Lantronix SecureBox SDS1100 User Manual
SecureBox
SDS1100
User Guide
Part Number 900-354
Revision A April 2004
Copyright & Trademark
© 2004, Lantronix. All rights reserved. No part of the contents of this book may be
transmitted or reproduced in any form or by any means without the written permission
of Lantronix. Printed in the United States of America.
Ethernet is a trademark of XEROX Corporation. UNIX is a registered trademark of
The Open Group. Windows 95, Windows 98, Windows 2000, and Windows NT are
trademarks of Microsoft Corp. Netscape is a trademark of Netscape Communications
Corporation.
Contacts
Lantronix
15353 Barranca Parkway
Irvine, CA 92618, USA
Phone: 949-453-3990
Fax: 949-453-3995
Technical Support
Phone: 800-422-7044 or 949-453-7198
Fax: 949-450-7226
Online:
E-mail
www.lantronix.com/support
support@lantronix.com
Sales Offices
For a current list of our domestic and international sales offices, go to the Lantronix
web site at
http://www.lantronix.com/about/contact/index.html
2
SDS1100 User Guide
Disclaimer & Revisions
Operation of this equipment in a residential area is likely to cause interference in
which case the user, at his or her own expense, will be required to take whatever
measures may be required to correct the interference.
Note: This product has been designed to comply with the limits for a Class A
digital device pursuant to Part 15 of FCC Rules. These limits are designed to
provide reasonable protection against such interference when operating in a
commercial environment. This equipment generates, uses, and can radiate
radio frequency energy, and if not installed and used in accordance with this
guide, may cause harmful interference to radio communications.
Changes or modifications to this device not explicitly approved by Lantronix will void
the user's authority to operate this device.
The information in this guide may change without notice. The manufacturer assumes
no responsibility for any errors that may appear in this guide.
Note: Export Control Classification Number 5A002, License exception ENC. The
following export agreement is required for encryption:
I agree that I will not export or re-export this product or firmware to a national resident
of Cuba, Iran, Iraq, Libya, North Korea, Sudan, Syria or any other country to which
the United States has embargoed goods; or to anyone on the US Treasury
Department's list of Specially Designated Nationals and Blocked Persons, US
Commerce Department's Table of Denial Orders and Entitles List, or the US State
Department's Debarred List. By receiving this product, I am agreeing to the foregoing
and I am representing and warranting that I am not located in, under the control of, or
a national or resident of any such country or on any such list.
Date Part No. Rev. Comments
4/04 900-354 A
Initial Document
3
SDS1100 User Guide
Declaration of Conformity
(according to ISO/IEC Guide 22 and EN 45014)
Manufacturer’s Name & Address:
Lantronix 15353 Barranca Parkway, Irvine, CA 92618 USA
Declares that the following product:
Product Name Model: SecureBox Device Server SDS1100
Conforms to the following standards or other normative documents:
Safety: EN60950:1992+A1, A2, A3, A4, A11
Electromagnetic Emissions:
EN55022: 1994 (IEC/CSPIR22: 1993)
FCC Part 15, Subpart B, Class B
IEC 1000-3-2/A14: 2000
IEC 1000-3-3: 1994
Electromagnetic Immunity:
EN55024: 1998 Information Technology Equipment-Immunity Characteristics
IEC61000-4-2: 1995 Electro-Static Discharge Test
IEC61000-4-3: 1996 Radiated Immunity Field Test
IEC61000-4-4: 1995 Electrical Fast Transient Test
IEC61000-4-5: 1995 Power Supply Surge Test
IEC61000-4-6: 1996 Conducted Immunity Test
IEC61000-4-8: 1993 Magnetic Field Test
IEC61000-4-11: 1994 Voltage Dips & Interrupts Test
(L.V.D. Directive 73/23/EEC)
Supplementary Information:
This Class A digital apparatus complies with Canadian ICES-003 (CSA) and has
been verified as being compliant within the Class A limits of the FCC Radio
Frequency Device Rules (FCC Title 47, Part 15, Subpart B CLASS A), measured to
CISPR 22: 1993 limits and methods of measurement of Radio Disturbance
Characteristics of Information Technology Equipment. The product complies with the
requirements of the Low Voltage Directive 72/23/EEC and the EMC Directive
89/336/EEC.
Encryption: This product includes AES encryption certified by the National Institute of
Standard and Technology to FIPS-197 standard certification #120.
Export Control Classification Number 5A002, License exception ENC.
Manufacturer’s Contact:
Director of Quality Assurance, Lantronix
15353 Barranca Parkway, Irvine, CA 92618 USA
Tel: 949-453-3990
Fax: 949-453-3995
4
SDS1100 User Guide
5
SDS1100 User Guide
Warranty
Lantronix warrants each Lantronix product to be free from defects in material and
workmanship for a period of TWO YEARS after the date of shipment. During this
period, if a customer is unable to resolve a product problem with Lantronix Technical
Support, a Return Material Authorization (RMA) will be issued. Following receipt of an
RMA number, the customer shall return the product to Lantronix, freight prepaid.
Upon verification of warranty, Lantronix will -- at its option -- repair or replace the
product and return it to the customer freight prepaid. If the product is not under
warranty, the customer may have Lantronix repair the unit on a fee basis or return it.
No services are handled at the customer's site under this warranty. This warranty is
voided if the customer uses the product in an unauthorized or improper way, or in an
environment for which it was not designed.
Lantronix warrants the media containing its software product to be free from defects
and warrants that the software will operate substantially according to Lantronix
specifications for a period of 60 DAYS after the date of shipment. The customer will
ship defective media to Lantronix. Lantronix will ship the replacement media to the
customer.
* * * *
In no event will Lantronix be responsible to the user in contract, in tort (including
negligence), strict liability or otherwise for any special, indirect, incidental or
consequential damage or loss of equipment, plant or power system, cost of capital,
loss of profits or revenues, cost of replacement power, additional expenses in the use
of existing software, hardware, equipment or facilities, or claims against the user by
its employees or customers resulting from the use of the information,
recommendations, descriptions and safety notations supplied by Lantronix. Lantronix
liability is limited (at its election) to:
refund of buyer's purchase price for such affected products (without interest)
repair or replacement of such products, provided that the buyer follows the above
procedures.
There are no understandings, agreements, representations or warranties, express or
implied, including warranties of merchantability or fitness for a particular purpose,
other than those specifically set out above or by any existing contract between the
parties. Any such contract states the entire obligation of Lantronix. The contents of
this document shall not become part of or modify any prior or existing agreement,
commitment or relationship.
For details on the Lantronix warranty replacement policy, go to our web site at
http://www.lantronix.com/support/warranty/index.html
6
SDS1100 User Guide
Contents
Disclaimer & Revisions _______________________________________________ 3
Warranty __________________________________________________________ 6
1: Introduction _________________________________________________10
Features _________________________________________________________ 10
Protocol Support ___________________________________________________ 10
Connections and Pinouts_____________________________________________ 11
Serial Port_____________________________________________________ 11
Serial Connector Pinouts _________________________________________ 11
Network Port___________________________________________________ 12
Ethernet Connector Pinouts _______________________________________ 12
LEDs ____________________________________________________________ 13
Product Information Label ____________________________________________ 13
Technical Specifications _____________________________________________ 14
2: Getting Started _______________________________________________16
Addresses and Port Number__________________________________________ 16
Ethernet (MAC) Address__________________________________________ 16
Internet Protocol (IP) Address______________________________________ 16
Port Number ___________________________________________________ 16
Physically Connecting the Unit ________________________________________ 17
Methods of Assigning the IP Address ___________________________________ 18
DHCP ___________________________________________________________ 19
AutoIP ___________________________________________________________ 19
DeviceInstaller_____________________________________________________ 20
Install the DeviceInstaller _________________________________________ 20
Assign IP Address and Network Class _______________________________ 20
Add the Unit to the Manage List ____________________________________ 23
Opening a Configuration Window ___________________________________ 23
ARP and Telnet____________________________________________________ 24
Serial Port Login ___________________________________________________ 25
3: Configuring the Unit___________________________________________27
Configuring via Web Browser _________________________________________ 27
Configuring via the Setup Mode Window ________________________________ 30
Using a Telnet Connection ________________________________________ 30
7
SDS1100 User Guide
Using the Serial Port _____________________________________________ 32
Server Configuration (Network Configuration)_____________________________ 33
IP Address_____________________________________________________ 33
Set Gateway IP Address __________________________________________ 33
Netmask ______________________________________________________ 33
Change Telnet configuration password_______________________________ 34
DHCP Naming__________________________________________________ 34
Channel 1 Configuration (Serial Port Parameters)__________________________ 35
Baudrate ______________________________________________________ 35
I/F (Interface) Mode______________________________________________ 35
Flow__________________________________________________________ 36
Port Number ___________________________________________________ 36
Connect Mode__________________________________________________ 37
Remote IP Address ______________________________________________ 40
Remote Port ___________________________________________________ 40
DisConnMode __________________________________________________ 40
Flush Mode (Buffer Flushing) ______________________________________ 41
Pack Control ___________________________________________________ 41
DisConnTime (Inactivity Timeout) ___________________________________ 42
Send Characters ________________________________________________ 43
Telnet Terminal Type_____________________________________________ 43
Channel (Port) Password _________________________________________ 43
Expert Settings_____________________________________________________ 43
TCP Keepalive time in s __________________________________________ 43
ARP Cache timeout in s __________________________________________ 44
Security Settings ___________________________________________________ 44
Disable SNMP__________________________________________________ 44
SNMP Community Name _________________________________________ 44
Disable Telnet Setup_____________________________________________ 44
Disable TFTP Firmware Upgrade ___________________________________ 45
Disable Port 77FE (Hex) __________________________________________ 45
Disable Web Setup ______________________________________________ 45
Enable Enhanced Password _______________________________________ 45
Enable Encryption _______________________________________________ 45
Factory Default Settings______________________________________________ 46
Channel 1 Configuration Defaults ___________________________________ 47
Expert Settings Defaults __________________________________________ 47
8
SDS1100 User Guide
Security Settings Defaults_________________________________________ 47
Exit Configuration Mode _____________________________________________ 47
4: Updating Firmware____________________________________________48
Obtaining Firmware_________________________________________________ 48
Reloading Firmware ________________________________________________ 48
Via DeviceInstaller ______________________________________________ 48
Via TFTP______________________________________________________ 50
Via Another Unit ________________________________________________ 51
Via the Serial Port_______________________________________________ 51
5: Troubleshooting______________________________________________54
Technical Support __________________________________________________ 54
Monitor Mode______________________________________________________ 58
Via the Serial Port_______________________________________________ 58
Via the Network_________________________________________________ 58
Monitor Mode Commands_________________________________________ 58
6: Binary to Hexadecimal_________________________________________60
Converting Binary to Hexadecimal _____________________________________ 60
Connect Mode Options ______________________________________________ 61
Disconnect Mode Options ____________________________________________ 65
Flush Mode (Buffer Flushing) Options___________________________________ 67
Interface Mode Options______________________________________________ 73
Pack Control Options________________________________________________ 74
9
1: Introduction
Features
The SecureBox family of Secure Device Servers (SDS) allows serial devices such as
those listed below to securely connect and communicate over Ethernet networks
using the IP protocol family (TCP for connection-oriented stream applications and
UDP for datagram applications).
Security Alarms
Access Control Devices
Fire Control Panels
Time/Attendance Clocks and Terminals
ATM Machines
Data Collection Devices
RFID readers
Universal Power Supply (UPS) Management Units
Telecommunications Equipment
Data Display Devices
Protocol Support
The SDS1100 uses the Internet Protocol (IP) for network communications and the
Transmission Control Protocol (TCP) to assure that no data is lost or duplicated, and
that everything sent to the connection arrives correctly at the target.
Other supported protocols are listed below:
ARP, UDP, TCP, ICMP, Telnet, TFTP, AutoIP, DHCP, HTTP, and SNMP for
network communications.
TCP, UDP, and Telnet for connections to the serial port.
TFTP for firmware updates.
IP for addressing, routing, and data block handling over the network.
User Datagram Protocol (UDP) for typical datagram applications in which
devices interact with other devices without maintaining a point-to-point
connection.
10
SDS1100 User Guide 1: Introduction
Connections and Pinouts
Serial Port
The unit has a female DCE DB25 serial port that supports RS-232 and RS-485/422
serial standards (software selectable) up to 115 Kbps.
Figure 1-1. Serial Interface
DB25 Serial Port
Serial Connector Pinouts
The unit’s female DB25 connector provides an RS-232C, RS-485, or RS-422 DCE
serial port. The default serial port settings are 9600 baud, 8 bits, no parity, and 1 stop
bit.
Figure 1-2. DB25F DCE Serial Connector
11
SDS1100 User Guide 1: Introduction
Network Port
The unit's back panel contains a 9-30VDC power plug and an RJ45 (10/100)
Ethernet port.
Figure 1-3. Network Interface
Ethernet Connector Pinouts
The unit supports 10 Mbps Ethernet through an RJ45 connector.
Figure 1-4. RJ45 Ethernet Connector
12
SDS1100 User Guide 1: Introduction
LEDs
The unit contains the following LEDs:
10 Mbps Link/Activity (green)
100 Mbps Link/Activity (green)
Collisions
Diagnostics (red)
Status (yellow)
Simultaneously lit red and green LEDs mean something is wrong. If the red LED is lit
or blinking, count the number of times the green LED blinks between its pauses. The
following table explains the LED functions:
Table 1-1. SDS1100 LEDs
Serial LEDs Meaning
10 Mbps link/activity steady green Valid 10 Mbps network connection
10 Mbps link/activity blinking Network packets transmitting and receiving
100 Mbps link/activity steady green Valid 100 Mbps network connection
100Mbps link/activity blinking Network packets transmitting and receiving
Collision blinking red Network collisions
Diagnostic steady red and status blinking
green
Diagnostic blinking red and status
blinking green
Status steady green Serial port not connected to network
Status blinking green Serial port connected to network
2 blinks = RAM error
4 blinks = EEPROM checksum error
5 blinks = Duplicate IP address on network
5 blinks = No DHCP response
Product Information Label
The product information label on the underside of the unit contains the following
information about your specific unit:
Bar Code
Serial Number
Product ID (name)
Product Description
Ethernet Address (also referred to as Hardware Address or MAC Address)
13
SDS1100 User Guide 1: Introduction
Technical Specifications
CPU, Memory Lantronix DSTni-LX 186 CPU, 48 MHz
1 MByte FLASH ROM
256 Kbytes zero wait state RAM
Serial Interface Female DB25 connector (DCE pinout)
Speed software selectable (300 to 115 kBaud)
Software selectable RS-232C or RS-422/485
Network Interface 10/100 RJ45 Ethernet
Power Supply External adapter included
120VAC USA
100 - 240 VAC Universal with regional connectors
Power Input 9-30 VDC or 9-24 VAC (1W maximum)
Dimensions
Weight 0.35 Kg (0.8 lbs)
Temperature
Relative Humidity Operating: 10% to 90% non-condensing, 40% to 60% recommended
Height: 2.3 cm (0.9 in)
Width: 6.4 cm (2.5 in)
Depth: 9.0 cm (3.5 in)
Operating range: 5° to 50° C (41° to 122° F)
Storage range: -40° to 66° C (-40° to 151° F)
Storage: 10% to 90% non-condensing
14
SDS1100 User Guide 1: Introduction
15
2: Getting Started
Addresses and Port Number
Ethernet (MAC) Address
The Ethernet address is also referred to as the hardware address or the MAC
address. The first three bytes of the Ethernet Address are fixed and read 00-20-4A,
identifying the unit as a Lantronix product. The fourth, fifth, and sixth bytes are unique
numbers assigned to each unit.
Figure 2-1. Sample Ethernet Address
00-20-4A-14-01-18 or 00:20:4A:14:01:18
Internet Protocol (IP) Address
Every device connected to an IP network must have a unique IP address. This
address is used to reference the specific unit.
Port Number
Every TCP connection and every UDP datagram is defined by a destination IP
address and a port number. For example, a Telnet application commonly uses port
number 23. A port number is similar to an extension on a PBX system.
The unit’s serial channel (port) can be associated with a specific TCP/UDP port
number. Port number 9999 is reserved for access to the unit's Setup (configuration)
Mode window.
16
SDS1100 User Guide 2: Getting Started
Physically Connecting the Unit
The following diagram shows a properly installed unit:
Figure 2-2. SDS1100 Connected to Serial Device and Netwo rk
To install the unit, complete the following steps in order. Refer to the numbers in the previous
figure.
1. Connect a serial device to your unit. See Connections and Pinouts in the
Introduction for more information about what kinds of device attachments the unit
supports.
2. Connect an Ethernet cable to the 10/100 port.
3. Supply power to your unit using the power supply that was included in the
packaging.
Note: The required input voltage is 9-30 VDC or 9-24 VAC
(1 W maximum).
4. Supply power to the serial device.
17
SDS1100 User Guide 2: Getting Started
Methods of Assigning the IP Address
The unit's IP address must be configured before a network connection is available.
You have the following options for assigning an IP to your unit:
Method Description
DHCP A DHCP server automatically assigns the IP address and network settings.
DeviceInstaller You manually assign the IP address using a graphical user interface (GUI).
You must use a PC and the unit must be attached to the local network.
ARP and
Telnet
AutoIP This automatic method is appropriate when you have a small group of hosts rather
Serial Port
Login
You manually assign the IP address and other network settings at a command
prompt using a UNIX or Windows-based system. Only one person at a time can
be logged into the configuration port (port 9999). This eliminates the possibility of
several people simultaneously attempting to configure the unit.
than a large network. This method allows the hosts to negotiate with each other
and assign addresses, in effect creating a small network.
You initially configure the unit through a serial connection.
These methods are described in the remaining sections of this chapter.
Note: In most installations, a fixed IP address is desirable. The systems
administrator generally provides the IP address. Obtain the following
information before starting to set up your unit:
IP Address ___ ___ ___ ___
Subnet Mask: ___ ___ ___ ___
Gateway: ___ ___ ___ ___
18
SDS1100 User Guide 2: Getting Started
DHCP
The unit ships with a default IP address of 0.0.0.0, which automatically enables
DHCP.
Provided a DHCP server exists on the network, it will provide the unit with an IP
address, gateway address, and subnet mask when the unit boots up. The SDS1100
has acquired an IP address if the red LED stops flashing and the green Status LED is
on continuously. (If no DHCP server exists, the unit responds with a diagnostic error:
the red Diagnostic LED blinks continuously, and the green Status LED blinks five
times. This blinking only continues for about 15 seconds.)
You can use the DeviceInstaller software to search the network for the IP your unit
has been assigned by the DHCP server and add it to the managed list. See Add the
Unit to the Manage List later in this chapter.
Note: This DHCP address will not appear in the unit’s standard
configuration screens. You can, however, determine your unit’s DHCPassigned IP address in Monitor Mode. When you enter Monitor Mode from
the serial port with network connection enabled (see Monitor Mode in the
Troubleshooting chapter) and issue the NC (Network Communication)
command, you will see the unit’s IP configuration.
AutoIP
The unit ships with a default IP address of 0.0.0.0, which automatically enables Auto
IP within the unit. AutoIP is an alternative to DHCP that allows hosts to automatically
obtain an IP address in smaller networks that may not have a DHCP server. A range
of IP addresses (from 169.254.0.1 to 169.254.255.1) has been explicitly reserved for
AutoIP-enabled devices. The range of Auto IP addresses is not to be used over the
Internet.
If your unit cannot find a DHCP server, and you have not manually assigned an IP
address to it, the unit automatically selects an address from the AutoIP reserved
range. Then, your unit sends out a (ARP) request to other nodes on the same
network to see whether the selected address is being used.
If the selected address is not in use, then the unit uses it for local subnet
communication.
If another device is using the selected IP address, the unit selects another
address from the AutoIP range and reboots itself. After reboot, the unit sends
out another ARP request to see if the selected address is in use, and so on.
AutoIP is not intended to replace DHCP. The unit will continue to look for a DHCP
server on the network. If a DHCP server is found, the unit will switch to the DHCP
server-provided address and reboot.
Note: If a DHCP server is found, but it denies the request for an IP address,
the unit does not attach to the network, but waits and retries.
AutoIP can be disabled by setting the unit’s IP address to 0.0.1.0. This setting
enables DHCP but disables AutoIP.
19
SDS1100 User Guide 2: Getting Started
DeviceInstaller
You can manually assign the IP address using the DeviceInstaller, which is on the
product CD.
Install the DeviceInstaller
1. Insert the product CD into your CD-ROM drive. The Lantronix SDS1100
DeviceServer window displays.
2. If the CD does not launch automatically:
3. Click the Start button on the Task Bar and select Run.
4. Enter your CD drive letter, colon, backslash, deviceinstaller.exe (e.g.,
E:\deviceinstaller.exe).
5. Click the DeviceInstaller button. The installation wizard window displays.
6. Respond to the installation wizard prompts. (When prompted to select an
installation type, select Typical.)
Assign IP Address and Network Class
1. Click the Start button on the Task Bar and select Programs Æ Lantronix Æ
Device Installer Æ Device Installer. The DeviceInstaller window displays.
Figure 2-3. DeviceInstaller Window
20
SDS1100 User Guide 2: Getting Started
2. Click the Assign IP icon . The Assign IP Address window displays.
Figure 2-4. Assign IP Address Window (Device Identification)
3. Enter the Hardware or Ethernet address of the device. The following Assign IP
Address window appears.
Figure 2-5. Assign IP Address Window (Assignment Method)
21
SDS1100 User Guide 2: Getting Started
4. Select Assign a specific IP address to assign a static IP address to the device
or select Obtain an IP address automatically to enable BOOTP, DHCP, or
Auto IP on the device.
5. Click Next. The following Assign IP Address window appears.
Figure 2-6. Assign IP Address Window (IP Settings)
6. Enter the IP address, subnet mask, and gateway being assigned to the device.
Enter this information in XXX.XXX.XXX.XXX format.
7. Click Next. The following Assign IP Address window appears.
22
SDS1100 User Guide 2: Getting Started
Figure 2-7. Assign IP Address Window (Assignment)
8. Click the Assign button to finalize the IP assignment.
Add the Unit to the Manage List
Now add the unit to the list of similar Lantronix devices on the network so that you
can manage and configure it. To perform this step, click the Search icon:
The device should be located by DeviceInstaller and added into the Device List. Now
you can manage (configure) the unit so that it works with the serial device on the
network.
Opening a Configuration Window
Once the device is added into the list, use the Configure, Upgrade, Telnet, or Web
icons to manage the device.
23
Loading...