EDS Device Server
User Guide
Part Number 900-433
Revision K March 2020
Intellectual Property
© 2020 Lantronix, Inc. All rights reserved. No part of the contents of this publication may be
transmitted or reproduced in any form or by any means without the written permission of Lantronix.
Lantronix, XPort, MatchPort, and Evolution OS are registered trademark of Lantronix, Inc. in the
United States and other countries. DeviceInstaller and is a trademark of Lantronix, Inc.
Patented: http://patents.lantronix.com
Windows and Internet Explorer are registered trademarks of the Microsoft Corporation. Mozilla
and Firefox are registered trademarks of the Mozilla Foundation. Chrome is a trademark of Google
Inc. Safari is a registered trademark of Apple Inc. Opera is a registered trademark of Opera
Software ASA Corporation Norway. All other trademarks and trade names are the property of their
respective holders.
Warranty
For details on the Lantronix warranty policy, please go to our website at
www.lantronix.com/support/warranty
Contacts
Lantronix, Inc. Corporate Headquarters
7535 Irvine Center Drive
Suite 100
Irvine, CA 92618, USA
Phone: 949-453-3990
Fax: 949-453-3995
Technical Support
Online: www.lantronix.com/support
; additional patents pending.
.
Sales Offices
For a current list of our domestic and international sales offices, go to the Lantronix web site at
www.lantronix.com/about/contact
Disclaimer
Note: This product has been designed to comply with the limits for a Class B digital
device pursuant to Part 15 of FCC and EN55022:1998 Rules when properly enclosed and
grounded. These limits are designed to provide reasonable protection against radio
interference in a residential installation. This equipment generates, uses, and can radiate
radio frequency energy, and if not installed and used in accordance with this guide, may
cause interference to radio communications. See the appendix, sCompliance (on page
145).
All information contained herein is provided “AS IS.” Lantronix undertakes no obligation to update
the information in this publication. Lantronix does not make, and specifically disclaims, all
warranties of any kind (express, implied or otherwise) regarding title, non-infringement, fitness,
quality, accuracy, completeness, usefulness, suitability or performance of the information provided
herein.
.
EDS Device Server User Guide 2
Lantronix shall have no liability whatsoever to any user for any damages, losses and causes of
action (whether in contract or in tort or otherwise) in connection with the user’s access or usage of
any of the information or content contained herein. The information and specifications contained in
this document are subject to change without notice.
Revision History
Date Rev. Comments
March 2006 A
October 2006 B EDS16PR and EDS32PR products added.
December 2006 C Added German TUV certification.
January 2006 D Added English TUV certification.
January 2007 E EDS8PR product added.
November 2007 F Added LPD, Terminal Host, RSS, and RT pages; updated XML and
November 2008 G EDS8PS and EDS16PS products added.
May 2009 H Updated for EDS8/16/32PR and EDS4100 v4.1.0.2.
April 2011 I Updated for firmware version 5.2.0.0R24. Added support for Modbus
July 2017 J Updated for firmware version 5.4.0.1R1.
March 2020 K Updated for firmware version 6.0.0.0R1. Updated with new default
2006 A Initial Document
other pages.
protocol for EDS4100, configurable MTU, and additional VIP tunnel
connect protocols; as well as improvements to SNMP, logging, and SSL.
password, label, and security information.
EDS Device Server User Guide 3
Table of Contents
1: About This Guide 14
Chapter and Appendix Summaries ____________________________________________14
Additional Documentation ___________________________________________________15
2: Introduction 16
EDS4100 Overview ________________________________________________________17
Key Features _________________________________________________________ 17
EDS8PR, EDS16PR, and EDS32PR Overview __________________________________18
Key Features _________________________________________________________ 19
Applications ______________________________________________________________19
Protocol Support _________________________________________________________19
Evolution OS™ Application __________________________________________________20
Additional Features ________________________________________________________20
Modem Emulation ______________________________________________________20
Web-Based Configuration and Troubleshooting _______________________________20
Command-Line Interface (CLI) ____________________________________________20
SNMP Management ____________________________________________________20
XML-Based Architecture and Device Control _________________________________20
Really Simple Syndication (RSS) __________________________________________21
Enterprise-Grade Security _______________________________________________21
Terminal Server/Device Management ______________________________________21
Troubleshooting Capabilities _____________________________________________22
Configuration Methods _____________________________________________________22
Addresses and Port Numbers ________________________________________________22
Hardware Address _____________________________________________________22
IP Address ___________________________________________________________23
Port Numbers _________________________________________________________23
Product Information Label ___________________________________________________23
3: Installation of EDS4100 25
Package Contents _________________________________________________________25
User-Supplied Items _______________________________________________________25
Identifying Hardware Components ____________________________________________26
Serial Ports ___________________________________________________________27
Ethernet Port _________________________________________________________28
Terminal Block Connector _______________________________________________28
LEDs ________________________________________________________________28
Reset Button __________________________________________________________28
Physically Installing the EDS4100 _____________________________________________29
Finding a Suitable Location ______________________________________________29
EDS Device Server User Guide 4
Connecting the EDS4100 ________________________________________________29
4: Installation of EDS8PR, EDS16PR and EDS32PR 31
Package Contents _________________________________________________________31
User-Supplied Items _______________________________________________________31
Identifying Hardware Components ____________________________________________32
Serial Ports ___________________________________________________________32
Console Port __________________________________________________________33
Ethernet Port _________________________________________________________33
LEDs ________________________________________________________________33
Reset Button __________________________________________________________34
Installing the EDS8/16/32PR _________________________________________________34
Finding a Suitable Location ______________________________________________34
Connecting the EDS8/16/32PR ___________________________________________34
5: Using DeviceInstaller 36
Installing DeviceInstaller ____________________________________________________36
Accessing the EDS Unit Using DeviceInstaller ___________________________________36
6: Configuration Using Web Manager 38
Accessing Web Manager ___________________________________________________38
Device Status Page ____________________________________________________39
Web Manager Page Components _____________________________________________40
Navigating the Web Manager ________________________________________________41
7: Network Settings 43
Network 1 (eth0) Interface Status _____________________________________________43
Network 1 (eth0) Interface Configuration _______________________________________44
Network 1 Ethernet Link ____________________________________________________46
8: Line and Tunnel Settings 47
Line Settings _____________________________________________________________47
Line Statistics _________________________________________________________47
Line Configuration _____________________________________________________48
Line Command Mode ___________________________________________________50
Tunnel Settings __________________________________________________________ 51
Tunnel – Statistics _____________________________________________________52
Tunnel – Serial Settings _________________________________________________54
Tunnel – Packing Mode _________________________________________________55
Tunnel – Accept Mode __________________________________________________58
Tunnel – Connect Mode _________________________________________________60
Connecting Multiple Hosts _______________________________________________65
EDS Device Server User Guide 5
Tunnel – Disconnect Mode _______________________________________________66
Tunnel – Modem Emulation ______________________________________________67
9: Terminal and Host Settings 70
Terminal Settings _________________________________________________________70
Terminal Network Configuration ___________________________________________70
Terminal Line Configuration ______________________________________________71
Host Configuration ________________________________________________________73
10: Service Settings 74
DNS Settings _____________________________________________________________74
SNMP Settings ___________________________________________________________75
FTP Settings ____________________________________________________________76
TFTP Settings ____________________________________________________________77
Syslog Settings ___________________________________________________________78
HTTP Settings ____________________________________________________________79
HTTP Statistics ________________________________________________________79
HTTP Configuration ____________________________________________________81
HTTP Authentication ___________________________________________________82
RSS Settings _____________________________________________________________84
LPD Settings _____________________________________________________________85
LPD Statistics _________________________________________________________85
LPD Configuration _____________________________________________________86
Print Test Page ________________________________________________________87
11: Security Settings 88
SSH Settings _____________________________________________________________88
SSH Server Host Keys _________________________________________________ 89
SSH Server Authorized Users ____________________________________________91
SSH Client Known Hosts ________________________________________________93
SSH Client Users ______________________________________________________94
SSL Settings _____________________________________________________________96
SSL Cipher Suites _____________________________________________________96
SSL Certificates _______________________________________________________96
SSL RSA ____________________________________________________________97
SSL Certificates and Private Keys _________________________________________97
SSL Utilities __________________________________________________________98
SSL Configuration _____________________________________________________99
12: Modbus 102
Serial Transmission Mode __________________________________________________102
Modbus Statistics ________________________________________________________ 103
EDS Device Server User Guide 6
Modbus Configuration _____________________________________________________104
13: Maintenance and Diagnostic Settings 105
Filesystem Settings _______________________________________________________105
Filesystem Statistics ___________________________________________________105
Filesystem Browser ___________________________________________________106
Protocol Stack Settings ____________________________________________________108
TCP Settings ________________________________________________________108
IP Settings __________________________________________________________109
ICMP Settings ________________________________________________________110
ARP Settings ________________________________________________________ 111
SMTP Settings _______________________________________________________112
IP Address Filter _________________________________________________________113
Query Port _____________________________________________________________114
Diagnostics _____________________________________________________________115
Hardware ___________________________________________________________115
MIB-II Statistics _______________________________________________________116
IP Sockets __________________________________________________________117
Ping _______________________________________________________________117
Traceroute __________________________________________________________118
Log ________________________________________________________________119
Memory _____________________________________________________________120
Buffer Pools _________________________________________________________121
Processes ___________________________________________________________122
Clock __________________________________________________________________123
Real Time Clock _________________________________________________________124
System Settings _________________________________________________________125
14: Advanced Settings 127
Email Settings ___________________________________________________________127
Email Statistics _______________________________________________________127
Email Configuration ___________________________________________________128
Command Line Interface Settings ____________________________________________129
CLI Statistics _________________________________________________________129
CLI Configuration _____________________________________________________130
XML Settings ____________________________________________________________131
XML: Export Configuration ______________________________________________132
XML: Export Status ____________________________________________________133
XML: Import Configuration ______________________________________________135
15: Branding the EDS Unit 140
Web Manager Customization _______________________________________________140
EDS Device Server User Guide 7
Short and Long Name Customization _________________________________________140
16: Updating Firmware 141
Obtaining Firmware _______________________________________________________141
Loading New Firmware ____________________________________________________141
Appendix A: Technical Support 142
Appendix B: Binary to Hexadecimal Conversions 143
Converting Binary to Hexadecimal ___________________________________________143
Conversion Table _____________________________________________________143
Scientific Calculator ___________________________________________________144
Appendix C: sCompliance 145
RoHS, REACH and WEEE Compliance Statement ______________________________ 145
Lithium Battery Notice _____________________________________________________146
Installationsanweisungen __________________________________________________ 146
Rackmontage ________________________________________________________146
Energiezufuhr ________________________________________________________146
Erdung _____________________________________________________________146
Installation Instructions ____________________________________________________146
Rack Mounting _______________________________________________________146
Input Supply _________________________________________________________147
Grounding ___________________________________________________________147
Appendix D: Lantronix Cables and Adapters 148
Index 149
EDS Device Server User Guide 8
List of Figures
Figure 2-1 EDS4100 4 Port Device Server _____________________________________________17
Figure 2-2 EDS8PR Device Server___________________________________________________ 18
Figure 2-3 EDS16PR Device Server__________________________________________________ 18
Figure 2-4 EDS32PR Device Server__________________________________________________ 18
Figure 2-5 Sample Hardware Address ________________________________________________ 22
Figure 2-6 EDS4100 Product Label __________________________________________________24
Figure 2-7 EDS8/16/32PR Product Label ______________________________________________24
Figure 2-8 EDS8/16PS Product Label ________________________________________________24
Figure 3-1 Front View of the EDS4100 _______________________________________________26
Figure 3-2 Back View of the EDS4100 ________________________________________________26
Figure 3-3 RS-232 Serial Port Pins (Serial Ports 1, 2, 3, 4) ________________________________ 27
Figure 3-4 RS-422/RS-485 Serial Port Pins ____________________________________________27
Figure 3-5 Terminal Block Connector Pin Assignments ___________________________________28
Figure 3-7 Example of EDS4100 Connections __________________________________________30
Figure 4-1 Front View of the EDS16PR _______________________________________________32
Figure 4-2 Back View of the EDS16PR _______________________________________________32
Figure 4-3 RJ45 Serial Port_________________________________________________________33
Figure 4-5 Example of EDS16PR Connections _________________________________________35
Figure 6-1 Prompt for User Name and Password________________________________________38
Figure 6-2 Web Manager Home Page ________________________________________________39
Figure 6-3 Components of the Web Manager Page ______________________________________40
Figure 7-1 Network 1 (eth0) Interface Status ___________________________________________43
Figure 7-2 Network 1 (eth0) Interface Configuration______________________________________ 44
Figure 7-4 Network 1 Ethernet Link __________________________________________________46
Figure 8-1 Line 1 Statistics _________________________________________________________47
Figure 8-2 Line 1 Configuration______________________________________________________48
Figure 8-4 Line 1 Command Mode ___________________________________________________50
Figure 8-6 Tunnel 1 Statistics (1 of 2)_________________________________________________53
Figure 8-7 Tunnel 1 Statistics (2 of 2)_________________________________________________54
Figure 8-8 Tunnel 1 Serial Settings___________________________________________________55
Figure 8-10 Tunnel 1 Packing Mode (Mode = Disable) ___________________________________56
Figure 8-11 Tunnel 1 Packing Mode (Mode = Timeout) ___________________________________56
Figure 8-12 Tunnel 1 Packing Mode (Mode = Send Character) _____________________________57
Figure 8-14 Tunnel 1 Accept Mode___________________________________________________ 59
Figure 8-16 Tunnel 1 - Connect Mode ________________________________________________62
EDS Device Server User Guide 9
Figure 8-18 Host 1, Host 2, Host 3 Exchanged__________________________________________65
Figure 8-19 Tunnel 1 Disconnect Mode _______________________________________________66
Figure 8-22 Tunnel 1 Modem Emulation_______________________________________________69
Figure 9-1 Terminal on Network Configuration __________________________________________70
Figure 9-3 Terminal on Line Configuration _____________________________________________71
Figure 9-5 Host Configuration_______________________________________________________73
Figure 10-1 DNS Settings __________________________________________________________74
Figure 10-2 SNMP Configuration ____________________________________________________75
Figure 10-4 FTP Configuration ______________________________________________________76
Figure 10-6 TFTP Configuration _____________________________________________________77
Figure 10-8 Syslog _______________________________________________________________78
Figure 10-10 HTTP Statistics _______________________________________________________80
Figure 10-11 HTTP Configuration____________________________________________________81
Figure 10-13 HTTP Authentication ___________________________________________________83
Figure 10-15 RSS ________________________________________________________________84
Figure 10-17 LPD Statistics ________________________________________________________86
Figure 10-18 LPD Configuration _____________________________________________________86
Figure 11-1 SSH Server: Host Keys (Upload Keys) ______________________________________89
Figure 11-5 SSH Server: Authorized Users ____________________________________________92
Figure 11-7 SSH Client: Known Hosts ________________________________________________93
Figure 11-9 SSH Client: Users______________________________________________________94
Figure 11-12 SSL ________________________________________________________________99
Figure 12-3 Modbus Statistics______________________________________________________103
Figure 12-4 Modbus Configuration __________________________________________________104
Figure 13-1 Filesystem Statistics ___________________________________________________105
Figure 13-2 Filesystem Browser ____________________________________________________106
Figure 13-4 TCP Protocol _________________________________________________________108
Figure 13-6 IP Protocol __________________________________________________________109
Figure 13-8 ICMP Protocol ________________________________________________________110
Figure 13-10 ARP Protocol Page ___________________________________________________111
Figure 13-12 SMTP______________________________________________________________ 112
Figure 13-14 IP Address Filter Configuration __________________________________________ 113
Figure 13-16 Query Port Configuration_______________________________________________114
Figure 13-17 Diagnostics: Hardware_________________________________________________115
Figure 13-18 MIB-II Network Statistics _______________________________________________116
Figure 13-20 IP Sockets __________________________________________________________117
Figure 13-21 Diagnostics: Ping_____________________________________________________117
Figure 13-23 Diagnostics: Traceroute________________________________________________ 118
EDS Device Server User Guide 10
Figure 13-25 Diagnostics: Log _____________________________________________________119
Figure 13-26 Diagnostics: Log (Filesystem) ___________________________________________119
Figure 13-27 Diagnostics: Log (Line 1)_______________________________________________120
Figure 13-28 Diagnostics: Memory __________________________________________________120
Figure 13-29 Diagnostics: Buffer Pools_______________________________________________121
Figure 13-30 Diagnostics: Processes ________________________________________________122
Figure 13-31 Clock Page _________________________________________________________123
Figure 13-33 Real Time Clock Page_________________________________________________124
Figure 13-35 System_____________________________________________________________ 125
Figure 14-1 Email Statistics _______________________________________________________127
Figure 14-3 CLI Statistics _________________________________________________________129
Figure 14-4 CLI Configuration______________________________________________________ 130
Figure 14-6 XML: Export Configuration_______________________________________________132
Figure 14-8 XML Export Status_____________________________________________________134
Figure 14-10 XML: Import Configuration______________________________________________135
Figure 14-11 XML: Import Configuration from External File _______________________________135
Figure 14-12 XML: Import from Filesystem ___________________________________________ 136
Figure 14-13 XML: Import Configuration from Filesystem ________________________________137
Figure 14-14 XML: Import Line(s) from Single Line Settings on the Filesystem________________138
Figure 16-1 Update Firmware ______________________________________________________141
:
EDS Device Server User Guide 11
List of Tables
Table 3-6 Back Panel LEDs ________________________________________________________28
Table 4-4 Back Panel LEDs ________________________________________________________34
Table 5-1 Device Details Summary___________________________________________________37
Table 6-4 Summary of Web Manager Pages ___________________________________________ 41
Table 7-3 Network 1 (eth0) Interface Configuration ______________________________________44
Table 7-5 Network 1 Ethernet Link ___________________________________________________46
Table 8-3 Line Configuration________________________________________________________ 49
Table 8-5 Line Command Mode _____________________________________________________50
Table 8-9 Tunnel - Serial Settings____________________________________________________55
Table 8-13 Tunnel Packing Mode ____________________________________________________57
Table 8-15 Tunnel Accept Mode_____________________________________________________59
Table 8-17 Tunnel Connect Mode____________________________________________________62
Table 8-20 Tunnel Disconnect Mode _________________________________________________67
Table 8-21 Modem Emulation Commands and Descriptions _______________________________ 67
Table 8-23 Tunnel Modem Emulation_________________________________________________69
Table 9-2 Terminal on Network Configuration __________________________________________71
Table 9-4 Terminal on Line 1 Configuration ____________________________________________ 72
Table 9-6 Host Configuration _______________________________________________________73
Table 10-3 SNMP ________________________________________________________________76
Table 10-5 FTP Settings ___________________________________________________________77
Table 10-7 TFTP Server ___________________________________________________________77
Table 10-9 Syslog ________________________________________________________________79
Table 10-12 HTTP Configuration ____________________________________________________81
Table 10-14 HTTP Authentication____________________________________________________83
Table 10-16 RSS_________________________________________________________________85
Table 10-19 LPD Configuration______________________________________________________87
Table 11-2 SSH Server Host Keys Settings - Upload Keys Method__________________________90
Table 11-3 SSH Server Host Keys Settings - Upload Keys Method__________________________90
Table 11-4 SSH Server Host Keys Settings - Create New Keys Method ______________________91
Table 11-6 SSH Server Authorized User Settings _______________________________________92
Table 11-8 SSH Client Known Hosts _________________________________________________93
Table 11-10 SSH Client Users ______________________________________________________95
Table 11-11 Supported Cipher Suites_________________________________________________ 96
Table 11-13 SSL ________________________________________________________________100
Table 12-1 6 Byte Header of Modbus Application Protocol _______________________________ 102
EDS Device Server User Guide 12
Table 12-2 Modbus Transmission Modes_____________________________________________102
Table 12-5 Modbus Configuration___________________________________________________104
Table 13-3 Filesystem Browser_____________________________________________________107
Table 13-5 TCP Protocol Settings___________________________________________________108
Table 13-7 IP Protocol Settings ____________________________________________________109
Table 13-9 ICMP Settings_________________________________________________________110
Table 13-11 ARP Settings_________________________________________________________111
Table 13-13 SMTP Settings _______________________________________________________112
Table 13-15 IP Address Filter Settings _______________________________________________113
Table 13-19 Requests for Comments (RFCs)__________________________________________116
Table 13-22 Diagnostics: Ping _____________________________________________________118
Table 13-24 Diagnostics: Traceroute ________________________________________________118
Table 13-32 Clock Settings________________________________________________________123
Table 13-34 Real Time Clock Settings _______________________________________________125
Table 13-36 System _____________________________________________________________126
Table 14-2 Email Configuration_____________________________________________________128
Table 14-5 CLI Configuration ______________________________________________________130
Table 14-7 XML Export Configuration________________________________________________ 132
Table 14-9 XML Export Status _____________________________________________________134
Table 14-15 XML: Import Line(s) from Single Line Settings _______________________________139
EDS Device Server User Guide 13
1: About This Guide
This user guide provides the information needed to configure, use, and update the Lantronix®
EDS( device server), which includes models: EDS8PR, EDS16PR, EDS32PR and EDS4100PR. It
is intended for software developers and system integrators who are installing the EDS in their
designs.
Chapter and Appendix Summaries
A summary of each chapter is provided below.
Chapter Description
Chapter 2: Introduction Main features of the product and the protocols it supports. Includes
technical specifications.
Chapter 3: Installation of EDS4100 Instructions for installing the EDS4100 device server.
Chapter 4: Installation of EDS8PR,
EDS16PR and EDS32PR
Chapter 5: Using DeviceInstaller Instructions for viewing the current configuration using the Lantronix
Chapter 6: Configuration Using Web
Manager
Chapter 7: Network Settings Instructions for using the web interface to configure Ethernet
Chapter 8: Line and Tunnel Settings Instructions for using the web interface to configure line and tunnel
Chapter 9: Terminal and Host Settings Instructions for using the web interface to configure terminal and
Chapter 10: Service Settings Instructions for using the web interface to configure settings for
Chapter 11: Security Settings Instructions for using the web interface to configure SSH and SSL
Chapter 12: Modbus Instructions for using the web interface to configure Modbus.
Chapter 13: Maintenance and
Diagnostic Settings
Chapter 14: Advanced Settings Instructions for using the web interface to configure email, CLI, and
Chapter 15: Branding the EDS Unit Instructions for customizing the device.
Chapter 16: Updating Firmware Instructions for obtaining the latest firmware and updating the
Appendix A: Technical Support Instructions for contacting Lantronix Technical Support.
Appendix B: Binary to Hexadecimal
Conversions
Appendix C: sCompliance Lantronix compliance information.
Instructions for installing the EDS8PR, the EDS16PR, and the
EDS32PR device/terminal server.
DeviceInstaller
Instructions for accessing Web Manager and using it to configure
settings for the device.
settings.
settings.
host settings.
DNS, SNMP, FTP, and other services.
security settings.
Modbus is only available on the EDS4100 and is not supported on
the EDS8PR, EDS16PR, EDS32PR, EDS8PS and EDS16PS.
Instructions for using the web interface to maintain the device, view
statistics, files, and logs, and to diagnose problems.
XML settings.
device.
Instructions for converting binary values to hexadecimals.
™ application.
EDS Device Server User Guide 14
Chapter (continued) Description
Appendix D: Lantronix Cables and
Adapters
Additional Documentation
Visit the Lantronix web site at www.lantronix.com/support/documentation for the latest
documentation and the following additional documentation.
Document Description
EDS4100 Device Server Quick Start
Guide
EDS4100 Device Server Command
Reference
EDS8/16/32PR Device Server Quick
Start Guide
EDS8/16/32PR Device Server
Command Reference
DeviceInstaller Online Help Instructions for using the Lantronix Windows® based DeviceInstaller
Com Port Redirector
Quick Start and Online Help
1: About This Guide
Lantronix cables and adapters for use with the
listed here according to part number and application.
Information about the EDS hardware installation and initial
configuration of your EDS device.
Instructions for accessing Command Mode (the command line
interface) using a Telnet connection or through the serial port.
Detailed information about the commands. Also provides details for
XML configuration and status.
Information about the EDS hardware installation and initial
configuration of your EDS device.
Instructions for accessing Command Mode (the command line
interface) using a Telnet connection or through the serial port.
Detailed information about the commands. Also provides details for
XML configuration and status.
application to locate the device and to view its current settings.
Instructions for using the Lantronix Windows based utility to create
virtual com ports.
EDS devices are
Secure Com Port Redirector
User Guide
Instructions for using the Lantronix Windows based utility to create
secure virtual com ports.
EDS Device Server User Guide 15
2: Introduction
This chapter introduces the Lantronix EDS family of device servers. It provides an overview of the
product, lists the key features, and describes the applications for which they are suited.
The EDS is a unique, hybrid Ethernet terminal and multi-port device server product designed to
remotely access and manage virtually all of your IT/networking equipment and servers. It is also
designed to provide connectivity for edge devices such as medical equipment, kiosks, POS/retail
terminals, security equipment, and more.
The EDS devices contain all the components necessary to deliver full network connectivity to
virtually any kind of serial device. They boast a reliable TCP/IP protocol stack, a variety of remote
management capabilities, and an innovative design based on the leading-edge Lantronix
Evolution OS® software.
Delivering a data center-grade, programmable device computing and networking platform for
integrating edge equipment into the enterprise network. Rack-mountable EDS models are
available in 8, 16, and 32 port configurations. Desktop EDS models are available in 4, 8, and 16
port configurations.
This chapter contains the following sections:
EDS4100 Overview
EDS8PR, EDS16PR, and EDS32PR Overview
Key Features
Protocol Support
Evolution OS™ Application
Additional Features
Configuration Methods
Addresses and Port Numbers
Product Information Label
EDS Device Server User Guide 16
EDS4100 Overview
2: Introduction
The EDS4100 is a compact device
Figure 2-1 EDS4100 4 Port Device Server
server that allows you to networkenable asynchronous RS-232 and
RS-422/485 serial devices. It can
deliver fully transparent RS-232/422
point-to-point connections and RS485 multi-drop connections without
requiring modifications to existing
software or hardware in your
application.
Ports 1 through 4 support
RS-232 devices.
Ports 1 and 3 also support
RS-422/485.
Note: RS-485 circuits support 32 full-load devices or 128 quarter-load devices. Each
RS-485 port, however, counts as one device, leaving up to 31 full-load or 127 quarter-load
devices that can be connected to the RS-485 circuit.
The EDS4100 device server supports the Power-over-Ethernet (PoE) standard. With PoE, power
is supplied to the
EDS over the Ethernet cable, by either an Ethernet switch or a midspan device.
Being able to draw power through the Ethernet cable eliminates power supply and cord clutter. It
also allows the
EDS to be located in areas where power is not typically available.
Key Features
The key features of the EDS4100 include:
Dual-purpose Ethernet terminal server and device server design
Four serial ports with hardware handshaking signals
RS-232 and RS-422/485
One RJ45 Ethernet port
IEEE 802.3af standard for Power-over-Ethernet (PoE)
8 MB Flash memory
32 MB Random Access Memory (RAM)
Lantronix Evolution OS software
AES, SSH, or SSL secure data encryption
Three configuration methods (Web, command line, and XML)
Print server functionality (LPR/LPD)
See Chapter 3: Installation of EDS4100 for installation instructions.
EDS Device Server User Guide 17
EDS8PR, EDS16PR, and EDS32PR Overview
The EDS8PR (8 serial ports), EDS16PR (16 serial ports), and EDS32PR (32 serial ports) are
compact easy-to-use, rack-mountable device servers that give you the ability to network-enable
asynchronous RS-232 serial devices. They provide fully transparent RS-232 point-to-point
connections without requiring modifications to existing software or hardware components in your
application.
Figure 2-2 EDS8PR Device Server
2: Introduction
Figure 2-3 EDS16PR Device Server
Figure 2-4 EDS32PR Device Server
EDS Device Server User Guide 18
2: Introduction
Key Features
The key features of the EDS8PR, EDS16PR, and EDS32PR include:
Dual-purpose Ethernet terminal server and device server design
8 (EDS8PR), 16 (EDS16PR) or 32 (EDS32PR) serial ports with hardware handshaking signals
RS-232 support
One RJ45 Ethernet port
8 MB Flash memory
32 MB Random Access Memory (RAM)
Lantronix Evolution OS software
A dedicated console port
AES, SSH, or SSL secure data encryption
Three configuration methods (Web, command line, and XML)
Print server functionality (LPR/LPD)
Applications
EDS device server connects serial devices such as those listed below to Ethernet networks using
the IP protocol family.
ATM machines
Data display devices
Security alarms and access control devices
Modems
Time/attendance clocks and terminals
Patient monitoring equipment
Medical instrumentation
Industrial Manufacturing/Automation systems
Building Automation equipment
Point of Sale Systems
Protocol Support
The EDS device server contains a full-featured TCP/IP stack. Supported protocols include:
ARP, IP, UDP, TCP, ICMP, BOOTP, DHCP, AutoIP, Telnet, DNS, FTP, TFTP, HTTP/HTTPS,
SSH, SSL/TLS, SNMP, SMTP, RSS, and Syslog for network communications and
management.
TCP, UDP, TCP/AES, UDP/AES, Telnet, SSH and SSL/TLS for tunneling to the serial port.
TFTP, FTP, and HTTP for firmware upgrades and uploading files.
EDS Device Server User Guide 19
Evolution OS™ Application
The EDS device server incorporates the Lantronix Evolution operating system (OS). Key features
of the Evolution OS include:
Built-in Web server for configuration and troubleshooting from Web-based browsers
CLI configurability
SNMP management
XML data transport and configurability
Really Simple Syndication (RSS) information feeds
Enterprise-grade security with SSL and SSH
Comprehensive troubleshooting tools
Additional Features
Modem Emulation
In modem emulation mode, the EDS can replace dial-up modems. The unit accepts modem AT
commands on the serial port, and then establishes a network connection to the end device,
leveraging network connections and bandwidth to eliminate dedicated modems and phone lines.
2: Introduction
Web-Based Configuration and Troubleshooting
Built upon Internet-based standards, the EDS enables you to configure, manage, and troubleshoot
through a browser-based interface accessible anytime from anywhere. All configuration and
troubleshooting options are launched from a web interface. You can access all functions via a Web
browser, for remote access. As a result, you decrease downtime (using the troubleshooting tools)
and implement configuration changes (using the configuration tools).
Command-Line Interface (CLI)
Making the edge-to-enterprise vision a reality, the EDS uses industry-standard tools for
configuration, communication, and control. For example, the Evolution OS software uses a
Command Line Interface (CLI) whose syntax is very similar to that used by data center equipment
such as routers and hubs.
SNMP Management
The EDS supports full SNMP management, making it ideal for applications where device
management and monitoring are critical. These features allow networks with SNMP capabilities to
correctly diagnose and monitor EDS devices.
XML-Based Architecture and Device Control
XML is a fundamental building block for the future growth of M2M networks. The EDS supports
XML-based configuration setup records that make device configuration transparent to users and
administrators. The XML is easily editable with a standard text or XML editor.
EDS Device Server User Guide 20
2: Introduction
Really Simple Syndication (RSS)
The EDS supports Really Simple Syndication (RSS) for streaming and managing on-line content.
RSS feeds all the configuration changes that occur on the device. An RSS aggregator then reads
(polls) the feed. More powerful than simple email alerts, RSS uses XML as an underlying Web
page transport and adds intelligence to the networked device, while not taxing already overloaded
email systems.
Enterprise-Grade Security
Evolution OS software provides the EDS the highest level of networking security possible. This
‘data center grade’ protection ensures that each device on the M2M network carries the same
level of security as traditional IT networking equipment in the corporate data center.
With built-in SSH and SSL, secure communications can be established between the serial ports
and the remote end device or application. By protecting the privacy of serial data transmitted
across public networks, users can maintain their existing investment in serial technology, while
taking advantage of the highest data-protection levels possible.
SSH and SSL are able to do the following:
Verify the data received came from the proper source
Validate that the data transferred from the source over the network has not changed when it
arrives at its destination (shared secret and hashing)
Encrypt data to protect it from prying eyes and nefarious individuals
Provide the ability to run popular M2M protocols over a secure SSH or SSL connection
In addition to keeping data safe and accessible, the EDS has robust defenses to hostile Internet
attacks such as denial of service (DoS), which can be used to take down the network. Moreover,
the EDS cannot be used to bring down other devices on the network.
You can use the EDS with the Lantronix Secure Com Port Redirector (SCPR) to encrypt COM
port-based communications between PCs and virtually any electronic device. SCPR is a Windows
application that creates a secure communications path over a network between the computer and
serial-based devices that are traditionally controlled via a COM port. With SCPR installed at each
computer, computers that were formerly “hard-wired” by serial cabling for security purposes or to
accommodate applications that only understood serial data can instead communicate over an
Ethernet network or the Internet.
Terminal Server/Device Management
Remote offices can have routers, PBXs, servers and other networking equipment that require
remote management from the corporate facility. The EDS easily attaches to the serial ports on a
server, Private Branch Exchange (PBX), or other networking equipment to deliver central, remote
monitoring and management capability.
EDS Device Server User Guide 21
Troubleshooting Capabilities
The EDS offers a comprehensive diagnostic toolset that lets you troubleshoot problems quickly
and easily. Available from the Web Manager, CLI, and XML interfaces, the diagnostic tools let you:
View critical hardware, memory, MIB-II, buffer pool, and IP socket information.
Perform ping and traceroute operations.
Conduct forward or backup DNS lookup operations.
View all processes currently running on the EDS, including CPU utilization and total stack
space available.
Configuration Methods
After installation, the EDS requires configuration. For the unit to operate correctly on a network, it
must have a unique IP address on the network. There are four basic methods for logging into the
EDS and assigning IP addresses and other configurable settings:
DeviceInstaller: Configure the IP address and related settings and view current settings on the
using a Graphical User Interface (GUI) on a PC attached to a network.
See Chapter 5: Using DeviceInstaller.
2: Introduction
Web Manager: Through a web browser, configure the EDS settings using the Lantronix Web
Manager. See Chapter 6: Configuration Using Web Manager.
Command Mode: There are two methods for accessing Command Mode (CLI): making a Telnet
connection or connecting a terminal (or a PC running a terminal emulation program) to the unit’s
serial port. (See the appropriate EDS Device Server Command Reference for instructions and
available commands. Lantronix documentation is available at
www.lantronix.com/support/documentation
XML: The EDS supports XML-based configuration and setup records that make device
configuration transparent to users and administrators. XML is easily editable with a standard text
or XML editor. (See the appropriate EDS Device Server Command Reference for instructions and
available commands. Lantronix documentation is available at
www.lantronix.com/support/documentation
Addresses and Port Numbers
Hardware Address
The hardware address is also referred to as the Ethernet address or MAC address. The first three
bytes of the Ethernet address are fixed and read as either 00-20-4A or 08-04-13, identifying the
unit as a Lantronix product. The fourth, fifth, and sixth bytes are unique numbers assigned to each
unit.
.)
.)
00-20-4A-14-01-18 or 00:20:4A:14:01:18
Figure 2-5 Sample Hardware Address
08-04-13-14-01-18 or 08:04:13:14:01:18
EDS Device Server User Guide 22
2: Introduction
IP Address
Every device connected to an IP network must have a unique IP address. This address references
the specific unit.
Port Numbers
Every TCP connection and every UDP datagram is defined by a destination and source IP
address, and a destination and source port number. For example, a Telnet server commonly uses
port number 23.
The following is a list of the default server port numbers running on the EDS device server.
TCP Port 22: SSH Server (Command Mode configuration)
TCP Port 23: Telnet Server (Command Mode configuration)
TCP Port 80: HTTP (Web Manager configuration)
TCP Port 443: HTTPS (Web Manager configuration)
UDP Port 161: SNMP
TCP Port 21: FTP
UDP Port 69: TFTP
UDP Port 514: Syslog
TCP Port 515: LPD
UDP Port 30718: LDP (Lantronix Discovery Protocol) port
TCP/UDP Port 10001: Tunnel 1
TCP/UDP Port 10002: Tunnel 2
Note: Multi-port products include one or more additional supported ports and tunnels
with default sequential numbering. For instance: TCP/UDP Port 10002: Tunnel 2, TCP/
UDP Port 10003: Tunnel 3, etc.
Product Information Label
The product information label on the unit contains the following information about the specific unit:
Bar Code
Revision
Date of Manufacture
Country of Manufacture
Hardware Address (MAC address or serial number)
Manufacturing Date Code
Device ID
EDS Device Server User Guide 23
Figure 2-6 EDS4100 Product Label
Figure 2-7 EDS8/16/32PR Product Label
2: Introduction
Figure 2-8 EDS8/16PS Product Label
EDS Device Server User Guide 24
3: Installation of EDS4100
This chapter describes how to install the EDS4100 device server.
Package Contents
Your EDS4100 package includes the following items:
One EDS4100 device server.
One DB9F-to-DB9F null modem cable.
A printed Quick Start Guide.
Your package may also include a power supply.
User-Supplied Items
To complete your EDS4100 installation, you need the following items:
RS-232 and/or RS-422/485 serial devices that require network connectivity:
A serial cable for each serial device. One end of the cable must have a female DB9 connector
for the EDS4100 serial port.
To connect an EDS4100 serial port to another DTE device, you will need a null modem cable,
such as the one supplied in your EDS4100 package.
To connect the EDS4100 serial port to a DCE device, you will need a straight-through
(modem) cable.
An available connection to your Ethernet network and an Ethernet cable.
A working power outlet if the unit will be powered from an AC outlet.
EDS Device Server User Guide 25
Identifying Hardware Components
The following two figures show the front and back of the EDS4100.
Figure 3-1 Front View of the EDS4100
3: Installation of EDS4100
Figure 3-2 Back View of the EDS4100
EDS Device Server User Guide 26
3: Installation of EDS4100
Serial Ports
The front of the EDS4100 has four male DB9 serial ports. These ports allow you to connect up to
four standard serial devices:
All four serial ports support RS-232 devices. See Figure 3-3 for pin assignments.
Serial ports 1 and 3 also support RS-422 and RS-485 serial devices. See Figure 3-4 for pin
assignments.
All four serial ports are configured as DTE.
Ports 1 & 3 support up to 921600
Ports 2 & 4 support up to 230400
Figure 3-3 RS-232 Serial Port Pins (Serial Ports 1, 2, 3, 4)
Figure 3-4 RS-422/RS-485 Serial Port Pins
R-422/485 4-wire
pin assignments
(serial ports 1 and 3)
R-485 2-wire
pin assignments
(serial ports 1 and 3)
Note: Multi-drop connections are supported in 2-wire mode only.
EDS Device Server User Guide 27
3: Installation of EDS4100
Ethernet Port
The back panel of the EDS4100 provides an RJ45 Ethernet port. This port can connect to an
Ethernet (10 Mbps) or Fast Ethernet (100 Mbps) network. The Speed LED on the back of the
EDS4100 shows the connection of the attached Ethernet network. The EDS4100 can be
configured to operate at a fixed Ethernet speed and duplex mode (half- or full-duplex) or otherwise
(by default) auto-negotiate the connection to the Ethernet network.
Terminal Block Connector
The back of the EDS4100 has a socket for a terminal block screw connector (not included) for
attaching to an appropriate power source, such as those used in automation and manufacturing
industries. The terminal block connector supports a power range from 42 VDC to 56 VDC. It can
be used with the EDS4100's barrel power connector and PoE capabilities as a redundant power
source to the unit. Vendors who do supply this connector can be found by doing a web search for
part 'Phoenix 1803581 MC 1,5/ 3-ST-3,81'.
Figure 3-5 Terminal Block Connector Pin Assignments
Pin Signal
Top V+
Middle V-
Bottom Ground
LEDs
Light-emitting diodes (LEDs) on the front and back panels show status information.
Back panel - Each serial port has a Transmit and a Receive LED. The Ethernet connector has
Speed and Activity LEDs. In addition, the back panel has a Power LED and a Status LED.
Front panel - The front panel has a green Power LED.
The table below describes the LEDs on the back of the EDS4100.
Table 3-6 Back Panel LEDs
LED Description
Transmit (green) Blinking = EDS is transmitting data on the serial port.
Receive (yellow) Blinking = EDS is receiving data on the serial port.
Power (green) On = EDS receiving power.
Status (yellow) Fast blink = initial startup (loading OS).
Slow blink (once per second) = operating system startup.
On = unit has finished booting.
Speed (yellow) On = EDS is connected to a 100 Mbps Fast Ethernet network.
Off = EDS is connected to a 10 Mbps Ethernet network
Activity (green) Blink = EDS sending data to or receiving data from the Ethernet network.
Reset Button
The reset button is on the back of the EDS4100, to the left of the power connector. Pressing this
button reboots the EDS4100 and terminates all serial and Ethernet port data activity.
EDS Device Server User Guide 28
Physically Installing the EDS4100
Finding a Suitable Location
Place the EDS4100 on a flat horizontal or vertical surface. The EDS4100 comes with
mounting brackets installed for vertically mounting the unit, for example, on a wall.
If using AC power, avoid outlets controlled by a wall switch.
Connecting the EDS4100
Observe the following guidelines when attaching serial devices:
All four EDS4100 serial ports support RS-232 devices.
Alternatively, ports 1 and 3 support RS-422/485 devices.
To connect an EDS4100 serial port to another DTE device, use a null modem cable.
To connect the EDS4100 serial port to a DCE device, use a straight-through (modem) cable.
Connect the EDS4100 to one or more serial devices.
1. Power off the serial devices.
3: Installation of EDS4100
2. Attach a serial cable between the EDS4100 and each serial device.
3. Connect an Ethernet cable between the EDS4100 Ethernet port and your Ethernet network.
4. Power-up the EDS4100. Use one or more of the following methods.
These power-up methods can be used in combination to provide redundant backup power to
the unit.
- PoE: Power is supplied over the Ethernet cable by an Ethernet switch or a mid-span
device.
- Barrel power connector: The barrel power connector supports a power range of 9 to 30
VDC. Insert the round end of the supplied power cord into the barrel power connector on
the back of the EDS4100. Plug the other end into an AC wall outlet.
- Terminal block connector: The terminal block connector supports a power range of 42
VDC to 56 VDC. Attach the power source to the terminal block connector on the back of
the EDS4100.
As soon as you plug it in, the EDS4100 powers up automatically, the self-test begins, and the
Evolution OS application starts.
5. Power up the serial devices.
EDS Device Server User Guide 29
Figure 3-7 Example of EDS4100 Connections
3: Installation of EDS4100
EDS Device Server User Guide 30
4: Installation of EDS8PR, EDS16PR and EDS32PR
This chapter describes installing the EDS8PR, EDS16PR and EDS32PR device servers.
Package Contents
Your EDS package includes the following items:
One EDS unit (EDS8PR, EDS16PR or EDS32PR).
One RJ45-to-DB9F serial cable.
A printed Quick Start guide.
Your package may also include a power supply.
User-Supplied Items
To complete your EDS8/16/32PR installation, you need the following items:
RS-232 serial devices that require network connectivity. Each EDS8/16/32PR serial port
supports a directly connected RS-232 serial device.
A serial cable for each serial device. All devices attached to the EDS device ports must
support the RS-232C (EIA-232) standard. Category 5 cabling with RJ45 connections is used
for the device port connections.
Note: To connect an EDS8/16/32PR serial port to a DTE device, you need a DTE cable,
such as the one supplied in your EDS8/16/32PR package, or an RJ45 patch cable and
DTE adapter. To connect the EDS8/16/32PR serial port to a DCE device, you need a DCE
(modem) cable, or an RJ45 patch cable and DTE adapter.
For a list of the Lantronix cables and adapters you can use with the EDS8/16/32PR, see Appendix
C: Lantronix Cables and Adapters.
An available connection to your Ethernet network and an Ethernet cable.
A working power outlet.
EDS Device Server User Guide 31
Identifying Hardware Components
The following two figures show the components on the front and back of the EDS16PR.
Figure 4-1 Front View of the EDS16PR
4: Installation of EDS8PR, EDS16PR and EDS32PR
Figure 4-2 Back View of the EDS16PR
Serial Ports
All EDS serial ports are configured as DTE and support up to 230,400 baud.
The EDS8PR has 8 serial ports.
The EDS16PR has 16 serial ports.
The EDS32PR has 32 serial ports.
EDS Device Server User Guide 32
4: Installation of EDS8PR, EDS16PR and EDS32PR
Console Port
The front panel has an RJ45 Console port configured as DTE and supports up to 230,400 baud.
Figure 4-3 RJ45 Serial Port
Ethernet Port
The back panel has an RJ45 Ethernet port. This port can connect to an Ethernet (10 Mbps) or Fast
Ethernet (100 Mbps) network.
The Speed LED on the back panel shows the connection speed of the connected Ethernet
network.
You can configure the EDS to operate at a fixed Ethernet speed and duplex mode (half- or fullduplex) or auto-negotiate the connection to the Ethernet network.
LEDs
Light-emitting diodes (LEDs) on the front and back panels show status information.
Front panel. The front panel has a green Power LED.
Back panel. Each serial port has a Transmit and a Receive LED. The Ethernet connector has
Speed and Activity LEDs. There is also a Power LED and a Status LED.
EDS Device Server User Guide 33
4: Installation of EDS8PR, EDS16PR and EDS32PR
The table below describes the LEDs on the back of the EDS.
Table 4-4 Back Panel LEDs
LED Description
Transmit (green) Blinking = EDS is transmitting data on the serial port.
Receive (yellow) Blinking = EDS is receiving data on the serial port.
Power (green) On = EDS is receiving power.
Status (yellow) Fast blink = initial startup (loading OS).
Slow blink (once per second) = operating system startup.
On = unit has finished booting.
Speed (yellow) On = EDS is connected to a 100 Mbps Fast Ethernet network.
Off = EDS is connected to a 10 Mbps Ethernet network.
Activity (green) Blink = EDS is sending data to or receiving data from the Ethernet
network.
Reset Button
The reset button is on the back of the EDS to the left of the power connector.
Pressing this button for 2-to-3 seconds reboots the EDS8/16/32PR and terminates all data activity
occurring on the serial and Ethernet ports.
Installing the EDS8/16/32PR
Finding a Suitable Location
You can install the EDS8/16/32PR either in an EIA-standard 19-inch rack (1U tall) or as a desktop
unit. If using AC power, avoid outlets controlled by a wall switch.
Connecting the EDS8/16/32PR
1. Power off the serial devices that will be connected to the EDS8/16/32PR.
2. Attach a CAT 5 serial cable between the EDS8/16/32PR and your serial device. For a list of
cables and adapters you can use with the EDS8/16/32PR, see Appendix C: Lantronix Cables
and Adapters.
3. Connect an Ethernet cable between the EDS8/16/32PR Ethernet port and your Ethernet
network.
4. Insert the power cord into the back of the EDS8/16/32PR. Plug the other end into an AC wall
outlet. After power-up, the self-test begins.
5. Power up the serial devices.
EDS Device Server User Guide 34
4: Installation of EDS8PR, EDS16PR and EDS32PR
Figure 4-5 Example of EDS16PR Connections
EDS Device Server User Guide 35
5: Using DeviceInstaller
This chapter covers the steps for locating a device and viewing its properties and details. The
Lantronix DeviceInstaller application is a free utility program provided by Lantronix that discovers,
configures, upgrades, and manages Lantronix device servers. It can be downloaded from the
Lantronix website at www.lantronix.com/support/downloads.html
DeviceInstaller application to configure the IP address, related settings or for more advanced
features, see the DeviceInstaller Online Help.
Note: AutoIP generates a random IP address in the range of 169.254.0.1 to
169.254.255.254 if no BOOTP or DHCP server is found.
Installing DeviceInstaller
1. Download the latest version of the Lantronix DeviceInstaller application from:
www.lantronix.com/support/downloads.
2. Run the executable to start the installation process.
3. Respond to the installation wizard prompts. (If prompted to select an installation type, select
Typical.)
. For instructions on using the
Accessing the EDS Unit Using DeviceInstaller
The device's factory default username is "admin" and factory default password is the last 8
characters of the Device ID (for devices manufactured after January 1, 2020) or "PASS" (for all
older devices).
Note: Make note of the MAC address. It may be needed to perform various functions in
the DeviceInstaller application.
1. Click Start > All Programs > Lantronix > DeviceInstaller 4.4 > DeviceInstaller.
When DeviceInstaller starts, it will perform a network device search.
2. Click Search to perform additional searches, as desired.
3. Expand the EDS folder by clicking the + symbol next to the EDS folder icon. The list of
available Lantronix EDS device types appear.
4. Click the desired EDS product type. A list of all URLs and IP addresses for online EDS devices
will appear.
5. Select the EDS unit by clicking the EDS device URL or IP address to view its configuration.
6. On the right page, click the Device Info tab. The current EDS configuration appears. This is
only a subset of the full configuration; the complete configuration may be accessed via Web
Manager, CLI, or XML.
Note: The settings are Display Only in this table unless otherwise noted.
EDS Device Server User Guide 36
5: Using DeviceInstaller
Table 5-1 Device Details Summary
Current Settings Description
Name Name identifying the EDS device server.
DHCP Device Name Shows the name associated with the current IP address, if the IP
address was obtained dynamically.
Group
Comments Configurable field. Enter comments for the EDS device server. Double-
Device Family Shows the EDS device family type as “EDS”.
Short Name Shows EDS4100 by default (for example).
Long Name Shows “Lantronix EDS4100” by default (for example).
Type Shows the specific device type, such as “EDS4100”.
ID Shows the EDS ID embedded within the unit.
Hardware Address Shows the EDS hardware (MAC) address.
Firmware Version Shows the firmware currently installed on the EDS.
Extended Firmware Version Provides additional information on the firmware version.
Online Status Shows the EDS status as Online, Offline, Unreachable (if the EDS is
IP Address Shows the EDS device’s current IP address. To change the IP address,
IP Address was Obtained Displays Dynamically if the EDS automatically received an IP address
Subnet Mask Shows the subnet mask specifying the network segment on which the
Gateway Shows the IP address of the router of this network. There is no default.
Interfaces Shows the types and URL of interfaces available.
Number of Serial Serial Ports Shows the number of serial ports on this EDS unit.
Supports Configurable Pins Shows False, indicating configurable pins are not available on the EDS
Supports Email Triggers Shows True, indicating email triggers are available on the EDS unit.
Telnet Supported Indicates whether Telnet is enabled on this EDS unit. Shows True.
Telnet Port Shows the EDS port for Telnet sessions.
Web Port Shows the EDS port for Web Manager configuration.
Firmware Upgradable Shows True, indicating the EDS firmware is upgradable as newer
Configurable field. Enter a group to categorize the EDS device server.
Double-click the field, type in the value, and press Enter to complete.
This group name is local to this PC and is not visible on other PCs or
laptops using the DeviceInstaller application.
click the field, type in the value, and press Enter to complete. This
description or comment is local to this PC and is not visible on other PCs
or laptops using DeviceInstaller.
on a different subnet), or Busy (if the EDS is currently performing a
task).
click the Assign IP button on the DeviceInstaller menu bar.
(e.g., from DHCP). Displays Statically if the IP address was configured
manually.
If the IP address was assigned dynamically, the following fields appear:
Obtain via DHCP with value of True or False.
Obtain via BOOTP with value of True or False.
EDS resides.
unit.
versions become available.
EDS Device Server User Guide 37
6: Configuration Using Web Manager
This chapter describes how to configure the EDS device server using Web Manager, the Lantronix
browser-based configuration tool. The unit’s configuration is stored in nonvolatile memory and is
retained without power. All changes take effect immediately, unless otherwise noted. It contains
the following sections:
Accessing Web Manager
Web Manager Page Components
Navigating the Web Manager
Summary of Web Manager Pages
Accessing Web Manager
Note: You can also access the Web Manager by selecting the Web Configuration tab on
the DeviceInstaller window.
To access Web Manager, perform the following steps:
1. Open a standard web browser. Lantronix supports the latest version of Internet Explorer,
Mozilla Suite, Mozilla Firefox, Safari, Chrome or Opera.
2. Enter the IP address of the EDS unit in the address bar. The IP address may have been
assigned manually using the DeviceInstaller application (see Chapter 5: Using DeviceInstaller)
or automatically by DHCP.
Figure 6-1 Prompt for User Name and Password
3. Enter your username and password. The factory default username is "admin" and factory
default password is the last 8 characters of the Device ID (for devices manufactured after
January 1, 2020) or "PASS" (for all older devices). The Device Status web page shown in
Figure 6-2 displays configuration, network settings, line settings, tunneling settings, and
product information.
Note: The Logout button is available on the upper right of any web page. Logging out
of the web page would force re-authentication to take place the next time the web page is
accessed.
EDS Device Server User Guide 38
6: Configuration Using Web Manager
Device Status Page
The Device Status page is the first page that appears after you log into Web Manager. It also
appears when you click Status in the menu bar (Figure 6-2).
Figure 6-2 Web Manager Home Page
EDS Device Server User Guide 39
Web Manager Page Components
The layout of a typical Web Manager page is below.
Figure 6-3 Components of the Web Manager Page
Links to Subpages
Header
Menu Bar
6: Configuration Using Web Manager
Logout Link
Information,
Instructions
& Help
Configuration
& Status Area
Footer
The menu bar always appears at the left side of the page, regardless of the page shown. The
menu bar lists the names of the pages available in the Web Manager. To bring up a page, click it in
the menu bar.
The main area of the page has these additional sections:
At the very top, many pages, such as the one in the example above, enable you to link to sub
pages. On some pages, you must also select the item you are configuring, such as a line or a
tunnel.
In the middle of many pages, you can select or enter new configuration settings. Some pages
show status or statistics in this area rather than allow you to enter settings.
At the bottom of most pages, the current configuration is displayed. In some cases, you can
reset or clear a setting.
The information or help area shows information or instructions associated with the page.
A Logout button is available at the upper right corner of every web page. In Chrome or Safari,
it is necessary to close out of the browser to logout. If necessary, reopen the browser to log
back in.
The footer appears at the very bottom of the page. It contains copyright information and a link
to the Lantronix home page.
EDS Device Server User Guide 40
Navigating the Web Manager
The Web Manager provides an intuitive point-and-click interface. A menu bar on the left side of
each page provides links you can click to navigate from one page to another. Some pages are
read-only, while others let you change configuration settings.
Note: There may be times when you must reboot the EDS for the new configuration
settings to take effect. The chapters that follow indicate when a change requires a reboot.
Table 6-4 Summary of Web Manager Pages
Web Manager Page Description See
Status Shows product information and network, line, and tunneling settings. 39
6: Configuration Using Web Manager
Page
CLI Shows Command Line Interface (CLI) statistics and lets you change the
current CLI configuration settings.
Clock Allows you to view and configure date and time for the device by either
SNTP or manual settings.
Note: This feature is available as Clock for EDS8/16/32 PR and RTC
(see below) for EDS4100.
Diagnostics Lets you perform various diagnostic procedures. 115
DNS Shows the current configuration of the DNS subsystem and the DNS
cache.
Email Shows email statistics and lets you clear the email log, configure email
settings, and send an email.
Filesystem Shows file system statistics and lets you browse the file system to view a
file, create a file or directory, upload files using HTTP, copy a file, move a
file, or perform TFTP actions.
FTP Shows statistics and lets you change the current configuration for the
File Transfer Protocol (FTP) server.
Host Lets you view and change settings for a host on the network. 73
HTTP Shows HyperText Transfer Protocol (HTTP) statistics and lets you
change the current configuration and authentication settings.
IP Address Filter Lets you specify all the IP addresses and subnets that are allowed to
send data to this device.
Line Shows statistics and lets you change the current configuration and
Command mode settings of a serial line.
LPD Shows LPD (Line Printer Daemon) Queue statistics and lets you
configure the LPD and print a test page.
Modbus Shows the current connection status of the Modbus servers listening on
the TCP ports and lets you configure the Modbus settings for EDS4100.
Network Shows status and lets you configure the network interface. 43
129
123
74
127
105
76
79
113
47
85
102
Protocol Stack Lets you perform lower level network stack-specific activities. 108
Query Port Lets you change configuration settings for the query port. 114
RSS Lets you change current Really Simple Syndication (RSS) settings. 84
EDS Device Server User Guide 41
6: Configuration Using Web Manager
Web Manager Page
(continued)
RTC Real Time Clock (RTC) allows you to view and configure date and time
SNMP Lets you change the current Simple Network Management Protocol
SSH Lets you change the configuration settings for SSH server host keys,
SSL Lets you upload an existing certificate or create a new self-signed
Syslog Lets you specify the severity of events to log and the server and ports to
System Lets you reboot device, restore factory defaults, upload new firmware,
Terminal Lets you change current settings for a terminal. 70
TFTP Shows statistics and lets you change the current configuration for the
Tunnel Lets you change the current configuration settings for a tunnel. 51
XML Lets you export XML configuration and status records, and import XML
Description See
Page
75
for the device by either SNTP or manual settings.
Note: This feature is available as Clock for EDS8/16/32 PR (see
above).
75
(SNMP) configuration settings.
88
SSH server authorized users, SSH client known hosts, and SSH client
users.
96
certificate.
78
which the syslog should be sent.
125
and change the device long and short names.
77
Trivial File Transfer Protocol (TFTP) server.
131
configuration records.
EDS Device Server User Guide 42
7: Network Settings
This chapter describes how to access, view, and configure network settings from the Network web
page. The Network web page contains sub-menus that enable you to view and configure the
Ethernet network interface and link.
This chapter contains the following sections:
Network 1 (eth0) Interface Status
Network 1 (eth0) Interface Configuration
Network 1 Ethernet Link
Network 1 (eth0) Interface Status
This page shows the status of the Ethernet network interface.
To view the network interface status:
1. Click Network on the menu then click Network 1 > Interface > Status at the top of the page.
The Network 1 (eth0) Interface Status page appears.
Figure 7-1 Network 1 (eth0) Interface Status
EDS Device Server User Guide 43
Network 1 (eth0) Interface Configuration
This page shows the configuration settings for the Ethernet connection and lets you change these
settings.
To view and configure network interface settings:
1. Click Network on the menu bar and then Network 1 > Interface > Configuration at the top of
the page. The Network 1 (eth0) Interface Configuration page appears.
Figure 7-2 Network 1 (eth0) Interface Configuration
7: Network Settings
2. Enter or modify the following settings:
Table 7-3 Network 1 (eth0) Interface Configuration
Network 1 Interface
Configuration
Settings
BOOTP Client Select On or Off. At boot up, the device will attempt to obtain an IP address from a
Description
BOOTP server.
Notes:
Overrides the configured IP address, network mask, gateway, hostname, and
domain.
When DHCP is On, the system automatically uses DHCP, regardless of
whether BOOTP Client is On.
EDS Device Server User Guide 44
7: Network Settings
Network 1 Interface
Description
Configuration
Settings (continued)
DHCP Client Select On or Off. At boot up, the device will attempt to lease an IP address from a
DHCP server and maintain the lease at regular intervals.
Note: Overrides BOOTP, the configured IP address, network mask, gateway,
hostname, and domain.
IP Address Enter the device static IP address.
You may enter it alone, in CIDR format, or with an explicit mask.
The IP address consists of four octets separated by a period and is used if BOOTP
and DHCP are both set to Off. Changing this value requires you to reboot the
device.
Note: When DHCP is enabled, the device tries to obtain an IP address from DHCP.
If it cannot, the device uses an AutoIP address in the range of 169.254.xxx.xxx.
Default Gateway Enter the IP address of the router for this network. Or, clear the field (appears as
<None>). This address is only used for static IP address configuration.
Hostname Enter the device hostname. It must begin with a letter, continue with a sequence of
letters, numbers, and/or hyphens, and end with a letter or number.
Domain Enter the device domain name.
DHCP Client ID Enter the ID if the DHCP server uses a DHCP ID. The DHCP server’s lease table
shows IP addresses and MAC addresses for devices. The lease table shows the
Client ID, in hexadecimal notation, instead of the device MAC address.
Note: "Binary" entry mode allows a mixed mode of text and special characters in
brackets For example, "abcd<ctrl>A" would be entered "abcd[0x01]".
Primary DNS IP address of the primary name server. This entry is required if you choose to
configure DNS (Domain Name Server) servers.
Secondary DNS IP address of the secondary name server.
MTU When DHCP is enabled, the MTU size is (usually) provided with the IP address.
When not provided by the DHCP server, or using a static configuration, this value is
used. The MTU size can be from 576 to 1500 bytes.
3. Click Submit to save changes. Some changes to the following settings require a reboot for the
changes to take effect:
BOOTP Client
DHCP Client
IP Address
DHCP Client ID
Note: If DHCP or BOOTP fails, AutoIP intervenes and assigns an address. A new
DHCP negotiation is attempted every 5 minutes to obtain a new IP address. When the
DHCP is enabled, any configured static IP address is ignored.
EDS Device Server User Guide 45
Network 1 Ethernet Link
This page shows the current negotiated Ethernet settings and lets you change the speed and
duplex settings.
To view and configure the Ethernet link:
1. Click Network on the menu bar and then click Network 1 > Link at the top of the page. The
Network 1 (eth0) Ethernet Link page appears.
7: Network Settings
Figure 7-4 Network 1 Ethernet Link
The Status table shows the current negotiated settings. The Configuration table shows the
current range of allowed settings.
2. Enter or modify the following settings:
Table 7-5 Network 1 Ethernet Link
Network 1-Ethernet Link
Settings
Speed Select the Ethernet link speed. Default is Auto.
Duplex Select the Ethernet link duplex mode. Default is Auto.
Description
3. Click Submit. The changes take effect immediately.
EDS Device Server User Guide 46
8: Line and Tunnel Settings
This chapter describes how to view and
configure lines and tunnels. It contains the
following sections:
Line Settings
Tunnel Settings
Line Settings
View statistics and configure serial interfaces by using the Line web page. Serial interfaces are
referred to as lines in this user guide, and a different number of lines, from 1 to 32, may be
available for selection depending on your product.
The following sub-menus may be used for a selected line number:
Line Statistics—Displays statistics for the selected line number. For example, the bytes
received and transmitted, breaks, flow control, parity errors, etc.
Line Configuration—Enables the change of the name, interface, protocol, baud rates, and
parity, etc.
Line Command Mode—Enables the types of modes, wait time, serial strings, signon
message, etc.
Note: The following sections describe the steps to view and configure specific line
number settings. These instructions also apply to additional line instances of the device.
Note: The number of lines and tunnels available for
viewing and configuration differ between Lantronix
products. For example, the XPort® Pro embedded
networking module and the EDS1100 device server
support only one line while other device networking
products (such as the EDS2100, EDS4100, and
MatchPort® b/g Pro embedded device servers, XPort®
AR embedded networking module, EDS8/16PS and
EDS8/16/32PR) provide additional lines and tunnels.
Line Statistics
This read-only web page shows
the status and statistics for the
serial line selected at the top of
this page.
1. Select Line on the menu bar.
The Line web page appears.
2. Select a line number at the
top of the page.
3. Select Statistics. The Line
Statistics page for the
selected line appears.
4. Repeat above steps as
desired, according to
additional line(s) available on
your product.
Figure 8-1 Line 1 Statistics
EDS Device Server User Guide 47
8: Line and Tunnel Settings
Line Configuration
This page shows the configuration settings for the serial line selected at the top of the page and
lets you change the settings for that serial line.
To configure a specific line:
1. Select Line on the menu bar, if you are not already in the Line web page.
2. Select a line number at the top of the page.
3. Select Configuration. The Configuration page for the selected line appears.
Figure 8-2 Line 1 Configuration
EDS Device Server User Guide 48
4. Enter or modify the following settings:
Table 8-3 Line Configuration
8: Line and Tunnel Settings
Line - Configuration
Settings
Name If the Terminal Login Menu feature is being used, enter the name for the line.
Interface Select the interface type from the drop-down menu. The default is RS232.
State Indicates whether the current line is enabled. To change the status, select
Protocol Select the protocol from the drop-down menu. The default is Tunnel.
Baud Rate Select the baud rate from the drop-down menu. The default is 9600.
Parity Select the parity from the drop-down menu. The default is None.
Data Bits Select the number of data bits from the drop-down menu. The default is 8.
Stop Bits Select the number of stop bits from the drop-down menu. The default is 1.
Flow Control Select the flow control from the drop-down menu. The default is None.
Xon Char Specify the character to use to start the flow of data when Flow Control is set to
Xoff Char Specify the character to use to stop the flow of data when Flow Control is set to
Gap Timer The driver forwards received serial bytes after the Gap Timer delay from the last
Threshold The driver will also forward received characters after Threshold bytes have
Description
Leaving this field blank will disable this line from appearing in the Terminal Login
Menu. The default Name is blank. See Terminal and Host Settings on page 70
for related configuration information.
Note: This option is only supported in XPort Pro, EDS4100, EDS1100 and
EDS2100 device servers.
Enabled or Disabled from the drop-down menu.
Note: All protocols work in Connect and Accept Mode except the LPD or Tunnel
protocol option which is supported only in Accept Mode.
Software. Prefix a decimal character with \ or a hexadecimal character with 0x, or
provide a single printable character. The default Xon char is 0x11.
Software. Prefix a decimal character with \ or a hexadecimal character with 0x, or
provide a single printable character. The default Xoff char is 0x13.
character received. By default, the delay is four character periods at the current
baud rate (minimum 1 ms).
been received.
5. Click Submit.
6. Repeat above steps as desired, according to additional line(s) available on your product.
EDS Device Server User Guide 49
8: Line and Tunnel Settings
Line Command Mode
Setting the Command Mode
enables the CLI on the serial
line.
To configure Command Mode on a specific line:
1. Select Line on the menu
bar, if you are not already
in the Line web page.
2. Select a line number at the
top of the page.
3. Select Command Mode.
The Command Mode page
for the selected line
appears.
Figure 8-4 Line 1 Command Mode
4. Enter or modify the following settings:
Table 8-5 Line Command Mode
Line – Command Mode
Settings
Mode Select the method of enabling Command Mode or choose to disable Command
Wait Time Enter the wait time for the serial string during boot-up in milliseconds.
Serial String Enter the serial string characters. Select a string type.
Echo Serial String Select Yes to enable echoing of the serial string at boot-up.
Description
Mode.
Always = immediately enables Command Mode for the serial line.
Use Serial String = enables Command Mode when the serial string is read
on the serial line during boot time.
Disabled = turns off Command Mode.
Text = string of bytes that must be read on the Serial Line during boot time to
enable Command Mode. It may contain a time element in x milliseconds, in
the format {x}, to specify a required delay.
Binary = string of characters representing byte values where each
hexadecimal byte value starts with \0x and each decimal byte value starts
with \.
EDS Device Server User Guide 50
8: Line and Tunnel Settings
Line – Command Mode
Settings (continued)
Signon Message Enter the boot-up signon message. Select a string type.
5. Click Submit.
6. Repeat above steps as desired, according to additional line(s) available on your product.
Tunnel Settings
Note: The number of lines and tunnels available for viewing and configuration differ
between Lantronix products. For example, XPort Pro and EDS1100 device servers
support only one line while other device networking products (such as EDS2100,
EDS4100, XPort AR, EDS8/16PS and EDS8/16/32PR devices) provide additional lines
and tunnels. The following sections describe the steps to view and configure specific
tunnel settings. These instructions also apply to additional tunnel instances of the device.
Tunneling allows serial devices to communicate over a network, without “being aware” of the
devices which establish the network connection between them.Tunneling parameters are
configured using the Web Manager or Command Mode Tunnel Menu. See Configuration Using
Web Manager (on page 38) or the appropriate EDS Device Server Command Reference for the
full list of commands.
Description
Text = string of bytes sent on the serial line during boot time.
Binary = one or more byte values separated by commas. Each byte value
may be decimal or hexadecimal. Start hexadecimal values with 0x.
Note: This string will be output on the serial port at boot, regardless of whether
command mode is enabled or not.
The EDS supports two tunneling connections simultaneously per serial port. One of these
connections is Connect Mode; the other connection is Accept Mode. The connections on one
serial port are separate from those on another serial port.
Connect Mode: the EDS actively makes a connection. The receiving node on the network
must listen for the Connect Mode’s connection. Connect Mode is disabled by default.
Accept Mode: the EDS device listens for a connection. A node on the network initiates the
connection. Accept Mode is enabled by default.
Disconnect Mode: this mode defines how an open connection stops the forwarding of data.
The specific parameters to stop the connection are configurable. Once the EDS Disconnect
Mode observes the defined event occur, it will disconnect both Accept Mode and Connect
Mode connections on that port.
When any character comes in through the serial port, it gets copied to both the Connect Mode
connection and the Accept Mode connection (if both are active).
View statistics and configure a specific tunnel by using the Tunnel web page. When you select
Tunnel from the Main Menu, tunnels available for your product will display. Select a specific tunnel
to configure.
EDS Device Server User Guide 51
8: Line and Tunnel Settings
The following sub-menus listed may be used to configure a specific tunnel:
Tunnel – Statistics
Tunnel – Serial Settings
Tunnel – Packing Mode
Tunnel – Accept Mode
Tunnel – Connect Mode
Tunnel – Disconnect Mode
Tunnel – Modem Emulation
The following sections describe the steps to view and configure specific tunnel number settings.
These instructions also apply to additional tunnel menu options.
Tunnel – Statistics
The EDS logs statistics for tunneling. The Dropped statistic shows connections ended by the
remote location. The Disconnects statistic shows connections ended by the EDS unit.
To display statistics for a specific tunnel:
1. Select Tunnel on the menu bar. The Tunnel web page appears.
2. Select a tunnel number at the top of the page.
3. Select Statistics. The Tunnel Statistics page for the specific tunnel appears.
If a particular tunnel is connected, the following becomes available:
Identifying information about the tunnel connection (i.e., “Connect 1 Counters”)
Address of connection (i.e., “local:10001 -> 172.22.22.22.10001”)
Kill Connection(s) link: Click this link to terminate this active tunnel connection, as
desired.
Octets forwarded from Serial
Octets forwarded form Network
Uptime
EDS Device Server User Guide 52
8: Line and Tunnel Settings
4. Repeat above steps as desired, according to additional tunnel(s) available on your product.
Figure 8-6 Tunnel 1 Statistics (1 of 2)
Additional information appears f
or each active tunnel connection
including a link allowing you to
terminate the connection.
EDS Device Server User Guide 53
Figure 8-7 Tunnel 1 Statistics (2 of 2)
8: Line and Tunnel Settings
Tunnel – Serial Settings
Serial line settings are configurable for the corresponding serial line of the specific tunnel.
Configure the buffer size to change the maximum amount of data the serial port stores. For any
active connection, the device sends the data in the buffer.
The modem control signal DTR on the selected line may be continuously asserted or asserted only
while either an Accept Mode tunnel or a Connect Mode tunnel is connected.
To configure serial settings for a specific tunnel:
1. Select Tunnel on the menu bar, if you are not already in the Tunnel web page.
2. Select a tunnel number at the top of the page.
3. Select Serial Settings. The Serial Settings page for the specific tunnel appears.
EDS Device Server User Guide 54
Figure 8-8 Tunnel 1 Serial Settings
4. View or modify the following settings:
Table 8-9 Tunnel - Serial Settings
8: Line and Tunnel Settings
Tunnel - Serial Settings Description
Line Settings (display only) Current serial settings for the line.
Protocol (display only) The protocol being used on the line. In this case, Tunnel.
DTR Select when to assert DTR.
Unasserted = never asserted
TruPort = asserted whenever either a connect or an accept mode tunnel
connection is active with the Telnet Protocol RFC2217 saying that the
remote DSR is asserted.
Asserted while connected = asserted whenever either a connect or an
accept mode tunnel connection is active.
Continuously asserted = asserted regardless of the status of a tunnel
connection.
5. Click Submit.
6. Repeat above steps as desired, according to additional tunnel(s) available on your product.
Tunnel – Packing Mode
Packing Mode takes data from the serial port, packs it together, and sends it over the network.
Packing can be configured based on threshold (size in bytes, timeout (milliseconds), or a single
character.
Size is set by modifying the threshold field. When the number of bytes reaches the threshold, a
packet is sent immediately.
The timeout field is used to force a packet to be sent after a maximum time. The packet is sent
even if the threshold value is not reached.
When Send Character is configured, a single printable character or control character read on the
Serial Line forces the packet to be sent immediately. There is an optional trailing character
parameter which can be specified. It can be a single printable character or a control character.
EDS Device Server User Guide 55
8: Line and Tunnel Settings
To configure the Packing Mode for a specific tunnel:
1. Select Tunnel on the menu bar, if you are not already in the Tunnel web page.
2. Select a tunnel number at the top of the page.
3. Select Packing Mode. The Packing Mode page for the specific tunnel appears.
Figure 8-10 Tunnel 1 Packing Mode (Mode = Disable)
Depending on the Mode selection, different configurable parameters for the specific tunnel
number are presented to the user. The following figures show the display for each of the three
packing modes.
Figure 8-11 Tunnel 1 Packing Mode (Mode = Timeout)
EDS Device Server User Guide 56
8: Line and Tunnel Settings
Figure 8-12 Tunnel 1 Packing Mode (Mode = Send Character)
4. Enter or modify the following settings:
Table 8-13 Tunnel Packing Mode
Tunnel - Packing Mode
Settings
Mode
Threshold
(Appears for both Timeout
and Send Character Modes)
Timeout
(Appears for Timeout Mode)
Send Character
(Appears for Send Character
Mode)
Trailing Character
(Appears for Send Character
Mode)
Description
Select Disable to disable Packing Mode completely.
Select Timeout to send data after the specified time has elapsed.
Select Send Character to send the queued data when the send character
is received.
Send the queued data when the number of queued bytes reaches the
threshold. When the buffer fills to this specified amount of data in bytes (and
the timeout has not elapsed), the device packs the data and sends it out;
applies only if the Packing Mode is not Disabled.
Enter a time, in milliseconds, for the device to send the queued data after the
first character was received. Specifies the time duration in milliseconds;
applies only if the Packing Mode is Timeout.
Enter the send character (single printable or control). Upon receiving this
character, the device sends out the queued data. The data is packed until the
specified send character is encountered. Similar to a start or stop character,
the device packs the data until it sees the send character. The device then
sends the packed data and the send character in the packet. Applies only if
the Packing Mode is Send Character.
Enter the trailing character (single printable or control). This character is sent
immediately following the send character. This is an optional setting. If a
trailing character is defined, this character is appended to data put on the
network immediately following the send character.
5. Click Submit.
6. Repeat above steps as desired, according to additional tunnel(s) available on your product.
EDS Device Server User Guide 57
8: Line and Tunnel Settings
Tunnel – Accept Mode
Controls how a specific tunnel number behaves when a connection attempt originates from the
network. In Accept Mode, the EDS waits for a connection from the network. The configurable local
port is the port the remote device connects to for this connection. There is no remote port or
address. The default local port is 10001 for serial port 1 and increases sequentially for each
additional serial port, if supported.
Accept Mode supports the following protocols:
SSH
The EDS device is the server in Accept Mode). When using this protocol, the SSH server
host keys and at least one SSH authorized user must be configured.
SSL
TCP
TCP AES encryption over TCP
Telnet
The EDS supports IAC codes. It drops the IAC codes when Telnetting and does not
forward them to the serial port.
Accept Mode has the following states:
Disable
Never accepts a connection.
Always
Always listening for a connection.
Any Character
(If it receives any character from the serial port).
Start Character
(If it receives a specific ([configurable]) character from the serial port ([same start
character as Connect Mode’s start character]).
Modem Control Asserted
(When the modem control pin is asserted on the serial line corresponding to the tunnel.)
Modem Emulation
To configure the Accept Mode of a specific tunnel:
1. Select Tunnel on the menu bar, if you are not already in the Tunnel web page.
2. Select a tunnel number at the top of the page.
3. Select Accept Mode. The Accept Mode page for the specific tunnel appears.
EDS Device Server User Guide 58
Figure 8-14 Tunnel 1 Accept Mode
8: Line and Tunnel Settings
4. Enter or modify the following settings:
Table 8-15 Tunnel Accept Mode
Tunnel - Accept Mode
Settings
Mode Select the method used to start a tunnel in Accept mode. Choices are:
Local Port Enter the port number for use as the local port. The defaults are port 10001 for
Protocol Select the protocol type for use with Accept Mode. The default protocol is TCP. If
TCP Keep Alive Enter the time, in seconds, the device waits during a silent connection before
Flush Serial Data Select Enabled to flush the serial data buffer on a new connection.
Description
Disable = do not accept an incoming connection.
Always = accept an incoming connection (default)
Any Character = start waiting for an incoming connection when any character
is read on the serial line.
Start Character = start waiting for an incoming connection when the start
character for the specific tunnel is read on the serial line.
Modem Control Asserted = start waiting for an incoming connection as long
as the Modem Control pin (DSR) is asserted on the serial line until a
connection is made.
Modem Emulation = start waiting for an incoming connection when triggered
by modem emulation AT commands. Connect mode must also be set to
Modem Emulation.
Tunnel 1. Additional tunnels, if supported, increase sequentially.
you select TCP AES you will need to configure the AES keys.
checking if the currently connected network device is still on the network. If the
unit then gets no response after 8 attempts, it drops that connection.
EDS Device Server User Guide 59
8: Line and Tunnel Settings
Tunnel - Accept Mode
Settings (continued)
Block Serial Data
Block Network
Password Enter a password that clients must send to the device within 30 seconds from
Email on Connect Select whether the device sends an email when a connection is made. Select
Email on Disconnect Select whether the device sends an email when a connection is closed. Select
Description
Select On to block, or not tunnel, serial data transmitted to the
Select On to block, or not tunnel, network data transmitted to the
opening a network connection to enable data transmission.
The password can have up to 31 characters and must contain only alphanumeric
characters and punctuation. When set, the password sent to the device must be
terminated with one of the following: (a) 0x0A (LF), (b) 0x00, (c) 0x0D 0x0A (CR
LF), or (d) 0x0D 0x00.
None if you do not want to send an email. Otherwise, select the Email profile to
use for sending.
None if you do not want to send an email. Otherwise, select the Email profile to
use for sending.
device.
device.
5. Click Submit.
6. Repeat above steps as desired, according to additional tunnel(s) available on your product.
Tunnel – Connect Mode
Connect Mode defines how the device makes an outgoing connection through a specific tunnel.
When enabled, Connect Mode is always on and attempting a network connection if the connection
mode condition warrants it. For Connect Mode to function, it must:
Be enabled
Have a remote host configured
Have a remote port configured
Enter the remote host address as an IP address or DNS name. The EDS device will make a
connection only if it can resolve the address. For DNS names, the EDS will re-evaluate the
address after being established for 4 hours. If re-evaluation results in a different address, it will
close the connection.
Connect Mode supports the following protocols:
TCP
AES encryption over TCP and UDP
When setting AES encryption, both the encrypt key and the decrypt key must be specified.
The encrypt key is used for data sent out. The decrypt key is used for receiving data. Both of
the keys may be set to the same value.
SSH
To configure SSH, the SSH client username must be configured. In Connect Mode, the EDS
unit is the SSH client. Ensure the EDS SSH client username is configured on the remote SSH
server before using it with the EDS.
SSL
EDS Device Server User Guide 60
8: Line and Tunnel Settings
UDP
Is only available in Connect Mode because it is a connectionless protocol. For Connect Mode
using UDP, the EDS unit accepts packets from any device on the network. It will send packets
to the last device that sent it packets.
Telnet
Note: The Local Port in Connect Mode is independent of the port configured in Accept
Mode.
There are six different connect modes:
Disable
No connection is attempted.
Always
A connection is always attempted.
Any Character
A connection is attempted if it detects any
Note: While in the “Any Character” or “Start
Character” connection modes, the EDS
waits and retries the connection if the
connection cannot be made. Once it makes
a connection and then disconnects, it will
not reconnect until it sees another character
or the start character again (depending on
the configured setting).
character from the serial port.
Start Character
A connection is attempted if it detects a specific and configurable character from the serial
port.
Modem Control Asserted
A connection is attempted when the modem control pin is asserted in the serial line.
Note: Configure the Modem Control Asserted setting (for DSR or DTR) to start a
Connect Mode connection when the signal is asserted. The unit will try to make a
connection indefinitely. If the connection closes, it will not make another connection
unless the signal is asserted again.
Modem Emulation
A connection is attempted by an ATD command.
To configure Connect Mode for a specific tunnel:
1. Select Tunnel on the menu bar, if you are not already in the Tunnel web page.
2. Select a tunnel number at the top of the page.
3. Select Connect Mode. The Connect Mode page for the specific tunnel appears.
EDS Device Server User Guide 61
Figure 8-16 Tunnel 1 - Connect Mode
8: Line and Tunnel Settings
4. Enter or modify the following settings:
Table 8-17 Tunnel Connect Mode
Tunnel – Connect Mode
Settings
Mode Select the method to be used to attempt a connection to a remote host or device.
Local Port Enter the port for use as the local port. A random port is selected by default.
Description
Choices are:
Disable = an outgoing connection is never attempted.
Always = a connection is attempted until one is made. If the connection gets
disconnected, the EDS retries until it makes a connection. (default)
Any Character = a connection is attempted when any character is read on the
serial line.
Start Character = a connection is attempted when the start character for the
specific tunnel is read on the serial line.
Modem Control Asserted = a connection is attempted as long as the Modem
Control pin (DSR) is asserted, until a connection is made.
Modem Emulation = a connection is attempted when triggered by modem
emulation AT commands.
Once you have configured a number, click the Random link in the Current
Configuration to switch back to random.
EDS Device Server User Guide 62
8: Line and Tunnel Settings
Tunnel – Connect Mode
Description
Settings (continued)
Host (Number)
Click <None> in the Host field to configure the Host parameters.
Address = Enter the remote Host Address as an IP address or DNS name. It
designates the address of the remote host to connect to. Displays configured
IP address or DNS address.
Port = Enter the port for use as the Host Port. It designates the port on the
remote host to connect to. Displays configured Port.
Protocol = Select the protocol type for use with Connect Mode. The default
protocol is TCP. Additional fields may need to be completed depending on
protocol chosen for the host:
For SSH, also enter an SSH Username.
For SSL, also select Enabled or Disabled for Validate Certificate.
For SSL, TCP, TCP AES and Telnet, use the TCP Keep Alive field to
adjust the value.
For TCP AES, enter the AES Encrypt and AES Decrypt Keys. Both of
keys may be set to the same value.
Note: If security is a
concern, it is highly
recommended that SSH
be used. When using
SSH, both the SSH
Server Host Keys and
SSH Server Authorized
Users must be
configured.
For UDP, there are no additional fields to complete. In this mode, the
device accepts packets from any device on the network and sends packets
to the last device that sent it packets.
For UDP AES, enter the AES Encrypt and AES Decrypt Keys.
Validate Certificate = select to enable or disable the certificate. Enabling
Validate Certificate requires the tunnel to verify the remote SSL server
certificate when making a connection. Disabling causes the tunnel to skip
verification of the remote SSL server certificate.
SSH Username = Displays configured username, used only if SSH protocol is
selected.
TCP Keep Alive = Default is 45000 milliseconds. Enter zero to disable and
blank the value to restore the default.
AES Encrypt/Decrypt Key = Displays presence of key, used only if protocol
with AES is selected.
Host Mode Select the host mode if you have more than one host configured:
Sequential
Simultaneous
Note: This field appears when multiple hosts are established. See Connecting
Multiple Hosts on page 65 for more information.
EDS Device Server User Guide 63
8: Line and Tunnel Settings
Tunnel – Connect Mode
Description
Settings (continued)
Reconnect Timer Enter the reconnect time in milliseconds. The device attempts to reconnect after
this amount of time after failing a connection or exiting an existing connection.
This behavior depends upon the Disconnect Mode.
Note:
When you configure Tunnel - Connect Mode, you can specify a number of
milliseconds to attempt to reconnect after a dropped connection has
occurred. The default is 1500 milliseconds.
The Reconnect Timer only applies if a Disconnect Mode is configured.
With a Disconnect Mode set, the device server maintains a connection
until the disconnect mode condition is met (at which time the device server
closes the connection). If the tunnel is dropped due to conditions beyond
the device server, the device server attempts to re-establish a failed
connection when the specified reconnect interval reaches its limit.
Any network-side disconnect is considered an error and a reconnect is
attempted without regard to the Connect Mode settings. Simultaneous
Connect Mode connections require some Disconnect Mode
configurations or the connections will never terminate. See Tunnel –
Connect Mode for more information about the parameters.
If Disconnect Mode is disabled and the network connection is dropped,
then the re-establishment of a tunnel connection is governed by the
configured Connect Mode settings.
Flush Serial Data Select whether to flush the serial line when a connection is made. Choices are:
Enabled = flush the serial line when a connection is made.
Disabled = do not flush the serial line. (default)
Block Serial Select Enabled to block (not tunnel) serial data transmitted to the device. This is
a debugging tool that causes serial data sent to the device to be ignored.
Block Network Select Enabled to block (not tunnel) network data transmitted to the device. This
is a debugging tool that causes network data sent to the device to be ignored.
Email on Connect Select whether the device sends an email when a connection is made. Select
None if you do not want to send an email. Otherwise, select the Email profile to
use.
Email on Disconnect Select whether the device sends an email when a connection is closed. Select
None if you do not want to send an email. Otherwise, select the Email profile to
use.
5. Click Submit. The host is configured. A second host appears underneath the newly
configured host.
6. Repeat these steps to configure additional hosts as necessary. EDS supports configuration of
up to sixteen hosts.
EDS Device Server User Guide 64
8: Line and Tunnel Settings
Connecting Multiple Hosts
If more than one host is configured, a Host Mode option appears. Host Mode controls how
multiple hosts will be accessed. For EDS, the Connect Mode supports up to sixteen Hosts. Hosts
may be accessed sequentially or simultaneously:
Sequential – Sequential host lists establish a prioritized list of tunnels. The host specified as
Host 1 will be attempted first. If that fails, it will proceed to Host 2, 3, etc, in the order they are
specified. When a connection drops, the cycle starts again with Host 1 and proceeds in order.
Establishing the host order is accomplished with host list promotion (see Host List Promotion
on page 66). Sequential is the default Host Mode.
Simultaneous – A tunnel will connect to all hosts accepting a connection. Connections occur
at the same time to all listed hosts. The device can support a maximum of 64 total aggregate
connections.
Figure 8-18 Host 1, Host 2, Host 3 Exchanged
EDS Device Server User Guide 65
8: Line and Tunnel Settings
Host List Promotion
This feature allows Host IP promotion of individual hosts in the overall sequence.
To promote a specific Host:
1. Click the icon in the desired Host field, for example Host 2 and Host 3.
2. The selected Host(s) exchanges its place with the Host above it.
3. Click Submit. The hosts change sequence.
Tunnel – Disconnect Mode
Relates to the disconnection of a specific tunnel. Disconnect Mode ends Accept Mode and
Connect Mode connections. When disconnecting, the EDS unit shuts down the specific tunnel
connection gracefully.
The following settings end a specific tunnel connection:
The EDS receives the stop character.
The timeout period has elapsed and no activity is going in or out of the EDS device. Both
Accept Mode and Connect Mode must be idle for the time frame.
The EDS unit observes the modem control inactive setting.
Note: To clear data out of the serial buffers upon a disconnect, enable “Flush Serial Data”.
To configure the Disconnect Mode for a specific tunnel:
1. Select Tunnel on the menu bar, if you are not already in the Tunnel web page.
2. Select a tunnel number at the top of the page.
3. Select Disconnect Mode. The specific tunnel Disconnect Mode page appears.
Figure 8-19 Tunnel 1 Disconnect Mode
EDS Device Server User Guide 66
4. Enter or modify the following settings:
Table 8-20 Tunnel Disconnect Mode
8: Line and Tunnel Settings
Tunnel – Disconnect
Mode Settings
Stop Character Enter the stop character in ASCII, hexadecimal, or decimal notation. Select
Modem Control Select Enabled to disconnect when the modem control pin is not asserted on the
Timeout Enter a time, in milliseconds, for the device to disconnect on a Timeout. The
Flush Serial Data Select Enabled to flush the serial data buffer on a disconnection.
Description
<None> to disable.
serial line.
value 0 (zero) disables the idle timeout.
5. Click Submit.
6. Repeat above steps as desired, according to additional tunnel(s) available on your product.
Tunnel – Modem Emulation
A tunnel in Connect Mode can be initiated using modem commands incoming from the Serial Line.
This page enables you to configure the modem emulation settings when you select Modem
Emulation as the Tunnel Connect Mode type. The Modem Emulation Command Mode supports
the standard AT command set. For a list of available commands from the serial or Telnet login,
enter AT?. Use ATDT, ATD, and ATDP to establish a connection. All of these commands behave
like a modem. For commands that are valid but not applicable to the EDS, an “OK” message is
sent (but the command is silently ignored).
The EDS unit attempts to make a Command Mode connection as per the IP/DNS/port numbers
defined in Connect Mode. It is possible to override the remote address, as well as the remote port
number.
The following table lists and describes the available commands.
Table 8-21 Modem Emulation Commands and Descriptions
Command Description
+++ Switches to Command Mode if entered from serial port during connection.
AT? Help.
ATDT<Address Info> Establishes the TCP connection to socket (<ipaddress>:<port>).
ATDP<Address Info> See ATDT.
ATD Like ATDT. Dials default Connect Mode remote address and port.
ATD<Address Info> Sets up a TCP connection. A value of 0 begins a command line interface
session.
ATO Switches to data mode if connection still exists. Vice versa to '+++'.
ATEn Switches echo in Command Mode (off - 0, on - 1).
ATH Disconnects the network session.
ATI Shows modem information.
EDS Device Server User Guide 67
8: Line and Tunnel Settings
Table 8-21 Modem Emulation Commands and Descriptions (continued)
Command (continued) Description
ATQn Quiet mode (0 - enable results code, 1 - disable results code.)
ATVn Verbose mode (0 - numeric result codes, 1 - text result codes.)
ATXn Command does nothing and returns OK status.
ATUn Accept unknown commands. (n value of 0 = off. n value of 1 = on.)
AT&V Display current and saved settings.
AT&F Reset settings in NVR to factory defaults.
AT&W Save active settings to NVR.
ATZ Restores the current state from the setup settings.
ATS0=n Accept incoming connection.
N value of 0—Disable
N value of 1—Connect automatically
N value of 2+—Connect with ATA command.
ATA Answer incoming connection (if ATS0 is 2 or greater).
A/ Repeat last valid command.
For commands that can take address information (ATD, ATDT, ATDP), the destination address
can be specified by entering the IP Address, or entering the IP Address and port number. For
example, <ipaddress>:<port>. The port number cannot be entered on its own.
For ATDT and ATDP commands less than 255 characters, the EDS replaces the last segment of
the IP address with the configured Connect Mode remote station address. It is possible to use the
last two segments also, if they are under 255 characters. For example, if the address is
100.255.15.5, entering ATDT 16.6 results in 100.255.16.6.
When using ATDT and ATDP, enter 0.0.0.0 to switch to the Command Line Interface (CLI). Once
the CLI is exited by using the CLI exit command, the EDS reverts to modem emulation mode. By
default, the +++ characters are not passed through the connection. Turn on this capability using
the modem echo pluses command.
To configure modem emulation for a specific tunnel:
1. Select Tunnel on the menu bar, if you are not already in the Tunnel web page.
2. Select a tunnel number at the top of the page.
3. Select Modem Emulation. The Modem Emulation page for the specific tunnel appears.
EDS Device Server User Guide 68
Figure 8-22 Tunnel 1 Modem Emulation
8: Line and Tunnel Settings
4. Enter or modify the following settings:
Table 8-23 Tunnel Modem Emulation
Tunnel- Modem
Emulation Settings
Echo Pluses Select Enabled to echo +++ when entering modem Command Mode.
Echo Commands Select Enabled to echo the modem commands to the console.
Verbose Response Select Enabled to send modem response codes out on the serial line.
Response Type Select the type of response code: Text or Numeric.
Error Unknown
Commands
Incoming
Connection
Connect String Enter the connect string. This modem initialization string prepares the modem for
Display Remote IP Selects whether the incoming RING sent on the Serial Line is followed by the IP
Description
Select whether an ERROR or OK response is sent in reply to unrecognized AT
commands. Choices are:
Enabled = ERROR is returned for unrecognized AT commands.
Disabled = OK is returned for unrecognized AT commands. Default is Disabled.
Select whether Incoming Connection requests will be Disabled, Automatic
(accepted automatically), or Manual (accepted manually). Default is Disabled.
communications. It is a customized string sent with the “CONNECT” modem
response code.
address of the caller. Default is Disabled.
5. Click Submit.
6. Repeat above steps as desired, according to additional tunnel(s) available on your product.
EDS Device Server User Guide 69
9: Terminal and Host Settings
This chapter describes how to view and configure the Terminal Login Connect Menu and
associated Host configuration. It contains the following sections:
Terminal Settings
Host Configuration
The Terminal Login Connect Menu feature allows the EDS device server to present a menu of
predefined connections when the device is accessed via telnet, ssh, or a serial port. From the
menu, a user can choose one of the presented options and the device automatically makes the
predefined connection.
The Terminal page controls whether a Telnet, SSH, or serial port connection presents the CLI or
the Login Connect Menu. By default, the CLI is presented when the device is accessed. When
configured to present the Login Connect Menu, the hosts configured via the Hosts page, and
named serial lines are presented.
Terminal Settings
This page shows configuration settings for each terminal connection method. You can configure
whether each serial line or the telnet/SSH server presents a CLI or a Login Connect menu when a
connection is made.
Terminal Network Configuration
To configure menu features applicable to CLI access via the network:
1. Select Terminal on the menu bar, if you are not already in the Terminal web page.
2. Select Network at the top of the page. The Configuration submenu is automatically selected.
The Terminal Configuration page appears for the network.
Figure 9-1 Terminal on Network Configuration
3. Enter or modify the following settings:
EDS Device Server User Guide 70
9: Terminal and Host Settings
Table 9-2 Terminal on Network Configuration
Terminal on Network
Configuration Settings
Terminal Type Enter text to describe the type of terminal. The text will be sent to a host via IAC.
Login Connect Menu Select the interface to display when the user logs in. Choices are:
Exit Connect Menu Select whether to display a choice for the user to exit the Login Connect Menu
Echo Applies only to Connect Mode Telnet connections, not to Accept Mode. Only
Description
Note: IAC means, “interpret as command.” It is a way to send commands over
the network such as send break or start echoing.
Enabled = shows the Login Connect Menu.
Disabled = shows the CLI
and reach the CLI. Choices are:
Enabled = a choice allows the user to exit to the CLI.
Disabled = there is no exit to the CLI.
disable Echo if your terminal echoes, in which case you will see double of each
character typed.
4. Click Submit to save changes.
Terminal Line Configuration
To configure a specific line to support an attached terminal:
1. Select Terminal on the menu bar. The Terminal web page appears.
2. Select the line number at the top of the page connected to the terminal you want to configure.
The default is Line 1.
Figure 9-3 Terminal on Line Configuration
3. Enter or modify the following settings:
EDS Device Server User Guide 71
9: Terminal and Host Settings
Table 9-4 Terminal on Line 1 Configuration
Terminal on Line
Description
Configuration Settings
Terminal Type Enter text to describe the type of terminal. The text will be sent to a host via IAC.
Note: IAC means, “interpret as command.” It is a way to send commands over
the network such as send break or start echoing.
Login Connect Menu Select the interface to display when the user logs in. Choices are:
Enabled = shows the Login Connect Menu.
Disabled = shows the CLI
Exit Connect Menu Select whether to display a choice for the user to exit the Login Connect Menu
and reach the CLI. Choices are:
Enabled = a choice allows the user to exit to the CLI.
Disabled = there is no exit to the CLI.
Send Break Enter the Send Break control character. If this specified character is received by
the serial line, it will not be sent to the line; instead the line output will be forced
inactive. Sample setting:
<Control>Y. Blank the field to set to <None>.
Break Duration Enter the time in milliseconds for how long the spacing condition will be placed
on the line when a break is sent.
Echo Applies only to Connect Mode Telnet connections, not to Accept Mode. Only
disable Echo if your terminal echoes, in which case you will see double of each
character typed.
4. Click Submit to save changes.
5. Repeat above steps as desired, according to the additional line(s) available on your product.
EDS Device Server User Guide 72
Host Configuration
This Host web page is where you may view and modify current settings for a selected remote host.
To configure a selected remote host:
1. Select Host on the menu bar. The Host web page appears.
2. Select a specific host number at the top of the page. The Host Configuration page for the
selected host appears.
Note: Number of hosts available differ among Lantronix products. Hosts available for
selection may appear listed on the screen (see Figure 9-5) or within a drop-down menu
above the Configuration button.
9: Terminal and Host Settings
Figure 9-5 Host Configuration
3. Enter or modify the following settings:
Table 9-6 Host Configuration
Host Settings Description
Name Enter a name for the host. This name appears on the Login Connect Menu. To
leave a host out of the menu, leave this field blank.
Protocol Select the protocol to use to connect to the host. Choices are:
Telnet
SSH
Note: SSH keys must be loaded or created on the SSH page for the SSH
protocol to work.
SSH Username Enter a username to select a pre-configured Username/Password/Key
(configured on the SSH: Client Users page), or leave it blank to be prompted
for a username and password at connect time.
Note: Appears if you selected SSH as the protocol.
Remote Address Enter an IP address for the host to which the device will connect.
Remote Port Enter the port on the host to which the device will connect.
4. Click Submit to save changes.
5. Repeat above steps as desired, according to additional host(s) available on your product.
EDS Device Server User Guide 73
10: Service Settings
This chapter describes the available services and how to configure each. It contains the following
sections:
DNS Settings
SNMP Settings
FTP Settings
TFTP Settings
Syslog Settings
HTTP Settings
RSS Settings
LPD Settings
DNS Settings
The primary and secondary domain name system (DNS) addresses come from the active
interface. The static addresses from the Network Interface Configuration page may be overridden
by DHCP or BOOTP. The DNS web page enables you to view the status and cache.
When a DNS name is resolved using a forward lookup, the results are stored in the DNS cache
temporarily. The EDS checks this cache when performing forward lookups. Each item in the cache
eventually times out and is removed automatically after a certain period, or you can delete it
manually.
To view the DNS status:
1. Select DNS on the menu bar. The DNS page appears.
Figure 10-1 DNS Settings
EDS Device Server User Guide 74
To find a DNS Name or IP Address:
1. Enter either a DNS name or an IP address in the field beside the Lookup button.
2. Click Lookup.
When a DNS name is resolved, the results appear in the DNS cache.
When an IP address is resolved, the results appear in a text below the Lookup field.
To clear cache entries:
1. Click Remove All to remove all listed cache entries.
2. Click Delete next to a specific cache entry to remove only that one.
SNMP Settings
Simple Network Management Protocol (SNMP) is a network management tool that monitors
network devices for conditions that need attention. The SNMP service responds to SNMP
requests and generates SNMP Traps.
10: Service Settings
This page is used to configure the SNMP agent.
To configure SNMP:
1. Select SNMP on the menu bar. The SNMP page opens and shows the current SNMP
configuration.
Figure 10-2 SNMP Configuration
Note: The system
description string will
reflect the specific
Lantronix product.
EDS Device Server User Guide 75
10: Service Settings
2. Enter or modify the following settings:
Table 10-3 SNMP
SNMP Settings Description
State Select Enabled to enable SNMP.
Read Community Enter the SNMP read-only community string.
Write Community Enter the SNMP read/write community string.
System Contact Enter the name of the system contact.
System Name Enter the system name.
System Description Enter the system description.
System Location Enter the system location.
Traps State Select Enabled to enable the transmission of SNMP Traps. The Cold Start
trap is sent on device boot up, and the Linkdown trap is sent when the
device is rebooted from software control.
Traps Primary Destination Enter the primary SNMP trap host.
Traps Secondary Destination Enter the secondary SNMP trap host.
3. Click Submit.
FTP Settings
The FTP web page shows the current File Transfer Protocol (FTP) configuration and various
statistics about the FTP server.
To configure FTP:
1. Select FTP on the menu bar. The FTP page opens to display the current configuration.
Figure 10-4 FTP Configuration
2. Enter or modify the following settings:
EDS Device Server User Guide 76
FTP Settings Description
State Select Enabled to enable the FTP server.
Admin Username Enter the username to use when logging in via FTP.
Admin Password Enter the password to use when logging in via FTP.
3. Click Submit.
TFTP Settings
In the TFTP web page, you can configure the server and view the statistics about the Trivial File
Transfer Protocol (TFTP) server.
To configure TFTP:
1. Select TFTP on the menu bar. The TFTP page opens to display the current configuration.
10: Service Settings
Table 10-5 FTP Settings
Figure 10-6 TFTP Configuration
2. Enter or modify the following settings:
Table 10-7 TFTP Server
TFTP Settings Description
State Select Enabled to enable the TFTP server.
Allow File Creation Select whether to allow the creation of new files stored on the TFTP server.
EDS Device Server User Guide 77
TFTP Settings (continued) Description
Allow Firmware Update Specifies whether or not the TFTP Server is allowed to accept a firmware
Allow XCR Import Specifies whether the TFTP server is allowed to accept an XML configuration
3. Click Submit.
Syslog Settings
The Syslog web page shows the current configuration and statistics of the system log. Here you
may configure the syslog destination and the severity of the events to log.
To configure the Syslog:
10: Service Settings
update for the device. An attempt to update firmware is recognized based on
the name of the file.
Note: TFTP cannot authenticate the client, so the device is open to
malicious update.
file for update. An attempt to import configuration is recognized based on the
name of the file.
Note: TFTP cannot authenticate the client, so the device is open to
malicious update.
Note: The syslog file is always saved to local storage, but it is not retained through
reboots. Saving the syslog file to a server that supports remote logging services (see RFC
3164) allows the administrator to save the complete syslog history. The default port is 514.
1. Select Syslog on the menu bar. The Syslog page opens to display the current configuration.
Figure 10-8 Syslog
2. Enter or modify the following settings:
EDS Device Server User Guide 78
Syslog Settings Description
State Select to enable or disable the syslog.
Host Enter the IP address of the remote server to which system logs are sent for storage.
Local Port Enter the number of the local port on the device from which system logs are sent.
Remote Port Enter the number of the port on the remote server that supports logging services.
Severity Log Level From the drop-down box, select the minimum level of system message the device
3. Click Submit.
HTTP Settings
Hypertext Transfer Protocol (HTTP) is the transport protocol for communicating hypertext
documents on the Internet. HTTP defines how messages are formatted and transmitted. It also
defines the actions web servers and browsers should take in response to different commands.
HTTP Authentication enables the requirement of usernames and passwords for access to the EDS
device.
10: Service Settings
Table 10-9 Syslog
The default is 514.
should log. This setting applies to all syslog facilities. The drop-down list is in
descending order of severity (e.g., Emergency is more severe than Alert.)
This page has three links at the top for viewing statistics and for viewing and changing
configuration and authentication settings.
HTTP Statistics—Viewing statistics such as bytes received and transmitted, bad requests,
authorizations required, etc.
HTTP Configuration—Configuring and viewing the current configuration.
HTTP Authentication—Configuring and viewing the authentication.
HTTP Statistics
To view HTTP statistics:
This page shows various statistics about the HTTP server.
1. Select HTTP on the menu bar and then Statistics at the top of the page. The HTTP Statistics
page appears.
EDS Device Server User Guide 79
Figure 10-10 HTTP Statistics
10: Service Settings
Note: The HTTP log is a scrolling log, with the last Max Log Entries cached and
viewable. You can change the maximum number of entries that can be viewed on the
HTTP Configuration Page.
EDS Device Server User Guide 80
10: Service Settings
HTTP Configuration
On this page you may change HTTP configuration settings.
To configure HTTP:
1. Select HTTP on the menu bar and then Configuration at the top of the page. The HTTP
Configuration page opens.
Figure 10-11 HTTP Configuration
2. Enter or modify the following settings:
Table 10-12 HTTP Configuration
HTTP Configuration
Settings
State Select Enabled to enable the HTTP server.
Port Enter the port for the HTTP server to use. The default is 80.
Secure Port Enter the port for the HTTPS server to use. The default is 443. The HTTP
Description
server only listens on the HTTPS Port when an SSL certificate is configured.
EDS Device Server User Guide 81
10: Service Settings
HTTP Configuration
Description
Settings (continued)
Secure Protocols Select to enable or disable the following protocols:
TLS1.0 = Transport Layer Security version 1.0. TLS 1.0 is the successor of
SSL3 as defined by the IETF.
TLS1.1 = Transport Layer Security version 1.1
The protocols are enabled by default.
Note: A server certificate and associated private key need to be installed in
the SSL configuration section to use HTTPS.
Max Timeout Enter the maximum time for the HTTP server to wait when receiving a
request. This prevents Denial-of-Service (DoS) attacks. The default is 10
seconds.
Max Bytes Enter the maximum number of bytes the HTTP server accepts when receiving
a request. The default is 40 KB (this prevents DoS attacks).
Logging State Select Enabled to enable HTTP server logging.
Max Log Entries Sets the maximum number of HTTP server log entries. Only the last Max Log
Entries are cached and viewable.
Log Format Set the log format string for the HTTP server. Follow these Log Format rules:
%a - remote IP address (could be a proxy)
%b - bytes sent excluding headers
%B - bytes sent excluding headers (0 = '-')
%h - remote host (same as '%a')
%{h}i - header contents from request (h = header string)
%m - request method
%p - ephemeral local port value used for request
%q - query string (prepend with '?' or empty '-')
%t - timestamp HH:MM:SS (same as Apache '%(%H:%M:%S)t' or
'%(%T)t')
%u - remote user (could be bogus for 401 status)
%U - URL path info
%r - first line of request (same as '%m %U%q <version>')
%s - return status
Authentication Timeout The timeout period applies if the selected authentication type is either Digest
or SSL/Digest. After this period of inactivity, the client must authenticate
again.
3. Click Submit.
HTTP Authentication
EDS Device Server User Guide 82
10: Service Settings
HTTP Authentication enables you to require usernames and passwords to access specific web
pages or directories on the EDS built-in web server.
To configure HTTP authentication settings:
1. Select HTTP on the menu bar and then Authentication at the top of the page. The HTTP
Authentication page opens.
Figure 10-13 HTTP Authentication
2. Enter or modify the following settings:
Table 10-14 HTTP Authentication
Note: To properly view data entries in RSS Settings in certain web browsers, it may be
nececessary to first remove authentication from RSS. Enter the following under HTTP
Authentication: URI: "/rss", Realm: "rss", and AuthType: "None".
HTTP Authentication
Settings
URI Enter the Uniform Resource Identifier (URI).
Realm Enter the domain, or realm, used for HTTP. Required with the URI field.
Description
Note: The URI must begin with ‘/’ to refer to the filesystem.
EDS Device Server User Guide 83
10: Service Settings
HTTP Authentication Settings
(continued)
Auth Type Select the authentication type:
Username
Description
None = no authentication is necessary.
Basic = encodes passwords using Base64.
Digest = encodes passwords using MD5.
SSL = the page can only be accessed over SSL (no password is
required).
SSL/Basic = the page is accessible only over SSL and encodes
passwords using Base64.
SSL/Digest = the page is accessible only over SSL and encodes
passwords using MD5.
Note: When changing the parameters of Digest or SSL Digest
authentication, it is often best to close and reopen the browser to ensure it
does not attempt to use cached authentication information.
Enter the Username used to access the URI.
More than one
Username per URI is permitted.
Click Submit and enter the next Username as necessary.
Password Enter the Password for the Username.
3. Click Submit.
4. To delete the URI and users, click Delete in the current configuration table.
Note: The URI, realm, username, and password are user-specified, free-form fields. The
URI must match the directory created on the EDS file system.
RSS Settings
Really Simple Syndication (RSS) (sometimes referred to as Rich Site Summary) is a method of
feeding online content to Web users. Instead of actively searching for EDS configuration changes,
RSS feeds permit viewing only relevant and new information regarding changes made to the EDS
device server via an RSS publisher. The RSS feeds may also be stored to the file system
cfg_log.txt file.
To configure RSS settings:
1. Select RSS on the menu bar. The RSS page opens and shows the current RSS configuration.
Figure 10-15 RSS
EDS Device Server User Guide 84
10: Service Settings
2. Enter or modify the following settings:
Table 10-16 RSS
RSS Settings Description
RSS Feed Select On to enable RSS feeds to an RSS publisher.
Persistent Select On to enable the RSS feed to be written to a file (cfg_log.txt) and to be
available across reboots.
Max Entries Sets the maximum number of log entries. Only the last Max Entries are cached and
viewable.
View Click View to view current data entries.
Note: It may be necessary to remove authentication from RSS access to view data
entries on certain web browsers. Go to HTTP Authentication on page 82 for more
information.
Clear Click Clear to clear data entries.
3. Select Submit.
4. In the Current Status table, view and clear stored RSS Feed entries, as necessary.
LPD Settings
The EDS device acts as a print server if a printer gets connected to one of its serial ports.
Selecting the Line Printer Daemon (LPD) link in the Main Menu displays the LPD web page. The
LPD web page has three sub-menus for viewing print queue statistics, changing print queue
configuration, and printing a test page. Because the LPD lines operate independently, you can
specify different configuration settings for each.
LPD Statistics
This read-only page shows various statistics about the LPD server.
To view LPD statistics for a specific LPD line:
1. Select LPD on the menu bar. The LPD web page appears.
2. Select an LPD line at the top of the page.
3. Select Statistics. The LPD Statistics page for the selected LPD line appears.
EDS Device Server User Guide 85
10: Service Settings
Figure 10-17 LPD Statistics
4. Repeat above steps as desired, according to additional LPD(s) available on your product.
LPD Configuration
Here you can change LPD configuration settings.
To configure LPD settings for a specific LPD line:
1. Select LPD on the menu bar, if you are not already at the LPD web page.
2. Select a LPD line at the top of the page.
3. Select Configuration. The LPD Configuration for the selected LPD line appears.
Figure 10-18 LPD Configuration
4. Enter or modify the following settings:
EDS Device Server User Guide 86
Table 10-19 LPD Configuration
10: Service Settings
LPD Configuration
Settings
Banner Select Enabled to print the banner even if the print job does not specify to do so.
Binary Select Enabled for the device to pass the entire file to the printer unchanged.
Start of Job Select Enabled to print a "start of job" string before sending the print data.
End of Job Select Enabled to send an "end of job" string.
Formfeed Select Enabled to force the printer to advance to the next page at the end of each
Convert Newlines Select Enabled to convert single newlines and carriage returns to DOS-style line
SOJ String If Start of Job (above) is enabled, enter the string to be sent to the printer at the
EOJ String If End of Job (above) is enabled, enter the string to send at the end of a print job.
Queue Name To change the name of the print queue, enter a new name. The name cannot have
Description
Selected by default.
Otherwise, the device passes only valid ASCII and valid control characters to the
printer. Valid control characters include the tab, linefeed, formfeed, backspace, and
newline characters. All others are stripped. Disabled by default.
print job.
endings.
beginning of a print job. The limit is 100 characters.
Indicate whether the string is in text or binary format.
The limit is 100 characters. Indicate whether the string is in text or binary format.
white space in it and is limited to 31 characters. The default is LPDQueueX (for line
number X)
5. Click Submit.
6. Repeat above steps as desired, according to additional LPD lines available on your product.
Print Test Page
This selection can be chosen to print a test page.
To print a test page:
1. Select LPD on the menu bar, if you are not already at the LPD web page.
2. Select an LPD line at the top of the page.
3. Select Print Test Page. A popup window appears.
4. Enter the numbers to print in the popup window.
5. Click OK.
EDS Device Server User Guide 87
11: Security Settings
The EDS unit supports Secure Shell (SSH) and Secure Sockets Layer (SSL). SSH is a network
protocol for securely accessing a remote device. SSH provides a secure, encrypted
communication channel between two hosts over a network. It provides authentication and
message integrity services.
Secure Sockets Layer (SSL) is a protocol that manages data transmission security over the
Internet. It uses digital certificates for authentication and cryptography against eavesdropping and
tampering. It provides encryption and message integrity services. SSL is widely used for secure
communication to a web server. SSL uses certificates and private keys.
Note: The EDS device server supports SSLv3 and its successors, TLS1.0 and TLS1.1.
An incoming SSLv2 connection attempt is answered with an SSLv3 response. If the
initiator also supports SSLv3, SSLv3 handles the rest of the connection.
This chapter contains the following sections:
SSH Server Host Keys
SSH Server Authorized Users
SSH Client Known Hosts
SSH Client Users
SSL Cipher Suites
SSL Certificates
SSL RSA
SSL Certificates and Private Keys
SSL Utilities
SSL Configuration
SSH Settings
SSH is a network protocol for securely accessing a remote device over an encrypted channel. This
protocol manages the security of internet data transmission between two hosts over a network by
providing encryption, authentication, and message integrity services.
Two instances require configuration: when the EDS unit is the SSH server and when it is an SSH
client. The SSH server is used by the CLI (Command Mode) and for tunneling in Accept Mode.
The SSH client is for tunneling in Connect Mode.
To configure the EDS device server as an SSH server, there are two requirements:
Defined Host Keys: both private and public keys are required. These keys are used for the
Diffie-Hellman key exchange (used for the underlying encryption protocol).
Defined Users: these users are permitted to connect to the EDS SSH server.
This page has four links at the top for viewing and changing SSH server host keys, SSH server
authorized keys, SSH client known hosts, and SSH client users.
EDS Device Server User Guide 88
11: Security Settings
SSH Server Host Keys
SSH Host Keys can be obtained in a few different ways:
Uploading keys via PUTTY or other tools which generate RFC4716 format keys.
Creating keys through the device.
The steps for creating or uploading keys is described below.
To upload SSH server host keys generated from PuTTY:
1. Create the keys with puttygen.exe. The keys are in PuTTY format.
2. Use puttygen.exe again to convert the private key to Open SSH format as follows:
a. Import the private key using "Conversions…Import key."
b. Create a new file using "Conversions…Export OpenSSH key."
3. Use ssh-keygen to convert the public key to OpenSSH format.
ssh-keygen -i -f putty_file > openssh_file
4. Select SSH on the menu bar and SSH Server: Host Keys at the top of the page. The SSH
Server Host Keys page appears.
Figure 11-1 SSH Server: Host Keys (Upload Keys)
5. Enter or modify the following settings in the part of the screen related to uploading keys:
EDS Device Server User Guide 89
11: Security Settings
Table 11-2 SSH Server Host Keys Settings - Upload Keys Method
SSH Server: Host Keys
Settings (continued)
Private Key Enter the path and name of the existing private key you want to upload or
Public Key Enter the path and name of the existing public key you want to upload or use
Key Type Select a key type to use for the new key:
Description
use the Choose File button to select the key. Be sure the private key will not
be compromised in transit. This implies the data is uploaded over some kind
of secure private network.
the Choose File button to select the key.
RSA = use this key with the SSH1 and SSH2 protocols.
DSA = use this key with the SSH2 protocol.
6. Click Submit.
To upload SSH server host RFC4716 format keys:
1. Use any program that can produce keys in the RFC4716 format.
2. Use ssh-keygen to convert the format to OpenSSH.
ssh-keygen -i -f RFC4716_file > output_file
Note: If the keys do not exist, follow directions under To create new SSH server host
keys (on page 91).
3. Select SSH on the menu bar and SSH Server: Host Keys at the top of the page. The SSH
Server Host Keys page appears.
4. Enter or modify the following settings in the part of the screen related to uploading keys:
Table 11-3 SSH Server Host Keys Settings - Upload Keys Method
SSH Server: Host Keys
Settings (continued)
Private Key Enter the path and name of the existing private key you want to upload or use
Public Key Enter the path and name of the existing public key you want to upload or use
Key Type Select a key type to use for the new key:
Description
the Choose File button to select the key. Be sure the private key will not be
compromised in transit. This implies the data is uploaded over some kind of
secure private network.
the Choose File button to select the key.
RSA = use this key with the SSH1 and SSH2 protocols.
DSA = use this key with the SSH2 protocol.
5. Click Submit.
Note: SSH keys may be created on another computer and uploaded to the EDS device
server. For example, use the following command using Open SSH to create a 1024-bit
DSA key pair: ssh-keygen –b 1024 –t dsa
EDS Device Server User Guide 90
11: Security Settings
To create new SSH server host keys
Note: Generating new keys with large bit size results in longer key generation times.
1. Select SSH on the menu bar and SSH Server: Host Keys at the top of the page. The SSH
Server Host Keys page appears.
2. Enter or modify the following settings in the part of the screen related to creating new keys:
Table 11-4 SSH Server Host Keys Settings - Create New Keys Method
SSH Server: Host Keys
Settings
Key Type Select a key type to use:
Bit Size Select a bit length for the new key:
Description
RSA = use this key with SSH1 and SSH2 protocols.
DSA = use this key with the SSH2 protocol.
Note: RSA is more secure.
512
768
1024
Using a larger bit size takes more time to generate the key. Approximate times
are:
10 seconds for a 512 bit RSA Key
15 seconds for a 768 bit RSA Key
1 minute for a 1024 bit RSA Key
30 seconds for a 512 bit DSA Key
1 minute for a 768 bit DSA Key
2 minutes for a 1024 bit DSA Key
Note: Some SSH clients require RSA host keys to be at least 1024 bits long.
This device generates keys up to 1024 bits long. It can work with larger keys
(up to 2048 bit) if they are imported or otherwise created.
3. Click Submit.
Note: SSH Keys from other programs may be converted to the required EDS format.
Use Open SSH to perform the conversion.
SSH Server Authorized Users
On this page you can change SSH server settings for Authorized Users. SSH Server Authorized
Users are accounts on the EDS device server that can be used to log into the EDS using SSH. For
instance, these accounts can be used to SSH into the CLI or open an SSH connection to a device
port. Every account must have a password.
The user's public keys are optional and only necessary if public key authentication is required.
Using public key authentication allows a connection to be made without the password being
asked.
Under Current Configuration, User has a Delete User link, and Public RSA Key and Public
DSA Key have View Key and Delete Key links. If you click a Delete link, a message asks whether
you are sure you want to delete this information. Click OK to proceed or Cancel to cancel the
operation.
EDS Device Server User Guide 91
11: Security Settings
To configure the SSH server for authorized users:
1. Select SSH on the menu bar and then Server Authorized Users at the top of the page. The
SSH Server: Authorized Users page appears.
Figure 11-5 SSH Server: Authorized Users
2. Enter or modify the following settings:
Table 11-6 SSH Server Authorized User Settings
SSH Server: Authorized
Users Settings
Username Enter the name of the user authorized to access the SSH server.
Password Enter the password associated with the username.
Public RSA Key Enter the path and name of the existing public RSA key you want to use with this
Public DSA Key Enter the path and name of the existing public DSA key you want to use with this
Description
user or use the Choose File button to select the key. If authentication is
successful with the key, no password is required.
user or use the Choose File button to select the key. If authentication is
successful with the key, no password is required.
3. Click Add/Edit.
Note: When uploading the security keys, ensure the keys are not compromised in
transit.
EDS Device Server User Guide 92
11: Security Settings
SSH Client Known Hosts
On this page you can change SSH client settings for known hosts.
Note: You do not have to complete the fields on this page for communication to occur.
However, completing them adds another layer of security that protects against Man-InThe-Middle (MITM) attacks.
To configure the SSH client for known hosts:
1. Select SSH on the menu bar and then Client Known Hosts at the top of the page. The SSH
Client: Known Hosts page appears.
Figure 11-7 SSH Client: Known Hosts
2. Enter or modify the following settings:
Table 11-8 SSH Client Known Hosts
SSH Client:
Known Hosts Settings
Server Enter the name or IP address of a known host. If you enter a server name, the
Public RSA Key Enter the path and name of the existing public RSA key you want to use with
Public DSA Key Enter the path and name of the existing public DSA key you want to use with
Description
name should match the name of the server used as the Remote Address in
Connect mode tunneling.
this known host or use the Choose File button to select the key.
this known host or use the Choose File button to select the key.
Note: These settings are not required for communication. They protect against Man-In-
The-Middle (MITM) attacks.
3. Click Submit.
4. In the Current Configuration table, delete currently stored settings as necessary.
EDS Device Server User Guide 93
11: Security Settings
SSH Client Users
On this page you can change SSH client settings for users. To configure the EDS device server
as an SSH client, an SSH client user must be both configured and also exist on the remote SSH
server.
SSH client known users are used by all applications that play the role of an SSH client, specifically
tunneling in Connect Mode. At the very least, a password or key pair must be configured for a
user. The keys for public key authentication can be created elsewhere and uploaded to the device
or automatically generated on the device. If uploading existing keys, be sure the private key will
not be compromised in transit. This implies the data is uploaded over some kind of secure private
network.
Note: If you are providing a key by uploading a file, make sure that the key is not
password protected.
To configure the SSH client users:
1. Select SSH on the menu bar and then SSH Client Users at the top of the page. The SSH
Client: Users page appears.
Figure 11-9 SSH Client: Users
EDS Device Server User Guide 94
2. Enter or modify the following settings:
Table 11-10 SSH Client Users
11: Security Settings
SSH Client: Users
Description
Settings
Username Enter the name that the device uses to connect to a SSH server.
Password Enter the password associated with the username.
Remote Command Enter the command that can be executed remotely. Default is shell, which tells the
SSH server to execute a remote shell upon connection. This command can be
changed to anything the remote host can perform.
Private Key Enter the name of the existing private key you want to use with this SSH client user.
You can either enter the path and name of the key, or use the BrowseBrowse button
to select the key.
Public Key Enter the path and name of the existing public key you want to use with this SSH
client user or use the BrowseBrowse button to select the key.
Note: If the user public key is known on the remote SSH server, the SSH server
does not require a password. The Remote Command is provided to the SSH server
upon connection. It specifies the application to execute upon connection. The default
is a command shell.
Note: Configuring the SSH client’s known hosts is optional. It prevents Man-In-The-
Middle (MITM) attacks
Key Type Select the key type to be used. Choices are:
RSA = use this key with the SSH1 and SSH2 protocols.
DSA = use this key with the SSH2 protocol.
Create New Keys
Username Enter the name of the user associated with the new key.
Key Type Select the key type to be used for the new key. Choices are:
RSA = use this key with the SSH1 and SSH2 protocols.
DSA = use this key with the SSH2 protocol.
Bit Size Select the bit length of the new key:
512
768
1024
Using a larger Bit Size takes more time to generate the key. Approximate times are:
10 seconds for a 512 bit RSA Key
15 seconds for a 768 bit RSA Key
1 minute for a 1024 bit RSA key
30 seconds for a 512 bit DSA key
1 minute for a 768 bit DSA key
2 minutes for a 1024 bit DSA key
Note: Some SSH clients require RSA host keys to be at least 1024 bits long. This
device generates keys up to 1024 bits long. It can work with larger keys (up to 2048
bit) if they are imported or otherwise created.
3. Click Submit.
4. In the Current Configuration table, click Delete User to delete currently stored user settings
as necessary.
EDS Device Server User Guide 95
SSL Settings
Secure Sockets Layer (SSL) is a protocol for managing the security of data transmission over the
Internet. It provides encryption, authentication, and message integrity services. SSL is widely used
for secure communication to a web server.
Certificate/Private key combinations can be obtained from an external Certificate Authority (CA)
and downloaded into the unit. Self-signed certificates with associated private key can be
generated by the device server itself.
For more information regarding Certificates and how to obtain them, see SSL Certificates and
Private Keys (on page 97).
SSL uses digital certificates for authentication and cryptography against eavesdropping and
tampering. Sometimes only the server is authenticated; sometimes both server and client are
authenticated. The EDS device server can be server and/or client, depending on the application.
Public key encryption systems exchange information and keys and set up the encrypted tunnel.
Efficient symmetric encryption methods encrypt the data going through the tunnel after it is
established. Hashing provides tamper detection.
Applications that can make use of SSL are Tunneling, Secure Web Server, and WLAN interface.
The EDS unit supports TLS1.0 and TLS1.1.
11: Security Settings
SSL Cipher Suites
The SSL standard defines only certain combinations of certificate type, key exchange method,
symmetric encryption, and hash method. Such a combination is called a cipher suite. Supported
cipher suites include the following:
Table 11-11 Supported Cipher Suites
Certificate Key Exchange Encryption Hash
RSA RSA 128 bits AES SHA1
RSA RSA Triple DES SHA1
RSA RSA 128 bits RC4 MD5
RSA RSA 128 bits RC4 SHA1
RSA 1024 bits RSA 56 bits RC4 MD5
RSA 1024 bits RSA 56 bits RC4 SHA1
RSA 1024 bits RSA 40 bits RC4 MD5
Whichever side is acting as server decides which cipher suite to use for a connection. It is usually
the strongest common denominator of the cipher suite lists supported by both sides.
Note: The SHA2 hash algorithm negotiates with the MD5 or SHA1 ciphers to establish a
successful SSL connection.
SSL Certificates
EDS Device Server User Guide 96
11: Security Settings
The goal of a certificate is to authenticate its sender. It is analogous to a paper document that
contains personal identification information and is signed by an authority, for example a notary or
government agency.
The principles of Security Certificate require that in order to sign other certificates, the authority
uses a private key. The published authority certificate contains the matching public key that allows
another to verify the signature but not recreate it.
The authority’s certificate can be signed by itself, resulting in a self-signed or trusted-root
certificate, or by another (higher) authority, resulting in an intermediate authority certificate. You
can build up a chain of intermediate authority certificates, and the last certification will always be a
trusted-root certificate.
An authority that signs other certificates is also called a Certificate Authority (CA). The last in line is
then the root-CA. VeriSign is a famous example of such a root-CA. Its certificate is often built into
web browsers to allow verifying the identity of website servers, which need to have certificates
signed by VeriSign or another public CA. Since obtaining a certificate signed by a CA that is
managed by another company can be expensive, it is possible to have your own CA. Tools exist to
generate self-signed CA certificates or to sign other certificates.
A certificate request is a certificate that has not been signed and only contains the identifying
information. Signing it makes it a certificate. A certificate is also used to sign any message
transmitted to the peer to identify the originator and prevent tampering while transported.
SSL RSA
As mentioned above, the certificates contain a public key. Different key exchange methods require
different public keys and thus different styles of certificate. The EDS device server supports key
exchange methods that require a RSA-style certificate and key exchange methods that require a
RSA-style certificate. If only one of these certificates is stored in the EDS unit, only those key
exchange methods that can work with that style certificate are enabled. RSA is sufficient in most
cases.
The creation of a self-signed SSL certificate supports MD5 hash algorithms with a 1024 bit key
length. Uploading an SSL certificate will support MD5, SHA1 and SHA2 families (e.g., SHA256,
SHA384, and SHA512 hash algorithms with key lengths of 1024 & 2048 bits).
SSL Certificates and Private Keys
You can obtain a certificate by completing a certificate request and sending it to a certificate
authority that will create a certificate/key combo, usually for a fee, or you can generate your own. A
few utilities exist to generate self-signed certificates or sign certificate requests. The EDS device
server also has the ability to generate its own self-signed certificate/key combo.
You can use XML to export the certificate in PEM format, but you cannot export the key. Hence the
internal certificate generator can only be used for certificates that are to identify that particular
EDS unit.
Certificates and private keys can be stored in several file formats. Best known are PKCS12, DER
and PEM. Certificate and key can be in the same file or in separate files. The key can be encrypted
with a password or not. The EDS device server currently only accepts separate PEM files. The key
needs to be unencrypted.
EDS Device Server User Guide 97
11: Security Settings
SSL Utilities
Several utilities exist to convert between the formats.
OpenSSL
Open source is a set of SSL related command line utilities. It can act as server or client. It can
generate or sign certificate requests. It can convert all kinds of formats. Executables are available
for Linux and Windows. To generate a self-signed RSA certificate/key combo use the following
commands in the order shown:
openssl req –x509 –nodes –days 365 –newkey rsa:1024 –keyout
mp_key.pem –out mp_cert.pem
Note: Signing other certificate requests is also possible with OpenSSL. See
www.openssl.org
Steel Belted RADIUS
Commercial RADIUS server by Juniper Networks that provides a GUI administration interface. It
also provides a certificate request and self-signed certificate generator. The self-signed certificate
has extension .sbrpvk and is in the PKCS12 format. OpenSSL can convert this into a PEM format
certificate and key by using the following commands in the order shown:
or www.madboa.com/geek/openssl for more information.
openssl pkcs12 -in sbr_certkey.sbrpvk -nodes -out sbr_certkey.pem
The sbr_certkey.pem file contains both certificate and key. If loading the SBR certificate into EDS
unit as an authority, you will need to edit it.
1. Open the file in any plain text editor.
2. Delete all info before the following: “----- BEGIN CERTIFICATE-----“
3. Delete all info after the following: “----- END CERTIFICATE-----“
4. Save as sbr_cert.pem. SBR accepts trusted-root certificates in the DER format.
5. Again, OpenSSL can convert any format into DER by using the following commands in the
order shown:
openssl x509 -inform pem -in mp_cert.pem -outform der -out
mp_cert.der
Note: With SBR, when the identity information includes special characters such as
dashes and periods, SBR changes the format it uses to store these strings and becomes
incompatible with the current EDS release. We will add support for this and other formats
in future releases. Free RADIUS—Linux open-source RADIUS server. It is versatile, but
complicated to configure.
Free RADIUS
Free RADIUS is a Linux open-source RADIUS server. It is versatile, but complicated to configure.
EDS Device Server User Guide 98
SSL Configuration
To configure SSL settings:
1. Select SSL from the main menu. The SSL page appears.
Figure 11-12 SSL
11: Security Settings
EDS Device Server User Guide 99
11: Security Settings
2. Enter or modify the following settings:
Table 11-13 SSL
SSL Settings Description
Upload Certificate
New Certificate This certificate identifies the device to peers. It is used for HTTPS and SSL
Tunneling.
Enter the path and name of the certificate you want to upload, or use the
Choose File button to select the certificate.
RSA certificates with 1024 or 2048 bit public keys are allowed.
Note: The format of the file must be PEM. The file must start with “-----
BEGIN CERTIFICATE-----“ and end with “-----END CERTIFICATE-----“.
Some Certificate Authorities add comments before and/or after these lines.
Those need to be deleted before upload.
New Private Key Enter the path and name of the private key you want to upload, or use the
Choose File button to select the private key. The key needs to belong to the
certificate entered above.
The format of the file must be PEM. The file must start with “-----BEGIN RSA
PRIVATE KEY-----” and end with “-----END RSA PRIVATE KEY-----”. Some
Certificate Authorities add comments before and/or after these lines. Those
need to be deleted before upload.
Upload Authority Certificate
Authority One or more authority certificates are needed to verify a peer's identity. It is
used for SSL Tunneling. These certificates do not require a private key.
Enter the path and name of the certificate you want to upload, or use the
Choose File button to select the certificate.
RSA certificates with 1024 or 2048 bit public keys are allowed.
The format of the file must be PEM. The file must start with “-----BEGIN
CERTIFICATE-----” and end with “-----END CERTIFICATE-----”. Some
Certificate Authorities add comments before and/or after these lines. Those
need to be deleted before upload.
Create New Self-Signed Certificate
Country (2 Letter Code) Enter the 2-letter country code to be assigned to the new self-signed
certificate.
Examples: US for United States and CA for Canada
State/Province Enter the state or province to be assigned to the new self-signed certificate.
Locality (City) Enter the city or locality to be assigned to the new self-signed certificate.
Organization Enter the organization to be associated with the new self-signed certificate.
Example: If your company is called Widgets, and you are setting up a web
server for the Sales department, enter Widgets for the organization.
Organization Unit Enter the organizational unit to be associated with the new self-signed
certificate.
Example: If your company is setting up a web server for the Sales
department, enter Sales for your organizational unit.
EDS Device Server User Guide 100
Loading...