When setting AES encryption, both the encrypt key and the decrypt key must be specified. The encrypt key is used for data sent out. The decrypt key is used for receiving data. Both of the keys may be set to the same value. For Connect Mode using UDP, the EDS accepts packets from any device on the network. It will send packets to the last device that sent it packets. Note: The Local Port in Connect Mode is not the same port configured in Accept Mode.
14: Tunneling SSL TCP AES encryption over TCP Telnet (The EDS supports IAC codes. It drops the IAC codes when Telneting and does not forward them to the serial port).
14: Tunneling Trailing Character: If a trailing character is defined, this character is appended to data put on the network immediately following the send character. Modem Emulation The EDS supports Modem Emulation mode for devices that send out modem signals. There are two different modes supported: Command Mode: sends back verbal response codes. Data Mode: information transferred in is also transferred out.
14: Tunneling Command Description '+++'. ATEn Switches echo in Command Mode (off - 0, on - 1). ATH Disconnects the network session. ATI Shows modem information. ATQn Quiet mode (0 - enable results code, 1 - disable results code.) ATVn Verbose mode (0 - numeric result codes, 1 - text result codes.) ATXn Command does nothing and returns OK status. ATUn Accept unknown commands. (n value of 0 = off. n value of 1 = on.) AT&V Display current and saved settings.
14: Tunneling The modem control signal DTR on the Line may be continually asserted or asserted only while either an Accept Mode tunnel or a Connect Mode tunnel is connected. Statistics The EDS logs statistics for tunneling. The Dropped statistic shows connections ended by the remote location. The Disconnects statistic shows connections ended by the EDS.
15: Security in Detail The EDS supports Secure Shell (SSH) and Secure Sockets Layer (SSL). Secure Shell: SSH SSH is a network protocol for securely accessing a remote device. This protocol provides a secure, encrypted communication channel between two hosts over a network. Two roles require configuration: when the EDS acts as the SSH server and when it acts as an SSH client. The SSH server is used by the CLI (Command Mode) and for tunneling in Accept Mode. The SSH client is for tunneling in Connect Mode.
15: Security in Detail 4. Click Submit. Generate and use keys from PuTTY: 1. Create the keys with puttygen.exe. The keys are in PuTTY format. 2. Use puttygen.exe again to convert the private key to Open SSH format as follows: a. Import the private key using “Conversions…Import key.” b. Create a new file using “Conversions…Export OpenSSH key.” 3. Use ssh-keygen to convert the public key to OpenSSH format. ssh–keygen –i –f putty_file > openssh_file 4. Click SSH SSH Server: Host Keys at the top of the page.
15: Security in Detail SSH Client Configuration To configure the EDS as an SSH client, there is one requirement: An SSH client must have been configured and exists on the remote SSH server. Configure SSH client settings: 1. Click SSH SSH Client: Users at the top of the page. The SSH Client: Users page appears. 2. (Required) Enter the Username and Password to authenticate with the SSH server. 3. (Optional) Complete the SSH client user information as necessary.
15: Security in Detail EDS currently supports the following list of cipher suites: Certificate Key exchange Encryption Hash DSA DHE 3DES SHA1 RSA RSA 128 bits AES SHA1 RSA RSA Triple DES SHA1 RSA RSA 128 bits RC4 MD5 RSA RSA 128 bits RC4 SHA1 RSA 1024 bits RSA 56 bits RC4 MD5 RSA 1024 bits RSA 56 bits RC4 SHA1 RSA 1024 bits RSA 40 bits RC4 MD5 Whichever side is acting as server decides which cipher suite to use for a connection.
15: Security in Detail A certificate is also used to sign any message transmitted to the peer to identify the originator and prevent tampering while transported. In short: When using HTTPS, SSL Tunneling in Accept mode, and/or EAP-TLS, the EDS needs a personal certificate with matching private key to identify itself and sign its messages.
15: Security in Detail Generate a self-signed RSA certificate/key combo: openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout mp_key.pem -out mp_cert.pem Steel Belted Radius Steel Belted Radius (SBR) is a commercial radius server by Juniper Networks that provides a GUI administration interface. It also provides a certificate request and selfsigned certificate generator. The self-signed certificate has extension .sbrpvk and is in the PKCS12 format.
16: Branding the EDS The EDS Web Manager and Command Mode (CLI) are customizable. Web Manager Customization Customize the Web Manager’s appearance by modifying index.html and style.css. The style (fonts, colors, and spacing) of the Web Manager are controlled with style.css and the text and graphics are controlled with index.html.
16: Branding the EDS Command Mode Customize the EDS Command Mode by changing its short name and long name. The short name is used for show commands: (enable)# show EDS The long and short names appear in the Product Type field in the following format: Product Type: () For example: (enable)# show EDS Product Information: Product Type: Lantronix EDS (EDS) Change the EDS short and long names with the Web Manager: 1. Click System in the menu bar. The System page opens. 2.
17: Updating Firmware Obtaining Firmware Obtain the most up-to-date firmware and release notes for the unit from the Lantronix Web site (http://www.lantronix.com/) or by anonymous FTP: (ftp://ftp.lantronix.com/). Loading New Firmware You can reload the firmware using the EDS Web Manager File system page. Upload new firmware: 1. Unzip the files and save them to a directory on your PC. 2. From the EDS main web page, click System in the menu bar. The System page appears. 3.
A: Technical Support If you are unable to resolve an issue using the information in this document, please contact Technical Support: Technical Support US Check our online knowledge base or send a question to Technical Support at http://www.lantronix.com/support. Technical Support Europe, Middle East, Africa Phone: +33 13 930 4172 Email: eu_techsupp@lantronix.com or eu_support@lantronix.
B: Binary to Hexadecimal Conversions Many of the unit’s configuration procedures require you to assemble a series of options (represented as bits) into a complete command (represented as a byte). The resulting binary value must be converted to a hexadecimal representation. Use this chapter to learn to convert binary values to hexadecimals or to look up hexadecimal values in the tables of configuration options.
B: Binary to Hexadecimal Conversions Scientific Calculator Another simple way to convert binary to hexadecimal is to use a scientific calculator, such as the one available on the Windows operating systems. For example: 1. On the Windows Start menu, click Programs Accessories Calculator. 2. On the View menu, select Scientific. The scientific calculator appears. 3. Click Bin (Binary), and type the number you want to convert. 4. Click Hex. The hexadecimal value appears.
C: Lantronix Cables and Adapters Lantronix cables and adapters for use with the EDS devices are listed here according to part number and application. Lantronix P/N Description Applications 500-103 6’ RJ45-to DB9F Included with EDS8/16/32PR for setup or device connectivity. Connects the RJ45 RS232 serial ports of EDS8/16/32PR to a DB9M DTE interface of a PC or serial device. 200.2062 Cable Ethernet CAT5; RJ45, 2 m (6.
C: Lantronix Cables and Adapters Lantronix P/N Description Applications a serial device. EDS User Guide 200.2067A Adapter RJ45-toDB25F Allows a standard straight-pinned CAT5 cable to connect the EDS8/16/32PR RJ45 serial ports to the DB25M DTE interface of a serial device. 200.2069A Adapter RJ45-toDB9M Allows a standard straight-pinned CAT5 cable to connect the EDS8/16/32PR RJ45 serial ports to the DB9F DCE interface of a serial device. 200.
D: Compliance D: Compliance The following compliances are according to ISO/IEC Guide 22 and EN 45014.
D: Compliance Power Frequency Magnetic Field Immunity EN61000-4-8: 1993 Voltage Dips and Interrupts EN61000-4-11: 1994 Manufacturer’s Contact: Director of Quality Assurance, Lantronix 15353 Barranca Parkway, Irvine, CA 92618 USA Tel: 949-453-3990 Fax: 949-453-3995 RoHS Notice: All Lantronix products in the following families are China RoHS-compliant and free of the following hazardous substances and elements: • Lead (Pb) • Cadmium (Cd) Product Family Name • • UDS1100 and 2100 EDS MSS100 IntelliBox XPre
D: Compliance Installationsanweisungen Rackmontage Bei Montage in ein geschlossenes Rack oder in ein Rack mit mehreren Einheiten ist unter Umständen eine weitere Prüfung erforderlich. Folgende Punkte sind zu berücksichtigen. 5. Die Umgebungstemperatur innerhalb des Racks kann höher sein als die Raumtemperatur. Die Installation muss so durchgeführt werden, dass der für den sicheren Betrieb erforderliche Luftstrom nicht beeinträchtigt wird.
D: Compliance Grounding Reliable earthing of this equipment must be maintained. Particular attention should be given to supply connections when connecting to power strips, rather than direct connections to the branch circuit strips.
E: Warranty For details on the Lantronix warranty replacement policy, go to our web site at http://www.lantronix.com/support/warranty/index.
Index Index A Accessing MatchPort b/g Pro, 38 Address Ethernet, 20 Hardware, 20 IP, 20 MAC, 20 ARP Settings, 108 B Bar code, 21 Binary to hexadecimal conversions, 152 Branding, 12, 148 Command Mode, 149 Web Manager Customization, 148 C CipherSuites, 144 Command Line Interface Settings, 124 Command-Line Interface, 17 Compliance, 156 Configuration methods, 19 Configuration Settings, 78 Create New Self-Signed Certificate, 100 D default server port numbers, 20 Device Control, 18 Device Details Summary, 39 Devi
Index Host Configuration, 75 HTTP Authentication, 87 Change Configuration, 85 Configuration, 83 Statistics, 83 I ICMP Settings, 107 Installation EDS16/32PR, 22, 25, 33, 36 EDS4100, 27, 31 IP Address, 20 Address Filter, 109 Settings, 107 L Label, 21 Lantronix Discovery Protocol, 20 LEDs EDS16/32PR, 24, 35 EDS4100, 30 Line 1 Command Mode, 55 Configuration, 52 Statistics, 52 Line Settings, 52 Line Terminal Configuration, 72 locating a MatchPort b/g Pro unit, 11, 38 LPD Configuration Page, 91 Settings, 90 Stat
Index TFTP Configuration, 81 Time settings, 119 Troubleshooting Capabilities, 19 Tunnel Settings Accept Mode, 58 AES Keys, 71 Connect Mode, 64 Disconnect Mode, 70 Modem Emulation, 67 Packing Mode, 60 Serial Settings, 63 Start and Stop Characters, 69 Tunnel 1 – Statistics, 57 Tunneling Accept Mode, 137 Connect Mode, 136 Disconnect Mode, 138 Modem Emulation, 139 Packing Mode, 138 Serial Line Settings, 140 Statistics, 141 EDS User Guide U Updating Firmware, 150 Upload Authority Certificate, 100 Upload Certi
