1. Manuals
  2. Brands
  3. Sena Manuals
  4. Server
  5. STS Series
  6. User manual

Sena STS Series User Manual

Secure terminal server
Hide thumbs
Table of Contents

Advertisement

Quick Links

Secure Terminal Server
STS Series

User Guide

Version 1.3.3
2005-11-08
1

Advertisement

Table of Contents
loading

Related Manuals for Sena STS Series

Summary of Contents for Sena STS Series

  • Page 1: User Guide

    Secure Terminal Server STS Series User Guide Version 1.3.3 2005-11-08...

  • Page 2: Copyright Information

    This device is not approved for use as a life-support or medical system. Any changes or modifications made to this device without the explicit approval or consent of Sena Technologies will void Sena Technologies of any liability or responsibility of injury or loss caused by any malfunction.

  • Page 3: Revision History

    Revision history Revision Date Name Description V1.0.2 2003-12-3 O.J. Jung Initial Release V1.1.0 2004-01-12 O.J. Jung Revision with release of version 1.1.0 V1.1.1 2004-01-30 O.J. Jung Typographical errors are fixed V1.2.0 2004-06-11 O.J. Jung Revision with release of version 1.2.0 V1.3.0 2004-10-11 O.J.

  • Page 4: Table Of Contents

    Contents 1. Introduction 1.1. Overview ........................... 7 1.2. Package Check List........................8 1.3. Product Specification......................... 9 1.4. Terminologies and acronyms ....................10 2. Getting Started 2.1. Panel Layout ........................... 12 2.1.1. STS800 Panel Layout ..................... 12 2.1.2. STS1600 Panel Layout ....................13 2.2.
  • Page 5 4.1. Overview ..........................36 4.2. Individual Port Configuration ....................39 4.2.1. Port Enable/Disable ......................40 4.2.2. Port Title ......................... 40 4.2.3. Apply All Port Settings..................... 40 4.2.4. Host Mode Configuration ....................41 4.2.5. Remote host configuration ....................49 4.2.6. Port IP filtering configuration ................... 50 4.2.7.
  • Page 6 A 5.5. Firmware upgrade menu ....................114 Appendix 6. Using STS Series with Serial/IP A 6.1. STS Series vs. Serial/IP options..................116 A 6.2. Connection example - Telnet and SSLv3 encryption ............117 Appendix 7. How to make a certificate for SSL encryption A 7.1.

  • Page 7: Introduction

    1. Introduction 1.1. Overview The STS Series is a secure terminal server (or device server) that makes your legacy serial devices manageable by industry-standard Ethernet network. Based on open network protocols such as TCP/IP and UDP, it gives you ultimate flexibility to your serial devices. With PPPoE (PPP-over-Ethernet) connection feature of the STS Series, the RS232 serial devices could be managed over DSL-based broadband network.

  • Page 8: Package Check List

    1.2. Package Check List - STS Series external box - External 110V or 230V power supply or power cord - CAT5 cable - Console cable kit - Quick Start Guide - CD-ROM, including the Serial/IP Com Port Redirector, HelloDevice-IDE, HelloDevice Manager...

  • Page 9: Product Specification

    1.3. Product Specification STS800 STS1600 Serial Interface 8-port 16-port Serial speeds 75bps to 230Kbps Flow Control: Hardware RTS/CTS, Software Xon/Xoff RJ45 connector Signals: RS232 Rx, Tx, RTS, CTS, DTR, DSR, DCD, GND Modem controls: DTR/DSR and RTS/CTS Network Interface 10/100 Base-Tx Ethernet with RJ45 Ethernet connector Supports static and dynamic IP address Protocols - ARP, IP/ICMP, TCP, UDP, Telnet, SSH v1 &...

  • Page 10: Terminologies And Acronyms

    It is a unique 12-digit hardware number, which is composed of 6-digit OUI (Organization Unique Identifier) number and 6-digit hardware identifier number. The STS Series has the following MAC address template: 00-01-95-xx-xx-xx. The MAC address can be found on the bottom of the original package.
  • Page 11 Table 1-1 Acronym Table Internet Service Provider Personal Computer Network Interface Card Media Access Control Local Area Network Unshielded Twisted Pair ADSL Asymmetric Digital Subscriber Line Address Resolution Protocol Internet Protocol ICMP Internet Control Message Protocol User Datagram Protocol Transmission Control Protocol DHCP Dynamic Host Configuration Protocol SMTP...

  • Page 12: Getting Started

    2. Getting Started This chapter describes how to set up and configure the STS Series. - 2.1 Panel Layout explains the layout of the panel and LED indicators. - 2.2 Connecting the Hardware describes how to connect the power, the network, and the equipment to the STS Series.

  • Page 13: Sts1600 Panel Layout

    - Connect the STS Series to an Ethernet hub or switch - Connect the device 2.2.1. Connecting the power Connect the power cable to the STS Series. If the power is properly supplied, the [Power] lamp will light up green.

  • Page 14: Connecting To The Network

    2.2.2. Connecting to the network Plug one end of the Ethernet cable to the STS Series Ethernet port. The other end of the Ethernet cable should be connected to a network port. If the cable is properly connected, the STS Series will have a valid connection to the Ethernet network.

  • Page 15: Connecting To The Device

    2.2.3. Connecting to the device Connect the console cable to the STS Series serial port. To connect to the console port of the device, the user needs to consider the type of console port provided by the device itself. In the STS Series cable kit package, plug-in adapters are provided for the easier connectivity to the user’s devices.

  • Page 16: Using The System Console

    STS Series using terminal emulator. Web: Remote users who want to use a web browser to configure the STS Series can connect to the STS Series using conventional web browsers, such as Internet Explorer or Netscape Navigator. The above methods require the user authentication by the STS Series system.

  • Page 17: Using Remote Console

    All the parameters are stored into the non-volatile memory space of the STS Series, and it will not be stored until users select menu ”5.Save changes”. All the configuration change will be effective after selecting the menu “7. Exit and apply changes”...

  • Page 18: Accessing The Web Browser Management Interface

    Figure 2-9 Telnet program set up example (TeraTerm Pro) The user must log into the STS Series. Type the user name and password. A factory default setting of the user name and password are both root for the system root and admin for the system administrator.
  • Page 19 This will direct the user to the STS Series login screen. The user must authenticate themselves by logging into they system with a correct user name and password. The factory default settings are: Login: root Password: root Login: admin...
  • Page 20 Figure 2-11 The STS Series web management screen...

  • Page 21: Network Configuration

    The STS Series requires a valid IP address to operate within the user’s network environment. If the IP address is not readily available, contact the system administrator to obtain a valid IP address for the STS Series. Please note that the STS Series requires a unique IP address to connect to the user’s network.

  • Page 22: Using A Static Ip Address

    A subnet represents all the network hosts in one geographic location, such as a building or local area network (LAN). The STS Series will use the subnet mask setting to verify the origin of all packets. If the desired TCP/IP host specified in the packet is in the same geographic location (on the local...

  • Page 23: Using Dhcp

    STS Series will establish a direct connection. If the desired TCP/IP host specified in the packet is not identified as belonging on the local network segment, a connection is established through the given default gateway.

  • Page 24: Using Pppoe

    DNS servers and the “lease” time. The STS Series immediately places this information in its memory. Once the “lease” expires, the STS Series will request a renewal of the “lease” time from the DHCP server. If the DHCP server approves the request for renewal, the STS Series can continue to work with the current IP address.

  • Page 25: Snmp Configurations

    0.0.0.0 (recommended). 3.2. SNMP Configurations The STS Series has the SNMP (Simple Network Management Protocol) agent supporting SNMP v1 and v2 protocols. Network managers like NMS or SNMP Browser can exchange information with STS Series, as well as access required functionality.

  • Page 26: Mib-Ii System Objects Configuration

    3.2.1. MIB-II System objects Configuration MIB–II System objects configuration sets the System Contact, Name, Location, and Authentication- failure traps used by the SNMP agent of the STS Series. These settings provide the values used for the MIB-II sysName, sysContact, sysLocation, sysService and enableAuthenTrap.

  • Page 27: Access Control Configuration

    Access Control defines accessibility of managers to the STS Series SNMP agent. Only the manager set in this menu can access STS Series SNMP agent to exchange information and control actions. If there is no specified IP address (all IP address are defaulted to 0.0.0.0), a manager from any host can access the STS Series SNMP agent.

  • Page 28: Dynamic Dns Configuration

    3.3. Dynamic DNS Configuration When users connect the STS Series to a DSL line or use a DHCP configuration, the IP address might be changed whenever it reconnects to the network. It can therefore be very difficult to post all related contacts for each new IP address.

  • Page 29: Smtp Configuration

    Figure 3-4 Dynamic DNS Configuration 3.4. SMTP Configuration The STS Series can send an email notification when the number of system log messages reaches to certain value and/or when an alarm message is created due to an issue with serial port data. The user must configure a valid SMTP server send these automatically generated emails.

  • Page 30: Ip Filtering

    3.5. IP Filtering The STS Series prevents unauthorized access using either an IP address based filtering method or through the management web page of the STS Series. The users can allow one of the following scenarios by changing the parameter settings:...
  • Page 31 255.255.255.255 for the subnet To allow any hosts to have access to the STS Series, give 0.0.0.0 for both of the IP address and subnet. Refer to Table 3-2 for more details. The device’s default settings for allowed remote hosts for configuration is “Any”.

  • Page 32: Syslog Server Configuration

    If the SYSLOG service is enabled and the SYSLOG server configuration is properly set up, the user may configure the storage location for the system log or port data log of the STS Series as SYSLOG server. For more information about the configuration of port/system log storage location, please refer to section, 4.2.10 Port Logging and 6.2 System Logging.

  • Page 33: Ethernet Configuration

    Figure 3-9 NFS server configuration To store the STS Series log data to the NFS server, the NFS server must be configured as “read and write allowed”. If there is a firewall between the STS Series and the NFS server, there must be a rule that allows all outgoing and incoming packets to travel across the firewall.

  • Page 34: Web Server Configuration

    TCP port. To prevent this type of lock- up situation, the STS Series provides a TCP “keep-alive” feature. The STS Series will send packets back and forth through the network periodically to confirm that the network is still alive. The corresponding TCP session is closed automatically if there’s no response from the remote host.
  • Page 35 Chinatown. The default value is 5 seconds. By default, the STS Series will send the keep-alive packets 3 times with 5 seconds interval after 15 seconds have elapsed since the time when there’s no data transmitted back and forth.

  • Page 36: Serial Port Configuration

    Otherwise, it will send data back and forth. In summary, the STS Series will work as if it is virtually connected to the remote host. UDP : The UDP mode operation is similar to that of TCP mode except that it is based on UDP protocol.
  • Page 37 serial port Inactivity timeout (0 for unlimited) setting UDP listening port #1~#8(1/4) Max allowed connection Accept UDP datagram from unlisted remote host or not Send to recent unlisted remote host or not Inactivity timeout (0 for unlimited) Modem emulation Add or Edit a remote host Primary host address Primary host port Remote host...
  • Page 38 Add/Edit a keyword Keyword string Email notification SNMP trap notification Port command Remove a keyword Figure 4-1 shows the web-based serial port configuration screen. This serial port configuration main screen summarizes port information. In this summary page, user can find how host mode, encryption option, local port number and serial port parameters are configured at a time.

  • Page 39: Individual Port Configuration

    4.2. Individual Port Configuration The STS Series allows serial ports to be configured either individually or all at once. The parameters for both individual and all port configurations are similar. Individual Port Configurations are classified into nine (9) groups: 1. Port enable/disable 2.

  • Page 40: Port Enable/Disable

    To prevent the possibility of the user inadvertently selecting to change all port settings at the same time, the STS Series provides the ability to enable or disable this function at an individual serial port level. Changes made when using the “change all port parameters at once” function will not be applied to an individual serial port if the function has been disabled (See Figure 4-4.

  • Page 41: Host Mode Configuration

    Figure 4-4 Apply all port setting configuration. 4.2.4. Host Mode Configuration The STS Series operating mode is called the “host mode.” Three host modes are available: TCP mode, UDP mode, Modem emulation mode. TCP mode The STS Series works as both TCP server and client. This mode works for most applications, since it will transfer the data either from serial port or from TCP port.
  • Page 42 - [Closed] It means “no connection state”. If the data transfer between a remote host and the STS Series is completed, the state is changed to this state as a result that either of the remote host or the STS Series sent a disconnection request.
  • Page 43 Whenever the serial device sends data through the serial port of the STS Series, data will be accumulated on the serial port buffer of the STS Series. If the buffer is full or the time gap reaches the inter-character timeout (See Options in section 4.4 for details on inter-character timeout), the STS Series connect to the registered remote host(s).
  • Page 44 Incoming connection request to the ports other than TCP Listening Port will be rejected. The STS Series does restrict the port number from 1024 to 65535 and if it is set as 0 only outgoing connection is permitted. (TCP server mode)
  • Page 45 If there is data on the remote host(s) to be sent to serial device, it can be transferred to the serial device via STS Series’s serial port after the connection is established. Eventually, users can monitor the serial device periodically by making the remote host send the serial command to the STS Series whenever it is connected to the remote host.
  • Page 46 1) Operations If a remote host sends a UDP datagram to the one of UDP Local port of the STS Series, STS Series first checks whether it is from one of the hosts configured on remote host configuration. If the remote host is one of the hosts configured on remote host configuration, then STS Series transfers the data through the serial port.
  • Page 47 Namely, Inactivity Timeout in UDP mode is the time maintained recent unlisted remote host list by STS Series. If user set Inactivity Timeout as 0 in UDP mode, STS Series does not send any data from serial port to unlisted remote host.
  • Page 48 Table 4-2 AT commands supported in the STS Series Command Internal Operation Response (Verbose Code) Return to command input mode None Set TCP mode as TCP client mode. And then, try to connect If successful, to the specified remote host.

  • Page 49: Remote Host Configuration

    Figure 4-7 Typical case of command/data flow of modem emulation mode 4.2.5. Remote host configuration Remote host configuration is the list of hosts that will receive data from serial port of STS Series when there is data transmission from a serial port of STS Series.

  • Page 50: Port Ip Filtering Configuration

    In TCP mode, user can also configure secondary remote host that will receive data from serial port if STS Series fails to connect to primary remote host. But if connection to primary remote host can be made, STS Series dose not send data to secondary remote host until connection to primary remote host failed.

  • Page 51: Cryptography Configuration

    Figure 4-9 Port IP filtering for serial ports 4.2.7. Cryptography configuration The STS Series supports encrypted sessions for only TCP mode including modem emulation mode (not UDP mode). 4.2.7.1. Secure Sockets Layer(SSL) and Transport Layer Security(TLS) cryptography method By setting the cryptography method as one of SSLv2, SSLv3, SSLv3 rollback to v2 or TLSv1, the STS Series can communicate with other device supporting SSL/TLS cryptography method in encrypted sessions.
  • Page 52 symmetric key encryption. Symmetric key encryption is much faster than public-key encryption, but public-key encryption provides better authentication techniques. The handshake allows the server to authenticate itself to the client using public-key techniques, and then allows the client and the server to cooperate in the creation of symmetric keys used for rapid encryption, decryption, and tamper detection during the session that follows.
  • Page 53 Figure 4-10 Typical SSL/TLS Handshake Process The STS Series can act as a SSL/TLS server or as a SSL/TLS client depending on status of TCP mode. If TCP connection with SSL/TLS is initiated from remote host first, STS Series acts as a SSL/TLS server during the SSL handshake process.
  • Page 54 Verify client (server mode only) If user selects Verify client option as Yes, STS Series will request the client's certificate while in SSL handshaking process (Step 2). On the contrary, if user selects Verify client option as No, STS Series does not request the client's certificate while in SSL handshaking process (Step 2).
  • Page 55 Figure 4-11 Cryptography configuration 4.2.7.2. 3DES cryptography method By setting the cryptography method as 3DES, the STS Series can communicate with other STS Series device or HelloDevice Pro Series in 3DES(168 bits) encrypted sessions. Figure 4.12 shows record format of 3DES packet where meanings of each field are as follows,...

  • Page 56: Serial Port Parameters

    4.2.8. Serial port parameters To connect the serial device to the STS Series serial port, the serial port parameters of the STS Series should match exactly to that of the serial device attached. The serial port parameters are required to match this serial communication.
  • Page 57 RS232 mode. For more information about pin out of serial port and wiring diagram, please refer to Appendix 1 Connections section. Baud rate The valid baud rate for the STS Series is as follows: 75, 150, 200, 300, 600, 1200, 2400, 4800, 9600, 14400, 19200, 38400, 57600, 115200, and 230400 The factory default setting is 9600.
  • Page 58 If user sets the DSR input behavior as Allow TCP connection only by HIGH, TCP connection to remote host from STS Series is made only when the DSR status is changed from low to high. And TCP connection to remote host is disconnected when the DSR status is changed from high to low.

  • Page 59: Modem Configuration

    The STS Series supports modem connection only when host mode is set as TCP mode. Enable/Disable modem By enabling this menu, user can attach a modem directly to the serial port of STS Series. If this parameter is enabled, STS Series considers this port will be used for modem use exclusively. Modem init-string User can specify modem initialization string for his modem in Modem init-string parameter.

  • Page 60: Port Logging

    If Automatic release modem connection is set as Enable, modem connection will be closed by STS Series if all TCP connections are closed once at least one TCP connection is opened. If this option is set as Disable, modem connection will not be closed by STS series even if all TCP connections are closed.
  • Page 61 [disabled]. Port log storage location The port log data can be stored to the STS Series internal memory, an ATA/IDE fixed disk card inserted in PCMCIA slot, the mounting point on an NFS server or the SYSLOG server. If the internal memory is used to store port log data, the port log data will be cleared when the STS Series is turned off.

  • Page 62: Port Event Handling Configurations

    Figure 4-16 Port logging configuration 4.2.11. Port event handling configurations The STS Series provides a user for a means of monitoring or reacting to data from serial device attached to a serial port of it through Port event handling configuration. Namely, user can define keywords for each serial port that will trigger the email/SNMP notification or command sent to the serial port directly on Port event handling configuration.
  • Page 63 If the user wants to enable port event handling feature, set Port event handling as enable. . This is a global parameter so if this feature is disabled, the STS Series does not take any actions on port events. Notification interval To prevent STS Series from being trapped in handling port event, there is a Notification interval parameter.
  • Page 64 Figure 4-17 Port event handling configurations SNMP trap community This parameter set a community that will be included in SNMP trap message when pre-defined keyword is detected.
  • Page 65 User can select enable or disable for the port command action on keyword selected. Port command string STS Series supports direct reaction to a device attached to serial port when pre-defined keyword is detected. User can specify command or string, which will be sent to a serial port on this menu.

  • Page 66: All Port Configurations

    4.3. All Port Configurations If modifications are being made to all serial ports are similar or the same, changes can be made to the serial port configuration for all serial ports simultaneously. With the all port configuration function, the configuration will be applied to all the serial ports; unless an individual ports “apply all port setting” option is disabled.
  • Page 67 combination of this string and the port number. For example, if the port title is set with “my server”, the port title of port 1 will be set with “my server #1”, the port title of port#2 will be “my server #2”, and so on.

  • Page 68: Pc Card Configuration

    Step 2. Select on the PC card configuration menu. Step 3. The STS Series will use its plug and play functionality to discover the card type. It will then display the configuration menu screens. The user can now set card’s operation parameters.

  • Page 69: Lan Card Configuration

    Figure 5-2 Failure to detect error message Refer to Appendix B.PC Card supported by STS Series to view a list of PC cards support by the STS Series. To stop or remove the PC card, user must complete the following steps.

  • Page 70: Wireless Lan Card Configuration

    PC LAN card. All other configuration steps are the same as detailed in Section 3.1 IP Configuration. Refer to Appendix B.PC Card supported by STS Series to view a list of LAN PC cards supported by the STS Series.
  • Page 71 DNS servers when configuring a PC LAN card. All other configuration steps are the same as detailed in Section 3.1 IP Configuration. The STS Series supports SSID(Service Set Identifier) and WEP(Wired Equivalent Privacy) key features for the wireless LAN configuration. The user may configure the SSID to specify an AP (Access Point).

  • Page 72: Serial Modem Card Configuration

    Refer to Appendix B.PC Card supported by STS Series to view a list of wireless LAN cards supported by the STS Series. 5.3. Serial Modem Card Configuration Using the extra PC card slot as a modem will allow the user on-line access without tying up a serial port with an external modem.
  • Page 73 Figure 5-6 PC ATA/IDE fixed disk card configuration...

  • Page 74: System Administration

    6. System Administration The STS Series display the system status and the log data via a Status Display Screen. This screen is to be used for management purposes. System status data includes the model name, serial number, firmware version and the network configuration of the STS Series. The STS Series can also be configured to deliver log data automatically via email to a specified recipient with the system-logging feature.
  • Page 75 System log storage location The system log can be stored in the STS Series internal memory, the ATA/IDE fixed disk card inserted in PCMCIA slot, the mounting point on an NFS server or the SYSLOG server. If the internal memory is used to store system log data, the log data will be cleared when the STS Series is turned off.

  • Page 76: User Logged On List

    Figure 6-2 System log configuration and view 6.3. User Logged on List This function allows a user to view current and historical user activity on the shell of STS Series. Figure 6-3 User logged on list The list displays the following information for users who have logged into the system:...

  • Page 77: Change Password

    Figure 6-4 Changing the password 6.5. Device Name Configuration The STS Series has its own name for administrative purposes. Figure 6-5 shows the device name configuration screen. When user changes Device name, hostname of STS series shall be changed and then prompt on CLI also shall be changed to the corresponding one as follows,...

  • Page 78: Configuration Management

    If the NTP feature is enabled, the STS Series will obtain the date and time information from the NTP server at each reboot. If the NTP server is set to 0.0.0.0, the STS Series will use the default NTP servers. In this case, the STS Series should be connected from the network to the Internet.
  • Page 79 STS Series. Figure 6-7 shows the configuration management screen. The following parameters should be properly set up to export / import configurations: Configuration export Location : Location to export to.

  • Page 80: Firmware Upgrade

    1. Select the location to export to. 2. Select the encrypting option 3. Type the file name. 4. Click the [Export] button. To import the exported configurations, follow this: 1. Select the location to import from. 2. Select the configurations to import. 3.
  • Page 81 5. Once the upgrade has been completed, the system will reboot to apply the changes 6. If the firmware upgrade fails, the STS Series will display error messages as shown in Figure 6-11. It will also maintain the current firmware version.
  • Page 82 Figure 6-10 Transfer binary file by Zmodem (HyperTerminal) --->9 Do you want to upgrade firmware? (y/n): y Transfer firmware by zmodem using your terminal application. To escape, press Ctrl+X **B0ff000005b157 **B0ff000005b157 **B0ff000005b157 **B0ff000005b157 Firmware upgrade failed ! Now reboot ... Figure 6-11 Firmware upgrade failure message...

  • Page 83: User File Uploading

    6.9. User File Uploading User can upload his own file to the STS Series. But file uploading feature is only supported in console menu. File uploading menu is located under “4. System administration --> 6. User file upload” of console menu as shown on Figure 6-12.
  • Page 84 Select menu: 1. System status 2. System logging 3. Device name: STS800 Device 4. Date and time 5. Change password 6. User file upload 7. Reload factory default settings 8. Reload factory default settings except IP settings 9. Firmware upgrade <ESC>...

  • Page 85: System Statistics

    7. System Statistics The STS Series Web interface provides system statistics menus. The user can use the menus to access statistical data and tables stored in the STS Series memory. Network interfaces statistics and serial ports statistics display statistical usage of the link layer, lo, eth and serial ports. IP, ICMP, TCP and UDP statistics display usages of four primary components in the TCP/IP protocol suite.

  • Page 86: Ip Statistics

    Figure 7-2 Serial ports status 7.3. IP Statistics The IP Statistics screen provides statistical information about packets/connections using an IP protocol. Definitions and descriptions of each parameter are described below: Forwarding : Specifies whether IP forwarding is enabled or disabled. DefaultTTL : Specifies the default initial time to live (TTL) for datagrams originating on a particular computer.
  • Page 87 InDiscard : Specifies the number of input IP datagrams for which no problems were encountered to prevent their continued processing, but which were discarded (for example, for lack of buffer space). This counter does not include any datagrams discarded while awaiting reassembly. InDelivers : Specifies the number of received datagrams delivered.

  • Page 88: Icmp Statistics

    Figure 7-3 IP statistics 7.4. ICMP Statistics The ICMP Statistics screen provides statistical information about packets/connections using an ICMP protocol. Definitions and descriptions of each parameter are described below: InMsgs, OutMsgs : Specifies the number of messages received or sent. InErrors, OutErrors : Specifies the number of errors received or sent.
  • Page 89 InSrcQuenchs, OutSrcQuenchs : Specifies the number of source quench messages received or sent. A source quench request is sent to a computer to request that it reduces its rate of packet transmission. InRedirects, OutRedirects : Specifies the number of redirect messages received or sent. A redirect message is sent to the originating computer when a better route is discovered for a datagram sent by that computer.

  • Page 90: Tcp Statistics

    Figure 7-4 ICMP statistics 7.5. TCP Statistics The TCP Statistics screen provides statistical information about packets/connections using a TCP protocol. Definitions and descriptions of each parameter are described below: RtoAlgorithm : Specifies the retransmission time-out (RTO) algorithm in use. The Retransmission Algorithm can have one of the following values.
  • Page 91 MaxConn : Specifies the maximum number of connections. If is the maximum number is set to -1, the maximum number of connections are dynamic. ActiveOpens : Specifies the number of active opens. In an active open, the client is initiating a connection with the server.

  • Page 92: Udp Statistics

    Figure 7-5 TCP statistics 7.6. UDP Statistics The UDP Statistics screen provides statistical information about packets/connections using a UDP protocol. Definitions and descriptions of each parameter are described below: InDatagrams : Specifies the number of datagrams received. NoPorts : Specifies the number of received datagrams that were discarded because the specified port was invalid.

  • Page 93: Cli Guide

    Using the user space, the user can create his own scripts or executable binaries to customize the STS Series. A root user will always have access to the CLI through the serial console on the STS Series back panel or by using a Telnet client from their workstation.

  • Page 94: Supported Linux Utilities

    8.5. Examples 8.5.1. Disabling the Telnet Port of the Unit The STS Series unit does not support disabling the remote console port individually (port 22 for SSH or port 23 for Telnet to the box) Currently, the user can only disable or enable all remote consoles together. This must be done...
  • Page 95 using the UI or console configuration menu. The user may bypass this and disable only one (Telnet or SSH) remote console by modifying the script 'rc.user'. Below are two examples of how this could be done. Example1. Modify 'inetd.conf' Step 1 Modify /etc/inetd.conf (comment out or delete telnet service) Step 2 Copy inetd.conf to /usr2/inetd.conf Step 3 Edit usr2/rc.user script as follows: #!/bin/bash...

  • Page 96: Periodical Program Execution

    The user may now disable the telnet service every time the system boots up. If the user resets the STS Series to the factory defaults, /usr2/rc.user script file will be renamed to /usr2/rc.user.old# file, and the default rc.user file will be restored.

  • Page 97: Appendix 1. Connections

    A 1.2. Console and Serial port pin-outs The STS Series uses an RJ45 connector for console and serial ports. The pin assignment of the RJ45 connector for console and serial ports is summarized in Table A-2. Each pin has a function according to the serial communication type configuration.

  • Page 98: A 1.3. Ethernet Wiring Diagram

    A 1.3. Ethernet Wiring Diagram HelloDevice Remote Host Rx+(1) Rx+(1) Rx-(2) Rx-(2) Tx+(3) Tx+(3) Tx-(6) Tx-(6) Figure A-2 Ethernet direct connection using crossover Ethernet cable HelloDevice Rx+(1) Rx+(1) Rx-(2) Rx-(2) Tx+(3) Tx+(3) Tx-(6) Tx-(6) Remote Host Rx+(1) Rx+(1) Rx-(2) Rx-(2) Tx+(3) Tx+(3) Tx-(6)
  • Page 99 RJ45-DB25 female adapter Using RJ45 to DB25(Female) Cross-over Cable Description (RJ45) Internal Cable Color RJ45 Pin No. DB25 Pin No. Description (DB25) Blue Orange Black Green Yellow Brown White RJ45-DB25 male adapter Using RJ45 to DB25(Male) Cross-over Cable Description (RJ45) Internal Cable Color RJ45 Pin No.

  • Page 100: Appendix 2. Pc Card Supported By Sts

    Appendix 2. PC card supported by STS The following PC cards are supported by the STS Series series: Table A-3 Network card Manufacturer Model/Name STS probed Model name Specification 3COM 3CXE589ET-AP 3Com Megahertz 589E 10 Mbps LAN card TP/BNC LAN PC Card...
  • Page 101 Table A-6 Serial Modem Card Manufacturer Model/Name STS probed Model name Specification PCMCIA CARD Billionton Ambient (Intel) V.90 FM56C series 56KFaxModem FM56C-NFS Systems Inc. FAX/MODEM PC Card 5.41 Viking PC Card Modem 56K Viking V.90 K56flex 021 A MODEM PC Card CIRRUS LOGIC KIT PCMCIA 56K KINGMAX...

  • Page 102: Appendix 3. Sts Configuration Files

    Appendix 3. STS Configuration files A 3.1. System.cnf # system.cnf system configuration which exist only one place on this file. # kind of IP configuration mode # 1 - static ip , 2 - dhcp , 3 - pppoe ipmode = 1 # system ip addres ipaddr = 192.168.161.5 # system subnet mask...
  • Page 103 # Similarly by setting 'bweb' to 1, you can use remote console. # 0 means that protect any access. # 'enable_ip', 'enable_netmask' pair is a source rule specification for remote console filtering. # 'enable_webip', 'enable_webnetmask' pair is for web filtering. btelnet = 1 bweb = 1 enable_ip = 0.0.0.0...

  • Page 104: A 3.2. Redirect.cnf

    web_refresh_rate = 10 # TCP configuration # 'keepalive_time' is a time before keep alive takes place. # 'keepalive_probes' is the number of allowed keep alive probes. # 'keepalive_intvl' is a time interval between keep alive probes. keepalive_time = 15 keepalive_probes = 3 keepalive_intvl = 5 # Ethernet configuration # 'ethernet_mode' is a ethernet mode.
  • Page 105 # If you want to change the port data by changing all port configuration, set to port = 0 benable = 0 bmanset = 0 port = 1 benable = 0 bmanset = 0 port = 2 benable = 0 bmanset = 0 port = 3 benable = 0...
  • Page 106 # 'remotehost' is a remote host list (Primary IP address:port Secondary IP address:port) remotehost = 192.168.0.135:7000 192.168.0.135:7001 # 'cyclictime ' is a cyclic connection time in seconds cyclictime = 10 # 'inactivitytimeout' is a inactivity timeout in seconds. inactivitytimeout = 100 # Cryptography Options # 'encryptionmode' is encryption mode # 0 = None, 1 = SSLv2, 2 = SSLv3, 3 = SSLV3 rollback v2, 4 = TLSv1...
  • Page 107 # 'snmp_trap_receiver_version' is SNMP trap version # 0 = v1, 1 = v2c event_enable = 1 notification_interval = 0 bmail_handle = 1 mail_title = jungoj@sena.com mail_address = jung@sss.com bsnmp_handle = 1 snmp_title = khfgj snmp_trap_receiver_ip = 192.168.0.8 snmp_trap_receiver_community = public snmp_trap_receiver_version = 0 # Event Keyword option # 'keyword_index' is a index of keyword event...

  • Page 108: Appendix 4. Well-Known Port Numbers

    Appendix 4. Well-known port numbers Port numbers are divided into three ranges: Well Known Ports, Registered Ports, and Dynamic and/or Private Ports. Well Known Ports are those from 0 through 1023. Registered Ports are those from 1024 through 49151. Dynamic and/or Private Ports are those from 49152 through 65535. Well Known Ports are assigned by IANA, and on most systems, can only be used by system processes or by programs executed by privileged users.

  • Page 109: Appendix 5. Guide To The Bootloader Menu Program

    Appendix 5. Guide to the Bootloader menu program A 5.1. Overview The bootloader menu provides a way to recover the STS Series unit using BOOTP/TFTP as a disaster recovery option and to diagnose the system hardware. If the user presses the <ESC> key within 3 seconds after the STS Series unit is powered up, he will enter the bootloader menu program.

  • Page 110: A 5.4. Hardware Test Menu

    To perform the test on the Ethernet and UART properly, the user must connect an Ethernet cable to the Ethernet port of the STS Series and must plug the loopback connector to all the serial ports of the STS Series. There must exist a remote host with a valid IP address. The default server IP address is...
  • Page 111 not be performed properly. ----------------------------------------------------------------------------- Hardware Test ----------------------------------------------------------------------------- Select menu 0. Test Mode - One time 1. Auto test 2. DRAM test 3. FLASH test 4. LED test 5. EEPROM test 6. UART test 7. PC card test 8. Ethernet test <ESC>...
  • Page 112 -----> Figure A-6 Hardware test menu within Bootloader Menu Program When the user selects [Auto test], a test of all the hardware components is performed automatically. ----------------------------------------------------------------------------- Hardware Test ----------------------------------------------------------------------------- Select menu 0. Test Mode - One time 1. Auto test 2.
  • Page 113 Port # 8 test in progressing(Read/Write)----------[SUCCESS] (RTS/CTS)-------------[SUCCESS] (DTR/DSR)-------------[SUCCESS] [PCMCIA] 5V CARD 5.0V card found: Lucent Technologies WaveLAN/IEEE Version 01.01 Network Adapter Card [Ethernet] Ethernet chip test--------------------------------------------[SUCCESS] PING 192.168.0.135 from 192.168.161.5 : 64 bytes of ethernet packet. 64 bytes from 192.168.0.135 : seq=0 ttl=255 timestamp=11172879 (ms) 64 bytes from 192.168.0.135 : seq=1 ttl=255 timestamp=11173874 (ms) 64 bytes from 192.168.0.135 : seq=2 ttl=255 timestamp=11174875 (ms) 64 bytes from 192.168.0.135 : seq=3 ttl=255 timestamp=11175876 (ms)

  • Page 114: A 5.5. Firmware Upgrade Menu

    If a failure occurs while Auto Test with looping mode is being performed, the test will stop and the serial InUse LEDs blink to indicate the hardware test has failed. In this case, the user must press the <ctrl-c> keys to return to the menu page. A 5.5.
  • Page 115 Select menu 1. Protocol [BOOTP] 2. IP address assigned to Ethernet interface [192.168.161.5] 3. Server's IP address [192.168.0.128] 4. Firmware File Name [sts800.bin] 5. Start firmware upgrade -----> 5 Firmware upgrade cannot be stopped until finished. And all configuration parameters are restored to default values. Do you really want to start firmware upgrade(y/n)?y BOOTP broadcast 1 ARP broadcast 1...

  • Page 116: Appendix 6. Using Sts Series With Serial/Ip

    Telnet TSLv1 required rollback to v2” Please note that “SSLv3 rollback to v2” option in STS series means “Negotiate SSLv3/TSLv1” option in Serial/IP. If encryption method of STS Series is set as “SSLv3”, then client (Serial/IP) cannot connect to STS...

  • Page 117: A 6.2. Connection Example - Telnet And Sslv3 Encryption

    Series with “Negotiate SSLv3/TSLv1” option. A 6.2. Connection example - Telnet and SSLv3 encryption Step 1. Set host mode of serial port #1 of STS Series as follows, Host mode = TCP, TCP listening port = 7001, Telnet protocol = Enabled Figure A-11 Host mode configuration Step 2.
  • Page 118 Figure A-12 Cryptography configuration Step 3. Open Serial/IP Control Panel and check the COM port you want to use to communicate with serial port #1 of STS Series by pressing “Select Ports” button. Figure A-13 Select Ports on Serial/IP Control Panel...
  • Page 119 Step 4. Enter IP address of Server(IP address of STS Series) and Port number (port number of serial port #1) correctly. And then select other parameters as follows. Credentials = No Login Required, Connection Protocol = Telnet, Security = SSL Version 3 (SSLv3) Figure A-14 Set parameters on Serial/IP Control Panel Step 5.
  • Page 120 Figure A-15 Connect to serial port of STS series via Serial/IP Step 6. User can monitor or trace the connection status using Serial/IP Port Monitor or Trace window. Figure A-16 Serial/IP Trace Window...

  • Page 121: Appendix 7. How To Make A Certificate For Ssl Encryption

    = Country Name (2 letter code) countryName_default = KR countryName_min countryName_max stateOrProvinceName = State or Province Name (full name) #stateOrProvinceName_default = Some-State localityName = Locality Name(eg, city) localityName_default = Seoul 0.organizationName = Organization Name (eg, company) 0.organizationName_default = Sena Technologies Inc.
  • Page 122 Country Name (2 letter code) [AU]: KR State or Province Name (full name) [Some-State](Enter) Locality Name (eg, city) []:Seoul Organization Name (eg, company) [Internet Widgits Pty Ltd]: Sena Technologies Organizational Unit Name (eg, section) [](Enter) Common Name (eg, YOUR name) []:Sena Technologies...

  • Page 123: A 7.3. Making A Certificate Request

    2-3. Check whether CA key file(demoCA/private/cakey.pem) and CA certificate (demoCA/cacert.pem) is generated # ls demoCA/ cacert.pem certs crl index.txt newcerts private serial # ls demoCA/private cakey.pem A 7.3. Making a certificate request To make new certificates, you should make a certificate request first. # cd /work/openssl-0.9.7c/CA Run following commands, # openssl genrsa -out key.pem 1024...

  • Page 124: A 7.5. Making Certificate For Sts

    # cd /work/openssl-0.9.7c/CA # cp newcert.pem server.pem # vi server.pem Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: md5WithRSAEncryption Issuer: C=KR, ST=, L=Seoul, O=Sena Technologies Inc., CN= Sena Technologies Validity Not Before: Oct 6 09:39:59 2003 GMT...
  • Page 125 Not After : Oct 6 09:39:59 2013 GMT Subject: C=US, ST=Minnesota, L=Minneapolis, O=Digi International, CN=Digi PortServer CM Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) ..== Removing above lines === -----BEGIN CERTIFICATE----- ..-----END CERTIFICATE----- 5-2.

This manual is also suitable for:

Sts800Sts1600

Table of Contents