Secure Terminal Server STS Series User Guide Version 1.4.2.
Copyright Information Copyright 1998-2012, Sena Technologies, Inc. All rights reserved. Sena Technologies reserves the right to make any changes and improvements to its product without providing prior notice. Trademark Information HelloDevice™ is a trademark of Sena Technologies, Inc. Windows® is a registered trademark of Microsoft Corporation. Ethernet® is a registered trademark of XEROX Corporation.
Revision history Revision Date Name Description V1.0.2 2003-12-3 O.J. Jung Initial Release V1.1.0 2004-01-12 O.J. Jung Revision with release of version 1.1.0 V1.1.1 2004-01-30 O.J. Jung Typographical errors are fixed V1.2.0 2004-06-11 O.J. Jung Revision with release of version 1.2.0 V1.3.0 2004-10-11 O.J. Jung Revision with release of version 1.3.0 V1.3.1 2004-10-15 O.J. Jung Added Appendix 6 V1.3.2 2005-05-18 O.J.
Contents 1. Introduction 8 1.1. Overview .................................................................................................................................... 8 1.2. Package Check List ................................................................................................................... 9 1.3. Product Specification.................................................................................................................. 9 1.4. Terminologies And Acronyms .................
4.1. Overview .................................................................................................................................. 36 4.2. Individual Port Configuration .................................................................................................... 39 4.2.1. Port Enable/Disable ....................................................................................................... 40 4.2.2. Port Title .........................................................................
8. CLI guide 93 8.1. Introduction............................................................................................................................... 93 8.2. Flash Partition .......................................................................................................................... 93 8.3. Supported Linux Utilities .......................................................................................................... 94 8.3.1. Shell & Shell Utilities: ..........................
Appendix 6. Using STS Series With Serial/IP 120 A 6.1. STS Series vs. Serial/IP Options ........................................................................................ 120 A 6.2. Connection Example - Telnet And SSLv3 Encryption ......................................................... 121 Appendix 7. How To Make A Certificate For SSL Encryption 125 A 7.1. Install The OpenSSL Package ............................................................................................ 125 A 7.2.
1. Introduction 1.1. Overview The STS Series is a secure terminal server (or device server) that makes your legacy serial devices manageable by industry-standard Ethernet network. Based on open network protocols such as TCP/IP and UDP, it gives you ultimate flexibility to your serial devices. With PPPoE (PPP-over-Ethernet) connection feature of the STS Series, the RS232 serial devices could be managed over DSL-based broadband network.
1.2. Package Check List - STS Series external box - External 110V or 230V power supply or power cord - CAT5 cable - Console cable kit - Quick Start Guide 1.3.
Diagnostic LED Environmental Power Dimension L x W x H (mm) Weight (kg) Power Ready 10/100 Base Link, Act Serial InUse/Rx/ Tx for each port PC Card Operating temperature: 5’C to 50’C Storage temperature: –40’C to 66’C 5VDC, 1.5A @ 5VDC 110 ~ 240VAC 245 x 153 x 30 (mm) 432 x 193 x 44.5 DIN-rail mount option 1.5 19 in. rack mountable 2.8 Certification Warranty FCC(A), CE(A), MIC 5-year limited warranty 1.4. Terminologies And Acronyms This section will define commonly used terms in this manual.
Client/Server Client/server describes the relationship between two computer programs in which one program, the client, makes a service request from another program, the server, which fulfills the request. A server is a computer program that provides services to other computer programs on one or many computers. The client is the requesting program or user in a client/server relationship. For example, the user of a Web browser is effectively making client requests for pages from servers all over the Web.
CTS Clear to Send DSR Data Set Ready DTR Data Terminal Ready RTS Request To Send DCD Data Carrier Detect 12
2. Getting Started This chapter describes how to set up and configure the STS Series. - 2.1. Panel Layout explains the layout of the panel and LED indicators. - 2.2. Connecting The Hardware describes how to connect the power, the network, and the equipment to the STS Series and how to access the console port using a serial console or a Telnet from remote location. - 2.3. Accessing The Web Browser Management Interface describes how to access Web menu from remote location.
Figure 2-1 The panel layout of the STS800 Table 2-1 LED indicator lamps of the STS Series Lamps System Ethernet Serial port Power Ready PC card 100Mbps LINK Act InUse Rx/Tx Function Turned on if power is supplied Turned on if system is ready to run Turned on if a PCMCIA device is running Turned on if 100Base-TX connection is detected Turned on if connected to Ethernet network Blink whenever there is any activities such as incoming or outgoing packets through the STS Series Ethernet port Turned on if th
2.2.1. Connecting The Power Connect the power cable to the STS Series. If the power is properly supplied, the [Power] lamp will light up green. Figure 2-3 Connecting the power to the STS400/800 Figure 2-4 Connecting the power to the STS1600 2.2.2. Connecting To The Network Plug one end of the Ethernet cable to the STS Series Ethernet port. The other end of the Ethernet cable should be connected to a network port.
The [100Mbps] lamp will not turn on if the current network connection is 10Base-T. Figure 2-5 Connecting a network cable to the STS400/800/1600 2.2.3. Connecting To The Device Connect the console cable to the STS Series serial port. To connect to the console port of the device, the user needs to consider the type of console port provided by the device itself. In the STS Series cable kit package, plug-in adapters are provided for the easier connectivity to the user’s devices.
menu system or CLI (Command Line Interface). System console: Local users can connect directly to the system console port of the STS Series using the console/Ethernet cable with the corresponding adapter. Remote console: Remote users who require a menu-driven interface can utilize Telnet (port 23) connections to the STS Series using terminal emulator.
No flow control 5) Press the [ENTER] key. 6) Enter your user name and password to log into the STS Series. The factory default user settings are as follows. Login: root Password: root Login: admin Password: admin 192.168.161.5 login: root Password:**** root@192.168.161.5:~# 7) Upon authentication, the CLI are initially provided for configuration. For details on the CLI, refer to the chapter 8. CLI guide. 8) “ss.
2.2.6. Using Remote Console The IP address of the STS Series must be known before users can access the STS Series using the Remote console (see chapter 3. Network Configuration for details). The default IP address of STS Series is 192.168.161.5. The Remote console access function can be disabled in the remote host access option (3.5 IP Filtering for details).
2.3. Accessing The Web Browser Management Interface The STS Series supports both HTTP and HTTPS (HTTP over SSL) protocols. The STS Series also provides has its own Web management pages. To access the STS Series Web management page, enter the IP address or resolvable hostname of the STS Series into the web browser’s URL/Location field. This will direct the user to the STS Series login screen. The user must authenticate themselves by logging into they system with a correct user name and password.
step. If the user does not want to save the new parameter values, the user must opt to [Cancel]. All changes made will be lost and the previous values restored.
3. Network Configuration 3.1. IP Configuration The STS Series requires a valid IP address to operate within the user’s network environment. If the IP address is not readily available, contact the system administrator to obtain a valid IP address for the STS Series. Please note that the STS Series requires a unique IP address to connect to the user’s network. The users may choose one of three Internet protocols in setting up the STS Series IP address: i.e.
3.1.1. Using A Static IP Address When using a Static IP address, the user must manually specify all the configuration parameters associated with the IP address of the STS Series. These include the IP address, the network subnet mask, the gateway computer and the domain name server computers. This section will look at each of these in more detail. Note: The STS Series will attempt to locate all this information every time it is turned on. .
The IP address of the DNS server must be able to access the host site with the provided domain name. The STS Series provides the ability to configure the required IP addresses of both the Primary and Secondary DNS servers addresses. (The secondary DNS server is specified for use when the primary DNS server is unavailable.) 3.1.2.
address in the DHCP network, the administrator needs the MAC address of the STS Series found on the label sticker at the bottom of the STS Series. 3.1.3. Using PPPoE PPPoE (Point-to-Point Protocol over Ethernet) is a specification for connecting multiple computer users on an Ethernet LAN (local area network) to a remote site through a modem or similar device. PPPoE can be used to multiple users the ability to share ADSL, cable modem, or wireless connection to the Internet.
Figure 3-2 SNMP Configuration 3.2.1. MIB-II System Objects Configuration MIB–II System objects configuration sets the System Contact, Name, Location, and Authenticationfailure traps used by the SNMP agent of the STS Series. These settings provide the values used for the MIB-II sysName, sysContact, sysLocation, sysService and enableAuthenTrap.
sysService(Read Only): A series of values, separated by commas, that indicate the set of services that the system provides. By default, STS Series only supports an Application(7) service level. EnableAuthenTrap: Indicates whether the SNMP agent process is permitted to generate authentication-failure traps. The value of this object overrides any configuration information; as such, it provides a means whereby all authentication-failure traps may be disabled.
Figure 3-3 Browsing MIB-II OIDs of STS Series SNMP agent using SNMP Browser (AdventNet MibBrowser) 3.3. Dynamic DNS Configuration When users connect the STS Series to a DSL line or use a DHCP configuration, the IP address might be changed whenever it reconnects to the network. It can therefore be very difficult to post all related contacts for each new IP address.
may then add a new Dynamic DNS Host link after logging in to their Dynamic DNS Network Services Members NIC. After enabling the Dynamic DNS service in the Dynamic DNS Configuration menu, the user must enter the registered Domain Name, User Name, and Password. After applying the configuration change, users can access the STS Series using only the Domain Name. Figure 3-4 shows the Dynamic DNS configuration web interface. Figure 3-4 Dynamic DNS Configuration 3.4.
hostname (i.e. arbitrary_user@yahoo.com or anybody@sena.com). The SMTP user name and SMTP user password are required when either SMTP with authentication or POP-before-SMTP mode is selected. Figure 3-5 SMTP Configurations Figure 3-6 SMTP mode selection in SMTP configuration 3.5. IP Filtering The STS Series prevents unauthorized access using either an IP address based filtering method or through the management web page of the STS Series.
The user may allow a host or a group of hosts to access the STS Series for configuration. The user must then enter the IP address and subnet of access. Any user on a remote host must stay in the specified subnet boundary to have the configuration access. To allow only a specific host to have configuration access to the STS Series, enter the IP address of the specific host and just give 255.255.255.255 for the subnet. To allow any hosts to have access to the STS Series, give 0.0.0.
3.6. SYSLOG Server Configuration The STS Series supports a remote message logging service, SYSLOG service for the system and port data logging. To use the remote SYSLOG service, the user must specify the SYSLOG server’s IP address and the facility to be used. Figure 3-8 shows the SYSLOG server configuration page of the supplied Web interface. Figure 3-8 SYSLOG server configuration To receive log messages from the STS Series, the SYSLOG server must be configured as “remote reception allowed”.
To store the STS Series log data to the NFS server, the NFS server must be configured as “read and write allowed”. If there is a firewall between the STS Series and the NFS server, there must be a rule that allows all outgoing and incoming packets to travel across the firewall.
Figure 3-11 Web server configurations The Web page refresh rate can be also adjusted in this configuration page. The refresh rate is only applicable to the system statistics pages, such as network interfaces, serial ports, IP, ICMP, TCP and UDP. Other pages in the Web interface are not refreshed automatically. For more information about the system statistics, please refer to section 7 System Statistics.
TCP “keep-alive” probes: This represents how many “keep-alive” probes will be sent to the remote host, until it decides that the connection is dead. Multiplied with the “TCP ‘keep-alive’ intervals”, this gives the time that a link is forced to close after a “keep-alive” packet has been sent for the first time. The default is 3 times. TCP keep-alive intervals: This represents the waiting period until a “keep-alive” packet is retransmitted due to no acknowledgement by the original Chinatown.
4. Serial Port Configuration 4.1. Overview The serial port configuration capability allows the user to configure the host mode of each port, serial communication parameters, cryptography, port logging parameters and other related parameters. The serial port’s host mode can be set as any of the following: TCP : The STS Series operates as a TCP server and client.
Table 4-1 Serial port configuration parameters All serial ports setting Or Individual serial port setting #1~#8(1/4) 1 2 3 4 Port Enable/Disable Port title Apply all port settings (Individual serial port setting only) TCP listening port Telnet protocol TCP Max allowed connection Cyclic connection Inactivity timeout (0 for unlimited) UDP listening port Host mode Max allowed connection Accept UDP datagram from unlisted remote UDP host or not Send to recent unlisted remote host or not Inactivity timeout (0 f
Enable/Disable Email notification Title of Email Recipient’s Email address Enable/Disable SNMP notification Title of SNMP trap SNMP SNMP trap receiver’s IP address notification SNMP trap community SNMP trap version Add/Edit a keyword Keyword string Email notification SNMP trap notification Port command Remove a keyword Email notification Figure 4-1 shows the web-based serial port configuration screen. This serial port configuration main screen summarizes port information.
Figure 4-1 Serial port configuration main screen 4.2. Individual Port Configuration The STS Series allows serial ports to be configured either individually or all at once. The parameters for both individual and all port configurations are similar. Individual Port Configurations are classified into twelve (12) groups: 1. Port enable/disable 2. Port title 3. Apply all port settings 4. Host mode 5. Remote host: Available only when the host mode is set to TCP or UDP mode 6.
4.2.1. Port Enable/Disable Each serial port can be enabled or disabled. If a serial port is disabled, users cannot access the serial port. Figure 4-2 shows the serial port enable/disable screen. Figure 4-2 Serial port enable/disable By clicking on the [Reset] button, users can reset a stuck or deadlocked serial port. Click on the [Set] button to set the port as factory default. 4.2.2. Port Title Users can enter descriptive information for each port based on the device attached to it.
Figure 4-3 Port title configuration 4.2.3. Apply All Port Settings To prevent the possibility of the user inadvertently selecting to change all port settings at the same time, the STS Series provides the ability to enable or disable this function at an individual serial port level. Changes made when using the “change all port parameters at once” function will not be applied to an individual serial port if the function has been disabled. Figure 4-4 shows the [apply all port setting] configuration screen.
4.2.4. Host Mode Configuration The STS Series operating mode is called the “host mode”. Three host modes are available: TCP mode, UDP mode, Modem emulation mode. TCP mode The STS Series works as both TCP server and client. This mode works for most applications, since it will transfer the data either from serial port or from TCP port.
4.2.4.1. TCP Mode For easier understanding of TCP modes, a simplified State Transition Diagram is often used. And to help users understand the diagram, the TCP state of the STS Series is briefly described as follows. [Listen] It represents “a waiting for a connection request from any registered remote host”. It is a default start-up mode when it is set as TCP mode. [Closed] It means “no connection state”.
1) Typical State Transition [Listen] --> [Sync-Received] --> [Established] --> [Data] --> [Closed] --> [Listen] Or [Listen] --> [Sync-Sent] --> [Established] --> [Data] --> [Closed] --> [Listen] The initial state is [Listen]. If there are data coming from the serial port, it will connect to the remote host as a TCP client and then transfer data through the TCP port.
User Authentication In TCP mode, STS Series support user authentication for port access. If this option is enabled, user should enter the user ID and password before accessing the port. (For user administration, please refer to the section 6.6.
TCP connection request rejected Or internal TCP time-out Sync-Sent In-coming TCP Close request TCP connection request accepted Inactivity time-out Incoming data via serial port Data Established Incoming data from remote host Closed Accept Reject Listen Sync-Recvd Incoming TCP connection request Incoming data via serial port Figure 4-6 State Transition Diagram of TCP mode Inactivity Timeout When Inactivity Timeout function is enabled, connection between remote host(s) and STS Series will b
TCP Nagle algorithm Modern TCP implementations include a mechanism, known as the Nagle algorithm, which prevents the unnecessary transmission of a large number of small packets. This algorithm has proved useful in protecting the Internet against excessive packet loads. However, some applications suffer performance problems as a result of the traditional implementation of the Nagle algorithm.
Send to recent unlisted remote host If Send to recent unlisted remote host function is set as ‘Yes’, STS Series sends data to the remote host, which has connected STS Series recently. Recent unlisted remote host is a remote host, which has accessed a corresponding serial port of STS Series but is not configured on remote host configuration. Surely, STS Series also send data to the hosts, which are configured on remote host configuration.
By using the modem emulation mode of the STS Series, users can have their serial device connected to the Ethernet network easily, which is cheaper than using phone line modem. Table 4-2 is a summarized AT command table which is supported by the STS Series. Figure 4-7 shows the typical case of the serial port command flow when ATDA command is used to connect to the Ethernet network.
ATBn, ATCn, ATLn, ATMn, ATNn, ATP, ATT, ATYn, AT%Cn, AT%En, AT&Bn, AT&Gn, AT&In, AT&Qn, AT&V, ATMn, AT\An, AT\Bn, AT\Nn, ATXn none OK [CR][LF] ATS?, ATSn=x, AT&Cn, AT&Wn, AT&Zn=x none ERROR [CR][LF] None If n=1 OK [CR][LF] If others, ERROR [CR][LF] None If n=0 OK [CR][LF] If others, ERROR [CR][LF] ATFn [CR][LF] ATWn Table 4-3 AT commands Response Code Verbose Code (After “ATV1” command executed) Numeric Code (After “ATV0” command executed) Description OK 0 Command executed CONNECT 1 Mode
4.2.5. Remote Host Configuration Remote host configuration is the list of hosts that will receive data from serial port of STS Series when there is data transmission from a serial port of STS Series. In TCP mode, user can also configure secondary remote host that will receive data from serial port if STS Series fails to connect to primary remote host. But if connection to primary remote host can be made, STS Series dose not send data to secondary remote host until connection to primary remote host failed.
Figure 4-9 Port IP filtering for serial ports 4.2.7. Cryptography Configuration The STS Series supports encrypted sessions for only TCP mode including modem emulation mode (not UDP mode). 4.2.7.1. Secure Sockets Layer(SSL) And Transport Layer Security(TLS) Cryptography Method By setting the cryptography method as one of SSLv2, SSLv3, SSLv3 rollback to v2 or TLSv1, the STS Series can communicate with other device supporting SSL/TLS cryptography method in encrypted sessions.
symmetric key encryption. Symmetric key encryption is much faster than public-key encryption, but public-key encryption provides better authentication techniques. The handshake allows the server to authenticate itself to the client using public-key techniques, and then allows the client and the server to cooperate in the creation of symmetric keys used for rapid encryption, decryption, and tamper detection during the session that follows.
that the client portion of the handshake is finished. 9. The server sends a message to the client informing it that future messages from the server will be encrypted with the session key. It then sends a separate (encrypted) message indicating that the server portion of the handshake is finished. 10. The SSL/TLS handshake is now complete, and the SSL/TLS session has begun. The client and the server use the session keys to encrypt and decrypt the data they send to each other and to validate its integrity.
algorithm is used to encrypt the bulk of data transmitted across the SSL/TLS connection. The hash algorithm is used to protect transmitted data against modification during transmission. The length of the keys used in both the symmetric and asymmetric algorithms must also be specified. When a client makes an SSL/TLS connection to a server, it sends a list of the cipher suites that it is capable of and willing to use.
Figure 4-11 Cryptography configuration 4.2.7.2. 3DES Cryptography Method By setting the cryptography method as 3DES, the STS Series can communicate with other STS Series device or HelloDevice Pro Series in 3DES(168 bits) encrypted sessions. Figure 4.12 shows record format of 3DES packet where meanings of each field are as follows, Length Data Padding Figure 4-12 Record Format of 3DES packet Length The length is 8-bits number. The length is the length of content (data and padding).
Padding The padding is a standard block cipher. The pad value is the total number of pad bytes in the padding(1~8). In 3DES algorithm in STS Series, key and initial vector, which are used in generating encrypted data packet, is derived from key block. And key block is generated by using user configured key string. Figure 4-13 shows key derivation process.
Note: File uploading is supported only in console menu. For more information about file uploading, please refer to 6.10 User File Uploading section. Figure 4-14 Filter application 4.2.9. Serial Port Parameters To connect the serial device to the STS Series serial port, the serial port parameters of the STS Series should match exactly to that of the serial device attached. The serial port parameters are required to match this serial communication.
Figure 4-15 UART configuration Parity Parity can be none, even or odd. The factory default setting is none. Stop bits Stop bits can be between 1 bit and 2 bits. The factory default setting is 1 bit. Flow control The factory default setting of the flow control is None. Software Flow Control using XON/XOFF and hardware flow control using RTS/CTS are supported by the STS Series.
DTR/DSR behavior The purpose of the DTR/DSR pin is to emulate modem signal control or to control TCP connection state by using serial port signal. The DTR is a write-only output signal, whereas the DSR is a read-only input signal in the STS Series side. The DTR output behavior can be set to one of three types: always high, always low or high when open. If the DTR behavior is set to high when open, the state of the DTR pin will be maintained high if the TCP connection is established.
4.2.10. Modem Configuration The STS Series supports direct modem connection to the serial port of it. When user wants to connect modem to a serial port, he must configure Modem init-string and DCD behavior on modem configuration page. The STS Series supports modem connection only when host mode is set as TCP mode. Enable/Disable modem By enabling this menu, user can attach a modem directly to the serial port of STS Series.
Figure 4-16 Modem configuration 4.2.11. Port Logging With the port logging feature, the data sent through the serial port is stored to MEMORY, an ATA/IDE fixed disk card, a SYSLOG server or a mounting point on an NFS server. Enable/disable port logging This parameter defines whether to enable or disable the port-logging feature. The factory default setting is [disabled].
all port buffer size of each serial port should be smaller than or equal to 3200 Kbytes). The factory default setting is 4 Kbytes. When using an ATA/IDE fixed disk card to store log data, the maximum port buffer size is dependent upon the card capacity. When using an NFS server to store log data, the maximum port buffer size is unlimited. The user should configure the NFS server to ensure that the port logging system works properly.
remote hosts could be monitored and managed in the same way of the port keywords as well. Each reaction can be configured individually upon each keyword. Reaction can be an email delivery, SNMP trap sending, command sending or either combination of all reactions. Port event handling If the user wants to enable port event handling feature, set Port event handling as enable. . This is a global parameter so if this feature is disabled, the STS Series does not take any actions on port events.
Figure 4-18 Port event handling configurations SNMP trap community This parameter set a community that will be included in SNMP trap message when pre-defined keyword is detected.
SNMP trap version This parameter set a version of SNMP trap, which will be sent when pre-defined keyword is detected. [Status event edit] Device connection/disconnection Fill in the check boxes of the preferred actions that are to be taken on the event of serial device connection or disconnection. TCP connection/disconnection Fill in the check boxes of the preferred actions that are to be taken on the event of TCP connection or disconnection from remote hosts.
4.3. All Port Configurations If modifications are being made to all serial ports are similar or the same, changes can be made to the serial port configuration for all serial ports simultaneously. With the all port configuration function, the configuration will be applied to all the serial ports; unless an individual port’s “apply all port setting” option is disabled. “All port configuration” parameters can be grouped into the following groups: 1. Port enable/disable 2. Port title 3. Host mode 4.
Port enable/disable This parameter enables or disables port function. Port title If this parameter is set with a certain string, the port title of each serial port will be set with a combination of this string and the port number. For example, if the port title is set with “my server”, the port title of port 1 will be set with “my server #1”, the port title of port#2 will be “my server #2”, and so on.
5. PC Card Configuration The STS Series has one extra PC card slot for increased expandability. It supports four types of PC cards: - Wireless LAN card - Modem card - ATA/IDE fixed disk card The user can allow access via another network connection with either a LAN or wireless LAN card. The ATA/IDE fixed disk card allows the user the ability to store and carry system and serial port log data.
Figure 5-2 Failure to detect error message Refer to Appendix 2. PC Card Supported By STS to view a list of PC cards support by the STS Series. To stop or remove the PC card, user must complete the following steps. Step 1. Select [(Ban- show the actual button) Stop card service]. Step 2. Save the configuration changes by selecting [Save to flash]. Step 3. Apply changes by selecting [Apply changes] from the menu. Step 4. Remove the PC card from the PC card slot.
The user must manually select PC LAN card as the card type and set the primary and secondary DNS servers when configuring a PC LAN card. All other configuration steps are the same as detailed in Section 3.1 IP Configuration. Refer to Appendix 2.PC Card Supported By STS to view a list of LAN PC cards supported by the STS Series. 5.2. Wireless LAN Card Configuration A wireless LAN card will result in two network interfaces and two IP addresses. The user can assign a valid IP address to each serial port.
The STS Series supports SSID(Service Set Identifier) and WEP(Wired Equivalent Privacy) key feature for the wireless LAN configuration. The user may configure the SSID to specify an AP (Access Point). The user may also configure the WEP mode as either encrypted or shared. The WEP key length must be either 40 or 128 bits. The 40-bit WEP key length requires the user to enter 5 hexadecimal code sets without colons (:).
Figure 5-6 PC ATA/IDE fixed disk card configuration 73
6. System Administration The STS Series display the system status and the log data via a Status Display Screen. This screen is to be used for management purposes. System status data includes the model name, serial number, firmware version and the network configuration of the STS Series. The STS Series can also be configured to deliver log data automatically via email to a specified recipient with the system-logging feature.
internal memory is used to store system log data, the log data will be cleared when the STS Series is turned off. To preserve the system log data, set the storage location to be the ATA/IDE fixed disk card, SYSLOG server or NFS server. To do this, the user must configure the corresponding media in advance. Unless the media is properly set up, the user will not be able to select a storage location from the interface.
6.3. User Logged On List This function allows a user to view current and historical user activity on the shell of STS Series. Figure 6-3 User logged on list The list displays the following information for users who have logged into the system: User name Terminal type for the session Time connected IP address of the remote host Note: Users access via the web will not appear on the list. Connections are not always made using HTTP/HTTPS protocol. 6.4.
6.5. Device Name Configuration The STS Series has its own name for administrative purposes. Figure 6-5 shows the device name configuration screen. When user changes Device name, hostname of STS series shall be changed and then prompt on CLI also shall be changed to the corresponding one as follows, root@SS800_Device:~# Figure 6-5 Device name configuration Please note that user cannot set space character as one of device name.
6.7. Date And Time Settings The STS Series maintains current date and time information. The STS Series clock and calendar settings are backed up by internal battery power. The user can change the current date and time, as shown in Figure 6-7. There are two date and time settings. The first is to use the NTP server to maintain the date and time settings. If the NTP feature is enabled, the STS Series will obtain the date and time information from the NTP server at each reboot. If the NTP server is set to 0.0.
6.8. Configuration Management The user may export the current configurations to a file at such locations as CF card, NFS server, user space or local machine and import the exported configurations as current configurations from CF card, NFS server, user space or local machine. The user may restore the factory default settings at any time by selecting “Factory default” at location property at the import part or by pushing the factory default reset switch on the back panel of the STS series.
To export the current configurations, follow this: 1. Select the location to export to. 2. Select the encrypting option 3. Type the file name. 4. Click the [Export] button. To import the exported configurations, follow this: 1. Select the location to import from. 2. Select the configurations to import. 3. Select the encrypting option. 4. Select the file to import from the file selection list box if location is neither local machine nor factory default. 5.
To upgrade firmware via a remote console: 1. Obtain the latest firmware. 2. Connect the terminal emulation program using either TELENT/SSH or a serial console port. (TELNET or SSH is recommended since the process of firmware upgrade by serial console requires extremely long time.) 3. Select from the firmware upgrade menu as shown Figure 6-10. 4. Follow the online directions and transfer the firmware binary file using the Zmodem protocol as shown in Figure 6-11. 5.
Figure 6-11 Transfer binary file by Zmodem (HyperTerminal) --->9 Do you want to upgrade firmware? (y/n): y Transfer firmware by zmodem using your terminal application. To escape, press Ctrl+X **B0ff000005b157 **B0ff000005b157 **B0ff000005b157 **B0ff000005b157 Firmware upgrade failed ! Now reboot ... Figure 6-12 Firmware upgrade failure message 6.10. User File Uploading User can upload his own file to the STS Series. But file uploading feature is only supported in console menu.
1. Prepare user file to be uploaded. 2. Connect the terminal emulation program using either TELNET/SSH or a serial console port. (TELNET or SSH is recommended since the process of firmware upgrade by serial console. Using a serial console port may take a long time.) 3. Select from the user file upload menu as shown Figure 6-13. 4. Follow the online directions and transfer the user file using the Zmodem protocol as shown in Figure 6-11. 5.
Do you want to upload a file to user space? (y/n): y Enter a filename: test.txt The file will be saved as /usr2/test.txt. Transfer a file by zmodem using your terminal application. To escape, press Ctrl+X. **B01ff000005b157 Uploading a file failed.
7. System Statistics The STS Series Web interface provides system statistics menus. The user can use the menus to access statistical data and tables stored in the STS Series memory. Network interfaces statistics and serial ports statistics display statistical usage of the link layer, lo, eth and serial ports. IP, ICMP, TCP and UDP statistics display usages of four primary components in the TCP/IP protocol suite. 7.1.
Figure 7-2 Serial ports status 7.3. IP Statistics The IP Statistics screen provides statistical information about packets/connections using an IP protocol. Definitions and descriptions of each parameter are described below: Forwarding : Specifies whether IP forwarding is enabled or disabled. DefaultTTL : Specifies the default initial time to live (TTL) for datagrams originating on a particular computer. InReceives : Shows the number of datagrams received.
InUnknownProtos : Specifies the number of locally addressed datagrams received successfully but discarded because of an unknown or unsupported protocol. InDiscard : Specifies the number of input IP datagrams for which no problems were encountered to prevent their continued processing, but which were discarded (for example, for lack of buffer space). This counter does not include any datagrams discarded while awaiting reassembly.
FragFails : Specifies the number of datagrams that need to be fragmented but couldn't be because the IP header specifies no fragmentation. For example, if the datagrams "Don't Fragment" flag was set, the datagram would not be fragmented. These datagrams are discarded. FragCreates : Specifies the number of fragments created. Figure 7-3 IP statistics 7.4. ICMP Statistics The ICMP Statistics screen provides statistical information about packets/connections using an ICMP protocol.
InTimeExcds, OutTimeExcds : Specifies the number of time-to-live (TTL) exceeded messages received or sent. A time-to-live exceeded message is sent to the originating computer when a datagram is discarded because the number of routers it has passed through exceeds its time-to-live value. InParmProbs, OutParmProbs : Specifies the number of parameter-problem messages received or sent.
InAddrMaskReps, OutAddrMaskReps : Specifies the number of address mask responses received or sent. A computer sends an address mask response in response to an address mask request. Figure 7-4 ICMP statistics 7.5. TCP Statistics The TCP Statistics screen provides statistical information about packets/connections using a TCP protocol. Definitions and descriptions of each parameter are described below: RtoAlgorithm : Specifies the retransmission time-out (RTO) algorithm in use.
RtoMax : Specifies the maximum retransmission time-out value in milliseconds. MaxConn : Specifies the maximum number of connections. If is the maximum number is set to -1, the maximum number of connections are dynamic. ActiveOpens : Specifies the number of active opens. In an active open, the client is initiating a connection with the server. PassiveOpens : Specifies the number of passive opens. In a passive open, the server is listening for a connection request from a client.
Figure 7-5 TCP statistics 7.6. UDP Statistics The UDP Statistics screen provides statistical information about packets/connections using a UDP protocol. Definitions and descriptions of each parameter are described below: InDatagrams : Specifies the number of datagrams received. NoPorts : Specifies the number of received datagrams that were discarded because the specified port was invalid. InErrors : Specifies the number of erroneous datagrams that were received.
8. CLI guide 8.1. Introduction The STS Series root or System Administrator (only admin account is added for this group user by factory default) can access the Linux console command line interface (CLI) of the STS Series via the serial console or TELENT/SSH. In the CLI, the authorized user can perform standard Linux commands to view the status of the STS Series, edit the configuration, apply configuration changes, define user scripts and transmit files between the STS Series and remote hosts.
8.3. Supported Linux Utilities 8.3.1. Shell & Shell Utilities: sh, ash, bash, echo, env, false, grep, more, sed, which, pwd 8.3.2. File And Disk Utils: ls, cp, mv, rm, mkdir, rmdir, ln, mknod, chmod, touch, sync, gunzip, gzip, zcat, tar, dd, df, du, find, cat, vi, tail, mkdosfs, mke2fs, e2fsck, fsck, mount, umount, scp 8.3.3.
8.5. Editing STS Series Configuration In CLI 8.5.1. Configuration File Save/Load Mechanism: 1) While booting, the STS Series uncompresses /cnf/cnf.tar.gz to /tmp/cnf/* and unmounts /cnf 2) When changing the configuration, the STS Series changes the contents of the files in /tmp/cnf 3) When the user saves the configuration, the STS Series mounts /cnf and compresses /tmp/cnf/* to /cnf/cnf.tar.gz (Web [Save to flash], or “saveconf” in CLI) 8.5.2.
8.7. File Transmission The users can use an ftp client for file transmission and use /usr2 directory for data read/write root@192.168.0.117:~# cd /usr2 root@192.168.0.117:/usr2# ftp 192.168.2.3 Connected to 192.168.2.3. 220 lxtoo.senalab.co.kr FTP server (Version wu-2.6.1-16) ready. Name (192.168.2.3:root): sena 331 Password required for sena. Password: 230 User sena logged in. Remote system type is UNIX. Using binary mode to transfer files. ftp> get test.tgz local: test.tgz remote: test.
Step 3 Edit usr2/rc.user script as follows: #!/bin/bash # # rc.user : Sample script file for running user programs at boot time # #PATH=/bin:/usr/bin:/sbin:/usr/sbin # Add shell command to execute from here # Add shell command to execute from here cp -a /usr2/inetd.conf /etc/inetd.conf ps -ef while killall inetd 2>/dev/null; do sleep 1; ps -ef done /usr/sbin/inetd ps -ef exit 0 The user may now disable the telnet service every time the system boots up. Example 2. Run iptables rule Step 1 Modify 'usr2/rc.
8.8.2. Periodical Program Execution User can use crontab to execute a specific program periodically. To enable periodical jobs using crontab, please complete following steps, Step 1 Create a crontab file on /usr2 directory. Following sample crontab file generates current_date file under /tmp directory and revises its contents every 2 minutes. SHELL=/bin/bash # Sample crontab job # Run every two minutes * * * * * echo `date` > /tmp/current_date Step 2 Register crontab file using following command.
9. User Customization Guide 9.1. Introduction The STS Series supports various ways of customization so that user can fit STS Series for his own purpose. The STS Series provides following types of user customization methods, - Periodical program execution - User defined web pages - Making and running user’s own code. 9.2. Periodical Program Execution User can use crontab to execute a specific program periodically.
9.3. User Defined Web Pages STS Series supports user defined web pages. User can set user-defined page as a first page which will be popped up after user login to Web UI. For more information about changing default web page, please refer to 3.9 Web Server Configuration section. Once default web page is changed to Customer page, Customer page will be popped up after user logs in to Web UI. To change contents of Customer page, user must modify index.html or default CGI program.
Appendix 1. Connections A 1.1. Ethernet Pinouts The STS Series uses the standard Ethernet connector that is shielded connector compliant with AT&T258 specifications. Table A-1 shows the pin assignment and wire color. Figure A-1 Pin layout of the RJ45 connector Table A-1 Pin assignment of the RJ45 connector for Ethernet Pin 1 2 3 4 5 6 7 8 Description Tx+ TxRx+ NC NC RxNC NC Color White with orange Orange White with green Blue White with blue Green White with brown Brown A 1.2.
A 1.3. Ethernet Wiring Diagram HelloDevice Remote Host Tx+(1) Tx-(2) Rx+(3) Rx-(6) Tx+(1) Tx-(2) Rx+(3) Rx-(6) Figure A-2 Ethernet direct connection using crossover Ethernet cable HelloDevice Hub Tx+(1) Tx-(2) Rx+(3) Rx-(6) Tx+(1) Tx-(2) Rx+(3) Rx-(6) Remote Host Tx+(1) Tx-(2) Rx+(3) Rx-(6) Tx+(1) Tx-(2) Rx+(3) Rx-(6) Figure A-3 Ethernet connection using straight through Ethernet cable A 1.4.
RJ45-DB25 female adapter Using RJ45 to DB25(Female) Cross-over Cable Description (RJ45) Internal Cable Color CTS DSR RXD GND DCD TXD DTR RTS RJ45 Pin No. DB25 Pin No. Description (DB25) 1 2 3 4 5 6 7 8 4 20 2 7 8 3 6 5 RTS DTR TXD GND DCD RXD DSR CTS Blue Orange Black Red Green Yellow Brown White RJ45-DB25 male adapter Using RJ45 to DB25(Male) Cross-over Cable Description (RJ45) Internal Cable Color CTS DSR RXD GND DCD TXD DTR RTS Blue Orange Black Red Green Yellow Brown White RJ45 Pin No.
Appendix 2. PC Card Supported By STS The following PC cards are supported by the STS Series series: Table A-3 Network card Manufacturer Model/Name STS probed Model name Specification 3COM 3CXE589ET-AP 3Com Megahertz 589E TP/BNC LAN PC Card 10 Mbps LAN card Linksys Linksys EtherFast 10/100 Integrated PC Card (PCM100) Linksys EtherFast 10/100 Integrated PC Card (PCM100) Ver 1.0 10/100 Mbps LAN card Corega FetherII PCC-TXD corega K.K.
Table A-6 Serial Modem Card Manufacturer Model/Name STS probed Model name Specification Billionton Systems Inc. FM56C series PCMCIA CARD 56KFaxModem FM56C-NFS 5.41 Ambient (Intel) V.90 FAX/MODEM PC Card Viking PC Card Modem 56K Viking V.90 K56flex 021 A MODEM PC Card KINGMAX KIT PCMCIA 56K Fax/Modem Card CIRRUS LOGIC 56K MODEM CL-MD56XX 5.41 V.90 FAX/MODEM PC Card TDK TDK DH6400 TDK DH6400 1.
Appendix 3. STS Configuration Files A 3.1. system.cnf # # system.cnf # # system configuration which exist only one place on this file. # # kind of IP configuration mode # 1 - static ip , 2 - dhcp , 3 - pppoe ipmode = 1 # system ip addres ipaddr = 192.168.161.5 # system subnet mask subnet = 255.255.0.0 # system gateway gateway = 192.168.1.
# By setting 'btelnet' to 1, you can use remote console. # Similarly by setting 'bweb' to 1, you can use remote console. # 0 means that protect any access. # 'enable_ip', 'enable_netmask' pair is a source rule specification for remote console filtering. # 'enable_webip', 'enable_webnetmask' pair is for web filtering. btelnet = 1 bweb = 1 enable_ip = 0.0.0.0 enable_netmask = 0.0.0.0 enable_webip = 0.0.0.0 enable_webnetmask = 0.0.0.
bweb_https = 1 web_refresh_rate = 10 # TCP configuration # 'keepalive_time' is a time before keep alive takes place. # 'keepalive_probes' is the number of allowed keep alive probes. # 'keepalive_intvl' is a time interval between keep alive probes. keepalive_time = 15 keepalive_probes = 3 keepalive_intvl = 5 # Ethernet configuration # 'ethernet_mode' is a ethernet mode.
all port configuration. # If you want to change the port data by changing all port configuration, set to 0. port = 0 benable = 0 bmanset = 0 port = 1 benable = 0 bmanset = 0 port = 2 benable = 0 bmanset = 0 port = 3 benable = 0 bmanset = 0 port = 4 benable = 0 bmanset = 0 port = 5 benable = 0 bmanset = 0 benable = 0 port = 6 bmanset = 0 benable = 0 port = 7 bmanset = 0 benable = 0 # As refered, maximum port (in case 8 port machine ,8) represents the # defaults values for all port configuration.
max_connection = 32 # 'remotehost' is a remote host list # (Primary IP address:port Secondary IP address:port) remotehost = 192.168.0.135:7000 192.168.0.135:7001 # 'cyclictime ' is a cyclic connection time in seconds cyclictime = 10 # 'inactivitytimeout' is a inactivity timeout in seconds.
# 'snmp_trap_receiver_community' is community of SNMP Trap # 'snmp_trap_receiver_version' is SNMP trap version # 0 = v1, 1 = v2c event_enable = 1 notification_interval = 0 bmail_handle = 1 mail_title = jungoj@sena.com mail_address = jung@sss.com bsnmp_handle = 1 snmp_title = khfgj snmp_trap_receiver_ip = 192.168.0.
Appendix 4. Well-known Port Numbers Port numbers are divided into three ranges: Well Known Ports, Registered Ports, and Dynamic and/or Private Ports. Well Known Ports are those from 0 through 1023. Registered Ports are those from 1024 through 49151. Dynamic and/or Private Ports are those from 49152 through 65535. Well Known Ports are assigned by IANA, and on most systems, can only be used by system processes or by programs executed by privileged users. Table A-7 shows some of the well-known port numbers.
Appendix 5. Guide To The Bootloader Menu Program A 5.1. Overview The bootloader menu provides a way to recover the STS Series unit using BOOTP/TFTP as a disaster recovery option and to diagnose the system hardware. If the user presses the key within 3 seconds after the STS Series unit is powered up, he will enter the bootloader menu program. From this menu program, the user can set various system parameters, test system hardware, and perform firmware upgrades. A 5.2.
-----> 1 Enter Current Date (mm/dd/yy) : 02/15/03 press the ENTER key to continue ----------------------------------------------------------------------------RTC configuration ----------------------------------------------------------------------------Select menu 1. Date(mm/dd/yy) : 02/15/03 2.
Select menu 0. Test Mode - One time 1. Auto test 2. DRAM test 3. FLASH test 4. LED test 5. EEPROM test 6. UART test 7. PC card test 8. Ethernet test Back, Refresh -----> 0 ----------------------------------------------------------------------------Hardware Test ----------------------------------------------------------------------------Select menu 0. Test Mode - Looping(without External test in Auto test) 1. Auto test 2. DRAM test 3. FLASH test 4. LED test 5. EEPROM test 6. UART test 7.
----------------------------------------------------------------------------Hardware Test ----------------------------------------------------------------------------Select menu 0. Test Mode - One time 1. Auto test 2. DRAM test 3. FLASH test 4. LED test 5. EEPROM test 6. UART test 7. PC card test 8.
[Ethernet] Ethernet chip test--------------------------------------------[SUCCESS] PING 192.168.0.135 from 192.168.161.5 : 64 bytes of ethernet packet. 64 bytes from 192.168.0.135 : seq=0 ttl=255 timestamp=11172879 (ms) 64 bytes from 192.168.0.135 : seq=1 ttl=255 timestamp=11173874 (ms) 64 bytes from 192.168.0.135 : seq=2 ttl=255 timestamp=11174875 (ms) 64 bytes from 192.168.0.135 : seq=3 ttl=255 timestamp=11175876 (ms) ******* Hardware auto-detect and auto-test SUMMARY ******* 1.
A 5.5. Firmware Upgrade Menu By using the ‘Firmware upgrade’ menu, the user can upgrade the firmware of the unit. Before firmware upgrade, the user can check the current firmware version by selecting menu item 3 from the Main menu page. The firmware upgrade menu program supports two protocols for remote firmware download: BOOTP and TFTP. The default protocol is BOOTP for DHCP environments. If the user selects TFTP, he must also set the IP address for the unit properly.
5. Start firmware upgrade -----> 5 Firmware upgrade cannot be stopped until finished. And all configuration parameters are restored to default values. Do you really want to start firmware upgrade(y/n)?y BOOTP broadcast 1 ARP broadcast 1 TFTP from server 192.168.0.128; our IP address is 192.168.161.5 Filename 'sts800.bin'.
Appendix 6. Using STS Series With Serial/IP A 6.1. STS Series vs. Serial/IP Options Table A-8 STS Series vs.
Series with “Negotiate SSLv3/TSLv1” option. A 6.2. Connection Example - Telnet And SSLv3 Encryption Step 1. Set host mode of serial port #1 of STS Series as follows, Host mode = TCP, TCP listening port = 7001, Telnet protocol = Enabled Figure A-11 Host mode configuration Step 2. Set Cryptography configuration of serial port #1 of STS Series as follows, Encryption method = SSLv3 Leave all other options as factory default.
Figure A-12 Cryptography configuration Step 3. Open Serial/IP Control Panel and check the COM port you want to use to communicate with serial port #1 of STS Series by pressing “Select Ports” button.
Step 4. Enter IP address of Server(IP address of STS Series) and Port number (port number of serial port #1) correctly and then select other parameters as follows. Credentials = No Login Required, Connection Protocol = Telnet, Security = SSL Version 3 (SSLv3) Figure A-14 Set parameters on Serial/IP Control Panel Step 5. Open the terminal emulation program and select the corresponding COM port.
Figure A-15 Connect to serial port of STS series via Serial/IP Step 6. User can monitor or trace the connection status using Serial/IP Port Monitor or Trace window.
Appendix 7. How To Make A Certificate For SSL Encryption A 7.1. Install The OpenSSL Package Step 1. Download the latest OpenSSL package. (http://www.openssl.org) Step 2. Install the OpenSSL package. Download OpenSSL for Windows binary file and run it. (http://www.slproweb.com/products/Win32OpenSSL.html) Download OpenSSL source code and compile it. # cd /work/ # tar –xvzf openssl-0.9.7d.tar.gz # cd openssl-0.9.7d # ./config # make # make test # make install A 7.2.
# we can do this but it is not needed normally :-) #1.organizationName = Second Organization Name (eg, company) #1.
Step 3. Check whether CA key file(demoCA/private/cakey.pem) and CA certificate (demoCA/cacert.pem) is generated # ls demoCA/ cacert.pem certs crl index.txt private serial newcerts # ls demoCA/private cakey.pem A 7.3. Making A Certificate Request To make new certificates, you should make a certificate request first. # cd /work/openssl-0.9.7c/CA Run following commands, # openssl genrsa -out key.pem 1024 # openssl req -new -key key.pem -out req.
Using configuration from /usr/share/ssl/openssl.
Signature Algorithm: md5WithRSAEncryption Issuer: C=KR, ST=, L=Seoul, O=Sena Technologies Inc., CN= Sena Technologies Validity Not Before: Oct 6 09:39:59 2003 GMT Not After : Oct 6 09:39:59 2013 GMT Subject: C=US, ST=Minnesota, L=Minneapolis, O=Digi International, CN=Digi PortServer CM Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) .... == Removing above lines === -----BEGIN CERTIFICATE----.... -----END CERTIFICATE----- Step 2. Concatenating key.pem file to server.
Appendix 8. Warranty A 8.1. GENERAL WARRANTY POLICY Sena Technologies, Inc. (hereinafter referred to as SENA) warrants that the Product shall conform to and perform in accordance with published technical specifications and the accompanying written materials, and shall be free of defects in materials and workmanship, for the period of time herein indicated, such warranty period commencing upon receipt of the Product.
A 8.3. HARDWARE PRODUCT WARRANTY DETAILS WARRANTY PERIOD: SENA warranties embedded hardware Product for a period of one (1) year, and external hardware Product for a period of three (3) or five (5) years according to the Product type. WARRANTY PROCEDURE: Upon return of the hardware Product SENA will, at its option, repair or replace Product at no additional charge, freight prepaid, except as set forth below.
