manualshive.com logo in svg

Lantronix XPort AR, User Manual

The Lantronix XPort AR Integration Manual is a comprehensive resource for seamlessly integrating the XPort AR into your network. This essential manual provides step-by-step instructions and troubleshooting tips, ensuring a hassle-free setup process. Download this manual for free on our website and unlock the full potential of your XPort AR.

Share
Download
background image

XPort AR User Guide

81

10: Security Settings

The XPort AR supports Secure Shell (SSH) and Secure Sockets Layer (SSL). SSH is a network 
protocol for securely accessing a remote device. SSH provides a secure, encrypted 
communication channel between two hosts over a network. It provides authentication and 
message integrity services. 

Secure Sockets Layer (SSL) is a protocol that manages data transmissiong security over the 
Internet. It uses digital certificates for authentication and cryptography against eavesdropping and 
tampering. It provides encryption and message integrity services. SSL is widely used for secure 
communication to a web server. SSL uses certificates and private keys.

Note:

The XPort AR supports SSLv3 and its successors, TLS1.0 and TLS1.1. An incoming 

SSlv2 connection attempt is answered with an SSlv3 response. If the initiator also supports 
SSLv3, SSLv3 handles the rest of the connection.

This chapter contains the following sections:

SSH Server Host Keys

SSH Server Authorized Users

SSH Client Known Hosts

SSH Client Users

SSL Certificates

SSL RSA or DSA

SSL Certificates and Private Keys

SSL Utilities

SSL Configuration

SSH Server Host Keys

The SSH Server Host Keys web page opens when you click SSH from the Main Menu. It has four 
sub-menus for viewing and changing SSH server host keys, SSH server authorized keys, SSH 
client known hosts, and SSH client users.

Note:

SSH keys may be created on another computer and uploaded to the XPort AR. For 

example, use the ssh-keygen -b 1024 -t dsa command to create a 1024-bit DSA key pair. SSH 
Keys from other programs may be converted to the required XPort AR format. Use Open SSH to 
perform the conversion. 

To create or upload SSH server host keys, perform the following steps.

Summary of Contents for XPort AR

Page 1: ...Part Number 900 405 Revision F May 2010 XPort AR User Guide ...

Page 2: ...Online www lantronix com support Sales Offices For a current list of our domestic and international sales offices go to the Lantronix web site at www lantronix com about contact Disclaimer and Revisions The information in this guide may change without notice The manufacturer assumes no responsibility for any errors that may appear in this guide For the latest revision of this product document plea...

Page 3: ...mments June 2005 A Initial document November 2005 B Added V2 0 software information December 2006 C Added V3 0 information March 2007 D Corrected pin numbers June 2009 E Update to firmware v4 0 0 0R16 May 2010 F Updated for firmware release 5 1 0 0R10 ...

Page 4: ..._______________________________________________17 Terminal Server Device Management _______________________________________18 Troubleshooting Capabilities ______________________________________________18 Configuration Methods______________________________________________________18 Addresses and Port Numbers ________________________________________________19 Hardware Address________________________...

Page 5: ...___55 Line Terminal Configuration ______________________________________________56 Host Configuration _________________________________________________________58 8 Configurable Pins Manager 60 Overview ________________________________________________________________60 Default Groups ________________________________________________________60 Custom Groups ___________________________________________...

Page 6: ...____________95 Protocol Stack ____________________________________________________________98 TCP _________________________________________________________________98 IP ___________________________________________________________________99 ICMP _______________________________________________________________100 ARP ________________________________________________________________101 IP Address Filter_...

Page 7: ...125 Import Configuration from Filesystem ___________________________________126 Import Line s from Single Line Settings on the Filesystem __________________128 13 Branding the XPort AR 131 Web Manager Customization________________________________________________131 Short and Long Name Customization _________________________________________131 14 Updating Firmware 133 A Technical Support 134 B Bina...

Page 8: ..._____55 Figure 7 2 Terminal on Line 1 Configuration Web Page___________________________________57 Figure 7 3 Host Configuration Web Page ______________________________________________58 Figure 8 1 CPM CPs Page _________________________________________________________61 Figure 8 2 CPM Groups Page_______________________________________________________64 Figure 9 1 DNS Status and Cache Web Page _____...

Page 9: ...b Page _________________________________________________113 Figure 11 18 System Web Page____________________________________________________114 Figure 12 1 Email Statistics Web Page_______________________________________________116 Figure 12 2 Email 1 Configuration Web Page__________________________________________117 Figure 12 3 CLI Statistics Web Page ____________________________________________...

Page 10: ...ble 8 1 CPM CPs Current Configuration Fields and Descriptions _________________________61 Table 8 2 CPM CPs Status Fields and Descriptions______________________________________62 Table 8 3 CPM Group Status Fields and Descriptions ____________________________________63 Table 8 4 CPM Groups Current Configuration Fields and Descriptions _______________________64 Table 9 1 PPP Configuration Fields ___...

Page 11: ...nfiguration Fields______________________________________________118 Table 12 2 CLI Configuration Fields _________________________________________________120 Table 12 3 XML Export Configuration Fields __________________________________________122 Table 12 4 XML Export Status Fields ________________________________________________124 Table 12 5 Import Configuration from Filesystem Fields ___________...

Page 12: ...nfigure Ethernet settings 6 Line and Tunnel Settings Instructions for using the web interface to configure lines and tunnels 7 Terminal and Host Settings Instructions for using the web interface to configure terminals and host settings 8 Configurable Pins Manager Instructions for using the Configurable Pins Manager CPM to set up the configurable pins to work with a device 9 Services Settings Instr...

Page 13: ... and to view its current settings A Technical Support Instructions for contacting Lantronix Technical Support B Binary to Hexadecimal Conversions Instructions for converting binary values to hexadecimals C Compliance Lantronix compliance information Table 1 2 Conventions Used in This Book Convention Description Bold text Default parameters Brackets Optional parameters Angle Brackets Possible value...

Page 14: ...director Quick Start and Online Help Instructions for using the Lantronix Windows based utility to create virtual com ports Secure Com Port Redirector User Guide Instructions for using the Lantronix Windows based utility to create secure virtual com ports ...

Page 15: ...ional features above and beyond the original XPort including The Evolution OS operating system Two full serial ports with all hardware handshaking signals or three serial ports without handshaking signals Eleven configurable pins Fully compliant PoE designs by using PoE compliant magnetics and passing through both the used and unused pairs Increased memory 4MB Flash and 1 25MB RAM Applications The...

Page 16: ... XML data transport and configurability Really Simple Syndication RSS information feeds Enterprise grade security with SSL and SSH Comprehensive troubleshooting tools Software Features Modem Emulation In modem emulation mode the XPort AR can replace dial up modems The unit accepts modem AT commands on the serial port and then establishes a network connection to the end device leveraging network co...

Page 17: ...r many RSS feeds at one time More powerful than simple email alerts RSS uses XML as an underlying Web page transport and adds intelligence to the networked device while not taxing already overloaded email systems Enterprise Grade Security Evolution OS provides the XPort AR the highest level of networking security possible This data center grade protection ensures that each device on the M2M networ...

Page 18: ...et that lets you troubleshoot problems quickly and easily Available from the Web Manager CLI and XML interfaces the diagnostic tools let you View critical hardware memory MIB II buffer pool and IP socket information Perform ping and traceroute operations Conduct forward or backup DNS lookup operations View all processes currently running on the XPort AR including CPU utilization and total stack sp...

Page 19: ...n and every UDP datagram is defined by a destination and source IP address and a destination and source port number For example a Telnet server commonly uses port number 23 The following is a list of the default server port numbers running on the XPort AR TCP Port 22 SSH Server Command Mode configuration TCP Port 23 Telnet Server Command Mode configuration TCP Port 80 HTTP Web Manager configuratio...

Page 20: ...2 Overview XPort AR User Guide 20 Bar code Part number Serial number which is the hardware address also referred to as Ethernet or MAC address Figure 2 1 XPort AR Product Information Label ...

Page 21: ...forms a network device search To perform another search click the Search button 2 Expand the XPort folder by clicking the plus symbol next to the folder icon The list of available Lantronix XPort devices displays 3 Select the XPort AR by expanding its entry and clicking on its hardware MAC address to view its configuration 4 Click the Device Details tab on the right The current XPort AR configurat...

Page 22: ...d manually If the IP address was assigned dynamically the following fields appear Obtain via DHCP with values of True or False Obtain via BOOTP with values of True or False Subnet Mask Shows the subnet mask specifying the network segment on which the XPort AR resides Gateway Shows the IP address of the router of this network There is no default Number of Ports Shows the number of serial ports on t...

Page 23: ...guration tab on the DeviceInstaller window To access the Web Manager perform the following steps 1 Open a standard web browser Lantronix supports the latest version of Internet Explorer Mozilla Suite Mozilla Firefox Safari or Opera 2 Enter the IP address of the XPort AR in the address bar The IP address may have been assigned manually using DeviceInstaller or the serial port see the XPort AR Demo ...

Page 24: ...eb Manager XPort AR User Guide 24 The Home page is also the Device Status page which appears after you log into the Web Manager It also appears when you click Status in the Main Menu Figure 4 1 XPort AR Web Manager Home Page ...

Page 25: ... of the web page and contains information or instructions associated with the page The center of a web page contains the following additional sections At the top there are links to configurable fields The links often indicate the configurable field for example Line Host or Tunnel In the middle you can select or enter new configuration settings Some pages display statistics or status in this area r...

Page 26: ...che 67 Email Shows email statistics and lets you clear the email log configure email settings and send an email 116 Filesystem Shows file system statistics and lets you browse the file system to view a file create a file or directory upload files using HTTP copy a file move a file or perform TFTP actions 95 FTP Shows statistics and lets you change the current configuration for the File Transfer Pr...

Page 27: ... to log and the server and ports to which the syslog should be sent 74 System Lets you reboot the XPort AR restore factory defaults upload new firmware and change the XPort AR long and short names 114 Terminal Lets you change current settings for a terminal 55 TFTP Shows statistics and lets you change the current configuration for the Trivial File Transfer Protocol TFTP server 72 Tunnel Lets you c...

Page 28: ...ure the aspects of your network This chapter contains the following sections Network 1 Interface Status Network 1 Interface Configuration Network 1 Ethernet Link Network 1 Interface Status To view the Network 1 interface status click Network on the Main Menu Figure 5 1 shows the page that displays Using this page you can view the status on your network interfaces Figure 5 1 Network 1 eth0 Interfac...

Page 29: ...Figure 5 2 Network 1 eth0 Interface Configuration Web Page 3 Enter or modify the fields in Table 5 1 Table 5 1 Network 1 Interface Configuration Fields Field Description BOOTP Client Select On or Off At boot up the XPort AR will attempt to obtain an IP address from a BOOTP server Notes Overrides the configured IP address network mask gateway hostname and domain When DHCP is On the system automatic...

Page 30: ...s to obtain an IP address from DHCP If it cannot AutoIP a server less method of selecting the IP address when the DHCP server is unavailable assigns an address in the range of 169 254 xxx xxx Default Gateway Enter the IP address of the router for this network Or clear the field appears as None This address is only used for static IP address configuration Hostname Enter the XPort AR hostname It mus...

Page 31: ...s the page that displays Figure 5 3 Network 1 eth0 Ethernet Link Web Page 3 Enter or modify the fields in Table 5 2 4 Click Submit Table 5 2 Network 1 eth0 Ethernet Link Fields Field Description Speed Select the Ethernet link speed Auto is the default Duplex Select the Ethernet link duplex mode Auto is the default ...

Page 32: ...l on Lines 1 and 2 Line 3 can be configured for software flow control Tunnels can only be configured on Lines 1 and 2 and not Line 3 Line 3 is typically used as a console or dedicated control channel PPP is not allowed on Line 3 The following sub menus you can use Line Statistics Displays statistics for the two lines For example the bytes received and transmitted breaks flow control parity errors ...

Page 33: ...Tunnel Settings XPort AR User Guide 33 1 Click Line on the Main Menu Figure 6 1 shows the page that displays Figure 6 1 Line 1 Statistics Web Page Line Configuration To configure a line perform the following steps ...

Page 34: ...To change the status select Enabled or Disabled from the drop down menu Protocol Select the protocol from the drop down menu The default is Tunnel Note All protocols work in Connect and Accept Mode except the LPD or Tunnel protocol option which is supported only in Accept Mode Baud Rate Select the baud rate from the drop down menu The default is 9600 Parity Select the parity from the drop down men...

Page 35: ...low of data when Flow Control is set to Software Prefix a decimal character with or a hexadecimal character with 0x or provide a single printable character The default Xon char is 0x11 Xoff Char Specify the character to use to stop the flow of data when Flow Control is set to Software Prefix a decimal character with or a hexadecimal character with 0x or provide a single printable character The def...

Page 36: ...the CP Group are matched Disabled Turns off Command Mode Wait Time Enter the wait time for the serial string during boot up in milliseconds Serial String Enter the serial string characters Select a string type Text String of bytes that must be read on the Serial Line during boot time to enable Command Mode It may contain a time element in x milliseconds in the format x to specify a required delay ...

Page 37: ...el web page When you click Tunnel from the Main Menu Tunnel 1 fields display To go to Tunnel 2 click the Tunnel 2 button There are six sub menus that you can use as follows Statistics Displays statistics for the two lines For example completed accepts completed connects disconnects dropped accepts dropped connects etc Serial Settings Configures buffer size and DTR Connect Mode Controls how a tunne...

Page 38: ...e for both serial line 1 and serial line 2 Configure the buffer size to change the maximum amount of data the serial port stores For any active connection the XPort AR sends the data in the buffer The modem control signal DTR on the Line may be continually asserted or asserted only while either an Accept Mode tunnel or a Connect Mode tunnel is connected To configure the serial settings perform the...

Page 39: ...y field Current serial settings for the line Protocol Display only field The protocol being used for the tunnel Buffer Size Enter the buffer size used for the tunneling of serial data received Requires reboot to take effect DTR Select when to assert DTR Unasserted Asserted while connected Asserted whenever a connect or an accept mode tunnel connection is active Continuously asserted Asserted regar...

Page 40: ...meout field is used to force a packet to be sent after a maximum time The packet is sent even if the threshold value is not reached When Send Character is configured a single printable character or control character read on the Serial Line forces the packet to be sent immediately There is an optional trailing character parameter which can be specified It can be a single printable character or a co...

Page 41: ...s Figure 6 7 Tunnel 1 Packing Mode Timeout 1 Enter or modify the fields in Table 6 4 2 Click Submit Table 6 4 Tunnel Packing Mode Timeout Fields Field Description Threshold Send the queued data when the number of queued bytes reaches the threshold value Timeout Enter a time in milliseconds for the XPort AR to send the queued data after the first character was received ...

Page 42: ...racter Fields Field Description Threshold Send the queued data when the number of queued bytes reaches the threshold value Send Character Enter a single character either a printable character or control character for the send character Upon receiving this character on the serial line the XPort AR sends out the queued data Trailing Character This is an optional setting Enter a single character eith...

Page 43: ...SSH the SSH server host keys and at least one SSH authorized user must be configured SSL TCP AES encryption over TCP Telnet XPort AR supports IAC codes It drops the IAC codes when Telnetting and does not forward them to the serial port Accept Mode has the following states Disabled never a connection Enabled always listening for a connection Active if it receives any character from the serial port ...

Page 44: ...cept an incoming connection default Any Character Start waiting for an incoming connection when any character is read on the serial line Start Character Start waiting for an incoming connection when the start character for the selected tunnel is read on the serial line Modem Control Asserted Start waiting for an incoming connection as long as the Modem Control pin DSR is asserted on the serial lin...

Page 45: ...at connection Flush Serial Data Select Enabled to flush the serial data buffer on a new connection Block Serial Data Select On to block or not tunnel serial data transmitted to the XPort AR Block Network Data Select On to block or not tunnel network data transmitted to the XPort AR Password Enter a password that clients must send to the XPort AR within 30 seconds from opening a network connection ...

Page 46: ...t Mode has six modes used to initiate and maintain a connection Disable no connection Always always makes a connection Any Character active if it sees any character from the serial port Start Character active if it sees a specific configurable character from the serial port Modem Control Asserted started when the modem control pin is asserted on the serial line Modem Emulation started by an ATD co...

Page 47: ...method to be used to attempt a connection to a remote host or device Choices are Always A connection is attempted until one is made If the connection gets disconnected the XPort AR retries until it makes a connection default Disable An outgoing connection is never attempted Any Character A connection is attempted when any character is read on the serial line Start Character A connection is attempt...

Page 48: ...It designates the port on the remote host to connect to Protocol Select the protocol type Your choices are SSH SSL TCP TCP AES Telnet UDP and UDP AES The default protocol is TCP When TCP is enabled probes are sent to the other end of the connection to ensure that the connection is still valid Default is 45000 milliseconds Enter zero to disable and blank the value to restore the default The followi...

Page 49: ...te See Disconnect Mode on page 50 for more information about the parameters If Disconnect Mode is disabled and the network connection is dropped then the re establishment of a tunnel connection is governed by the configured Connect Mode settings Flush Serial Data Select whether to flush the serial line when a connection is made Choices are Enabled Flush the serial line when a connection is made Di...

Page 50: ...ly The following settings end a connection Stop character received Timeout period elapsed and no activity Both Accept Mode and Connect Mode must be idle for a specified time frame Modem control inactive setting Note To clear data out of the serial buffers upon a disconnect enable Flush Serial Data To configure Disconnect Mode perform the following steps 1 Click Tunnel 1 Disconnect Mode Figure 6 11...

Page 51: ...TDP to establish a connection All of these commands behave like a modem For commands that are valid but not applicable to the XPort AR an OK message is sent but the command is silently ignored The XPort AR attempts to make a Command Mode connection as per the IP DNS port numbers defined in Connect Mode It is possible to override the remote address as well as the remote port number Table 6 9 lists ...

Page 52: ...echo pluses command To configure modem emulation perform the following steps ATD Like ATDT Dials default Connect Mode remote address and port ATD Address Info Sets up a TCP connection A value of 0 begins a command line interface session ATO Switches to data mode if connection still exists Vice versa to ATEn Switches echo in Command Mode off 0 on 1 ATH Disconnects the network session ATI Shows mode...

Page 53: ...ho the modem commands to the console Verbose Response Select Enable to send modem response codes out on the serial line Response Type Select the type of response code Text or Numeric Error Unknown Commands Select whether an ERROR or OK response is sent in reply to unrecognized AT commands Choices are Enabled ERROR is returned for unrecognized AT commands Disabled OK is returned for unrecognized AT...

Page 54: ...ation string prepares the modem for communications It is a customized string sent with the CONNECT modem response code Display Remote IP Selects whether the incoming RING sent on the Serial Line is followed by the IP address of the caller Default is Disabled Table 6 10 Tunnel Modem Emulation Fields continued Field Description ...

Page 55: ...on a serial line or on the network by using the Terminal web page When you click Terminal from the Main Menu Line 1 fields display To go to the network or line 2 click the Network or Line 2 button Network Terminal Configuration To configure menu features applicable to CLI access via the network perform the following steps 1 Click Terminal Network Figure 7 1 shows the page that displays Figure 7 1 ...

Page 56: ... Note IAC is a method to send commands over the network such as send break or start echoing Login Connect Menu Select the interface to display when the user logs in Choices are Enabled Shows the Login Connect Menu Disabled Shows the CLI Exit Connect Menu Select whether to display a choice for the user to exit the Login Connect Menu and reach the CLI Choices are Enabled Allows the user to exit to t...

Page 57: ...Description Terminal Type Enter text to describe the type of terminal The text will be sent to a host via interpret as command IAC Note IAC is a method to send commands over the network such as send break or start echoing Login Connect Menu Select the interface to display when the user logs in Choices are Enabled Shows the Login Connect Menu Disabled Shows the CLI Exit Connect Menu Select whether ...

Page 58: ...r e g control Y or blank to disable When the Send Break control character is received from the network on its way to the serial line it is not sent to the line instead the line output is forced to be inactive the break condition Break Duration Enter how long the break should last in milliseconds Echo Applies only to Connect Mode Telnet connections not to Accept Mode Only disable Echo if your termi...

Page 59: ...e to connect to the host Choices are Telnet SSH Note SSH keys must be loaded or created on the SSH page for the SSH protocol to work SSH Username Appears if you selected SSH as the protocol Enter a username to select a pre configured Username Password Key configured on the SSH Client Users page or leave it blank to be prompted for a username and password at connect time Remote Address Enter an IP ...

Page 60: ...For instance when working with an RS485 driver that requires a signal to be asserted when in half duplex mode the CP that is driving that signal chosen by the engineer designing the circuit is added to the default group named Line1_RS485_HDpx The XPort AR asserts the CP at the correct time via the default group Custom Groups The email tunneling and CLI features can interact with CPs This is accomp...

Page 61: ...f the page Figure 8 1 shows the page that displays Table 8 1 lists and describes the current configuration fields Figure 8 1 CPM CPs Page Table 8 1 CPM CPs Current Configuration Fields and Descriptions Field Description CP Indicates the configurable pin number Ref Indicates the hardware pin number associated with the CP Configured As Shows the current CP configuration A CP configured as Input is s...

Page 62: ...d Descriptions Fields Description Name Shows the CP number State Shows the current enable state of the CP On the XPort AR the CP state is always enabled Type Indicates whether the CP is set for input or output Value Shows the current value of the CP Bit Shows the bit position CPs are always displayed in bit position zero Level Indicates the voltage level of the CP A plus sign indicates the CP is a...

Page 63: ...me State Shows the current state of the CP group Locked groups are Lantronix default groups and cannot be deleted Use the button in this field to enable or disable the group Value Shows the current CP group value Bit Displays the 7 bit positions for the CPs in the group Level Indicates the voltage level of the CP A plus sign indicates the CP bit is asserted the voltage is high A minus sign indicat...

Page 64: ...2 CPM Groups Page 2 Enter a group name in the Create Group text box and click Submit 3 Add CPs with the Add button Be sure to specify CP Bit position Input or output Assertion level Check the Assert Low box to specify inverted assertion Table 8 4 CPM Groups Current Configuration Fields and Descriptions Fields Description Group Name Shows the CP group name State Indicates whether the group is enabl...

Page 65: ...e is in the Group Name column 2 Click the red x that appears next to the name in the Group Status table 3 Click OK to confirm the deletion Remove CPs from CP Groups To remove a CP from a CP group perform the following steps 1 Click on the Group in the Group Name column that contains the CP to be removed 2 Select the CP from the Remove drop down list at the bottom of the page 3 Click Remove ...

Page 66: ...interface The static addresses displayed on the Network Interface Configuration web page may be overridden by DHCP or BOOTP The DNS web page enables you to view the status and cache When a DNS name is resolved using a forward lookup the results get stored in the DNS cache temporarily The XPort AR checks the cache when performing forward lookups Each item in the cache eventually times out and gets ...

Page 67: ...me and password PAP authentication offers a straightforward method for the peer to determine its identity Upon the link establishment the user ID and password are repeatedly sent to the authenticator until it is acknowledged or the connection is terminated However PAP is not a strong authentication process There is no protection against trial and error attacks The peer is responsible for the frequ...

Page 68: ...e authentication and assign an IP address to the peer Upon PPP configuration IP packets are routed between Ethernet and PPP interfaces The XPort AR does not perform network address translation NAT between the serial side network interface and the Ethernet WLAN network interface Therefore to pass packets through the XPort AR a static route must be configured on both the PPP Peer device and the remo...

Page 69: ... the following steps Table 9 1 PPP Configuration Fields Field Description Local IP Address Enter the IP address assigned to the XPort AR s PPP interface Peer IP Address Enter the IP address assigned to the peer when requested during negotiation Authentication Mode Choose the authentication mode None No authentication is required PAP Password Authentication Protocol CHAP Challenge Handshake Authent...

Page 70: ...unity Enter the SNMP read only community string Write Community Enter the SNMP read write community string System Contact Enter the name of the system contact System Name Enter the system name System Description Enter the system description System Location Enter the system location Traps Enabled Select On to enable the transmission of the SNMP cold start trap messages This trap is generated during...

Page 71: ...e Current Configuration table FTP The FTP web page shows the FTP configuration and statistics about the FTP server To configure FTP perform the following steps 1 Click FTP on the Main Menu Figure 9 4 shows the page that displays Figure 9 4 FTP Web Page Secondary Trap Dest IP Enter the secondary SNMP trap host Table 9 2 SNMP Fields continued Field Description ...

Page 72: ...ics To configure TFTP server perform the following steps 1 Click TFTP on the Main Menu Figure 9 5 shows the page that displays Figure 9 5 TFTP Server Web Page Table 9 3 FTP Fields Field Description State Select Enabled to enable the FTP server Admin Username Enter the username to use when logging in via FTP Admin Password Enter the password to use when logging in via FTP ...

Page 73: ...ays Table 9 4 TFTP Server Fields Field Description State Select Enabled to enable the TFTP server Allow File Creation Select whether to allow the creation of new files stored on the TFTP server Allow Firmware Update Specifies whether or not the TFTP Server is allowed to accept a firmware update for the device An attempt to update firmware is recognized based on the name of the file Note TFTP canno...

Page 74: ... sent for storage Local Port Enter the number of the local port on the XPort AR from which system logs are sent Remote Port Enter the number of the port on the remote server that supports logging services The default is 514 Severity Log Level From the drop down box select the minimum level of system message the XPort AR should log This setting applies to all syslog facilities The drop down list is...

Page 75: ...of usernames and passwords for access to the XPort AR device The HTTP web page contains the following sub menus Statistics Viewing statistics such as bytes received and transmitted bad requests authorizations required etc Configuration Configuring and viewing the current configuration Authentication Configuring and viewing the authentication HTTP Statistics To view HTTP statistics perform the foll...

Page 76: ... viewable You can change the maximum number of entries that can be viewed on the HTTP Configuration Web Page HTTP Configuration To configure HTTP perform the following steps 1 Click HTTP Configuration Figure 9 8 shows the page that displays Figure 9 8 HTTP Configuration Web Page 2 Enter or modify the fields in Table 9 6 ...

Page 77: ...x Timeout Enter the maximum time for the HTTP server to wait when receiving a request This prevents Denial of Service DoS attacks The default is 10 seconds Max Bytes Enter the maximum number of bytes the HTTP server accepts when receiving a request The default is 40 kB this prevents DoS attacks Logging Select On to enable HTTP server logging Max Log Entries Sets the maximum number of HTTP server l...

Page 78: ...Figure 9 9 shows the page that displays Figure 9 9 HTTP Authentication Web Page 2 Enter or modify the fields in Table 9 7 Table 9 7 HTTP Authentication Fields Fields Description URI Enter the Uniform Resource Identifier URI Note The URI must begin with to refer to the filesystem Realm Enter the domain or realm used for HTTP Required with the URI field ...

Page 79: ... XPort AR via an RSS publisher RSS can be stored to the file system cfg_log txt file To configure RSS perform the following steps Auth Type Select the authentication type None No authentication is necessary Basic Encodes passwords using Base64 Digest Encodes passwords using MD5 SSL The page can only be accessed over SSL no password is required SSL Basic The page is accessible only over SSL and enc...

Page 80: ... view and clear settings in the Current Status table by clicking View or Clear Table 9 8 RSS Fields Fields Description RSS Feed Select On to enable RSS feeds to an RSS publisher Persistent Select On to enable the RSS feed to be written to a file cfg_log txt and to be available across reboots Max Entries Sets the maximum number of log entries Only the last Max Entries are cached and viewable ...

Page 81: ...SSlv2 connection attempt is answered with an SSlv3 response If the initiator also supports SSLv3 SSLv3 handles the rest of the connection This chapter contains the following sections SSH Server Host Keys SSH Server Authorized Users SSH Client Known Hosts SSH Client Users SSL Certificates SSL RSA or DSA SSL Certificates and Private Keys SSL Utilities SSL Configuration SSH Server Host Keys The SSH S...

Page 82: ... the path and name of the existing private key you want to upload or use the Browse button to select the key Be sure the private key will not be compromised in transit This implies the data is uploaded over some kind of secure private network Public Key Enter the path and name of the existing public key you want to upload or use the Browse button to select the key Key Type Select a key type to use...

Page 83: ...y have View Key and Delete Keylinks If you click a Delete link a message asks whether you are sure you want to delete this information Click OK to proceed or Cancel to cancel the operation Create New Keys Key Type Select a key type to use RSA Use this key with SSH1 and SSH2 protocols DSA Use this key with the SSH2 protocol Bit Size Select a bit length for the new key 512 768 1024 Using a larger bi...

Page 84: ...ription Username Enter the name of the user authorized to access the SSH server Password Enter the password associated with the username Public RSA Key Enter the path and name of the existing public RSA key you want to use with this user or use the Browse button to select the key If authentication is successful with the key no password is required Public DSA Key Enter the path and name of the exis...

Page 85: ...rform the following steps 1 Click SSH Client Known Hosts Figure 10 3 shows the page that displays Figure 10 3 SSH Client Known Hosts Web Page 2 Enter or modify the fields in Table 10 3 Table 10 3 SSH Client Known Hosts Fields Field Description Server Enter the name or IP address of a known host If you enter a server name the name should match the name of the server used as the Remote Address in Co...

Page 86: ... keys for public key authentication can be created on another device and uploaded to the XPort AR or automatically generated on the XPort AR If uploading existing keys be sure the private key does not get compromised in transit Upload the data over a secure private network If you are uploading a key ensure that it is not password protected To configure the SSH client users perform the following st...

Page 87: ... the username Remote Command Enter the command that can be executed remotely Default is shell which tells the SSH server to execute a remote shell upon connection This command can be changed to anything the remote host can perform Private Key Enter the name of the existing private key you want to use with this SSH client user You can either enter the path and name of the key or use the Browse butt...

Page 88: ...new key Key Type Select the key type to be used for the new key Choices are RSA Use this key with the SSH1 and SSH2 protocols DSA Use this key with the SSH2 protocol Bit Size Select the bit length of the new key 512 768 1024 Using a larger Bit Size takes more time to generate the key Approximate times are 2 minutes for a 512 bit RSA Key 5 minutes for a 768 bit RSA Key 15 minutes for a 1024 bit RSA...

Page 89: ... public CA Since obtaining a certificate signed by a CA that is managed by another company can be expensive it is possible to have your own CA Tools exist to generate self signed CA certificates or to sign other certificates A certificate request is a certificate that has not been signed and only contains the identifying information Signing it makes it a certificate A certificate is also used to s...

Page 90: ...quests It can convert all kinds of formats Executables are available for Linux and Windows To generate a self signed RSA certificate key combo use the following commands in the order shown openssl req x509 nodes days 365 newkey rsa 1024 keyout mp_key pem out mp_cert pem Note Signing other certificate requests is also possible with OpenSSL See www openssl org or www madboa com geek openssl for more...

Page 91: ...hese strings and becomes incompatible with the current XPort AR release We will add support for this and other formats in future releases Free Radius Linux open source Radius server It is versatile but complicated to configure SSL Configuration To configure SSL perform the following steps 1 Click SSL from the Main Menu Figure 10 5 shows the page that displays Figure 10 5 SSL Web Page ...

Page 92: ...d for SSL Tunneling These certificates do not require a private key Enter the path and name of the certificate you want to upload or use the Browse button to select the certificate RSA or DSA certificates with 512 to 1024 bit public keys are allowed Note The format of the file must be PEM The file must start with BEGIN CERTIFICATE and end with END CERTIFICATE Some Certificate Authorities add comme...

Page 93: ... minutes for a 1024 bit RSA key 8 minutes for a 512 bit DSA key 20 minutes for a 768 bit DSA key 60 minutes for a 1024 bit DSA key Type Select the type of key RSA Public Key Cryptography algorithm based on large prime numbers invented by Rivest Shamir and Adleman Used for encryption and signing DSA Digital Signature Algorithm also based on large prime numbers but can only be used for signing Devel...

Page 94: ...view file diagnostics and or modify files There are two subsections Statistics and Browse The Statistics section of the Filesystem Statistics window shows current statistics and usage information of the flash file system In the FileSystem Browser section of the Filesystem Statistics web page you can create files and folders upload files copy and move files and use TFTP Filesystem Statistics and Ac...

Page 95: ...lick Compact in the Actions row to compact the files Note The compact should not be needed under normal circumstances as the system manages this automatically 3 Back up all files before you perform Step 4 because all user files get erased in that step 4 Cick Format in the Actions row The configuration gets retained Filesystem Browser To browse the filesystem perform the following steps ...

Page 96: ...aintenance and Diagnostics Settings XPort AR User Guide 96 1 Click Filesystem Browse Figure 11 2 shows the page that displays Figure 11 2 Filesystem Browser Web Page 2 Click a filename to view the contents ...

Page 97: ...ion where the file you want to copy resides Destination Enter the location where you want the file copied After you specify a source and destination click Copy to copy the file Move Source Enter the location where the file you want to move resides Destination Enter the location where you want the file moved After you specify a source and destination click Move to move the file TFTP Action Select t...

Page 98: ...ault Figure 11 3 shows the page that displays Figure 11 3 TCP Web Page 2 Enter or modify the fields in Table 11 2 Table 11 2 TCP Fields Field Description Send RSTs Click Enabled to send RSTs or Disabled to stop sending RSTs TCP contains six control bits with one or more defined in each packet RST is one of the control bits The RST bit is responsible for telling the receiving TCP stack to end a con...

Page 99: ... amount of data to acknowledge an ACK gets forced If the sender TCP implementation waits for an ACK before sending more data even though the window is open setting the Ack Limit to 1 packet improves performance by forcing immediate acknowledgements Send Data The Send Data selection governs when data may be sent into the network The Standard implementation waits for an ACK before sending a packet l...

Page 100: ...r of hops a multicast packet can complete before it is terminated as a Multicast Time to Live 3 Click Submit ICMP To set the ICMP perform the following steps 1 Click Protocol Stack ICMP Figure 11 5 shows the page that displays Figure 11 5 ICMP Web Page 2 Click Enabled 3 Click Submit ...

Page 101: ...ick Add for ARP Cache Table 11 3 ARP Web Page Fields Field Description ARP ARP Timeout Enter hours minutes and seconds This is the maximum duration an address remains in the cache ARP Cache IP Address Enter the IP address for the ARP cache MAC Address Enter the MAC address to add to the ARP cache Current State Remove All Removes all entries in the ARP cache or click Remove in the specific table en...

Page 102: ...OTP ensure the DHCP BOOTP server IP address is in the list To configure the IP address filter perform the following steps 1 Click the IP Address Filter on the Main Menu Figure 11 7 shows the page that displays Figure 11 7 IP Address Filter Web Page Note Be aware not to assign your network IP address as filtered Doing so will prevent you from accessing the XPort AR You will have to then access the ...

Page 103: ...aller utility Only 0x77FE discover messages from DeviceInstaller are supported For more information on DeviceInstaller see 3 Using DeviceInstaller To configure the query port server perform the following steps 1 Click Query Port on the Main Menu Figure 11 8 shows the page that displays Figure 11 8 Query Port Web Page Table 11 4 IP Address Filter Fields Field Description IP Address Enter the IP add...

Page 104: ... 3 Click Submit Diagnostics The XPort AR has several tools to perform diagnostics and view device statistics These include information on Hardware MIB II IP Sockets Ping Traceroute DNS Lookup Memory Buffer Pools Processes Hardware To display the Hardware configuration perform the following steps ...

Page 105: ...er Guide 105 1 Click Diagnostics Hardware Figure 11 9 shows the page that displays Figure 11 9 Diagnostics Hardware Web Page MIB II The MIB II Network Statistics page shows the available SNMP MIBs To display MIB II statistics perform the following steps ...

Page 106: ... MIB II Network Statistics Web Page 2 Click any of the links to open the corresponding table and statistics Note For more information refer to the following Requests for Comments RFCs RFC 1213 MIB II definitions RFC 2011 Updated definitions for IP and ICMP RFC 2012 Updated definitions for TCP RFC 2013 Updated definitions for UDP RFC 2096 Definitions for IP forwarding ...

Page 107: ... Guide 107 IP Sockets To display all open IP sockets perform the following steps 1 Click Diagnostics IP Sockets Figure 11 11 shows the page that displays Figure 11 11 IP Sockets Web Page Ping To ping a remote device or computer perform the following steps ...

Page 108: ... the fields in Table 11 5 3 Click Submit Table 11 5 Ping Fields Field Description Host Enter the IP address or host name for the XPort AR to ping Count Enter the number of ping packets XPort AR should attempt to send to the Host The default is 3 Timeout Enter the time in seconds for the XPort AR to wait for a response from the host before timing out The default is 5 seconds ...

Page 109: ...eps 1 Click Diagnostics Traceroute Figure 11 13 shows the page that displays Figure 11 13 Traceroute Web Page 2 Enter or modify the fields in Table 11 6 3 Click Submit Table 11 6 Traceroute Fields Field Description Host Enter the IP address or DNS hostname This address is used to show the path between it and the XPort AR when issuing the traceroute command Count Enter the number of ping packets XP...

Page 110: ...okup You can also perform a lookup for a Mail MX record by prefixing a DNS Hostname with Note A DNS server must be configured for DNS Lookup to work To use forward or reverse DNS lookup perform the following steps 1 Click Diagnostics DNS Lookup Figure 11 14 shows the page that displays Figure 11 14 DNS Lookup Web Page 2 Enter or modify the fields in Table 11 7 ...

Page 111: ...s perform the following steps 1 Click Diagnostics Memory Figure 11 15 shows the page that displays Figure 11 15 Memory Web Page Table 11 7 DNS Lookup Fields Field Description Host Perform one of the following For reverse lookup to locate the hostname for that IP address enter an IP address For forward lookup to locate the corresponding IP address enter a hostname To look up the Mail Exchange MX re...

Page 112: ...6 shows the page that displays Figure 11 16 Buffer Pools Web Page Processes The Processes web page shows all the processes currently running on the system It shows the Process ID PID the percentage of total CPU cycles a process used within the last three seconds the total stack space available the maximum amount of stack space used by the process since it started and the process name To display th...

Page 113: ...11 Maintenance and Diagnostics Settings XPort AR User Guide 113 1 Click Diagnostics Processes Figure 11 17 shows the page that displays Figure 11 17 Processes Web Page ...

Page 114: ... System web page enables the rebooting of the device restoring factory defaults uploading new firmware specifying the short and long name and viewing the current system configuration To configure system settings perform the following steps 1 Click System on the Main Menu Figure 11 18 shows the page that displays Figure 11 18 System Web Page ...

Page 115: ...to restore the XPort AR to the original factory settings All configurations will be lost The XPort AR automatically reboots upon setting back to the defaults Upload New Firmware Click Browse to locate the firmware file location Click Upload to install the firmware on the XPort AR The device automatically reboots upon the installation of new firmware Name Enter a new Short Name and a Long Name if n...

Page 116: ...tics The Email Statistics web page displays when you click Email from the Main Menu It shows statistics and current usage information about the email subsystem When you transmit an email the transmission to the SMTP server gets logged and displayed in the bottom portion of the page To view the statistics perform the following steps 1 Click Email on the Main Menu Figure 12 1 shows the page that dis...

Page 117: ...onfiguration The XPort AR allows you to view and configure email alerts relating to the events occurring within the system To configure email settings perform the following steps 1 Click Email Email 1 Configuration Figure 12 2 shows the page that displays Figure 12 2 Email 1 Configuration Web Page ...

Page 118: ... alerts will be sent Multiple addresses are separated by semicolon Cc Enter the email address to which the email alerts will be copied Multiple addresses are separated by semicolon From Enter the email address to list in the From field of the email alert Reply To Enter the email address to list in the Reply To field of the email alert Subject Enter the subject for the email alert File Enter the pa...

Page 119: ...9 CLI Statistics To view the CLI Statistics perform the following steps 1 Click CLI on the Main Menu Figure 12 3 shows the page that displays Figure 12 3 CLI Statistics Web Page CLI Configuration To configure the CLI perform the following steps ...

Page 120: ...re is no password by default Quit connect line Enter a string to terminate a connect line session and resume the CLI Type control before any key the user must press when holding down the Ctrl key An example of such a string is control L Inactivity Timeout Set an Inactivity Timeout value so the CLI session will disconnect if no data is received after the designated time period Default is 15 minutes...

Page 121: ...n Page you can import a system configuration from an XML file The XML data can be imported from a file on the file system or uploaded using HTTP The groups to import can be specified by toggling the respective group item or entering a filter string When toggling a group item all instances of that group will be imported The filter string can be used to import specific instances of a group The text ...

Page 122: ...Enter or modify the fields in Table 12 3 Table 12 3 XML Export Configuration Fields Field Description Export to browser Select this option to export the XCR data in the selected fields to a web browser Export to local file Select this option to export the XCR data to a file on the device If you select this option enter a file name for the XML configuration record ...

Page 123: ...ure of your browser XML Export Status To export system status in XML format perform the following steps Export secrets Only use this with extreme caution If selected secret password and key information will be exported Use only with a secure link and save only in secure locations Lines to Export Select the instances you want to export in the line LPD PPP tunnel and terminal groups Groups to Export...

Page 124: ... and display a completion message Table 12 4 XML Export Status Fields Field Description Export to browser Select this option to export the XML status record to a web browser Export to local file Select this option to export the XML status record to a file on the device If you select this option enter a file name for the XML status record Lines to Export Select the instances you want to export in t...

Page 125: ...gure 12 7 Import Configuration Web Page 2 Click one of the following radio buttons Configuration from External file See Import Configuration from External File on page 125 Configuration from Filesystem See Import Configuration from Filesystem on page 126 Line s from single line Settings on the Filesystem See Import Line s from Single Line Settings on the Filesystem on page 128 Import Configuration...

Page 126: ...at displays Figure 12 8 Import Configuration from External File Web Page 2 Enter the path and file name of the external XCR file you want to import or browse to select the XCR file 3 Click Import Import Configuration from Filesystem This selection shows a page for entering the filesystem and your import requirements groups lines and instances To import a configuration file from the Filesystem perf...

Page 127: ... Advanced Settings XPort AR User Guide 127 1 Click XML Import Configuration Configuration from Filesystem Figure 12 9 shows the page that displays Figure 12 9 Import Configuration from Filesystem Web Page ...

Page 128: ...fault all line instances are selected Only the selected line instances will be imported in the line LPD PPP tunnel and terminal groups Whole Groups to Import Select the configuration groups to import from the XML configuration record This option imports all instances of each selected group unless it is one of the Lines to Import Note By default all groups are checked except those pertaining to the...

Page 129: ...r modify the fields in Table 12 6 Table 12 6 Import Lines from Single Line Settings Fields Field Description Filename Provide the name of the file on the XPort AR local to its file system that contains XCR data Lines to Import Select the line s whose settings you want to import Click the Select All link to select all the serial lines and the network lines Click the Clear All link clear all of the ...

Page 130: ...e pertaining to the network configuration this is so that import will not break your network connectivity You may check or uncheck any group to include or omit that group from import To import all of the groups click the Select All but Networking link to import all groups To clear all the checkboxes click the Clear All link Table 12 6 Import Lines from Single Line Settings Fields continued Field D...

Page 131: ...o the directory cd that you created in Step 2 http config 4 Get the file by using get filename 5 Modify the file as required or create a new one with the same name 6 Put the file by using put filename 7 Type quit The overriding files display in the http config directory Restart any open browser to view the changes If you want to return to the default files in the firmware image delete the overridi...

Page 132: ...the menu bar Figure 13 1 shows the page that displays Figure 13 1 System Branding Web Page 2 In the Short Name field enter a short name up to 32 characters 3 In the Long Name field enter a long name up to 64 characters 4 Click Submit 5 Click Reboot to display the names ...

Page 133: ...form the following steps 1 Click System in the Main Menu Figure 14 1 shows the page that displays Figure 14 1 System Web Page 2 Click Browse in the Upload New Firmware section The Choose File window displays 3 Highlight the file and click Open 4 Click Upload to install the firmware The device automatically reboots on the installation of new firmware Alternatively firmware can be updated by sending...

Page 134: ...t lantronix com Firmware downloads FAQs and the most up to date documentation are available at www lantronix com support When you report a problem please provide the following information Your name and your company name address and phone number Lantronix model number Lantronix serial number Firmware version on the first screen shown when you Telnet to the device and type show Description of the pr...

Page 135: ... message AES Keys Converting Binary to Hexadecimal Following are two simple ways to convert binary numbers to hexadecimal notation Conversion Table Hexadecimal digits have values ranging from 0 to F which are represented as 0 9 A for 10 B for 11 etc To convert a binary value for example 0100 1100 to a hexadecimal representation treat the upper and lower four bits separately to produce a two digit ...

Page 136: ...dows operating systems For example 1 On the Windows Start menu click Programs Accessories Calculator 2 On the View menu select Scientific The scientific calculator appears 3 Click Bin Binary and type the number you want to convert Figure B 1 Scientific Calculator 4 Click Hex The hexadecimal value appears Figure B 2 Hex Display 14 1110 E 15 1111 F Table B 1 Conversion Values continued Decimal Binar...

Page 137: ...3 Issue 4 2004 VCCI V 3 2007 04 AS NZS CISPR 22 2006 EN55022 1998 A1 2000 A2 2003 EN61000 3 2 2000 A2 2005 EN61000 3 3 1995 A1 2001 A2 2005 Immunity EN55024 1998 A1 2001 A2 2003 Direct Indirect ESD EN61000 4 2 1995 RF Electromagnetic Field Immunity EN61000 4 3 2002 Electrical Fast Transient Burst Immunity EN61000 4 4 2004 Surge Immunity EN61000 4 5 2006 RF Common Mode Conducted Susceptibility EN61...

Page 138: ... substance contained in at least one of the homogeneous materials used for this part is above the limit requirement in SJ T11363 2006 Product Family Name Toxic or hazardous Substances and Elements Lead Pb Mercury Hg Cadmium Cd Hexavalent Chromium Cr VI Polybrominated biphenyls PBB Polybrominated diphenyl ethers PBDE UDS1100 and 2100 0 0 0 0 0 0 EDS 0 0 0 0 0 0 MSS100 0 0 0 0 0 0 IntelliBox 0 0 0 0...

Page 139: ...C Compliance XPort AR User Guide 139 Manufacturer Contact Lantronix Inc 167 Technology Irvine CA 92618 USA Phone 949 453 3990 Fax 949 450 7249 ...

Page 140: ...pliance RoHS notice 138 D default server port numbers 19 device control 17 device details summary 21 device management 18 deviceinstaller accessing the XPort AR 21 device details summary 21 using 21 diagnostic toolset 18 E email configuration 117 encrypt ion 18 Enterprise Grade Security 17 ethernet address 19 Europe Middle East and Africa technical support 134 Evolution OS 16 F Filesystem 26 H hos...

Page 141: ...vice management 18 troubleshooting capabilities 18 web based configuration and troubleshooting 16 xml based architecture and device control 17 P port numbers 19 R rss 17 S secure com port redirector 18 security enterprise grade 17 security settings SSH client known hosts 85 SSH client user configuration 86 SSH server authorized users 83 SSH server host keys 81 SSL certificates 89 SSL certificates ...

Page 142: ...ings 36 accept mode 43 connect mode 45 disconnect mode 50 modem emulation 51 command mode 51 packing mode 40 serial settings 38 statistics 37 U updating firmware 133 US technical support 134 W web manager accessing 23 components of typical web page 25 configuration 23 navigating 26 navigation 26 summary of web pages 26 web based configuration 16 X xml 18 xml configuration 121 ...

Reviews:

No comments

Related manuals for XPort AR

D-Link DES-7200 User Manual preview
DES-7200
Brand: D-Link Pages: 100
D-Link DES-3226L Manual preview
DES-3226L
Brand: D-Link Pages: 134
D-Link DES-3010F Command Line Interface Manual preview
DES-3010F
Brand: D-Link Pages: 187
D-Link DES-3010F Manual preview
DES-3010F
Brand: D-Link Pages: 225
D-Link DES-1048G Manual preview
DES-1048G
Brand: D-Link Pages: 31
D-Link DES-1050G User Manual preview
DES-1050G
Brand: D-Link Pages: 35
D-Link DES-1016D - Switch Quick Install Manual preview
DES-1016D - Switch
Brand: D-Link Pages: 19
D-Link COVR-2202 User Manual preview
COVR-2202
Brand: D-Link Pages: 107
D-Link AirPlusXtremeG DI-624 Troubleshooting preview
AirPlusXtremeG DI-624
Brand: D-Link Pages: 5
D-Link DGS-1210-28P Getting Started Manual preview
DGS-1210-28P
Brand: D-Link Pages: 48
Accelerated 6330-MX User Manual preview
6330-MX
Brand: Accelerated Pages: 10
Accelerated 6300-CX Customer Setup Instructions preview
6300-CX
Brand: Accelerated Pages: 4
Campbell NL115 User Manual preview
NL115
Brand: Campbell Pages: 38
Lindsay Broadband LBON320AC Series Installation And Operation Manual preview
LBON320AC Series
Brand: Lindsay Broadband Pages: 4
IBM System Storage DS3200 Overview preview
System Storage DS3200
Brand: IBM Pages: 2
QTech QSW-2900 User Manual preview
QSW-2900
Brand: QTech Pages: 406
Unex EVK-351 Quick Start Manual preview
EVK-351
Brand: Unex Pages: 27
Allied Telesis AT-TN7100 User Manual preview
AT-TN7100
Brand: Allied Telesis Pages: 2

Brands by name

Popular brands

Load more brands