Comtrol DeviceMaster LT User Manual

Download

Page 1

User Guide

Page 2

TrademarkNotices

Comtrol,NS‐Link,andDeviceMasteraretrademarksofComtrolCorporation.

MicrosoftandWindowsareregisteredtrademarksofMicrosoftCorporation.

HyperTerminalisaregisteredtrademarkofHilgraeve,Inc.

PortionsofSocketServerarecopyrightedbyGoAheadSoftware,Inc.Copyright©2001.GoAheadSoftware,Inc.All RightsReserved.

Otherproductnamesmentionedhereinmaybetrademarksand/orregisteredtrademarksoftheirrespectiveowners.

SecondEdition,July 18,2014 Copyright ©2014.ComtrolCorporation.All RightsReserved.

ComtrolCorporationmakesnorepresentationsorwarrantieswithregardtothecontentsofthisdocumentortothe suitabilityoftheComtrolproductforanyparticularpurpose.Specificationssubjecttochangewithoutnotice.Some softwareorfeaturesmaynotbeavailableatthetimeofpublication.Contactyourresellerforcurrentproduct information.

Document Number: 2000586 Rev. B

Page 3

Introduction ............................................................................................................................7

DeviceMaster LT Port Usage ...................................................................................................................... 7

Installation Overview ................................................................................................................................... 7

NS-Link COM Port Driver Installation Overview .................................................................................... 8

NS-Link tty Port Installation Overview.................................................................................................... 8

TCP/IP Socket Port Installation Overview................................................................................................ 9

Locating Software and Documentation ................................................................................................... 9

Hardware Installation.........................................................................................................11

Initial Configuration ...........................................................................................................13

PortVision DX Overview ............................................................................................................................ 13

PortVision DX Requirements.................................................................................................................... 14

Configuring Security Settings and PortVision DX .............................................................................. 14

Installing PortVision DX............................................................................................................................ 15

Configuring the Network Settings .......................................................................................................... 18

Checking the SocketServer Version ....................................................................................................... 22

Uploading SocketServer with PortVision DX .......................................................................................24

Customizing PortVision DX ...................................................................................................................... 26

Accessing DeviceMaster LT Documentation from PortVision DX................................................... 27

How to Download Documentation ........................................................................................................... 27

How to Open Previously Downloaded Documents .................................................................................. 28

Device Driver (NS-Link) Installation ..............................................................................29

Overview........................................................................................................................................................ 29

Before Installing the NS-Link Driver...................................................................................................... 29

Linux Installations ...................................................................................................................................... 30

Windows Installations ................................................................................................................................ 31

Supported Operating Systems ................................................................................................................. 31

Installation Overview for Windows ......................................................................................................... 31

NS-Link for Windows Installation ........................................................................................................... 31

Configuring the NS-Link Driver for Windows......................................................................................35

Configuring COM Port Properties for Windows .................................................................................. 38

Enabling Secure Data Mode...................................................................................................................... 39

Socket Port Configuration .................................................................................................41

SocketServer Overview.............................................................................................................................. 41

Web Page Help System............................................................................................................................. 41

SocketServer Architecture ....................................................................................................................... 42

Accessing Socket Configuration .............................................................................................................. 43

Web Browser ............................................................................................................................................. 43

PortVision DX ........................................................................................................................................... 43

SocketServer Versions ............................................................................................................................... 44

DeviceMaster LT User Guide: 2000586 Rev. B

Table of Contents - 3

Page 4

Table of Contents

DeviceMaster LT Security..................................................................................................45

Understanding Security Methods and Terminology........................................................................... 45

TCP and UDP Socket Ports Used by the DeviceMaster LT ............................................................... 50

DeviceMaster LT Security Features ....................................................................................................... 51

Security Modes.......................................................................................................................................... 51

Secure Data Mode and Secure Config Mode Comparison ...................................................................... 52

Security Comparison ................................................................................................................................ 52

SSH Server................................................................................................................................................ 53

SSL Overview............................................................................................................................................ 53

SSL Authentication .................................................................................................................................. 53

Server Authentication........................................................................................................................ 53

Client Authentication ......................................................................................................................... 54

Certificates and Keys ......................................................................................................................... 54

SSL Performance ...................................................................................................................................... 56

SSL Cipher Suites..................................................................................................................................... 56

DeviceMaster LT Supported Cipher Suites ............................................................................................ 57

SSL Resources .................................................................................................................................... 57

Configure/Enable Security Features Overview ................................................................................... 58

Example 1.................................................................................................................................................. 60

Example 2.................................................................................................................................................. 60

Example 3.................................................................................................................................................. 61

Key and Certificate Management ............................................................................................................ 61

Using a Web Browser to Set Security Features....................................................................................63

Changing Security Configuration ............................................................................................................ 63

Changing Keys and Certificates .............................................................................................................. 64

Connecting Serial Devices .................................................................................................65

RJ45 Null-Modem Cables (RS-232) .......................................................................................................... 66

RJ45 Null-Modem Cables (RS-422) .......................................................................................................... 66

RJ45 Straight-Through Cables (RS-232/485) ......................................................................................... 66

RJ45 Loopback Plugs.................................................................................................................................. 67

RJ45 RS-485 Test Cable .............................................................................................................................. 67

Connecting RJ45 Devices .......................................................................................................................... 67

Managing the DeviceMaster LT........................................................................................69

Rebooting the DeviceMaster LT............................................................................................................... 69

Updating Firmware Across WANs (Windows) ...................................................................................... 70

Uploading SocketServer to Multiple DeviceMaster LTs .................................................................... 74

Configuring Multiple DeviceMaster LTs Network Addresses .......................................................... 75

Adding a New Device in PortVision DX ................................................................................................. 75

Remote Using the IP Address .................................................................................................................. 75

Local Using the IP Address or MAC Address ......................................................................................... 76

Using SocketServer Configuration Files ............................................................................................... 77

Saving a SocketServer Configuration File .............................................................................................. 77

Loading a SocketServer Configuration File ............................................................................................ 77

Using Driver Configuration Files ............................................................................................................ 79

Saving Driver Configuration Files........................................................................................................... 79

Saving Device-Level Configuration ................................................................................................... 79

Saving Port-Level Configuration....................................................................................................... 80

Loading Driver Configuration Files......................................................................................................... 81

Loading Device Configuration ........................................................................................................... 81

Loading Port Configuration ............................................................................................................... 82

Changing the Bootloader Timeout .......................................................................................................... 84

4 - Table of Contents

DeviceMaster LT User Guide: 2000586 Rev. B

Page 5

Table of Contents

Managing Bootloader ................................................................................................................................. 85

Checking the Bootloader Version............................................................................................................. 85

Uploading Bootloader ............................................................................................................................... 85

Checking the NS-Link Version ................................................................................................................. 87

Restoring Serial Port Settings.................................................................................................................. 88

NS-Link COM Port ................................................................................................................................... 88

Socket Port ................................................................................................................................................ 88

Accessing SocketServer Commands in Telnet/SSH Sessions (PortVision DX) ............................. 90

Telnet Session ........................................................................................................................................... 90

SSH Session .............................................................................................................................................. 92

Accessing RedBoot Commands in Telnet/SSH Sessions (PortVision DX) ...................................... 94

RedBoot Procedures............................................................................................................99

Accessing RedBoot Overview ................................................................................................................... 99

Establishing a Serial Connection .......................................................................................................... 100

Establishing a Telnet Connection.......................................................................................................... 101

Determining the Network Settings ....................................................................................................... 102

Configuring the Network Settings ........................................................................................................ 102

Changing the Bootloader Timeout ........................................................................................................ 103

Determining the Bootloader Version.................................................................................................... 103

Resetting the DeviceMaster LT .............................................................................................................. 104

Uploading Firmware - Telnet Method (Linux) ................................................................................... 104

Setting Up a TFTP Server in Linux ...................................................................................................... 104

Uploading the Firmware ........................................................................................................................ 105

Configuring Passwords ............................................................................................................................ 106

RedBoot Command Overview................................................................................................................. 107

Hardware Specifications ..................................................................................................109

Locating DeviceMaster LT Specifications ........................................................................................... 109

External Power Supply Specifications................................................................................................. 109

Notices.......................................................................................................................................................... 110

Radio Frequency Interference (RFI) (FCC 15.105) ............................................................................... 110

Labeling Requirements (FCC 15.19) ..................................................................................................... 110

Modifications (FCC 15.21)...................................................................................................................... 110

Serial Cables (FCC 15.27) ...................................................................................................................... 110

Underwriters Laboratory ....................................................................................................................... 110

Important Safety Information................................................................................................................ 110

Troubleshooting and Technical Support......................................................................111

Troubleshooting Checklist ..................................................................................................................... 111

General Troubleshooting......................................................................................................................... 113

Testing Ports Using Port Monitor (PMon2) ........................................................................................115

Overview ................................................................................................................................................. 115

Testing Comtrol COM Ports................................................................................................................... 115

Testing Ports Using Test Terminal ....................................................................................................... 118

Overview ................................................................................................................................................. 118

Opening Ports ......................................................................................................................................... 119

Sending and Receiving Test Data (RS-232/422/485: 4-Wire) ............................................................... 119

Loopback Test (RS-232).......................................................................................................................... 120

Sending and Receiving Data (RS-485: 2-Wire) .....................................................................................121

Socket Mode Serial Port Testing ........................................................................................................... 124

DeviceMaster LT User Guide: 2000586 Rev. B

Table of Contents - 5

Page 6

Table of Contents

DeviceMaster LT LEDs............................................................................................................................. 129

TX/RX LEDs............................................................................................................................................ 129

Network and Device LEDs ..................................................................................................................... 130

Removing DeviceMaster LT Security Features.................................................................................. 131

Serial Connection Method ...................................................................................................................... 131

Returning the DeviceMaster LT to Factory Defaults ....................................................................... 133

Clearing the Flash .................................................................................................................................. 134

Clearing EEPROM.................................................................................................................................. 134

Telnet Access .................................................................................................................................... 134

Serial Port Access............................................................................................................................. 135

Web Server Access............................................................................................................................ 135

Technical Support ..................................................................................................................................... 136

6 - Table of Contents

DeviceMaster LT User Guide: 2000586 Rev. B

Page 7

Introduction

This section discusses the following topics:

•

DeviceMaster LT Port Usage (below)

•

Installation Overview on Page 7

NS-Link COM Port Driver Installation Overview on Page 8

NS-Link tty Port Installation Overview on Page 8

TCP/IP Socket Port Installation Overview on Page 9

•

Locating Software and Documentation on Page 9

DeviceMaster LT Port Usage

DeviceMaster LT serial ports can be configured for many environments, which include the following:

• COM port (or secure stalled

• tty ports w

• Soc

ket ports when SocketServer or the NS-Link web page is configured

dingly

accor

COM ports) when the NS-Link driver for Windows is

hen the NS-Link driver for Linux is installed

Installation Overview

DeviceMaster LT installation and configuration follows these steps:

1. Hardware installation.

2. Install PortVision DX.

3. Program the IP address.

4. If necessary, update SocketServer.

Power up the DeviceMaster LT. Technical Support suggests installing one

viceMaster LT at a time to avoid configuration problems using

Installation on Page 11.

Comtrol recommends connecting the DeviceMaster LT to a PC or laptop running Windows and that you install PortVision DX for easy IP address

iguration and firmware updates. See

conf 14 and refer to Installing PortVision DX on Page 15 to install PortVision DX.

See Configuring the Network Settings on Page 18 for detailed configuration procedures.

Note: Technical Supports recommends that you update to the latest version of

SocketServer before installi socket ports.

a. Check the SocketServer version using

on Page 22 to determine the version on the DeviceMaster LT.

b. If necessary, update Soc

PortVision DX on Page 24.

Note: In

rare cases, you may need to update Bootloader to support a new

ng any NS-Link device driver or configuring

ketServer. See Uploading SocketServer with

PortVision DX Requirements on Page

Checking the SocketServer Version

Hardware

DeviceMaster LT User Guide: 2000586 Rev. B

Introduction - 7

Page 8

NS-Link COM Port Driver Installation Overview

feature. Notice will posted with SocketServer or the NS-Link device driver.

5. Go to the appropriate overview or o

• NS-Link COM ports (or secure COM ports) - NS-Link COM Port Driver

Installation Overview on Page 8

• NS-Link tty ports - NS-Link tty Port Installation Overview on Page 8

• TCP/IP socket ports - TCP/IP Socket Port Installation Overview on Page 9

verviews for your installation:

NS-Link COM Port Dri

ver Installation

Overview

Use the following overview, which are discussed in detail in the subsequent sections, to install and configure the DeviceMaster LT to run the NS-Link device driver for Windows

operating systems..

1. After connecting the DeviceMaster LT, programming the IP address with

ortVision DX, and uploading the latest version of SocketServer, you are

P ready to install the driver.

2. Install the NS-Link device driver.

See

Windows Installations on Page 31 for an installation overview of the NS-

Link driver for Windows operating systems.

For detailed installation and configuration information, see the DeviceMas

NS-Link Device Dr

ftp site at:

Note: Al

ftp://ftp.comtrol.com/dev_mstr/lt/drivers/win7/sw_doc.

though the ftp link displays win7 in the path, the driver supports

iver User Guide on the CD or download the latest from

ter

the

multiple Windows operating systems (Page 14).

3. Configure the COM ports using the Comtrol Drivers Management Console. See

iguring the NS-Link Driver for Windows

Conf

on Page 35, which provides an

overview of COM port configuration.

4. Configure device properties, you can refer to Configuring COM

Port Properties

for Windows on Page 38.

5. Optionally, you may need to configure one or more ports for socket mode.

Socket P

ort Configuration

on Page 41 for information about configuring socket

See

ports using the Server Configuration web page.

6. Connect the serial devices to the DeviceMaster LT. Refer to Co

nnecting Serial

Devices on Page 65 for cabling and connector information.

NS-Link tty Port Installation Overview

8 - Introduction

Use the following steps, which are discussed in detail in the subsequent sections, to install and configure the DeviceMaster LT to run the NS-Link device driver for Linux operating systems.

1. After connecting the DeviceMaster L

T, programming the IP address, and uploading the latest version of SocketServer, you are ready to install the driver.

2. Locate and unpackage the driver assembly. You can use the CD to access the ftp site or

this address: ftp://ftp.comtrol.com/dev_mstr/lt/drivers/linux/

locate the latest version of NS-Link Linux device driver.

Refer to the readme file packaged with the Linux driver assembly for driver installation and configuration procedures for the tty port.

3. Optionally, you may need to configure one or more ports for socket mode. See

Socket P

ort Configuration

on Page 41 for information about configuring socket

ports using the web interface (SocketServer/NS-Link).

4. Connect the serial devices to the DeviceMaster LT. Refer to Co

nnecting Serial

Devices on Page 65 for cabling and connector information.

DeviceMaster LT User Guide: 2000586 Rev. B

Page 9

TCP/IP Socket Port Installation Overview

Use the following steps, which are discussed in detail in the subsequent sections, to configure DeviceMaster LT socket ports.

1. After connecting the DeviceMaster LT, programming the IP address, and u

ploading the latest version of SocketServer, you are ready to configure ort or serial tunneling.

2. Configure the serial socket ports using

ter the IP address in a web browser and use the SocketServer web pages.

You can refer to the SocketServer help system or Page 41 for information for configuration procedures.

3. Connect the serial devices to the DeviceMaster LT. Refer to Connecting Serial

Devices on Page 65 for cabling and connector information.

Locating Software and Documentation

You can access the appropriate software assembly, PortVision DX, and DeviceMaster LT documentation from the Comtrol ftp site using any of these methods:

• Comtrol Software and Documentation CD provides links to the latest files.

• PortVision DX features a Do and later access documentation from within PortVision DX. See

DeviceMaster LT Documentation from PortVision DX on Page 27 for more

information.

• Check for and download the latest files using the links in the following table.

Note: Depending

Security Warning popup.

on your Windows operating system you may need to respond to a

socket

the PortVision DX property pages or

Socket Port Configuration on

shipped with the DeviceMaster LT

cumentation option that you can use to download

Accessing

DeviceMaster LT User Guide: 2000586 Rev. B

Introduction - 9

Page 10

Locating Software and Documentation

If you are not sure what files are required for your installation, each Installation

Overview subsection also provides links to the required files in this Guide.

Software Description/Documentation File

PortVision DX

Application

Configuration

SocketServer

Linux

Windows 8 Windows Server 2012 Windows 7 Windows Server 2008 Windows Vista

Device Driver

Windows Server 2003 Windows XP

Bootloader

Install on a Windows

host to configure the IP address and upload SocketServer on the DeviceMaster LT.

This is the firmware that comes preinstalled on your DeviceMaster LT platform.

You may need to upload the latest version of SocketServer before installing and configuring drivers or configuring sockets.

Note: May sure that you download

SocketServer for the DeviceMaster LT (link at right). Other DeviceMaster models use a unique version of SocketServer.

Install if you want tty ports. Refer to the Readme file compressed in the Linux driver assembly for driver configuration procedures.

Install if you want COM ports.

Refer to the DeviceMaster Device Driver

(NS-Link) User Guide. for detailed

information.

The operating system that runs on the DeviceMaster LT hardware during the power on phase, which then loads SocketServer.

Only update the Bootloader on your DeviceMaster LT if advised by Technical Support or the ftp site when checking for the latest SocketServer or device driver version.

Note: May sure that you download

Bootloader for the DeviceMaster LT (link at right). Other DeviceMaster models use a unique version of Bootloader.

10 - Introduction

Any

This

Guide

You can check for the latest version of this Guide.

DeviceMaster LT User Guide: 2000586 Rev. B

Page 11

Hardware Installation

Caution

Use the following procedure to install the DeviceMaster LT 16-port with an external power supply.

1. Record the MAC address and serial number the customer service label provided.

You may need the MAC address during driver configuration. The serial n

umber and MAC address (starts with 00 C0 4E) are located on a label on the

DeviceMaster LT.

Note: Do not connect

2. Place the DeviceMaster LT on a stable surface.

3. Connect the DeviceMaster LT to the ho

Do not connect RS-422/485 devices until the a t

4. Apply power to the DeviceMaster LT by connecting the AC the DeviceMaster LT, the power cord to the power adapter, and plugging the power cord Page 109 if you want to provide your own power supply.

5. Verify that the ST connection for the DeviceMaster LT is functioning properly.

Note: The RX/TX LE

• ST

• Ethernet LEDs - The green LED indicates

6. Go to configure the DeviceMaster LT for use.

address, see Initial Configuration on Page 13.

st PC using either port labeled 10/100 using a standard Ethernet cable.

ype has been configured. The default port setting is RS-232.

into a power source. See

AT (Status LED) - If the Status LED on the DeviceMaster LT is lit, it

dicates the DeviceMaster LT has power and it has completed the b

in cycle.

The ST for the Bootloader to complete the cycle. When the Bootloader completes the cycle, the LED has a solid, steady light that blinks approximately ev 10 se

and the yellow LED indicates activit

AT LED flashes while booting and it takes approximately 15 seconds

conds.

Initial Configuration on Page 13 for default network settings and how to

multiple units until you have changed the default IP

same Ethernet network segment as the

External Power Supply Specifications on

AT LED has completed the boot cycle and network

Ds cycle during a reboot.

of the DeviceMaster LT unit on

ppropriate port interface

power adapter to

that a link has been established

oot

ery

DeviceMaster LT User Guide: 2000586 Rev. B

Hardware Installation - 11

Page 12

Hardware Installation

12 - Hardware Installation

DeviceMaster LT User Guide: 2000586 Rev. B

Page 13

Initial Configuration

There are several ways to configure network information. Comtrol Technical Support recommends connecting the DeviceMaster LT to a PC or laptop running Windows and installing PortVision DX for initial configuration.

Optionally, you can use RedBoot to configure the network address and upload SocketServer, see RedBoot Procedures

This section shows how to use PortVision DX for initial DeviceMaster LT configuration. It also defines requirements and how configuring DeviceMaster LT security affects PortVision DX and shows you how to:

• Install PortVision DX

• Configure the network address (Page 18

• Check the SocketServer version on the DeviceMaster LT (Page 22

• If necessary, download the latest version SocketServer and upload it into De

viceMaster LT (Page 24

• Organize how PortVision DX displays your Comtrol Ethernet attached products

• Access the latest documentation for your Comtrol Ethernet attach

)

on Page 99.

)

the

ed product

PortVision DX Overview

PortVision DX automatically detects Comtrol Ethernet attached products physically attached to the local network segment so that you can configure the network address, upload firmware, and manage the following products:

• DeviceMaster family

- DeviceMaster PRO

- DeviceMaster RTS

- DeviceMaster Serial Hub

- DeviceMaster UP

- DeviceMaster 500

• DeviceMaster LT

•I

• RocketLinx switches

In addition to identifying Comtrol Ethernet attached products, you can use PortVision DX to display any third-party switch and hardware that may be connected directly to those devices. All non-Comtrol products and unmanaged RocketLinx switches are treated as non-intelligent devices and have limited feature support. For example, you cannot configure or update firmware on a thirdparty switch.

O-Link Master

DeviceMaster LT User Guide: 2000586 Rev. B

Initial Configuration - 13

Page 14

PortVision DX Requirements

Use PortVision DX to identify, configure, update, and manage the DeviceMaster LT on the following Windows operating systems:

•Windows 8.1

•Windows 8

• Windows Server 2012

•Windows 7

• Windows Server 2008

•Windows Vista

• Windows Server 2003

•Windows XP

PortVision DX requires that you connect the Comtrol Ethernet attached product to the same network segment as the Windows host system if you want to be able to scan and locate it automatically during the configuration process.

Configuring Security Settings and PortVision DX

The following list provides basic PortVision DX operations that are affected how the DeviceMaster LT interacts with PortVision DX when security is enabled using the web interface (SocketServer/NS-Link).

• PortVision DX must scan the DeviceMaster LT before configuring security.

• PortVision DX locates the DeviceMaster LT before setting either Secure

Mode or Secur

e Config Mode.

Data

• If PortVision DX discovers the DeviceMaster LT after setting security, the following conditions occur:

- A lock symbol displays before the Device Name.

- The IP address of the DeviceMaster LT does not display.

-The Software Settings and

Web Interface tabs are not present in the

Properties page.

- The IP mode displays as DHCP without the ability to

-The Uplo

Note: If

options are disable

the DeviceMaster LT was previously configured with security, PortVision

ad and Reboot icons on the Launch Bar are grayed out and the

d in the popup menus.

modify.

DX features are reduced.

14 - Initial Configuration

DeviceMaster LT User Guide: 2000586 Rev. B

Page 15

Installing PortVision DX

During initial configuration, PortVision DX automatically detects and identifies DeviceMaster LT units, if they are in the same network segment.

Use the Software and Documentation CD that came with the DeviceMaster LT to check for the latest version of PortVision DX or use the link below to download the latest version.

1. Locate PortVision DX using one of the following methods to download th latest version:

• Software and Documentation CD: You can use the CD menu system

• FTP site subdirectory:

Note: Depending on your operating system, you may need to respond to a

2. Execute the PortVision_DX[version].msi file.

3. Click Next on the Welcome screen.

Installing PortVision DX

eck the version on the CD against the latest released version.

ftp://ftp.comtrol.com/dev_mstr/portvision_dx

Security Warning to permit access.

4. Click I accept the terms in the License Agreement and Next

DeviceMaster LT User Guide: 2000586 Rev. B

Initial Configuration - 15

Page 16

Installing PortVision DX

5. Click Next or optionally, browse to a different location and then click Next.

Click Next to configure the shortcuts.

16 - Initial Configuration

7. Click Install

DeviceMaster LT User Guide: 2000586 Rev. B

Page 17

Installing PortVision DX

You can save time if you only scan for DeviceMasters.

8. Depending on the operating system, you may need to click Ye s to the Do you

nt to allow the following program to install software on this computer?

query.

9. Click Launch PortVision DX and Finish in the last installation screen.

10. Depending on the operating system, you may need to click Ye s to the Do yo

nt to allow the following program to make changes to this computer? query.

11. Select the Comtrol Ethernet attached products that you want to locate and then click Scan.

Note: If the Comtrol Ethernet attached product is not on the local segment and

it has been programmed with an IP address, it will be necessary to manually add the Comtrol Ethernet attached product to PortVision DX.

12. Go to Step 6

in the next section, Configuring the Network Settings, to program

the DeviceMaster LT network settings.

If you need additional information about PortVision DX, refer to the Help system.

DeviceMaster LT User Guide: 2000586 Rev. B

Initial Configuration - 17

Page 18

Configuring the Network Settings

Default Network Settings

IP address:

192.168.250.250

Subnet mask:

255.255.0.0

Gateway address:

192.168.250.1

Note: If you do not have any RocketLinx managed switches or IO-Link

Masters, it saves scanning time if you do not scan for them.

Configuring the Network Settings

Use the following procedure to change the default network settings on the DeviceMaster LT for your network.

Note: Technical Support advises configuring one new DeviceMaster LT at a time

to avoid device driver configuration problems. If you want to configure multiple DeviceMaster LTs using the Assign IP to Multiple Devices option, see

Configuring Multiple DeviceMaster LTs Network Addresses

The following procedure shows how to configure a single DeviceMaster LT connected to the same network segment as the Windows system. If the DeviceMaster LT is not on the same physical segment, you can add it manually using Adding a New Device

1. If you have not done so, install PortVision DX (Installing PortVision DX Page 15).

2. Start PortVision DX using the PortVision DX desktop shortcut or from the Start button, click All Programs > Comtrol > PortVision DX > PortVision DX.

3. Depending on your operating system, you may need to click Ye s to the Do

nt to allow the following program to make changes to this computer? query.

4. Click the Scan button in the Toolbar.

5. Click Scan to locate the Comtrol Ethernet attached products including th Dev

iceMaster LT on the network.

on Page 75.

in PortVision DX on Page 75.

you

18 - Initial Configuration

DeviceMaster LT User Guide: 2000586 Rev. B

Page 19

Configuring the Network Settings

6. Highlight the DeviceMaster LT for which you want to program network

nformation and open the Properties screen using one of these methods.

• Double-click the DeviceMaster LT in the Device Tree or Device List pane.

• Highlight the DeviceMaster LT in the Device Tree or Device List pane and

click the Properties button.

• Right-click the DeviceMaster LT in the Device Tree or Device List pane and

click Properties in the popup menu

• Highlight the DeviceMaster LT, click the Manage menu and then Properties.

DeviceMaster LT User Guide: 2000586 Rev. B

Initial Configuration - 19

Page 20

Configuring the Network Settings

7. Optionally, rename the DeviceMaster LT in the Device Name field.

Note: The MAC address and Device Status fields are automatically populated and

you cannot change those values.

8. If necessary, you can change the Detection Type

• REMO

TE means that the DeviceMaster LT is not connected to this segment

of the network and it uses IP communications, not MAC communications.

• LOCAL means that the DeviceMaster LT is on this local network segmen

and uses Technical support recomm

MAC communications. An IP address is not required

ends using an IP address.

9. Change the DeviceMaster LT network properties as required for your site

•

If you want to disable IP communications on the DeviceMaster LT,

but

click

Disable IP.

•

To use the DeviceMaster LT with DHCP, click DHCP IP, and make su t

hat you provide the MAC address of the device to the network

administrator. Make sure that the administrator reserves the IP address, subnet mask and gateway address of the DeviceMaster LT in the DH serve

• To program a static IP address, click Static IP and

lues for your site.

enter the appropriate

Note: For additional information, open the PortVision DX Help system.

10. Typically, the Bootloader Timeout value should be left to it’s default value. In some situations, you may need to temporarily adjust the Bootloader Timeout to a higher value during a firmware update.

20 - Initial Configuration

DeviceMaster LT User Guide: 2000586 Rev. B

Page 21

Configuring the Network Settings

11. Click Apply Changes to update the network information on the DeviceMaster

Note: If you are deploying multiple DeviceMaster LTs that share

alues, you can save the configuration file and load that configuration

v onto other DeviceMaster LTs. See Using

SocketServer Configuration

common

Files on Page 77 for more information.

12. Click Close to exit the Properties window.

13. Go to Checking the SocketServer Version

ion. You should update SocketServer firmware before any further

vers

on Page 22 to check the SocketServer

configuration.

DeviceMaster LT User Guide: 2000586 Rev. B

Initial Configuration - 21

Page 22

Checking the SocketServer Version

SocketServer refers to the web page that is integrated in the firmware that comes

pre-installed on your DeviceMaster LT platform, which provides an interface to TCP/IP socket mode configuration and services. If you install an NS-Link device driver, an NS-Link version of SocketServer loads on the DeviceMaster LT.

Note: Technical Support recommends that you update to the latest version of

SocketServer before installing an NS-Link device driver or configuring socket ports.

Use the following procedure to check the SocketServer version on the DeviceMaster LT and check the ftp site for the latest version.

1. If necessary, open PortVision DX > Start/Programs > Comtrol > PortVision DX

ortVision DX or use the desktop shortcut and scan the network.

2. Check the SocketServer version number of the Software Version for the DeviceMaster LT.

22 - Initial Configuration

DeviceMaster LT User Guide: 2000586 Rev. B

Page 23

Checking the SocketServer Version

3. Check the Comtrol ftp site to see if a later version is available by accessing the ftp subdirectory that contains the latest version of SocketServer: ftp://

ftp.comtrol.com/dev_mstr/LT/software/socketserver.

4. If the version on the web site is later than the version on the DeviceMaster LT do

wnload the file, and then go to Uploading SocketServer with PortVision DX

on Page 24.

If the SocketServer version on the DeviceMaster LT to

continue the installation and configuration process.

is current, you are ready

DeviceMaster LT User Guide: 2000586 Rev. B

Initial Configuration - 23

Page 24

Uploading SocketServer with PortVision DX

Use this section to upload a newer version of SocketServer on the DeviceMaster LT using PortVision DX. Technical Support recommends updating SocketServer before any further configuration to avoid configuration problems.

You can use this procedure if your DeviceMaster LT is connected to the host PC, laptop, or if the DeviceMaster LT resides on the local network segment.

If the DeviceMaster LT is on the other side of several switches, a router, or wireless, go to Updating Firmware Across WANs (Windows) provides more reliable uploads.

1. Make sure that you have downloaded the latest SocketServer version from:

ftp://ftp.comtrol.com/dev_mstr/rts/software/socketserver

2. If necessary, open PortVision DX > Start/Programs > Comtrol > PortVision DX

ortVision DX or use the desktop shortcut.

3. Right-click the DeviceMaster LT or DeviceMaster LTs for which you wa

pdate, click Advanced > Upload Firmware, browse to the SocketServer .bin file,

u and then click Open.

on Page 70, which

nt to

24 - Initial Configuration

If the Detection Type is set to REMOTE, you may want to change it to LOCAL. The DeviceMaster LT Status on a DeviceMaster LT that is set to REMOTE displays in blue: ON-LINE (TCP).

DeviceMaster LT User Guide: 2000586 Rev. B

Page 25

Uploading SocketServer with PortVision DX

4. Click Ye s to the Upload Firmware message that warns you that this is a sensitive process. It may take a few moments for the firmware to the

DeviceMaster LT. The DeviceMaster LT reboots itself during the upload

upload onto

process.

5. Click Ok to the advisory message about waiting to use the device until the status reads ON-LINE. In the next polling cycle, PortVision DX updates th

Device L

If the upload fails, reset the Bootloader timeout to 60 seconds and th

ist pane and displays the new SocketServer version or right-clic

viceMaster LT and click Refresh

eps 3

through 5. For procedures, see Changing the Bootloader Timeout on

k the

en repeat

Page 84.

You are now ready to continue the installation and configuration process.

• Device Driver (NS-Link) Installation

• Socket Port Configuration

on Page 41

on Page 29

DeviceMaster LT User Guide: 2000586 Rev. B

Initial Configuration - 25

Page 26

Customizing PortVision DX

You can customize how PortVision DX displays the devices. You can even create sessions tailored for specific audiences. You can also add shortcuts to other applications using Tools > Applications > Customize feature.

The following illustrates how you can customize your view.

See the PortVision DX Help system for detailed information about modifying the view. For example, the above screen shot illustrates devices layered in folders.

26 - Initial Configuration

DeviceMaster LT User Guide: 2000586 Rev. B

Page 27

Accessing DeviceMaster LT Documentation from PortVision DX

You can use this procedure in PortVision DX to download and open the previously

downloaded documents for the DeviceMaster LT. You can also check to see if you

have the latest version of the documentation using PortVision DX.

How to Download Documentation

Use this procedure to initially download a document or documents.

1. If necessary, open PortVision DX > Start/Programs

ol > PortVision DX > PortVision DX or use the

Comtr

desktop shortcut.

2. Click Help > Documentation.

3. Optionally, click the DOWNLOAD THE CURRENT DOCUMENTATION CATALOG ONLINE button to make sure that the latest documentation is available

PortVision DX.

4. Select the product Category from the drop list.

5. Select the document you want to download from the Documentation drop list.

6. Click the Download the latest edition from the web button.

Note: It may take a few minutes to download, depending on your connection

7. Click Close if you have downloaded all of the documents that you wanted.

DeviceMaster LT User Guide: 2000586 Rev. B

speed. The document opens automatically after it has downloaded.

Initial Configuration - 27

Page 28

How to Open Previously Downloaded Documents

Use the following procedure to access previously downloaded documents in PortVision DX.

Note: Optionally, you can browse to the Program Files (x86) > Comtrol > PortVision

DX > Docs subdirectory and open the document.

1. If necessary, open PortVision DX > Start/Programs > Comtrol > PortVision DX Po

rtVision DX or use the desktop shortcut.

2. Click Help > Documentation.

3. Click the Open the local copy of the document button to view the document.

Note: If the document fails to open, it may be that your browser has been

disabled. You can still access the document by clicking the Browse the folder for already downloaded documentation button and opening the document with your custom browser.

4. Click Close in the Documentation... popup, unless you want to open or download other documents.

28 - Initial Configuration

DeviceMaster LT User Guide: 2000586 Rev. B

Page 29

Overview

Device Driver (NS-Link) Installation

This section discusses the following topics:

•

Linux Installations on Page 30

•

Windows Installations on Page 31

The following subsections discuss procedures that need to be done before installing and configuring the NS-Link device driver.

Before Installing the N

S-Link Driver

Before installing the NS-Link device driver for the Linux and Windows operating systems, the following conditions must be met:

• The DeviceMaster LT is connected to the network and powered on (

Installation on Page 11).

• The network information has been config (Configuring the Network Settings on Page 18).

• Checked to see if the latest versio

viceMaster LT (

De PortVision DX or you can open your bro address to view the version on the Server Status page

• If necessary, uploaded the latest

SocketServer with PortVision DX on Page 24 or you can use RedBoot, Uploading Firmware - Telnet Method (Linux) on Page 104).

Note: T

After NS-Link driver installation and configuration, the same ports can be configured as TCP/IP sockets using an NS-Link version of the SocketServer web page (Socket Port Configuration

echnical Supports recommends that you update to the latest version of

SocketServer before installing any NS-Link device driver

Checking the SocketServer Version on Page 22 using

n of SocketServer resides on the

version of SocketServer (Uploading

on Page 41).

ured in the DeviceMaster LT

wser, enter the DeviceMaster LT IP

Hardware

DeviceMaster LT User Guide: 2000586 Rev. B

Device Driver (NS-Link) Installation - 29

Page 30

Linux Installations

You can locate the latest device driver for Linux using one of these methods:

• Downlo

ad the latest device driver: ftp://ftp.comtrol.com/dev_mstr/LT/

drivers/linux.

• Softw

are and Documentation CD: You can use the CD to check the driver

on on the CD against the latest released version. Open the /html/

versi default.htm file to use the menu system, which provides you with links to download all software and documents.

Refer to the README file packaged with the Linux driver for driver installation and configuration procedures.

Before you install the Linux NS-Link device driver:

1. Make sure that you have programmed an appropriate network address

DeviceMaster LT. If you do not want to install PortVision DX on a

the Windows system, you can use RedBoot, which is discussed in

Configuring the

into

Network Settings on Page 102.

2. Make sure that you verify that you have the latest version of SocketServer loaded on the DeviceMaster LT.

If you do not want to install PortVision DX (Page 15) to check the SocketServer version, you

a. Open SocketServer to check the version

ente

Note: Following

can:

by opening your browser and

ring the IP address of the DeviceMaster LT.

images show the difference between SocketServer v9.xx

and previous versions.

b. Check the ftp site for the latest version:

ftp://ftp.comtrol.com/dev_mstr/LT/

software/SocketServer.

c. If necessary, download the latest version. If you do not want

P wh Page 104.

Note: Technical

3. Install and configure the Linux device driver using the Readme fi with the driver.

30 - Device Driver (NS-Link) Installation

to use

ortVision DX, use RedBoot to upload the latest version of SocketServer

ich is discussed in

Uploading Firmware - Telnet Method (Linux) on

Supports recommends that you update to the latest version of

le packaged

DeviceMaster LT User Guide: 2000586 Rev. B

Page 31

Windows Installations

This subsection provides an installation overview for the NS-Link device driver for Windows. For detailed installation and configuration information, see the

DeviceMaster LT Device Driver (NS-Link) User Guide for Windows

available on the Software and Documentation CD or you can download

Windows Installations

, which is

the latest.

Supported Operating Systems

Installation Overview for W

indows

The NS-Link device driver for Windows supports:

• Windows 8

• Windows Server 2012

• Windows 7

• Windows Server 2008

• Windows Vista

• Windows Server 2003

• Window XP

If you are updating the driver or need to remove the NS-Link device driver, you can refer to the DeviceMaster Device Driver (NS-Link) User Guide

or the help

system.

Note: Administrative privileges are required to install device drivers on Windows

systems (excluding Windows Server 2003 and Windows XP).

The following NS-Link device driver installation and configuration procedures are discussed in this subsection:

• Install the NS-Link device driver and Comtrol Dri

vers Management Console

using the Installation Wizard.

• Configure the COM ports using the Comtrol Driver

• Configure device properties using the Comtrol Driver

s Management Console.

NS-Link for Windows Installation

1. If necessary, locate the NS-Link device driver and make it available to the host system CD if you do not have internet access, or download the latest driver from

. The driver assembly is available on the Software and Documentation

ftp://ftp.comtrol.com/dev_mstr/LT/drivers/win7.

Note: Al

2. Execute the driver assembly De

though the ftp link displays win7 in the path, the driver supports the

previously listed

Windows operating systems.

viceMaster_Windows_x.xx.exe file and click

xt to start the installation.

DeviceMaster LT User Guide: 2000586 Rev. B

Device Driver (NS-Link) Installation - 31

Page 32

NS-Link for Windows Installation

3. Click Next to install in the default location.

4. Click In

5. Leave the

stall

Launch

DeviceMaster Driver

stallation

box

checked.

If you do not check this box, you can use the shortcut under the

Start button at Pr

ograms > Comtro DeviceMaster > De

viceMaster Driv

nstallation Wizard.

6. Click Fi

nish to

complete the in

stallation of the

wizard.

l >

32 - Device Driver (NS-Link) Installation

DeviceMaster LT User Guide: 2000586 Rev. B

Page 33

7. Click Next to start the driver installation.

NS-Link for Windows Installation

8. Click Install an

d Next.

9. Select the DeviceMaster L

T from the list.

DeviceMaster LT User Guide: 2000586 Rev. B

Device Driver (NS-Link) Installation - 33

Page 34

NS-Link for Windows Installation

10. Enter the quantity of this DeviceMaster LT model that you want to install and

ick Ok.

11. Repeat Steps

9 and 10 for each DeviceMaster LT that you are installing and

click Next.

12. Click Pr

oceed.

You may see the popup at the right for each port.

13. Return to the In

stallation Wizard and click Close.

14. Go to the next subsection for NS-Link driver configuration procedures.

34 - Device Driver (NS-Link) Installation

DeviceMaster LT User Guide: 2000586 Rev. B

Page 35

Configuring the NS-Link Driver for Windows

This subsection provides a configuration overview for the NS-Link driver. For detailed information or if the DeviceMaster LT is on a different physical segment, refer to the help system or the DeviceMaster LT Device Driver (NS-Link) User Guide, which is available on the Software and Documentation CD or you can

download the latest

The DeviceMaster LT must be connected to the local network segment or directly to a NIC on the host system to operate in MAC mode to perform the following configuration steps.

1. Access the Comtrol Drivers Management Console

or Sta

rt > Programs > Comtrol > DeviceMaster > DeviceMaster Driv

Console.

2. Highlight the Device Name of the DeviceMaster LT that you want to configure.

Configuring the NS-Link Driver for Windows

using the desktop shortcut

er Management

3. Select the MAC address from the drop-dow MAC address using PortVision DX, the IP address displays in the IP Mode text bo after you select the M

Note: If you enter the

If the appropriate MAC address is not disp can be one of the following reasons:

• Not on the same network segment

• DeviceMaster LT not powered on or connected

• The wrong DeviceMaster model was selected during the driver installation

• Device failure

DeviceMaster LT User Guide: 2000586 Rev. B

n list or enter the address from the

address label on the DeviceMaster LT. If you programmed the IP

AC address.

MAC address, make sure that you use the correct format:

C0 4E xx xx xx. A space must separate each pair of digits. The MAC

address is located on a label on the DeviceMaster LT or you can view it using PortVision DX.

layed in the drop-down list, then it

Device Driver (NS-Link) Installation - 35

Page 36

Configuring the NS-Link Driver for Windows

4. Click Apply to program the driver with the MAC address of the DeviceMaster

T or Ok to save the change and close the Comtrol Driver

L Console.

If you do not A prompted to Apply, Ignore, or Cancel the changes.

s Management

pply the changes before leaving this screen, you will be

5. Now that the MAC address has been associated to the DeviceMaster LT,

n use the Network Settings screen to:

• Change the IP address, set the DeviceMaster

LT to DHCP, or Disable IP

communications using the Network Settings button

• Reboot the DeviceMaster LT on the General tab

• Access network statistics on the Advanced tab If you want use IP mode and the IP address is configured for your network,

click the IP Mode radio button and click Apply. If you want to use SSL Mode, you must set the DeviceMaster LT to IP mode.

Click the Network Settings button and click Modify to make any network settings changes.

6. Optionally, click Enable

SSL Mode if you want to configure secure COM ports.

The DeviceMaster LT must be configured using IP Mode before you can Enable SSL Mode.

If SSL Mode is enabled, TCP connections that carry data to/fro ports

are encrypted using SSL or TLS security protocols. This includes

ollowing:

m the serial

the

• TCP connections to the per-serial-port TCP ports (default is 8000, 8001,

8002, ...) are encrypted using SSL/TLS.

• TCP connections to TCP port 4606 on which the DeviceMaster LT

implements the Comtrol proprietary serial driver protocol are encrypte u

sing SSL/TLS.

• Since SSL/TLS can not be used for

either UDP data streams or for the

you

36 - Device Driver (NS-Link) Installation

DeviceMaster LT User Guide: 2000586 Rev. B

Page 37

Configuring the NS-Link Driver for Windows

Comtrol proprietary MAC mode Ethernet driver protocol, both UDP and MAC mode serial data transport features are disabled.

In addition to encrypting the data streams, it is possible to configure the DeviceMaster LT so that only authorized client applications can connect using SSL/TLS.

For this option to function, you must also Enable Secure Data Mode

in the NS-

Link web page.

Note: See the help system or the DeviceMaster NS-Link User Guide for

Windows if you need additional information on SSL and the

corresponding options.

7. If you are using a server certificate, click the Ser enter the name in the Ser

ver Certificate text box.

ver Certificate check box and

8. If you are using a client certificate, click the drop list and browse to th

ppropriate client certificate file.

9. Configure the device properties: a. If desired, change the U b. Optionally, set a different K

nt of time in seconds that this DeviceMaster LT waits until it cl

amou

is connection and frees all the ports associated with it.

c. Optionally, set the TCP T d. Optionally, click a different S e. Optionally, change the N f. If necessary, click Do NO g. Optionally, click V

ser-Friendly Device Name.

eep Alive Timeout period. You can set the

imeout Multiplier value.

can Rate (ms).

umber of Devices to Load at Once.

T Attempt to Load Firmware in Device.

erbose Event Log if you want to log additional

DeviceMaster LT information into the event log.

h. After making your changes, click Ap

iguration procedures or click Ok if you have completed configurin

conf your D

eviceMaster LT

ply if you have additional

Note: You can refer to the help system if you need information about any of the

options or features.

10. Optionally, you can click the A

dvanced tab and verify that the Device Status

message indicates that the DeviceMaster LT is active and Ok.

11. Go to the next subsection to configure COM port properties

oses

DeviceMaster LT User Guide: 2000586 Rev. B

Device Driver (NS-Link) Installation - 37

Page 38

Configuring COM Port Properties for Windows

The following is a COM port properties configuration overview. Use the

DeviceMaster Device Driver (NS-Link) User Guide

NS-Link Help system for detailed configuration information.

1. Highlight the first port you want to configure.

(also available on the CD) or the

2. Complete the screen appropriately for the serial device that you plan on connecting to the port and click Ok.

a. Select the appropriate communication

s mode.

b. Enable the features that you want to use. c. Optionally, click the RT

Toggle Options button:

• If your communication

s application does not toggle RTS when RS-

485 mode.

• If you are usin

tran

g an

smitting in

external RS-232 to RS-485 converter, which is attached conf

to a port that

igured for RS-232.

d. Click the appropriate options

for your

e. Click OK to

3. If desired, click the C

T to these characteristics.

4. Optionally, change the User

5. If desired, select a different COM Name (COM port numb

environment.

save the changes and return to the port General tab.

lone check box to set all of the ports on this DeviceMaster

-Friendly Port Name.

er). The drop-down list displays (in use) next to COM port numbers that are already in use in this system. Do not duplicate COM port numbers as this will cause the ports to not function.

38 - Device Driver (NS-Link) Installation

DeviceMaster LT User Guide: 2000586 Rev. B

Page 39

6. Click Apply to save these changes.

Note: If you selected RS

7. Highlight the next port that you want to configure and perform through 6.

8. Refer to

9. Optionally, you may need to configure one (Socket Port Configuration on Page 41).

Enabling Secure Data Mode

In addition to enabling SSL mode in the driver, you must Enable Secure Data Mode in the NS-Link web page. Use the following procedure to implement the Enable Secure Data Mode option.

1. Access the NS-Link web page using one of these methods:

• Open your web browser, enter the IP address, and press Enter.

• Right-click the DeviceMaster in the Device List pane in PortVision DX an

click Webpage.

2. Click the Security tab

3. Click Enable

Enabling Secure Data Mode

-422 mode, make sure that there is not a device

attached to the port

and click Ok.

Steps 1

Connecting Serial Devices on Page 43 to attach your serial device.

or more ports for socket mode

Secure Data Mode and Save.

4. Configure your security key and certificate and click Set

Click the Help button if you need information about key and certificate management.

DeviceMaster LT User Guide: 2000586 Rev. B

Device Driver (NS-Link) Installation - 39

Page 40

Enabling Secure Data Mode

40 - Device Driver (NS-Link) Installation

DeviceMaster LT User Guide: 2000586 Rev. B

Page 41

Socket Port Configuration

This section provides an overview of SocketServer and provides basic operating procedures. SocketServer and DeviceMaster LT security are discussed in detail in

DeviceMaster LT Security on Page 45.

Note: T

SocketServer Overview

SocketServer is the name of the TCP/IP socket web page that is integrated in the firmware that comes pre-installed on your DeviceMaster LT. When you install an

NS-Link device driver, an NS-Link version of SocketServer loads on the

DeviceMaster LT.

The SocketServer home page (Server Status) prov

• Socket port characteristics for:

• Network settings (after initial configuration)

•

• Email notification services

• RFC1006 (ISO over TCP)

Note: F

echnical Supports recommends that you update to the latest version of SocketServer before installing an NS-Link device driver or configuring socket ports.

ides access to configure.

- Serial

-TCP connection

-UDP connection

See

SocketServer Architecture on Page 42 for more information about socket

port support.

Security, which is discussed in detail starting on Page 45

or socket service configuration procedures or detailed information each field, see the web page Help system.

Web Page Help System

DeviceMaster LT User Guide: 2000586 Rev. B

The web page Hel page Help system contains detailed information and configuration procedures for each mode discussed in

The Hel Documents page for your DeviceMaster LT or you can download the latest version from:

ftp://ftp.comtrol.com/dev_mstr/LT/software/socketserver/help/ssvr_help.zip.

To use the help system:

1. Unzip the files in a folder.

2. Open the ssvr_help.htm fi

3. Use your browser find function to locate searching.

are

p system is available separately for your convenience. The web

SocketServer Architecture on Page 42.

p system for the web page is available on the CD on the Supporting

le.

the option or information for which

Socket Port Configuration - 41

Page 42

SocketServer Architecture

PC or

Mainframe

LAN/WAN

Ethernet Hub

DeviceMaster

Serial Device

IP socket

application

Ethernet Hub

TCP/IP Socket Mode

DeviceMaster

Ethernet Hub

Dumb Terminal

Printer

Serial Tunneling Mode

LAN/WAN

UDP Mode

DeviceMaster

Ethernet Hub

LAN/WAN

1234

Serial Device

In this example, four PCs receive data simultaneously from one serial device.

DeviceMaster

Serial RS-232 connections

SocketServer Architecture

TCP/IP socket mode operation is used to connect serial devices with an application that supports TCP/IP socket communications addressing.

Serial tunneling mode is used to

establish a socket connection between two

DeviceMaster LTs through an Ethernet network.

UDP mode is desig

ned for applications that need faster data transmission, or that make use of UDP’s broadcast capabilities. UDP differs from TCP in that a UDP transmission does not first require a connection to be opened before sending data and the receiving device does not issue acknowledgements to the sender.

42 - Socket Port Configuration

DeviceMaster LT User Guide: 2000586 Rev. B

Page 43

Accessing Socket Configuration

There are several ways to access the socket configuration pages (either version, SocketServer or NS-Link). Use the method that fits your environment best.

• Web Browser

• PortVision DX

Accessing Socket Configuration

Web Browser To access the socket configuration page for the DeviceMaster

LT using a web

browser, follow this procedure.

1. Start your web browser.

2. Enter the IP address of the Device

Note: If you do not know the

Master LT in the URL field.

IP address, you can view the IP address in

PortVision DX.

3. Click the port number that you want to configure socket port settings (serial,

TCP conn

Note: S

ection configuration, and UDP connection configuration).

ee the web page Help system, if you need information about configuring sockets or serial tunneling. The Help system provides detailed configuration procedures and descriptions for all fields. See

Web Page Help System on

Page 41 for information about downloading the help file separately.

4. Click Sa

ve to return to the Server Status page.

5. Optionally, access the following pages to configure additional settings:

a. Click the Netw b. Click the Security ta c. Click the Email ta d. Click the RFC1

ork tab to change the network settings.

b to enable DeviceMaster LT security.

b to configure email notification services.

006 tab to configure RFC1006 settings.

PortVision DX There are several ways to access the socket configuration (NS-Link or

Soc

ketServer) page for the DeviceMaster LT using PortVision DX.

1. If necessary, start PortVision DX, right-c

ant to configure, and click Webpage.

lick the DeviceMaster LT that you

2. Click the port for which you want to configure socket port settings (serial, connection configuration, and UDP connection configuration).

Note: For socket configuration information see

the Help system. Click the ? in

a configuration area for field specific information or the Help button at the bottom of the page to view page level help. To locate configuration procedures, scroll to the top of the Help file and view the Table of Contents.

3. Click Sa

ve to return to the Server Status (main) page.

4. Optionally, access the following pages to configure additional settings. e. Click the Netw f. Click the Security tab to g. Click the Email ta h. Click the RFC1

ork tab to change the network settings.

enable DeviceMaster LT security.

b to configure email notification services.

006 tab to configure RFC1006 (ISO over TCP) settings.

TCP

DeviceMaster LT User Guide: 2000586 Rev. B

Socket Port Configuration - 43

Page 44

SocketServer Versions

You r SocketServer or NS-Link version may be different than these examples.

The top illustration shows the web page before a NS-Link device driver installation and the bottom illustration shows the web page after a device driver installation.

SocketServer Versions

The SocketServer Overview discusses the that the default SocketServer web page is the same as the NS-Link web page. If the NS-Link driver is not running (not in

stalled or disabled), SocketServer loads when you open a web browser session.

44 - Socket Port Configuration

DeviceMaster LT User Guide: 2000586 Rev. B

Page 45

DeviceMaster LT Security

This subsection provides a basic understanding of the DeviceMaster LT security options, and the repercussions of setting these options. See

DeviceMaster LT Security Features on Page 131 if you need to reset DeviceMaster

LT security options. See Page 133 if you want to return the DeviceMaster L values.

Understanding Security Methods and Terminology

The following table provides background information and definitions.

Returning the DeviceMaster LT to Factory Defaults on

Removing

T settings to their default

Term or

sue

If configured with a CA certificate, the DeviceMaster LT requires all SSL/TLS clients to present an RSA identity certificate that has been signed by the configured CA certificate. As shipped, the DeviceMaster LT is not configured with a CA certificate and all SSL/TLS clients are allowed.

CA (Client Authentication certificate)

Client Authentication

DH Key Pair Used by SSL Servers

† All DeviceMaster LT units are shipped from the factory with identical configurations. They

†

all have the identical, self-signed, Comtrol Server RSA Certificates, Server RSA Keys, Server DH Keys, and no Client Authentication Certificates. For maximum data and access security, you should configure all DeviceMaster LT units with custom certificates and keys.

This uploaded CA certificate that is used to validate a client's identity is sometimes referred to as a trusted root certificate, a trusted authority certificate, or a trusted CA certificate. This CA certificate might be that of a

†

trusted commercial certificate authority or it may be a privately generated certificate that an organization creates internally to provide a mechanism to control access to resources that are protected by the SSL/TLS protocols.

See Key and Certificate Management section does not discuss the creation of CA Certificates.

A process using paired keys and identity certificates to prevent unauthorized access to the DeviceMaster LT. Client authentication is discussed in Client

Authentication on Page 54 and Changing Keys and Certificates on Page 64.

This is a private/public key pair that is used by some cipher suites to encrypt the SSL/TLS handshaking messages. Possession of the private portion of the key pair allows an eavesdropper to decrypt traffic on SSL/TLS connections that use DH encryption during handshaking.

The DH (Diffie-Hellman) key exchange, also called exponential key exchange, is a method of digital encryption that uses numbers raised to specific powers to produce decryption keys on the basis of components that are never directly transmitted, making the task of a would-be code breaker mathematically overwhelming.

The most serious limitation of Diffie-Hellman (DH key) in its basic or pure form is the lack of authentication. Communications using Diffie-Hellman all by itself are vulnerable to man in the middle attacks should be used in conjunction with a recognized authentication method such as digital signatures to verify the identities of the users over the public communications medium.

See Certificates and Keys Page 61 for more information.

on Page 54 and Key and Certificate Management on

Explanation

on Page 61 for more information. This

. Ideally, Diffie-Hellman

DeviceMaster LT User Guide: 2000586 Rev. B

DeviceMaster LT Security - 45

Page 46

Understanding Security Methods and Terminology

Term or

Issue

Digital Certificate

PKI (public key infrastructure)

Explanation

A digital certificate is an electronic credit card that establishes your credentials when doing business or other transactions on the Web. It is issued by a certification authority (CA). It contains your name, a serial number, expiration dates, a copy of the certificate holder's public key (used for encrypting messages and digital signatures), and the digital signature of the certificate-issuing authority so that a recipient can verify that the certificate is real. Some digital certificates conform to a standard, X.509. Digital certificates can be kept in registries so that authenticating users can look up other users' public keys.

See Key and Certificate Management

on Page 61 for more information.

A public key infrastructure (PKI) enables users of a basically unsecure public network such as the Internet to securely and privately exchange data and money through the use of a public and a private cryptographic key pair that is obtained and shared through a trusted authority. The public key infrastructure provides for a digital certificate that can identify an individual or an organization and directory services that can store and, when necessary, revoke the certificates. Although the components of a PKI are generally understood, a number of different vendor approaches and services are emerging. Meanwhile, an Internet standard for PKI is being worked on.

The public key infrastructure assumes the use of public key cryptography, which is the most common method on the Internet for authenticating a message sender or encrypting a message. Traditional cryptography has usually involved the creation and sharing of a secret key for the encryption and decryption of messages. This secret or private key system has the significant flaw that if the key is discovered or intercepted by someone else, messages can easily be decrypted. For this reason, public key cryptography and the public key infrastructure is the preferred approach on the Internet. (The private key system is sometimes known as symmetric cryptography and the public key system as asymmetric cryptography.)

A public key infrastructure consists of:

• A certificate authority (CA) that issues and verifies digital certificate. A ificate includes the public key or information about the public key

cert

• A registration authority (RA) that acts as the ve

rifier for the certificate

authority before a digital certificate is issued to a requestor

• One or more directories where the certif

icates (with their public keys) are

held

• A certificate management system

For more information, see SSL Authentication on Page 53, SSL Performance on Page 56, SSL Cipher Suites

on Page 56, and DeviceMaster LT Supported

Cipher Suites on Page 57.

46 - DeviceMaster LT Security

DeviceMaster LT User Guide: 2000586 Rev. B

Page 47

Understanding Security Methods and Terminology

Term or

sue

RSA Key Pair†

SSH (Secure Shell)

SSL (Secure Sockets Layer)

Explanation

This is an algorithm for public-key cryptography. It is the first algorithm known to be suitable for signing as well as encryption. RSA is widely used in electronic commerce protocols, and is believed to be sufficiently secure given sufficiently long keys and the use of up-to-date implementations. The system includes a communications channel coupled to at least one terminal having an encoding device, and to at least one terminal having a decoding device.

• Public key is a value provided by some designated authority as an

encryption key that, combined with a private key derived from the public key, can be used to effectively encrypt messages and digital signatures.

•Private Key

- One half of the k

- Both the public and the private ke

ey pair used in conjunction with a public key

ys are needed for encryption / decryption but only the owner of a private key ever needs to know it. Using the RSA system, the private key never needs to be sent across the Internet.

- The private key is used to decrypt text that has been encrypted with the public

Thus, if User A sends User B a

key.

message, User A can find out User B’s public key (but not User B’s private key) from a central administrator and encrypt a message to User B using User B’s public key. When User

B receives it, User B decrypts it with User B’s private key. In addition to encrypting messages (which ensures privacy), User B can

authenticate User B to User A (so that User A knows that it is really User B who sent the message) by using User B’s private key to encrypt a digital certificate.

See Key and Certificate Management on Page 61 for more information.

Secure Shell (SSH) allows data to be exchanged using a secure channel between two networked devices. Replaces telnet which has no security. SSH requires password authentication – even if password is empty.

See SSH Server

on Page 53 for more information.

The Secure Sockets Layer (SSL) is the predecessor of (TLS) Transport Layer Security.

SSL is a commonly-used protocol for managing the security of a message transmission on the Internet. SSL has recently been succeeded by Transport Layer Security (TLS), which is based on SSL. SSL uses a program layer located between the Internet's Hypertext Transfer Protocol (HTTP) and Transport Control Protocol (TCP) layers.

SSL is included as part of both the Microsoft and Netscape browsers and most Web server products. Developed by Netscape, SSL also gained the support of Microsoft and other Internet client/server developers as well and became the de facto standard until evolving into Transport Layer Security.

SSL uses the public-and-private key encryption system from RSA, which also includes the use of a digital certificate.

See Pages 53 through 57 for detailed information about SSL.

Note: Two slightly different SSL protocols are supported by the DeviceMaster

LT: SSLv3 and TLSv1.

DeviceMaster LT User Guide: 2000586 Rev. B

DeviceMaster LT Security - 47

Page 48

Understanding Security Methods and Terminology

Term or

Issue

TLS (Transport Layer Security)

Secure Data Mode

Secure Config Mode

Secure Monitor Data Mode via Tel ne t

Man in the Middle attack

How Public and Private Key Cryptography Works

Explanation

Transport Layer Security (TLS) is a protocol that ensures privacy between communicating applications and their users on the Internet. When a server and client communicate, TLS ensures that no third party may eavesdrop or tamper with any message. TLS is the successor to the Secure Sockets Layer (SSL).

TLS and SSL are not interoperable. The TLS protocol does contain a mechanism that allows TLS implementation to back down to SSL 3.0.

TCP connections that carry data to/from the DeviceMaster LT serial ports are encrypted using SSL or TLS security protocols. See Security Modes and Configure/Enable Security Features Overview

on Page 58 for more

on Page 51

information.

Unencrypted access to administrative and diagnostic functions are disabled. See Security Modes

on Page 51 and Configure/Enable Security Features

Overview on Page 58 for more information.

Allows monitoring of a single serial port on the DeviceMaster LT while the port is configured for Secure Data Mode. For more information see, the Enable Monitoring Secure Data via Telnet option on Page 59.

A man in the middle attack is one in which the attacker intercepts messages in a public key exchange and then retransmits them, substituting his own public key for the requested one, so that the two original parties still appear to be communicating with each other.

The attack gets its name from the ball game where two people try to throw a ball directly to each other while one person in between them attempts to catch it. In a man in the middle attack, the intruder uses a program that appears to be the server to the client and appears to be the client to the server. The attack may be used simply to gain access to the message, or enable the attacker to modify the message before retransmitting it.

In public key cryptography, a public and private key are created simultaneously using the same algorithm (a popular one is known as RSA) by a certificate authority (CA).

The private key is given only to the requesting party and the public key is made publicly available (as part of a digital certificate) in a directory that all parties can access.

The private key is never shared with anyone or sent across the Internet. You use the private key to decrypt text that has been encrypted with your public key by someone else (who can find out what your public key is from a public directory).

Thus, if User A sends User B a message, User A can find out User B’s public key (but not User B’s private key) from a central administrator and encrypt a message to User B using User B’s public key. When User B receives it, User B decrypts it with User B’s private key. In addition to encrypting messages (which ensures privacy), User B can authenticate User B to User A (so User A knows that it is really User B who sent the message) by using User B’s private key to encrypt a digital certificate. When User A receives it, User A can use User B’s public key to decrypt it.

48 - DeviceMaster LT Security

DeviceMaster LT User Guide: 2000586 Rev. B

Page 49

Understanding Security Methods and Terminology

Term or

Issue

Explanation

A number of products are offered that enable a company or group of companies to implement a PKI. The acceleration of e-commerce and business-to-business commerce over the Internet has increased the demand for PKI solutions. Related ideas are the virtual private network (VPN) and the IP Security (IPsec) standard. Among PKI leaders are:

• RSA, which has developed the main algorithms used by PKI vendors.

• Verisign, which acts as a certificate auth

ority and sells software that

allows a company to create its own certificate authorities.

Who Provides the Infrastructure?

• GTE CyberTrust, which provides a P

KI implementation methodology and

consultation service that it plans to vend to other companies for a fixed

ce.

pri

• Xcert, whose Web Sentry product that c certificat

es on a server, using the Online Certificate Status Protocol

hecks the revocation status of

(OCSP).

• Netscape, whose Directory Server produ

ct is said to support 50 million objects and process 5,000 queries a second; Secure E-Commerce, which allows a company or extranet manager to manage digital certificates; and Meta-Directory, which can connect all corporate directories directory for security man

agement.

The following topic references are from: http://searchsecurity.techtarget.com/

• PKI (public key infrastructure)

• How Public/Private Key Cryptography Works

• Who Provides the Infrastructure

• Digital Certificate

•DH Key

• Man in the Middle attack

The RSA Key pair topic reference is from: http://en.wikipedia.org/wiki/RSA

into a single

DeviceMaster LT User Guide: 2000586 Rev. B

DeviceMaster LT Security - 49

Page 50

TCP and UDP Socket Ports Used by the DeviceMaster LT

Following list is all of the logical TCP and UDP socket ports implemented in DeviceMaster LTs.

Socket Port Number Description

22 SSH

Telnet

80 HTTP

443 SSL or HTTPS

102 RFC1006

161 SNMP

4606

4607

TCP 8000 - 8xxx

UDP 7000 - 7xxx

TCP Ports 22 (ssh) and 23 (telnet) are used for administrative and diagnostic purposes and aren't required for normal use and are enabled by default and Port 23 may be disabled.

TCP Ports 80 (http) and 443 (https) are used by the web server for administration and configuration and are enabled by default and cannot be disabled.

TCP Port 102 is used for RFC1006 (ISO over TCP) serial port access. Not used for normal NS-Link SocketServer access. The RFC1006 server can be disabled by setting the server port number to -1 and is enabled by default.

UDP Port 161 is used by the SNMP agent if SNMP is enabled which is the default.

TCP Port 4606 is required if you want to use NS-Link or PortVision DX if you want to update firmware without setting up a TFTP server and this port cannot be disabled.

TCP Port 4607 is only used for diagnostic purposes and isn't required for normal operation and this port cannot be disabled.

If SocketServer is to be used, then the user may enable usage of TCP or UDP ports for access to the serial ports. These ports are not enabled by default and are also user configurable to different values. Defaults for TCP would begin at 8000 and for UDP would begin at 7000.

Incremented per serial port on the DeviceMaster LT.

For example: A DeviceMaster LT 16- port would have Ports 8000 through 8015.

Incremented per serial port on the DeviceMaster LT.

For example: A DeviceMaster LT 16- port would have Ports 7000 through 7015.

50 - DeviceMaster LT Security

DeviceMaster LT User Guide: 2000586 Rev. B

Page 51

DeviceMaster LT Security Features

The following subsections provide information about DeviceMaster LT security features.

Security Modes The DeviceMaster LT supports two security modes.

DeviceMaster LT Security Features

Security

Secure Data

Secure Config

† Affects

both RedBoot and SocketServer/NS-Link applications.

Description

SSL encryption for serial port dat

a streams for both NS-Link and

SocketServer. Secure Data mode:

• Requires SSL encryption of TCP connections to

SocketServer

(Ports 8000, 8001, 8002, and so forth).

• Disables UDP access to SocketServer.

• Disables RFC1006 (ISO-over-TCP) access

• Disables MAC-mode access to serial d ID commands are still allowed.

• Requires SSL encryption of NS-Link TCP connections (P

606). Not directly supported by NS-Link drivers for Window

nd Linux. The Linux driver has been tested using stunnel

to SocketServer.

ports. MAC mode admin

ort

but manual setup is required.

• Requires SSH instead of telnet connection to the di

og (TCP Port 4607).

• Two values for http READ and WRITE

commands: A2:

agnostic

Enable.

Encrypts/aut

henticates configuration and administration

operations (web server, IP settings, load SW, and so forth.). Secure Config mode:

• Disables MAC mode admin commands except for ID request†.

• Disables TCP/IP admin commands except for ID

request†.

• Disables telnet console access (Port 23)†.

• Disables unencrypted http:// access via Port 80.

• Disables e-mail notification and SNMP features.

• Two values for http READ and WRITE

commands: A3:

Enable.

DeviceMaster LT User Guide: 2000586 Rev. B

DeviceMaster LT Security - 51

Page 52

Secure Data Mode and Secure Config Mode Comparison

This table provides information that compares Secure Data and Secure Config modes.

Feature Secure Data Secure Config

MAC (admin) enabled disabled

† disabled †

Secure Data/

Sec

ure Config

MAC (async) disabled enabled disabled

TCP 4606 (admin) SSL, enabled clear, disabled

† SSL, disabled †

TCP 4606 (async) SSL clear SSL

UDP disabled user-configured disabled

telnet/RFC2217 user-configured user-configured user-configured

RFC1006 disabled user-configured disabled

4607 (diag log) SSH telnet SSH

8000 (serial port) SSL clear SSL

console (config)

web

telnet on Port 23

SSH on Port 22

clear on Port 80

SSL on Port 443

SSH on Port 22 SSH on Port 22

SSL on Port 443 SSL on Port 443

SMTP, SNMP user-configured disabled disabled

RedBoot MAC enabled disabled

† disabled †

RedBoot 4606 enabled disabled † disabled †

RedBoot telnet user-configured disabled disabled

Security Compari

son

This table displays addition information about security feature comparisons.

Wea kest Strongest

01 2 3 3 4

Supported by None Password Authentication Secure Config Secure Data Key & Certificate

RedBoot

SocketServer yes yes yes yes yes yes

NS-Link Driver/MAC yes yes yes no no no

NS-Link Driver/IP yes yes yes yes

Serial Monitoring yes yes yes no yes † no

TCP to Serial Ports yes yes yes no no no

SSH to Serial Ports no no no yes yes yes

UDP to Serial Ports yes yes yes disabled disabled disabled

Telnet/Port23 yes yes yes disabled yes † disabled

SSH Telnet/Port 22 yes yes yes yes yes yes

Telnet Port 4607 yes yes yes disabled yes yes

SSH (PuTTY) 4607 no no no yes disabled disabled

HTTP (Port 80) yes yes yes disabled disabled disabled

HTTPS (Port 443) no no no yes yes yes

yes yes yes no yes no

52 - DeviceMaster LT Security

DeviceMaster LT User Guide: 2000586 Rev. B

Page 53

Weakest Strongest

Email yes yes yes disabled disabled disabled

SNMP yes yes yes disabled disabled disabled

RFC1006 yes yes yes disabled disabled disabled

† Enable Monitoring Secure Data via Telnet must be enabled. SSH does not

support port monitoring. You can set the securemon enable option.

admin commands are disabled except for read-only ID command required by NS-Link to identify the device.

The intention is to allow NS-Link to operate through an SSL connection to Port 4606 while is in Secure Data Mode, and to allow NS-Link to operate through a MAC connection with Secure Config Mode enabled and Secure Data Mode disabled.

SSH Server

SSH Server The DeviceMaster LT SSH server h

as the following characteristics:

• Requires password authentication – even if password is empty.

• Enabled/disabled along with teln

et access independently of Secure Data and

Secure Config Modes.

• The DeviceMaster LT uses third-party tworks:

http://www.peersec.com/.

MatrixSSH library from PeerSec

SSL Overview DeviceMaster LT SSL provides the following features:

• Provides both encryption and authentication.

- Encryption prevents a third-party eavesdropper from viewing data that is being t

ransferred.

- Authentication allows both the client (that is, web browser) and (that is. DeviceMaster LT) to ensure that only desired parties are allowed to establish connections. This prevents both unauthorized access and

in-the-middle attacks on the communications channel.

• Two slightly different SSL protocols are s

upported by the DeviceMaster LT,

SSLv3 and TLSv1.

• The DeviceMaster LT uses third-party MatrixSSL library from PeerSe tworks:

http://www.peersec.com/matrixssl.html.

SSL Authentication DeviceMaster LT SSL authentication has the following features:

• Authentication means being able to verify th

of a communications channel. A username/password is a common example

end

e identity of the party at the other

of authentication.

• SSL/TLS protocols allow authentication u

icates. DeviceMaster LT supports only RSA certificates.

certif

• Each party (client and server) can prese

• Each ID certificate is s

igned by another authority certificate or key.

• Each party can then verify the validity of the ot

hat it was signed by a trusted authority. This verification requires that ea

t party ha I

D certificate.

ve access to the certificate/key that was used to sign the other party'

sing either RSA certificates or DSS

nt an ID certificate to the other.

her's ID certificate by verifying

server

man-

Server A

uthentication

Server Authentication is the mechanism by which the DeviceMaster LT proves its

identity.

• The DeviceMaster LT (generally an SSL server) can

ploading an ID certificate that is to be presented to clients when they connect

u to the DeviceMaster LT.

DeviceMaster LT User Guide: 2000586 Rev. B

be configured by

DeviceMaster LT Security - 53

Page 54

Client Authentication

• The private key used to sign the certificate must also be uploaded to the

DeviceMaster LT

Note: Possession of that private key will allow eavesdroppers to decrypt all

traffic to

• The corresponding public key can be used to verify

and from the DeviceMaster LT.

the ID certificate but not to

decrypt traffic.

• All DeviceMaster LT are shipped from the fa

icates and private keys. This means that somebody could (with a little

certif

ctory with identical self-signed ID

effort) extract the factory default private key from the DeviceMaster LT firmware and use that private key to eavesdrop on traffic to/from any ot

eviceMaster LT that is being used with the default private key.

her

• The public/private key pairs and the ID certificates can be generated usin

openssl co

• If the server authentication certificate in the

an authority known to the client (as shipped, they ar SSL

• If the name in server authentication certificate does not matc

that was used to access the server, then interactive SSL clients such brow

mmand-line tools.

DeviceMaster LT is not signed by

e not), then interactive

clients such as web browsers will generally warn the user.

h the hostname

as web

sers will generally warn the user.

Client A

uthentication

Client Authentication is the mechanism by which the DeviceMaster LT verifies the

identity of clients (that is, web browsers and so forth).

• Clients can generally be confi

gured to accept a particular unknown server

certificate so that the user is not subsequently warned.

• The DeviceMaster LT (generally an SSL server) can be configured by

loading a trusted authority certificate that will be used to verify the ID

up certificates presented to the DeviceMaster LT by SSL clients. This allows yo t

o restrict access to the DeviceMaster LT to a limited set of clients which ha

been configured with corresponding ID certificates.

• DeviceMaster LT units will be shipped without an authority certificate and

will not require clients to present ID certificates. This allows any and all

lients to connect to the DeviceMaster LT.

Certificates and Keys To control access to the DeviceMaster L

should create your own custom CA certificate and then configure authorized client applications with identity certificates signed by the custom CA certificate.

This uploaded CA certificate that is used to validate a client's identity is sometimes referred to as a trusted root certificate, a a trusted CA certificate. This CA certificate might be that of a trusted commercial certificate authority or it may be a privately generated certificate that an organization creates internally to provide a mechanism to control access to resources that are protected by the SSL/TLS protocols.

The following is a list that contains additional information about certificates and ke

ys:

• By default, the DeviceMaster LT is shipped without a CA (Certifica

Authority) and therefore al

lowing connections from any SSL/TLS client. If desired, controlled access to SSL/TLS protected features can be u

ploading a client authentication certificate to the DeviceMaster LT.

• Certificates can be obtained from commercial certificate authorities (VeriSign, Th

awte, Entrust, and so forth.).

• Certificates can be created by use

rs for their own use by using openssl

command line tools or other applications.

• Certificates and keys to be uploaded to the .DER binary file format, not in the .PEM ASCII file format. (The openssl tools can create files in either format and can convert files back and forth between the two formats.)

SSL

T's SSL/TLS protected resources you

trusted authority certificate, or

configured by

DeviceMaster LT must be in the

54 - DeviceMaster LT Security

DeviceMaster LT User Guide: 2000586 Rev. B

Page 55

Certificates and Keys

• Configuring Certificates and keys are configured by four uploaded files on the

ttom Key and Certificate Management portion of the Ed

Confi

guration web page:

- RSA K

ey Pair used by SSL and SSH servers

it Security

This is a private/public key pair that is used for two purposes:

• It is used by some cipher suites to encrypt the SSL/TLS handshakin

g messages. Possession of the private portion of this key pair allows an eavesdropper to RSA encry

• It is used to sign the Server RSA Certif

both decrypt traffic on SSL/TLS connections that

ption during handshaking.

icate in order to verify that the

use

DeviceMaster LT is authorized to use the server RSA identity certificate. Possession of the private portion of this key pair al somebody

If the Server RSA Key is replaced, a corresponding R

to pose as the DeviceMaster LT.

SA server certificate

lows

must also be generated and uploaded as a matched set or clients are not able to verify the identity certificate.

- RSA Ser

• This is the RSA identity certificate

ver Certificate used by SSL servers

that the DeviceMaster LT uses during SSL/TLS handshaking to identify itself. frequently open connections secure TCP up to open

by SSL server code in the DeviceMaster LT wh

to the DeviceMaster LT's

ports. If a DeviceMaster LT serial port configuratio

(as a client), a TCP connection to another server device, the

It is used most

en clients

secure web server or other

n is set

DeviceMaster LT also uses this certificate to identify itself as an

SSL

client if requested by the server.

• In order to function properly, this certificate must be signed using r RSA Key. This means that the server RSA certificate and serv

Serve

key must be replaced as a pair.

RSA

- DH

Key pair used by SSL servers

This is a private/public key pair that is used by

some cipher suites to

the

encrypt the SSL/TLS handshaking messages.

Possession of the private portion of the k

ey pair allows an eavesdropper to decrypt traffic on SSL/TLS connections that use DH encryption during handshaking.

- Client A

If configured with a CA certificate, the DeviceM

uthentication Certificate used by SSL servers

aster LT requires all SSL/ TLS clients to present an RSA identity certificate that has been signed by the configured CA certificate. As shipped, the DeviceMaster LT is not configured with a CA certificate and all SSL/TLS clients are allowed.

DeviceMaster LT User Guide: 2000586 Rev. B

DeviceMaster LT Security - 55

Page 56

SSL Performance

SSL Performance The DeviceMaster LT has these SSL performance characteristics:

• Encryption/decryption is a CPU-intensive process, and using encrypted da reams will limit the number of ports that can be maintained at a given serial

st throughput. For example, the table below shows the number of ports that can be maintained by SocketServer at 100% throughput for various cipher suites and baud rates.

9600 38400 57600 115200

RC4-MD5 32 16 10 5

4-SHA 32 13 9 4

AES128-SHA 28 7 5 2

AES256-SHA 26 7 4 2

DES3-SHA 15 3 2 1

Note: These throughputs required

100% CPU usage, so other features such as the web server are very unresponsive at the throughputs shown above. To maintain a usable web interface, one would want to stay well below the maximum throughput/port numbers above.

• The overhead required to set up an SSL connection is also significan ime required to open a connection to SocketServer varies depending on the

t public-key encryption scheme used for the initial handshaking. Typical setup times for the three public-key encryption schemes supported by the DeviceMaster LT are shown below:

- RSA 0.66 seconds

- DHE 3.84 seconds

- DHA 3.28 seconds

• Since there is a certain am

ount of overhead for each block of data sent/ received on an SSL connection, the SocketServer polling rate and size of bocks that are written to the SocketServer also has a noticeable effect on CPU usage. Writing larger blocks of data and a slower SocketServer polling rate will decrease CPU usage and allow somewhat higher throughputs.

SSL Cipher Suites This subsection provides information about SSL cipher suites.

• An SSL connection uses four different facilities, each of which can use on several different ciphers or algorithms. A particular combination of four ciphers/algorithms is called a “cipher suite”.

• A Cipher Suite consists of

- Public Key Encryption Algorithm

• Used to protect the initial handshaking and connection setup.

• Typical options are RSA, DH, DHA, DHE, EDH, SRP, PSK

• DeviceMaster LT supports RSA, DHA, DHE

- Authentication Algorithm

• Used to verify the identities of the tw

o parties to each other.

• Typical options are RSA, DSA, ECDSA

• DeviceMaster LT supports only RSA

-Stream Cipher

• Used to encrypt the user-data exchange

• Typical options: RC4, DES, 3DES, AES, IDE

d between the two parties.

A, Camellia, NULL

• DeviceMaster LT supports RC4, 3DES, AES

t. The

e of

56 - DeviceMaster LT Security

DeviceMaster LT User Guide: 2000586 Rev. B

Page 57

DeviceMaster LT Supported Cipher Suites

- Message Authentication Code

• hash function (checksum) used to veri not be corrupt

• typical options include MD5,

ed or changed while in transit.

SHA, MD2, MD4

fy that each message frame has

• DeviceMaster LT supports MD5, SHA

• In the design of the SSL/TLS protocols the choice ndependent of each other: only certain combinations are defined by th

i standards suites support

. The standard combinations of protocol (SSL or TLS) and

by DeviceMaster LT are shown in the attached table.

s of four of the above are not

cipher

DeviceMaster LT

The DeviceMaster LT supports the cipher suites:

Supported Cipher Suites

Protocol Public Key Authentication Cipher MAC

SSL RSA RSA 3DES SHA

SSL

RSA RSA RC4 SHA

SSL RSA RSA RC4 MD5

SSL DHE RSA 3DES SHA

SSL DHA RSA RC4 MD5

SSL RSA RSA NULL MD5

SSL RSA RSA NULL SHA

TLS RSA RSA AES128 SHA

TLS RSA RSA AES256 SHA

TLS DHE RSA AES128 SHA

TLS DHE RSA AES256 SHA

TLS DHA RSA AES128 SHA

TLS DHA RSA AES256 SHA

SSL Resources You can refer to the following SSL res

• Standard reference book is SSL an

• Wikipedia page on SSL/TLS provides a good overview:

wiki/TLS

• openssl contains command-line tools to do the following. More information is

available at:

http://www.openssl.org/

- Create/examine keys/certificates

- Act as client or server

• ss

ldump is a -command line tool that displays a human-readable dump of an

SSL connection's handshaking and traffic:. More information can be found at

http://www.rtfm.com/ssldump/.

- If provided with server's private key, can decrypt data stream

- Can display decoded data stream in ASCII/hex

- Can display contents of handshaking packets (including ID certificates)

ources for more information:

d TLS by Eric Rescorla

http://en.wikipedia.org/

DeviceMaster LT User Guide: 2000586 Rev. B

DeviceMaster LT Security - 57

Page 58

Configure/Enable Security Features Overview

You can enable DeviceMaster LT security features the web page (SocketServer or the NS-Link version). Key and Certificate Management must be done using the Security tab in the DeviceMaster LT web pages.

If you want secure COM ports, you must also Enable SSL Mode and applicable server or client certificates in the NS-Link device driver for Windows. See

Device Driver (NS-Link) Installation on Page 29.

The following illustration shows the S tab and are discussed in the following table.

enter any

ecurity Configuration area of the Security

Security

Option

Enable Secure Data Mode

Description

If Secur

e Data Mode is enabled TCP connections which carry data

to/from the serial ports will be encrypted using SSL or TLS security protocols. This includes the following:

• TCP connections to the per-serial-port TCP ports (default 8000, 8001, 8002, and so forth) are encrypted using SSL/ TLS.

• TCP connections to TCP Port 4606 on whic

eviceMaster LT implements the Comtrol proprietary se

er protocol are encrypted using SSL/TLS.

driv

• Since SSL/TLS can not be used for eith

the Comtrol proprietary MAC mode

or for protocol,

both UDP and MAC mode serial data transport

h the

er UDP data streams

Ethernet driver

features are disabled.

• In order to minimize possible se

006 features are also disabled in Secure Data mode.

RFC1

curity problems, e-mail and

In addition to encrypting the data streams, it is possible to configure the DeviceMaster LT so that only authorized client applications can connect using SSL/TLS. See the Client

Authentication discussion on Page 54 for details.

rial

58 - DeviceMaster LT Security

DeviceMaster LT User Guide: 2000586 Rev. B

Page 59

Configure/Enable Security Features Overview

Security

ption

Enable Secure Config Mode

Enable Monitoring

e Data via

Secur Tel ne t

Description

If Secure Config Mode is enabled, unencrypted access to administrative and diagnostic functions is disabled. Secure Config Mode changes DeviceMaster LT behavior as follows:

• Telnet access to administrative and diagnostic functions is disabled. SSH access is still allowed.

• Unencrypted access to the web

server via Port 80 (http://

URLs) is disabled.

• Encrypted access to the web se

rver via Port 443 (https://

URLs) is still allowed.

• Administrative commands that change configuration

erating state which are received using the Comtrol

proprietary TCP driver protocol on TCP Port 4606 are ignored.

• Administrative commands that change configuration

perating state that are received using the Comtrol

de proprietary Ethernet protocol

mo ig

nored.

number 0x11FE are

MAC

When checked, this allows the monitor command to be used while Secure Data Mode is enabled. When unchecked, the monitor command can only be used if Secure Data Mode is not enabled. You must click Save and reboot the DeviceMaster LT for the change to go into affect. This option is disabled by default.

The Enable Monitoring Secure Data via Telnet feature allows you to monitor serial data being sent/received on a serial port (either via NS-Link or SocketServer). The monitoring is done by telnetting to the DeviceMaster LT and using the following commands:

• monitor [-ac] portnumber

Display a live hex dump of TX/RX data for the specif serial port. Y dump will foll

owing detailed description and examples. The data

ogged when it is written/read

/RX buffers -- as such, the

TX by

tes is not precise, but it should be sufficient to debug

ou can only monitor one port at a time. Th

continue until the Enter key is pressed. See th

to/from the serial port driver's

relative timing between RX/TX

ied

e live

most problems (especially frame-oriented, command/response serial protocols).

Monitoring serial data through a te generate ext

ra network traffic and may have small effects on the timing of DeviceMaster LT operations when larg amounts of data are being log

lnet connection does

ged at high baud rates.

See

Example 1 on Page 60 for more information.

-The -a option enable

a in a column to the right the hex representation.

of dat See

Example 2 on Page 60.

-The -c option e

s displaying of ASCII representation

nables the use of color instead of < and > to indicate the data flow direction. Tx is green and Rx is red. See

Example 3 on Page 61.

DeviceMaster LT User Guide: 2000586 Rev. B

(continued)

DeviceMaster LT Security - 59

Page 60

Example 1

Security

Option

Description

• securemon [enable|disable]

(Continued from the previous page)

By default, monitoring of TX/RX data when in Secur Mode i

s not allowed through telnet (an insecure protocol).

This command allows you to override that default wh

secur

emon is enabled it will allow monitoring of secure data

e Data

via an insecure protocol like telnet.

Enable Monitoring Secure Data via Te ln et

Enable Telnet/ssh

Currently, because of issues with the DeviceMaster LT implemen comma i

t will be supported in the future. Once it is supported, th

secur

ata via ssh (which will always be allowed).

This option

tation, monitoring serial port data via

nd-line interface is not supported. It is expected th

emon setting will not affect th

e ability to monitor secure

enables or disables the telnet security feature after

the ssh

ssh

you click Save and the DeviceMaster LT has been rebooted. This

option is enabled by default.

This option enables or disables the SNMP security feature after

Enable SNMP

you click Save and the DeviceMaster LT has been rebooted. This option is enabled by default.

Example 1 The following example shows how to monitor output using a loopback plug and a

program that repeatedly sends the string abcABC123 to Port 1:

dm> monitor 1 Serial monitoring started for port 1 -- press [Enter] to stop. > 61 62 63 41 42 43 31 32 33 < 61 62 63 41 42 43 31 32 33 > 61 62 63 41 42 43 31 32 33 < 61 62 63 41 42 43 31 32 33 > 61 62 63 41 42 43 31 32 33 < 61 62 63 41 42 43 31 32 33 > 61 62 63 41 42 43 31 32 33 < 61 62 63 41 42 43 31 32 33

Example 2 The following example shows how the -a option enables displaying of ASCII

representation of data in a column to the right the hex representation:

dm> monitor -a 1 Serial monitoring started for port 1 -- press [Enter] to stop. > 61 62 63 41 42 43 31 32 33 > abcABC123 < 61 62 63 41 42 43 31 32 33 < abcABC123 > 61 62 63 41 42 43 31 32 33 > abcABC123 < 61 62 63 41 42 43 31 32 33 < abcABC123 > 61 62 63 41 42 43 31 32 33 > abcABC123 < 61 62 63 41 42 43 31 32 33 < abcABC123 > 61 62 63 41 42 43 31 32 33 > abcABC123 < 61 62 63 41 42 43 31 32 33 < abcABC123 > 61 62 63 41 42 43 31 32 33 > abcABC123 < 61 62 63 41 42 43 31 32 33 < abcABC123 > 61 62 63 41 42 43 31 32 33 > abcABC123 < 61 62 63 41 42 43 31 32 33 < abcABC123

60 - DeviceMaster LT Security

DeviceMaster LT User Guide: 2000586 Rev. B

Page 61

Example 3

Example 3 The -c option enables the use of color instead of < and > to indicate the data flow

direction. Tx is green and Rx is red.

dm> monitor -c 1 Serial monitoring started for port 1 -- press [Enter] to stop.

61 62 63 41 42 43 31 32 33 61 62 63

32 33 61 6 43 31 32 33 61 62 41 42 43 31 32 33 61 62 63 62 63 41 42 43 31 32 33 61

33 61 62 6 31 32 33 6 42 43 31 32 33 61 63 41 42 43 31 32 33 61 62

-a and -c options can be used together:

The dm> monitor -ac 1 Serial monitoring started for port 1 -- press [Enter] to stop.

61 62 63 41 42 43 31 32 33 61

32 33 61 62 43 31 32 33 61 41 42 43 31 32 33 61 62 63 41 42 43 31 32 33 6

33 61 62 31 32 33 61 62 63 42 43 31 32 33 61 62 63 41 42 43 31 32 33 61 6

2 63 41 42 43 31 32 33 61 62 63 41 42

63 41 42 43 31 32 33 61 62 63

41 42 43 31 32 33 61

62 63 41 42 43 31 32

3 41 42 43 31 32 33 61 62 63 41 42 43 1 62 63 41 42 43 31 32 33 61 62 63 41

62 63 41 42 43 31 32 33 61 62

63 41 42 43 31 32 33

63 41 42 43 31 32 33 61 62 63 41 42 | 23abcABC123abcAB

62 63 41 42 43 31 32 33 61 62 63 | C123abcABC123abc

62 63 41 42 43 31 32 33 61 | ABC123abcABC123a

1 62 63 41 42 43 31 32 | bcABC123abcABC12

63 41 42 43 31 32 33 61 62 63 41 42 43 | 3abcABC123abcABC

41 42 43 31 32 33 61 62 63 41 | 123abcABC123abcA

63 41 42 43 31 32 33 61 62 | BC123abcABC123ab

2 63 41 42 43 31 32 33 | cABC123abcABC123

41 42 43 31

62 63 41 42 43 31 | abcABC123abcABC1

Key and Certificate Management

Key and Certificate management is only available in Edit Security Configuration web page.

DeviceMaster LT User Guide: 2000586 Rev. B

DeviceMaster LT Security - 61

Page 62

Key and Certificate Management

Key and Certificate

Management Options

Description

This is a private/public key pair that is used for two purposes:

It is used by some cipher suites to encrypt the SSL/ TLS handshaking messages. Possession of the private portion of this key pair allows an eavesdropper to both decrypt traffic on SSL/TLS connections that use RSA encryption during handshaking.

RSA Key pair used by SSL and

SSH servers

It is used to sign the Server RSA Certificate in order to verify that the &dm; is authorized to use the server RSA identity certificate. Possession of the private portion of this key pair allows somebody to pose as the &dm;.

If the Server RSA Key is to be replaced, a corresponding RSA identity certificate must also be generated and uploaded or clients are not able to verify the identity certificate.

This is the RSA identity certificate that the DeviceMaster uses during SSL/TLS handshaking to identify itself. It is used most frequently by SSL server code in the DeviceMaster when clients open connections to the DeviceMaster's secure web server or other secure TCP ports. If a DeviceMaster serial

RSA Server Certificate used by SSL servers

port configuration is set up to open (as a client) a TCP connection to another server device, the DeviceMaster also uses this certificate to identify itself as an SSL client if requested by the server.

In order to function properly, this certificate must be signed using the Server RSA Key. This means that the server RSA certificate and server RSA key must be replaced as a pair.

This is a private/public key pair that is used by some cipher suites to encrypt the SSL/TLS handshaking

DH Key pair used by SSL servers

messages.

Note: Possession of the

allows an eavesdropper to decrypt traffic on

private portion of the key pair

SSL/TLS connections that use DH encryption during handshaking.

If configured with a CA certificate, the DeviceMaster requires all SSL/TLS clients to present an RSA

Client Authentication Certificate used by SSL servers

identity certificate that has been signed by the configured CA certificate. As shipped, the DeviceMaster is not configured with a CA certificate and all SSL/TLS clients are allowed.

See Client Authentication

on Page 54 for more detailed

information

• All DeviceMaster LT units are shipped from the factory with identical

configurations. They all have the identical, self-signed, Comtrol Server RSA Certificates

, Server RSA Keys, Server DH Keys, and no Client Authentica

Certificates.

• F

or maximum data and access security, you should configure all DeviceMaster

LT units with custom certificates and keys.

tion

62 - DeviceMaster LT Security

DeviceMaster LT User Guide: 2000586 Rev. B

Page 63

Using a Web Browser to Set Security Features

The Software displays as NS-Link, if you have installed and configured a device driver.

The follow procedures are discussed below:

•

Changing Security Configuration

• Changing Keys and Certificates on Page 64

Using a Web Browser to Set Security Features

Changing Security Configuration

Use the following steps to change security settings in

1. Enter the IP address of the DeviceMas

wser and press the Enter key.

bro

2. Click the Security tab

3. Click the appropriate check boxes in the Securit

ter LT in the Address field of your web

y Configuration area to enable

or disable security accordingly.

Refer to the help system or

Configure/Enable Security Features Overview on

Page 58 for detailed information.

the DeviceMaster LT.

4. After making changes to the Security Configuration area, click Save.

DeviceMaster LT User Guide: 2000586 Rev. B

DeviceMaster LT Security - 63

Page 64

Changing Keys and Certificates

5. Make the appropriate selection for your situation:

•Click Cont

rebo

•Click Reboot so

inue, if you addition configuration and then make sure that you

ot the DeviceMaster LT later so that the changes take affect.

that changes take affect as soon as the DeviceMaster LT

returns online.

Changing Keys and Certifi

cates

Use the following steps to update security keys and certificates in the DeviceMaster LT.

1. If necessary, enter the IP address of the D

eviceMaster LT in the Address field

of your web browser and press the Enter key.

2. Click the Security tab

3. Click Set fo

Certificate M

r the appropriate key or certificate option in the Keys and

anagement area to configure security keys and certificates.

Refer to the help system or

Key and Certificate Management subsection on

Page 64 for detailed information.

4. Click Br

owse to locate the key or certificate file, highlight the file, and click

Open.

5. Click Upload when you return to the Key and Certificate

The key or certificate notation changes from factory or none to DeviceMast

6. You do not need to click Sa

DeviceMast

You can reboot the DeviceMaster L

er LT is secure.

ve, but changes will not take effect until the

er LT is rebooted.

T by returning to the Server Status tab

Management area.

User when the

(scroll to the bottom of the page) or using PortVision DX.

64 - DeviceMaster LT Security

DeviceMaster LT User Guide: 2000586 Rev. B

Page 65

Connecting Serial Devices

This section discusses connecting your serial devices to the DeviceMaster LT. It also provides you with information to build serial cables and loopback connectors to test the serial ports.

Use the appropriate subsection to co DeviceMaster LT ports.

This subsection provides the following information:

• Connector pin assignments (below)

•

RJ45 Null-Modem Cables (RS-232) on Page 66

•

RJ45 Null-Modem Cables (RS-422) on Page 66

•

RJ45 Straight-Through Cables (RS-232/485) on Page 66

•

RJ45 Loopback Plugs on Page 67

•

RJ45 RS-485 Test Cable on Page 67

•

Connecting RJ45 Devices on Page 67

You can build your own null-modem or straight-through RJ45 serial cables if you are u

sing the DB9 to RJ45 adapters using the following subsections.

nnect asynchronous serial devices to the

Pin RS-232

RS-422

RS-485 (4-Wire)

RS-485

(2-Wire)

1 RTS Not used Not used

2DSR RxD- Not used

3 DCD Not used Not used

4RxD RxD+ Not used

5 TxD TxD+ TxD/RxD+

6GND GND GND

7 DTR TxD- TxD/RxD-

8 CTS Not used Not used

DeviceMaster LT User Guide: 2000586 Rev. B

Connecting Serial Devices - 65

Page 66

RJ45 Null-Modem Cables (RS-232)

TxD RxD RTS CTS DSR

GND

DCD DTR

Signal

RxD TxD CTS RTS DTR

GND

DCD

DSR

Signal

DB9

2 3 8 7 4

1 6

Pins

DB25

3 2

8 6

Pins

RJ45

5 4 1 8 2

3 7

Pins

RJ45

4 5

3 2

Pins

TxD+ TxDRxD+

Signal

RJ45

7 4

Pins

RxD+ Rx

D-

Signal

RxD-

TxD+ TxD-

GND GND

2 6

DB9

1 2 3 4 5

6 7

Pins

DCD RxD TxD or TRxD+ DTR or TRxD+ GND

CTS

DSR RTS

Signal DCD RxD TxD or TRxD+ DTR or TRxD+ GND

CTS

DSR RTS

Signal

RJ45

3 4 5 7 6

2 1

Pins

RJ45

3 4 5 7 6

2 1

Pins

DB25

8 3 2 20 7

6 4

Pins

RJ45 Null-Modem Cables (RS-232)

Use the following figure if you need to build an RS-232 null-modem cable. A nullmodem cable is required for connecting DTE devices.

Note: You

may want to purchase or build a straight-through cable and purchase a null-modem adapter. For example, a null-modem cable can be used to connect COM2 of one PC to COM2 of another PC.

RJ45 Null-Modem Cables (RS-422)

Use the following figure if you need to build an RS-422 null-modem RJ45 cable. A null-modem cable is required for connecting DTE devices.

Note: RS-422 pinouts are not standardized. Each peripheral manufacturer uses

different pinouts. Please refer to the documentation for the peripheral to determine the pinouts for the signals above.

RJ45 Straight-Through Cables (RS-232/485)

Use the following figure if you need to build an RS-232 or RS-485 straight-through cable. Straight-through cables are used to connect modems and other DCE devices. For example, a straight-through cable can be used to connect COM2 of one PC to COM2 to a modem.

66 - Connecting Serial Devices

DeviceMaster LT User Guide: 2000586 Rev. B

Page 67

RJ45 Loopback Plugs

TRxDTRxD+

Signal

TRxDTRxD+

Signal

RJ45

7 5

Pins

Loopback connectors are RJ45 serial port plugs with pins wired together that are used in conjunction with application software (Test Terminal for Windows, which is available in PortVision DX or Minicom for Linux) to test serial ports. The DeviceMaster LT is shipped with a single loopback plug (RS232/422).

•Pins 4 to 5

•Pins 1 to 8

• Pins 2 to 3 to 7

RJ45 RS-485 Test Cable

You can use a straight-through cable as illustrated previously, or build your own cable.

RJ45 Loopback Plugs

Note: RS-422 pinouts are

Connecting RJ45 Devices

You can use this information to connect serial devices to RJ45 connectors.

1. Connect your serial devices t T using the appropriate cable.

Note: Refer to the hardware

2. Verify that the DeviceMaster LT LEDs indica

hat the devices are communicating properly.

The RX (green) and TX (yellow) LEDs functions are cable is attached properly to a serial device.

LED Mode Description LED Status

RX (Green)

TX (Y

ellow)

not standardized. Each peripheral manufacturer uses different pinouts. Refer to the documentation for the peripheral to determine the pinouts for the signals above.

o the appropriate serial port on the DeviceMaster

manufacturer’s installation documentation if you

need help with connector pinouts or cabling for the peripheral device.

displayed in the following table when the

No valid RS-232 device is connected Always off

RS-232

Valid RS-232 device is connected but no data transmission is occurring

Data being received LED blinks

No data being received Always off

RS-422/485

Data being received

LED blinks

No mode No mode selected Always off

RS-232/ 422/485

No data being transmitted Always off

Data being transmitted LED blinks

DeviceMaster LT User Guide: 2000586 Rev. B

Connecting Serial Devices - 67

Page 68

Connecting RJ45 Devices

3. You can refer to DeviceMaster LT LEDs on Page 129 for information about the remaining LEDs.

Note: The RX/TX

LEDs cycle during a reboot cycle.

68 - Connecting Serial Devices

DeviceMaster LT User Guide: 2000586 Rev. B

Page 69

Managing the DeviceMaster LT

This section discusses the following DeviceMaster LT maintenance procedures:

• Rebooting the DeviceMaster LT

•

Updating Firmware Across WANs (Windows) on Page 70

•

Uploading SocketServer to Multiple DeviceMaster LTs on Page 74

•

Configuring Multiple DeviceMaster LTs Network Addresses on Page 75

Note: You c

•

Adding a New Device in PortVision DX on Page 75

•

Using SocketServer Configuration Files on Page 77

•

Using Driver Configuration Files on Page 79

•

Changing the Bootloader Timeout on Page 84, which discusses changing the

Bootloader timeout

•

Managing Bootloader on Page 85, which also discusses checking the

Bootloader version and downloading the latest Bootloader

•

Checking the NS-Link Version on Page 87

•

Accessing SocketServer Commands in Telnet/SSH Sessions (PortVision DX)

on Page 90

Note: Y

ou can optionally refer to RedBoot Procedures on Page 99 if you want to

perform procedures at the RedBoot level.

an configure the network addresses for multiple DeviceMaster LTs, configure com settings to a configuration file that you can use to load settings up to all or selected DeviceMaster LTs.

mon settings for the DeviceMaster LTs, and save the

Rebooting the DeviceMaster LT

There are many ways to reboot the DeviceMaster LT.

Method Procedure

PortVision DX

Web page

Telnet Type re

DeviceMaster LT

Optionally, you can power cycle

Right-click the DeviceMaster LT or DeviceMaster LTs in the

Device L

Note: I

Main page (Server Status): Scroll

click Reboot and then Yes: R e b oo t .

DeviceMaster LT has a Reset/Resto

•If the Reset/R

ist pane, click Advanced >Reboot and then Yes .

f security has been enabled in the web page, you will

need to reboot the DeviceMaster LT in the web page.

to the bottom of the page,

set.

re switch.

estore switch is depressed for less than 2

seconds, the DeviceMaster LT reboots.

estore switch is depressed for greater than

approximately 5 seconds it restores the DeviceMaster LT to the factory default values.

the DeviceMaster LT.

DeviceMaster LT User Guide: 2000586 Rev. B

Managing the DeviceMaster LT - 69

Page 70

Updating Firmware Across WANs (Windows)

You can use this procedure to update SocketServer with PortVision DX using a TFTP server. If you have a TFTP server installed, skip to

This procedure is also recommended in cases using convention methods.

1. If you do not have a TFTP server, you your Windows operating system from the Comtrol ftp site.

ftp://ftp.comtrol.com/contribs/utilities/3rd_party_utils_free/tftp_server

Step 2.

where SocketServer fails to load

can download the appropriate one for

Note: Depending on your Windows operating system, you may need to respond

to a Security Warning popup.

a. Unzip the tftp server that

you downloaded to your host system in a location that you can easily find.

b. Execute the tf

tp.64.exe (or

tftp32.exe) file.

c. Click Run.

d. Depending on yo

rating system, you ma

ope ne

ed to click Unblock, if

you receive a Windows Security Alert popu

The Tftpd application

opens:

70 - Managing the DeviceMaster LT

DeviceMaster LT User Guide: 2000586 Rev. B

Page 71

Updating Firmware Across WANs (Windows)

2. Make sure that you have downloaded the latest SocketServer version from:

ftp://ftp.comtrol.com/dev_mstr/LT/software/socketserver.

You may want to place SocketServer in the same

3. Optionally, rename the Soc umber) to 1.bin to make the following steps easier.

4. If necessary, open PortVision DX: Start >Pr

rtVision DX or the desktop shortcut.

5. Change the Bootloader Time

ketServer-x.xx.bin file (where x.xx is the version

ogram > Comtrol > PortVision DX >

out value to 60 seconds.

a. Right-click the DeviceMaster LT in the Device List p

directory as the Tftpd server.

ane for which you

want to upload the latest SocketServer and click Properties.

b. Change the B

se.

Clo

ootloader Timeout value to 60, click Apply Changes, and then

DeviceMaster LT User Guide: 2000586 Rev. B

Note: If the PuTTY screen flashes in the background and does not appear

shown above, make sure that Enable Telnet/ssh has not been

disabled in SocketServer. To check this, return to PortVision DX, right-click the DeviceMaster LT in the Device List pane, and click

Webpage. Click the Security tab and if necessary, verify that the Enable Telnet/ssh option is enabled.

Managing the DeviceMaster LT - 71

Page 72

Updating Firmware Across WANs (Windows)

6. In PortVision DX, right-click the DeviceMaster LT in the Device List pane for

ch you want to upload the latest SocketServer. and click Telnet/SSH Session.

whi

7. Leave the popup set to Te

8. Make sure that the Bootloader ve

ln et and Selected Port 23, and click Ok.

rsion number displays with the RedBoot>

prompt.

If the Re

dBoot> prompt does not appear, reboot the DeviceMaster LT and try

again. You must be at the RedBoot> prompt for the following steps to work. Repeat

Steps 6 through 7.

72 - Managing the DeviceMaster LT

DeviceMaster LT User Guide: 2000586 Rev. B

Page 73

Updating Firmware Across WANs (Windows)

9. At the RedBoot> prompt, enter dis and press Enter.

Note: Make sure that loading

is disabled before performing the next step.

10. Enter the following command:

load -r -b 0x28000000 -h <tftp-Server_IP_Addr> <Download_Filename>

Note: The tftp-Server_IP_Addr can be viewed in the application (Page 70) and if

you renamed the file as suggested, the file name is 1.bin.

11. At the Re

dBoot> prompt, type go after the raw file string appears.

12. Close the PuTTY window and click Ok.

13. In PortVision DX, highlight the DeviceMaster LT in the Device List pa ou updated and click Refresh. You may need to click Refresh

fore you see the latest SocketServer version listed under the

rsion.

several times

Software

ne that

DeviceMaster LT User Guide: 2000586 Rev. B

Managing the DeviceMaster LT - 73

Page 74

Uploading SocketServer to Multiple DeviceMaster LTs

You can use this procedure if your DeviceMaster LT is connected to the host PC, laptop, or if the DeviceMaster LT resides on the local network segment.

1. If you have not done so, install PortVision DX (

Page 15) and Scan the

2. Shift-click the multiple D

update and use one of the following methods:

•Click the Uplo

• Right-click and then click Adv

•Click Adv

anced >Upload Firmware in the Manage menu.

network.

eviceMaster LTs on the Main screen that you want to

ad button.

anced > Upload Firmware.

Installing PortVision DX on

3. Browse, click the firmware (.b

4. Click Ok to

In the next polling cycle, PortVision DX updates the De the new firmware version.

74 - Managing the DeviceMaster LT

in) file, Open (Please locate the new firmware),

and then click Yes (Upload Firmware).

It may take a few moments for the firmware to

upload onto the DeviceMaster

LT. The DeviceMaster LT reboots itself during the upload process.

the advisory message about waiting to use the device until the

atus reads ON-LINE.

vice List pane and displays

DeviceMaster LT User Guide: 2000586 Rev. B

Page 75

Configuring Multiple DeviceMaster LTs Network Addresses

You can configure the network addresses for multiple DeviceMaster LTs using the Assign IP to Multiple Devices option.

In addition, you can also configure common SocketServer or NS-Link web page and save the settings to a configuration file that you can load to all or selected DeviceMaster LTs. See

Configuration Files on Page 77 for more information.

The DeviceMaster LTs must be on the same netwo work. Use the following steps to configure multiple DeviceMaster LTs.

1. If you have not done so, install PortVision DX (

Page 15) and Scan the network.

2. Shift-click the DeviceMast Ts for which you want to

program network information, right-click, and click Advanced > Assign IP to Multiple Devices.

3. Enter the starting IP address,

subnet ma

sk, IP Gateway and

click Proceed.

PortVision DX displays the p

rogrammed IP addresses in

the Device List pane after the next refresh cycle.

settings for the DeviceMaster LT

rk segment for this procedure to

Installing PortVision DX on

Using SocketServer

Adding a New Device in PortVision DX

You can add a new DeviceMaster LT manually, if you do not want to scan the network to locate and add new DeviceMaster LTs, but there may be cases where you want to use the Add New Device window to:

• Configure DeviceMaster LT units that are

ing

Remote Using the IP Address on Page 75.

• Pre-configure a DeviceMaster LT in P

the IP Address or MAC Address on Page 76.

Remote Using the IP Address

Use the following procedure to add a remote

1. Access the N

•Click Add New

ew Device window using one of these methods:

> Device in the Manage menu.

• Right-click a folder or a RocketLinx switch in the Device Tree pa nywhere in the pane, as long as a DeviceMaster LT is not highlighted and

(a you are in a valid folder) and click Add New > Device.

2. Select the appropriate DeviceMaster LT in the D

3. Select the appropriate model in the De

4. Enter a friendly device name in the De

5. Select REMO

TE for the Detection Type.

6. Optionally, enter the seri

not on the local network (remote)

ortVision DX (local) using Local Using

DeviceMaster LT to PortVision DX.

evice Type drop list.

vice Model drop list.

vice Name list box.

al number in the Serial Number list box.

DeviceMaster LT User Guide: 2000586 Rev. B

Managing the DeviceMaster LT - 75

Page 76

Local Using the IP Address or MAC Address

7. Enter the IP Address for the DeviceMaster LT. It is not necessary to enter the net Mask and Default Gateway.

Sub

Local Using the IP Address or MAC Address

8. Click Ok to

close the Add New Device window. It may take a few moments to

save the DeviceMaster LT.

9. If necessary, click Refr

ree or Device List panes. The DeviceMaster LT shows OFF-LINE if it is no

hed to the network or if an incorrect IP address was entered.

attac

esh for the new DeviceMaster LT to display in the Device

Use the following procedure to add a local DeviceMaster LT to PortVision DX if you do

1. Locate the network information or MAC

2. Access the N

not want to scan the network.

address of the DeviceMaster LT you

nt to add.

ew Device window using one of these methods:

•Click Add New

> Device in the Manage menu.

• Right-click a folder or a RocketLinx switch in the Device Tree pa

(anywhere in the pane, as long as a DeviceMaster LT is not highlighted and

ou are in a valid folder) and click Add New > Device.

3. Select the appropriate DeviceMaster LT in the De

vice Type drop list.

4. Select the appropriate model in the De

5. Enter a friendly device name in the De

76 - Managing the DeviceMaster LT

vice Model drop list.

vice Name list box.

DeviceMaster LT User Guide: 2000586 Rev. B

Page 77

6. Select LOCAL for the Detection Type.

7. Enter the MAC address or network informatio

Note: A MAC address label is attached to all DeviceMaster LT units. The first

three pairs of digits start

8. Optionally, enter the seri

9. Click Ok

10. If necessary, click Refresh for the new DeviceMaster LT to display in the Device

ree or Device List panes. The DeviceMaster LT shows OFF-LINE if it is

hed to the network or if an incorrect IP address was entered.

attac

Using SocketServer Configuration Files

If you are deploying multiple DeviceMaster LT units that share common SocketServer values, you can save the configuration file (.dc) from the Main or Properties > Software Settings tab in PortVision DX and load that configuration onto other DeviceMaster LT units.

If you save a SocketServer configuration file from the Ma on the Properties screen, you can choose what settings you want saved or loaded.

You may want to program the network settings in multiple DeviceMaster LTs us

ing Configuring Multiple DeviceMaster LTs Network Addresses on Page 75.

Using SocketServer Configuration Files

with 00 C0 4E.

al number in the Serial Number list box.

not

in or Software Settings tab

Saving a SocketServer Configuration F

Loading a SocketServer Configuration F

ile

Use this procedure to save a configuration file using the Main screen.

Note: Optionally, you can

save a configuration file by accessing the Software

Settings tab in the Properties screen and then clicking the Save Settings to a File button.

1. If you have not done so, install PortVision DX (

Installing PortVision DX on

Page 15) and Scan the network.

2. Highlight the DeviceMaster LT in the Device List pa

nfiguration and use one of the following methods:

its co

•Click the Sa

• Right-click and then click Con

3. Browse to the location you want to save th

ve button.

figuration > Save.

e file, enter a file name, and click

ne that you want to save

Save.

4. Click the All check box

h property page in the configuration file and click Done.

eac

5. Click Ok to

close the Save Configuration Completed message.

or click only the properties that you want saved for

Use the following procedure to load a previously saved a DeviceMaster LT configuration file. Load a configuration file and apply it to a selected DeviceMaster LT or DeviceMaster LTs from the Device List pane or Software Settings tab on the Properties screen.

Use this procedure to load a configuration file using the Device List pane

to one or

more DeviceMaster LT units.

1. Highlight the device or devices in the Device List pa

ne that you want to load

and use one of the following methods:

•Click the Load button

• Right-click and then click Co

nfiguration > Load

DeviceMaster LT User Guide: 2000586 Rev. B

Managing the DeviceMaster LT - 77

Page 78

Loading a SocketServer Configuration File

•Click Load Settings from a File on the Software Settings th

2. Click Ye

will take 25 seconds per device

it may also reboot the devices.

and

3. Browse to the lo iguration file, click the fi

conf

me (.dc) and then Open.

4. Click the All check

the properties that you wa

only to

load for each property page

he configuration file and th

ick Done.

Note: If

5. Close the Load

popup message.

tab of

e Properties screen

s to the warning that it

cation of the

box or click

you click All, every

d DeviceMaster LTs

selecte will be programmed with the same IP address.

Configuration

78 - Managing the DeviceMaster LT

DeviceMaster LT User Guide: 2000586 Rev. B

Page 79

Using Driver Configuration Files

This subsection discusses how to create (save) and load driver configuration files. You may want to create driver configuration files for these reasons:

• Save the driver configuration settings so that you can load them on simila

viceMaster LTs to save configuration time

• Save the driver configuration settings b

version to install a new driver version and you want to reload the driver configuration settings into the new driver

Using Driver Configuration Files

ecause you need to remove a driver

Saving Driver Configuration F

Saving Device-Level Configuration

iles

You must save the driver configuration file in portions:

• Device-level configuration parameters.

• Port configuration parameters. You must upload each port's configuratio

parameters s

eparately

Use the following procedure to create and save a configuration file.

1. If necessary, open the C

omtrol Drivers Management Console using one of these

methods:

• Windows Control Pan

el; go to your Control Panel and click the Comtrol

Drivers Management Console.

• Sho

2. Depending on your operating system

rtcut; located under Start> Program Files> Comtrol> DeviceMaster LT>

ol Drivers Management Console.

Comtr

, you may need to click Ye s to the Do you

nt to allow the following program to make changes to this computer? User

Account Control message.

3. Highlight the DeviceMaster LT for which you want to save the driv iguration.

conf

4. Click Sa

ve Configuration.

DeviceMaster LT User Guide: 2000586 Rev. B

Managing the DeviceMaster LT - 79

Page 80

Saving Port-Level Configuration

5. Optionally, change the default file name and click Save.

6. Repeat the previous steps for each DeviceMaster LT for which you want to

save the driver configuration.

Saving Port-Level Conf

iguration

Use the following procedure to create and save a port configuration file. Port configuration, must be saved on a port-by-port basis.

1. If necessary, open the C

omtrol Drivers Management Console using one of these

methods:

• Windows Control Panel; go

vers Management Console.

Dri

• Shortcut; l

ocated under Start> Program Files> Comtrol> DeviceMaster LT>

to your Control Panel and click the Comtrol

Comtrol Drivers Management Console.

2. Depending on your operating system, you may need to click Ye

nt to allow the following program to make changes to this computer? User

s to the Do you

Account Control message.

3. Highlight the DeviceMaster LT for which you want to save the port-level

conf

iguration.

4. Highlight the port for which you want to save port configuration.

5. Click Sa

6. Repeat this process for each port for whi

80 - Managing the DeviceMaster LT

settings

ve Configuration.

ch you want to save the configuration

DeviceMaster LT User Guide: 2000586 Rev. B

Page 81

Loading Driver Configuration Files

Loading Device Configuration

You must have previously saved a driver configuration file before you can load a configuration file.

The driver configuration file uploads in portions:

• Device-level configuration parameters.

• Port configuration parameters. You must upload each port's configuratio

parameters s

eparately

Use the following procedure to load the configuration file for device-level information for your DeviceMaster LT.

1. If necessary, open the C

omtrol Drivers Management Console using one of these

methods:

• Windows Control Pan

ol Drivers Management Console.

Comtr

• Sho

rtcut; located under Start> Program Files> Comtrol> DeviceMaster LT>

ol Drivers Management Console.

Comtr

2. Depending on your operating system

nt to allow the following program to make changes to this computer? User

el; go to your Control Panel and click on the

, you may need to click Ye s to the Do you

Account Control message.

3. In the left pane, highlight the DeviceMaster LT for which you want to load the

vice-level settings from the configuration file.

4. Click Load Conf

5. Browse to the location of

DeviceMaster LT User Guide: 2000586 Rev. B

iguration.

the configuration file that you want to load.

Managing the DeviceMaster LT - 81

Page 82

Loading Port Configuration

6. Highlight the configuration file and click Open. The configuration file loads in

a few moments.

Loading Port Conf

iguration

7. Make the appropriate choice for your situation:

•Click No to

tiple DeviceMaster LTs with the same device-level settings.

mul

•Click Ye

a specific DeviceMaster LT. For example, you needed to remove re-inst

8. Click Ap

ply so that the configuration is saved on the DeviceMaster LT.

9. Go to the next procedure if you want iguration file.

conf

the ComtrolApplet message, if you are using the file to set up

s to the ComtrolApplet message, if you are using the file to restore

and then

all the DeviceMaster LT NS-Link device driver.

to restore port settings from a

Use the following procedure to load the configuration file for port-level settings for your DeviceMaster LT.

Note: Device driver configuration files must

be for the same model with the same

port density

1. If necessary, open the C

omtrol Drivers Management Console using one of these

methods:

• Windows Control Panel; go

ol Drivers Management Console.

Comtr

• Shortcut; l

ocated under Start> Program Files> Comtrol> DeviceMaster LT>

to your Control Panel and click on the

Comtrol Drivers Management Console.

2. Depending on your operating system, you may need to click Ye

nt to allow the following program to make changes to this computer? User

s to the Do you

Account Control message.

82 - Managing the DeviceMaster LT

DeviceMaster LT User Guide: 2000586 Rev. B

Page 83

Loading Port Configuration

3. In the left pane, highlight the port for which you want to load the port-level

settings from the configuration file.

4. Click Load Conf

5. Browse to the location of

iguration.

the configuration file that you want to load.

6. Highlight the configuration file and click Op

a few moments.

7. Make the appropriate choice for your sit

•Click No to the C

ltiple DeviceMaster LTs with the same port-level settings.

•Click Ye

s to the ComtrolApplet

omtrolApplet message, if you are using the file to set up

message, if you are using the fi

uation:

le to restore a specific De

viceMaster LT. For example,

you needed to remove

and then re-install the DeviceMaster LT NS-

Link device driver.

en. The configuration file loads in

DeviceMaster LT User Guide: 2000586 Rev. B

Managing the DeviceMaster LT - 83

Page 84

Changing the Bootloader Timeout

8. Click Apply so that the configuration is saved on the DeviceMaster LT.

9. Repeat

Steps 3 through 8 for each port that you want to restore.

Changing the Bootloader Timeout

If SocketServer fails during the upload process, you should change the Bootloader timeout value to 45 seconds.

Note: The

Note: You should return

Use the following procedure to change the Bootloader timeou can use this procedure to return the Bootloader timeout to 15 seconds after you have successfully uploaded SocketServer.

1. If necessary, start PortVision DX, from Pr

2. Right-click the DeviceMaster LT in the Device T

click Properties.

3. Type 45 in the Bootloa

DeviceMaster LT must be able to communicate using an IP address, which is compatible with this local network. If necessary, refer to

Configuring the Network Settings on Page 18.

you upload SocketServer.

rtVision DX.

the Bootloader Timeout value back to 15 seconds after

t to 45 seconds. You

ograms> Comtrol > PortVision DX >

ree or Device List pane and

der Timeout text box and click Apply.

84 - Managing the DeviceMaster LT

DeviceMaster LT User Guide: 2000586 Rev. B

Page 85

Managing Bootloader

Caution

Bootloader refers to the operating system that runs on the DeviceMaster LT hardware during the power on phase, which then loads SocketServer.

Note: T

There are several methods and tools that you can use to version or update the Bootloader.

• Po

• Optionally, RedBoot can be used to check the Bootloader version and update

Managing Bootloader

ypically, you should not update the Bootloader unless advised to do so by

Comtrol Technical Support.

check the Bootloader

rtVision DX is the easiest way to check the Bootloader version and upload

the latest version.

the

Bootloader. See

RedBoot Procedures on Page 99 for procedures.

Checking the Bootl

oader Version

Uploading Bootl

oader

The following procedure uses PortVision DX to check the Bootloader version. Optionally, you can use RedBoot, see

Determining the Bootloader Version on Page

103.

1. If you have not done so, install PortVision DX (

Page 15) and Sca

n the network.

2. Right-click the DeviceMaster LT in the Device List pa

Installing PortVision DX on

ne and click Advanced >

Reboot.

3. Click Ye

4. Right-click the DeviceMaster LT in the Device List pa may need to do this several times until you catch the reboot cycle in the List p before

5. Check the Comtrol web site to see if a

s to the Confirm Reboot query.

ne, click Refresh. You

Device

ane. The Bootloader version is briefly displayed during the reboot cycle

SocketServer loads.

later version is available.

6. Go to the next subsection if you need upload a new version of Bootloader.

Use the following procedure to upload Bootloader to the DeviceMaster LT. Typically, you should not update the Bootloader unless advised to do so by Comtrol Technical Support or a notice has been posted to the firmware download page on the ftp site.

Note: T

echnical Support does not recommend updating Bootloader across a WAN. For best results, connect the DeviceMaster LT directly to a PC or laptop to upload Bootloader.

Make sure that power is not interrupted while uploading Bootloader. P

ower interruption while uploading Bootloader will require that the

DeviceMaster LT must be sent into Comtrol so that it can be reflashed.

If you are not successful uploading SocketServer into the DeviceMaster L

T, do not upload Bootloader.

1. If you have not done so, install PortVision DX (

Page 15) and Sca

2. If necessary, check the Bootloader version (Checking the Bootloader Version and download the latest version.

DeviceMaster LT User Guide: 2000586 Rev. B

Installing PortVision DX on

n the network.

)

Managing the DeviceMaster LT - 85

Page 86

Uploading Bootloader

3. Right-click the DeviceMaster LT for which you want to update, click Advanced > Upload Firmware, browse to the Bootloader .bin file, and then click Open.

4. Click Ye

s to the Upload Firmware message that warns you that this is a

sensitive process.

5. Click Ok

to the second

load Firmware message.

6. Right-click the Device

T and click Refresh until th

L Bootload in

the Device List pane an

veri

er version display

fy that the new versio

loaded.

Master

86 - Managing the DeviceMaster LT

DeviceMaster LT User Guide: 2000586 Rev. B

Page 87

Checking the NS-Link Version

Use this procedure to check the NS-Link web page version. Remember, an NSLink version displays when the NS-Link device driver has been installed and configured, NS-Link is the same firmware as SocketServer.

1. Start PortVision DX.

2. If necessary, click Scan to

Checking the NS-Link Version

locate the DeviceMaster LT.

The Device List pane displays the NS-Link (SocketServer) version.

3. Check the Comtrol ftp site to see i

f a later version is available.

To check the NS-Link version, you will need to check to see what version

ketServer is available.

Soc

You can use this link to check to see what

vailable at:

ftp:/ftp.comtrol.com/dev_mstr/LT/software/SocketServer/.

version of SocketServer/NS-Link is

4. Compare the version number displayed in PortVision DX to the version displayed in the ftp directory.

DeviceMaster LT User Guide: 2000586 Rev. B

Managing the DeviceMaster LT - 87

Page 88

Restoring Serial Port Settings

5. If a higher version of SocketServer is available and you want to update the DeviceMast

a. Update SocketServer using

on Page 24.

b. Download the latest driver from

win7.

c. Update to the latest driver using the DeviceMaster LT Device Driver (NS-

Link) User Guide, which can be downloaded using Page 9 or viewed on the

Comtrol CD shipped with the DeviceMaster LT.

Restoring Serial Port Settings

er LT with the latest software:

Uploading SocketServer with PortVision DX

ftp://ftp.comtrol.com/dev_mstr/LT/drivers/

Use the web page and/or the NS-Link device driver for Windows to restore the serial port settings to their default values.

The NS-Link serial port settings are independent of the socket serial port settings on the w

eb page. If you are using COM ports and also have configured the port for socket services, you must restore the default port settings in the driver and web page.

NS-Link COM Port You can use this procedure to reset NS-Link serial port settings.

1. Open the C

Comtr

omtrol Drivers Management Console using Start > Programs >

ol > DeviceMaster LT or under Control Panel, Comtrol Drivers Management

Console.

2. Highlight the first port that you want reset to default values.

3. Click the Defaults

4. Click Ap

ply or Ok.

If necessary, you can reset DeviceMaster LT dev

button (and if appropriate, Clone).

ice properties to their defaults on

the Device General tab using the Defaults button.

Socket Port Use the following procedure to reset the soc

1. Open the DeviceMaster LT web page (

ket port serial settings.

Accessing Socket Configuration on Page

43).

2. Scroll to the bottom of the Serve

r Status page (main) and click Reboot.

88 - Managing the DeviceMaster LT

DeviceMaster LT User Guide: 2000586 Rev. B

Page 89

Socket Port

3. When the Reboot page appears, click the Set configuration for all ports to factory

ault settings check box.

def

4. Click the Y

es, Reboot button.

DeviceMaster LT User Guide: 2000586 Rev. B

Managing the DeviceMaster LT - 89

Page 90

Accessing SocketServer Commands in Telnet/SSH Sessions (PortVision DX)

You can open a Telnet or SSH session using PortVision DX. Use the appropriate procedure for your site:

•

Telnet Session (below)

•

SSH Session on Page 92

Telnet Session Use the following procedure to access a te

1. In PortVision DX, PortVision DX, rig

Device List pane for which you want to open a telnet session, and click Te ln et / SSH Session.

lnet session with PortVision DX.

ht-click the DeviceMaster LT in the

2. Leave the popup set to Te

90 - Managing the DeviceMaster LT

ln et and Selected Port 23, and click Ok.

DeviceMaster LT User Guide: 2000586 Rev. B

Page 91

Telnet Session

3. If necessary, enter the password and press Enter. If a password has not been

set, pres

s Enter.

4. You can type hel

NS-Link.

p to refer to available commands supported by SocketServer/

DeviceMaster LT User Guide: 2000586 Rev. B

Managing the DeviceMaster LT - 91

Page 92

SSH Session

SSH Session Use the following procedure to access an SSH session with PortVision DX.

1. In PortVision DX, PortVision DX, rig

ht-click the DeviceMaster LT in the

Device List pane for which you want to open an SSH session, and click Tel ne t/ SSH Session.

2. Click SS

H and leave the port number at the default.

92 - Managing the DeviceMaster LT

DeviceMaster LT User Guide: 2000586 Rev. B

Page 93

SSH Session

3. If necessary (depending on the operating system), respond to the security

tification.

4. Press Enter

Note: The DeviceMaster LT does not have a user name.

5. If necessary, enter the password and press Enter. If a passw

set, pres

6. You can type hel

s Enter.

p to refer to available SocketServer/NS-Link commands.

ord has not been

DeviceMaster LT User Guide: 2000586 Rev. B

Managing the DeviceMaster LT - 93

Page 94

Accessing RedBoot Commands in Telnet/SSH Sessions (PortVision DX)

You can open a Telnet or SSH session using PortVision DX to access RedBoot commands.

Use the following procedure to access a telnet or SSH session with PortVision DX.

1. In PortVision DX, PortVision DX, rig

Device List pane for which you want to open a telnet session, and click Te ln et / SSH Session.

ht-click the DeviceMaster LT in the

2. Select Te

94 - Managing the DeviceMaster LT

l ne t or SSH, leave the Selected Port number, and click Ok.

DeviceMaster LT User Guide: 2000586 Rev. B

Page 95

Accessing RedBoot Commands in Telnet/SSH Sessions (PortVision DX)

3. If necessary, enter the password and press Enter. If a password has not been

set, pres

s Enter. If using an SSH session, press Enter to the login as prompt.

Note: If the PuTTY

4. Type Re

screen flashes in the background and does not appear

as shown above, make sure that Enable Telnet/ssh has not been disabled in SocketServer. To check this, return to PortVision DX, right-click the DeviceMaster LT in the Device List pane, and click

Webpage. Click the Security tab and if necessary, verify that the Enable Telnet/ssh option is enabled, If it is not, click the option and then click Save, and close SocketServer.

set, press Enter, and close the telnet session.

DeviceMaster LT User Guide: 2000586 Rev. B

Managing the DeviceMaster LT - 95

Page 96

Accessing RedBoot Commands in Telnet/SSH Sessions (PortVision DX)

5. Quickly re-open the telnet or SSH session using the previous steps.

6. Select Te

l ne t or SSH, leave the Selected Port number, and click Ok.

96 - Managing the DeviceMaster LT

DeviceMaster LT User Guide: 2000586 Rev. B

Page 97

Accessing RedBoot Commands in Telnet/SSH Sessions (PortVision DX)

7. Press Enter. You can type help to review the RedBoot commands. You can also

refer to

RedBoot Command Overview on Page 107.

Note: The dm prompt

reset the Bootloader timeout for a longer time period and retry this procedure.

should be replaced by a redboot prompt. If not, you can

DeviceMaster LT User Guide: 2000586 Rev. B

Managing the DeviceMaster LT - 97

Page 98

Accessing RedBoot Commands in Telnet/SSH Sessions (PortVision DX)

98 - Managing the DeviceMaster LT

DeviceMaster LT User Guide: 2000586 Rev. B

Page 99

RedBoot Procedures

You can use this section as a reference if you want to perform tasks in RedBoot.

•

Accessing RedBoot Overview on Page 99

•

Establishing a Serial Connection on Page 100

•

Establishing a Telnet Connection on Page 101

•

Determining the Network Settings on Page 102

•

Configuring the Network Settings on Page 102

•

Changing the Bootloader Timeout, Page 103

•

Determining the Bootloader Version on Page 103

•

Resetting the DeviceMaster LT on Page 104

•

Uploading Firmware - Telnet Method (Linux) on Page 104

•

Configuring Passwords on Page 106

•

RedBoot Command Overview on Page 107.

Optionally, you can install PortVision DX and perform all of these tasks. PortVision DX provides a Telnet/SSH session, which is discussed in

(PortVision DX) on Page 94.

Accessing RedBoot Commands in Telnet/SSH Sessions

on a Windows system on the network

Accessing RedBoot Overview

To access RedBoot, you can use one of the following methods:

•A serial connection between P

a PC (Page 100). If you plan on using the serial method, you will need a null modem cable, a terminal program installed and configured on the PC, and a

Bootloa

value has been reduced to 1 second, this procedure will NOT be possible.

Note: Use

If you do not know the IP address of the serial connection to communicate with the DeviceMaster LT.

•A tel

net connection (Page 101), if the DeviceMaster LT is locally accessible by

Ethernet. A te addition, the IP address must also be valid for the network to which it is attached.

For example: The network segment must be 192 DeviceMaster LT default IP address if you have not changed the IP address to operate on your network.

ort 1 on the DeviceMaster LT and a COM port on

der Timeout value in excess of 15 seconds. If the Bootloader Timeout

the serial connection method, if the DeviceMaster LT is not on the

same Ethernet network segment as the PC.

DeviceMaster LT you must use a

lnet connection requires that you know the IP address. In

.168.250.x to telnet to the

DeviceMaster LT User Guide: 2000586 Rev. B

RedBoot Procedures - 99

Page 100

Establishing a Serial Connection

#!DM

RedBoot>dis Loading disabled

Establishing a Serial Connection

Use the following procedure to set up a serial connection with a terminal server program. You can use HyperTerminal (Windows) or Minicom (Linux) or optionally, Test Terminal (WCom2), which can be accessed from PortVision DX using Tools > Applications > Test Terminal (WCom2).

1. Connect a null-modem cable from an a

on the DeviceMaster LT.

Note: See

2. Configure the terminal server program to the following values:

• Bits per second = 57600

• Data bits = 8

•Parity = None

• Stop bits = 1

• Flow control = None

Note: I

3. Reset the DeviceMaster LT

Note: Depending on the model, disconnect and reconnect the power cable

4. Immediately type #!

Connecting Serial Devices on Page 65, if you need to build a null-

modem cable.

f you do not disable Bootloader from loading (Steps 3 through 5) within the time-out period (default is fifteen seconds), an application will be loaded from flash and started. If this happens, repeat Steps 3 through 5. The #!DM command is the only case-sensiti uppercase.

(external power supply and no power switch) or turn the power switch on and then off (internal power supply).

vailable COM port on your PC to Port 1

ve command and must be in

DM and press Enter in the terminal program.

100 - RedBoot Procedures

5. At the RedBoo

6. Verify that loading has been disabled

t> prompt, type dis, and press Enter.

7. You can use the appropriate procedure listed on Page 99 or use the RedBoot

Command Overview on Page 107 to perform the desired task.

DeviceMaster LT User Guide: 2000586 Rev. B

Comtrol DeviceMaster LT User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual

Table of Contents

Introduction

DeviceMaster LT Port Usage

Installation Overview

NS-Link COM Port Driver Installation Overview

NS-Link tty Port Installation Overview

TCP/IP Socket Port Installation Overview

Locating Software and Documentation

Hardware Installation

Initial Configuration

PortVision DX Overview

PortVision DX Requirements

Configuring Security Settings and PortVision DX

Installing PortVision DX

Configuring the Network Settings

Checking the SocketServer Version

Uploading SocketServer with PortVision DX

Customizing PortVision DX

Accessing DeviceMaster LT Documentation from PortVision DX

How to Download Documentation

How to Open Previously Downloaded Documents

Overview

Device Driver (NS-Link) Installation

Linux Installations

Windows Installations

Supported Operating Systems

NS-Link for Windows Installation

Configuring the NS-Link Driver for Windows

Configuring COM Port Properties for Windows

Enabling Secure Data Mode

Socket Port Configuration

SocketServer Overview

Web Page Help System

SocketServer Architecture

Accessing Socket Configuration

• Web Browser

• PortVision DX

SocketServer Versions

DeviceMaster LT Security

Understanding Security Methods and Terminology

TCP and UDP Socket Ports Used by the DeviceMaster LT

DeviceMaster LT Security Features

Security Modes The DeviceMaster LT supports two security modes.

Secure Data Mode and Secure Config Mode Comparison

SSH Server

SSL Overview DeviceMaster LT SSL provides the following features:

SSL Authentication DeviceMaster LT SSL authentication has the following features:

Server Authentication is the mechanism by which the DeviceMaster LT proves its

Client Authentication

Certificates and Keys To control access to the DeviceMaster L

SSL Performance

SSL Cipher Suites This subsection provides information about SSL cipher suites.

DeviceMaster LT Supported Cipher Suites

SSL Resources You can refer to the following SSL res

Configure/Enable Security Features Overview

Example 1

Example 2 The following example shows how the -a option enables displaying of ASCII

Example 3

Key and Certificate Management

Using a Web Browser to Set Security Features

Changing Security Configuration

Changing Keys and Certificates

Connecting Serial Devices

RJ45 Null-Modem Cables (RS-232)

RJ45 Null-Modem Cables (RS-422)

RJ45 Straight-Through Cables (RS-232/485)

RJ45 Loopback Plugs

RJ45 RS-485 Test Cable

Connecting RJ45 Devices

Managing the DeviceMaster LT

Rebooting the DeviceMaster LT

Updating Firmware Across WANs (Windows)

Uploading SocketServer to Multiple DeviceMaster LTs

Configuring Multiple DeviceMaster LTs Network Addresses

Adding a New Device in PortVision DX

Remote Using the IP Address