Lantronix SecureBox SDS2100 User Manual

SecureBox

SDS2100

User Guide

Part No. 900-345

Rev. A April 2004

SDS2100 User Guide

© 2004, Lantronix. All rights reserved. No part of the contents of this book may be transmitted or reproduced in any form or by any means without the written permission of Lantronix. Printed in the United States of America.

Ethernet is a trademark of XEROX Corporation. UNIX is a registered trademark of The Open Group. Windows 95, Windows 98, Windows 2000, and Windows NT are trademarks of Microsoft Corp. Netscape is a trademark of Netscape Communications Corporation.

Contacts

Lantronix Corporate Headquarters

15353 Barranca Parkway Irvine, CA 92618, USA Phone: 949-453-3990 Fax: 949-453-3995

Technical Support Phone: 800-422-7044 or 949-453-7198 Fax: 949-450-7226 Online: Email

www.lantronix.com/support support@lantronix.com

Sales Offices For a current list of our domestic and international sales offices, go to the Lantronix web site at

http://www.lantronix.com/about/contact/index.html

SDS2100 User Guide

Disclaimer & Revisions

Operation of this equipment in a residential area is likely to cause interference in which case the user, at his or her own expense, will be required to take whatever measures may be required to correct the interference.

Note: This product has been designed to comply with the limits for a Class A

digital device pursuant to Part 15 of FCC Rules. These limits are designed to provide reasonable protection against such interference when operating in a commercial environment. This equipment generates, uses, and can radiate radio frequency energy, and if not installed and used in accordance with this guide, may cause harmful interference to radio communications.

Changes or modifications to this device not explicitly approved by Lantronix will void the user's authority to operate this device.

The information in this guide may change without notice. The manufacturer assumes no responsibility for any errors that may appear in this guide.

Note: Export Control Classification Number 5A002, License exception ENC. The

following export agreement is required for encryption: I agree that I will not export or re-export this product or firmware to a national resident

of Cuba, Iran, Iraq, Libya, North Korea, Sudan, Syria or any other country to which the United States has embargoed goods; or to anyone on the US Treasury Department's list of Specially Designated Nationals and Blocked Persons, US Commerce Department's Table of Denial Orders and Entitles List, or the US State Department's Debarred List. By receiving this product, I am agreeing to the foregoing and I am representing and warranting that I am not located in, under the control of, or a national or resident of any such country or on any such list.

Date Part No. Rev. Comments

4/03 900-345 A

Initial Document

SDS2100 User Guide

Declaration of Conformity

(according to ISO/IEC Guide 22 and EN 45014)

Manufacturer’s Name & Address:

Lantronix 15353 Barranca Parkway, Irvine, CA 92618 USA

Declares that the following product:

Product Name Model: SecureBox Device Server SDS2100

Conforms to the following standards or other normative documents:

Safety: EN60950:1992+A1, A2, A3, A4, A11

Electromagnetic Emissions:

EN55022: 1994 (IEC/CSPIR22: 1993) FCC Part 15, Subpart B, Class A IEC 1000-3-2/A14: 2000 IEC 1000-3-3: 1994

Electromagnetic Immunity:

EN55024: 1998 Information Technology Equipment-Immunity Characteristics IEC61000-4-2: 1995 Electro-Static Discharge Test IEC61000-4-3: 1996 Radiated Immunity Field Test IEC61000-4-4: 1995 Electrical Fast Transient Test IEC61000-4-5: 1995 Power Supply Surge Test IEC61000-4-6: 1996 Conducted Immunity Test IEC61000-4-8: 1993 Magnetic Field Test IEC61000-4-11: 1994 Voltage Dips & Interrupts Test (L.V.D. Directive 73/23/EEC)

Supplementary Information:

This Class A digital apparatus complies with Canadian ICES-003 (CSA) and has been verified as being compliant within the Class A limits of the FCC Radio Frequency Device Rules (FCC Title 47, Part 15, Subpart B CLASS A), measured to CISPR 22: 1993 limits and methods of measurement of Radio Disturbance Characteristics of Information Technology Equipment. The product complies with the requirements of the Low Voltage Directive 72/23/EEC and the EMC Directive 89/336/EEC.

Encryption: This product includes AES encryption certified by the National Institute of Standard and Technology to FIPS-197 standard certification #120.

Export Control Classification Number 5A002, License exception ENC.

Manufacturer’s Contact:

Director of Quality Assurance, Lantronix 15353 Barranca Parkway, Irvine, CA 92618 USA Tel: 949-453-3990 Fax: 949-453-3995

SDS2100 User Guide

Warranty

Lantronix warrants each Lantronix product to be free from defects in material and workmanship for a period of TWO YEARS after the date of shipment. During this period, if a customer is unable to resolve a product problem with Lantronix Technical Support, a Return Material Authorization (RMA) will be issued. Following receipt of an RMA number, the customer shall return the product to Lantronix, freight prepaid. Upon verification of warranty, Lantronix will -- at its option -- repair or replace the product and return it to the customer freight prepaid. If the product is not under warranty, the customer may have Lantronix repair the unit on a fee basis or return it. No services are handled at the customer's site under this warranty. This warranty is voided if the customer uses the product in an unauthorized or improper way, or in an environment for which it was not designed.

Lantronix warrants the media containing its software product to be free from defects and warrants that the software will operate substantially according to Lantronix specifications for a period of 60 DAYS after the date of shipment. The customer will ship defective media to Lantronix. Lantronix will ship the replacement media to the customer.

* * * *

In no event will Lantronix be responsible to the user in contract, in tort (including negligence), strict liability or otherwise for any special, indirect, incidental or consequential damage or loss of equipment, plant or power system, cost of capital, loss of profits or revenues, cost of replacement power, additional expenses in the use of existing software, hardware, equipment or facilities, or claims against the user by its employees or customers resulting from the use of the information, recommendations, descriptions and safety notations supplied by Lantronix. Lantronix liability is limited (at its election) to:

refund of buyer's purchase price for such affected products (without interest) repair or replacement of such products, provided that the buyer follows the above

procedures. There are no understandings, agreements, representations or warranties, express or

implied, including warranties of merchantability or fitness for a particular purpose, other than those specifically set out above or by any existing contract between the parties. Any such contract states the entire obligation of Lantronix. The contents of this document shall not become part of or modify any prior or existing agreement, commitment or relationship.

For details on the Lantronix warranty replacement policy, go to our web site at

http://www.lantronix.com/support/warranty/index.html

SDS2100 User Guide

Contents

Copyright & Trademark _______________________________________________ 2 Contacts___________________________________________________________ 2 Disclaimer & Revisions _______________________________________________ 3 Declaration of Conformity _____________________________________________ 4 Warranty __________________________________________________________ 5 Contents___________________________________________________________ 6

1: Introduction __________________________________________________9

Features___________________________________________________________ 9 Protocol Support ____________________________________________________ 9 Connections and Pinouts_____________________________________________ 10

SDS2100 Serial Ports ___________________________________________________ 10 Serial Connector Pinouts _________________________________________________ 10 Network Port___________________________________________________________ 11 Ethernet Connector Pinouts_______________________________________________ 11

LEDs ____________________________________________________________ 11 Product Information Label ____________________________________________ 12 Technical Specifications _____________________________________________ 13

2: Getting Started_______________________________________________ 14

Addresses and Port Number __________________________________________ 14

Ethernet (MAC) Address _________________________________________________ 14 Internet Protocol (IP) Address _____________________________________________ 14 Port Number___________________________________________________________ 14

Physically Connecting the Unit_________________________________________ 15 Methods of Assigning the IP Address ___________________________________ 16 DHCP____________________________________________________________ 16 AutoIP ___________________________________________________________ 17 DeviceInstaller _____________________________________________________ 17

Install the DeviceInstaller _________________________________________________ 17 Assign IP Address and Network Class_______________________________________ 18 Add the Unit to the Manage List____________________________________________ 21 Opening a Configuration Window __________________________________________ 21

ARP and Telnet ____________________________________________________ 22 Serial Port Login ___________________________________________________ 23

SDS2100 User Guide

3: Configuring the Unit___________________________________________24

Configuring via Web Browser _________________________________________ 24 Configuring via the Setup Mode Window ________________________________ 27

Using a Telnet Connection ________________________________________________27 Using the Serial Ports ____________________________________________________ 29

Server Configuration (Network Configuration)_____________________________ 30

IP Address_____________________________________________________________ 30 Set Gateway IP Address__________________________________________________ 30 Netmask ______________________________________________________________ 30 Change Telnet Configuration Password ______________________________________ 31 DHCP Naming__________________________________________________________ 31

Channel 1 Configuration (Serial Port Parameters) _________________________ 32

Baudrate ______________________________________________________________ 32 I/F (Interface) Mode _____________________________________________________ 32 Flow__________________________________________________________________ 33 Port Number ___________________________________________________________33 Connect Mode__________________________________________________________ 33 Remote IP Address______________________________________________________ 37 Remote Port ___________________________________________________________ 37 DisConnMode __________________________________________________________ 37 Flush Mode (Buffer Flushing) ______________________________________________ 38 Pack Control ___________________________________________________________ 38 DisConnTime (Inactivity Timeout)___________________________________________ 39 Send Characters________________________________________________________ 39 Telnet Terminal Type ____________________________________________________ 40 Channel (Port) Password _________________________________________________ 40

Expert Settings ____________________________________________________ 40

TCP Keepalive time in s __________________________________________________ 41 ARP Cache timeout in s __________________________________________________ 41

Security Settings ___________________________________________________ 41

Disable SNMP__________________________________________________________ 41 SNMP Community Name _________________________________________________41 Disable Telnet Setup_____________________________________________________ 42 Disable TFTP Firmware Upgrade ___________________________________________ 42 Disable Port 77FE (Hex)__________________________________________________ 42 Disable Web Server _____________________________________________________ 42 Disable ECHO Ports _____________________________________________________ 42 Enable Enhanced Password_______________________________________________ 42 Enable Encryption_______________________________________________________ 42

SDS2100 User Guide

Factory Default Settings______________________________________________ 44 Exit Configuration Mode______________________________________________ 44

4: Updating Firmware____________________________________________45

Obtaining Firmware _________________________________________________ 45 Reloading Firmware_________________________________________________ 45

Via DeviceInstaller ______________________________________________________ 45 Via TFTP _____________________________________________________________ 47 Via Another Unit________________________________________________________ 48 Via the Serial Port ______________________________________________________ 49

5: Troubleshooting______________________________________________51

Technical Support __________________________________________________ 51 Monitor Mode______________________________________________________ 55

Via the Serial Port ______________________________________________________ 55 Via the Network ________________________________________________________ 55 Monitor Mode Commands ________________________________________________ 55

6: Binary to Hexadecimal_________________________________________57

Converting Binary to Hexadecimal______________________________________ 57 Connect Mode Options ______________________________________________ 58 Disconnect Mode Options ____________________________________________ 61 Flush Mode (Buffer Flushing) Options___________________________________ 63 Interface Mode Options ______________________________________________ 68 Pack Control Options________________________________________________ 69

11:: IInnttrroodduuccttiioonn

Features

The SecureBox family of Secure Device Servers (SDS) allows serial devices such as those listed below to securely connect and communicate over Ethernet networks using the IP protocol family (TCP for connection-oriented stream applications and UDP for datagram applications).

The SDS2100 Secure Device Server offers secure data communications using Rijndael Advanced Encryption Standards (AES) and are certified by the National Institute of Standard and Technology (NIST) to meet Federal Information Processing Standards (FIPS) required for data communication on US government and government contractor’s networks.

 Security Alarms  Access Control Devices  Fire Control Panels  Time/Attendance Clocks and Terminals  ATM Machines  Data Collection Devices  RFID readers  Universal Power Supply (UPS) Management Units  Telecommunications Equipment  Data Display Devices

Protocol Support

The SDS uses the Internet Protocol (IP) for network communications and the Transmission Control Protocol (TCP) to assure that no data is lost or duplicated, and that everything sent to the connection arrives correctly at the target.

Other supported protocols are listed below:

 ARP, UDP, TCP, ICMP, Telnet, TFTP, AutoIP, DHCP, HTTP, and SNMP for

network communications.

 TCP, UDP, and Telnet for connections to the serial port.  TFTP for firmware updates.  IP for addressing, routing, and data block handling over the network.

SDS2100 User Guide 1: Introduction

 User Datagram Protocol (UDP) for typical datagram applications in which

devices interact with other devices without maintaining a point-to-point connection.

Connections and Pinouts

SDS2100 Serial Ports

The SDS2100 has two male DB9 DTE serial ports that support RS-232 serial standards up to 115 Kbps.

Figure 1-1. Serial Interface

Male DB9 Serial Ports

Serial Connector Pinouts

The unit's Male DB9 connector provides an RS-232C interface as would be found on most modern computers. The default serial port settings are 9600 baud, 8 bits, no parity, 1 stop bit, no flow control.

Figure 1-2. DB9 Male RS232 Serial DTE Connector

SDS2100 User Guide 1: Introduction

Network Port

The unit's back panel contains a 9-30VDC power plug and an RJ45 (10/100) Ethernet port.

Figure 1-3. Network Interface

RJ45 Ethernet Port Power Plug

Ethernet Connector Pinouts

Figure 1-4. RJ45 Ethernet Connector

LEDs

The SDS2100 contains the following LEDs:

 Power  10 Mbps Link/Activity (green)  100 Mbps Link/Activity (green)  Diagnostics (red)  Status Channel 1 (green)  Status Channel 2 (green)

Simultaneously lit red and green LEDs mean something is wrong. If the red LED is lit or blinking, count the number of times the green LED blinks between its pauses. The following table explains the LED functions:

SDS2100 User Guide 1: Introduction

Table 1-1. SDS2100 LEDs

LEDs Meaning

10 Mbps link/activity steady green Valid 10 Mbps network connection 10 Mbps link/activity blinking Network packets transmitting and receiving 100 Mbps link/activity steady green Valid 100 Mbps network connection 100Mbps link/activity blinking Network packets transmitting and receiving

Diagnostic steady red and status blinking green

Diagnostic blinking red and status blinking green

2 blinks = RAM error 4 blinks = EEPROM checksum error 5 blinks = Duplicate IP address on network

5 blinks = No DHCP response

Status steady green Serial port not connected to network Status blinking green Serial port connected to network

Product Information Label

The product information label on the underside of the unit contains the following information about your specific unit:

 Bar Code  Serial Number  Product ID (name)  Product Description  Ethernet Address (also referred to as Hardware Address or MAC Address)

SDS2100 User Guide 1: Introduction

Technical Specifications

CPU, Memory

Serial Interface

Network Interface Power Supply

Power Input Dimensions

SDS2100

Weight SDS2100

Temperature

Relative Humidity

Lantronix DSTni-LX 186 CPU, 48 MHz

1 MByte FLASH ROM 256 Kbytes zero wait state RAM

2 Male DB9 Connectors (DTE pinout) Speed software selectable (300 to 115 kBaud) RS-232C

10/100 RJ45 Ethernet External adapter included

120VAC USA 100 - 240 VAC Universal with regional connectors

9-30 VDC or 9-24 VAC (2W maximum) Height: 2.3 cm (0.9 in)

Width: 7.3 cm (2.87 in) Depth: 9.5 cm (3.74 in)

0.35 Kg (0.8 lbs)

Operating range: 5° to 50° C (41° to 122° F) Storage range: -40° to 66° C (-40° to 151° F)

Operating: 10% to 90% non-condensing, 40% to 60% recommended Storage: 10% to 90% non-condensing

22:: GGeettttiinngg SSttaarrtteedd

Addresses and Port Number

Ethernet (MAC) Address

The Ethernet address is also referred to as the hardware address or the MAC address. The first three bytes of the Ethernet Address are fixed and read 00-20-4A, identifying the unit as a Lantronix product. The fourth, fifth, and sixth bytes are unique numbers assigned to each unit.

Figure 2-1. Sample Ethernet Address

00-20-4A-14-01-18 or 00:20:4A:14:01:18

Internet Protocol (IP) Address

Every device connected to an IP network must have a unique IP address. This address is used to reference the specific unit.

Port Number

Every TCP connection and every UDP datagram is defined by a destination IP address and a port number. For example, a Telnet application commonly uses port number 23. A port number is similar to an extension on a PBX system.

The unit's serial channel (port) can be associated with a specific TCP/UDP port number. Port number 9999 is reserved for access to the unit's Setup (configuration) Mode window.

SDS2100 User Guide 2: Getting Started

Physically Connecting the Unit

The following diagram shows a properly installed unit:

Figure 2-2. SDS2100 Connected to Serial Device and Netwo rk

To install the unit, complete the following steps in order. Refer to the numbers in the previous figure.

1. Connect a serial device to your unit. See the Introduction for more information about what kinds of device attachments the unit supports.

2. Connect an Ethernet cable to the 10/100 port.

3. Supply power to your unit using the power supply that was included in the packaging.

Note: The required input voltage is 9-30 VDC or 9-24 VAC

(2 W maximum).

4. Supply power to the serial device.

SDS2100 User Guide 2: Getting Started

Methods of Assigning the IP Address

The unit's IP address must be configured before a network connection is available. You have the following options for assigning an IP to your unit:

Table 2-1. Methods of Assigning IP Addresses

Method Description

DHCP A DHCP server automatically assigns the IP address and network settings. DeviceInstaller You manually assign the IP address using a graphical user interface (GUI).

You must use a PC and the unit must be attached to the local network.

ARP and Telnet You manually assign the IP address and other network settings at a

command prompt using a UNIX or Windows-based system. Only one person at a time can be logged into the configuration port (port 9999). This eliminates the possibility of several people simultaneously attempting to configure the unit.

AutoIP This automatic method is appropriate when you have a small group of hosts

rather than a large network. This method allows the hosts to negotiate with each other and assign addresses, in effect creating a small network.

Serial Port Login You initially configure the unit through a serial connection.

These methods are described in the remaining sections of this chapter.

DHCP

Note: In most installations, a fixed IP address is desirable. The systems

administrator generally provides the IP address. Obtain the following information before starting to set up your unit:

IP Address ___ ___ ___ ___ Subnet Mask: ___ ___ ___ ___ Gateway: ___ ___ ___ ___

The unit ships with a default IP address of 0.0.0.0, which automatically enables DHCP.

Provided a DHCP server exists on the network, it will provide the unit with an IP address, gateway address, and subnet mask when the unit boots up. The SDS2100 has acquired an IP address if the red LED stops flashing and the green Status LED is on continuously. (If no DHCP server exists, the unit responds with a diagnostic error: the red Diagnostic LED blinks continuously, and the green Status LED blinks five times. This blinking only continues for about 15 seconds.)

You can use the DeviceInstaller software to search the network for the IP your unit has been assigned by the DHCP server and add it to the managed list. See Add the

Unit to the Manage List later in this chapter.

Note: This DHCP address will not appear in the unit’s standard configuration

screens. You can, however, determine your unit’s DHCP-assigned IP address in Monitor Mode. When you enter Monitor Mode from the serial port with network connection enabled (see Monitor Mode in the Troubleshooting chapter) and issue the NC (Network Communication) command, you will see the unit’s IP configuration.

SDS2100 User Guide 2: Getting Started

AutoIP

The unit ships with a default IP address of 0.0.0.0, which automatically enables Auto IP within the unit. AutoIP is an alternative to DHCP that allows hosts to automatically obtain an IP address in smaller networks that may not have a DHCP server. A range of IP addresses (from 169.254.0.1 to 169.254.255.1) has been explicitly reserved for AutoIP-enabled devices. The range of Auto IP addresses is not to be used over the Internet.

If your unit cannot find a DHCP server, and you have not manually assigned an IP address to it, the unit automatically selects an address from the AutoIP reserved range. Then, your unit sends out a (ARP) request to other nodes on the same network to see whether the selected address is being used.

 If the selected address is not in use, then the unit uses it for local subnet

communication.

 If another device is using the selected IP address, the unit selects another

address from the AutoIP range and reboots itself. After reboot, the unit sends out another ARP request to see if the selected address is in use, and so on.

AutoIP is not intended to replace DHCP. The unit will continue to look for a DHCP server on the network. If a DHCP server is found, the unit will switch to the DHCP server-provided address and reboot.

Note: If a DHCP server is found, but it denies the request for an IP address,

the unit does not attach to the network, but waits and retries.

AutoIP can be disabled by setting the unit’s IP address to 0.0.1.0. This setting enables DHCP but disables AutoIP.

DeviceInstaller

You can manually assign the IP address using the DeviceInstaller, which is on the product CD.

Install the DeviceInstaller

1. Insert the product CD into your CD-ROM drive. The Lantronix SDS2100 DeviceServer window displays.

2. If the CD does not launch automatically:

3. Click the Start button on the Task Bar and select Run.

4. Enter your CD drive letter, colon, backslash, deviceinstaller.exe (e.g., E:\deviceinstaller.exe).

5. Click the DeviceInstaller button. The installation wizard window displays.

6. Respond to the installation wizard prompts. (When prompted to select an installation type, select Typical.)

SDS2100 User Guide 2: Getting Started

Assign IP Address and Network Class

1. Click the Start button on the Task Bar and select Programs Æ Lantronix Æ Device Installer Æ Device Installer. The DeviceInstaller window displays.

Figure 2-3. DeviceInstaller Window

2. Click the Assign IP icon

. The Assign IP Address window displays.

SDS2100 User Guide 2: Getting Started

Figure 2-4. Assign IP Address Window (Device Identification)

3. Enter the Hardware or Ethernet address of the device. The following Assign IP

Address window appears.

Figure 2-5. Assign IP Address Window (Assignment Method)

4. Select Assign a specific IP address to assign a static IP address to the device

or select Obtain an IP address automatically to enable BOOTP, DHCP, or Auto IP on the device.

5. Click Next. The following Assign IP Address window appears.

SDS2100 User Guide 2: Getting Started

Figure 2-6. Assign IP Address Window (IP Settings)

6. Enter the IP address, subnet mask, and gateway being assigned to the device. Enter this information in XXX.XXX.XXX.XXX format.

7. Click Next. The following Assign IP Address window appears.

Figure 2-7. Assign IP Address Window (Assignment)

8. Click the Assign button to finalize the IP assignment.

SDS2100 User Guide 2: Getting Started

Add the Unit to the Manage List

Now add the unit to the list of similar Lantronix devices on the network so that you can manage and configure it. To perform this step, click the Search icon:

The device should be located by DeviceInstaller and added into the Device List. Now you can manage (configure) the unit so that it works with the serial device on the network.

Opening a Configuration Window

Once the device is added into the list, use the Configure, Upgrade, Telnet, and Web icons to manage the device.

Figure 2-8. Device Management Window

1. Do one of the following:

Note: To assign Expert settings and Security settings, you must use the

Setup Mode window in a Telnet session.

 To configure the unit via a Web browser, click the Web icon. The Lantronix

WEB-Manager window displays in your browser.

 To configure the unit via a Telnet session, click the Telnet icon. The Setup

Mode window displays.

2. Continue with the appropriate configuration procedure described in the next

chapter.

Note: The Configure icon on the Device Management window allows

you to save a configuration locally on your computer as a file. It is helpful to save the file, in case, for example, someone changes the configuration of the unit incorrectly. The Configure icon sends a saved file to the unit.

+ 49 hidden pages

Lantronix SecureBox SDS2100 User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual