IOLAN SCG50 - Server Perle - Free user manual and instructions

USER MANUAL IOLAN SCG50 Perle

IOLAN Secure User's Guide V5.0

Updated: July 2018

Revision: A.1-07-04-2018

Document Part: 5500431-10

Preface

Audience

This guide is for the networking professional managing your IOLAN. Before using this guide, you should be familiar with the concepts and terminology of Ethernet and local area networking.

Purpose

This guide provides the information that you need to configure and manage your Perle IOLAN Product. For Web Manager (GUI) users, this guide provides the navigation reference that can be used within web sessions for each feature.

Product installation information can be found in the IOLAN Hardware Installation Guide for your product model on our Perle website at www.perle.com and in the Quick Start Guide that came with your product.

Additional Documentation

Document Conventions

This document contains the following conventions:

Most text is presented in the typeface used in this paragraph. Other typefaces are used to help you identify certain types of information. The other typefaces are:

Note: Means reader take note: notes contain helpful suggestions.

Guide Updates

This guide may be updated from time to time and is available at no charge from the download area of Perle's web site at https://www.perle.com/downloads/

Licensing

All Perle software pre-installed in Perle Products or downloaded from any other source or media is governed by Perle's End User License Agreement. USING THIS PERLE PRODUCT CONSTITUTES ACCEPTANCE OF THIS AGREEMENT. Please review the country specific End User License Agreement located at the following location prior to usage;

https://www.perle.com/EULA.shtml/

https://www.perle.com/EULA-Germany.shtml/

You also agree that Perle may collect, use, or disclose customer information in the course of fulfilling its obligations under the End User License Agreement, and such collection, use, and disclosure will be in accordance with Perle's privacy policy available at https://www.perle.com

IF YOU DO NOT AGREE TO ALL OF THE TERMS AND CONDITIONS OF THIS AGREEMENT, You have no right to use the Perle Software and You should return the purchased product to Perle or the applicable reseller or distributor from whom you obtained the product.

Copyright Statement

This document must not be reproduced in any way whatsoever, either printed or electronically, without the consent of:

Perle Systems Limited,

60 Renfrew Drive

Markham, ON

Canada

L3R 0E1

Perle reserves the right to make changes without further notice, to any products to improve reliability, function, or design.

Perle, the Perle logo, and IOLAN are trademarks of Perle Systems Limited.

Microsoft, Windows NT®/Windows 2000®/Windows Vista®/Windows Server 2003®/Windows 2003 R2®/Windows 2008®/Windows2008 R2®/Windows XP®/Windows 7®/Windows 8®/Windows 8.1®/Windows Server

2012 ^® /Windows Server 2012 R2 ^® /Windows Server 2016 ^® /Windows 10 and Internet Explorer ^® are trademarks of Microsoft Corporation.

Solaris ^® is a registered trademark of Sun Microsystems, Inc. in the USA and other countries.

Perle Systems Limited, 2005-2018.

FCC Note The IOLAN Device Server series has been found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instructions in this Guide, may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference, in which case the user will be required to correct the interference at his/her own expense.

EN 55022: 1998, Class A, Note

WARNING This is a Class A product. In a domestic environment this product may cause radio interference in which case the user maybe required to take adequate measures.

Caution: the IOLAN product is approved for commercial use only.

Publishing History

Preface 2

Publishing History...... 4

About the IOLAN....5

Hardware Features.... 5

General Features 5

Secure Features....5

Security 6

Setting Up the Network....7

Methods of Configuring the IOLAN 7

Configuring an IP Address 7

DeviceManager 8

Installing the DeviceManager to your PC 8

WebManager 12

Logging in to the IOLAN using WebManager.... 13

EasyPort Web 15

Command Line Interface.... 15

Connecting through the Network.... 15

Connecting to the Console Port(s).... 16

DHCP/BOOTP 16

Using DHCP/BOOTP 16

SNMP....17

Connecting to the IOLAN Using SNMP 17

Using the SNMP MIB 19

Network Settings 20

WLAN (only applies to certain models) 25

Client Mode 25

Soft-AP Modc 25

WWAN (only applies to certain models).... 31

Host Table 32

IP Filtering 32

Routes 32

DNS/WINS 33

RIP 34

Dynamic DNS.... 35

IPv6 Tunnels 38

Serial Ports.... 39

Console Management Profile 47

Trueport Profile.... 51

TCP Sockets Profile 56

UDP Sockets Profile 61

Terminal Profile 66

User Service Settings.... 69

Serial Tunneling Profile.... 79

Virtual Modem Profile.... 81

Modbus Gateway Profile 85

Power Management Profile 89

Remote Access (PPP) Profile....91

Remote Access (SLIP) Profile 99

Custom Application Profile.... 102

Remote Port Buffers 103

Serial Settings Advanced Parameters 104

Modem Parameters.... 106

Adding/Editing a Modem 106

Trueport Baud Rate Parameters 106

Setting Up Users 107

Adding/Editing Users 107

User Services Parameters 108

User Sessions.... 111

User Sessions Parameters 112

Serial Port Access.... 112

Authentication 113

Security Overview 113

Setting Primary and Secondary Authentication Methods.... 113

Local 114

RADIUS 115

KerberosLDAP/Microsoft Active Directory 116

TACACS+ 118

Securid 119

NIS 120

NIS Authentication Parameters.... 120

Users Logging into the IOLAN Using SSH 120

Users Passing Through the IOLAN Using SSH (Dir/Sil) 120

SSL/TLS 122

Authentication Parameters.... 123

VPN....126

IPsec....127

L2TP/IPsec 130

Alerts 139

Email Alerts.... 139

Email Alert Parameters.... 139

Syslog Parameters.... 140

Management 141

SNMP Parameters.... 141

SNMP Trap Parameters 142

Custom App/Plugin.... 144

Custom App Parameters 144

Control RPS, IPSec, WLAN and WWAN.... 149

RPS Control....149

Plug Control.... 149

Serial Port Power Control 150

Power Plug Status.... 151

IPsec Tunnel Control 151

WLAN Control.... 151

WWAN Control.... 152

RADIUS External Parameters.... 162

Supported RADIUS Parameters 162

Applications 176

Dynamic DNS.... 176

Dynamic DNS Update 176

Using Dynamic DNS Behind a NAT Router.... 176

Power Management 177

Machine To Machine Connections.... 178

Creating User Sessions 179

Configuring Modbus.... 179

Configuring PPP Dial On Demand.... 182

Configuring a Virtual Private Network 185

Configuring HTTP Tunnels.... 192

Tunnel Relay.... 197

Virtual Modem Initialization Commands.... 1

TruePort....1

Modbus Remapping Feature.... 2

Data Logging Feature .... 3

Trueport Profile ...... 3

TCP Socket Profile 3

About the IOLAN

The IOLAN is an Ethernet communications/terminal server that allows serial devices to be connected directly to your network. The IOLAN attaches to your network using TCP/UDP/IP and allows serial devices such as modems and terminals, or printers to access the LTE/WLAN/LAN. It also allows LTE/WLAN/LAN devices to access devices or equipment attached to IOLAN serial ports.

The IOLAN can connect to a wide range of devices including:

• Terminals for multi-user UNIX systems
• Data acquisition equipment (manufacturing, laboratory, scanners, etc)
• Retail point-of-sale equipment (bar coding, registers, etc.)
- PC's using terminal emulation or SLIP/PPP protocols
- Configurable serial modems
- All types of serial printers

The performance and flexibility of the IOLAN allows you to use a wide range of high speed devices in complex application environments. The IOLAN products will work in any server environment.

Hardware Features

See the IOLAN Hardware Installation Guide that came with your model for more information.

General Features

This section highlights the software components you can expect to find in your IOLAN model. Basic IOLAN software features are available on all IOLAN models.

• IPv6 support
  • Support for TCP/IP and UDP protocols including telnet and raw connections
  • Printer support via LPD and RCP
  • Virtual modem emulation
• 'Fixed tty' support for several operating systems using Perle's TruePort utility
• DHCP/BOOTP for automated network-based setup
• Dynamic statistics and line status information for fast problem diagnosis
• Multi-session support when accessing the IOLAN from either the serial port or the network
• Modbus master/slave/gateway support
• An SDK (Software Development Kit) for custom programs and plugin support
• Ability to disable services (for example, Telnet, TruePort, Syslog, SNMP, Modbus, HTTP) for additional security
• Logging via syslog
• Ability to disable Ping responses

Secure Features

- External system authentication:

• R A D I U S
- Kerberos
• TACACS+
• NIS
- SecurlD

• LDAP/Microsoft Active Directory
  • Dynamic DNS with DYNDNS.org
• Domain Name Server (DNS) support
• WINS support for Windows ^ environments
• Remote access support including PPP, SLIP, and SLIP with VJ Compression
• Ability to remotely manage the Perle Remote Power Switch (RPS)

• Ability to cluster several IOLANs

• Email alert notification

• PPP authentication via PAP /CHAP/ MSCHAP
• CHAP(MD5) authentication support to TACACS+ servers
• SSH connections (supported ciphers are Blowfish, 3DES, AES-CBC, AES-CTR, AES-GMC, CAST, Arcfour and ChaCha20-Poly1305)
• SSL/TLS connections
• RIP authentication (via password or MD5)
• S N T P ( versions 1, 2, 3, and 4 are supported)

Security

Security features will vary depending on your IOLAN model

• Supervisory and serial port password protection
- Ability to set serial port access rights
- Ability to assign users access level rights to control their access
- Trusted host filtering (IP filtering), allowing only those hosts that have been configured in the IOLAN access to the IOLAN
- Idle port timers, which close a connection that has not been active for a specified period of time
- Ability to individually disable network services that won't be used by the IOLANSSH client/server connections (SSH 1 and SSH 2)
- SSL/TLS client/server data encryption (TLSv1/1.1/1.2 and SSLv2)
- Ability to setup Virtual Private Networks
- Access to firewalled/NAT'ed devices via HTTP tunnels
- Wireless Security; WEP, WPA2-PSK & Enterprise (EAP, PEAP, LEAP), 802.11i
- Wireless cellular security using PAP or CHAP authentication
- Front panel keyboard lock

Setting Up the Network

The most important part of setting up the network is assigning an IP address to the IOLAN, whether this is a static IP address or enabling a DHCP/BOOTP-assigned IP address. You should also assign a name to the IOLAN, to make it easier to recognize. This section deals primarily with setting the IP address.

Methods of Configuring the IOLAN

There are two ways you can access the IOLAN, through the network or through the serial connection. If you are accessing the IOLAN through the network, the IOLAN must already have a known IP address configured; for information see Configuring an IP Address.

Some of the IOLAN configuration methods have the capability of configuring an IP address, which is the first required configuration step for a new IOLAN. Once the IOLAN has been assigned an IP address, any of the configuration methods can be used to configure the IOLAN.

Configuring an IP Address

Following is a list of methods for setting the IOLAN IP address and a short explanation of when you would want to use that method:

• DeviceManager—Use this method when you can connect the IOLAN to the network and access the IOLAN from a Windows® PC. The DeviceManager is a Windows®-based application that can be used for IOLAN configuration and management. The DeviceManager can be used to assign an IP address and perform the complete configuration and management of the IOLAN. See DeviceManager for more information on using the DeviceManager.
• WebManager—Use this method when you have already set the IOLAN with an IP address. This method cannot be used to initially set an IP address on the IOLAN. See Downloading the Configuration with WebManager for more information on using the WebManager.
• Direct Connection—Use this method when you can connect to the IOLAN from a serial terminal or from a computer running terminal emulation software over a serial port. Using this method, you will need to configure and/or manage the IOLAN using the CLI.
• DHCP/BOOTP—Use this method when you have a BOOTP or DHCP server running and you can connect the IOLAN to your network. The IOLAN will automatically obtain an IP address from a local network DHCP/BOOTP server when this service is enabled (it is disabled by default). You can also configure certain IOLAN parameters that will be passed from the DHCP/BOOTP server to the IOLAN when it boots up. Other configurators such as DeviceManager or CLI can be used to set this option, and obtain the initial IP address.
• ARP-Ping—Use this method when you can connect the IOLAN to the network and want to assign a temporary IP address to the IOLAN by adding an ARP entry to your PC and then ping-ing it.
• IPv6 Network—When the IOLAN is connected to an IPv6 network, its local link address is determined using stateless auto configuration.

DeviceManager

The DeviceManager is a Windows ^® -based application that can be used to connect to the IOLAN to actively manage and configure it or can create new IOLAN configurations off-line. The DeviceManager can be run from Windows 2000 ^® /Windows Vista ^® /Windows Server 2003 ^® /Windows 2003 R2 ^® /Windows 2008 ^® /Windows 2008 R2 ^® /Windows XP ^® /Windows 7 ^® /Windows 8 ^® /Windows Server 2012 ^® /Windows Server 2012 ^® R2, Windows Server 2016 ^® and Windows 10.

Device Manager Features

Some DeviceManager features are:

• The ability to download the same configuration file to several IOLANs in one operation.
• The ability to save a configuration file locally in text format, in addition to the binary format.
• The ability to create a configuration file without being connected to the IOLAN.
• The ability to open a session to the IOLAN and download a (saved) configuration file to it.
• The ability to download/upload keys/certificates to/from the IOLAN.
• The ability to download custom files, such as new terminal definitions and custom languages to the IOLAN.

Installing the DeviceManager to your PC

Before you can use DeviceManager, you need to install it on your Windows operating system from the Perle website at www.perle.com. After the DeviceManager application is installed, select the Start icon, then scroll through the Applications and select the Perle Folder, then select the Perle Devicemanager application. When you launch the DeviceManager, it will scan the network for IOLANs. All discovered IOLANs will be displayed on the list along with their name and IP address. When a new IOLAN is discovered on the network, that has not yet been assigned an IP address, it will be displayed with an IP Address of Not Configured. If routers on the network have been setup to propagate multi-casts, DeviceManager will also be able to discover IOLANs in other networks. To configure the IP address, select the IOLAN and then select the Assign IP button.

Assigning a Temporary IP Address to a New IOLAN

A new IOLAN will show in the display list as Not Configured. You can temporarily assign an IP address to the IOLAN that is connected to your local network segment, for the purpose of connecting to it and downloading a configuration file (containing a permanent IP address). To temporarily assign an IP address to the IOLAN, do the following:

1. Select the Refresh button. The IOLAN will be displayed in the IP Address column as Not Configured.

1. Type a valid temporary IP address into the address field or enable the Have the IOLAN automatically get a temporary IP address. If you enable the temporary IP address, the IOLAN will enable DHCP/BOOTP on your IOLAN and attempt to get an IP address from the DHCP/BOOTP server (this will permanently enable DHCP/BOOTP in your IOLAN's configuration, until you change it). If your network does not have a DHCP/BOOTP server, the IOLAN will temporarily assign an IP address of 192.168.1.124 with a subnet of 255.255.255.0 (this IP address is only assigned for the duration of the DeviceManager/IOLAN connection).
2. Select the Assign IP button.
3. After you configure the IP address, select the Assign IP button.

Starting a New Session

To start a new session and connect to the IOLAN using the DeviceManager: Start the DeviceManager by selecting Start, All Programs, Perle, DeviceManager, DeviceManager. When the DeviceManager starts, it searches the network for IOLANs.

Note: If you are not seeing IPv6 addresses in the list (you must expand the entry).

Logging into the IOLAN with DeviceManager

The refreshed list will now display the assigned IP address for the new IOLAN. To connect to the IOLAN, select the IOLAN entry and select OK. If this is the first time you are accessing the IOLAN, type in the factory default admin password, superuser, and select OK. The DeviceManager will display a window indicating that it is trying to authenticate and connect you to the IOLAN.

Adding/Deleting IOLANs Manually

To permanently add the IOLAN to the IOLAN list, select the Add button and type in the IPv4 or IPv6 address of the IOLAN. To permanently delete the IOLAN from the IOLANist, select the IOLAN's IP address and select the Delete button.

If the authentication and connection are successful, the IOLAN's Server Info window is displayed.

If you cannot connect to the IOLAN, you can highlight the IOLAN and selecting the Ping button to verify that the DeviceManager can communicate with the IOLAN's IP Address. If the ping times out, then you might need to set up a Gateway in your IOLAN or verify that your network is communicating correctly. If your IOLAN is not in the local network and you do not have a multi-cast enabled router in your network and therefore the IOLAN is not displayed in the selectable list, but can be pinged from your PC, you can add it to the selectable list by selecting the Add button.

Note: The DeviceManager does not automatically update the IOLANs configuration. You must download the configuration changes to the IOLAN and then reboot the IOLAN to make the configuration changes take effect.

You are now ready to configure the IOLAN.

Navigating the DeviceManager

The DeviceManager has a navigation tree that you can use to access the available Configuration and Statistics pages in the display area. When you select an option in the navigation tree, you can often navigate the tabs or buttons in the display area to access the various configuration and statistics options.

Navigating the Options

The left-hand navigation tree allows you to quickly and easily navigate the various Configuration and Statistics pages of DeviceManager. Further navigation is available in the form of buttons and tabs in the display area of DeviceManager, depending on where you are in the navigation tree, as shown in the below.

Notice that when you expand a parent node in the tree (e.g., Serial), the tree displays the same options that appear as buttons in the display area, as shown below. This gives you the choice of using the navigation tree or buttons to navigate the options.

Downloading the Configuration with DeviceManager

When you have completed all your configuration changes, select the Download All Changes button to download the configuration to the IOLAN. You must reboot the IOLAN for your configuration changes to take effect.

Creating a New IOLAN Configuration in DeviceManager

In DeviceManager, when you select File, New, the New Configuration window is displayed.

Select the IOLAN model for which you want to create a new configuration file. Any configuration file created in this manner can only be save locally. To download a created configuration file, you must first connect to the IOLAN, import the created configuration file into DeviceManager (this is not available in WebManager), and then download the configuration file to the IOLAN and reboot it. Opening an Existing Configuration File

If you select the File, Open, a browse window is opened so you can select the configuration file you want to edit. IOLAN configuration files saved in the DeviceManager can be in the IOLAN-native binary format (.dme) or as a text file (.txt), which can be edited with a text editor. Either configuration version can be imported into the DeviceManager. IOLAN configuration files saved from WebManager can also be opened into DeviceManager.

Importing an Existing Configuration File

If you have a local, saved configuration file that you want to download to the IOLAN, you must first connect to the IOLAN that you want to download the configuration file to. Once you have successfully logged into the IOLAN, in DeviceManager selectTools, Import Configuration from a File and in WebManager select Administration, Restore/Backup. You need to download the file in DeviceManager and in both managers you need to reboot the IOLAN.

WebManager

Using the WebManager

The Perle WebManager is an embedded Web based application that provides an easy to use browser interface for managing the IOLAN. This interface provides the ability to configure and manage the IOLAN. This is accessible through any standard desktop web browser. You must have preconfigured a valid IP address on the IOLAN before connecting with the WebManager.

WebManager Features

Some Perle WebManager features are:

• The ability to downloading firmware to the IOLAN.
• The ability to reset serial ports.

- The ability to download/upload keys/certificates to/from the IOLAN.

- The ability to download custom files, such as new terminal definitions and custom languages to the IOLAN

• The ability to set the time and date

Logging in to the IOLAN using WebManager

WebManager can connect to IOLANs that already have an assigned IP address or wirelessly to an IOLAN with the wireless feature. See WLAN (only applies to certain models) settings in this guide for configuration options for Client or Soft AP mode.

To connect to the IOLAN, type the IP address of the IOLAN into the Address bar on your browser such as: http://10.10.234.34. (Your IOLAN IP address)

You will see the login screen. You will be prompted for the admin Password (the default is superuser).

If the authentication and connection are successful, the IOLAN's Server Info window is displayed. You are now ready to configure the IOLAN.

WebManager also launches EasyPort Web, which is a browser-based management tool that can be used to manage clustered IOLANs and Remote Power Switches (RPS). EasyPort Web can also be launched by any user who can connect to the IOLAN through a web browser.

Navigating the WebManager

The WebManager uses a expandable/collapsible buttons with folders and pages for the navigation tree. You can expand the buttons to view the folders and pages to see the available configuration options. When you access a configuration page, you can often navigate the tabs in the configuration area to access all of the configuration options.

When using WebManager, you are required to select theApply button each time you make a change to a configuration window/tab.

Downloading the Configuration with WebManager

The configuration is automatically downloaded when you select the apply button on each page. Most changes require a reboot of the IOLAN in order to take effect. Some changes such as serial port parameters can be made to take effect by simply resetting the serial port.

EasyPort Web

WebManager also launches EasyPort Web, which is a browser-based management tool that can be used to manage clustered IOLANs, Remote Power Switches (RPS), and power plugs. EasyPort Web can also be launched by any user who can connect to the IOLAN through a web browser.

Command Line Interface

The Command Line Interface (CLI) is a command line option for IOLAN configuration/management. See the IOLAN Secure Command Line Interface Reference Guide V5.0 for a full breakdown of commands. The CLI is accessed by any application that supports a Telnet or SSH session to the IOLAN's IP address, such as Putty, SecureCRT, or you can connect directly to the admin console port.

After you have successfully logged in, you can start configuring/managing the IOLAN by typing in commands at the prompt. If you are not sure what commands are available, you can type a ? (question mark) at any time during a command to see your options.

Connecting through the Network

To connect to the IOLAN through the network to configure/manage it using the CLI, do the following:

1. Start a Telnet or SSHsession to the IOLAN's IP address (IP address must be preconfigured).
2. You will get a Login: prompt. You can login as the admin user or as a user with Admin Level rights. If the login is successful, you will get a prompt that displays the IOLAN model and number of ports:

Login: admin

Password:

for exampleSCG32, DG1#

You will see a prompt that displays the model and number of serial ports on the IOLAN. You are now ready to start configuring/managing your IOLAN using the CLI.

See the IOLAN Secure Command Line Interface Reference Guide V5.0 and greater for more information about using the CLI.

Connecting to the Console Port(s)

Depending on the model of IOLAN you purchased, connecting to the console port can be done in a variety of ways; using a DIP switch to set the port to Console mode, then connecting with a null modem serial cable, connecting to the IOLAN with the DB9 to RJ45 adapter that was shipped with your product or connecting to the standard Micro-B USB port via a USB cable to the front of the IOLAN. After you have established a connection to the IOLAN, you will get aLogin: prompt. You can login as the admin user or as a user with Admin Level rights. If you are not sure what commands are available, you can type a ? (question mark) at any time during a command to see your options. See the IOLAN Hardware Installation Guide for your model to determine the method of connecting to your specific model.

DHCP/BOOTP

Connecting to the IOLAN Using DHCP/BOOTP

The IOLAN will automatically request an IP address from the DCHP/BOOTP server when the Obtain IP address automatically using DHCP/BOOTP parameter is enabled. By default, DHCP is disabled

Using DHCP/BOOTP

To use DHCP/BOOTP, edit the bootp file with IOLAN configuration parameters. You can use DHCP/BOOTP to perform the following actions on a single or multiple IOLANs on boot up:

• auto-configure with minimal information; for example, only an IP address
• auto-configure with basic setup information (IP address, subnet/prefix bits, etc.)
• download a new version of firmware
• download a full configuration file

DHCP/BOOTP is particularly useful for multiple installations: you can do all the IOLANs' configuration in one DHCP/BOOTP file, rather than configure each IOLAN manually. Another advantage of DHCP/BOOTP is that you can connect the IOLAN to the network, turn on its power and let autoconfiguration take place. All the configuration is carried out for you during the DHCP/BOOTP process.

DHCP Parameters

The following parameters can be set in the DHCP/BOOTP bootp file:

• SW_FILE—The full path, pre-fixed by hostname/IP address (IPv4 or IPv6), and file name of the firmware update.
• CONFIG_FILE—The full path, pre-fixed by hostname/IP address (IPv4 or IPv6), and file name of the configuration file.
• GUI_ACCESS—Access to the IOLAN from the HTTP or HTTPS WebManager. Values are on or off.

• AUTH_TYPE—The authentication method(s) employed by the IOLAN for all users. You can specify the primary and secondary authentication servers, separated by a comma. This uses the following numeric values for the authentication methods.

• 1—Local

• 2—RADIUS
• 3—Kerberos
• 4—LDAP/Microsoft Active Directory
• 5—TACACS+
• 6—SECURID
• 7—NIS

- 0—None (only valid for secondary authentication)

• SECURITY—Restricts IOLAN access to devices listed in the IOLANs host table. Values are yes or no.
• TFTP_RETRY—The number of TFTP retries before aborting. This is a numeric value, for example, 5.
• TFTP_TMOUT—The time, in seconds, before retrying a TFTP download/upload. This is a numeric value, for example, 3.
• CUSTOM_LANG—The full path, pre-fixed by a hostname/IP address (IPv4 or IPv6), and file name of a translated language file. For example,
  192.101.34.211 /accounting/Iolan_ds_german.txt.
• EXTRA_TERM1—(EXTRA_TERM2, EXTRA_TERM3) The full path, pre-fixed by a hostname/IP address (IPv4 or IPv6), and file name of a termcap file for a specific terminal type.

Several IOLAN parameters can be configured through a DHCP/BOOTP server during the IOLAN boot up. This is particularly useful for configuring multiple IOLANs.

Using ARP-Ping

You can use the ARP-Ping (Address Resolution Protocol) method to temporarily assign an IP address and connect to your IOLAN to assign a permanent IP address. To use ARP-Ping to temporarily assign an IP address:

From a local UNIX/Linux host, type the following at the system command shell prompt:

arp -s a.b.c.d aa:bb:cc:dd:ee:ff

On a Windows ^® 2000 or newer system, type the following at the command prompt:

arp -s a.b.c.d aa-bb-cc-dd-ee-ff

(where a.b.c.d is the IPv4 address you want to temporarily assign to the IOLAN, and

aa:bb:cc:dd:ee:ff is the Ethernet (MAC) address of IOLAN (found on the back of the unit).

Whether you use UNIX or Windows ^® , you are now ready to ping to the IOLAN. Here is a UNIX example of the sequence to use:

arp -s 192.168.209.8 00:80:d4:00:33:4e

ping 192.168.209.8

From the ping command issued in step 2, the IOLAN will pickup and use the IP address entered into the ARP table in step 1. You are now ready to configure the IOLAN.

Connecting to an IPv6 Network

The IOLAN has a factory default link local IPv6 address based upon its MAC Address.

For example:

For an IOLAN with a MAC Address of 00-80-D4-AB-CD-EF, the Link Local Address would be fe80::0280:D4ff:feAB:CDEF.

By default, the IOLAN will listen for IPV6 router advertisements to obtain additional IPV6 addresses. No configuration is required, however, you can manually configure IPV6 addresses and network settings; see Connecting to an IPv6 Network for more information on IPv6 configuration options.

SNMP

The IOLAN supports configuration and management through SNMP. SNMP Management tools (SNMP client/MIB browser software) can be used to set IOLAN configuration parameters and/or view IOLAN statistics.

Connecting to the IOLAN Using SNMP

Before you can connect to the IOLAN through an SNMP Management tool or MIB browser, you need to set the following components through another configuration method.

1. Configure a known IP address on the IOLAN.
2. Configure a read-write user for SNMP version 3 or a community for SNMP version 1 or 2 on the IOLAN.
3. Reboot the IOLAN to make sure the changes take effect.

To connect to the IOLAN through an SNMP Management tool or MIB browser, do the following:

1. From the Perle website, load the MIB, for your model, into your SNMP manager.

Note: You need to have the following MIBs installed in your SNMP manager (these are usually part of the standard SNMP client/MIB browser):

SNMPv2-SMI
SNMPv2-TC
- IPV6-TC

1. Verify that the read-write user for SNMP version 3 or a community for SNMP version 1 or 2 match the configuration on the IOLAN.

2. Type in the IOLAN's IP address and connect to the IOLAN.

3. You are now ready to start configuring the IOLAN using SNMP.

Using the SNMP MIB

After you have successfully connected to the IOLAN through your SNMP Management tool or MIB browser, expand the MIB folder to see the IOLAN's parameter folders. Below is an example of the configurable parameters under the ServicesInfo folder.

The first variable in each folder is the Status variable, for example, serviceStatus. When you perform a GET on this variable, one of the following values will be returned:

• 1—Indicates that the container folder is active with no changes.
• 2—Indicates that the container folder is active with change(s).

Once you have completed setting the variables in a folder, you will want to submit your changes to the IOLAN. To do this, set the Status variable to 4. If you want to discard the changes, set the Status variable to 6.

• 4—Indicates that the changes in the container folder are to be submitted to the IOLAN.
- 6—Indicates that the changes in the container folder are to be discarded.

If you want to save all the changes that have been submitted to the IOLAN, you need to expand the adminInfo container folder and SET the adminFunction to 1 to write to FLASH. To make the configuration changes take effect, SET the adminFunction to 3 to reboot the IOLAN.

To select a serial port profile in the WebManager, connect through the WebManager to the IOLAN you are configuring and select Serial Port, in the navigation pane. Highlight the serial port you want to configure and then select Edit.

Network Settings

The Network section is used to configure the parameters that identify the IOLAN within the network and how the IOLAN accesses hosts on the network. Select Network from the navigation tree on the left hand side.

• IP Settings—Configure IPv4, IPv6 settings, Default Gateway and Ethernet settings
• WWAN (wireless wide area network) —Configure WWAN settings
• WLAN (wireless local area network)—Configure WLAN settings
• Advanced—Configure Host table, IP Filtering, Routes, DNS/WINS, RIP, Dynamic DNS, IPv6 Tunnels.

IPv4 Settings

The parameters in IPv4 settings are used to access the IOLAN and how the IOLAN accesses the network. Select IPV4 from the Network Configuration screen and configure the parameters for your network.

System Name

The System Name is used for informational purposes by such tools as the DeviceManager and is also used in conjunction with the Domain field to construct a fully qualified domain name (FQDN).

Domain This field is combined with the

combined with the System Name to construct the fully qualified domain name (FQDN). For example, if the domain is mycompany.com and the Server Name is set to accounting, the FQDN would be accounting.mycompany.com.

Interface Name Ethernet 1, Ethernet 2 or WLAN 0

Obtain IP Address automatically using DHCP/BOOTP

When enabled, the IOLAN will request an IP address from the DHCP/BOOTP server. By default, when this option is enabled, the IOLAN will also attempt to retrieve the DNS server, WINS server, and default gateway from the DHCP/BOOTP server. Default: Disabled

Use the following IP Address

Assign a specific IP address to the IOLAN. Field Format: IPv4 address

Ethernet 1

The IOLAN's unique IPv4 network Interface 1 IP address. Field Format: IPv4 address

Ethernet 2

The IOLAN's unique IPv4 network interface 1 IP address. Field Format: IPv4 address

WLAN 0 The IOLAN's unique IPv4 WLAN 0 network address. Field Format: IPv4 address

Subnet Mask The network subnet mask. For example, 255.255.0.0.

Default Gateway

Specify the gateway IP address that will provide general access beyond the local network. Field Format: IPv4 address

IPv6 Settings

Configure IPv6 settings when the IOLAN resides in an IPv6 network.

Ethernet 1 The IOLAN's unique IPv6 network Interface 1 IP address.

Field Format: IPv6 address

Ethernet 2 The IOLAN's unique IPv6 network interface 1 IP address.

Field Format: IPv6 address

WLAN 0 The IOLAN's unique IPv6 WLAN 0 network address.

Field Format: IPv6 address

Obtain IPv6 When enabled, you can configure the IOLAN to obtain the IPv6 address(es) using Address(es) using IPv6 Autoconfiguration or a DHCPv6 server.

Default: Enabled

IPv6 Autoconfiguration When enabled, the IOLAN will send out a Router Solicitation message. If a Router Advertisement message is received, the IOLAN will configure the IPv6 address(es) and configuration parameters based on the information contained in the advertisement. If no Router Advertisement message is received, the IOLAN will attempt to connect to a DHCPv6 server to obtain IPv6 addresses and other configuration parameters.

Default: Enabled

DHCPv6 When enabled, requests IPv6 address(es) and configuration information from the DHCPv6 server.

Default: Disabled

Custom IPv6 Address Displays the list of custom configured IPv6 addresses. List

Adding/Editing a Custom IPv6 Address

You can choose one of the following:

Enter the IPv6 network prefix:

Create a unique IPv6 address on the network When enabled, the IOLAN will derive an IPv6 address from the entered network prefix and the IOLAN's MAC address. Default: Enabled

Network Prefix Specify the IPv6 network prefix.

Default: Enabled

Network Subnet Bits Specify the number of bits in the Network prefix which will be used to specify the subnet.

Range: 0-64

Default: 64

Enter the complete IPv6 address:

Use the following Enable this option when you want to enter a specific IPv6 address.

IPv6 address Default: Disabled

IPv6 Address Specify the complete IPv6 address.

Field Format: IPv6 address

IPv6 Address IPv6 Specify the network prefix bits for the IPv6 address.

Prefix Bits Range: 0-128

Default: 64

Advanced Network Settings

The Advanced tab configures DNS update, MTU size, IPv6 Advertising Router settings, and the Ethernet interface parameters.

Configure the parameters in the Advanced tab only if:

• you have already set up Dynamic DNS with DynDNS.com
• you want to specify the line speed and duplex for your Ethernet interface
• if you want the IOLAN to act as an IPv6 Advertising Router

Register Address in DNS When this parameter is set, the IOLAN will provide the DHCP/DHCPv6 server with a fully qualified domain name (FQDN), so that the DHCP/DHCPv6 server can update the network's DNS server with the newly assigned IP address.

Default: Disabled

Domain Prefix

(Dual Interface models only) A domain prefix to uniquely identify the interface to the DNS when the IOLAN has more than one Ethernet interface. The FQDN that is sent to the DNS will be one of the following formats, depending on what is configured in the System Settings section on the IPv4 Settings tab:

• ..
• .

Field Format: Maximum 8 alphanumeric characters

Maximum Transmission Unit (MTU)

The Maximum Transmission Unit (MTU) size of an IP frame that will be sent over the network. If your IOLAN has more than one interface each interface can be set separately, however only one MTU size can be set for both IPv4 or IPv6 frames.

MTU IPv4: 68-1500 bytes MTU IPv6: 68-1500 bytes

Enable Active Standby

Active Standby permits the grouping of Ethernet LAN connections to provide for link failover. Both Ethernet connections will have the same Ethernet MAC address. Active standby refers to the process by which a failure of one interface can be automatically overcome by having its traffic routed to the other interface.

Default: Disabled

Monitoring Interval

(Only applies to IOLANs with two Ethernet interfaces) The interval in which the active interface is checked to see if it is still communicating.

Default: 100 ms

Recovery Delay

(Only applies to IOLANs with two Ethernet interfaces) The time that the IOLAN will wait to make the secondary interface (Ethernet 2) active after it has been detected as up.

Default: 200 ms

Disable IP Forwarding between Ethernet Interfaces

(Only applies to IOLANs with two Ethernet interfaces) When enabled, no IP traffic will be forwarded between Ethernet interfaces. Default: Disabled

SGMII Support Enable SGMII support on the SFP transceiver port.

Default: Disable

WLAN (only applies to certain models)

The IOLAN can operate in two wireless modes. The WLAN can be disabled.

- Client Mode

- Soft-AP Mode

Client Mode

In Client mode the IOLAN can connect wirelessly to an Access Point (AP) wireless network. The IOLAN is preconfigure to run in Client mode. The IOLAN supports up to 8 client profiles for connecting to different Access Points (AP's).

IOLAN in Client Mode

graph LR
    A["Wireless Device"] --> B["Access Point"]
    B --> C["IOLAN Client Mode"]
    C --> D["Serial Devices"]
    D --> E["Server"]
    style A fill:#f9f,stroke:#333
    style B fill:#bbf,stroke:#333
    style C fill:#dfd,stroke:#333
    style D fill:#dfd,stroke:#333
    style E fill:#dfd,stroke:#333

Soft-AP Mode

In Soft-AP Mode, the IOLAN acts as an Access Point for wireless clients. Up to 6 wireless clients can connect to the IOLAN.

IOLAN in Soft-AP Mode

graph TD
    A["Wireless Devices"] --> B["Wireless Network"]
    C["Wireless Devices"] --> B
    D["Serial Devices"] --> E["Access Point"]
    F["IOLAN Soft-AP Mode"] --> E
    E --> G["Server"]
    E --> H["Printer"]
    style A fill:#f9f,stroke:#333
    style C fill:#f9f,stroke:#333
    style D fill:#f9f,stroke:#333
    style F fill:#f9f,stroke:#333
    style E fill:#ccf,stroke:#333
    style G fill:#ccf,stroke:#333
    style H fill:#ccf,stroke:#333

Back to Back IOLANs

In Back to Back Mode, one IOLAN is configured in Soft-AP Mode (AP) and the second IOLAN is configured in Client Mode. Selecting the WLAN tab will allow you to:

Back to Back IOLANs (one in Soft-AP Mode and the other in Client Mode)

graph TD
    A["Wireless Devices"] -->|Wireless Network| B["IOLAN Soft-AP Mode"]
    C["Serial Devices"] --> D["Access Point"]
    B --> E["IOLAN Client Mode"]
    D --> E
    E --> F["Server"]
    style A fill:#f9f,stroke:#333
    style C fill:#f9f,stroke:#333
    style B fill:#ccf,stroke:#333
    style E fill:#ccf,stroke:#333
    style D fill:#ccf,stroke:#333

• set the WLAN parameters
• add/edit and delete profiles
• configure Soft-AP mode

Region Select your wireless region.

Values: eu, japan, us-canada

Default: us-canada

WPS Enabled (in Soft-The WPS button can be used in Soft-AP mode to facilitate the connection of AP mode) wireless clients

WLAN Profiles

A WLAN profile defines all the settings necessary to establish a wireless connection with an Access Point. You can defined up to 8 client profiles on the IOLAN. Associations with AP's in WPS mode will be automatically added by the IOLAN as profile (priority 1).

Connect Priority

The connect priority order (1 being the highest) in which the IOLAN will attempt an association with AP's that match the SSID in the profile. If there are duplicate priority entries in the table, the IOLAN will connect to the duplicate entry with the most optimal AP based on signal strength and security type.

Values: 1-8

Default: 1

Profile Name Enter the name for this profile.

Values: 1-32 characters, no spaces allowed

Network Name (SSID) Specify an SSID (network name).

Values: max of 32 characters (no spaces allow)

Default: none or auto-created SSID

Radio Band

The IOLAN can operate over 2.4GHz or 5GHz. To support connections to both bands use 2.4+5.

Values: 2.4, 5, 2.4+5

Default: 2.4+5 (dual-band)

Scan DFS Channel

The IOLAN supports DFS. When connected to an AP that is using Dynamic Frequency Selection, it will respond to the specific protocol requests. When scanning channels for AP's the IOLAN provides the option of skipping the DFS protected channels.

Values: off or on

Default: on (applies to 5GHz mode only)

Hidden SSID

If this profile is defined to connect to an AP that has a hidden SSID then this option must be enabled. This will force the IOLAN to send a directed probe to this AP with the specified SSID in order to discover it and determine the channel that it is using.

Values: off or on

Default: off

Security

Depending on the security type selected, some encryption types, authentication methods and authentication methods may not be supported. See table below for valid combinations.

Wepkey 1-4 Enter a wep key.

Values: (5 or 13 characters) or (10 or 26 hexadecimal digits)

TX-key index Select the TX key index to use.

Values: 1-4.

Username Specify a username to identify the IOLAN to the Radius server.

Values: max of 254 characters

Default: none

Password Specify a password to identify the IOLAN to the Radius server.

Values: max of 128 characters

Default: none

Validate server certificate

Enable this option if you want the Radius server to validate that the IOLAN's server's certificate has been signed by a SSL/TLS certificate authority (CA). If you enable this option, you need to download an SSL/TLS certificate authority (CA) list file to the IOLAN.

Values: yes or no

Default: no

Soft-AP Mode Parameters

WWAN (only applies to certain models)

Connecting to a WWAN Network

graph TD
    A["Cellular Tower"] -->|Signal| B["Serial Devices"]
    A -->|Signal| C["Wireless Devices"]
    D["Internet"] --> E["Wireless Devices"]
    F["Mobile Device"] --> G["Server"]
    H["Desktop"] --> I["Server"]
    style A fill:#f9f,stroke:#333
    style B fill:#ccf,stroke:#333
    style C fill:#ccf,stroke:#333
    style D fill:#cfc,stroke:#333
    style E fill:#fcc,stroke:#333
    style F fill:#fcc,stroke:#333
    style G fill:#fcc,stroke:#333
    style H fill:#fcc,stroke:#333
    style I fill:#fcc,stroke:#333

Enable

Selecting this option will enable your IOLAN to connect to your cellular network.

APN

Enter the Access Point Name (APN). The APN will use this information to identify the packet data network (PDN) that mobile data devices want to communicate with. In addition to identifying a PDN, an APN may be used to define the type of service. It can assigned an IP address to the wireless device, which security methods should be used and how or if it should be connected to a customer private network.

Examples of APNs:

• three.co.uk
• internet.t-mobile
  • m 2 minternet.apn

Authentication

If required by your PDN, enter the authentication method to use.

Data Options: None, PAP, CHAP

Default: None

Username If required, enter the username to use for this connection.

Data options: 0-127 characters

Password If required, enter the password to use for this connection.

Data Options: 0-127 characters

Pin

Enter a Pin if your SIM card has a PIN enabled, this will allow you to connect to the SIM card.

Note: The IOLAN does not have the capability to set a Pin number on your SIM card.

Value: 8 characters

Radio Access

Select the radio access technology you will use to connect to the network.

Technology

Data Options: Auto, LTE, 3G, 2G

Default: auto

Obtain DNS servers from the network

Allow the network to provide the IOLAN with the addresses of DNS servers on the network.

Data Options: on or off

Default: on

Host Table

The Host table contains the list of hosts that will be accessed by an IP address or Fully Qualified Domain Name (FQDN) from the IOLAN. This table will contain a symbolic name for the host as well as its IP address or FQDN. When a host entry is required elsewhere in the configuration, the symbolic name will be used. You can configure up to 100 hosts using IPv4 or IPv6 internet addresses.

Host Name

The name of the host. This is used only for the IOLAN configuration.

Field Format: Up to 14 characters, no spaces.

IP Address The host's IP address.

Field Format: IPv4 or IPv6 address

Fully Qualified Domain Name

When you have DNS defined in the IOLAN, you can enter a DNS resolvable fully qualified domain name (note: FQDN's are excluded as accessible hosts when IP Filtering is enabled).

Field Format: Maximum 254 alphanumeric characters

IP Filtering

The IP Filtering Host table allows you to configure a table to customize how traffic to and from the IOLAN will be filtered.

IP Filtering

You can allow all IP traffic to and from the IOLAN. This is the default configuration.

Define traffic based on below criteria

This is a security feature that allows you to defined traffic to/from hosts defined within the IOLAN Host table or IP traffic based on address ranges.

IP Filtering on Host Table

This is a security feature that allows you to defined traffic to/from hosts defined only within the IOLAN Host table.

IP Filtering on Address Ranges

This is a security feature that allows you to define IP address ranges for traffic to/from the IOLAN. The IOLAN will only accept data from or send data to hosts configured within these IPv4 address ranges. You can define up to 6 IP traffic to/from address ranges.

Routes

Entering routes in the routing list enables the identification of gateways to be used for accessing specific hosts or external networks from the IOLAN's local network.

There are three types of routes:

• Default—A route that provides general access beyond your local network.
• Host—A route defined for accessing a specific host external to your local network.
  • Network—A route defined for accessing a specific network external to your local network.

You can specify up to 49 routes on the IOLAN. Two types or gateways (method of accessing specific hosts or external networks) can be configured.

• Host—Specify a specific host that will provide access to the route destination.
• Interface—Specify the IPv6 tunnel, Remote Access (PPP)-defined serial port, or remote Access (SLIP)-defined serial port that will provide access to the route destination.

Adding/Editing Routes

From the Route List tab, if you select the Add or Edit button, you will be able to add a new or edit an existing route.

Type Specify the type of route you want to configure.

Data Options:

• Host—A route defined for accessing a specific host external to your local network.
• Network—A route defined for accessing a specific network external to your local network.
• Default—A route which provides general access beyond your local network.

Default: Default

IP Address When the route

route Type is defined as Host, this field will contain the IP address of the host. If the route Type is defined as Network, the network portion of the IP address must be specified and the Host port of the address will be set to 0. Example: to access network 10.10.20, the address 10.10.20.0 would be specified in this field. Format: IPv4 or IPv6 address

IPv4 Subnet Mask When the route is a

Network route, you must specify the network's subnet mask.

IPv6 Prefix Bits

If the IP address is IPv6, then you must specify the network's prefix bits. Range: 0-128

Host

Select this option when a host is being used as the route gateway. Default: Enabled, None

Interface

The Interface list is comprised of configured IPv6 tunnels and serial ports defined for Remote Access (PPP) and Remote Access (SLIP) profiles. Select this option when you want to use the specified interface as the gateway to the destination. Field Option(s): IPv6 tunnels, Remote Access (PPP) and Remote Access (SLIP) serial ports Default: Disabled

DNS/WINS

You can configure WINS servers for PPP-client name resolution and DNS servers for PPP-client name resolution and IOLAN host name resolution.

You can configure up to four DNS and four WINS servers. If you specified a DNS and/or WINS server on the Network, IP Settings tabs (either IPv4 or IPv6), it will be automatically entered into the appropriate list. If the DNS and/or WINS server is provided by a DHCP server, these will NOT be viewable in the list, however, you can add DNS and/or WINS servers to supplement the DHCP supplied server.

Editing/Adding DNS/WINS Servers

DNS IP Address You can configure up to four DNS servers.

Field Format: IPv4 or IPv6 address

WINS IP Address You can configure up to four WINS servers.

Field Format: IPv4 address

RIP

The Routing Information Protocol (RIP) is a routing protocol used with almost every TCP/IP implementation. Its function is to pass routing information from a router or gateway to a neighboring router(s) or gateway(s). RIP messages contain information about destinations which can be reached and the number of hops which are required. The hop-count is the basic metric of RIP and so RIP is referred to as a “distance vector protocol”. RIP messages are carried in UDP datagrams.

You can configure RIP to selectively advertise networks remotely connected via a SLIP/PPP link on the Ethernet connection, and pass RIP routing information to remotely connected clients. As this can be undesirable in some environments, this behavior can be configured and is defaulted to the non-routing behavior.

Transmission and reception of Routing Information Protocol (RIP) packets over PPP and SLIP connections can be configured on a per user basis or on a per serial port basis.

The Routing parameter can be configured:

• On Advanced tab for Remote Access (PPP) and Remote Access (SLIP) profiles configured for a serial port to determine the exchange of RIP packets between the IOLAN and remotely connected users connected from the serial side.
• O n Servibestab for each local user to determine the exchange of RIP packets between the IOLAN and remotely connected users connected from the serial side.
• By the RADIUS server for users authenticated by RADIUS, the RADIUS-defined Framed-Routing parameter determines the exchange of RIP packets.

There are four options for setting the Routing parameters:

• None—Routing information is not exchanged across the link. This is the default setting for a line and a locally defined user.
• Send—Routing information is only transmitted to the remote user.
• Listen—Routing information is only received from the remote user.
• Send and Listen—Routing information is transmitted to and received from the remote user. The local User Routing parameter or RADIUS Framed-Routing parameter, if set, override the serial port Routing parameter for a connection.

Authentication Method

Specify the type of RIP authentication.

Data Options:

• None—No authentication for RIP.
• Password—Simple RIP password authentication.
• MD5—Use MD5 RIP authentication.

Default: None

Password

Specify the password that allows the router tables to be updated.

Confirm Password Retype in the password to verify that you typed in it correctly.

Dynamic DNS

Dynamic DNS Service providers enable users to access a server connected to the internet that has been assigned a dynamic IP address. The IOLAN product line has built-in support for the DynDNS.com service provider. Refer to www.DynDNS.com for information on setting up an account.

When the IOLAN is assigned a dynamic IP address, it will inform the DynDNS.com service provider of its new IP address. Users can then use DynDNS.com as a DNS service to get the IP address of the IOLAN. In order to take advantage of this service, the following steps need to be taken.

1. Create an account with DynDNS.com and configure the name your IOLAN will be known by on the internet (the Host name). For example, create a host name such as yourcompanySCS.DynDNS.org.
2. Enable the Network Dynamic DNS feature and configure the IOLAN's dynamic DNS parameters to match the Host's configuration on the DynDNS.com server. Every time the IOLAN gets assigned a new IP address, it will update DynDNS.com with the new IP address.
3. Users accessing the IOLAN via the internet can now access it via its fully qualified host name. For example, telnet yourcompanySCS.DynDNS.org.

Enable Dynamic DNS for the system Enables/disables the dynamic DNS feature. When Dynamic DNS is enabled, the IOLAN will automatically update its IP address with DynDNS.org if it changes. Default: Disabled

Service Provider DynDns.org

Registered Host Name Specify the registered hostname with DynDNS.org that will be updated with the IOLAN's IP address should it change. Put in the full name; for example, mydeviceserver.dyndns.org.

User Name Specify the user name used to access the account set up on the DynDNS.org server.

Password Specify the password used to access the account set up on the DynDNS.org server.

Dynamic DNS Account Settings

Enter the information about your DynDNS.com account so the IOLAN can communicate IP address updates. These settings are global and apply to all Dynamic DNS settings.

System Type Specify how your account IP address schema was set up with DynDNS.org. Refer to www.DynDNS.org for information about this parameter. Data Options: Dynamic, Static, Custom Default: Dynamic

Wildcard Adds an alias to *.yourcompanySCS.dyndns.org pointing to the same IP address as entered for yourcompanySCS.dyndns.org.

Connection Method Specify how the IOLAN is going to connect to the DynDNS.org server.

Data Options:

• HTTP
• HTTP through Port 8245
• HTTPS—for a secure connection to the DynDNS server

Default: Disabled

HTTPS Configuration

Cipher Suite Button Launches the cipher information window so you can specify the type of encryption that will be used for data that is transferred between the DynDNS.org server and the IOLAN. You can specify up to five cipher groups.

Validation Criteria See Validation Criteria for more information.

Validation Criteria

If you choose to configure validation criteria, the information in the peer SSL/TLS certificate must match exactly the information configured in this window in order to pass peer authentication and create a valid SSL/TLS connection.

Note: Some combinations of cipher groups may not be available on some firmware versions.

Email

An entry for an email address; for example, acct@anycompany.com. This field is case sensitive in order to successfully match the information in the peer SSL/TLS certificate.

Data Options: Maximum 64 characters

IPv6 Tunnels

IPv6 tunnels transport IPv6 data packets from one IPv6 network to another IPv6 network over an IPv4 network. In addition to creating the IPv6 tunnel, you must also create the route that will transport the data packets through the IPv4 network in the Route List (see route list more information).

Adding/Editing an IPv6 Tunnel

When you add/edit an IPv6 tunnel, you are determining how an IPv6 message will reach an IPv6 device through an IPv4 network.

Name The name of the IPv6 tunnel.

Field Format: Maximum 16 alphanumeric characters

Default: ipv6_tunnel1

Mode The method or protocol that is used to create the IPv6 tunnel.

• Manual—When enabled, the IOLAN will manually create the IPv6 tunnel to the specified Remote Host through the specified Interface.
• 6to4—When enabled, the IOLAN will broadcast to the multi-cast address 192.88.99.1 through the specified Interface. When the closest 6to4 router responds, it will create the IPv6 tunnel, encapsulating and decapsulating IPv6 traffic sent to and from the IOLAN.
• Teredo—When enabled, the Teredo protocol encapsulates the IPv6 packet as an IPv4 UDP message, allowing it to pass through most network address translator (NAT) boxes and create an IPv6 tunnel to the specified Remote Host (a Teredo server) through the specified Interface.

Default: Manual

Remote Host

The IPv4 host that can access the IPv6 network when the Mode is Manual.

The Teredo server when the Mode is Teredo.

Default: None

Interface

The interface that the IOLAN is going to use to access the Remote Host. The list is comprised of the Ethernet interface(s) and serial ports configured for the Remote Access (PPP) or Remote Access (SLIP) profiles.

Default: Ethernet 1

Serial Ports

Each IOLAN serial port can be connected to a serial device. As you select the different serial port profiles, a short description and a picture representing a typical application of the profile is displayed. Each serial port can then be configured according to a serial port profile that coincides with the serial device attached to that serial port and how the serial device is accessed/used.

When you select the Serial (Ports) navigation option, you will see a list with the number of serial ports on your IOLAN. To configure/change a serial port, select the Edit button. From the top of the screen select the Profile Change button, then select the appropriate profile for the serial port. Select Apply to save your changes. The serial port profile configuration options will be displayed.

Configuring Serial Ports

The Serial section is used to configure the serial ports on your IOLAN. The following configuration windows are available:

• Serial Ports—Configures the type of connection that the serial port is being used for. This is accomplished by selecting a connection profile and then configuring the applicable parameters for that profile. See Serial Profiles for more information
• Port Buffering—Configures serial port data buffering preferences. See Port Buffering General Parameters for more information.
• Advanced—Configures those parameters that are applicable to specific environments. You will find modem and TruePort configuration options, in addition to others, here. See Serial Settings Advanced Parameters
• SSL/TLS—Configure SSL/TLS encryption options for the serial port. See SSL/TLS Settings

Serial Profiles

Some serial profiles/parameters may not be available on some models of the IOLAN. IOLANs with USB only serial interfaces will support the Console Management, Trueport, TCP sockets and Custom App/Plugin profiles*.

The following are the serial profiles:

- *Console Management—The Console Management profile configures a serial port to provide network access to a console or administrative port. This profile sets up a serial port to support a TCP socket that listens for a Telnet or SSH connection from the network.

See Console Management General Parameters.

- *TruePort—The TruePort profile configures a serial port to connect network servers or workstations running the TruePort software to a serial device as a virtual COM port. This profile is ideal for connecting multiple serial ports to a network system or server.

See Trueport General Parameters.

- *TCP Sockets—The TCP Sockets profile configures a serial port to allow a serial device to communicate over a TCP network. The TCP connection can be configured to be initiated from the network, a serial device connected to the serial port, or both. This is sometimes referred to as a raw connection or a TCP raw connection. See TCP Sockets General Parameters.

- UDP Sockets—The UDP Sockets profile configures a serial port to allow communication between the network and serial devices connected to the IOLAN using the UDP protocol. See UDP Sockets General Parameters

- Terminal—The Terminal profile configures a serial port to allow network access from a terminal connected to the IOLAN's serial port. This profile is used to access predefined hosts on the network from the terminal.

See Terminal Profile Parameters.

- Printer—The Printer profile configures a serial port to support a serial printer that can be accessed by the network.

• Serial Tunneling—The Serial Tunneling profile configures a serial port to establish a virtual link over the network to a serial port on another IOLAN. Both IOLAN serial ports must be configured for Serial Tunneling (typically one serial port is configured as a Tunnel Server and the other serial port as a Tunnel Client). See Serial Tunneling General Parameters.
• Virtual Modem—The Virtual Modem profile configures a serial port to simulate a modem. When the serial device connected to the IOLAN initiates a modem connection, the IOLAN stats up a TCP connection to the other IOLAN configured with a virtual Modem serial port or to a host running a TCP application.
• Modbus Gateway—The Modbus Gateway profile configures a serial port to act as a Modbus Master Gateway or a Modbus Slave Gateway. See Modbus General Parameters.
• Power Management—The Power Management Profile configures a serial port to communicate with a Remote Power Switch's (RPS) administration port. This allows network access to the RPS and permits access to statistics and control of the RPS's power plugs.
• PPP—The Remote Access (PPP) profile configures a serial port to allow a remote user to establish a PPP connection to the IOLAN's serial port. This is typically used with a modem for dial-in or dial-out access to the network.
• Slip—The Remote Access (SLIP) Profile configures a serial port to allow a remote user to establish a SLI P connection to the IOLAN's serial port. This is typically used with a modem for dial-in and dial-out access to the network.
• *Custom Application/Plugin—The Custom Application/Plugin profile configures a serial port to run a custom application or IOLAN plugin. After you download the custom application files and specify the application name and any parameters you want to pass to it, the IOLAN will execute the application when the serial port is started. See Custom Application General Parameters.

Common Serial Port Profiles

There are several functions that are common to more than one profile.

These functions are:

• Hardware—Configure the physical serial line parameters. See Serial Port Hardware Parameters
• Email Alert—Email Alert
• Packet Forwarding—Configure data packet parameters. Packet Forwarding
• SSL/TLS—Configure SSL/TLS encryption options for the serial port. See SSL/TLS Settings

Serial Port Hardware Parameters

The Hardware tab configures all the serial port hardware connection information. Your Hardware tab might display a subset of the parameters described, depending on the IOLAN model and supported hardware.

Serial Interface

Specifies the type of serial line that is being used with the IOLAN.

Data Options: EIA-232, EIA-422, EIA-485, USB

Rolled (DTE)/Straight Specifies the type of serial cable that you will need to use when connecting to this (DCE) RS232 serial port.

Default: Straight

Speed

Specifies the baud rate of the serial line; keep in mind that speed is affected by the length of the cable. You can also specify a custom baud rate. When you enter a custom baud rate, the IOLAN will calculate the closest baud rate available to the hardware. The exact baud rate calculated can be viewed in the Serial Ports statistics.

Range: 300-230400, custom supports 300-1843200

Default: 9600

Data Bits Specifies the number of bits in a transmitted character.

Default: 8

(5 databits is only supported with 2 stop bit).

Parity

Specifies the type of parity being used for the data communication on the serial port. If you want to force a parity type, you can specify Mark for 1 or Space for 0.

Data Options: Even, Odd, Mark, Space, None

Default: None

Stop Bits Specifies the number of stop bits that follow a byte.

Data Options: 1, 2

Default: 1

Flow Control Defines whether the data flow is handled by the software ( Soft), hardware (Hard),

Both, or None. If you are using SLIP, set to Hard only. If you are using PPP, set to either Soft or Hard (Hard is recommended). If you select Soft with PPP, you must set the ACCM parameter when you configure PPP for the Serial Port.

Data Options: Soft, Hard, Both, None

Default: None

Enable RTS-Toggle

Configure the Toggle RTS Feature if your application needs for RTS to be raised during character transmission.

Initial delay: configure the time (in ms) between the time the RTS signal is raised and the start of character transmission. This delay only applies if this port is not running hardware flow control. If hardware flow control is used, the transmission will occur as soon as CTS is raised by the modem.

Final delay: configure the time (in ms) between the time of character transmission and when RTS is dropped.

Initial delay range: 0-1000 ms

Final delay range: 0-1000 ms

Default: Off

Enable Inbound Flow Determines if input flow control is to be used.

Control

Default: Enabled

Enable Outbound

Determines if output flow control is to be used.

Flow Control

Default: Enabled

Copying a Serial Port

Once you configure a serial port, you can copy the serial port settings to other serial ports of the same type by selecting Copy, then select the Serial Port(s) to copy to current configuration, select the Ok button, then the Apply button.

Resetting a Serial Port

To reset a serial port from the WebManager, select Administration, Serial Port(s), Reset.

Email Alert

Email notification can be set at the Server and/or serial port levels. You can set unique email notifications for each serial port because the person who administers the IOLAN might not be the same person who administers the serial device(s) attached to the IOLAN port. Therefore, email notification can be sent to the proper person(s) responsible for the hardware.

The following event triggers an email notification on the Serial Port for the specified Level:

• DSR signal loss, Warning Level

Packet Forwarding

The Packet Forwarding tab can be used to control/define how and when serial port data packets are sent from the IOLAN to the network.

SSL/TLS Settings

You can create an encrypted connection using SSL/TLS for the following profiles: TruePort, TCP Sockets, Terminal (the user's Service must be set to SSL_Raw), Serial Tunneling, Virtual Modem, and Modbus. When you enable this feature, it will automatically use the global SSL/TLS settings (configured on Security, SSL/TLS), although you can configure unique SSL/TLS settings for the serial port.

When configuring SSL/TLS, the following configuration options are available:

• You can set up the IOLAN to act as an SSL/TLS client or server.
• There is an extensive selection of SSL/TLS ciphers that you can configure for your SSL/TLS connection; see Valid SSL/TLS Ciphers for a list of SSL/TLS ciphers.

- You can enable peer certificate validation, for which you must supply the validation criteria that was used when creating the peer certificate (this is case sensitive, so keep that in mind when enabling and configuring this option).

Note: Some combinations of cipher groups are not available on FIPS firmware versions.

See: Network Filtering for information about SSL/TLS support documents.

Validation Criteria

If you choose to configure validation criteria, the information in the peer SSL/TLS certificate must match exactly the information configured in this window in order to pass peer authentication and create a valid SSL/TLS connection.

Country A country code; for example, US. This field is case sensitive in order to successfully match the information in the peer SSL/TLS certificate. Data Options: Two characters

State/Province An entry for the state/province; for example, IL. This field is case sensitive in order to successfully match the information in the peer SSL/TLS certificate. Data Options: Maximum 128 characters

Locality An entry for the location; for example, Chicago. This field is case sensitive in order to successfully match the information in the peer SSL/TLS certificate. Data Options: Maximum 128 characters

Organization An entry for the organization; for example, Accounting. This field is case sensitive in order to successfully match the information in the peer SSL/TLS certificate. Data Options: Maximum 64 characters

Organization Unit An entry for the unit in the organization; for example, Payroll. This field is case sensitive in order to successfully match the information in the peer SSL/TLS certificate. Data Options: Maximum 64 characters

Common Name An entry for common name; for example, the host name or fully qualified domain name. This field is case sensitive in order to successfully match the information in the peer SSL/TLS certificate. Data Options: Maximum 64 characters

Email An entry for an email address; for example, acct@anycompany.com. This field is case sensitive in order to successfully match the information in the peer SSL/TLS certificate. Data Options: Maximum 64 characters

Console Management Profile

The Console Management profile provides access through the network to a console or administrative port of a server or router attached to the IOLAN's serial port. This profile configures the IOLAN's serial port to set up a TCP socket that will listen for a Telnet or SSH connection from the network.

Use the Console Management profile when you are configuring users who need to access a serial console port from the network.

graph LR
    A["Server/Router"] -->|Serial Console Port| B["IOLAN"]
    B -->|Connect| C["Network"]
    C --> D["Administrator"]

Console Management General Parameters

Select Serial Port, highlight the serial port you want to change, select Edit to configure how the serial port will be accessed by the user through the network, then Apply.

Console Management Advanced Parameters

The Console Management Advanced tab configures serial port options that may be required by certain applications.

Authenticate User Enables/disables login/password authentication for users connecting from the network.

Default: Disabled

Enable TCP Keepalive Enables a per-connection TCP keep-alive feature. After the configured number of seconds, the connection will send a gratuitous ACK to the network peer, thus either ensuring the connection stays active OR causing a dropped connection condition to be recognized.

This parameter needs to be used in conjunction with Monitor Connection Status Interval parameter found in the Serial, Advanced, Advanced Settings tab. The interval specifies the inactivity period before "testing" the connection. It should be noted that if a network connection is accidentally dropped, it can take as long as the specified interval before anyone can reconnect to the serial port.

Default: Disabled

Enable Message of Enables/disables the display of the message of the day.

the Day (MOTD) Default: Disabled

Enable Microsoft Special Administer Console (SAC) When enabled, a user can access SAC (the interface of the Microsoft Emergency Management Systems utility) through EasyPort Web when the IOLAN's serial port is connected to a Microsoft Server 2003 or Microsoft Server 2008 host.

support Default: Disabled

Multisessions The number of extra network connections available on a serial port, in addition to the single session that is always available. Enabling multisessions will permit multiple users to monitor the same console port. The maximum number of multisessions would be 101 sessions. Each user monitoring the port can be assigned different privileges to this port.

Default: 0

Session Timeout Use this timer to forcibly close the session/connection when the Session Timeout expires.

Default: 0 seconds so the port will never timeout

Range: 0-4294967 seconds (about 49 days)

Idle Timer Use this timer to close a connection because of inactivity. When the Idle Timeout expires, the IOLAN will end the connection.

Range: 0-4294967 seconds (about 49 days)

Default: 0 seconds so the port will never timeout

Break Handling Specifies how a break is interpreted.

Data Range:

• None—The IOLAN ignores the break key completely and it is not passed through to the host.
• Local—The IOLAN deals with the break locally. If the user is in a session, the break key has the same effect as a hot key.
• Remote—When the break key is pressed, the IOLAN translates this into a telnet break signal which it sends to the host machine.
• Break Interrupt—On some systems such as SunOS, XENIX, and AIX, a break received from the peripheral is not passed to the client properly. If the client wishes to make the break act like an interrupt key (for example, when the stty options -ignbrk and brkintr are set).

Default: None

Session Strings

Controls the sending of ASCII strings to serial devices at session start and session termination as follows;

• Send at Start - If configured, this string will be sent to the serial device on power-up of the IOLAN, or when a kill line command is issued on this serial port. If the "monitor DSR" or "monitor DCD" options are set, the string will also be sent when the monitored signal is raised.
• Range: 0-127 alpha-numeric characters. Non printable ascii characters must be entered in this format <027>. The decimal numbers within the brackets must be 3 digits long (example 003 not 3).
• Send at End - If configured, this string will be sent to the serial device when the TCP session on the LAN is terminated. If multi-host is configured, this string will only be send in listen mode to the serial device when all multi-host connections are terminated.
• Range: 0-127 alpha-numeric characters. Non printable ascii characters must be entered in this format <027>. The decimal numbers within the brackets must be 3 digits long (example 003 not 3).
• Delay after Send—If configured, a delay time is sent to the device. This delay can be used to provide the serial device with time to process the string before the session is initiated.

Range: 0-65535 ms

Default: 10 ms

Dial In

If the console port is remote and will be dialing in via modem or ISDN TA, enable this parameter.

Default: Disabled

Dial out

If you want the modem to dial a number when the serial port is started, enable this parameter.

Default: Disabled

Dial Timeout

The number of seconds the IOLAN will wait to establish a connection to a remote modem.

Range: 1-99

Default: 45 seconds

Phone The phone number to use when

Dial Out is enabled.

Trueport Profile

Trueport is a COM Port redirector that is supplied with the IOLAN. TruePort can be installed as a client on a Workstation or Server and supports a variety of operating systems. It, in conjunction with the IOLAN, emulates a local serial port (COM port), to the application, to provide connectivity to a remote serial device over the network. The TruePort profile operates in conjunction with the TruePort software.

Trueport an be run in two modes (these modes will be set on the client software when it is configured):

• TruePort Full mode—This mode allows complete device control and operates as if the device was directly connected to the Workstation/Server's local serial port. It provides a complete COM port interface between the attached serial device and the network. All serial controls, baud rate control, etc., are sent to the IOLAN and replicated on its associated serial port.
• TruePort Lite mode—This mode provides a simple raw data interface between the application and the remote serial port. Although the port will still operate as a COM port, control signals are ignored. In this mode, the serial communications parameters must be must be configured on the Trueport Profile.

See the TruePort User's Guide for more details about the TruePort client software

graph LR
    A["Serial Device"] --> B["IOLAN"]
    B --> C["Network"]
    C --> D["Serial Application with TruePort Client"]
    style C fill:#f9f,stroke:#333
    note1["Client-Initiated Connection"] --> C
    note2["Server-Initiated Connection"] --> C

Trueport General Parameters

The TruePort General tab determines how the TruePort connection is initiated and then sets up the appropriate connection parameters.

Connect to Remote System (Server- When enabled, the IOLAN initiates communication to the TruePort client. Default: Enabled

Host Name The configured host that the IOLAN will connect to (must be running TruePort). Default: None

TCP Port The TCP Port that the IOLAN will use to communicate through to the TruePort client. 10001 for serial port 1, then increments by one for each serial port

HTTP Tunnel Specify the HTTP tunnel to be used for this connection.

Connect to Multiple Hosts When enabled, the IOLAN will establish a connection to multiple clients (Hosts). When using the multiple hosts feature, all TruePort clients must be running in Lite mode. Default: Disabled

TCP Port

Specify the TCP port that the IOLAN will use to communicate to the Backup Host.

Default: 10000

Adding/Editing a Multi-host Entry

When you select the Add or Edit button, the Host Entry window appears. The hosts in the multi-host list must already be defined. If you add a host that was defined with its fully qualified domain name (FQDN), it must be resolvable by your configured DNS server.

Host

Specify the preconfigured host that will be in the multi-host list.

Default: None

TCP Port

Specify the TCP port that the IOLAN will use to communicate to the Primary Host.

Default: 1000 + serial port number -1

Trueport Advanced Parameters

The TruePort Advanced tab determines how the TruePort connection is initiated and then sets up the appropriate connection parameters.

Signals high when not under TruePort client control

This option has the following impact based on the state of the TruePort connection:

- TruePort Lite Mode—When enabled, the EIA-232 signals remain active before, during, and after the TruePort connection is established. When disabled, the EIA-232 signals remain inactive during and after the Trueport connection is established.

- TruePort Full Mode—When enabled, the EIA-232 signals remain active before and after the TruePort connection and the TruePort client will control the state of the signals during the established TruePort connection. When disabled, the EIA-232 signals remain inactive before and after the TruePort connection and the TruePort client will control the state of the signals during the established TruePort connection.

Default: Enabled

Enable Message the Day (MOTD)

Enables/disables the display of the message of the day.

Default: Disabled

Enable TCP Keepalive

Enables a per-connection TCP keep-alive feature. After the configured number of seconds, the connection will send a gratuitous ACK to the network peer, thus either ensuring the connection stays active OR causing a dropped connection condition to be recognized.

This parameter needs to be used in conjunction with Monitor Connection Status Interval parameter found in the Serial, Advanced, Advanced Settings tab. The interval specifies the inactivity period before "testing" the connection.

Note: If a network connection is accidentally dropped, it can take as long as the specified interval before anyone can reconnect to the serial port.

Default: Disabled

Phone The phone number to use when

Dial Out is enabled.

TCP Sockets Profile

The TCP Socket profile allows for a serial device to communicate over a TCP network. The TCP connection can be initiated from a host on the network and/or a serial device. This is typically used with an application on a Workstation or Server that communicates to a device using a specific TCP socket. This is often referred to as a RAW connection.

The TCP Sockets profile permits a raw connection to be established in either direction, meaning that the connection can be initiated by either the Workstation/Server or the IOLAN.

graph LR
    A["Serial Device"] --> B["IOLAN"]
    B --> C["Server-Initiated Connection"]
    C --> D["Client-Initiated Connection"]
    D --> E["Network"]
    E --> F["Serial Application with TruePort Client"]

TCP Sockets General Parameters

Listen for Connection When enabled, the IOLAN listens for a connection to be established by the Workstation/Server on the network. Default: Enabled

TCP Port The TCP port that the IOLAN will use to listen for incoming connections. Default: 10000 plus the serial port number, so serial port 5 would have a default of 10005

HTTP Tunnel Specify the HTTP tunnel to be used for this connection.

Allow Multiple Hosts to Connect When this option is enabled, multiple hosts can connect to the serial device that is connected to this serial port. Default: Disabled

Enable IP Aliasing Enables/disables the ability to access a serial device connected to the serial port by an IP address (or host name that can be resolved to the Internet Address in a DNS network) instead of the IOLAN's IP address and port number. Default: Disabled

IP Address Users can access serial devices connected to the IOLAN through the network by the specified Internet Address (or host name that can be resolved to the Internet Address in a DNS network). Field Format: IPv4 or IPv6 Address

Connect To When enabled, the IOLAN initiates communication to the Workstation/Server. Default: Disabled

Adding/Editing Additional Hosts

You can define a list of hosts that the serial device will communicate to or a primary/backup host.

Adding/Editing a Multi-host Entry

When you select the Add or Edit button, the Host Entry window appears. The hosts in the multi-host list must already be defined (see Host Table to learn how to create a host). If you add a host that was defined with its fully qualified domain name (FQDN), it must be resolvable by your configured DNS server. Configure the following parameters:

Host Specify the preconfigured host that will be in the multi-host list. Default: None

TCP Port Specify the TCP port that the IOLAN will use to communicate to the Host. Default: 0

TCP Sockets Advanced Parameters

Authenticate User Enables/disables login/password authentication for users connecting from the network. Default: Disabled

Enable TCP Keepalive Enables a per-connection TCP keep-alive feature. After the configured number of seconds, the connection will send a gratuitous ACK to the network peer, thus either ensuring the connection stays active OR causing a dropped connection condition to be recognized. This parameter needs to be used in conjunction with Monitor Connection Status Interval parameter found in the Serial, Advanced, Advanced Settings tab. The interval specifies the inactivity period before "testing" the connection. Default: Disabled

Phone The phone number to use when

Dial Out is enabled.

UDP Sockets Profile

The UDP profile configures a serial port to send or receive data to/from the LAN using the UDP protocol. When you configure UDP, you are setting up a range of IP addresses and the port numbers that you will use to send UDP data to or receive UDP data from.

When you configure UDP for LAN to Serial, the following options are available:

To send to a single IP address, leave the End IP Address field at its default value (0.0.0.0).

The IP address can be auto learned if both start/end IP address are left blank/default.

If the Start IP Address field is set to 255.255.255.255 and the End IP Address is left at its default value (0.0.0.0), the IOLAN will accept UDP packets from any source address.

graph LR
    A["Serial Device"] --> B["IOLAN"]
    B --> C["Network"]
    C --> D["Server Application (UDP Socket)"]
    C --> E["Server Application (UDP Socket)"]
    style A fill:#f9f,stroke:#333
    style B fill:#ccf,stroke:#333
    style C fill:#cfc,stroke:#333
    style D fill:#fcc,stroke:#333
    style E fill:#cff,stroke:#333
    linkStyle 0 stroke:#000,stroke-width:2px
    linkStyle 1 stroke:#000,stroke-width:2px
    linkStyle 2 stroke:#000,stroke-width:2px
    linkStyle 3 stroke:#000,stroke-width:2px
    linkStyle 4 stroke:#000,stroke-width:2px
    linkStyle 5 stroke:#000,stroke-width:2px
    linkStyle 6 stroke:#000,stroke-width:2px
    linkStyle 7 stroke:#000,stroke-width:2px
    linkStyle 8 stroke:#000,stroke-width:2px
    linkStyle 9 stroke:#000,stroke-width:2px
    linkStyle 10 stroke:#000,stroke-width:2px

Four individual entries are provided to allow you greater flexibility to specify how data will be forwarded to/from the serial device. All four entries support the same configuration parameters. You can configure one or more of the entries as needed.

The first thing you need to configure for an entry is the "Direction" of the data flow. The following options are available;

• Disabled - UDP service not enabled.
  • LAN to Serial - This setting will allow UDP data to be received from one or more hosts on the LAN and forwarded to the serial device attached to this serial port.
• Serial to LAN - This setting will allow data originating from the serial device attached to this serial port to be sent to one or more hosts on the LAN using UDP datagrams.
• Both - Allows for data to flow from the serial device to the LAN and from the LAN to the serial device.

The role of each of the configurable parameters in an entry depends on the "Direction" selected. When the direction is "LAN to Serial" the role of the additional parameters is as follow;

• Start IP Address - This is the IP address of the host from which the UDP data will originate. If the data will originate from a number of hosts, this becomes the starting IP address of a range.
• End IP Address - If you wish to receive data only from the single host defined by "Start IP address", leave this entry as is (0.0.0.0). If you wish to accept data from a number of hosts, this address will represent the upper end of a range starting from "Start IP address". Only data originating from this range will be forwarded to the serial port.
• UDP port - This is the UPD port from which the data will originate. There are three options for this parameter.
• Auto Learn - The first UDP message received will be used to define which UDP port we are going to accept UDP data from. Once learned, only data from this UDP port will be accepted. The data must also originate from a host which is in the IP range defined for this entry.
• Any Port - Any UDP port will be accepted as long as the data originates from a host in the IP range defined for this entry.

- Port - Only data originating from the UDP port configured here as well as originating from a host in the IP range defined for this entry will be accepted.

When the direction is "Serial to LAN" the role of the additional parameters is as follow;

- Start IP Address - This is the IP address of the host to which the serial data will be sent using UDP datagrams. If the serial data is to be sent to more than one host, this becomes the starting IP address of a range.

- End IP Address - If you wish to send serial data to a single host, leave this entry as is (0.0.0.0). If you wish to send the serial data to a number of hosts, this address will represent the upper end of a range starting from "Start IP Address".

- UDP port - This is the UPD port to which the serial data will be forwarded. For a direction of "Serial to LAN", you must specify the port to be used.

When the direction is "Both" the role of the additional parameters is as follow;

- Start IP Address - This is the IP address of the host to which the serial data will be sent using UDP datagrams. It is also the IP address of the host from which UDP data coming from the LAN will be accepted from. If the data is to be sent to or received from more than one host, this becomes the starting IP address of a range.

- End IP Address - If you wish to send serial data to a single host and only receive data from the single UDP host, leave this entry as is (0.0.0.0). If the data is to be sent to or received from more than one host, this address will represent the upper end of a range starting from "Start IP Address". Only data originating from this range will be forwarded to the serial port.

- UDP Port - This is the UPD port to which the serial data will be forwarded as well as the UPD port from which data originating on the LAN will be accepted from. For a direction of "Both", there are two valid option for the UDP Port as follows;

- Auto Learn - The first UDP message received will be used to define which port we are going to accept UDP data from. Once learned, only data from this UDP port will be accepted and serial data being forwarded to the LAN will be sent to this UDP port. Until the port is learned, data from the serial port intended to be sent to the LAN will be discarded.

- Port - Serial data being forwarded to the LAN from the serial device will sent to this UDP port. Only data originating from the UDP port configured here (as well as originating from a host in the IP range defined for this entry) will be forwarded to the serial device. Special values for "Start IP address"

- 0.0.0.0 - This is the "auto learn IP address" value which is valid only in conjunction with the "LAN to Serial" setting. The first UDP packet received for this serial port will set the IP address from which we will accept future UDP packets to be forwarded to the serial port. For this setting, leave the "End IP Address" as 0.0.0.0.

- 255.255.255.255 - This selection is only valid in conjunction with the "LAN to Serial" setting. It will accept all UDP packets received for this serial port regardless of the originating IP address. For this setting, leave the "End IP Address" as 0.0.0.0.

- Subnet directed broadcast - You can use the "Start IP Address" field to enter a subnet directed broadcast address. This is done by specifying the subnet address with the host portion filled with 1s. For example, if you are on the subnet 172.16.x.x with a subnet mask of 255.255.254.0 than you would specify an IP address of 172.16.1.255 (all ones for host portion). For this setting, leave the "End IP Address" as 0.0.0.0. For any "LAN to Serial" ranges you have defined for this serial port, you must ensure that IP address of this IOLAN is not included in the range. If your IP address is within the range, you will receive the data you send via the subnet directed broadcasts as data coming in from the LAN.

An example UDP configuration is described based on the following window.

The UDP configuration window, taken from the DeviceManager, is configured to:

UDP Entry 1

All UDP data received from hosts that have an IP address that falls within the range of 172.16.1.25 to 172.16.1.50 and source UDP Port of 33010 will be sent to the serial device. The IOLAN will not send any data received on its serial port to the host range defined by this entry.

UDP Entry 2

All hosts that have an IP Address that falls within the range of 172.16.1.75 to 172.16.1.80 and who listen to UDP Port 33009 will receive UDP data from the serial device. No UDP data originating from the hosts defined by this entry will be forwarded to the serial device.

UDP Entry 3

All hosts that have an IP address that falls within the range of 172.16.1.1 to 172.16.1.20 and listen to Port 33001 will be sent the data from the serial device in UDP format. The serial device will only receive UDP data from the hosts in that range with a source UDP Port of 33001. The IOLAN will listen for data on the port value configured in the Listen for connections on UDP port parameter. (10001 in above example) UDP Entry 4

This entry is disabled since Direction is set to Disabled.

UDP Sockets General Parameters

Listen for

The IOLAN will listen for UDP packets on the specified port.

connections on UDP

Default: 1000+ (for example, 10001 for serial port 1)

Port

Direction The direction in which information is received or relayed:

• Disabled—UDP service not enabled.
  • LAN to Serial—This setting will allow UDP data to be received from one or more hosts on the LAN and forwarded to the serial device attached to this serial port.
• Serial to LAN—This setting will allow data originating from the serial device attached to this serial port to be sent to one or more hosts on the LAN using UDP datagrams.
• Both—Allows for data to flow from the serial device to the LAN and from the LAN to the serial device.

Default: Both for UDP 1 and Disabled for all other UDP ranges

Start IP address

The first host IP address in the range of IP addresses (for IPv4 or IPv6) that the IOLAN will listen for messages from and/or send messages to.

Field Format: IPv4 or IPv6 address

End IP address

The last host IP address in the range of IP addresses (for IPv4, not supported for IPv6) that the IOLAN will listen for messages from and/or send messages to.

Field Format: IPv4 address

UDP Port

Determines how the IOLAN's UDP port that will send/receive UDP messages is defined:

• Auto Learn—The IOLAN will only listen to the first port that it receives a UDP packet from. Applicable when Direction is set to LAN to Serial or Both.
• Any Port—The IOLAN will receive messages from any port sending UDP packets. Applicable when Direction is set to LAN to Serial.
• Port—The port that the IOLAN will use to relay messages to servers/hosts. This option works with any Direction except Disabled. The IOLAN will listen for UDP packets on the port configured by the Listen for connections on UDP port parameter.

Default: Auto Learn

Port The UDP port to use.

Default: 0 (zero)

HTTP Tunnel

Specify the HTTP tunnel to be used for this connection.

UDP Sockets Advanced Parameters

Session Strings

Controls the sending of ASCII strings to serial devices at session start as follows;

- Send at Start—If configured, this string will be sent to the serial device on power-up of the IOLAN or when a kill line command is issued on this serial port. If the "monitor DSR" or "monitor DCD" options are set, the string will also be sent when the monitored signal is raised.

- Range: 0-127 alpha-numeric characters

- Range: hex 0-FF

- Delay after Send—If configured, will inset a delay after the string is sent to the device. This delay can be used to provide the serial device with time to process the string before the session is initiated or terminated.

- Default: 10 ms

Terminal Profile

The Terminal profile allows network access from a terminal connected to the IOLAN's serial port. This profile is used to access pre-defined hosts on the network from the terminal.

This profile can be configured for users:

• who must be authenticated by the IOLAN first and then a connection to a host can be established.
  • who are connecting through the serial port directly to a host.

graph LR
    A["Terminal"] -->|Connect| B["IOLAN"]
    B --> C["Network"]
    C --> D["UNIX/Linux System"]

Terminal Profile Parameters

Terminal Type Specifies the type of terminal connected to the line.

Data Options:

• D u m b
  • W Y S E 6 0
  • V T 1 0 0
  • ANSI
  • TVI925
• IBM3151TE
  • VT320 (specifically supporting VT320-7)
  • HP700 (specifically supporting HP700/44)
• Term1, Term2, Term3 (user-defined terminals)

Default: Dumb

Require Login When users access the IOLAN through the serial port, they must be authenticated, using either the local user database or an external authentication server.

Default: Enabled

User Service Settings Button After a user has been successfully authenticated, the IOLAN will connect to the specified host using the specified protocol according to:

• t hUser Service parameter for locally configured users
• t hDefault User Service parameter for users who are externally authenticated TACACS+/RADIUS for externally authenticated users where the target host is passed to the IOLAN

See User Services Parameters

Connect to remote system When the serial port is started, the IOLAN will initiate a connection to the specified host using the specified protocol. With this option, user authentication will not be performed by the IOLAN.

Default: Disabled

Terminal Profile Advanced Parameters

User Service Settings

Login Settings

These settings apply to users who are accessing the network from a terminal connected to the IOLAN's serial port. The Telnet, Rlogin, SSH, SLIP, PPP settings take effect when the connection method is defined in the user's profile(or are passed to the IOLAN by a RADIUS or TACACS+ server when those authentication methods are being used).

Limit Connection to User Makes the serial port dedicated to the specified user. The user won't need to enter their login name - just their password.

Initial Mode Specifies the initial interface a user navigates when logging into the serial port. Data Options: Command Line Default: Command Line

Terminal Pages The number of video pages the terminal supports. Range: 1-7 Default: 5 pages

Telnet Settings

The Telnet settings apply when the User Service is set to Telnet or the Terminal profile specifies a Telnet connection to a host.

Terminal Type Type of terminal attached to this serial port; for example, ANSI or WYSE60.

Local Echo Toggles between local echo of entered characters and suppressing local echo. Local echo is used for normal processing, while suppressing the echo is convenient for entering text that should not be displayed on the screen, such as passwords. This parameter can be used only when Enable Line Mode is enabled. Default: Disabled

Enable Line Mode When enabled, keyboard input is not sent to the remote host until pressed, otherwise input is sent every time a key is pressed. Default: Disabled

Map CR to CRLF When enabled, maps carriage returns (CR) to carriage return line feed (CRLF). Default: Disabled

Rlogin Settings

The Rlogin settings apply when the User Service is set to Rlogin or the Terminal profile has Require Login selected and specifies an Rlogin connection to a host.

Configure the following parameters:

Terminal Type Type of terminal attached to this serial port; for example, ANSI or WYSE60.

When Connect to remote system is selected, the Rlogin window requires the name of the user who is connecting to the host.

Terminal Type Type of terminal attached to this serial port; for example, ANSI or WYSE60.

User This name is passed on to the specified host for the Rlogin session, so that the user is only prompted for a password.

SSH Setting

The SSH settings apply when the User Service is set to SSH or the Terminal profile specifies an SSH connection to a host.

Note: Some combinations of cipher groups are not available on FIPS firmware versions. SSH-1 protocol is not available on FIPS firmware versions.

Terminal Type Type of terminal attached to this serial port; for example, ANSI or WYSE60.

Verbose Mode When enabled, displays debug messages on the terminal.

Default: Disabled

Enable Compression When enabled, requests compression of all data. Compression is desirable on modem lines and other slow connections, but will only slow down things on fast networks.

Default: Disabled

Strict Host Key Checking When enabled, a host public key (for each host you wish to ssh to) must be downloaded into the IOLAN.

Default: Enabled

Auto Login When enabled, creates an automatic SSH login, using the values. Name and Password

Default: Disabled

Name The name of the user logging into the SSH session.

Field Format: Up to 20 alphanumeric characters, excluding spaces

Password The user's password when Auto Login is enabled.

Field Format: Up to 20 alphanumeric characters, excluding spaces

SSH1 When enabled, selects an SSH version 1 connection.

Default: Enabled

SSH1 Cipher Select the encryption method (cipher) that you want to use for your SSH version 1 connection:

Data Options:

• 3 D E S

- Blowfish

Default: 3DES

SSH2 When enabled, selects an SSH version 2 connection. If both SSH 1 and SSH 2 are selected, the IOLAN will attempt to make an SSH 2 connection first. If that connection fails, it will attempt to connect to the specified host using SSH 1.

Default: Enabled

SSH2 Cipher Opt1-5 When the order of negotiation for the encryption method (ciphers) that the IOLAN will use for the SSH version 2 connection:

Data Options:

• 3 D E S

- Blowfish

• AES - CBC

• AES - CTR

• A E S - G C M

- Arcfour

- C A S T

- ChaCha20-Poly1305

SLIP Settings

The SLIP settings apply when the User Service is set to SLIP.

Default: 256

Authentication

The type of authentication that will be done on the link. You can use PAP or CHAP (MD5-CHAP, MS-CHAPv1 and MS-CHAPv2) to authenticate a user or client on the IOLAN. When setting either PAP and CHAP, make sure the IOLAN and the PPP peer, have the same setting. For example, if the IOLAN is set to PAP, but the remote end is set to CHAP, the connection will be refused.

Data Options:

None—no authentication will be performed.

PAP—is a one time challenge of a client/device requiring that it respond with a valid username and password. A timer operates during which successful authentication must take place. If the timer expires before the remote end has been authenticated successfully, the link will be terminated.

CHAP—challenges a client/device at regular intervals to validate itself with a username and a response, based on a hash of the secret (password). A timer operates during which successful authentication must take place. If the timer expires before the remote end has been authenticated successfully, the link will be terminated. MD5-CHAP and Microsoft MS-CHAPv1/MS-CHAPv2 are supported.

The IOLAN will attempt MS-CHAPv2 with MPPC compression, but will negotiate to the variation of CHAP, compression and encryption that the remote peer wants to use.

Default: CHAP

User Complete this field only if you have specified the Authentication field, and

PAP or CHAP (security protocols) in

• you wish to dedicate this line to a single remote user, who will be authenticated by the IOLAN, or
• you are using the IOLAN as a router (back-to-back with another IOLAN).

When Connect is set to Dial Out or both Dial In/Dial Out are enabled, the User is the name the remote device will use to authenticate a port on this IOLAN. The remote device will only authenticate your IOLAN's port when PAP or CHAP are operating. You can enter a maximum of sixteen alphanumeric characters; for example, tracy201. When connecting together two networks, enter a dummy user name; for example, DS_HQ.

Note If you want a reasonable level of security, the user name and password should not be similar to a user name or password used regularly to login to the IOLAN. External authentication can not be used for this user.

Field Format: You can enter a maximum of 254 alphanumeric characters

Password Complete this field only if you have specified the Security field and:

PAP or CHAP (security protocols) in

• you wish to dedicate this serial port to a single remote user, who will be authenticated by the IOLAN, or
• you are using the IOLAN as a router (back-to-back with another IOLAN)

Password means the following:

- With RAPnis specified, this is the password the remote device will use to authenticate the port on this IOLAN.

- With CHAP is specified, this is the secret (password) known to both ends of the link upon which responses to challenges shall be based.

Field Format: You can enter a maximum of 16 alphanumeric characters.

VJ Compression When enabled, Van Jacobson Compression is used on this link. If your user is authenticated by the IOLAN, this VJ compression value will be overridden if you have enabled the User, Enable VJ Compression parameter. If the user is authenticated by RADIUS and the RADIUS parameter Framed-Compression is set in the RADIUS file, the IOLAN will use the value in the RADIUS file in preference to the value configured here. Default: Enabled

Magic Negotiation Determines if a line is looping back. If enabled (On), random numbers are sent on the link. The random numbers should be different, unless the link loops back. Default: Disabled

IP Address Negotiation Specifies whether or not IP address negotiation will take place. IP address negotiation is where the IOLAN allows the remote end to specify its IP address. When On, the IP address specified by the remote end will be used in preference to the Remote IP Address set for a Serial Port. When Off, the Remote IP Address set for the Serial Port will be used. Default: Disabled

Dynamic DNS Button Launches the Dynamic DNS window when IP Address Negotiation is enabled, which can then update the DNS server with the IP address that is negotiated and accepted for the PPP session.

Printer Parameters

MAP CR to CR/LF Defines the default end-of-line terminator as CR/LF (ASCII carriage-return line-feed) when enabled. Default: Disabled

Printer Advanced Parameters

Session Strings Controls the sending of ASCII strings to serial device at session start as follows; - Send at Start—If configured, this string will be sent to the serial device on power-up of the IOLAN, or when a kill line command is issued on this serial port. If the "monitor DSR" or "monitor DCD" options are set, the string will also be sent when the monitored signal is raised. - Range: 0-127 alpha-numeric characters - Range: hexadecimal 0-FF - Delay after Send - If configured, will inset a delay after the string is sent to the device. This delay can be used to provide the serial device with time to process the string before the session is initiated. Default: 10 ms

Serial Tunneling Profile

The Serial Tunneling profile allows two IOLANs to be connected back-to-back over the network to establish a virtual link between two serial ports based on RFC 2217.

The serial device that initiates the connection is the Tunnel Client and the destination is the Tunnel Server, although once the serial communication tunnel has been successfully established, communication can go both ways.

graph LR
    A["Serial Device"] --> B["IOLAN"]
    B --> C["Network"]
    C --> D["IOLAN"]
    D --> E["Serial Device"]

A more detailed implementation of the Serial Tunneling profile is as follows:

graph LR
    A["Server Tunnel"] -->|IOLAN| B["IOLAN"]
    B --> C["Client Tunnel"]
    B --> D["Network"]
    D --> E["Serial"]

The Server Tunnel will also support Telnet Com Port Control protocol as detailed in RFC 2217.

graph LR
    A["Server Tunnel"] --> B["IOLAN"]
    B --> C["Network"]
    C --> D["Running 2217 Application"]

The IOLAN serial port signals will also follow the signals on the other serial port. If one serial port receives DSR then it will raise DTR on the other serial port. If one serial port receives CTS then it will raise RTS on the other serial port. The CD signal is ignored.

Serial Tunneling General Parameters

Act as Tunnel Server The IOLAN will listen for an incoming connection request on the specified Internet Address on the specified TCP Port. Default: Enabled

Listen for connection The TCP port that the IOLAN will listen for incoming connection on. on TCP Port Default: 10000+serial port number; so serial port 5 is 10005.

Act as Tunnel Client The IOLAN will initiate the connection the Tunnel Server. Default: Disabled

Establish connection to Host Name A preconfigured host name that is associated with the IP address of the Tunnel Server.

Establish connection to TCP Port The TCP port that the IOLAN will use to connect to the Tunnel Server. Default: 10000+serial port number; so serial port 1 is 10001.

HTTP Tunnel Specify the HHTP tunnel to be used for this connection.

Enable TCP Keepalive Enables a per-connection TCP keep-alive feature. After the configured number of seconds, the connection will send a gratuitous ACK to the network peer, thus either ensuring the connection stays active OR causing a dropped connection condition to be recognized. This parameter needs to be used in conjunction with Monitor Connection Status Interval parameter found in the Serial, Advanced, Advanced Settings tab. The interval specifies the inactivity period before "testing" the connection. Default: Disabled

Serial Tunneling Advanced Parameters

Break Length When the IOLAN receives a command from its peer to issue a break signal, this parameters defines the length of time the break condition will be asserted on the serial port Default: 1000ms (1 second) Delay After Break This parameter defines the delay between the termination of a break condition and the time data will be sent out the serial port. Default: 0ms (no delay).

Session Strings Controls the sending of ASCII strings to serial devices at session start and session termination as follows; - Send at Start—If configured, this string will be sent to the serial device on power-up of the IOLAN or when a kill line command is issued on this serial port. If the "monitor DSR" or "monitor DCD" options are set, the string will also be sent when the monitored signal is raised. - Range: 0-127 alpha-numeric characters - Range: hexadecimal 0-FF - Send at End—If configured, this string will be sent to the serial device when the TCP session on the LAN is terminated. If multi-host is configured, this string will only be send in listen mode to the serial device when all multi-host connections are terminated. - Range: 0-127 alpha-numeric characters - Range: hexadecimal 0-FF - Delay after Send—If configured, will inset a delay after the string is sent to the device. This delay can be used to provide the serial device with time to process the string before the session is initiated or terminated. Default: 10 ms

Virtual Modem Profile

Virtual Modem (Vmodem) is a feature of the IOLAN that provides a modem interface to a serial device. It will respond to AT commands and provide signals in the same way that a serially attached modem would. This feature is typically used when you are replacing dial-up modems with the IOLAN in order to provide Ethernet network connectivity.

The serial port will behave in exactly the same fashion as it would if it were connected to a modem. Using AT commands, it can configure the modem and the issue a dial-out request (ATTD). The IOLAN will then translate the dial request into a TCP connection and data will be begin to flow in both directions. The connection can be terminated by "hanging" up the phone line. You can also manually start a connection by typing ATD, and end the

connection by typing +++ATH. The ip_address can be in IPv4 or IPv6 formats and is the IP address of the receiver. For example, ATD123.34.23.43, 10001 or you can use ATD12303402304310001, without any punctuation (although you do need to add zeros where there are not three digits presents, so that the IP address is 12 digits long).

graph LR
    A["Serial Device (Modem Application)"] -->|Dial| B["IOLAN"]
    B --> C["Network"]
    C -->|Raw TCP Data| D["IOLAN"]
    D --> E["Serial Device (Modem Application)"]

Virtual Modem General Parameters

Listen on TCP Port

The IOLAN TCP port that the IOLAN will listen on.

Default: 10000 + serial port number (for example, serial port 12 defaults to 10012)

Connect

When enabled, automatically establishes the virtual modem connection when the serial port becomes active.

Automatically At

Default: Enabled

Startup

Host Name

The preconfigured target host name.

TCP Port

The port number the target host is listening on for messages.

Default: 0 (zero)

HTTP Tunnel Specify the HTTP tunnel to be used for this connection.

Connect Manually Via AT Command

When enabled, the virtual modem requires an AT command before it establishes a connection. Specify this option when your modem application sends a phone number or other AT command to a modem. The serial device can supply an IP address directly or it can provide a phone number that will be translated into an IP address by the IOLAN using the mapping table.

Default: Disabled

Virtual Modem Advanced Parameters

Phone Number to Host Mapping

If your modem application dials using a phone number, you can add an entry in the Phone Number to Host Mapping window that can be accessed by all serial ports configured as Virtual Modem. You need to

enter the phone number sent by your modem application and the IOLAN IP address and TCP Port that will be receiving the "call". The IOLAN supports up to 48 entries.

Virtual Modem Phone Number Entry

Create an entry in the Phone Number to Host Mapping window.

HTTP Tunnel Specify the HTTP tunnel to be used for this connection.

Modbus Gateway Profile

The Modbus Gateway profile configures a serial port to act as a Modbus Master Gateway or a Modbus Slave Gateway.

Modbus General Parameters

graph LR
    A["Modbus Master"] <--> B["IOLAN"]
    B --> C["Modbus TCP"]
    C --> D["Network"]
    D --> E["Modbus Slave"]
    D --> F["Modbus Slave"]
    G["Modbus RTU/ASCII Data"] --> B

graph LR
    A["Modbus Slave"] -->|Modbus RTU/ASCII Data| B["IOLAN"]
    C["Modbus Slave"] -->|Modbus RTU/ASCII Data| B
    D["Modbus Slave"] -->|Modbus RTU/ASCII Data| B
    B --> E["Modbus TCP"]
    E --> F["Network"]
    F --> G["Modbus/TCP Master"]

Modbus

Specify how the Modbus Gateway is defined on the serial port.

Data Options:

• Modbus Master—Typically, the Modbus Master is connected to the Serial Port and is communicating to Modbus Slaves on the network.
• Modbus Slave—Typically, the Modbus Master is accessing the IOLAN through the network to communicated to Modbus Slaves connected to the IOLAN's Serial Ports.

Default: Modbus Master Gateway

Destination Slave IP Mappings Button

Select this button to launch the Destination Slave IP Settings window, where you can configure the TCP/Ethernet Modbus Slaves that the Modbus Master on the Serial Port will communicate with.

Advanced Slave Settings Button UID Range

Select this button to configure global Modbus Slave settings.

You can specify a range of UIDs (1-247), in addition to individual UIDs.

Field Format: Comma delimited; for example, 2-35, 50, 100-103

IP Address

Set the IP address to be used for this serial port when using IP Aliasing feature.

Adding/Editing Modbus Slave IP Parameters

UID Start

When Destination is set to Host and you have sequential Modbus Slave IP addresses (for example, 10.10.10.1, 10.10.10.2, 10.10.10.3, etc.), you can specify a UID range (not supported with IPv6 addresses) and the IOLAN will automatically increment the last digit of the configured IP address. Therefore, you can specify a UID range of 1-100, and the IOLAN will route Master Modbus messages to all Modbus Slaves with IP addresses of 10.10.10.1 - 10.10.10.100.

Range: 1-247

Default: 0 (zero)

UID End When

Destination is set to Host and you have sequential Modbus Slave IP addresses (for example, 10.10.10.1, 10.10.10.2, 10.10.10.3, etc.), you can specify a UID range (not supported with IPv6 addresses) and the IOLAN will automatically increment the last digit of the configured IP address. Therefore, you can specify a UID range of 1-100, and the IOLAN will route Master Modbus messages to all Modbus Slaves with IP addresses of 10.10.10.1 - 10.10.10.100.

Range: 1-247

Default: 0 (zero)

Type Specify the configuration of the Modbus Slaves on the network.

Data Options:

• Host—The IP address is used for the first UID specified in the range. The last octet in the IPv4 address is then incremented for subsequent UID's in that range.
• Gateway—The Modbus Master Gateway will use the same IP address when connecting to all the remote Modbus slaves in the specified UID range.

Default: Host

Start IP Address The IP address of the TCP/Ethernet Modbus Slave.

Field Format: IPv4 or IPv6 address

End IP Address

Displays the ending IP address of the TCP/Ethernet Modbus Slaves, based on the Start IP address and the UID range (not supported for IPv6 addresses).

Field Format: IPv4 address

HTTP Tunnel

Specify the HTTP tunnel to be used for this connection.

Protocol

Specify the protocol that is used between the Modbus Master and Modbus Slave(s).

Data Options: TCP or UDP

Default: TCP

UDP/TCP Port

The destination port of the remote Modbus TCP Slave that the IOLAN will connect to.

Range: 0-65535

Default: 502

Modbus Slave Advanced Parameters

Power Management Profile

The Power Management profile applies when there is a Perle Remote Power Switch (RPS) connected to the serial port. This profile is used to configure the RPS. See RPS Control for information on how to actively management the RPS.

The Power Management profile configures a serial port to communicate with a Remote Power Switch's (RPS) administration port. This allows network access to the RPS and permits access to statistics and control of the RPS's power plugs.

Power Management General Parameters

RPS Name Specify a name for the RPS.

RPS Model Specify the RPS model.

Data Options: RSP820, RPS830, RPS1620, RPS1630

Default: RSP820

Edit button Highlight a plug and then select the

Edit button to configure the plug.

Power Management Advanced Parameters

Session Strings

Controls the sending of ASCII strings to serial devices at session start as follows;

- Send at Start—If configured, this string will be sent to the serial device on power-up of the IOLAN or when a kill line command is issued on this serial port. If the “monitor DSR” or “monitor DCD” options are set, the string will also be sent when the monitored signal is raised.

- Range: 0-127 alpha-numeric characters

- Range: hex 0-FF

- Delay after Send—If configured, will inset a delay after the string is sent to the device. This delay can be used to provide the serial device with time to process the string before the session is initiated or terminated.

Default: 10 ms

Editing Power Management Plug Settings

Name

Specify a name for the plug to make it easier to recognize and manage.

Power up Interval

Specify the amount of time, in seconds, that the RPS will wait before powering up a plug. This can be useful if you have peripherals that need to be started in a specific order.

Data Options: .5, 1, 2, 5, 15, 30, 60, 120, 180, 300

Default: .5 seconds

Default State Sets the default state of the plug.

Data Options: On, Off

Default: Off

Associated Port

When a server or router has its console port connected to one of the serial ports on this IOLAN and that server/router is also powered by this RPS, the server/router serial port number should be entered here. This will give you direct access to some RPS commands when managing that server or router (using Telnet or SSH).

Monitoring Power Plugs

Monitor Host

This is the host which is to be monitored via PINGs. If the host stops responding to the PINGs, the power on this plug will be cycled in an attempt to recover the host.

Default: None

Ping

• Interval -Specify the frequency (in minutes) at which the configured host will be PING'ed.
  Default - 15 minutes
• Timeout - Specify the length of time (in seconds) to wait for a reply
  Default - 60 seconds
• Retries - Specify the number of times to re-try the PING when the host does not reply. This is in addition to the original PING request.

Default - 2

Wait before cycling power

Enables a delay before cycling the power on the plug. This delay allows for the sending of notification(s) of the impending power cycle. Notifications can be sent to a user on the console port of the host being monitored and/or via email. This gives system administrators the time to take appropriate action.

Default: Disabled

- Delay—Specify a delay (in minutes) before cycling the power on the plug.

Default: 5 Minutes

Send Notification—Specify the desired notification to be sent advising of the impending power cycle.

- By Email—Send an email. Details configured in "Email Alert" tab.

- To Serial Port—Send a message to the serial port associated with this power plug. This is usually the console port on the host being monitored.

Remote Access (PPP) Profile

The Remote Access (PPP) profile configures a serial port to allow a remote user to establish a PPP connection to the IOLAN's serial port. This is typically used with a modem for dial-in or dial-out access to the network.

graph LR
    A["Laptop"] --> B["Modem"]
    B --> C["PSTN"]
    C --> D["Modem"]
    D --> E["PPP"]
    E --> F["IOLAN"]
    F --> G["Network"]
    G --> H["Server Application"]
    style A fill:#f9f,stroke:#333
    style H fill:#ccf,stroke:#333
    note right of B: Dial-In Connection

There are two options for PPP user authentication:

1. You can configure a specific user/password and a specific remote user/password per a serial port.
2. You can create a secrets file with multiple users and their passwords that will globally authenticate users on all serial ports.
3. You can use configure PPP authentication in the configuration or in the secrets file, but not both.
4. If you want to use a secrets file, you must download the secrets file to the IOLAN for CHAP or PAP authentication; the files must be downloaded to the IOLAN using the names chap-secrets and pap-secrets, respectively. The file can be downloaded to the IOLAN under the Custom Files option by selecting the Download Other File

parameter.

In the Remote Access (PPP) profile, you must also specify the Authentication option as PAP or CHAP on the Authentication tab, but must leave the User, Password, Remote User, and Remote Password fields blank.

An example of the CHAP secrets file follows:

<h1 id="secrets-for-authentication-using-chap">Secrets for authentication using CHAP</h1>
<h1 id="client-server-secret-acceptable-local-ip">client server secret acceptable local IP</h1>
addresses
barney fred flintstone1234567890 192.168.43.1
fred barney wilma 192.168.43.2 

An example of the PAP secret file follows:

<h1 id="secrets-for-authentication-using-pap">Secrets for authentication using PAP</h1>
<h1 id="client-server-secret-acceptable-local-ip-2">client server secret acceptable local IP</h1>
addresses
barney * flintstone1234567890
fred * wilma 

Remote Access (PPP) General Parameters

IPv6 Global Network Prefix You can optionally specify an IPv6 global network prefix that the IOLAN will advertise to the device at the other end of the PPP link. Default: 0:0:0:0

IPv6 Prefix Bits Specify the prefix bits for the IPv6 global network prefix. Default: 64

Dynamic DNS

Dynamic DNS can be enabled and configured on a serial port level. If you enable Dynamic DNS and leave the parameters blank, the Dynamic DNS system parameters will be used (Network, Advanced, Dynamic DNS tab).

Dynamic DNS General ParametersAuthentication Parameters

Enable Dynamic DNS Enables/disables the ability to register a new IP address with the DNS server. for this Serial Port Default: Disabled

Host Specify the host name that will be updated with the PPP session's IP address on the DNS server.

User Name Specify the user name used to access the DNS server.

Password Specify the password used to access the DNS server.

Account Settings Button Select this button to configure the Dynamic DNS DynDNS.org account information.

Authentication The type of authentication that will be done on the link. You can use PAP or CHAP (MD5-CHAP, MS-CHAPv1 and MS-CHAPv2) to authenticate a user or client on the IOLAN. When setting either PAP and CHAP, make sure the IOLAN and the PPP peer, have the same setting. For example, if the IOLAN is set to PAP, but the remote end is set to CHAP, the connection will be refused.

Data Options:

None — no authentication will be performed.

PAP — is a one time challenge of a client/device requiring that it respond with a valid username and password. A timer operates during which successful authentication must take place. If the timer expires before the remote end has been authenticated successfully, the link will be terminated.

CHAP — challenges a client/device at regular intervals to validate itself with a username and a response, based on a hash of the secret (password). A timer operates during which successful authentication must take place. If the timer expires before the remote end has been authenticated successfully, the link will be terminated. MD5-CHAP and Microsoft MS-CHAPv1/MS-CHAPv2 are supported. The IOLAN will attempt MS-CHAPv2 with MPPC compression, but will negotiate to the variation of CHAP, compression and encryption that the remote peer wants to use.

Default: CHAP

User

Complete this field only if you have specified PAP or CHAP (security protocols) in the Authentication field, and

• you wish to dedicate this line to a single remote user, who will be authenticated by the IOLAN, or
• you are using the IOLAN as a router (back-to-back with another IOLAN).

When Connect is set to Dial Out or both Dial In/Dial Out are enabled, the User is the name the remote device will use to authenticate a port on this IOLAN. The remote device will only authenticate your IOLAN's port when PAP or CHAP are operating. You can enter a maximum of sixteen alphanumeric characters; for example, tracy201. When connecting together two networks, enter a dummy user name; for example, DS_HQ.

Note: If you want a reasonable level of security, the user name and password should not be similar to a user name or password used regularly to login to the IOLAN. External authentication can not be used for this user.

Field Format: You can enter a maximum of 254 alphanumeric characters.

Password Complete this field only if you have specified the Security field and:

PAP or CHAP (security protocols) in

• you wish to dedicate this serial port to a single remote user, who will be authenticated by the IOLAN, or
• you are using the IOLAN as a router (back-to-back with another IOLAN)

Password means the following:

• When PAP is specified, this is the password the remote device will use to authenticate the port on this IOLAN.
• When CHAP is specified, this is the secret (password) known to both ends of the link upon which responses to challenges shall be based.

Field Format: You can enter a maximum of 16 alphanumeric characters.

Remote User Complete this field only if you have specified the Security field, and

PAP or CHAP (security protocols) in

• you wish to dedicate this line to a single remote user, who will be authenticated by the IOLAN, or
• you are using the IOLAN as a router (back-to-back with another IOLAN)

When Dial In or Dial In/Dial Out is enabled, the Remote User is the name the IOLAN will use to authenticate the port on the remote device. Your IOLAN will only authenticate the port on the remote device when PAP or CHAP are operating. When connecting together two networks, enter a dummy user name; for example, DS_SALES.

Note If you want a reasonable level of security, the user name and password should not be similar to a user name or password used regularly to login to the IOLAN. This option does not work with external authentication.

Field Format: You can enter a maximum of 254 alphanumeric characters.

Remote Access (PPP) Advanced Tab

Modem The name of the predefined modem that is used on this line.

Phone The phone number to use when

Dial Out is enabled.

Session Strings

Controls the sending of ASCII strings to serial device at session start as follows;

- Send at Start—If configured, this string will be sent to the serial device on power-up of the IOLAN, or when a kill line command is issued on this serial port. If the "monitor DSR" or "monitor DCD" options are set, the string will also be sent when the monitored signal is raised.

Range: 0-127 alpha-numeric characters

Range: hexadecimal 0-FF

- Delay after Send - If configured, will inset a delay after the string is sent to the device. This delay can be used to provide the serial device with time to process the string before the session is initiated.

- Range is 0-65535 ms

Default: 10 ms

Remote Access (SLIP) Profile

The Remote Access (SLIP) profile configures a serial port to allow a remote user to establish a SLIP connection to the IOLAN's serial port. This is typically used with a modem for dial-in or dial-out access to the network.

graph LR
    A["Laptop"] --> B["Modem"]
    B --> C["PSTN"]
    C --> D["Modem"]
    D --> E["SLIP"]
    E --> F["IOLAN"]
    F --> G["Network"]
    G --> H["Server Application"]
    style A fill:#f9f,stroke:#333
    style H fill:#ccf,stroke:#333
    note right of B: Dial-In Connection

Remote Access (SLIP) General Parameters

Local IP Address

The IPv4 address of the IOLAN end of the SLIP link. For routing to work you must enter an IP address in this field. Choose an address that is part of the same network or subnetwork as the remote end; for example, if the remote end is address 192.101.34.146, your local IP address can be 192.101.34.145. Do not use the IOLAN's (main) IP address in this field; if you do so, routing will not take place correctly.

Remote IP Address

The IPv4 address of the remote end of the SLIP link. Choose an address that is part of the same network or subnetwork as the IOLAN. If your user is authenticated by the IOLAN, this remote IP address will be overridden if you have set a Framed IP Address for the user. If your user is authenticated by RADIUS and the RADIUS parameter Framed-Address is set in the RADIUS file, the IOLAN will use the value in the RADIUS file in preference to the value configured here.

Subnet Mask

The network subnet mask. For example, 255.255.0.0. If your user is authenticated by RADIUS and the RADIUS parameter Framed-Netmask is set in the RADIUS file, the IOLAN will use the value in the RADIUS file in preference to the value configured here.

MTU

The Maximum Transmission Unit (MTU) parameter restricts the size of individual SLIP packets being sent by the IOLAN. Enter a value between 256 and 1006 bytes; for example, 512. The default value is 256. If your user is authenticated by the IOLAN, this MTU value will be overridden when you have set a Framed MTU value for the user. If your user is authenticated by RADIUS and the RADIUS parameter Framed-MTU is set in the RADIUS file, the IOLAN will use the value in the RADIUS file in preference to the value configured here.

Default: 256

Modem The name of the predefined modem that is used on this line.

Phone The phone number to use when

Dial Out is enabled.

Custom Application Profile

The Custom App/Plugin profile is used in conjunction with custom applications created for the IOLAN by using the Perle SDK. See the SDK Programmer's Guide (the SDK and guide are accessible via a request form located on the Perle website at for information about the functions that are supported. You must download the program and any ancillary files to the IOLAN and set the serial port to the Custom App/Plugin profile to actually run a custom application. You must also specify the program executable and any parameters you want to pass to the program in theCommand Line field. The custom application is automatically run when the serial port is started.

Custom Application General Parameters

Command Line

The name of the SDK program executable that has been already been downloaded to the IOLAN, plus any parameters you want to pass to the program. Use the shell CLI command as described in the SDK Programmer's Guide to manage the files that you have downloaded to the IOLAN. For example, using sample outraw program, you would type:

outraw 192.168.2.1:10001 Acct:10001

if you were starting the application on a serial port.

Field Format: Maximum of 80 characters

Custom Application Advanced Parameters

Session Strings

Controls the sending of ASCII strings to serial device at session start as follows;

- Send at Start—If configured, this string will be sent to the serial device on power-up of the IOLAN, or when a kill line command is issued on this serial port. If the "monitor DSR" or "monitor DCD" options are set, the string will also be sent when the monitored signal is raised.

Range: 0-127 alpha-numeric characters

Range: hexadecimal 0-FF

- Delay after Send - If configured, will inset a delay after the string is sent to the device. This delay can be used to provide the serial device with time to process the string before the session is initiated.

Range is 0-65535 ms

Default: 10 ms

To view the local port buffer for a particular serial port, you must:

Connect to the device on that serial port by Telnet or SSH.

The serial port(s) must be set to the Console Management profile

Once you have established a connection to a device, you can enter the View Buffer String at any time to switch the display to the content of the port buffer for that particular serial port.

To return to communicating to the device, press the ESC key and the communication session will continue from where you left off.

To navigate through the port buffer data, the following chart illustrates the keyboard keys or "hot keys" that can be used to view the port buffer data. Press the ESC key and to continue to communicate with the device on that particular serial port.

Keyboard Buttons Hot Keys Direction

Page Up B Up

Page Down F Down

Home T Top of the buffer data (oldest data)

End E Bottom of the buffer (latest data)

ESC Exit viewing port buffer data.

Remote Port Buffers

The Remote Port Buffering feature allows data received from serial ports on the IOLAN to be sent to a remote server on the LAN. The remote server, supporting Network File System (NFS), allows administrators to capture and analyze data and messages from the serial device connected to the IOLAN serial port. Remote Port Buffering data can be encrypted or raw and/or time stamped. The data is transmitted to an NFS server where a unique remote file is created for each serial port using the configured serial portName for the file name. If the serial port Name parameter is left blank, the IOLAN will create unique files using the IOLAN's Ethernet MAC address and serial port number. It is recommended that a unique NFS directory and serial port Name be configured if multiple IOLANs use the same NFS host for Remote Port Buffering. The filenames will be created on the NFS host with a .ENC extension to indicate data encrypted files or .DAT for unencrypted files. If the data is encrypted, the Decoder utility application must be run on the NFS server to convert the encrypted data to a readable file for administrators to analyze. The Decoder Utility can be found on the Perle website (www.perle.com).

The data that is sent to the remote buffer file is appended to the end of the file (even through IOLAN reboots), so you will want to create a size limit on the file on your remote NFS host, to keep the buffer file size from becoming too large for your system.

Port Buffering General Parameters

Port buffering displays or logs data received on the IOLAN serial port.

Enable Local Port Buffering

Enables/disables local port buffering on the IOLAN. Default: Disabled

View Buffer String

The string used by a session connected to a serial port to display the port buffer for that particular serial port.

Data Options: Up to an 8 character string. You can specify control (unprintable) codes by putting the decimal value in angle brackets < > (for example, Escape b is <027>b).

Default: \~view

Enable Remote Port Buffering

Enables/disables port buffering on a remote system. When you enable this option, you have the ability to save the buffered data to a file(s) (one file is created for each serial port) and/or send it to the Syslog host for viewing on the Syslog host's monitor.

Default: Disabled

NFS Host The NFS host that the IOLAN will send data to for its

Remote Port Buffering

feature. The IOLAN will open a file on the NFS host for each serial port configured for Console Management, and will send serial port data to be written to that file(s).

Default: None

Serial Settings Advanced Parameters

Advanced serial port settings apply to all serial ports.

Process Break Signals Enables/disables proprietary inband SSH break signal processing, the Telnet break signal, and the out-of-band break signals for TruePort.

Default: Disabled

Flush Data Before When enabled, deletes any pending outbound data when a port is closed.

Closing Serial Port Default: Disabled

Modem Parameters

If your IOLAN contains an internal modem, a permanent modem string called iolan_modem exists permanently in your configuration.

You will need to configure a modem if you want to connect an external modem to one of your serial ports. Modems are usually configured for PPP/SLIP dial in/out connections, although some modems do support raw data communication. When you select the Modems tab, you will see any modems that have been configured and the Add button to add a new entry to the modem table.

Adding/Editing a Modem

You can add new modems or edit existing modems through the display window:

Name The name of the modem.

Restrictions: Do not use spaces.

Initialization String The initialization string of the modem; see your modem's documentation.

Trueport Baud Rate Parameters

The TruePort utility acts as a COM port redirector that allows applications to talk to serial devices across a network as though the serial devices were directly attached to the server.

Since some older applications may not support the higher baud rates that the IOLAN is capable of achieving, the baud rate can be mapped to a different value on the IOLAN. Through TruePort, you can map the baud rate of the host COM port to a higher baud rate for the serial line that connects the serial device and the IOLAN. See the Trueport Profile for more information about TruePort.

Actual Baud Rate The actual baud rate that runs between the IOLAN and the connected serial device.

Range: 300-230400, you can also specify a custom baud rate.

Setting Up Users

When you have a user who is accessing a device connected to a serial port from the network or who is accessing the network from a device connected to a serial port through the IOLAN or simply to manage the IOLAN; you can create a user account and configure the user's access privileges. Notice that if there is a Default user; the Default user's parameters are inherited by users logging into the IOLAN.

A user can even represent a device, like a barcode reader or a card swipe device, that you want to be authenticated.

When users are connecting to the IOLAN via serial ports, the user database can be used to:

• Have the user authenticated prior to establishing a connection to a network host.
• Establish a different connection type to the host specific to each user.
• Create a profile different from the Default user profile.

When users are connecting to the IOLAN from a network connection, the user database can be used to:

• Provide authentication on the IOLAN prior to establishing a serial connection via PPP or SLIP.
• Authenticate users prior to providing access to a serially attached console port (such as a Unix server or router).

Note: You do not need user accounts for users who are externally authenticated.

Adding/Editing Users

User Name

The name of the user.

Restrictions: Do not use spaces.

Password

The password the user will need to enter to login to the IOLAN.

Confirm Password

Enter the user's password again to verify it is entered correctly.

Level The access that a user is allowed.

Data Options:

• Admin—The admin level user has total access to the IOLAN. You can create more than one admin user account but we recommend that you only have one. They can monitor and configure the IOLAN. Users configured with this level can access the unit either via serial Terminal Profile connection or via a network originated Telnet or SSH connection to the IOLAN.
• Normal—The Normal level user has limited access to the IOLAN. Limited CLI commands and Menu access are available with the ability to configure the user's own configuration settings. Users configured with this level can access the unit either via serial Terminal Profile connection or via a network originated Telnet or SSH connection to the IOLAN.
• Restricted—The Restricted level user can only access predefined sessions or access the Easy Port Access menu. Users configured with this level will be restricted to pre-defined sessions or limited CLI commands when connecting through the serial port via the Terminal Profile. The CLI commands are limited to those used for initiating a session. If connection to the IOLAN is done with Telnet or SSH from the network, the user will be presented with the Easy Port Access menu.
• Menu—The menu level user will only be able to access predefined sessions when connecting through a serial port with the Terminal Profileor will be limited to the EASY Port Access menu when connecting from the network. The Easy Port Web Access allows the user to connect to the accessible line without disconnecting their initial connection to the IOLAN. Menu users do not have access to CLI commands.

When the admin user logs into the IOLAN, the prompt ends with a #, whereas all other users' prompts ends with a \$ or £, depending on the character set.

Default: Normal

Note: A technique for giving a serially attach user (dial-in or terminal attached), the same menus as one that is network connected is to do the following:
1. Define the serial port with a Terminal Profile using telnet protocol with a direct connection to Host IP address 127.0.0.0 (local loop back).
2. When the user connects to that serial port a Telnet session will be established to the IOLAN and the user will appear to have connected from the network.

User Services Parameters

The Services tab configures the connection parameters for a user. Any connection parameters configured in this window will override the serial port connection parameters.

When a Terminal profile is set for the serial port and Require Login has been selected, user's accessing the IOLAN through the serial port will be authenticated. Once authentication is successful, the Service specified here is started. For example, if theService Telnet is specified, the IOLAN will start a Telnet connection to the specified Host IP/TCP Port after the user is successfully authenticated (logs in successfully).

Within the Terminal profile, there are a number of settings that apply to possible

Services. Once it is known which user is connected, and which service is to be used, then the settings from both the Terminal profile and the user are used. User parameters take precedence over serial port parameters.

User Sessions

The Sessions tab is used to configure specific connections for users who are accessing the network through the IOLAN's serial port.

Users who have successfully logged into the IOLAN (User Service set to DSprompt) can start up to four login sessions on network hosts. These users start sessions through the EasyPortMenu option Sessions. Multiple sessions can be run simultaneously to the same host or to different hosts. Users can switch between different sessions and also between sessions and the IOLAN using Hotkey commands (see Hotkey Prefix) for a list of commands.

Users with Admin or Normal privileges can define new sessions and use them to connect to Network hosts; they can even configure them to start automatically on login to the IOLAN. Restricted and Menu users can only start sessions predefined for them in their user configuration.

User Sessions Parameters

Predefined Outbound You can configure up to four (4) sessions that the user can select from to connect Sessions 1, 2, 3, 4 to a specific host after that user has successfully logged into the IOLAN (used only on serial ports configured for the Terminal profile).

Data Options:

• None—No connection is configured for this session.
• Telnet—For information on the Telnet connection window, see Telnet Settings.
• Rlogin—For information on the Rlogin connection see RLogin Rlogin Settings.
• SSH—For information on the SSH connection window, see SSH Setting.

Default: None

Telnet SSH, Rlogin Select this button to configure the connection parameters for this session. Settings Button Connect Specify whether or not the session(s) will start automatically when the user logs into the IOLAN. Automatically

Default: Disabled

Host The host that the user will connect to in this predefined session. Default: None

TCP Port The TCP port that the IOLAN will use to connect to the host in this predefined session. Default: Telnet-23, SSH-22, Rlogin-513

Serial Port Access

The Serial Port Access tab controls the user's read/write access on any given IOLAN serial port. This pertains to users that are connecting from the network to a serial over a Console Management type session. This can be useful when you have multiple users connecting to the same serial device and you wish to control the viewing and/or the write to and from the device. See the Multisessions and User Authentication parameters in the Console Management Advanced Parameters for the serial port settings.

Serial Port Access Specifies the user access rights to each IOLAN serial port device. There can be multiple users connected to a particular serial device and these settings determine the rights of this user for any of the listed serial ports.

Data Options:

• Read/Write—The user has read and write access to the serial port.
• Read In—The User will see data going to the serial port, from all network-connected users that have write privileges to this serial port.
• Read Out—The user will have access to all data originating from the serial device.

Users can read data going in both directions by selecting both the Read In and Read Out options.

Default: Read/Write

Authentication

Users can be authentication by the IOLAN. or through an external authentication server.

Authentication is different from authorization, which can restrict a user's access to the network (although this can be done through the concept of creating sessions for a user. Authentication ensures that the user is defined within the authentication database—with the exception of using the Guest authentication option under Local Authentication, which can accept any user ID as long as the user knows the configured password.

For external authentication, the IOLAN supports RADIUS, Kerberos, LDAP/Microsoft Active Directory, TACACS+, SecurID, and NIS. You can specify a primary authentication method and a secondary authentication method. If the primary authentication method fails (cannot connect to the server or authentication fails), the secondary authentication method is tried (unless you enable the Only Use as backup option, in which case the secondary authentication method will be tried only when the IOLAN cannot communicate with the primary authentication host). This allows you to specify two different authentication methods. If you do specify two different authentication methods, the user will be prompted for his/her username once, but will be prompted for a password for each authentication method tried. For example, user Alfred's user ID is maintained in the secondary authentication database, therefore, he will be prompted for his password twice, because he is not in the primary authentication database. Unlike the other external authentication methods, RADIUS and TACACS+ can also send back Serial Port and User parameters that are used for the duration of the connection. Therefore, any parameters configured by RADIUS or TACACS+ will override the same parameters configured in the IOLAN. See Appendix RADIUS External Parameters for more information.

Security Overview

The Security group includes the following configuration options:

• Authentication—When a serial port is configured for the Console Management or TCP Sockets profile, the user can be authenticated either locally in the IOLAN user profile or externally. This option configures the external authentication server. See Setting Primary and Secondary Authentication Methods for more information.
• SSH—This configuration window configures the SSH server in the IOLAN. See NIS Authentication Parameters for more information.
• SSL/TLS—This configuration window configures global SSL/TLS settings, which can be overridden on the serial port level. See SSL/TLS for more information.
• VPN—This configuration window configures the Virtual Personal Network (VPN) IPsec and L2TP/IPsec tunnel parameters. See VPN Authentication Parameters for more information.
• HTTP Tunnel—This configuration window configures the Http Tunneling parameters. See Configuring a HTTP Tunnel for more information.
• Services—This configuration window is used to enable/disabled client and daemon services that run in the IOLAN. See Enable/Disable Services for more information.

In the Authentication window, you can select up to two methods of authentication made up of external authentication options and/or the local user database.

Setting Primary and Secondary Authentication Methods

Primary

Authentication

Method

The first authentication method that the IOLAN attempts.

Data Options: Local, RADIUS, Kerberos, LDAP/Microsoft Active directory,

TACACS+, SecurID, NIS

Default: Local

Local

When Local authentication is selected, the user must either be configured in the IOLAN's User List or you must enable Guest users.

Local Authentication Parameter

Enable Guest Mode Allow users who are not defined in the Users database to log into the IOLAN with any user ID and the specified password. Guest users inherit their settings from the Default User's configuration. Default: Disabled

Guest Password The password that Guest users must use to log into the IOLAN.

Confirm Password Type the Guest Password in again to verify that it is correct.

Enable Login Once When this option is selected, only one user with the same username can be signed in at one time. Should the same user with the same username attempt to sign in again, their first session will be terminated and they will gain entry to their new session.

Enable Password Rules When this option is selected, the following password rules will apply. The password must be 8 characters long and contain at least one number.

Enable Account Lockout When this option is selected, the IOLAN's internal local user database will provide a 10 second delay after each invalid attempt. If 5 invalid attempts are made within 1 minute the user will be locked out from further attempts for 5 minutes.

RADIUS

Radius is an authentication method that the IOLAN supports that can send back User information; see Supported RADIUS Parameters for more information on the User parameters that can be sent back by RADIUS.

Radius Authentication Parameters

KerberosLDAP/Microsoft Active Directory

LDAP (Lightweight Directory Access Protocol) is an application protocol for querying and modifying directory services running over TCP/IP. It is also used as a method of authenticating users. Microsoft Active Directory is an LDAP like directory service. It can be used for authenticating users in a similar fashion to LDAP. In this manual, the use of LDAP is synonymous with Microsoft Active Directory.

Enable TLS

Enables/disables the Transport Layer Security (TLS) with the LDAP/Microsoft Active Directory host.

Default: Disabled.

TLS Port Specify the port number that LDAP/Microsoft Active Directory will use for Default: 636

TLS.

Directory with TLS, you need to download a CA list to the IOLAN that includes the certificate authority (CA) that signed the LDAP certificate on the LDAP host by selecting Tools, Advanced, Keys and Certificates. See Network Filtering for more information on the LDAP certificate.

TACACS+

TACACS+ is an authentication method that the IOLAN supports that can send back User information; see for more information on the User parameters that can be sent back by TACACS+.

TACACS+ Authentication Parameters

Authentication/ The primary TACACS+ host that is used for authentication.

Authorization Default: None

Primary Host

Authentication/ The secondary TACACS+ host that is used for authentication, should the primary Authorization TACACS+ host fail to respond.

Secondary Host Default: None

Authentication/ The port number that TACACS+ listens to for authentication requests.

Authorization Port Default: 49

Authentication/ The TACACS+ shared secret is used to encrypt/decrypt TACACS+ packets in

Authorization Secret communications between two devices. The shared secret may be any alphanumeric string. Each shared secret must be configured on both client and server sides.

Enable Authorization Enables authorization on the TACACS+ host, meaning that IOLAN-specific parameters set in the TACACS+ configuration file can be passed to the IOLAN after authentication.

Default: Disabled

Enable Accounting Enables/disables TACACS+ accounting.

Default: Disabled

Accounting Primary The primary TACACS+ host that is used for accounting.

Host Default: None

Accounting Secondary Host The secondary TACACS+ host that is used for accounting, should the primary accounting TACACS+ host fail to respond.

Default: None

Securid

Securid Authentication Parameters Securid Reset Node

Primary/Master Host The first SecurlD server that is tried for user authentication. Default: None

Replica/Slave Host If the first SecurID server does not respond to an authentication request, this is the next SecurID server that is tried for user authentication. Default: None

UDP Port The port number that SecurlD listens to for authentication requests. Default: 5500

Encryption Type The type of encryption that will be used for SecurID server communication. Data Options: DES, SDI Default: SDI

Legacy If you are running SecurlD 3.x or 4.x, you need to run in Legacy Mode. If you are running SecurlD 5.x or above, do not select Legacy Mode. Default: Disabled

If you need to reset the SecurID secret, select Administration, Reset, Securid Secret.

NIS

NIS Authentication Parameters

NIS Domain The NIS domain name.

Primary NIS Host

The primary NIS host that is used for authentication.

Default: None

Secondary NIS Host

The secondary NIS host that is used for authentication, should the primary NIS host fail to respond.

Default: None

The IOLAN contains SSH Server software that you need to configure if the IOLAN is going to be accessed via SSH. If you specify more than one Authentication method and/or Cipher, the IOLAN will negotiate with the client and use the first authentication method and cipher that is compatible with both systems. When you are using the SSH connection protocol, keys need to be distributed to all users and the IOLAN. Below are a couple of example scenarios for key/certificate distribution.

Users Logging into the IOLAN Using SSH

This scenario applies to serial ports configured for Console Management using the SSH protocol. In the following example, users are connecting to the IOLAN via SSH from the LAN. Therefore, the following keys need to be exchanged:

- U p I o a d SSH Public Keylto@adh users host machine who is connecting and logging into the IOLAN using SSH.

- Download the SSH Public Key from each user's host machine who is connecting and logging into the IOLAN using SSH.

graph LR
    Server -->|Device Server\nDevice Server Private\nKey\nLynn Public Key| Network
    Network -->|SSH| Lynn["LLNN Device Server Public"]
    Network --> Tracy["Tracy Device Server Public"]
    Network --> Dennis["Dennis Device Server Public"]

Users Passing Through the IOLAN Using SSH (Dir/Sil)

This scenario applies to serial ports configured for the Terminal profile and are required to login to the IOLAN. The user's service is set to the SSH protocol, therefore, users first log into the IOLAN and then are connected to a specified host (configured for the user when User Service SSH is selected) through an SSH connection. Lynn and Tracy automatically connect to the HR Server and Dennis automatically connects to the Development Server via SSH through the IOLAN. All the SSH negotiation is being done between the IOLAN and the target servers, therefore, the following keys need to be exchanged:

- Download the SSH Host Public Key to the IOLAN for each of the hosts that the IOLAN is connecting to.

- Download the SSH User Private Key for each user whose User Service is set to SSH.

- Copy the SSH User Public Key to the host that the user is connecting to (this is done outside the scope of the IOLAN).

graph LR
    A["HR Server"] -->|HHH| B["Device Server"]
    C["Sales Server"] -->|HHH| B
    D["Sales Server Private Key"] -->|HHH| B
    E["HR Server"] -->|HHH| B
    B --> F["Lynn"]
    B --> G["Tracy"]
    B --> H["Dennis"]
    B --> I["SHH"]
    style A fill:#f9f,stroke:#333
    style C fill:#f9f,stroke:#333
    style D fill:#f9f,stroke:#333
    style E fill:#f9f,stroke:#333
    style B fill:#ccf,stroke:#333
    style F fill:#ccf,stroke:#333
    style G fill:#ccf,stroke:#333
    style H fill:#ccf,stroke:#333
    style I fill:#ccf,stroke:#333

Allow SSH-1 Protocol Allows the user's client to negotiate an SSH-1 connection, in addition to SSH-2. Default: Disabled

RSA When a client SSH session requests RSA authentication, the IOLAN's SSH server will authenticate the user via RSA. Default: Enabled

DSA When a client SSH session requests DSA authentication, the IOLAN's SSH server will authenticate the user via DSA. Default: Enabled

Keyboard- Interactive The user types in a password for authentication. Default: Enabled

Password The user types in a password for authentication. Default: Enabled

3DES The IOLAN SSH server's 3DES encryption is enabled/disabled. Default: Enabled

CAST The IOLAN SSH server's CAST encryption is enabled/disabled. Default: Enabled

Blowfish The IOLAN SSH server's Blowfish encryption is enabled/disabled. Default: Enabled

Arcfour The IOLAN SSH server's Arcfour encryption is enabled/disabled. Default: Enabled

AES-CBC The IOLAN SSH server's AES-CBC encryption is enabled/disabled. Default: Enabled

SSL/TLS

When SSL/TLS is configured, data is encrypted between the IOLAN and the host/device (which must also support SSL/TLS). When you configure the SSL/TLS settings in the System section, you are configuring the default global SSL/TLS settings; you are not configuring an SSL/TLS server.

You can create an encrypted connection using SSL/TLS for the following profiles: TruePort, TCP Sockets, Terminal (the user's Service must be set to SSL_Raw), Serial Tunneling, Virtual Modem, and Modbus.

When configuring SSL/TLS, the following configuration options are available:

• You can set up the IOLAN to act as an SSL/TLS client or server.
• There is an extensive selection of SSL/TLS ciphers that you can configure for your SSL/TLS connection; see appendix on ciphers for a list of SSL/TLS ciphers.

Note: Some combinations of cipher groups are not available on FIPS firmware versions.

You can enable peer certificate validation, for which you must supply the validation criteria that was used when creating the peer certificate (this is case sensitive).

Note: See Network Filtering for information about SSL/TLS support documents.

Authentication Parameters

SSL/TLS Version Specify whether you want to use:

• Any—The IOLAN will try a TLSv1 connection first. If that fails, it will try an SSLv3 connection. If that fails, it will try an SSLv2 connection.
• SSLv3—The connection will use only SSLv3.
• TLSv1—The connection will use only TLSv1.
• TLSv1.1—The connection will use only TLSv1.1.
• TLSv1.2—The connection will use only TLSv1.2.

Default: Any

SSL/TLS Type

Specify whether the IOLAN serial port will act as an SSL/TLS client or server. Default: Client

Cipher Suite Button Select this button to specify SSL/TLS connection ciphers.

Validate Peer Certificate

Enable this option when you want the Validation Criteria to match the Peer Certificate for authentication to pass. If you enable this option, you need to download an SSL/TLS certificate authority (CA) list file to the IOLAN. Default: Disabled

Validation Criteria Button

Select this button to create peer certificate validation criteria that must be met for a valid SSL/TLS connection.

SSL Certificate Passphrase

This is the SSL/TLS passphrase used to generate an encrypted RSA/DSA private key. This private key and passphrase are required for both HTTPS and SSL/TLS connections, unless an unencrypted private key was generated, then the SSL passphrase is not required. Make sure that you download the SSL private key and certificate if you are using the secure HTTP option (HTTPS) or SSL/TLS. If both RSA and DSA private keys are downloaded to the IOLAN, they need to be generated using the same SSL passphrase for both to work.

Cipher Suite Field Descriptions

The SSL/TLS cipher suite is used to encrypt data between the IOLAN and the client. You can specify up to five cipher groups.

Note: Some combinations of cipher groups may not be available on some firmware versions.

Adding/Editing a Cipher

See Valid SSL/TLS Ciphers for a list of valid SSL/TLS ciphers.

SSL Authentication Parameters

Encryption

Select the type of encryption that will be used for the SSL connection.

Data Options:

- Any—Will use the first encryption format that can be negotiated.

- AES

• 3 D E S

• DES

• A R C F O U R

• A R C T W O

• A E S - G C M

Default: Any

Min Key Size

The minimum key size value that will be used for the specified encryption type.

Data Options: 40, 56, 64, 128, 168, 256

Default: 40

Max Key Size

The maximum key size value that will be used for the specified encryption type.

Data Options: 40, 56, 64, 128, 168, 256

Default: 256

Key Exchange The type of key to exchange for the encryption format.

Data Options:

• Any—Any key exchange that is valid is used (this does not, however, include ADH keys).
• RSA—This is an RSA key exchange using an RSA key and certificate.
  • EDH-RSA—This is an EDH key exchange using an RSA key and certificate.
  • EDH-DSS—This is an EDH key exchange using a DSA key and certificate.
• ADH—This is an anonymous key exchange which does not require a private key or certificate. Choose this key if you do not want to authenticate the peer device, but you want the data encrypted on the SSL/TLS connection.
• ECDH-ECDSA—This is an ECDH key exchange using a ECDSA key and certificate.

Default: Any

HMAC

Select the key-hashing for message authentication method for your encryption type.

Data Options:

- Any

MD5

• S H A 1

• SHA256

• SHA384

Default: Any

Validation Criteria Field Descriptions

If you choose to configure validation criteria, then the information in the peer SSL/TLS certificate must match exactly the information configured in this window in order to pass peer authentication and create a valid SSL/TLS connection.

VPN

A Virtual Private Network (VPN) creates a secure, dedicated communications network tunnelled through another network.

You can configure the IOLAN for:

• a host-to-host Virtual Private Network (VPN) connection
• a host-to-network VPN connection
• a network-to-network VPN connection
• or host/network-to-IOLAN VPN connection (allowing serial devices connected to the IOLAN to communicate data to a host/network).

In addition to being able to configure up to 64 IPsec tunnels, you can configure an L2TP/IPsec tunnel that will allow hosts to create a VPN tunnel to the IOLAN. The L2TP/IPsec VPN protocol is required by the Windows XP ^® operating system. Later versions of Windows ^® may support both VPN protocols, however check with the Windows ^® documentation that came with your Windows ^® pc.

Note: Before you enable/configure any VPN tunnels, you should configure any exceptions or you might not be able to access the IOLAN except through a VPN tunnel or the console port. See L2TP/IPsec Exceptions for more information about exceptions.

Note: If you are configuring IPsec and/or L2TP/IPsec, you must also enable the IPsec service found in Security. Services navigation tree.

The information in this section applies only to setting up IPsec VPN tunnels, not L2TP/IPsec VPN tunnels. The IOLAN can be configured as a VPN gateway using the IPsec protocol. You can configure the VPN connection using two IOLANs as the local and remote VPN gateways or the IOLAN as the local VPN gateway and a host/server running the VPN software as the remote VPN gateway.

If the VPN tunnel is being configured for an IPv6 network that is going through a router(s), the router(s) must have manual IPv6 address entry capability.

VPN servers/clients can support various VPN parameters. However, the following parameters are REQUIRED to be set to the following values to support a VPN tunnel between the IOLAN and a VPN server/client:

perfect forward secrecy: no

protocol: ESP

mode: tunnel (not transport)

opportunistic encryption: no

aggressive mode: no

IKE Phase 1 Proposals

The following IKE Phase 1 proposals are supported by the IOLAN VPN gateway:

• Ciphers—3DES, AES
- Hashes—MD5, SHA1
- Diffie-Hellman Groups—2 (MODP1024), 5 (MODP1536), 14 (MODP2048), 15 (MODP3072), 16 (MODP4096), 17 (MODP6144), 18 (MODP8192)

ESP Phase 2 Proposals

The following ESP Phase 2 proposals are supported by the IOLAN VPN gateway:

• Ciphers—3DES, AES
- Authentication Algorithms—MD5, SHA1, SHA2

IPsec

When an IPsec tunnel becomes active, you are requiring that all access to the IOLAN go through the configured IPsec tunnel(s), so you must configure any exceptions first see (L2TP/IPsec Exceptions). for more information on exceptions) or you will not be able to access the IOLAN through the network unless you are configured to go through the IPsec tunnel (you can still access the IOLAN through the Console port).

Adding/Editing the IPsec Tunnel

When you select the Add button or select an IPsec tunnel and select the Edit button, the following window is displayed:

Name

Provide a name for the IPsec VPN tunnel to make it easy to identify.

Text Characteristics: Maximum of 16 characters, spaces not allowed

Authentication Method

Specify the authentication method that will be used between VPN peers to authenticate the VPN tunnel.

Data Options:

• Shared Secret—A text-based secret that is used to authenticate the IPsec tunnel (case sensitive). This applies to all VPN tunnels (IPsec and L2TP/IPsec).
• RSA Signature—RSA signatures are used to authenticate the IPsec tunnel. When using this authentication method, you must download the IPsec RSA public key to the IOLAN and upload the IPsec RSA public key from the IOLAN to the VPN gateway.
• X.509 Certificate—X.509 certificates are used to authenticate the IPsec tunnel. When using this authentication method, you must include the signing authority's certificate information in the SSL/TLS CA list and download it to the IOLAN.

Default: Shared Secret

Secret/Remote Validation Criteria Button

Shared Secret—Specify the text-based secret that is used to authenticate the IPsec tunnel (case sensitive). This applies to all VPN tunnels (IPsec and L2TP/IPsec).

X.509 Certificate—Specify the remote X.509 certificate validation criteria that must match for successful authentication (case sensitive). Note that all validation criteria must be configured to match the X.509 certificate. If using an asterisk (*) for wildcard matching, the Boot Action must be set to Add (Listen).

See Shared Secret Field Description for more information.

See Remote Validation Criteria Field Descriptions or more information on the X.509 certificate validation criteria.

Local Device

When the VPN tunnel is established, one side of the tunnel is designated as Right and the other as Left. You are configuring the IOLAN-side of the VPN tunnel.

Data Options: Left, Right

Default: Left

Local IP Address The IP address of the IOLAN. You can specify %defaultroute when the IP address of the IOLAN is not always known (for example, when it gets its IP address from DHCP). When %defaultroute is used, a default gateway must be configured in the route table (Network, Advanced, Route List tab). Field Format: IPv4 address, IPv6 address, FQDN, %defaultroute

Boot Action

Determines the state of the VPN network when the IOLAN is booted.

Data Options:

• Start—Starts the VPN network, initiating communication to the remote VPN.
• Add—Adds the VPN network, but doesn't initiate a connection to the remote VPN.
• Ignore—Maintains the VPN network configuration, but the VPN network is not started and cannot be started through the IPsec command option.

When defining peer VPN gateways, one side should be defined as Start (initiate) and the other as Add (listen). It is invalid to define both gateways as Add. VPN connection time can take longer when both gateways are set to Start, as both sides will attempt to initiate the same VPN connection.

Default: Start

Shared Secret Field Description

When the Authentication Method is set to Shared Secret, you can enter a secret that applies to all VPN tunnels (both the IPsec and L2TP/IPsec protocols) to successfully authenticate and create a valid connection.

Secret When the

Authentication Method is set to Shared Secret, enter the case-sensitive secret word. This applies to all VPN tunnels (IPsec and L2TP/IPsec). Field Format: Maximum of 16 characters, spaces not allowed

Remote Validation Criteria Field Descriptions

When the Authentication Method is set to X.509 Certificate, you can configure the remote validation criteria. The information in the remote X.509 certificate must match exactly the information configured in this window in order to successfully authenticate and create a valid connection. If using an asterisk(*) for wildcard matching the Boot Action must be set to Add (Listen).

IPsec Authentication Parameters

L2TP/IPsec

In order to create a VPN tunnel on Windows XP ^® , you must use the L2TP/IPsec protocol. When L2TP/IPsec is enabled, the IOLAN will listen for L2TP/IPsec VPN tunnel requests.

When you enable L2TP/IPsec, you are requiring that all access to the IOLAN go through the L2TP/IPsec tunnel, so you must configure any exceptions first see (L2TP/IPsec Exceptions) for more information on exceptions) or you will not be able to access the IOLAN through the network unless you are configured to go through the L2TP/IPsec tunnel (you can still access the IOLAN through the Console port).

L2TP/IPsec Authentication Parameters

L2TP/IPsec Exceptions

Exceptions allow specific hosts or any host in a network to access the IOLAN outside of a VPN tunnel. This is especially useful when allowing local network hosts access to the IOLAN when VPN tunnels have been configured for remote user security.

Adding/Editing a VPN Exception

VPN Authentication Parameters

Use NAT Traversal (NAT_T)

NAT Traversal should be enabled when the IOLAN is communicating through a router/gateway to a remote VPN that also has NAT Traversal enabled.

Default: Enabled

HTTP Tunneling

A HTTP tunnel is a firewall-safe communication channel between two IOLAN's. HTTP tunnels can transport arbitrary TCP/IP or UDP/IP data for applications such as Telnet/SSH or any other TCP application and most UDP applications.

You can configure the IOLAN for:

• a serial-to-serial HTTP tunnel connection
• a serial-to-host HTTP tunnel connection
• a host-to-host HTTP tunnel connection
• Tunnel Relay connection

See Configuring a HTTP Tunnel for more information on setup requirements for these scenarios.

The information in this section applies only to setting up HTTP tunnels.

A minimum of two IOLAN's must be configured to create a communication channel. One IOLAN must be configured as the listener and the other IOLAN must be configured as the connecting IOLAN.

Configuring a HTTP Tunnel

Name Provide a name for this tunnel. This name must match the tunnel name on the tunnel peer IOLAN DS.

Connect to Provide the Host name or IP address of the listening IOLAN.

Proxy Settings If a proxy server is being used, allows for the configuration of proxy specific parameters.

Listen for Connections Listen for connection requests generated from the connecting IOLAN.

Restrict to IP Only accept connection requests from this IP address

Shared Secret If a secret is defined, then both sides of the tunnel must set the same secret. A secret is used to ensure that the Tunnel is being established with the correct peer.

HTTPS When enabled, secure access mode (HTTPS) will be used to establish the tunnel.

Restrict Access to this IOLAN only If enabled, tunnel connections will only be allowed to access local devices (serial ports) on this IOLAN. Connection requests going to external IP hosts on the local LAN will be not allowed.

Note: HTTPS mode requires that the SSL Passphrase is already defined in the IOLAN configuration and the SSL/TLS certificate/private key and CA list must have already been downloaded to the IOLAN.

Configuring HTTP Tunnel Proxy

Proxy servers are used in larger companies and organizations. Ask your network administrator if you need to configure a Proxy server.

Use HTTP Proxy Enables the Proxy parameters.

Host/IP The Host name or IP address of the Proxy server.

Port The HTTP/HTTPS port number of the Proxy server. Default: 8080.

Username The "username" which will be used by the Terminal Server to authenticate with the proxy server (if authentication is required by the proxy server).

Password The "password" which will be used by the Terminal Server to authenticate with the proxy server (if authentication is required by the proxy server).

Domain This field is only used if authentication is needed with the proxy server. If the proxy server does not expect this field, it can be left blank.

Note: We support the following types of authentication; Local Windows account authentication (clear text, SPA) and Digest authentication (MD5).

Ensure that your Proxy Server does not restrict HTTP-CONNECT messages to port 443 and allows HTTP-CONNECT messages on Port 80

Configuring HTTP Tunnel Proxy Advanced

Keepalive Interval The number of seconds between sending keep-alives for HTTP connections. Keep-alives are used to prevent idle connections from closing. In most cases this value does not need to be changed.

Default: 30 seconds

Maximum Connection Age The maximum amount of time an HTTP connection will stay open in minutes. In most cases this value does not need to be changed.

Default: 1440 mins. (1 day).

Configuring HTTP Tunnel Destination

Configure the following parameters if host access via a tunnel is needed. Each entry in the list box defines the application and port numbers an external client will use to access the destination host or application.

Tunnel Select the HTTP tunnel to use for this connection

Destination The address of an external host on the peer IOLAN's LAN. If the destination is a serial port on the Peer IOLAN or the peer IOLAN itself, select "Same as Tunnel".

Add new Services Select either predefined services or custom services.

Predefined Services Select the service or services required. For predefined services, you must specify an alias local IP address which will be used by the external host to access the service.

Note: When HTTP tunneling is used TCP and UDP ports 50,000 and above are reserved and should not be configured by the user.

Network Services

Services and Daemons are based on your IOLAN model. Network services can be enabled and disabled.

Enable/Disable Services

Telnet Server Telnet daemon process in the IOLAN listening on TCP port 23. Default: Enabled

TruePort Full Mode The TruePort daemon process in the IOLAN that supports TruePort Full Mode on UDP port 668. You can still communicate with the IOLAN in Lite Mode when this service is disabled. Default: Enabled

Syslog Client Syslog client process in the IOLAN. Default: Enabled

Modbus Modbus daemon process in the IOLAN listening on port 502. Default: Enabled

SNMP SNMP daemon process in the IOLAN listening on UDP port 161 and sending traps on UDP port 162. Default: Enabled

DeviceManager DeviceManager daemon process in the IOLAN. If you disable this service, you will not be able to connect to the IOLAN with the DeviceManager application. The DeviceManager listens on port 33812 and sends on port 33813. Default: Enabled

Note: TCP ports 2601, 2602 and 2603 are used internally by the IOLAN.

Network Filtering

Keys and Certificates

When you are using SSH, SSL/TLS, LDAP/Microsoft Active Directory, or HTTPS, you will need to install keys and/or certificates or get server keys in order to make those options work properly. All certificates need to be created and all keys need to be generated outside of the IOLAN, with the exception of the IOLAN SSH Public keys, which already exist in the IOLAN SSH keys must be generated using the OpenSSH format.

Certificate Authorities (CAs) such as Verisign, COST, GTE CyberTrust, etc. can issue certificates. Or, you can create a RSA or DSA self-signed certificate using a utility such as OpenSSL. To download or keys, a certificate, or a CA list or to upload the IOLAN public SSH key, select Administration, Keys and Certificates.

Keys and Certificate Parameters

Key / Certificate

Select the key or certificate that you want to download to the IOLAN or upload the Management Module's SSH Public Key.

Data Options:

• Upload Server SSH Public Key, used for SSH management access
• Download SSH User Public Key, used for SSH management access
• Download SSL/TLS Private Key, required if using HTTPS and/or SSL/TLS
• Download SSH Host Public Key, required if using SSH
• Download SSL/TLS Private Key, required if using SSL/TLS
• Download SSL/TLS Certificate, required if using HTTPS and/or SSL/TLS
• Upload IPsec RSA Public Key, required if using X.509 certification authentication for an IPsec tunnel
• Download IPsec RSA Public Key, required if using X.509 certification authentication for an IPsec tunnel
• Download SSL/TLS CA, required if using LDAP/Microsoft Active Directory with TLS, SSL/TLS, and/or X.509 certificate authentication for an IPsec tunnel
• Download NTP/SNTP Keys File, required if using NTP/SNTP server authentication

File Name

The file that you are going to download/upload to/from the IOLAN via TFTP.

Key Type

Specify the type of authentication that will be used for the SSH session. The following list details the keys that support each key type.

Data Options:

• RSA—Server SSH Public Key, SSH User Public Key, SSH User Private Key, SSH Host Public Key
• DSA—Server SSH Public Key, SSH User Public Key, SSH User Private Key, SSH Host Public Key

User Name The name of the user for whom you are downloading the Private Key to the IOLAN.

SSH User Public or

Host Name The name of the host for which you are downloading the Private Key to the IOLAN.

SSH Host Public or

IPsec Tunnel Name

Select the IPsec tunnel that the RSA public key is being used to authenticate.

Clustering

Clustering is a way to provide access to the serial ports of many IOLANs through a single IP address. The IP address that will be used to access all clustered serial ports will be that of the Master IOLAN in the cluster. All other IOLANs in the cluster will be referred to as Slave IOLANs. Users can also access slave serial ports using EasyPort Web; EasyPort Web is automatically launched when a user types in the IP address of the Master IOLAN in a web browser. If the user has Admin privileges, the WebManager will first be displayed with an option to proceed to EasyPort Web. The Clustering Slave List window displays the slave IOLAN entries and the number of ports on those slave IOLANs.

Note: No special configuration is required on the Slave IOLANs to enable this functionality.

Adding Clustering Slaves

When you add a clustering slave IOLAN entry, you are adding the IOLAN that users will access through this master IOLAN.

Clustering Parameters

Advanced Clustering Slave Options

The Advanced button provides a means of configuring each individual serial port's name, connection protocol, and port association in the clustered IOLAN slave. The Clustering Slave Settings window displays each clustered serial port slave entry, you need to select the Edit button to configure the individual serial port settings.

If you select the Retrieve Port Names button, the DeviceManager will connect to the clustering slave IOLAN and download all the serial port names--you can change the names and other settings when you select the Edit button.

Editing Clustering Slave Settings

Port Name Specify a name for the port.

Default: A combination of the port number, the @ symbol, and the IP address; for example, port1@172.22.23.101.

Slave TCP Port

Specify the TCP Port number configured on the Slave IOLAN that is associated to the port number you are configuring.

Range: 1-99999

Master TCP Port

Specify the TCP port number you want to map to the Slave IOLAN TCP Port. User's will use this TCP port number to access the Slave IOLAN's port.

Default: 1024, and then increments by one for each new slave entry

Protocol

Specify the protocol that will be used to access the port.

Data Options: SSH, Telnet

Default: Telnet

Alerts

This chapter describes the alerts (email and syslog) that can be configured for the IOLAN and the advanced options (SNMP, time, custom applications/plugins, and other miscellaneous configuration options) that you will want to look at to see if they are required for your implementation.

Email Alerts

Email notification can be set at the Server and/or Line levels. You can set email notification at these levels because it is possible that the person who administers the IOLAN might not be the same person who administers the serial device(s) attached to the IOLAN port. Therefore, email notification can be sent to the proper person(s)

responsible for the hardware.

Email notification requires an SMTP host that is accessible by the IOLAN to process the email messages sent by the IOLAN. When you enable email notification at the Server level, you can also use those settings at the serial port level, or you can configure email notification specifically for each serial port. When you choose an event Level, you are selecting the lowest notification level; for example, if you select Level

Error, you will get notifications for all events that trigger Error, Critical, Alert, and Emergency messages.

The level order, from most inclusive to least inclusive, is as follows: Debug, Info, Notice, Warning, Error, Critical, Alert, Emergency.

The following events trigger an email notification on the System for the specified Level:

• Reboot, Alert Level
  • IOLAN System Failure, Error Level
• Authentication Failure, Notice Level
• Successful Login, Downloads (all), Configuration Save Commands, Info Level

Email Alert Parameters

Enable Email Alert Enables/disables a global email alerts setting. Even if this option is disabled, you can still configure individual serial port email alerts. When this option is enabled, individual serial ports can inherit these email alerts settings.

Default: Disabled

Level Choose the event level that triggers an email notification.

Data Options: Emergency, Alert, Critical, Error, Warning, Notice, Info, Debug

Default: Emergency

To An email address or list of email addresses that will receive the email notification.

Subject A text string, which can contain spaces, that will display in the email notification. Subject field of the

From This field can contain an email address that might identify the IOLAN name or some other value.

Reply To The email address to whom all replies to the email notification should go.

Outgoing Mail Server The SMTP host (email server) that will process the email notification request. This can be either a host name defined in the IOLAN host table or the SMTP host IP address.

HTTP Tunnel Specify the HTTP tunnel to be used for this connection.

Syslog

The IOLAN can be configured to send system log messages to a syslog daemon running on a remote host if the Syslog service is activated. You can configure a primary and secondary host for the syslog information and specify the level for which you want syslog information sent.

Note: You must ensure that the Syslog Client service in the Security, Services window is enabled (by default it is enabled) for these settings to work.

Syslog Parameters

Primary Host The first preconfigured host that the IOLAN will attempt to send system log messages to; messages will be displayed on the host's monitor.

Default: None

Secondary Host If configured, the IOLAN will attempt to send system log messages to this syslog host as well as the primary syslog host defined. Messages will be displayed on the host's monitor.

Default: None

HTTP Tunnel Specify the HTTP tunnel to be used for this connection.

Level Choose the event level that triggers a syslog entry.

Data Options: Emergency, Alert, Critical, Error, Warning, Notice, Info, Debug Default: Emergency

Management

If you are using SNMP to manage/configure the IOLAN, or to view statistics or traps, you must set up a User in SNMP version 3 or a Community in SNMP version 1,2 to allow your SNMP manager to connect to the IOLAN; this can be done in the DeviceManager, WebManager and CLI. You must then load the perle-sds.MIB (found on the Perle website at www.perle.com)file into your SNMP manager before you connect to the IOLAN.

Note: Ensure that the SNMP service found in the Security, Services page is enabled (by default it is enabled).

SNMP Parameters

Contact The name and contact information of the person who manages this SMNP node.

Location The physical location of the SNMP node.

Community The name of the group that devices and management stations running SNMP belong to. Community only applies to SNMP v1 and v2c.

Internet Address The IP address of the SNMP manager that will send requests to the IOLAN. If the address is 0.0.0.0, any SNMP manager with the Community name can access the IOLAN. If you specify a network address, for example 172.16.0.0, any SNMP manager within the local network with the Community name can access the IOLAN.

Field Format: IPv4 or IPv6 address

Permissions Permits the IOLAN to respond to SNMP requests.

Data Options:

• None—There is no response to requests from SNMP.
• Readonly—Responds only to Read requests from SNMP.
• Readwrite—Responds to both Read and Write requests from SNMP.

Default: None

V3 Read-write User This user can view and edit SNMP variables.

V3 Read-Write Security Level Select the security level for the Read-Writer user. This must match the configuration set up in the SNMP manager.

Data Options:

• None—No security is used.
• Auth—User authentication is used.
• Auth/Priv—User authentication and privacy (encryption) settings are used.

Default: None

SNMP Trap Parameters

Trap checkbox Check this box to enable the entry of the trap information.

Custom App/Plugin

You can create custom applications for the IOLAN by using the Perle SDK. See the SDK Programmer's Guide (the SDK and guide are accessible via a request form located on the Perle website at www.perle.com/supportfiles/SDK_Request.shtml) for information about the functions that are supported. You must download the program and any ancillary files to the IOLAN and set the Serial Port Profile to Custom App/Plugin to run a custom application. You must also specify the program executable in the Command Line parameter.

A custom application or plugin can be run on the serial port. In this situation, the application will start once the serial port is activated and operate solely on the context of that serial port and any network communications related to that serial port. You could run a different custom application on each serial port. The serial port custom application or plugin is configured by specifying the Custom App/Plugin profile for the serial port.

The system level custom application or plugin will begin execution immediately following the system startup. It runs on the context of the whole system and can access network communications as well as any or all serial ports.

Custom App Parameters

Command Line

The name of the application that has been already been downloaded to the IOLAN, plus any parameters you want to pass to the program. For example, using sample outraw program (this is sample program supplied with the SDK), you would type:

outraw -s 0 192.168.2.1:10001 Acct:10001

if you were starting the application on the Server (notice the -s 0 parameter specifies serial port 1 to this particular application).

Field Format: Maximum of 80 characters

Front Panel (only applies to certain models)

Customize status menu order

Allows the user to choose what statuses are displayed on the front panel display and in what auto scrolling order.

Enable status auto-scroll

When enabled, the auto scroll feature on the front panel will scroll using the idle timeout and scroll delay options.

Default: Enabled

Pin A minimum password of 6 numbers must be entered.

Hardware (only applies to certain models)

When connected to an IOLAN, the current hardware installed will be displayed. For off-line configurations, you will able to select your model type, number of port cards and serial interface on each of the port cards (RS232 or USB).

Advanced Options

Review the configuration options in the Advanced page to determine if any of them apply to your implementation.

Login Settings

Bootup Files

You must have a SFTP/TFTP server running on any host that you are downloading files from. When you specify the file path, the path must be relative to the default path set in your SFTP/TFTP server software.

Bootup File Parameters

Message of the Day (MOTD)

The message of the day is displayed when users log into the IOLAN through a telnet, a SSH session or through WebManager/EasyPort Web.

There are two ways to retrieve the message of the day to be displayed to users when they log into the IOLAN:

• The message of the day file is retrieved from a SFTP/TFTP server every time a user logs into the IOLAN. You must have a SFTP/TFTP server running on any host that you are uploading or downloading files to/from when using TFTP. When you specify the file path, the path must be relative to the default path set in your SFTP/TFTP server software.
• The message of the day file is downloaded to the IOLAN and retrieved locally every time a user logs into the IOLAN. You can download an MOTD file to the IOLAN in the DeviceManager by selecting Tools, Advanced, Custom Files and then selecting the Download Other File option and browse to the MOTD file. In WebManager, selectAdministration, Custom Files and select the Other File option and browse to the MOTD file. After the MOTD is downloaded to the IOLAN, you must specify the MOTD file name in the Filename field to access it as the message of the day (no SFTP/FTP Host parameter is required when the file is internal).

MOTD Parameters

TFTP

You must have a TFTP server running on any host that you are uploading or downloading files to/from.

TFTP Parameters

Control RPS, IPSec, WLAN and WWAN

The Control section appears when the IOLAN is connected to a Remote Power Switch and/or, an IPsec tunnel is configured or you have configured a WLAN/WWAN interface.

RPS Control

When a Remote Power Switch's (RPS) console port is attached to the IOLAN's serial port and the serial port is configured for the Power Management profile, you will be able to control the RPS's power plugs either universally or individually (power on/off the whole RPS or individual plugs).

The following buttons are available:

On Turns all the RPS plugs on.

Off Turns all the RPS plugs off.

Cycle Turns all the RPS plugs off and then on.

Reset to Default State

Resets all the RPS plugs to the default state as configured in the Power Management profile settings.

Plug Control

Displays a window that allows you to manage the individual plugs on the RPS.

Plug Control

When you select the Plug Control button, you can power on/off individual plugs.

The "Power Status" field above can contain the following values;

• On - Power is currently being applied to the plug.
• Off - Power is currently not being applied to the plug.

The "Monitor Host Status" field above can contain the following values;

• Disabled - Feature is currently disabled.

• Discovering- Host has never responded to a PING. After a PING response is received once, the status will not return to “discovering until a reboot is performed or a “kill line” is issued on this port.

• Waiting reboot- Monitored host has not responded to all PING retries. It is now marked as needing a reboot and is executing the "delay before reboot" (if configured).

• Rebooting- The monitor host has determined that the host is not responding and has initiated a "power cycle" on the plug in order to re-boot the host.
  • Monitoring- The host is being monitored and is responding to PING requests.

The “# Reboots” field above can contain the number of times that this power plug has been cycled due to a failure to respond to the PINGs.

The "Last Reboot" field above can contain the date and time of the last reboot to take place due to a failure to respond to the PINGs.

Power Controls the power state of the plug as follows;

On Button - Turns the selected plug on.

Off Button - Turns the selected plug off.

Cycle Button - Turns the selected plug off and then on.

Monitor Host

If host monitoring has been enabled on this plug, these buttons control the state of the feature as follows;

On Button - Enables the host monitor function.

Off Button- Disables the host monitor function.

Reset Statistics Button - Resets the "# reboots" and "Last Reboot" fields

OK Closes the window.

Serial Port Power Control

The Serial Port Power Control window allows you to manage the power plugs that have been associated with the serial devices connected to the IOLAN.

On Turns the selected plug on

Off Turns the selected plug off.

Cycle Turns the selected plug off and then on.

Power Plug Status

Displays a window that provides the plug status for every plug associated with the serial port.

Power Plug Status

This Power Plug Status window displays the status of all the plugs associated with a serial port.

Select OK to close this window.

IPsec Tunnel Control

You can start, stop, and restart all the IPsec tunnels. When you start the IPsec tunnels, the Boot Action configured for each IPsec tunnel is what determines its state.:

Start Starts all IPsec VPN tunnels.

Stop Stops all IPsec VPN tunnels.

Restart Stops and then starts all IPsec VPN tunnels.

WLAN Control

Scan

Scan

The IOLAN will scan the network for any broadcasting AP with the same SSID and security type.

WWAN Control

Restart WWAN

Restart Restart the WWAN connection.

Symmetric Key File

This section defines the layout of the NTP/SNTP Symmetric Key file that must be downloaded to the IOLAN in order to use NTP/SNTP server authentication feature. Each line of the NTP/SNTP symmetric key file consists of three fields: a key ID in the range 1 to 65,534, inclusive, a key type and a message digest key consisting of a printable ASCII string equal to or less than 20 characters or a 40 character hex digit string.

Table 0-1

Note:1-10 key ID entries are allowed in this NTP/SNTP key file. Both MD5 and SHA1 are supported. Key ID 0 is excluded.

Administration

This chapter addresses the functions that the admin user or a user with Admin Level privileges might do. This chapter uses the DeviceManager as the configuration method described in most administrative functions. As a general rule, administrative functions are accessed from the menu bar in the DeviceManager and under the Administration option in the WebManager's navigation tree.

Saving Configuration Files

When you connect to the IOLAN using either DeviceManager or WebManager, the IOLAN's active configuration file is loaded into the configurator. To save a backup of the configuration file locally, do the following:

In DeviceManager:

1. From the menu bar, select File, Save As.
2. In the Save As dialog box, specify a name and format for the file. Notice that you can save the file as either a .dme or a .txt file. Either file format can be imported into the DeviceManager and downloaded to the IOLAN in the future. The .dme is a binary file and the .txt file is a text file that can be viewed in any text editor.
3. SelectSave.
4. In WebManager:
5. In the navigation tree, select the Administration option.
6. In the configuration area, select the Backup/Restore button.
7. Select the tab corresponding to the transfer method you wish to use. The options are;
8. Web - Uses HTTP to transfer the data
9. TFTP - Uses Trivial File Transfer Protocol to transfer the data
10. SFTP - Uses Secure File Transfer Protocol to transfer the data.

Note: For both TFTP or SFTP, you must have a host on your network which will act as the TFTP or SFTP Server. HTTP does not require any other host.

1. In the Backup group box, select the format (Binary or Text) in which you want to save the file. Either file format can be imported into the DeviceManager and downloaded to the IOLAN in the future.
2. Select the Backup Configuration button.

Downloading Configuration Files

You can download a configuration file to the IOLAN by doing the following: In DeviceManager:

1. Connect to the IOLAN to retrieve the current configuration file.
2. Open the configuration file you want to download to the IOLAN by selecting File, Import Configuration from a File and then browsing to the configuration file. This will replace the retrieved configuration file.

3. SelectTools, Download Configuration to IOLAN or select the Download All Changes button.

4. Reboot the IOLAN.

5. In WebManager:

6. In the navigation tree, select the Administration option.

7. In the configuration area, select the Backup/Restore button.

8. Select the tab corresponding to the transfer method you wish to use. The options are;

9. Web - Uses HTTP to transfer the data

10. TFTP - Uses Trivial File Transfer Protocol to transfer the data

- SFTP - Uses Secure File Transfer Protocol to transfer the data.

1. In the Restore group box, browse to the configuration file that you want to download to the IOLAN.
2. Select thRestore Configuration button.
3. Reboot the IOLAN.

Note: For both TFTP or SFTP, you must have a host on your network which will act as the TFTP or SFTP Server. HTTP does not require any other host.

Downloading Configuration Files to Multiple IOLANs

You can download a configuration file to multiple IOLANs at the same time by doing the following in DeviceManager. DeviceManager is the only configurator that does this function:

1. Select Tools, Download Configuration to Multiple IOLANs.
2. Specify the IOLANs that you want to download the configuration to, then enter the following information for each IOLAN that you want to configure with the same configuration file.

IP Address

Enter the IP address of the IOLAN that you want to download the configuration to.

Field Format: IPv4 or IPv6 address

Server Name

The name of the IOLAN. The IOLAN name that you put in this field is passed into the configuration before it is downloaded to the IOLAN and cannot be left blank.

Password Enter the admin user password for the IOLAN.

Reboot Server

Determines whether or not the IOLAN is rebooted after it has received the new configuration. The new configuration definitions will not go into effect until the IOLAN is rebooted.

1. SelectAdd to add the IOLAN to the download list. You can also select on the IOLAN entry and edit any information and then select Update to make the edits permanent.
2. Select theDownload> button to start the download process. A status window will display with the configuration download status.

Uploading Configuration Files

When you upload a configuration to the DeviceManager, you are uploading the IOLAN's working configuration file. In most other configurators (the exception being SNMP), you are always seeing the working configuration file.

In DeviceManager, selectTools, Upload Configuration from IOLAN. The working configuration file will automatically be loaded into the DeviceManager.

Specifying a Custom Factory Default Configuration

When you receive the IOLAN, it comes with a factory default configuration that the IOLAN can be reset to at any time. Administrators might find it useful to customize the factory default configuration file, so that if the IOLAN gets reset to its factory defaults, it will be reset to defaults that the Administrator specified.

There are two ways you can set the custom factory default configuration:

- Download a file to the IOLAN—You can download a custom factory default file to the IOLAN using any of the configuration methods. In DeviceManager, you must connect to the IOLAN and then select Tools, Advanced, Custom Files, Custom Factory Default Configuration and then specify the file. In WebManager, you must connect to the IOLAN and then select Administration, Reset, Factory Defaults, Set Current Configuration as Factory Default.

- Download the current configuration to the IOLAN—You can specify the configuration that you are working with/on as the custom factory default configuration using any of the configuration methods (you must be connected to the IOLAN). In DeviceManager, select Tools, Advanced, Set Factory Default to IOLAN. In WebManager, select Administration, Reset, Factory Defaults, Get and Set Factory Default Configuration File.

Using the IOLAN reset button (only applies to certain models)

This inset reset button allows you to reset the IOLAN, reset the IOLAN to its Perle or custom factory default configuration or reset the IOLAN to the Perle factory default settings. The Power/Ready LED color and the resetting of the IOLAN default configuration vary depending on how long you press and hold the RESET button, as shown in the table below.

When you press and hold the RESET button for...

LED color IOLAN System Status

Less than 3 seconds Blinking amber Reboots. All configuration and files will remain the same.

Between 3 and 10 seconds Blinking amber, then turns solid amber when you release the RESET button

Reboots and resets the configuration to the factory default (either the Perle or custom default configuration). All configuration, user IDs, passwords and security certificates are deleted.

Over 10 seconds Blinking amber, then turns solid amber when you release the RESET button

Reboots and resets the configuration to the Perle factory default configuration. All configuration, user IDs, passwords and security certificates are deleted, even if a custom default configuration has been defined.

Downloading IOLAN Firmware

To upgrade the IOLAN firmware (software):

• In DeviceManager, select Tools, Advanced, Download Firmware to IOLAN. You can browse to the firmware location. Once the firmware download is complete, you will be prompted to reboot the IOLAN. You can choose to reboot the IOLAN at another time by selecting Tools, Reset, Reboot IOLAN.
• In WebManager, under the Administration option, select Update Firmware. Either browse to the firmware file and then select the Upload button or configure the TFTP or SFTP server and select the Upload button. Note: If you use the TFTP or SFTP option, the specified TFTP or SFTP server must be on the same subnet as the IOLAN.

Upgrading the firmware does not affect the IOLAN's configuration file or downloaded custom files.

Setting the IOLAN's Date and Time

When you set the IOLAN's time, the connection method and time zone settings can affect the actual internal clock time that is being set. For example, if you are connecting to the IOLAN through the DeviceManager and your PC's time zone is set to Pacific Standard Time (GMT -8:00) and the IOLAN's time zone is set to Eastern Standard Time (GMT -5:00), the IOLAN's time is actually three hours ahead of your PC's time. Therefore, if you set the IOLAN's time to 2:30 pm in the DeviceManager, the IOLAN's actual internal clock time is 5:30 pm. This is the only configuration method that interprets the time and converts it between time zones, as necessary.

All other configuration methods set the IOLAN's internal clock time to the time specified, with no interpretation.

To set the IOLAN's system clock in DeviceManager, selectTools, Advanced, Set Unit Time/Date and in WebManager select Administration, Date/Time. The Set Date/Time window is displayed.

Configure the following parameters:

Date The IOLAN's date. The format of the IOLAN's date is dependent on the Windows operating system and regional settings.

Time The IOLAN's internal clock time, based on your PC's time zone. For example, if your PC's time zone is set to Pacific Standard Time (GMT -8:00) and the IOLAN's time zone is set to Eastern Standard Time (GMT -5:00), the IOLAN's time is three hours ahead of your PC's time. If you set the IOLAN's time to 2:30 pm, the IOLAN's actual internal clock time is 5:30 pm.

Use the PCs Date/ When enabled, sets the IOLAN's time to the PCs time.

Time Default: Enabled

This option is unique to the DeviceManager.

Rebooting the IOLAN

When you download any file (configuration, keys, certificates, firmware, etc.) to the IOLAN, you must reboot the IOLAN for it to take effect by selecting Tools, Reset, Reboot Server in DeviceManager and Administration, Reboot Unit in WebManager.

Resetting Serial Port Statistics

You can reset the IOLAN's serial port/s statistics back to zero.

Resetting the IOLAN to Factory Defaults using the WebManager

You can reset the IOLAN to its factory default configuration by selecting Administration, Reset, Factory Defaults in WebManager. The IOLAN will automatically reboot itself with the Perle factory default or custom factory default configuration.

Resetting the SecurlD Node Secret

If you are using SecurID external authentication, you can select Tools, Reset, Reset SecurID Node Secret in DeviceManager and Administration, Reset, SecurID Secret in WebManager to reset the node secret. You do not need to reboot the IOLAN for this to take effect, it works instantly.

Language Support

Two language files, in addition to English, are supplied on the Perle website, French and German. You can use any of these language files to create a translation into a language of your choice. You can download the language file (whether the language is supplied or translated) into the IOLAN and select the

Language option of Custom Language or Customlang (custom language), making the CLI field labels display in the desired language.

You can view the CLI in one other language only (as well as English). If you download another language file, this new language will replace the first language you downloaded.

You can revert to English at any time; the English language is stored permanently in the IOLAN and is not overwritten by your new language. Each user logged into the IOLAN can operate in either English or the downloaded language.

Loading a Supplied Language

This section describes how to download a language file using the CLI, since it is the least intuitive method. French and German language files can be downloaded from the Perle website.

To load one of the supplied languages into the IOLAN, so the CLI fields appear in another language, do the following:

1. Copy the language file to a host machine on the network; place it in the main file system or on the main hard drive.
2. Either use the TFTP/SFTP defaults in the IOLAN or, configure as necessary, TFTP/SFTP in the IOLAN.
3. In the CLI of the IOLAN, enter the host IP address and file name; for example,
4. Netload customlang 172.16.4.1 /temp/Iolan_ds_French.txt
5. Snetload customlang 172.16.4.1 /temp/Iolan_ds_French.txt
6. The IOLAN will download the language file via TFTP or SFTP.
7. In DeviceManager selectTools, Advanced, Custom Files and then select Download Custom Language File and browse to the language file. In WebManager select Administration, Custom Files and then specify the Custom Language File option and browse to the language file.
8. To set an individual user to the new language, go to theUsers menu and, in the Language field select Customlang. In the CLI (only) you can set individual users or all users to the new language; see the set user * command.
9. The user will see the change of language when he/she logs out (Main Menu, Sessions Menu, Logout) and logs back into the IOLAN. If, as Admin user, you change your language setting to Customlang, you will see the text menus display in the new language when you save and exit the Change User form. Users with Level Normal can also change their display language.

Note: If you download a new software version, you can continue to use your language unchanged; however, we recommend translating the new strings, which will be added to the end of the language file. A Reset to Factory Defaults will reload the Customlang as English.

On successful download, the Customlang in the IOLAN will be overwritten by the new language.

Translation Guidance

To help you with your translation, of supplied ASCII text language files we offer the following guidance:

• The IOLAN will support languages other than English (and the supplied German and French languages). The English language file, english.txt, displays the character length of each line at the beginning of the line. If a translated line goes over that character length, it will be displayed truncated in the CLI.
• Translate line for line, do not omit lines if you do not know the translation; leave the original untranslated text in place. Also, you must maintain the same sequential order of lines. It is a good practice to translate the file using a text editor that displays line numbers, so you can periodically verify that the line sequence has not changed from the original file (by comparing it to the original file).
• Keep all translations in quotes, otherwise the line will not display properly.
  • Each line must end with a carriage return.
• If a line contains only numbers, for example 38400, leave that line in place, unchanged (unless you are using a different alphabet).

Updating Language Files

Updated language files can be found on the Perle website at www.perle.com.

Note: The upgrade of your software (firmware) will not change the display of the language in the CLI.

If you are already using one of the supplied languages, French or German, you probably want to update the language file in the IOLAN. Until you update the IOLAN with the new language file, new text strings will appear in English.

If you are already using a language translated from an earlier version, you probably want to amend your translation. When a language file is updated, we will try to maintain the following convention:

• New text strings will be added to the bottom of the file (not inserted into the body of the existing file).
• Existing text strings, if altered, will be altered in sequence; that is, in their current position in the file.
• The existing sequence of lines will be unchanged.
• Until you have the changes translated, new text strings will appear in the CLI in English.

Downloading Terminal Definitions

All terminal types can be used on the IOLAN. Some terminal types which are not already defined in the IOLAN, however, are unable to use Full Screen mode (menus) and may not be able to page through sessions properly. When installed, the IOLAN has several defined terminal types—Dumb, WYSE60, VT100, ANSI, TVI925, IBM3151, VT320-7, and HP700/44.

If you are not using, or cannot emulate, any of these terminal types, you can add up to three additional terminal definitions to the IOLAN. The terminal definitions can be downloaded from a TCP/IP host.

To download terminal definitions, follow these steps:

1. Decide which TCP/IP host you are going to use. It must be a machine with enabled.
2. Configure SFTP/TFTP in the IOLAN as necessary.
3. SelectTools, Advanced, Custom Files from the menu bar in DeviceManager and Administration, Custom Files in WebManager.
4. From theFile Type drop-down, select Download Terminal Definition. Select the terminal definition option 1, 2, or 3 and then browse to the terminal definition file that is being downloaded to the IOLAN.
5. In theTerminal profile, select the Terminal Type Termx that you custom defined.

Creating Terminal Definition Files

To create new terminal definition files, you need to copy and edit the information from the termininfo database.

1. On a UNIX host, change directory to /usr/lib/terminfo/x (where x is the first letter of the required terminal type). For a Wyse60, for example, you would enter the command cd /usr/lib/terminfo/w.
2. The termcap files are compiled, so use the commandinfocmp termfile to read the required file (for example: infocmp wy60).
3. Check the file for the attribute# (where n is greater than or equal to 1). This attribute will corrupt menu and form displays making the terminal type unsuitable for using Menu mode.
4. If the terminal definition is suitable, change to a directory of your choice.
5. Rename and copy the file to the directory specified at step 4. using the command infocmp termfile > termn where n is greater than or equal to 1; (for example, infocmp wy50 > term1). Make sure the file has global read and execute permission for its entire path.
6. Edit the file to include the following capabilities in this format:

term=
acsc=
bold=
civis=
clear=
cnorm=
cup=
rev=
rmacs=
rmso=
smacs=
smso=
page=
circ= 

For example:

term=AT386 | at386| 386AT |386at |at/386 console
acsc=jYk?lZm@qDtCu4x3
bold=\E[1m
civis=
clear=\E[2J\E[H
cnorm=
cup=\E[%i%p1%02d;%p2%02dH
rev=\E4A
rmacs=\E[10m
rmso=\E[m
smacs=\E[12m
smso=\E[7m
page=
circ=n 

Note: As you can see from the example, capabilities which are not defined in the termininfo file must still be included (albeit with no value). Each entry has an 80 character limit.

On some versions of UNIX, some of the capabilities are appended with a millisecond delay (of the form ). These are ignored by the IOLAN and can be left out.

The ‘acsc’ capability, if defined, contains a list of character pairs. These pairs map the characters used by the terminal for graphics characters to those of the standard (VT100) character set.

Include only the following character pairs:

jx, kx, lx, mx, qx, tx, ux and xx

(where x must be substituted by the character used by the terminal). These are the box-drawing characters used to display the forms and menus of Menu mode. They must be entered in this order.

The last two capabilities will not be found in the termininfo file. In the page field you must enter the escape sequence used by the terminal to change screens. The circ field defines whether the terminal can use previous page and next page control sequences. It must be set to y or n. These capabilities can be found in the documentation supplied with the terminal.

Resetting Configuration Parameters

You can reset the IOLAN to its factory default settings (this will reset it to the Perle factory default or custom factory default settings, depending on what has been configured) through any of the following methods:

You can push in the reset button on the IOLAN hardware for three to ten seconds (pushing it in and then quickly releasing will just reboot the IOLAN). See the IOLAN Hardware Installation Guide to determine the location of the reset button.

• DeviceManager, select Tools, Reset, Reset to Factory Defaults
• CLI, at the command line type, reset factory
• WebManager, select Administration, Reset, Factory Default, and then select the Reset to Factory Defaults button
• Menu, select Network Configuration, Reset to Factory Defaults
  • SNMP, in the adminInfo folder, set the adminFunction variable to 2

Lost admin Password

If the admin user password is lost, there are only two possible ways to recover it:

• reset the IOLAN to the factory defaults
  • have another user that has Admin level rights, if one is already configured, reset the admin password.

SD Flash (applies to some models)

Using the WebManager, you are able to perform these functions on the integrated SD flash. You must provide your own SD flash card.

• Copy - copy firmware and config between the IOLAN and SD flash
• Delete - Delete files and directories in the SD flash
• Dir - list the files and directories on the SD flash
• Mkdir - make a directory on the SD flash
• Format - format the SD flash (removes all files and directories)

RADIUS External Parameters

Although RADIUS can be used strictly for external authentication, it can also be used to configure line and user parameters. Therefore, when a user is being authenticated using RADIUS, it is possible that the user's configuration is a compilation of the parameters passed back from RADIUS, the IOLAN parameters if the user has also been set up as a local user in the IOLAN, and the Default User's parameters for any parameters that have not been set by either RADIUS or the user's local configuration.

Supported RADIUS Parameters

This section describes the attributes which will be accepted by the IOLAN from a RADIUS server in response to an successful authentication request.

Table 0-1

Type Name Description

1 User-Name Request The name of the user to be authenticated.

2 User-Password Request The password of the user to be authenticated.

4 NAS-IP-Address Response The IOLAN's IPV4 address.

5 NAS-Port Response If the user is connected to a physical port then the port number of the port is sent. If the user is connected to the IOLAN itself then a port number of 0 is sent.

6 Service-Type Response Indicates the service to use to connect the user to the IOLAN. A value of 6 indicates administrative access to the IOLAN. Supported values are:

- 1—Login - 3—Callback-Login Equivalent to the IOLAN User Service set by Type 15, Login-Service.

- 2—Framed - 4—Callback-Framed Equivalent to the IOLAN User Service set by Type 7, Framed-Protocol.

- 7—NAS prompt - 9—Callback NAS-prompt Equivalent to IOLAN User Service DSLogin.

- 6—Administrative User - 11—Callback Administrative User Equivalent to IOLAN User Service DSLogin and the User gets Admin privileges.

Table 0-1

Table 0-1

Table 0-1

Accounting Message

This section describes the attributes which will be included by the IOLAN when sending an accounting message to the RADIUS server.

Type Name Description

1 User-Name The name of the user to be authenticated.

4 NAS-IP-Address IP Address of IOLAN LAN interface.

5 NAS-Port If the user is connected to a physical port then the

port number of the port is sent. If the user is connected to the IOLAN itself then a port number of 0 is sent.

Type Name Description

Mapped RADIUS Parameters to IOLAN Parameters

When authentication is being done by RADIUS, there are several Serial Port and User parameters that can be set by the RADIUS server. Any parameters sent by that RADIUS server that are not supported by the IOLAN are discarded. Below is a list of the RADIUS parameters and their IOLAN parameters:

RADIUS Parameter IOLAN Parameter

Service-Type This has no IOLAN field, although it needs to be set to

Framed-User in the RADIUS server if the port is set for PPP or SLIP. For a Console Management profile set the RADIUS Service-Type to NAS prompt.

Framed-Protocol Set to SLIP or PPP service.

Framed-Address Remote IP Address field under either SLIP or PPP.

Caution: the exception to the above rule is a Framed-Address value of 255.255.255.254. When this value is specified in the RADIUS file, the unit will use the Remote IP address configured for a PPP line in the IOLAN.

Framed-Netmask

IPv4 Subnet Mask field under either SLIP or PPP.

Framed-Compression

VJ Compression field under either SLIP or PPP.

Framed-MTU

MTU field under SLIP.

MRU field under PPP.

Idle-Timeout

Idle Timeout under the serial port Advanced settings.

Login-Service Corresponds to one of the following

User Service

parameters: Telnet, Rlogin, TCP Clear, SSH, or SSL Raw.

Session-Timeout

Session Timeout under the serial port Advanced settings.

Callback-Number Combination of the

Enable Callback and Phone

Number fields under User, Advanced settings.

Callback-ID Combination of the

Enable Callback and Phone

Number fields under User, Advanced settings.

Perle RADIUS Dictionary Example

The IOLAN has defined Vendor Specific RADIUS attributes in order for the RADIUS server to be configured to support the IOLAN features of Line Access Rights and User Level. These attributes have been defined in Supported RADIUS Parameters to allow the RADIUS server to be configured for RADIUS users to have this level of configuration.

See below for an example of the Perle defined attributes for the RADIUS server for a 4-port IOLAN (although the dictionary can contain 48 ports, even if they are not all defined):

<h1 id="perle-dictionary">Perle dictionary.</h1>
#
<h1 id="perle-systems-ltd">Perle Systems Ltd.</h1>
<h1 id="httpwwwperlecom">http://www.perle.com/</h1>
#
<h1 id="enable-by-putting-the-line-include-dictionaryperle-into">Enable by putting the line "$INCLUDE dictionary.perle" into</h1>
<h1 id="the-main-dictionary-file">the main dictionary file.</h1>
#
<h1 id="version-130-21-may-2008-add-attribute-for-clustered-port-access">Version: 1.30 21-May-2008 Add attribute for clustered port access</h1>
<h1 id="version-120-30-nov-2005-add-new-line-access-right-values-for-ports-up-to-49">Version: 1.20 30-Nov-2005 Add new line access right values for ports up to 49.</h1>
#
<h1 id="version-110-11-nov-2003-add-new-line-access-right-values">Version: 1.10 11-Nov-2003 Add new line access right values</h1>
<h1 id="version-100-17-jul-2003-original-release-for-vendor-specific-field-support">Version: 1.00 17-Jul-2003 original release for vendor specific field support</h1>
# 

VENDOR Perle 1966 

Perle Extensions

ATTRIBUTE Perle-Clustered-Port-Access 99 integer Perle
ATTRIBUTE Perle-User-Level 100 integer Perle
ATTRIBUTE Perle-Line-Access-Port-1 101 integer Perle
ATTRIBUTE Perle-Line-Access-Port-2 102 integer Perle
ATTRIBUTE Perle-Line-Access-Port-3 103 integer Perle
ATTRIBUTE Perle-Line-Access-Port-4 104 integer Perle
ATTRIBUTE Perle-Line-Access-Port-5 105 integer Perle
ATTRIBUTE Perle-Line-Access-Port-6 106 integer Perle
ATTRIBUTE Perle-Line-Access-Port-7 107 integer Perle
ATTRIBUTE Perle-Line-Access-Port-8 108 integer Perle
ATTRIBUTE Perle-Line-Access-Port-9 109 integer Perle
ATTRIBUTE Perle-Line-Access-Port-10 110 integer Perle
ATTRIBUTE Perle-Line-Access-Port-11 111 integer Perle
ATTRIBUTE Perle-Line-Access-Port-12 112 integer Perle
ATTRIBUTE Perle-Line-Access-Port-13 113 integer Perle
ATTRIBUTE Perle-Line-Access-Port-14 114 integer Perle
ATTRIBUTE Perle-Line-Access-Port-15 115 integer Perle
ATTRIBUTE Perle-Line-Access-Port-16 116 integer Perle
ATTRIBUTE Perle-Line-Access-Port-17 117 integer Perle
ATTRIBUTE Perle-Line-Access-Port-18 118 integer Perle
ATTRIBUTE Perle-Line-Access-Port-19 119 integer Perle
ATTRIBUTE Perle-Line-Access-Port-20 120 integer Perle
ATTRIBUTE Perle-Line-Access-Port-21 121 integer Perle
ATTRIBUTE Perle-Line-Access-Port-22 122 integer Perle
ATTRIBUTE Perle-Line-Access-Port-23 123 integer Perle
ATTRIBUTE Perle-Line-Access-Port-24 124 integer Perle
ATTRIBUTE Perle-Line-Access-Port-25 125 integer Perle
ATTRIBUTE Perle-Line-Access-Port-26 126 integer Perle
ATTRIBUTE Perle-Line-Access-Port-27 127 integer Perle
ATTRIBUTE Perle-Line-Access-Port-28 128 integer Perle 

Perle Clustered Port Access Values

Perle User Level Values

Perle Line Access Right Values

...

TACACS+

Although TACACS+ can be used strictly for external authentication, it can also be used to configure Serial Port and User parameters. Therefore, when a user is being authenticated using TACACS+, it is possible that the user's configuration is a compilation of the parameters passed back from the TACACS+ authentication server, the User's IOLAN parameters if the user has also been set up as a local user in the IOLAN, and the Default User's parameters for any parameters that have not been set by either TACACS+ or the User's local configuration.

User and Serial Port parameters can be passed to the IOLAN after authentication for users accessing the IOLAN from the serial side and users accessing the IOLAN from the Ethernet side connections.

Accessing the IOLAN Through a Serial Port Users

This section describes the attributes which will be accepted by the IOLAN from a TACACS+ server in response to an authentication request for Direct Users.

Name Value(s) Description
service = rlogin
{
    addr = IPv4 or IPv6 address
}
service = tcp_clear
{
    addr = IPv4 or IPv6 address
    port = TCP port number
}
service = slip
{
    routing = true (Send and Listen)
    false (None)
    addr = IPv4 or IPv6 address
}
service = ppp
{
    routing = true (Send and Listen)
    false (None)
    addr = IPv4 or IPv6 address
    port = TCP port number
    ppp-vj-slot-compression true or false
    callback-dialstring phone number, no punctuation
}
service = ssh
{
    addr = IPv4 or IPv6 address
    port = TCP port number
}
service = ssl_raw
{
    addr = IPv4 or IPv6 address
    port = TCP port number
} 

Accessing the IOLAN Through a Serial Port User Example Settings

The following example shows the parameters that can be set for users who are accessing the IOLAN from the serial side. These settings should be included in the TACACS+ user configuration file.

Service = EXEC
{
    priv-lvl = x    # x = 12-15 (Admin)
    # x = 8-11 (Normal)
    # x = 4-7 (Restricted)
    # x = 0-3 (Menu)

    timeout=x    # x = session timeout in minutes

    idletime=x    # x = Idle timeout in minutes

    Perle_User_Service = x    # x = 0 Telnet
    # x = 1 Rlogin
    # x = 2 TCP_Clear
    # x = 3 SLIP
    # x = 4 PPP
    # x = 5 SSH
    # x = 6 SSL_RAW
    # If not specified, command prompt
}

<h1 id="depending-on-what-perle_user_service-is-set-to">Depending on what Perle_User_Service is set to</h1>

service = telnet
{
    addr = x.x.x.x    # ipv4 or ipv6 addr
    port = x    # tcp_port #
}

service = rlogin
{
    addr = x.x.x.x    # ipv4 or ipv6 addr
}

service = tcp_clear
{
    addr = x.x.x.x    # ipv4 or ipv6 addr
    port = x    # tcp_port #
}

service = slip
{
    routing=x    # x = true (Send and Listen)
    # x = false (None)
    addr = x.x.x.x    # ipv4 addr
} 

service = ppp
{
    routing=x    # x = true (Send and Listen)
    # x = false (None)
    addr = x.x.x.x    # ipv4 or ipv6 addr
    ppp-vj-slot-compression = x # x = true or false
    callback-dialstring = x # x = number to callback on
}

service = ssh
{
    addr = x.x.x.x    # ipv4 or ipv6 addr
    port = x    # tcp_port #
}

service = ssl_raw
{
    addr = x.x.x.x    # ipv4 or ipv6 addr
    port = x    # tcp_port #
} 

Accessing the IOLAN from the Network Users

This section describes the attributes which will be accepted by the IOLAN from a TACACS+ server in response to an authentication request for Reverse Users. The TACACS+ service needs to be set to EXEC/raccess or just raccess on the well known port.

Name Value(s) Description

Accessing the IOLAN from the Network User Example Settings

The following example shows the parameters that can be set for users who are accessing the IOLAN from the Ethernet side. These settings should be included in the TACACS+ user configuration file.

<h1 id="settings-for-telnetssh-access">Settings for telnet/SSH access</h1>
service = raccess
{
    priv-lvl = x    # x = 12-15 (Admin)
    # x = 8-11 (Normal)
    # x = 4-7 (Restricted)
    # x = 0-3 (Menu)

    Perle_Line_Access_i=x    # i = port number
    # x = 0 (Disabled)
    # x = 1 (Read/Write)
    # x = 2 (Read Input)
    # x = 3 (Read Input/Write)
    # x = 4 (Read Output)
    # x = 5 (Read Output/Write)
    # x = 6 (Read Output/Input)
    # x = 7 (Read Output/Write)

    timeout=x    # x = session timeout in minutes

    idletime=x    # x = Idle timeout in minutes

    Perle_Clustered_Port_Access=x    # x = 0 (Disabled)
    # x = 1 (Enabled)
} 

Note: Users who are accessing the IOLAN through WebManager or DeviceManager and are being authenticated by TACACS+ must have the Admin privilege level and the TACACS+ service level must be set to EXEC.

<h1 id="settings-for-webmanager-and-devicemanager-access">Settings for WebManager and DeviceManager access</h1>
service=EXEC
{
    priv-lvl = 12    # x = 12-15 (Admin)

    Perle_Line_Access_i=x    # i = port number
    # x = 0 (Disabled)
    # x = 1 (Read/Write)
    # x = 2 (Read Input)
    # x = 3 (Read Input/Write)
    # x = 4 (Read Output)
    # x = 5 (Read Output/Write)
    # x = 6 (Read Output/Input)
    # x = 7 (Read Output/Write)

    Perle_Clustered_Port_Access = 1 # enable clustered port access
} 

Applications

This chapter provides examples of how to integrate the IOLAN within different network environments or applications. Each scenario provides an example of a typical setup and describes the configuration steps to achieve the IOLAN functionality feature.

Dynamic DNS

Dynamic DNS Service providers enable users to access a server connected to the internet that has been assigned a dynamic IP address. The IOLAN product line has built-in support for the DynDNS.com service provider. When the IOLAN is assigned a dynamic IP address, it will inform the DynDNS.com service provider of its new IP address. Users may then use DynDNS.com as a DNS service to get the IP address of the IOLAN. In order to take advantage of this service the following steps need to be taken.

1. Create an account with DynDNS.com and configure the name your IOLAN will be known by on the internet (the Host name). For example, create a host name such as yourcomapnySCS.DynDNS.org.
2. Enable the Server Dynamic DNS feature and configure the IOLAN's dynamic DNS parameters to match the Host's configuration on the DynDNS.com server. Every time the IOLAN gets assigned a new IP address, it will update DynDNS.com with the new IP address.
3. Users accessing the IOLAN via the internet can now access it via its fully qualified host name. For example, telnet yourcompanySCS.DynDNS.org.

Dynamic DNS Update

When the Server Dynamic DNS feature is enabled and the DynDNS.com account information configured, the IOLAN will automatically update the DynDNS.com server with the public IP address assigned by the internet service provider (ISP). In the example below, an public IP address of 206.xx.xx.xx is assigned to the IOLAN by the ISP. The ISP should also provide the following:

• The IOLAN will need to have the Default Gateway configured so IP packets can be routed to the internet.
• You will also need to verify that a valid DNS entry (in the Network settings) has been created, since the DynDNS.com server is accessed via its Domain Name or URL.

If the internet service provider changes the IOLAN's IP address and Dynamic DNS is enabled and properly configured, the IOLAN will automatically send an update message to DynDNS.com to update it with the newly assigned IP address.

graph TD
    A["DynDNS.com"] -->|Update DynDNS.com with new Public IP address| B["IOLAN Settings"]
    C["Internet"] -->|Public IP: 206....| B
    D["Network"] --> B

Using Dynamic DNS Behind a NAT Router

If the IOLAN is installed on a private network and has access to the internet via a router that performs NAT (Network Address Translation), this feature will still operate correctly. The IOLAN determines its internet

facing (public) IP address by sending a special request to the DynDNS.com server. This is the IP address that is used to update the DynDNS.com server. If setting up this type of configuration, verify that:

- The NAT router is identified on the IOLAN as the Default Gateway.

- A valid DNS server is defined in the IOLAN's network settings.

- You may need to setup Port Forwarding on the router to ensure that IP packets for sessions initiated on the internet can be routed to IOLAN.

graph TD
    A["DynDNS.com"] --> B["Internet"]
    B --> C["NAT"]
    C --> D["Network"]
    D --> E["IOLAN Settings"]
    F["Update DynDNS.com with new Public IP address"] --> C
    G["Default Gateway: 192.168.1.1"] --> C
    H["Public IP: 206..."] --> C

Power Management

If you have purchased a Perle RPS (Remote Power Switch) and have it connected to a IOLAN's serial port, you can manage the plugs on the RPS through the DeviceManager, CLI, or the WebManager's EasyPort Web.

In the following example, in the following scenario, the Perle RPS is connected to serial port 1 and there are various other Unix servers connected to the other serial ports. Each Unix server and its monitor is plugged into the RPS so that they can be managed through the power switch if, for example, the server should become remotely inaccessible.

graph TD
    A["Engineering 172.16.54.161"] --> B["Server"]
    C["2: Linux"] --> B
    D["3: Solaris"] --> B
    E["4: Unixware"] --> B

The Line settings for serial line 1 are set to Service Power Management. The Power Management settings are configured to reflect the device (by device name) plugged into each RPS plug and its associated serial line (this allows a user to connect directly to a port and manage the power for all the devices associated with that port).

Any user can access and control all plugs in the RPS. If a user accesses the IOLAN through WebManager by typing the IOLAN's IP address into a web browser and entering their User Name and Password. The Admin user and users who have admin level rights will access the WebManager and can launch EasyPort Web by selecting the EasyPort Web button in the navigation pane. All other users will automatically get EasyPort Web as shown:

From EasyPort Web, a user can either manage the entire RPS unit by selecting the Manage RPS button for Serial Port 1:

Or a user can mange the plugs associated with a serial line by selecting on the Device Power button for that serial.

Machine To Machine Connections

If you are using the IOLAN to connect two hosts, allowing data to flow freely between them, you just need to configure the Server and the Line (no User required). In the following example, the serial device is a security Card Reader that needs to transmit and receive information to/from a host on the network that

maintains the Card Reader's application every time an employee uses an access card to attempt to gain entry to the company.

graph LR
    A["Card Reader"] --> B["Device Server"]
    B --> C["Network"]
    C --> D["Security"]

After configuring the Server parameters (Server Name, IP Address, Ethernet and Serial interfaces, etc.), the Line Service is set to Sil Raw, which creates an automatic, continuous connection between the Card Reader and its associated application on the Security host (though the IOLAN), by specifying the Security host name (which must already be configured in the IOLAN's Host Table) and TCP/IP port number. Therefore, the Card Reader can make a request to the Security host card reader application for employee verification, also logging access time, employee name, etc., and the Security host application can send back a code that does or does not unlock the door.

Creating User Sessions

Sessions are defined for users who are coming in through a serial device and are connecting to a host on the LAN.

Users who have successfully logged into the IOLAN (User Service set to DSprompt) can start up to four login sessions on LAN hosts. These users start sessions through the Menu option Sessions.

Multiple sessions can be run simultaneously on the same host or on different hosts. Users can switch between different sessions and also between sessions and the IOLAN using hotkey commands.

Users with Admin or Normal privileges can define new sessions and connect through them, even configure them to start automatically on login to the IOLAN. Restricted and Menu users can only start sessions pre-defined for them by the Admin user.

Users can be configured to have access to a specific port and access modes for this port, such as Read/Write (RW), Read Input (RI), Read Output and Read Both (RI & RO).

Configuring Modbus

This sections provides a brief overview of the steps required to configure the IOLAN for your Modbus environment.

Configuring a Master Gateway

To configure a Master Gateway (Modbus Master connected to the serial side of the IOLAN), do the following:

1. Set the serial port that is connected to the serial Modbus Master to the Modbus Gateway profile.
2. In the Modbus Gateway profile on the General tab, set the Mode to Modbus Master.
3. Still on the General tab, select the Destination Slave IP Mappings button to map the Modbus Slave's IP addresses and their UIDs that the serial Modbus Master will attempt to communicate with.
4. For specialized configuration options, select the Advanced tab and configure as required.

Configuring a Slave Gateway

To configure a Slave Gateway (Modbus Master resides on the TCP/Ethernet network), do the following:

1. Set the serial port that is connected to the serial Modbus Slave(s) to the Modbus Gateway profile.

2. In the Modbus Gateway profile on the General tab, set the Mode to Modbus Slave.

3. Still on the General tab, specify the Modbus Slave UIDs that the TCP Modbus Master will attempt to communicate with.

4. Still on the General tab, select the Advanced Slave Settings button to configure global Slave Gateway settings.
5. For specialized configuration options, select the Advanced tab and configure as required.

Modbus Gateway Settings

The scenarios in this section are used to illustrate how the IOLAN's Modbus Gateway settings are incorporated into a Modbus device environment. Depending on how your Modbus Master or Slave devices are distributed, the IOLAN can act as both a Slave and Master Gateway(s) on a multiport IOLAN or as either a Slave or Master Gateway on a single port IOLAN.

Modbus Master Gateway

The IOLAN acts as a Master Gateway when the Modbus Master is connected to a serial port on the IOLAN. Each Modbus Master can communicate to UIDs 1-247.

Modbus

graph LR
    A["Modbus"] -->|TCP| B["Network"]
    C["Modbus Master"] -->|EIA-422/485| D["Modbus"]
    B -->|Master IOLAN| E["IOLAN"]
    B -->|Serial EIA-232| F["Modbus Master"]

Modbus Slave Gateway

The IOLAN acts as a Slave Gateway when the Modbus Master resides on the TCP/Ethernet network and the Modbus Slaves are connected to the serial ports on the IOLAN. Note: The IOLAN provides a single gateway to the network-attached Modbus Masters. This means that all Modbus Slaves attached to the IOLAN's serial ports must have a unique UID. Multiple Masters on the network can communicate with these Modbus Slaves. Note: If a transaction is in progress to a Modbus Slave, other requests to that same device will be queued until that transaction is complete.

Modbus Master

graph LR
    A["User"] --> B["TCP"]
    B --> C["Network"]
    C --> D["Slave Gateway"]
    D --> E["EIA-232"]
    E --> F["Modbus"]
    D --> G["Modbus"]
    D --> H["Modbus"]
    D --> I["Modbus"]
    D --> J["Modbus"]
    D --> K["Modbus"]
    D --> L["Modbus"]
    D --> M["Modbus"]
    D --> N["Modbus"]
    D --> O["Modbus"]
    D --> P["Modbus"]
    D --> Q["Modbus"]
    D --> R["Modbus"]
    D --> S["Modbus"]
    D --> T["Modbus"]
    D --> U["Modbus"]
    D --> V["Modbus"]
    D --> W["Modbus"]
    D --> X["Modbus"]
    D --> Y["Modbus"]

Modbus Serial Port Settings

Modbus Master Settings

When the Modbus Masters is attached to the IOLAN's serial port, configure that serial port to the Modbus Gateway profile acting as a Modbus Master. You must configure the Modbus TCP Slaves on the TCP/Ethernet side so the IOLAN can properly route messages, using the Modbus Slave's UIDs, to the appropriate TCP-attached devices.

Modbus Slave

IP: 10.10.10.12

UID: 23

graph LR
    A["Modbus Slave"] -->|IP: 10.10.10.11\nUID: 22| B["TCP"]
    C["Modbus Master"] -->|EIA-232| D["Modbus"]
    B --> E["Network"]
    E --> F["IOLAN"]
    F --> G["Master"]
    G --> H["EIA-422/485"]
    H --> I["Modbus Master"]
    F --> J["Serial Port 1"]

To configure the Modbus Master on serial port 1, do the following:

1. Select the Modbus Gateway profile for serial port 1.
2. On the General tab, enable the Modbus Master parameter.
3. Select the Destination Slave IP Mappings button and select the Add button in the Destination Slave IP Mappings window.
4. Configure the Destination Slave IP Mappings window as follows

The IOLAN will send a request and expect a response from the Modbus Slave with an IP Address of 10.10.10.11 on Port 502 with UID 22 and from the Modbus Slave with and IP Address of 10.10.10.12 on Port 502 with UID 23 (remember when Type is set to Host, the IOLAN increments the last octet of the IP address for each UID specified in the range).

Modbus Slave Settings

When you have Modbus Slaves on the serial side of the IOLAN, configure the serial port to the Modbus Gateway profile acting as a Modbus Slave. There is only one Slave Gateway in the IOLAN, so all Modbus serial Slaves must be configured uniquely for that one Slave Gateway; all serial Modbus Slaves must have unique UIDs, even if they reside on different serial ports, because they all must be configured to communicate through the one Slave Gateway.

Modbus Master

graph TD
    A["Computer"] -->|TCP| B["Network"]
    C["Modbus Master"] --> B
    B --> D["Slave Gateway"]
    D --> E["EIA-422/485"]
    E --> F["Modbus UID: 6"]
    E --> G["Modbus UID: 7"]
    E --> H["Modbus UID: 8"]
    F --> I["Serial Port 1"]

To configure the Modbus Gateway on serial port 1, do the following:

1. Select the Modbus Gateway profile for serial port 1.
2. On the General tab, enable the Modbus Slave parameter.
3. On the General tab, specify the UID Range as 6-8 as shown below:

Select the Advanced Slave Settings button to verify that the default settings are acceptable.

Configuring PPP Dial On Demand

The IOLAN can be configured to access remote networks via modems connected to the serial interface of the IOLAN. By configuring the IOLAN for the Remote Access (PPP) profile, data that is destined for the

remote network will initiate a modem connection to the remote network to route the data to its appropriate destination.

graph TD
    A["Local Host"] --> B["Network 172.16.0.0"]
    B --> C["IOLAN"]
    C --> D["Network"]
    D --> E["PPP Local IP Addr: 195.16.20.23"]
    D --> F["PPP Remote IP Addr: 195.16.20.24"]
    C --> G["Network"]
    G --> H["204.16.0.0"]
    H --> I["Remote Host 204.16.25.72"]
    style A fill:#f9f,stroke:#333
    style B fill:#ccf,stroke:#333
    style C fill:#cfc,stroke:#333
    style D fill:#fcc,stroke:#333
    style E fill:#cff,stroke:#333
    style F fill:#ffc,stroke:#333
    style G fill:#cfc,stroke:#333
    style H fill:#fcc,stroke:#333
    style I fill:#cfc,stroke:#333

If you want to configure a serial port to use PPP dial on demand, do the following:

1. Create an entry for the modem and its initialization string (Serial, Advanced, Modems tab).
2. Set the serial port to Remote Access (PPP).
3. In Remote Access (PPP), select the Advanced tab. Enable the Connect option and select Dial Out. Set the Modem parameter to the modem you just added. Enter the Phone number that the modem will be calling.
4. Still on the Advanced tab, set the Idle Timeout parameter to a value that is not zero (setting this value to zero creates a permanent connection).
5. On the General tab, enter one of the following:

• A Local and/or Remote IPv4 Address
• A Local and/or Remote IPv6 Interface Identifier

Note: .that this IP address or interface identifier should be on its own unique network; that is not part of the local or remote networks.

In this example, the local network has an IPv4 address of 172.16.0.0/16 and the remote network has an IPv4 address of 204.16.0.0/16, so we arbitrarily assigned the PPP IPv4 Local IP Address as 195.16.20.23 and the PPP IPv4 Remote IP Address as 195.16.20.24.

Next you need to create a gateway and destination route entry. SelectNetwork, Advanced, and the Route List tab.

For the destination, if you want the connection to be able to reach any host in the remote network, set the Type to Network and specify the network IP address and subnet/prefix bits; if you want the connection to go directly to a specific remote host, set the Type to Host and specify the host's IP address.

We want a specific host to the be destination, so we configured the Type as Host:

We also need to create a Gateway entry using the same PPP IPv4 local IP address. Any traffic that goes through the gateway will automatically cause PPP to dial out:

Setting Up Printers

The IOLAN can communicate with printers on its serial ports using LPD and RCP protocols, as well as print handling software using TCP/IP.

Remote Printing Using LPD

When setting up a serial line that access a printer using LPD, do the following:

1. Set the serial port to Printer and configure the Speed, Flow Control, Stop Bits, Parity, and Bits parameters so that they match the printer's port settings.
2. Save your settings and restart the serial port.

3. Verify that LPD has been configured on the network host. To configure LPD on the network host, you need to know the name or IP address of the IOLAN and the print queue, either raw_p for a raw data connection or ascii_p for an ASCII character connection. If you want to direct output to a hunt group, omit the port number(s). For example: raw_p or ascii_p. You can optionally append_d or_f to the queue name to add a or to the end of the print job.

4. To execute a print job on a UNIX Linux system, use the following syntax:

5. lp -d raw_p

Remote Printing Using RCP

When setting up a serial port that accesses a printer using RCP, do the following:

1. Set the serial port to Printer and configure the Speed, Flow Control, Stop Bits, Parity, and Bits parameters so that they match the printer's port settings.
2. Save your settings and restart the serial port.
3. To execute a print job, use either of the following syntaxes:
4. rcp : or

rcp <filename> <IOLAN_Name><line_name> 

where <#> is the IOLAN serial port number.

Remote Printing Using Host-Based Print Handling Software

Printers connected to the IOLAN can be accessed by TCP/IP hosts using print handling software.

1. Set the serial port to TCP Sockets. Enable the Listen for connection option. On the Hardware tab, configure the Speed, Flow Control, Stop Bits, Parity, and Bits parameters so that they match the printer's port settings.
2. Save your settings and restart the serial port.
3. The print handling software needs to know the Name of the IOLAN and the TCP Port number assigned to the printer serial port.

Configuring a Virtual Private Network

You can configure the IOLAN to act as a Virtual Private Network (VPN) gateway using the IPsec protocol. Any of the following scenarios can be configured using one IOLAN and a host/server running IPsec software or two IOLANs, each acting as the VPN gateway. All the examples have NAT Traversal (NAT_T) enabled, since both VPN gateways are running through routers.

IOLAN-to-Host/Network

The following example shows how to configure an IPsec tunnel between serial devices connected to the IOLAN and a host/network. NAT Traversal (NAT_T) is enabled in this example (on both sides) because the VPN tunnel is going private network to public network to private network. This example uses an RSA

signature for the authentication method, so the steps required to configure the authentication are in this example.

Unencrypted

graph LR
    A["Data"] --> B["Left"]
    B --> C["Router 172.16.45.1"]
    C --> D["IPsec Tunnel--Encrypted Data"]
    D --> E["Router 172.16.45.9"]
    E --> F["External IP Address 196.15.23.56"]
    F --> G["Internet"]
    G --> H["Router 192.168.45.9"]
    H --> I["Right Remote VPN Gateway"]
    I --> J["Unencrypted Data"]
    J --> K["Computer 192.168.45.8"]
    J --> L["Computer 192.168.45.1"]

Configure the IPsec tunnel in the IOLAN:

1. Use a utility (for example, Openswan's newhostkey/showhostkey utilities) to generate the RSA signature public key for the Remote VPN gateway. Copy the public key portion to a file using the following format:

<description>=<keydata> 

or just

<keydata> 

For example:

# RSA 1024 bits scs48 vpn Tue Jan 3 15:29:33 2006

leftrsasigkey=OsAQOEmzSTdNvl2UJW9UmPtUY84gM5AGEAOq9gUwFqnOUsESfnuX1xPe+Mc+ufXYvglvxYZ0XhdIhlFwFeeIQLyRvD447mjriMFjJfheMUtHqOZhvWSE18ZfGEXNOo7yagZqLzjxu9XJIA2SACV+/LL3epPqM2fV5ORxVrf7uWn7I5FQ==

Note that the pound sign (#) indicates a comment line and all characters in that line are ignored. The key value itself should not have an carriage returns.

1. In the DeviceManager, select Tools, Advanced, Keys and Certificates. In the WebManager, select Tools, Administration, Keys/Certificates. Download the RSA signature public file (for the Remote VPN Gateway) to the DeviceManager, specifying the IPsec tunnel it's for:

In the same Keys and Certificates window, upload the IOLAN's RSA signature public key:

Install the IOLAN's public key in the remote VPN gateway for the Serial_Devices IPsec tunnel. Enable the IPsec service found in Security, Services.

Network-to-Network

The following examples shows how to configure a network-to-network IPsec tunnel. This example uses the X.509 Certificate authentication method, so it includes the configuration requirements for the X.509 certificate. NAT Traversal (NAT_T) is enabled in this example (on both sides) because the VPN tunnel is going private network to public network to private network. Notice also that the serial devices connected to the IOLAN can be accessed by the VPN tunnel, since they are included in the network configuration as part of the 172.16.45.0 subnetwork.

graph LR
    A["Left"] --> B["Router"]
    B --> C["IPsec Tunnel--Encrypted Data"]
    C --> D["Router"]
    D --> E["Right"]
    subgraph Unencrypted Data
        F["172.16.45.23"] --> G["Computer"]
        H["172.16.45.8"] --> I["Computer"]
        J["192.168.45.1"] --> K["Computer"]
    end
    subgraph Unencrypted Data
        L["172.16.45.23"] --> M["Computer"]
        N["172.16.45.8"] --> O["Computer"]
        P["192.168.45.8"] --> Q["Computer"]
        R["192.168.45.1"] --> S["Computer"]
    end
    B -->|External IP Address 196.15.23.56| D
    D -->|External IP Address 199.15.23.56| C
    style B fill:#f9f,stroke:#333
    style D fill:#f9f,stroke:#333
    style C fill:#ccf,stroke:#333
    style E fill:#cfc,stroke:#333
    style F fill:#fcc,stroke:#333
    style H fill:#fcc,stroke:#333
    style I fill:#fcc,stroke:#333
    style J fill:#fcc,stroke:#333
    style K fill:#fcc,stroke:#333
    style L fill:#cff,stroke:#333
    style M fill:#cff,stroke:#333
    style N fill:#cff,stroke:#333
    style O fill:#cff,stroke:#333
    style P fill:#cff,stroke:#333
    style Q fill:#cff,stroke:#333
    style R fill:#cff,stroke:#333
    style S fill:#cff,stroke:#333

1. Configure the IPsec tunnel in the IOLAN.
   

1. Select the Remote Validation Criteria button and enable and populate the fields that are required for the remote X.509 certificate validation. If you just want to validate the X.509 certificate signer, you do not need to enable any of the remote validation criteria fields.
2. If the signer of the remote X.509 certificate has not already been included in the CA list file that has already been downloaded to the IOLAN, you need to add (append) the signer of the X.509 certificate to the CA list file and then download the file to the IOLAN by selecting Tools, Advanced, Keys and Certificates. In the Keys and Certificates window, select Download SSL/TLS CA and the file name and select OK. Note that this file must be a concatenation of all certificate signers required for any SSL/TLS, LDAP, SSH, and/or IPsec connections.
3. Enable the IPsec service found in Security, Services.

Host-to-Host

The following example shows how to configure two IOLANs to work as VPN gateways for a host-to-host IPsec tunnel. NAT Traversal (NAT_T) is enabled in this example (on both sides) because the VPN tunnel is going private network to public network to private network. In this example, both of the IOLAN VPN gateways have a DHCP assigned IP address.

graph LR
    A["Left IOLAN VPN Gateway DHCP assigned IP"] --> B["Router"]
    B --> C["IPsec Tunnel--Encrypted Data"]
    C --> D["Router"]
    D --> E["DHCP assigned IP"]
    F["Unencrypted Data"] --> G["172.16.45.23"]
    H["External IP Address 196.15.23.56"] --> B
    I["External IP Address 199.24.23.88"] --> D
    J["Right IOLAN VPN"] --> K["192.168.45.8"]

1. The following window configures the Left IOLAN VPN Gateway.

%defaultroute is entered for the Local IP Address because the IP address is DHCP assigned and is therefore subject to change.

1. The following window configures the Right IOLAN VPN Gateway.

%defaultroute is entered for the Local IP Address because the IP address is DHCP assigned and is therefore subject to change.

%any is entered for the Remote IP Address to indicate that it will accept a VPN connection from any host/network; this is necessary because the Left IOLAN VPN gateway is DHCP assigned and cannot be known. Also note that Boot Action on the Left IOLAN VPN gateway is set to Start, meaning that it will try to initiate the VPN connection, while the Boot Action on the Right IOLAN VPN gateway is set to Add, which will listen for a VPN connection request.

Enable the IPsec service found in Security, Services.

VPN Client-to-Network

The following example shows how to configure a VPN client-to-network IPsec tunnel. In this example, the IOLAN will accept VPN connections from multiple VPN clients on private networks that want to access the public 199.24.0.0 subnetwork through the VPN gateway. NAT Traversal (NAT_T) is disabled in this example (on both sides) because the VPN tunnel is going private network to public network.

graph LR
    A["VPN Client 172.16.45.45"] --> B["Router 172.16.45.9"]
    B --> C["Internet"]
    C --> D["Broadband Router 199.24.10.1"]
    D --> E["IPsec Tunnel--Encrypted Data"]
    E --> F["Unencrypted Data 199.24.45.87"]
    E --> G["Right 199.24.10.10"]
    style A fill:#f9f,stroke:#333
    style B fill:#ccf,stroke:#333
    style C fill:#cfc,stroke:#333
    style D fill:#fcc,stroke:#333
    style E fill:#cff,stroke:#333
    style F fill:#ffc,stroke:#333
    style G fill:#fcc,stroke:#333

Configure the IPsec tunnel in the IOLAN:

The Remote IP Address field is set to any to allow any VPN client to communicate in the IPsec tunnel that can validate the Secret. Also, the Remote Host/Network field is configured for 0.0.0.0 to allow any remote peer private IP address (RFC 1918—10.0.0.0/8, 172.16.0.0./12, 192.168.0.0/16) access to the IPsec tunnel. Lastly, the Boot Action is set to Add to listen for an IPsec tunnel connection.

Configuring HTTP Tunnels

Note: When HTTP tunneling is used TCP and UDP ports 50000 and above are reserved and should not be configured by the user.

Serial-to Serial

The following example will demonstrate how to set up a serial device (VT100 Terminal) to serial device (Linux host, console port) connection via an HTTPS tunnel. HTTPS will be used because data security is required. Because IOLAN 1 is behind the firewall, it will need to initiate the HTTP tunnel connection.

See parameters for

Configure a "Listen for connection" HTTP tunnel on IOLAN 2

▶ Check HTTPS for secure tunnel connection. This must match configuration IOLAN 1

On IOLAN 1, under Serial port configuration, select serial ports and configure for Terminal profile.

On IOLAN 2, under serial port configuration, select serial port and configure for Console Management profile.

The setup for HTTP Tunnel serial-to-serial is now complete.

Serial-to Host

The following example will demonstrate how to setup a serial device (Point of Sale terminal) to an IP host (100.10.60.3) connection via an HTTP tunnel. Because IOLAN 1 is behind the firewall, it will need to initiate the tunnel connection to IOLAN 2. At the application level, the serial device will initiate the connection with the IP host.

For more HTTP tunneling configuration parameters see Configuring HTTP Tunnels.

System/Device

graph LR
    A["TCP Sockets 10.10.60.3"] --> B["IOLAN 1 10.10.50.2"]
    B --> C["HTTP Tunnel Data"]
    C --> D["IOLAN 2 100.10.50.1"]
    D --> E["Serial Device"]
    F["Point of Sale"] --> D

Configure a "connect to" HTTP tunnel on IOLAN 1.

Configure a "Listen for connection" HTTP tunnel on IOLAN 2

Host-to Host

The following example will demonstrate how to setup an IP Host (10.10.100.2) to an IP Host (100.10.50.60) connection via an HTTP tunnel. In this example, the hosts are doing a TFTP transfer which uses the UDP protocol.

Because IOLAN 1 is behind the firewall, it will need to initiate the tunnel connection to IOLAN 2.

For more HTTP tunneling configuration parameters see Configuring HTTP Tunnels.

graph LR
    A["TFTP Client\n10.10.100.2"] --> B["IOLAN 1\n10.10.50.2"]
    B --> C["HTTP Tunnel Data\n100.10.50.1"]
    C --> D["IOLAN 2\n100.10.50.1"]
    D --> E["TFTP Server\n100.10.50.60"]

Configure a "Listen for connection" HTTP tunnel.

On IOLAN 1, under HTTP Tunnel, add a Tunnel destination. The setup for HTTP Tunnel Host-to-Host is now complete.

Tunnel Relay

The following example will demonstrate how to setup an IP host (10.10.10.10) to an IP Host (10.10.11.11) connection using HTTP tunnels when both hosts are sitting behind a firewall. To do this, a third IOLAN which is not behind a firewall is required.

Because IOLAN 1 and IOLAN 3 are both behind a firewall, each will need to initiate a connection to IOLAN2 who is in the open.

For more Tunnel Relay configuration parameters see Serial Tunneling General Parameters.

graph LR
    A["IOLAN 1<br>10.10.50.2"] --> B["HTTP Tunnel Data"]
    B --> C["IOLAN 2<br>100.10.50.1"]
    C --> D["IOLAN 3<br>10.10.50.3"]
    D --> E["Telnet Host<br>10.10.11.11"]
    F["Telnet Client<br>10.10.10.10"] --> A

Configure a "connect to" HTTP tunnel on IOLAN 1.

Configure a "Listen for connection" HTTP tunnel on IOLAN 2.

Configure a second "Listen for connection to IOLAN

Configure a "connect to" HTTP tunnel on IOLAN

On IOLAN 1, under HTTP Tunnel, add a Tunnel destination.

On IOLAN 2, under HTTP Tunnel, add a Tunnel destination.

The setup for HTTP Tunnel Relay is now complete.

Valid SSL/TLS Ciphers

This appendix contains a table that shows valid SSL/TLS cipher combinations.

Note: Some combinations of cipher groups are not available on FIPS firmware versions.

Virtual Modem Initialization Commands

You can initialize the modem connection using any of the following commands:

TruePort

This chapter provides information on TruePort and the Decoder utilities.

Trueport is a com port redirector utility for the IOLAN. It can be run in two modes:

• TruePort Full mode—This mode allows complete device control and operates exactly like a directly connected serial port. It provides a complete COM port interface between the attached serial device and the network.
• TruePort Lite mode—This mode provides a simple raw data interface between the device and the network. Although the port will still operate as a COM port, control signals are ignored. In this mode, the serial communications parameters must be configured on the IOLAN.

You use TruePort when you want to connect extra terminals to a server using the IOLAN rather than a multi-port serial card. TruePort is especially useful when you want to improve data security, as you can enable an SSL/TLS connection between the TruePort host port and the IOLAN. When run on UNIX, TruePort allows you to print directly from a terminal to an attached printer (transparent printing). You can also remap the slow baud rate of your UNIX server to a faster baud rate, as shown below.

graph LR
    A["UNIX, running TruePort Daemon, baud"] --> B["Network"]
    B --> C["Ethernet"]
    C --> D["Serial Map UNIX baud rate 4,800 to 230,400 for"]
    D --> E["PC"]

Currently, TruePort is supported on Linux, Windows ^® , SCO ^® , Solaris ^® , and others. For a complete list of the supported operating systems, see the Perle website.

Decoder

If you are using Port Buffering NFS Encryption, you need to run the Decoder utility to view the port buffering logs. See the Readme file to install the Decoder utility on any of the following 32-bit platforms.

- Windows ^® 2000 and greater platform

Note: The Windows/DOS platform restricts the converted readable file to an 8.3 filename limitation.

• DOS
- Solaris x 8 6
• Solaris Sparc 32-bit/64-bit
- Linux x86 v2.4.x

Modbus Remapping Feature

This appendix provides additional information about the Modbus Remapping feature.

Modbus Remapping Feature

The Modbus remapping feature allows a TCP Modbus Master to poll a Modbus slave device and have the IOLAN translate the UID to a different UID for the slave device. The Master UID has to be unique on the IOLAN. The Slave UID must be unique on each serial port. The translate rules are controlled by a file downloaded to the IOLAN.

The following procedure will allow you to use the Modbus remapping feature:

Create a configuration file

• The file must be called "modbus.remap"
  • One translate rule per line
• The fields on a line are separated by a comma

Line format for one UID is:

• port, master_uid, slave_uid
• port: is the IOLAN port number that the slave is connected to
• master_uid: is the UID that the TCP Modbus Master uses
• slave_uid: is the UID that the Modbus slave uses

Line format for UID ranges is:

• port, master_start-master_end, slave_start-slave_end
• port: is the IOLAN port number that the slave is connected to
• master_start: is the first master UID in the range
• master_end: is the last master UID in the range
• slave_start: is the first slave UID in the range
• slave_end: is the last slave UID in the range

Configuring the Modbus UID Remapping Feature

1. On the serial port Modbus Gateway, configure Modbus slave. Configuration parameters such as "UID range" and UID Address Mode will be ignored in this mode of operation
2. Download the "modbus_remap" file that you created to the IOLAN using:
3. Device Manager: use "tools-advanced-custom files" dialog "download other file"
4. Web Manager: use "administration-custom files" page "other file"
5. CLI: use the command "netload customapp-file" command
6. See all network problems at a glance and take appropriate action

Data Logging Feature

This appendix provides additional information about the Data Logging Feature

Trueport Profile

The following features are not compatible when using the Data Logging feature.

• Allow Multiple Hosts to connect
• Connect to Multiple Hosts
  • Monitor DSR or DCD
• Signals high when not under Trueport client control
• Message of the day
• Session timeout

TCP Socket Profile

The following features are not compatible when using the Data Logging feature.

• Allow Multiple Hosts to connect
• Connect to Multiple Hosts
  • Monitor DSR or DCD
• Permit connections in both directions
• Authenticate user
• Message of the day
• Session timeout