Dcbnet EtherSeries FT User Manual Download

Page: 1 / 77

FT-S erie s

En crypted Ethernet

Tunnel

User’s Guide

Revised November 6,2016

Firmware Version 2.x

Summary of Contents for EtherSeries FT

Page 1: ...FT Series En crypted Ethernet Tunnel User s Guide Revised November 6 2016 Firmware Version 2 x...

Page 2: ...ercial environment This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instruction manual may cause harmful interference to radio...

Page 3: ...nt Panel 8 Rear Panel LED Indicators 8 Rear Panel USB Connectors 8 Rear Panel RS 232 Connector 8 Rear Panel Ethernet Connectors 9 Rear Panel USB Connectors 9 FT 6630 Specific Two High Performance Port...

Page 4: ...17 Overview 17 Administration 17 Admin Password 18 Fields 18 Notes 18 Admin Access Control 19 Fields 19 Notes 20 Set Clock 21 Fields 21 Notes 21 Create Web Certificates 22 Fields 24 Notes 24 Install C...

Page 5: ...Notes 40 Generate Certificate Authority Key 41 Fields 41 Notes 42 Generate Local Key 43 Fields 43 Notes 44 Advanced Tunnel Configuration 44 Fields 44 Notes 45 Ethernet MAC Address Filters Screen 45 Fi...

Page 6: ...ctivate Changes 63 Step 5 Store Configuration 63 Step 6 Configure LAN2 63 Step 7 Configure LAN3 64 Step 8 Tunnel Generate CA Key 64 Step 9 Tunnel Generate Local Key 64 Step 10 Tunnel Mode 65 Step 11 T...

Page 7: ...S 72 Ring Indicator 72 Cables 72 To PC 9 pin COM port 72 Bridge to hub or ethernet switch 72 Appendix B Open Source Software Information 73 Introduction 73 Obtaining the Source Code 73 Appendix C 802...

Page 8: ...AT routers The FT includes the ability to create self signed certificates The certificate authority is stored on a USB dongle that allows the certificates to be shared between FT devices as well as we...

Page 9: ...Firewall Features The bridge supports a number of security features On the insecure side all traffic is encrypted including the FT to FT negotiation The encryption methodology is industry standard AE...

Page 10: ...The initial IP address may be entered using any terminal or terminal emulation software on a PC A standard web browser Internet Explorer or Firefox are recommended may be used for configuration once t...

Page 11: ...nection for configuration https is required FT 6602 Front FT 6602 Rear FT 6602 Front Panel The front panel contains a LED indicator for power Rear Panel LED Indicators One set of indicators For Each E...

Page 12: ...T connectors are auto sensing Rear Panel USB Connectors There are two USB connectors They are interchangeable and only the first one that senses a USB device connection is activated These are used onl...

Page 13: ...ut The configuration is similar to the other FT models with the following changes Configuration Differences This model contains a single serial interface to be used in initial setup if needed IF the d...

Page 14: ...gle serial interface to be used in initial setup if needed IF the default IP address is not appropriate for your LAN then connect a 9 pin serial terminal cable and follow the command line setup instru...

Page 15: ...u are must have a thorough understanding of IP networking subnetting and routing You should have a network diagram illustrating IP addresses subnetting and all IP routing that you intend to use prior...

Page 16: ...values for the Ethernet A interface If it LAN1 is will be connected to an 802 1Q VLAN trunk enter Y for that value otherwise use the default N 8 The bridge will now compress these values and save the...

Page 17: ...This address must be appropriate for your local LAN and workstation or step 1 above must be followed 3 Verify the IP Address Configuration Enter the URL from step 1 or http 192 168 0 1 if using the de...

Page 18: ...ernet port LAN 2 or LAN 3 Default is to use DHCP on Ethernet port LAN 2 and disable the third LAN 3 port 3 IP Tunnel Configuration Connect to Server IP address port and LAN interface for client mode L...

Page 19: ...u don t want to change the currently running configuration NOTE Internet Explorer Version 7 and newer or Firefox version 2 or newer are recommended Older versions of web browsers may fail due to TLS n...

Page 20: ...ave it reset the bridge to activate the new configuration It is useful to transfer an existing bridge configuration to a PC text file for future use Then if the bridge must be replaced simply transfer...

Page 21: ...interface This default operation may be changed during configuration but it is highly recommended that configuration be locked to the secure interface A secure web browser connection is required for c...

Page 22: ...characters If you leave this field blank you will need to enter a blank username during authentication The default is admin Old Password In order to change the username and password you must know the...

Page 23: ...member that you will have to include the port number in your URL For example https 192 168 0 1 7995 Require Certificate This option enables certificate based authentication of web browsers attempting...

Page 24: ...e Address This table allows you to control what hosts or networks have access to the FT 6602 s web server If empty any host may access the unit Entries are made by specifying a Target and Netmask For...

Page 25: ...s clock The setting will take effect when you press submit Fields Year Year in the range 2000 to 2035 Month Numeric value of month in the range 1 to 12 Day Day of month in the range 1 to 31 Hour Hour...

Page 26: ...You may want to hold off storing the changes until you have successfully imported the certificates into your web browser After the new certificates are activated the tunnel s web server will refuse to...

Page 27: ...ive After import highlight the server s certificate Press the Edit button Select Trust the authenticity of this certificate Press OK Server Certificate Firefox 3 Firefox 3 imports the certificate dire...

Page 28: ...n to the certificate It may be 1 to 64 characters in length limit to alph numeric characters Country Code The country code given to the certificate It is 2 characters in length limit to alph numeric c...

Page 29: ...s into your web browser After the new certificates are activated the tunnel s web server will refuse to communicate with your web browser You will need to import the certificate files from the USB Fla...

Page 30: ...n impostor device Some web browser versions do not handle self signed certificates correctly At least one version of Mozilla has this problem and can not be used in this application Note It is permiss...

Page 31: ...r activating the changes is not needed Fields Year Year in the range 2000 to 2035 Month Numeric value of month in the range 1 to 12 Day Day of month in the range 1 to 31 Hour Hour of the day in the ra...

Page 32: ...tivate Changes you should configure the interface that you are using to access the tunnel Otherwise all interfaces except Ethernet A will be disabled and Ethernet A will be configured with the IP addr...

Page 33: ...this PC File to Transfer The file containing the encrypted configuration There is also a Browse button Password The password used to encrypt the file Transfer file to Bridge action Transfers the name...

Page 34: ...everal minutes to upload the file Fields File Name This is the name of the firmware image file to be transferred to the bridge There is also a browse button Upgrade Firmware action Pressing this butto...

Page 35: ...nges that have not been saved to non volatile memory they will be lost This is the method to revert back to the previously stored configuration Fields Reboot System action This causes the bridge to re...

Page 36: ...and hardware version information as well as some copyright notices LAN 1 Ethernet Mode LAN 1 Ethernet Mode Screen The FT 6602 contains three ethernet interfaces LAN 1 may be disabled or enabled and th...

Page 37: ...f the tunnel The public network interface may be either LAN 2 or LAN 3 This screen is used to configure both IP parameters and DHCP server parameters if the DHCP server function is used LAN 2 and LAN...

Page 38: ...Gateway The Gateway specifies the address of the gateway router on the local subnet Packets destined for a host not on the local subnet are forwarded to the gateway router The tunnel uses source base...

Page 39: ...Range Low and IP Range High define an inclusive range of IP addresses to administer The tunnel will dynamically assign these addresses to DHCP clients as requests are received These addresses must be...

Page 40: ...1 to 39 printable characters No space or control characters Service name This is an optional field that specifies the desired service name If set PPPoE will only initiate sessions with access concent...

Page 41: ...r ISP charges for service based on connect time Max Connect Time Setting Max Connect Time will cause the PPPoE connection to terminate when the time limit has been reached regardless of activity The t...

Page 42: ...st be visible to the client either directly or through a port forwarding firewall Fields Tunnel Mode Select the operating mode of the tunnel either client server or both A typical setup will have one...

Page 43: ...IP port to listen to when server mode is enabled This is optional When used the client tunnels may be configured to use either server port Client Mode Enabled Connect to Server The host name or IP add...

Page 44: ...connect to when client mode is enabled The server must be listening on this port Via Interface Which network interface to use when connecting to the server User Passphrase The passphrase may be up to...

Page 45: ...USB Flash Drive Before submitting this page please install a USB flash drive in the USB port The USB flash drive must be FAT or ext2 formatted The directory dcbbca will be created on the flash drive...

Page 46: ...recovered if lost In case of a lost password the entire certificate generation and installation must be repeated Before submitting this page please install a USB flash drive in the USB port The USB fl...

Page 47: ...at was signed by the same Certificate Authority CA Key This form will generate a local key signed by the CA key inserted in the USB Flash Drive Note this operation will update information stored on th...

Page 48: ...Setting a time enables a keep alive feature If the tunnel has not sent anything to the remote tunnel for the specified amount of time a keep alive message is sent This feature is used to prevent an I...

Page 49: ...to Remote When set to yes the local tunnel will relay packets between remote tunnels When set to no the local tunnel will only bridge packets to from the local LAN Notes Ethernet MAC Address Filters...

Page 50: ...s a 6 byte number entered as 12 hexadecimal digits with each byte optionally separated with a or character For example 00 06 3B 00 17 01 00 06 3b 00 17 01 00 06 3b 00 17 01 00063b001701 are all valid...

Page 51: ...or ARP type packet This is simply a shortcut to setting up Ethernet Filters to block all non 0800 and 0806 type packets Destination IP Address This field specifies the Destination IP address for comp...

Page 52: ...P packet with a destination port number in the specified range will be considered an exception causing the opposite of the default rule to be performed Please note that UDP filtering is only applied t...

Page 53: ...block TCP port 23 in the remote tunnel device To use TCP filtering you first select a default rule That is you choose to allow all TCP packets by default or to drop all TCP packets by default Next yo...

Page 54: ...ltering is only applied to packets traveling in from the local Ethernet toward a remote tunnel TCP filtering is performed after IP Filtering Any packets discarded by IP filtering will not reach UDP fi...

Page 55: ...to the specified host It will wait approximately 16 seconds for a response Fields Host IP address of the target host If hostname DNS is enabled you may use a hostname Size Number of data bytes to sen...

Page 56: ...ed by sending UDP packets to port 33434 with progressively larger Time to Live values and listening for ICMP TIME EXCEEDED responses from the bridges along the way Fields Host IP address of the target...

Page 57: ...low level PPP traffic on the PPPoE connection only the payload traffic Host This applies a host filter Only packets with a matching source or destination IP address will be included in the trace Port...

Page 58: ...reen shows port status and packet counters for each interface on the FT It displays counters that are useful in diagnosing network connectivity problems Routing Table Screen Routing Table Screen The R...

Page 59: ...ges Configuration changes are made to a temporary area They may be activated using the Activate Changes screen in which case they will become immediately active overwriting the pre existing configurat...

Page 60: ...pre existing configuration for the duration of this session Changes may be stored using the store configuration screen in which case they will be written to non volatile memory and used at the next re...

Page 61: ...nected remote nodes These nodes are other FT 6602 units that have authenticated with this unit Tunnel Addresses Screen Tunnel Addresses Screen The Tunnel Addresses Screen displays the MAC address inte...

Page 62: ...DHCP Status Screen DHCP Status Screen The DHCP Client Log Screen displays recent history of DHCP client activity 60...

Page 63: ...Configuration PPPoE Log PPPoE Log Screen The PPPoE Log screen displays recent PPPoE activity 61...

Page 64: ...he server It listens for connections from clients One or more clients may be configured to connect to the server For our walk through please refer to the following diagram Addresses in the diagram are...

Page 65: ...admin Leave the password field blank The name and password fields are case sensitive Important Notes After initial TLS negotiation some web browsers will display a blank page If this happens press the...

Page 66: ...good time to Activate Changes and switch over to using LAN1 s new IP address After you activate the changes you will need to change the URL in your web browser to the FT 6602 s new IP address Step 5 S...

Page 67: ...n is a slow process Also make sure to read any error messages USB flash drives sometimes fail to register correctly Upon error it may be necessary to remove the USB drive wait 5 or so seconds then rei...

Page 68: ...el Configuration form Set the Connect to Server field to the Server s LAN2 IP address Referring to example setup this would be the 12 29 144 4 address Set the port field to the same port number set in...

Page 69: ...Troubleshooting 67...

Page 70: ...Power the bridge OFF and ON to reboot Is a proper IP address configured in the bridge and PC Ping the bridge to see if it responds From the Windows command prompt or Run dialog box use the command pin...

Page 71: ...RS 232 wiring or the Windows Hyperterm program not operating correctly Checking Bridge Operation Once the bridge is installed on your Network verify proper operation by testing its functionality Attem...

Page 72: ...LAN Status per interface Power Default IP address 192 168 0 1 Internal Certificate Authority and key generation Browser Management port 443 SSL Operational Temperature 20C to 70C Dimensions 6 x 6 x 1...

Page 73: ...or Memory 2 Gig or more RAM Throughput Up to 610 Mbps with AES 256 in UDP mode 340 Mbps bidirectional Throughput Up to 720 Mbps with AES 256 in TCP mode 360 Mbps bidirectional Bridge Tunnel supports 4...

Page 74: ...1 Carrier Detect DCD In 2 Receive Rx In 3 Transmit Tx Out 4 Data Terminal Ready Out 5 Signal Ground GND Power 6 Data Set Ready DSR Not used In 7 Request to Send RTS Out 8 Clear to Send CTS In 9 Ring...

Page 75: ...mbining a PC Direct adapter hood and a Remote PC adapter hood along with a straight through 10BaseT cable This cable is used for configuration and is provided with the bridge This cable is commonly av...

Page 76: ...e of the contribution many open source developers have made to the community Other open source software used in this product may be obtained from the original developers and is made available in accor...

Page 77: ...VLAN ID When you complete serial setup you can attach LAN 1 to the VLAN trunk and will be able to access the FT from the VLAN that you specified In other words if you set the VLAN ID to 2 you will be...

Search results

Summary of Contents for EtherSeries FT

Reviews:

Related manuals for EtherSeries FT

Brands by name

Popular brands

Dcbnet EtherSeries FT, User Manual

Search results

Summary of Contents for EtherSeries FT

Reviews:

Related manuals for EtherSeries FT

Brands by name

Popular brands