ACKSYS MI-ETH 2/4/8 PORTS USER MANUAL Version 1.3
Contents
1. 33 33 VI 2 REMOTECOM UNDER WINDOWS 95 98 amp 33 VLZ SUN OUD TC MIE TH 33 VL2 2 Jnstallation of RemoleC 33 UU UNE ted 37 37 CT UP METT rated o 37 AUC 37 VILMUX MODE Unter 39 MIL T S ENT RO DUC TION 39 rr T 39 QT 39 VII 4 EXAMPLE 1 REMOTE MANAGEMENT OF A PLC 39 Vo AICS eased 39 VII 4 2 Configuration of client s side 40 4 3 Configuration of server 8 side MI ETH 41 VII 5 EXAMPLE N 2 REMOTE MANAGEMENT OF A PLC BY MORE THAN ONE TECHNICIAN 01110 MC Hr O B 4 FID Leges CHI OW dod ia iatis eM a ters 41 SOUT OM _______6_ ____ 42 5 3 Configuration of client s side MI ETH esses 42 VISA Conhpguration of server s side METH i iai EHE 43 VII 6 EXAMPLE N 3 REMOTE MANA2. ccm n gt Ib 132 158 4 23 7 side opened ID 132 168 4 23 7 COM 3 wait net open 1 192 158 4 23 slot created ip 132 168 4 23 slot created ID 132 158 4 23 7 COM 3 connection EM Boch te soot ee EE Sons te shove ve oe te see ce ee Sockets fete Seo oe se te ve oe 2 Stole i ch ee ai vette oe 36 VI 3 Rawtty VI 3 1 Server configuration Installation example for a rawTTY device driver on UNIX SCO Open Server 1 preted MI ETH rawTTY installation adresse IP du MI ETH 192 168 1 42 gt gt 192 168 1 42 Non eNE DEL sortie PORTS en mode RAW ex 1 2 7 enter 5 6 gt gt 5 6 Ok RET ZOZ Non DEL sortie relinkage du noyau en cours Ok INFO pour la prise en compte des modifications REBOOTez le systeme par defaut les logins sont off les noms des ttys sont dev tag lt no du port sur Ml ETH gt utiliser la commande SCO enable pour activer les logins ex enable tag01 tag02 tag07 VI 3 2 Setting up MI ETH On MI ETH you must setup the corresponding port s in raw mode serial mode raw 56 serial speed 9600 5 6 serial parity none 5 6 serial csize 8 5 6 serial stopb 1 5 6 reset port 56 VI 3 3 rawtty rawclose On a UNIX server with rawtty and rawclose commands you ca
3. 54 P 125596 REPE P 54 AX od sduthname ONG WONG dad 29 DODD 00051 RR 55 209 0 EE ata tat DAT ua D RET 55 T 56 POL LIP n NT 56 UIT EPIRI clan E 22221211 eee reer TEES 56 IVT 27 X 6 PPP CONNECTION ESTABLISHMENT 57 ser connection DIGS 57 2 0 2 ARENA cation DASE 27 260 3 TP adress Phase teak 58 Deal COMPRESSION ______ 59 59 9 EXAMPLEN 1 REMOTE ACCESS SERVER esten estu enu 60 60 X 9 2 Configuration of Windows 98 95 Dial Up PPP 62 X 9 3 Resources sharing on WINDOWS 95 98 nnn 62 X 10 ACCESS SERVER FUNCTION WITHOUT 63 ALADVANCED FONCTIONS 64 DOES 64 NE 64 T TU TT 64 D MISSA P T RR ME 65 ES SEE NN 66 Bidrechionnal ODECIODL a PLE 67 OP Serviced TOS
4. I Le a NL 67 P OE Er 20200012 67 ALLA l Forward cesa 68 os Mecano Mee 69 70 P _ _8_ 70 2 2 Attributs Radius support s par le 2 2 2 00000000000009 19 71 D OBS EL RUUS 72 XI 2 4 Configuration of thr Radius client on MI ETH teens nanan 19 21250 ree 73 EL RIEN COR E TROPPO 73 74 T 73 XILTECHNICAL SPECIEIC A TIONS 75 SIBI Loc 79 1 SUBD9M CONNECTOR ON MIETH 2 5 2 022222222 2 0 0 0100000 000 79 2 RJ45 CONNECTOR ON MIETH 4 amp 8 8 79 ZCITES EE 80 DTE TO ASYNCHRONOUS TERMINAL 80 5 DTE DCE EQUIPMENT RS232C 81 6 DTE DCE EQUIPMENT 5422 92 XIII 7 DTE TO DCE EQUIPMENT 5485 2 93
5. Save and activate the configuration gt gt save Status done Ok ROOT gt gt reset port 1 Ok 9 2 Configuration of Windows 98 95 Dial Up PPP Client In the Dial Up Networking window right click on a connection icon and then click on Properties Create a remote access network new connection The Type of Dial Up Server menu in the property window of this connection should look like this G n ral Types de serveur Script en cours de serveur d acces distant Window windows NT 3 5 Internat avancees Se connectar un Activar la compression logeis Demande un mot de passe cn ple Protocoles r seau autoris s Compatible TCPAP Amer Click on TCP IP Settings The DNS IP address will be provided by MI ETH Start remote connection 9 3 Resources sharing on WINDOWS 95 98 NT If your LAN is composed by WINDOWS machines the resources sharing uses the NETBIOS protocol MI ETH does not route NETBIOS frames they must be encapsulated in IP frames To do this you must use a WINS server or edit mhosts files on each LAN machines 62 X 10 Access Server function without Proxy ARP The situation 1s almost the same as previous However modify the routing table of the server A simple solution 15 to add the next route on th
6. Refusing the operation and advising the sender Reject Refusing the operation without warning the sender Deny A frame type is characterized by The transmitter The receiver The protocol UDP TCP ICMP Eventually the port number telnet ftp smtp The firewall profile can be achieve in defining chains and policy rules All parameters are specify in the Firewall page with the HTTP configuration tool 1 1 2 Chains A chain enables you to define enviromnent in which rules will be applied To create a chain define the chain starting day or hour the chain ending day or hour and the Firewall type concerned While the chain is activated the rules it contains are used by MI ETH To select the starting day or ending day of a chain just fill some of the following fields Year month day day of the week hour minute You are not obliged to fill all fields For example if you just define the starting hour and th ending hour this chain will be activated every day during this time range 64 1 2 1 Examples Chains and rules edit chain Type Start of time range End of time range Hr Mn Dw D M Y Hr Mn 0 example forward monday friday Jejeje Waiting Edit chain example echt nue edit A chans rena Type of IP frames PLUS El Hour Minute Day Month Chain activated every week from Mond
7. Entering IP adress from Advanced Administrator Advanced administrator enables you to locate and setup all MI ETHs of your LAN To search for all MI ETHs on your LAN click on Adminstration then on Explorer A window like this one must appears on your screen Warning MIETH are recognized under the name of ACS 32 or 31 for the version 2 ports and ACS320 for version 4 and 8 ports Admin Explorer RemoteCom Window Help eo f ACSH 192 188 4 151 255 255 255 0 acs 3 5 rel Qd 00 8018 07 02 21 c ACS35D 1921684150 255 255 255 0 acs 3 5 rel 0d Sc OD T D RemoteCom Service To change MI ETH s IP address click on IP address cell and type new IP adress 13 IV 2 2 Entering IP adress from a terminal Use a terminal 9600 bauds 8 bits no parity connected on MI ETH s Console port Port 1 The Setup mode can be selected after MI ETH startup When the Setup LED blinks press three times on The terminal screen should display the following message gt gt Now you have access to a classic line shell with a vt100 vt220 ansi terminal Data input errors may be corrected by using arrow right arrow and backspace keys arrow and down arrow keys re edit last command You can now enter address and the network where your 1 connected with the following commands IFCONFIG IP lt interface gt l
8. Configuration example with Telnet console First display current ports configuration ROOT gt gt serial show all Port Mode Speed FlowCtrl LineC Cs Par Stop ModemName Rtelnet TimeO0 raw 9600 soft local 8 none 1 0 raw 9600 soft local 8 none 1 If you want to set hard flow control on ports 1 and 2 enter ROOT gt gt serial flowctrl hard 1 2 Then reset ports with new parameters ROOT gt gt reset port 1 2 Display ports configuration again to see if new parameters are well set ROOT gt gt serial show all Port Mode Speed FlowCtrl LineC Cs Par Stop ModemName Rtelnet raw 9600 hard local 8 none 1 0 raw 9600 hard local 8 none 1 Speed parity csize and stop bit are send by RemoteCOM to the MI ETH RemoteCOM transmits DTR signal and recepts states of DCD and DSR signals VI 2 2 Installation of RemoteCOM driver RemoteCom for Windows 15 integrated into the intallation of Advanced Adminitrator RemoteCOM for WINDOWS is composed of A service module RemoteCOM service 33 A driver RemoteCOM driver A program for setup audit and control of RemoteCOM service WARNING Do not mistake RemoteCOM service and RemoteCOM driver that is also service This one is automatically started and stopped by RemoteCOM service To create a new port COM on your PC Restart your system In the Start menu click on Programs gt ACS gt Advanced Administrator Click on Edi
9. I Introduction I 1 Remote access server and serial ports server s serie family MI ETH ensures two main functionalities the functionalities of terminal server and of serial port server A terminal server enables you to connect passive terminals on a TCP IP network Thanks to MI ETH s integrated Telnet client every terminal will be able to open up to three sessions on the server Thanks to MI ETH s remote access server function you can perform a dial in PPP connection on each MI ETH s port It makes possible for a PPP compatible portable using a modem to connect to the company s network A serial ports server provides real COM ports on Ethernet networks You can use modems barcodes readers or any serial device on the Ethernet network Thanks to the Mux mode you can also establish a communication between two serial devices through an asynchronous link You can for example use a terminal on your MI ETH to manage a PLC located on a remote MI ETH Remote access server s family is composed by the following products MI ETH 2 provides 2 asynchronous ports RS232C on SUBD9 and one Ethernet port on RJ45 Power supply 15 about 207 to 235 VAC It integrates an electric circuit referred ACS 31 or ACS 32 MI ETH 4 amp 8 provides 4 or 8 asynchronous ports RS232C or RS422 485A on RJ45 and one Ethernet port on RJ45 Power supply is about 84 to 264 VAC It integrates an electric circuit referred ACS 320 I 2 Furni
10. ARP table has no entry indicating s MAC address A sends a request to all the Ethernet network physically present machines 59 deceives by sending its own MAC addresses to it Aencapsulates C assigned IP frame in MI ETH assigned Ethernet frame receives the Ethernet frame and extracts the IP frame As the IP frame is not assigned for it MI ETH consults its routing table in order to determine the real addresses observes that address is accessible via its PPP interface MI ETH encapsulates the C assigned IP frame in a C assigned PPP frame Creceives the PPP frame and extracts the IP frame first emitted by A If one or several C machines are temporarily network connected proxy ARP simplifies the IP frames routing Indeed all machines of the local network see these remote connection as a local connection X 9 Example 1 Remote access server Reseau X 9 1 Configuration To setup MI ETH please execute the following process Setup the network interface ROOT gt gt route add net ethO 192 168 1 0 0 0 0 0 255 255 255 0 Ok Specify your DNS address It will be transmitted to the client when the PPP link will be established gt gt domain server lt DNS IP address gt Setup asynchronous interfaces ROOT gt gt serial speed 115200 1 Ok gt gt serial mode ppp 1 Ok 60 gt gt serial contro
11. Ports and interfaces of MI ETH 2 ports The rear face of MI ETH 2 displays the followings elements power supply connector 1 Ethernet port 10baseT 2 asynchronous ports RS232C V24 on SUBD9 noted Serial 1 and serial 2 The port 1 is the console port in setup mode The front face of MI ETH 2 displays the following elements Indicating LEDS 4 Ports and interfaces of MI ETH 4 amp 8 ports The rear face of MI ETH 4 amp 8 displays the followings elements power supply connector Ethernet port 10 4 or 8 asynchronous ports RS232C V24 or RS422 485A on RJ45 The port n 1 is the console port in setup mode The front face of MI ETH 4 amp 8 displays the following elements Indicating LEDS 11 5 Cautions The opening of the box is strictly reserved to persons authorized by Acksys Manipulation of the open box 1s forbidden 5 1 Cleaning MI ETH Remove the power supply cable from the rear panel Please use watertown Caution do not use chemical products which can damage the box paint Alcohol trichlo Please be sure the box is completely dry before powering on III 5 2 Note 5 2 1 About MI ETH 2 ports Security of this equipment is guaranteed only if you use the furnished power supply or an equivalent model Warning This 15 a class product In a domestic environment this product may cause radio interference which case the user ma
12. ROOT gt gt serial speed 9600 4 ROOT gt gt serial csize 8 4 gt gt serial parity none 4 gt gt serial stopb 1 4 Port 4 can then be setup to 9600 bauds without parity control with a 8 bits data width and one stop bit To set the port speed of ports 3 6 and 7 to 19200 bps type the following command ROOT gt gt serial speed 19200 3 6 7 To set all ports to 38400 bps enter the following command ROOT gt gt serial speed 38400 all To set all ports but ports 3 and 5 to 4800 bps enter ROOT gt gt serial speed 4800 all 3 5 You can see at every time all current ports parameters with the following command gt gt serial show all IV 5 2 Asynchronous port mode Each asynchronous port can work in one of the following modes regardless of the other ports configurations Terminal mode Connection of an asynchronous terminal Telnet Printer mode Connection of a printer LPD Raw mode Connection of a passive equipment RemoteCOM or rawTTY PPP mode Connection of a remote host to a network or remote networks interconnection asynchronous PPP Rtelnet mode Access through a TCP IP network to an equipment or to an operating system not equiped with the TCP IP protocol 19 For example to program the first five MI ETH ports in each of these modes commands would respectively be ROOT gt gt serial mode term 1 Ok ROOT gt gt serial mode printer 2 Ok R
13. TxD RxD DSR Ground ATS DCD CTS 5 MI ETH DTE to DCE equipment RS232C Modem DTE RJ45 0825 089 RxD 4 4 3 2 RxD TxD eee 2 3 TxD RTS Pe d 7 ATS CTS 5 8 CTS Ground 7 5 Ground DSR 6 B DSR DCD 8 4 1 DCD DTR Ge 20 4 DTR RJ45 DB25 Male Comx 232 RJ45 DB9 Male Comx 232 XIII 6 DTE to DCE equipment RS422A RJ 45 DB 25 1 2 TxD x 2 p 14TxD B 34 3RxD 6 4 RTSt 4 ARTS RTS 5 19 RTS B 74 5 CTS CTS 8 4 13 CTS XXX RJ 45 Shell 1 DB25 Shell Gnd RJ45 DB25 Male Comx 422 RJ 45 DB 9 1 810 Rx 34 lt 6 RxD Rx 64 7 RxD RTS 5 _ gt 3 RTS CTS 7 4 4 CRS 15 85 5 CTS RJ 45 Shell RJ45 DB9 Male Comx 422 1 DB9 Shell Gnd 82 XIII 7 MI ETH DTE to DCE equipment RS485 RJ 45 DB 9 Male 1 8 TxD RxD A Tx 2 9TxD RxD B Y Rx 3 4 Rx 6 1 089 Shell Gnd RJ45 DB9 Male Comx 485 83
14. add command and precise the name and password of this user Example ROOT gt gt user add paul pws25d If you do not need a password for this user to use Autouser mode for example replace it by quotations marks The user delete command delete a user form Example ROOT gt gt user delete paul The user show command displays the users list or one particular user s characteristics gt gt user show Comment User show paul detail IV 7 2 Comments The user comment command enables you to insert a comment about the user his whole name for instance This comment appears on the right of the screen when you display the users list ROOT gt gt user comment paul Paul Duchemin 7 3 In and Out Communication The user in and user out commands respectively allows the incoming and outcoming connections asynchronous PPP mode only Example ROOT gt gt user in paul yes ROOT gt gt user out paul no Ok IV 7 4 Callback In case of a modem connected on a port in terminal mode or in PPP mode MI ETH can be configurated so that it calls dial in user back Thus phone number dialed by can be predefined static callback or provided by the user dynamic callback In case of a static callback MI ETH calls the first number that 1s specified the callback list ROOT user callback paul static 23 In case of a dynamic callback asks its number to the dial in
15. and serial timeout 180 allow to start the connection only if MI ETH 1s receive a character 7 3 Configuration of client s side MI ETH serial mode mux 1 serial linectrl modem 1 serial timeout 180 1 mux defaultdtr yes 1 mux ip 192 168 2 1 1 mux port 1 1 mux ctsredirect none 1 mux show 1 Port Mode Sync Flush KAlive Remote port DCD DSR gt 48 T92 7168x274 1 ROOT gt gt serial show 1 Port Mode Speed FlowCtrl LineC Cs Par Stop ModemName Rtelnet TimeO modem 8 VII 7 4 Configuration of server s side MI ETH ROOT gt gt serial mode raw 1 Ok ROOT gt gt mux ctsredirect none 1 Ok ROOT gt gt mux defaultdtr yes 1 Ok ROOT gt gt mux show 1 Port Mode Sync Flush KAlive Remote IP port DCD gt DSR gt ROOT gt gt serial show 1 Port Mode Speed FlowCtrl LineC Cs Par Stop ModemName Rtelnet TimeO raw 9600 soft local 8 none 1 49 VIII Printer Mode LPD MI ETH integrates a LPD spooler to manage several serial printers Installing a printer located on MI ETH for most UNIX servers consists simply in adding an entry the etc printcap file Example of entry added to the etc printcap file IpACS Ip rm ACS rp printer4 This line means that all prints to the IpACS printer issued by an application running on the server will be redirected to the printer connected on MI ETH port 4 The remote printer name is printern where n is MI ETH port numbe
16. by MI ETH are not used by other machines X 7 Compression MI ETH bears BSD compression over a PPP link In case of PPP connection through modems between two MI ETHs please avoid to active V 42bis compression from modems and the BSD compression for MI ETH together X 8 Proxy ARP In an Ethernet located TCP IP network each machine is both characterized by its IP address and by is MAC address Medium Access Control For an IP frame to be lead from one machine to another you previously have to encapsulate it in an ETHERNET frame This implies that an A machine dispatching an IP frame to a B machine must necessarily know B s MAC address To achieve this each machine manages an IP and MAC address matching table This ARP table is dynamically built Its entries are determined according to the needs and are destroyed after a certain time If the A machine can t find in its ARP table an entry giving the B machine s MAC address it will make an ARP request to all the network physically present machines Theoretically only the machine corresponding to this IP address can react and issue its MAC address to the B machine This rule from the ARP protocol does not apply if for instance the B machine wants to play the part of a proxy ARP to the C machine Examine step by step this mechanism on the following example L n gt A machine wants to emit frame to the machine A s
17. connection The Dial IN connection steps are A PPP connection request is sent by a remote host The first online free modem answers The modem informs MI ETH that a connection 1s active DCD signal asserted The PPP connection is then established using parameters found in the PPP form associated to the port 53 5 form You create edit or delete a PPP form thanks to the ppp commands 5 1 Creation cancelling and displaying of a form The ppp add command enables you to create a PPP form Example ROOT gt gt ppp add internet To display PPP forms list or all parameters of a form use the ppp show command Example ROOT gt gt ppp show ppp Comment ROOT gt gt ppp show internet To delete a form use the following command ROOT gt gt ppp delete internet 5 2 Comments Thanks to the ppp comment command you can add a commentary line to the form Example ROOT gt gt ppp comment internet Internet connection form This line appears when the PPP forms list is displayed ppp show X 5 3 Security The ppp security command manages protection of incoming calls Three different modes exist None no security ROOT gt gt ppp security internet none PAP MI ETH requests a PAP authentication from the remote host see X 2 PAP and CHAP authentication ROOT gt gt ppp security internet pap CHAP MI ETH requests a CHAP authentication from the remote host see X 2 PAP a
18. data have really been send by the remote port The COMSTAT cbOutQue field in ClearCommError is updated in the same way Note With FAX CLASS 1 modem this mode used with a buffer size of 128 bytes make possible reception and transmission of FAX Signals data synchronised mode Activate this mode to transmit all signals TX RX RTS CTS DTR DSR DCD synchronised with data You must not activate flow control to use this mode Buffers size 1 to 4096 octets Default size 1s 2048 value 0 or 2048 In some cases application seems to have send all data but these data are buffers If the application stops the connection before all data have been transmitted you can reduce buffers size to fix this problem Overhelming of inter character timeout 0 to 500 milliseconds The Network cut data into several packets Then characters of a same logical frame ex reply message of a modem can be divide and received with an higher delay than delay of a standard COM port If you use inter characters timeout option of windows s COM ports you may have to use this option too WARNING Any modification will be effective after a restart of RemoteCOM service If RemoteCOM service 15 already running you must stop and restart it In the main menu click on Service then click on Start or Stop and Start Note When you have just finished RemoteCOM installation RemoteCOM service is disable The first time you will restart your sys
19. journal Voir le journal Annuler You also have to activate terminal window after dialing Your modem s properties Options tab 24 Propri t Standard Modem G n ral Connexion Options Cortr le de la connexion Activer la fen re du terminal apres avoir compos le num ro namia EEG Contr le de num rotation la tonalit carte de cr dit EE secondes Etat du contre Afficher l tat du modem um IV 7 5 Audit The user audit command enables to record connections achieved by ther They can be consulted using audit show login command Example ROOT gt gt user audit paul yes IV 7 6 Optional remote IP Address The Optionnal remote IP address can be configured thanks to user netaddr command In PPP or ISDN mode integrated ISDN MI ETH assigns this IP address to the user when he connects from a remote machine If IP address 15 already attributed connection 1s refused ROOT gt gt user netaddr paul 192 168 1 50 Address mask can be modified thanks to the user netmask command Example ROOT gt gt user netmask paul 255 255 255 0 IV 7 7 Telnet Address In terminal mode telnet MI ETH will automatically launch a telnet session on a remote machine corresponding to the specified IP address ROOT gt gt user telnetaddr paul 192 168 1 20 If you want to launch telnet session on another port other than port 23 you just have
20. level gt type 28 IV 9 6 Start stop audit When you create audit with the audit add command it is immediatly actived But you must restart a console audit after any reboot of your MI ETH This can be made thanks to the audit start command ROOT gt gt audit start Ok To stop a console audit use the audit stop command ROOT gt gt audit stop Ok V Terminal Mode Telnet V 1 Introduction In this mode MI ETH affords a login connection as a UNIX system would This implies a user account and terminal definition notion It is necessary for each port defined in the terminal mode to specify the type of terminal used ANSI VT100 WYSE etc to redefine if necessary keys sequences dealing with the management of terminals EOF ERASE KILL to create users accounts It is possible to allocate a port to a user AutoUser mode In this case MI ETH will open a session without asking for a user name User will be in a MI ETH shell like the administrator one but with a limited choice of commands Moreover up to 3 different sessions can be open on any server Use the command gt telnet monserveur Connection login can be immediately displayed on the terminal screen serial quick yes or after pressing the touch of the Enter key serial quick no Moreover MI ETH has specific functionalities making a remote terminal connection through modems possible V 2 Telnet L Telne
21. s side MI ETH Link DTR or RTS signal of the terminal to DSR signal of serial port n 1 make a cable Enable redirection of DSR signal to DTR signal of server MI ETH mux dsrredirect dtr 1 Link DTR signal and DCD signal of serial port n 1 make a cable Activate DTR signal of serial port n 1 mux defaultdtr yes 1 Configure management of DCD signal by MI ETH serial linectrl modem 1 Configure MI ETH to wait a character before launching the connection Serial quick no 1 Specify the timeout delay of the unused connection serial timeout 180 1 On server s side MI ETH Link DTR signal and DSR signal of serial port n 1 make a cable Activate signal of serial port 1 mux defaultdtr yes 1 47 Enable redirection of DSR signal to DTR signal of client MI ETH mux dsrredirect dtr 1 DSR signals of client and server s MI ETH must absolutly be activated at startup If DSR signal on client s side MI ETH is not activated at startup MI ETH can t establish the initial connection Moreover an undetermined DSR signal on server s side MI ETH can force client MI ETH to break initial connection before this connection can be established 4 State of DTR or RTS signal on the terminal will be applied to DCD on client MI ETH This will be able to establish or break the connection matching with terminal state on or off Others parameters Serial quick yes
22. same as the one of the Radius server SYSTEM RADIUS SECRET key XI 3 DHCP XI 3 1 Definition DHCP 1s a client server protocol that aimed at a dynamical attribution of the IP addresses to the machines of a network At the starting point each network machine sends a request to the DHCP server and 15 given an IP address MI ETH integrates a DHCP client that enables it to get an IP address from a DHCP server A problem occurs at the networks interconnection the DHCP requests frames that do not go through the routers Consequently for two connected networks to use the same DHCP server the router must play the part of a DHCP relay that 15 to say that 1t must pick the DHCP requests up and transmit them back to the DHCP server MI ETH from the network 192 168 2 0 will transmit the DHCP requests from the two machines back to the DHCP server 792 168 1 1 Both interconnected networks can thus use the same DHCP server 1 3 2 DHCP client MI ETH holds a DHCP client function Ifa DHCP server is active on your network MI ETH can receive its IP address and many others parameters from the DHCP server In factory configuration MI ETH boots with the DHCP mode active The system dhcp client mode command enables you to select the running mode of DHCP client DHCP CLIENT MODE lt bootp none The bootp mode enables MI ETH to act as a BOOTP client Bootstrap Protocol This protocol which 1s the predecessor of DHCP pr
23. to enter the following command ROOT gt gt user telnetport paul 1 25 25 IV 8 Management of a modem connection A Terminal can be connected directly on a MI ETH port serial local control or through modem pair In this last case the prompt will be displaged only if the DCD entry signal of the port becomes active serial linectrl modem If this signal becomes inactive all open sessions on this port will be closed MI ETH uses Modem form in which the administrator can specify a list of AT commands to setup a modem To create a new modem form use the modem add command Example ROOT gt gt modem add mod33600 The modem name 15 used when you have to associate the modem form to a MI ETH port To display modem forms list or the characteristics of a particular form use the following commands ROOT gt gt modem show Comment gt gt modem show mod33600 The modem comment command enables you to add comments about the modem its whole name for example ROOT gt gt modem comment mod33600 modem ACS 33600 bauds The init modem command enables you to change modem initialization sequence For more informations about the AT commands consult your modem s documentation Example gt gt modem init mod33600 at amp k3 c3 The modem dial command enables to define connection sequence of the modem Example gt gt modem dial mod33600 This form must be associated to the port where the mod
24. user For safety reasons number provided by the client must belong to a determinate list containing not more than three numbers Neverless if the character is specified as the first number every number provided by the user will be accepted ROOT gt gt user callback paul dynamic To enter numbers in the callback list use the following command ROOT gt gt user callbacknb paul 1 0240252326 Ok ROOT gt gt user callbacknb paul 2 0251235689 Ok Call back between WINDOWS 95 98 and In case of a PPP connection from Windows 95 98 at the moment when user 1 identifying himself to MI ETH login MI ETH will cut current connection in order to call the user back Consequently Windows 95 98 PPP connection phase will be interrupted Indeed Windows 95 looks after modem DCD state and interrupts the connection 1f it falls One simple solution to this problem is to make the modem DCD always active Configuration panel Modems Your modem s properties Connection tab Advanced Supplementary parameters field Add amp 050 2 Param tres de connexion avanc s Utiliser le contr le de flux Mat riel RTS CTS Logiciel ON OFF kanau N cessaire cot connecter Soni esse cellulaire es 5 suppl mentaires 0 0 4 Ajouter au
25. 255 0 0 182 168 1 1 255 255 255 255 06 reject Standard 0 0 0 0 0 0 0 0 Ha XI 2 Radius 2 1 Introduction Radius 15 a client server protocol aiming at centralizing the users authentication on a dedicated server see RFC 2138 To use Radius terminology we will call MI ETH NAS Network Access Server The obvious interest of this protocol 1s the fact that it enables to manage all the accesses to an information site with only one users database and whatever the type and number of NAS may be In addition to its authentication function a RADIUS server also enables to rule the connection type and parameters PPP telnet admin asynchronous or and RNIS access connection time according to the user who wish to connect An extension of the Radius protocol RFC 2139 also enables to count the connections You can thus keep a track of the connections made by all the users name connection length amount of informations transmitted and received cause of the end of session The working process of MI ETH integrated Radius client is the following A user authentication request login PAP CHAP is first locally analysed If MI ETH contains a suitable user account connection type and parameters are managed by MI ETH When the session starts MI ETH sends a starting signal to the RADIUS server START When the session ends MI ETH transmits an ending signal STOP If MI ETH cannot manage to authenticate the us
26. ACKSYS MI ETH 2 4 85 PORTS USER MANUAL Version 1 3 ACKSYS COMMUNICATIONS amp SYSTEMS 3 5 rue du Stade BP 4580 F 78302 POISSY CEDEX FRANCE Tel 33 0 1 39 11 62 81 Fax 33 0 1 39 11 29 50 www acksys fr TEEN PRODUCTION enmt 6 1 1 REMOTE ACCESS SERVER AND SERIAL PORTS SERVER S SERIE 6 6 6 OVERVIEW 2 2 1 322 ERIT IER E 8 IU T 2 PORISu dein doit ot decades 8 W2 POR S 8 IILINSTALEATIONz Coa eru R asa Reds 10 IDE INDICA TINGE DS ORME TI 10 2 INDICATING LEDS OF MI ETH 4 amp 8 0 0400 11 3 PORTS AND INTERFACES OF MI ETH 2 11 4 PORTS AND INTERFACES OF MI ETH 4 amp 8 5 000 2 0 000000000000000 11 11 Se CAUTIONS eon nese 12 TS TE M 12 IS I 01 12 SZN About MEE T 12 152 12 mons 13 11524 INTRODUC
27. Advanced 95232 2 l none Serial port Network Copy port Upgrade Parameters dedicated to the RAW mode IV 4 Network interface IV 4 1 Identification To correctly initialize the network connection use the ifconfig command to enter the following parameters IP address The location of your MI ETH on the network This address consists in four numbers separated by dots valid values for each of the four numbers are whole numbers between 1 and 254 for example 92 166 2 3 Network mask netmask It is a number similar to IP address which determines what address is specified by the network and what place on this network 15 specified by your MI ETH For an IP address 192 168 2 3 if you enter 255 255 255 0 as a mask value this means that your network address is 92 166 2 0 The maximal transfer unit system MTU On an Ethernet system the MTU value is commonly established at 1500 Broadcast address By default this address is the one of the system with 255 place of the machine address For a network address 192 168 2 0 broadcast address will be 192 168 2 255 By default network mask is configured at 255 255 255 0 class C and the MTU at 1500 Ethernet Only in some particular cases you have to change these values 16 IV 4 2 Rout checking with PING command In order to check if MI ETH 15 be reached inside the network you can r
28. ER Table of contents Quick install Ti Advanced configuration Quick Install _ Advanced Configuration 5 ity TY siie This mode enables you to set up your product for the most used configurations nfiquration enables you to set each parameter for specific configurations 29 Diagnostic 47 Security Enables you to show network state It also Setting of all security parameters records a detailed audit of events that nave if the page loading is slow you need to enable your browser cache check box Never Termin m Internet 72 Click GO and open session under the name root Default password 1s root Hot de passe r seau Ei 52 Tapez votre nam d utilisateur et votre mot de passe 132 158 1 252 Domaine acs Nom d utilisateur root Mat de passe E Enregistrer ce mot de passe dans votre liste de mots de passe Now you can configure your 15 E T E 21 http 192 168 1 252 cgi bin admin cgi page frame html amp refresh 0 12342820133958293 V ANGE ADVANCED 31 configuration SERVER Table of contents gt gt Serial Port Configuration Menu Save Buick install Advanced configuration Security Diagnostic General configuration 1 2322 raw 9600 noe 1 xon xoff L2 232 raw 9600 none 21 xon xoff Modification of port Default
29. GEMENT OF A PLC BY MORE THAN ONE TECHNICIAN 300 2 NODE 44 VILO 44 PETS BRETT 44 VII 6 5 Configuration of client s side MI ETH esee 45 VII 6 4 Configuration of server 8 side MI ETH 46 VII 7 EXAMPLE N 4 REMOTE MANAGEMENT OF A PLC BY MORE THAN ONE TECHNICIAN S M 46 PIS Chl ON 46 VAL TD SOU OU RM 47 VII 7 3 Configuration of client s side 22 999 48 VII 7 4 Configuration of server s side 2 0 99 2 49 255200 50 51 PE INTI ON 51 Ib AE GC ONEICURA TON 51 IX S e 52 A XASYNCHRONE PPP MODE 53 ZO SENTERO DUC TION 53 PAP ANDCHAP AUTHENTICA TION soriano odo tiu su eda 53 CONNECCION 53 CONNECTION 53 54 X 5 1 Creation cancelling and displaying of a 54 D SUN POMOC
30. MI ETH that all IP frames intended for the 192 168 1 2 server have to be sent to 192 168 2 1 router ROOT gt gt route add host ethO 192 168 1 2 192 168 2 1 255 255 255 255 Ok gt gt route static Kernel routing table Destination Gateway Genmask Type face 192 168 2 0 0 0 0 0 255 255 259 0 net ethO 192 168 1 2 192 168 2 1 255 255 255 255 host The second consists in informing MI ETH that all IP frames intended for the 792 168 1 0 network have to be transmitted to the 192 168 2 1 router ROOT gt gt route add net 192 168 1 0 192 168 2 1 255 255 255 0 ROOT gt gt route static Kernel routing table Destination Gateway Genmask Type Iface 192 168 2 0 0 0 0 0 255 255 255 0 net 192 168 1 0 192 168 2 1 255 255 255 0 net ethO The third and most often used manner consists in informing MI ETH that if the routing table does not contain any entry corresponding to the IP frame to send then this one will be sent by default to the 192 168 2 router ROOT gt gt route add net ethO 0 0 0 0 192 168 2 1 0 0 0 0 Ok gt gt route static Kernel routing table Destination Gateway Genmask Type face 192 168 2 0 0 0 0 0 255 255 255 0 net ethO 0 0 0 0 192 168 2 1 0 0 0 0 net 0 19 5 Asynchronous interfaces IV 5 1 Software settings Configuration of a serial port can be done with serial command You must enter individually each parameter
31. OOT gt gt serial mode raw 3 Ok ROOT gt gt serial mode ppp 4 Ok ROOT gt gt serial mode rtelnet 5 Ok IV 5 3 Type of control A port be configured in local control or in modem control In modem control will ignore state of the DCD signal for this port On the other hand in modem control MI ETH will propose to open a session only if the DCD is active Moreover if the DCD signal becomes inactive MI ETH will close all the open sessions on this port To configurate port 3 in ocal control enter gt gt serial linectrl local 3 To use a modem on port 2 you have to setup the port with this command gt gt serial linectrl modem 2 IV 5 4 Flow Control Flow control can have four different values XON XOFF Sending of XON 11H and XOFF 13H characters RTS CTS Signal shift XON XOFF and RTS CTS This kind of flow control is sed when one want to connect a serial printer on a flow control will be performed For example to set up the first four ports of MI ETH in each of these flow control modes you have to enter the following commands 20 ROOT gt gt serial flowctrl soft 1 Ok ROOT gt gt serial flowctrl hard 2 Ok ROOT gt gt serial flowctrl softhard 3 Ok ROOT gt gt serial flowctrl none 4 Ok IV 5 5 Automatic disconnection of a Modem If there 1s no data traffic during a determined deplay on port where the modem is connect
32. Routing induce modifications MI ETH has to carry out on its routing table after a PPP link has been established Yes After a PPP link has been established MI ETH will add the next entry to its routing table destination Remote IP and mask bridge local IP interface PPPx ROOT gt gt ppp route internet yes Default After a PPP link has been established MI ETH will add the next entry to its routing table destination Remote IP and mask bridge local IP interface PPPx ROOT gt gt ppp route internet default No MI ETH s routing table 1s not modified ROOT gt gt ppp route internet no X 5 10 Enables to transcode 1f necessary one control character or more among the 32 of the ASCII table If one bit among the 32 of the word Asyncmap is fixed at 1 the rank character that corresponds in the ASCII table will be transcoded By default the XON 17 XOFF 19 and GS characters are transcoded Here is the result in binary 00100000000010100000000000000000 in hexa 200A0000 Example ROOT gt gt ppp asyncmap internet 200A0000 X 5 11 MRU Maximum size of IP packets in reception ROOT gt gt ppp mru internet 1500 56 X 5 12 MTU Maximum size of IP packets in transmission ROOT gt gt ppp mtu internet 1500 X 6 PPP connection establishment The establishment of an incoming PPP connection proceeds in three steps User connection phase Authentication phase IP address ne
33. S save Messages about PPP negociation Messages about asynchronous ports Messages about network Messages about Firewall preceeding types 21 IV 9 2 Audit on your console To create audit on your console use the audit add console command in this way AUDIT ADD console lt level gt lt type gt Audit will display in your current session s window You will still be able to enter commands with this shell Level and type parameters do not change IV 9 3 Audit in a file To send auditin a file use the audit add buffer command in this way AUDIT ADD buffer lt level gt type Level and type parameters do not change You will be able to show this file thanks to audit view and audit last commands The audit view command enables you to show the entire audit file gt gt audit view With the audit last command you can display the last lines of the audit file ROOT gt gt audit last 10 In this example you will show the ten last lines of the audit file IV 9 4 List of created audits The audit show command enables you to display the list of declared audits Example ROOT gt gt audit show buffer 0 0 0 0 debug async warning auth ppp system console 0 0 0 0 warning all IV 9 5 Delete audit To delete an audit use one of the following commands AUDIT DELETE lt syslog trap remote gt lt level gt type AUDIT DELETE lt buffer console lt
34. SER AC COUNT 22 aua DOSS WONG ein ae 23 TV COMMONS E 23 SIGN Qui COMMUNICA 23 821112976 23 22 TV 57 OO PUONALTCMOTCT E asi 21 dae Scu a 29 IV 8 MANAGEMENT A MODEM 7 220000000000 ese ssseses esee 26 IR FE SUID NR RC E 27 IV 9 1 Audit on a remote 00070000 27 edd Ud COHSOlO quae 28 TU de nS EE eee RT eC eee ere 28 I 9 4 gt LAST OF 26 110 5 Delete 28 TV 29 TERMINAL MODE TELNE 30 NAS SAIN TROD UC 30 30 31 VA AUTOMATIC TELNET 32 Noo USER CONNECTION DIAGRAM a Tea ee Due inset 32 AND
35. TION 13 V2 S EN BER IN GIP ADRI SS ios 13 IV 2 1 Entering IP adress from Advanced Administrator esses 13 TVD adress from GC Terminal quite do eei 14 IV 3 HTTP CONFIGURATION NETSCAPE INTERNET eene 14 DY 2 NEDIWORKINTBREACE bed 16 IVA 16 7 4 2 Rout checking with PING command 17 222 ULI OO sue LM ML MD PME 17 Sc xASYNGHRONOUS INTERTACES 19 I ILDN WAFS S na CHE 19 MS MOO ieee esha te deed 19 COV ON ND 20 BRE 20 IV 5 5 Automatic disconnection Of Modem o 21 7 5 6 Association of a modem form to 21 I o SAVIO INO ten trade 21 IV 6 SAVING AND RESTORING CONFIGURATION eene nnne eene 22 IE O0 be Savine md LAS memorbyuscu ete qos eR 22 IV 6 2 Saving CONV ates sect PU UH UNE 22 OPENING OPA U
36. _ So 192 158 1 10 192 158 1 11 192 188 1 12 132 168 1 0 192 1632 0 4 192 168 210 192 168 2 11 Se This figure will act as a support for examples described below 67 1 4 1 Forward Firewall For example you can forbid a particular LAN machine all connections to Internet or forbid a machine to use some services FTP mail web To forbid these connections just say to MI ETH not to route frames coming from the machine to the selected services It can be made with a Forward Firewall rule 1 Create an active chain in Forward Firewall mode Enter the chain name chain for example in the Name field And select Forward in the menu Chains and rules edit cham tne rma hp T End oime range TS ow Address Pers Bidir Proto Policy 105 192 168 0 0 255 255 0 0 accept standard 192 168 0 0 255 255 00 192 168 2 11 255 255 255 255 reject standard 0 0 0 0 0 0 0 0 192 168 1 11 255 255 255 255 reject standard 0 0 0 0 0 0 0 0 i92 168 112 288 255 255 258 0 reject Standard 0 0 0 0 0 0 0 0 pop 3 192 168 1 13 255 255 255 255 reject standard 0 0 0 0 0 0 0 0 fare 192 168 0 0 2 2 00 7 masquerade Standard 0 0 0 0 0 0 0 0 2 To create the second rule of this example please execute the followin
37. a navigator System page or in command line SYSTEM RADIUS AUTHENTIC lt server node name IP address gt In the same way you can activate the accounting Radius client like this SYSTEM RADIUS ACCOUNTING lt server node name IP address gt TCP ports attributed to the Radius server are by default 1645 authentication and 1646 accounting These two port numbers have been modified the last two RFC about RADIUS These new values 1812 and 1813 If your Radius server takes these new numbers into account modify them with the following commands SYSTEM RADIUS AUTHPORT lt TCP port No of authentic server gt SYSTEM RADIUS ACCTPORT lt TCP port No of accounting server gt When MI ETH emits a request to the Radius server it waits no more than 3 seconds for the server s answer You can modify this duration with the commands SYSTEM RADIUS AUTHTIMEOUT lt authentic server request timeout gt SYSTEM RADIUS ACCTTIMEOUT lt accounting server request timeout gt If MI ETH has no answer at the end of the Time Out it repeats 115 request three times You can modify this number with the following command SYSTEM RADIUS AUTHRETRIES lt authentic server request retries gt SYSTEM RADIUS ACCTRETRIES accounting server request retries amp gt The Radius protocol cyphers the passwords so that they do not appear clearly the requests IP frames You must therefore necessarily specify the coding key secret It must be the
38. ay to Friday Just select Start Day of the Week Monday and End Day of the Week Friday Chains and rules edit chain meni Type Mn D M Y Hr Mn Dw D 2 forward 115 Waiting Em Type of IP frames Comments E TUN NITE Minute Dayofweek of week Im Chain activated every month from the 1st to 15th Just fill these two fields Start Day 7 and End Day 15 65 Chains and rules edit chain ar Daw 5445 examples forverd 181131 ele le waiting Edit chain er e echt redir chams tuerm Enable Type of IP frames Comments ime range a E NS NS NE Chain activated every day from 8AM to 7PM Just fill these two fields Start Hour 8 and End Hour 9 To create a chain you must precise the chain s Firewall type Input Output or Forward Select the Firewall type the menu XI 1 3 Rules These rules are made of a premise the characterizes a frame type and of a conclusion that specifies the kind behavior to be adopted Premise gt Conclusion sender AND target AND gt OR reject OR deny protocol AND port AND logical and OR logical or MI ETH look
39. base es es es es Yes 3 SSL V3 DES 40 or 56 bits RC4 40 Secured Remote COM or 128 bits RSA 512 ou 1024 bits ADMINISTRATION TTP Yes SNMP MIBII MIB MI ETH 5 elay DHCP client Yes 2 elnet Console es lt lt mbadded Firewall ime range 5 SSLV2 V3 lt 3 D zi 49 Q O 2 ports MISCELLEANEOUS IP TCP UDP ICMP ARP Finger TFTP Telnet Rtelnet DHCP BOOTP Protocols HTTP SNMP Syslog Ye emoteCOM 5 v 1 GENERAL Memory 16 Mo imer WatchDog Ye 85 VAC to 264 VAC Power Supply 47 to 63 Hz ize 280 x 170 5 x 40 mm 78 XIII Cabling XIII 1 SUBD9M connector on MIETH 2 ports _ XIII 2 RJ45 connector on MIETH 4 amp 8 ports Circuit cre 218 per 878543221 RTS 00123 0 Pin Circuit 6 Figure RJ45 front view 79 XIII 3 DTE to DTE With RTS CTS flow control DTE HxD TxD RTS CTS Ground DSR DED DTR RJ45 25 089 2 3 3 2 5 8 4 7 5 20 4 8 1 6 6 TxD RxD CTS RTS Ground DCD DSR XIII 4 DTE to asynchronous terminal DTE With RTS CTS flow control DTE HxD TxD RTS CTS Ground DSR DCD DTR RJ45 825 089 2 3 3 2 6 6 20 4 7 5 7 8 5 8
40. e Mux mode you can also establish a communication between to serial equipments through an asynchronous link You can for example use a terminal on your MI ETH to manage a PLC located on a remote MI ETH II 2 MI ETH 4 amp 8 ports MI ETH 4 amp 8 supports the same functions as MI ETH 2 but provides 4 or 8 asynchronous ports With MI ETH 4 amp 8 you can use RemoteCOM function on each port Figure 1 Using of MI ETH as a terminal server Figure 2 Using as remote access server 8 1 Figure Using of MI ETH to connect serial equipments III Installation This chapter details the first steps to install MI ETH 2 ports and 4 amp 8 ports III 1 Indicating LEDS of MI ETH 2 Designation Color Setup mode activated setup yellow Normal mode activated No presence of the Presence of the network x eth green Data transmission To the network Data reception from the network NN Data transmission To port S1 Tx 521 yellow transmission To port S2 52 Power MI ETH is on Off MI ETH is off 10 2 Indicating LEDS of MI ETH 4 amp 8 ports or a mode activated Setup Locate function activated No presence of the LAN Link red network Presence of the network green Data transmission from the network green Data reception from the network Power green MI ETH is on II 3
41. e server route add host 192 168 1 46 gw 192 168 1 45 UNIX system command If the remote host connection is unpermanent this solution 1s not valid It 1s indeed not conceivable to adapt the server routing table to each connection and disconnection of a remote host A solution to this problem 15 to assign to remote hosts an IP address belonging to a sub network different from that used by the server For example if you initiated Remote IP with the value 792 168 2 1 all machines connected on MI ETH will be respectively assigned numbers 792 168 2 1 192 168 2 2 192 166 2 3 etc Thus you just have to add the next route on the server 7 route add net 192 168 2 0 gw 192 168 1 45 UNIX system command Xl Advanced fonctions XI 1 Firewall XI I 1 Definition The different network interfaces of MI ETH 0 ppp isdn made to receive and transmit IP frames The firewall embedded MI ETH enables the network administrator to precisely define MI ETH behavior during reception and broadcast of each frame The firewall also enables you to define diiferent behavior depending on time and day The choice can be made in the three following situations The IP frame is MI ETH assigned Input The IP frame is sent by MI ETH Output IP frame pass through MI ETH Forward In each of these situations and according to the frame type MI ETH can behave one of the following ways Accepting the operation Accept
42. ed MI ETH can decide to disconnect the modem signal deasserted For example to disconnect the modem installed on port 3 if this one 1s not used during 2 mn use the following command gt gt serial timeout 120 3 To disable this option please set a delay of 0 second WARNING This automatic disconnection is sometimes managed directly by the modem IV 5 6 Association of a modem form to a port To use a modem on a port you have to associate a modem form to this part A modem form contains configuration parameters for the modem see IV 8 Management of a modem connection To associate a modem form named dialing to port 1 enter gt gt serial modem dialin 1 IV 5 7 AutoUser mode AutoUser mode enables MI ETH to launch automatically a session on the specified port for a certain user To configure MI ETH s port 1 in AutoUser mode for a user named Paul enter gt gt serial autouser paul 1 CAUTION You must definitely not define any password for the session lauching to be automatical see IV 7 Creation of a user To come back to usual mode on port 1 enter gt gt serial autouser none Consult reference manual for more details about commands that are dealt with 1n this chapter 21 6 Saving and restoring configuration IV 6 1 Saving in FLASH memory parameters are conserved by MI ETH in RAM up to the next MI ETH boot If you want to conserve al
43. em 15 located gt gt serial modem mod33600 1 26 IV 9 Audit Audits generate some usefull information to control 1 5 activity or to analyse configuration errors These information are displayed in real time or redirected a file Audit commands enable you to set type and level of captured information as well as the displaying mode of information IV 9 1 Audit on a remote machine To create an audit on a remote machine use the audit add command with following parameters AUDIT ADD lt syslog trap remote lt level gt lt type gt Syslog Trap if you use syslog option information will be sent to syslogd daemon of the specified remote machine If your machine does not run syslogd daemon you must install one If you use an smtp administration soft you can display MI ETH s audit thanks to the trap option Remote IP It is the IP address of the remote machine on which you will display MI ETH s audit Level It is preciseness level of audit messages These differents levels are Minimum displaying of errors messages Like warning level but there 15 messages about MI ETH s activity messages about running process details Type It defines type of messages that you want to see audit These differents types are Messages about authentication printer Messages about daemon Messages about isdn connections Messages about system parameters DHCP RADIU
44. em IP address to the user form thanks to the user telnetaddr command see IV 7 7 Telnet Address V 5 User connection diagram The user connection scheme can be summarize by the following diagram Debut Phase de Control Mocem Attente Attente Touche Enter D but connexion Terminal via Modem DCD active saisie login utilisateur iw 2 e ge Pore ny 3 Nr e e 2 2 ni 9 S tn 5 ts D identification S phone numoer 9 Altante 72 saisie login a 4 8 Ving passwo E M Ua oe agta 25 T 20 Fin identification phone num i back de la liste 94 taire composes phona number Fin Phase de connexion utilisateur DCD 32 Rawtty RemoteCOM VI 1 Introduction Rawtty and RemoteCOM enable a server to use an MI ETH asynchronous port as one of its own ports To perform this operation you just have to install a driver on server and to setup a few parameters on your MI ETH VI 2 RemoteCOM under Windows 95 98 amp NT RemoteCOM is a driver for Windows systems which enables you to redirect COM ports on MI ETH RemoteCOM 15 made to manage flow control signals DSR and DCD VI 2 1 Setting up the MI ETH Only flow control parameter must be set on the MI ETH
45. er the request is transmitted to the RADIUS server If RADIUS accepts the request it will transmit the connection type and parameters to MI ETH Later informations about beginning and end of session are transmitted to RADIUS 70 2 2 Attributs Radius support s par le Attribute User Name User Password CHAP Password NAS IP Address NAS Port NAS Port Type Service Type Framed Protoco Framed IP Address Login IP Host Login TCP Port Login Service Reply Message Callback Number Acct Status Type Acct Input Octets Acct Output Octets Definition Notes alphanumerical characters alphanumerical characters Challenged user answer amied Ea the NAS Sias NASIPaddess J 000 Asynchronous port or ISDN channel number Login Framed Callback Login Admin NAS Prompt Callback NAS prompt PPP only IP address attributed to the user Telnet server IP address Callback Login and Login Service Telnet server port number Callback Login and Login service Kind of service used to Telnet only connect the user with an Implanted only on host machine Message to be transmitted to the user Callback number asynchronous ports Session starting or ending START or STOP informations Number of bytes received during a session Number of bytes transmitted during a session Service type Acct Session Id Session identifier AcctSession Time Session duratio
46. example the 192 168 1 11 machine will not be able to connect to a web site Ports www but it be able to send e mails or to make ftp transfert As well 192 168 1 12 machine will not be able to send smtp or receive pop e mails Other services can be used The 92 168 1 13 machine cannot issue a telnet session nor FTP transfert The last rule allows all 192 168 0 0 subnetwork s machines to connect to Internet XI 1 4 2 Input Firewall For security reasons we can expected that an Internet host could not issue a Telnet session or access to a Rawtty port on MI ETH Only the LAN machines will be authorized to administrate MI ETH or to connect to a Rawtty port To do this make this Input Firewall chain Chains and rules edit chain m vee mmn ow D M Y 0 Routing rules Address Ports Bi dir Proto Policy 1 05 192 168 0 0 255 25 000 accept Standard fast 152 168 1 255 258 255 288 reject Standard 192 168 1 1 255 255 255 255 XI 1 4 3 Output Firewall If you want that a terminal connected to MI ETH cannot issue a Telnet session on any Internet machines make this Output Firewall chain 69 Chains and rules edit chain zoe zai nun pw Dw p w v Address Netmask ____ Ports Bi dir Proto Policy 7 0 5 192 168 1 1 255 255 255 255 0 accept standard rast 192 199 0 0 255
47. g process MI ETH default behavior is to accept all connections default policy accept In the Address field of the Source line enter the IP address of the LAN machine that will not be able to connect to Internet then enter the mask value in the Mask field of the Source line To join Internet MI ETH uses the default route therefore enter the value 0 0 0 0 in the Address field of the Destination line and the value 0 0 0 0 in the Mask field of the Destination line In the Protcol field enter the filtred frames type all in this case In the Policy field enter MI ETH policy for these frames And then keep Bidirectionnal box unchecked and TOS to standard In this example all frames Protocol coming from the 192 168 2 11 machine Source 192 168 2 11 and targeting an Internet host Destination 0 0 0 0 will be rejected Policy reject 68 To specify a particular port in a rule just enter its number in the ports field You can also type the service name in the ports field Ex telnet to 23 In the Ports field of the Source line enter the user plage range that will be forbid or autorised by the rule To do this you must enter the first and the last number separed by a 1024 65535 In the Ports field of the Destination line enter the port s number s or service s name s that will be autorised or forbid by the rule To enter more than one port just separate them by a space telnet ftp For
48. gotiation 6 1 Dial IN user connection phase This phase is the same as the one described paragraph V 5 User connection diagram However if PAP option is turned on the user authentication phase wait login password can be interrupted if the calling unit starts directly the PPP negotiation In this case the calling unit 1s identified by the name and the PAP password X 6 2 Authentication phase n gociation login security amp password PAP D but Phase d authentiflaatian in py login amp password i Chap Mop Mauvaise Retour d but reponse r ponse Phase de connexion utilisateur A Cr N e re 2 2 59 Fin Phase d authentification Dial IN MI ETH consults its user database to authenticate the calling unit Dial OUT MI ETH provides the caller with the name and the password contained in the PPP form 21 6 3 IP adress negotiation phase In this negotiation phase each machine located at the end of the serial connection sends a request to the other to establish the two IP addresses that will be used during the connection Local IP Local IP A Remote Remote achieve negotiation the 2 IP address have to be defined by one machine or the other If the first or the second IP address 1s not defined negotiation will fail If one of both IP addresses is defined by each of the
49. ible data composed by characters and changes of signal s states are separated into packets These packets are then transmitted thanks to TCP or UDP transfert s protocols from one serial port to the other 2 TCP Mux The TCP protocol warrants retransmission of lost or mistaken data and manages packets This mode must be used in most of the cases To configure this connection you must set the client port in mux mode and the server port in raw mode 3 UDP Mux To transmit the data flow that forwards the asynchronous link from one end of the network to the other we must change this data flow in a characters flow mixed with codes which match with signal s states Packaging of data and forwarding of an IP network can generate delays between characters and changes of signal states if they are in different packets It means that out data flow and in data flow can have mismatching chronogrammes It can disrupt the good running of some serial transmission s protocols like ones used in industrial environment Thanks to a measured delay between data flow and out data flow UDP mux mode enables most of transmission s protocols to use a connection through an IP network To configure this connection you must set both ports in mux dg mode 4 Example n 1 Remote management of a PLC by a technician VII 4 1 Description A technician wants to manage a PLC located on a remote TCP IP network thanks to a
50. ide MI ETH ROOT gt gt serial mode mux 1 serial linectrl modem 1 serial timeout 180 1 serial quick no 1 mux defaultdtr yes 1 mux ip 192 168 2 1 1 mux port 1 1 mux dsrredirect none 1 mux ctsredirect none 1 ROOT gt gt mux show 1 Port Mode Sync Flush KAlive Remote IP port DCD gt DSR gt CTS gt debug 45 192 168 2 1 1 none none ROOT gt gt serial show 1 Port Mode Speed FlowCtrl LineC Cs Par Stop ModemName Rtelnet TimeO mux 9600 soft modem 8 none 1 180 serial mode raw 1 mux dsrredirect none 1 mux ctsredirect none 1 mux show 1 Port Mode Sync Flush KAlive Remote port DCD DSR gt none ROOT gt gt serial show 1 Port Mode Speed FlowCtrl LineC Cs Par Stop ModemName Rtelnet TimeO raw 9600 soft local 8 none 1 VII 7 Example 94 Remote management of a PLC by more than one technician solution 3 7 1 Description 46 VII 7 2 Solution The solution above assign the PLC to a technician for a minimum of 3 minutes even if his terminal 15 off This solution have all advantages of the two preceeding solutions Access to the PLC will be assigned to the first technician who will try to establish the connection If the technician power off his terminal the PLC will be immediatly accessible to the second technician One the other hand if the technician forgets to power off his terminal the PLC will be accessible to the second technician after 3 minutes On client
51. inal emulator You just have to link this signal to serial port s DCD entry of MI ETH and to configure management of DCD signal by MI ETH serial linectrl modem TCP connection will be established only if terminal is powered This connection will be stopped if DCD signal is not on terminal is off 5 3 Configuration of client s side MI ETH Make a cable with terminal s RTS or DTR signal linked on serial port s DCD signal 42 serial mode mux 1 serial linectrl modem 1 mux ip 192 168 2 1 2 mux port 1 1 mux dsrredirect none 1 mux ctsredirect none 1 mux show 1 Port Mode Sync Flush KAlive Remote port DCD gt DSR gt 192 1002423 none none ROOT gt gt serial show 1 Port Mode Speed FlowCtrl LineC Cs Par Stop ModemName Rtelnet TimeO mux 9600 soft modem 8 none 1 VII 5 4 Configuration of server s side MI ETH ROOT gt gt serial mode raw 1 Ok ROOT gt gt mux dsrredirect none 1 Ok ROOT gt gt mux ctsredirect none 1 Ok ROOT gt gt mux show 1 Port Mode Sync Flush KAlive Remote IP port DCD gt DSR gt ROOT gt gt serial show 1 Port Mode Speed FlowCtrl LineC Cs Par Stop ModemName Rtelnet TimeO raw 9600 soft local 8 none 1 43 VII 6 Example n 3 Remote management of a PLC by more than technician solution 2 VII 6 1 Description VII 6 2 Solution The solution above needs that the technician powers off his terminal to allow another technicia
52. l modem 1 Ok Create users account ROOT gt gt user add paul xxxx OK ROOT gt gt user comment paul Paul Duchemin OK gt gt user in paul yes OK ROOT gt gt user out paul no OK ROOT gt gt user audit paul yes OK To give a user a particular address you just have to use the user netaddr command ROOT gt gt user netaddr paul 192 168 1 50 Ok To allow MI ETH to call a particular user back callback just choose the static option and define the user number in the Callback list field Define a modem form if none of those predefined corresponds to your modem ROOT gt gt user callback paul static Ok ROOT gt gt user callbacnb paul 1 0251809000 Ok ROOT gt gt modem add sporster Ok gt gt modem comment sporster Us Robotics Sporster 33600 Ok ROOT gt gt modem init sporster at amp k3 c3 Ok ROOT gt gt modem dial sporster atd Ok Associate the Modem form to the port where the modem 1s connected ROOT gt gt serial modem sporster 1 Define the PPP connection parameters PPP form ROOT gt gt ppp add ppptest1 Ok ROOT gt gt ppp comment ppptestl Test Nb 1 Ok ROOT gt gt ppp security ppptestl pap Ok 61 ROOT gt gt ppp local ppptest1 0 0 0 0 gt gt ppp remote ppptestl 192 168 1 46 Ok ROOT gt gt ppp mask ppptestl 255 255 255 255 Ok ROOT gt gt ppp proxy ppptestl yes Ok ROOT gt gt ppp route ppptest no Ok
53. l your parameters you must write them in FLASH memory Make this operation with the following command ROOT gt gt Save Status done ROOT gt gt IV 6 2 Saving a configuration copy You can save a MI ETH configuration copy on a remote machine thanks to the TFTP trivial file transfer protocol protocol MI ETH parameters will be sent via TFTP to a file previously created on the remote machine Proceed as follows Create an empty file on your TFTP server example with the following UNIX command echo n gt tmp mieth conf chmod 666 tmp mieth conf Indicate to MI ETH the IP address of the server where the file will be staved as well as the name of this file and start the transfer ROOT gt gt system config server 192 168 1 1 ROOT gt gt system config path tmp mieth conf ROOT gt gt system config store To restore configuration file execute the next command ROOT gt gt system config load CAUTION The loaded configuration is stocked in RAM Save it in FLASH memory with the save command gt gt save Status Done ROOT gt gt IV 7 Opening of a user account The opening of a user account can be made through the user commands Thanks to these commands you can create or modify a user form To create a new form use the user add command You have to specify fields values according to your needs 22 7 1 Name password When you create a user use the user
54. machines negotiation result will be undetermined Local address The local address negotiated by MI ETH 15 the one defined in the Local IP field of the PPP form If Local IP contains 255 255 255 255 MI ETH will accept the address provided by the remote host If Local IP contains 0 0 0 0 MI ETH will negotiate the IP address of its network interface Remote address To determine the remote address for negotiation MI ETH proceeds the following order Incase of a Dial IN access it uses in priority IP address specified in the user form see IV 7 6 Optionnal remote address Ifthe form does not contain an optional remote IP adress it takes the IP address specified in the Remote IP field from the PPP form address is already allocated to another interface it takes the next free address Exemple Remote IP contient 192 168 5 1 User A connected IP Adress 192 168 5 1 IP Adress 192 168 5 2 User A disconnected IP Adress 192 168 5 1 free I P Adress 192 168 5 1 If Remote IP contains 255 255 255 255 MI ETH will accept the address provided by the remote host If Remote IP contains 0 0 0 0 MI ETH will negotiate the next free IP address to its network interface If Remote IP field contains a network address MI ETH will accept the address provided by the remote host See X 5 Dial OUT connection 58 WARNING The network administrator will have to insure that IP addresses susceptible to be provided
55. n lt o Z lt o o ser Request Lost 71 XI 2 3 Radius requests To authenticate a user the NAS emits a request Access Request toward the Radius server The Radius server can reject the request Access Reject or accept the request Access Accept If the request is accepted the NAS can inform the Radius server about the starting and ending of the session Accounting Request Radius requests carry several attributes The following table shows the requests emitted by the NAS Access Account Account Request Request Start Request Stop NAS Port Service Type 0 1 if Service Type ts 0 1 Framed or Callback Protocol Framed ID 21 if Service Type IP Framed Callback reas Framed 1 if Service Type Login IP Host 1 Login or Callback Login 1 if Service Type Login or Callback Login 1 if Service Type Login Service Login or Callback Login Acct Input n 1 Octets Acct Output 0 1 1 Acct Session 0 1 1 19 Time Acct kar Danag 7 User Request Lost Carrier Cause 72 XI 2 4 Configuration of thr Radius client MI ETH To activate the authentication Radius client you just have to give MI ETH the RADIUS server IP address A nil value 0 0 0 0 stop the Radius client This setting up can be done either with
56. n adjust some parameters of the Rawtty function WARNING These two commands must not be used when the Driver has been installed The syntax of the rawtty command is keepalive lt delay gt vl d u username c MI ETH IP port num 37 Keepalive helps to regularly check MI ETH s physical presence on the network A request is carried out every lt delay gt second s to check if the connection 1 still valid If there is no answer within this time range connection is cut down y option enables to use command with MI ETH versions previous to the 3 2 version 4 option enables to enter in debug mode u option enables to create a device under another user account option enables to cancel created device ex dev raw1 at the end of the rawtty process Two commands enable to increase or to decrease delay of the connected keepalive The first command increase keepalive delay with one second ill USR1 pid rawtty The second decrease keepalive delay with one second A ill USR2 pid rawtty Example for a UNIX server rawtty dev raw4 192 168 1 12 5 amp La The rawclose command enables to force to close port declared rawtty Syntax rawclose server IP address port number Example rawclose 192 168 1 12 5 38 mode VII 1 Introduction Mux mode enables you to establish an asynchronous link from end to end through an IP network To make this poss
57. n to manage the PLC If the first technician forgets to power off his terminal the PLC is not reachable for the second technician Another solution is to automatically break the unused connection after a specified timeout Connection will be automatically relaunched when the technician will type any character on his keyboard On client s side MI ETH Link terminal s signal DCD signal of serial port n 1 make a cable Activate DTR signal on port n 1 mux defaultdtr yes 1 Configure management of DCD signal by MI ETH serial linectrl modem 1 Configure MI ETH to wait a character before launching the connection serial quick nol Specify the timeout delay of the unused connection serial timeout 180 1 44 server s side Be sure that signal state on client MI ETH will not be changed by DSR signal stateof server MI ETH mux dsrredirect none 1 6 YET 482 1581 1 Two conditions must be satisfied to establish the connection DCD signal on DTR is and is linked to DCD of the serial port the condition will ever be satisfied But we must be sure that no change of client MI ETH s DTR signal s state occurs It is the reason why we stop redirection of DSR signal mux dsrredirect none 1 Receive a character thanks to the serial quick no command MI ETH will wait for a character on its serial port before establishing the connection VII 6 5 Configuration of client s s
58. nd CHAP authentication 54 ROOT gt gt ppp security internet chap 5 4 Authname and password The ppp authname command enables you to define the user account name that will be used by MI ETH to authenticate itself to the remote host Example ROOT gt gt ppp authname internet paul Enter the user account password thanks to the ppp password command Example ROOT gt gt ppp password internet pws25d 5 5 Local IP Local address of the PPP interface If you enter the address 255 255 255 255 MI ETH will accept the address provided by the remote machine ROOT gt gt ppp local internet 255 255 255 255 If you enter the address 0 0 0 0 MI ETH will negotiate its own address network interface IP address with the remote machine ROOT gt gt ppp local internet 0 0 0 0 5 6 Remote IP Remote IP address of the PPP interface If you enter the address 255 255 255 255 will accept address provided by the remote machine ROOT gt gt ppp remote internet 255 255 255 255 If MI ETH has already attributed the specified address to another PPP interface it will negotiate the next available address 5 7 Proxy ARP This command define if MI ETH s ARP table has to include the remote machine IP address see X 10 Proxy ARP ROOT gt gt ppp proxy internet yes 55 5 6 Mask It is the network mask of the created ppp interface ROOT gt gt ppp mask internet 255 255 255 255 X 5 9
59. nd will activate MI ETH s DHCP relay gt gt dhcp relay server 192 168 1 1 Note that you can enter IP address of a second DHCP server In this case MI ETH etransmit DHCP requests to both servers and will take care of the first reply that it will receive To launch the DHCP relay enter gt gt dhcp relay enable yes To stop the DHCP relay enter gt gt dhcp relay enable no XII Technical specifications MI ETH 2 ports MI ETH 2 LANETHERNT 0 base T _______ ______ ASYNCHRONOUS umber of ports Po 5232 Interface es 9422 485A Interface vervoltage TBKVESD XON XOFF RTS CTS DTR DSR D Signals CD peed 2 abling SubD9Male 2 ROUTINGG tatic routing Po SECURITY 7 adius client 75 User database ADMINISTRATION TTP SNMP MIBII MIB MI ETH ava elay DHCP client elnet Console ports 1 0 es MISCELLEANEOUS IP TCP UDP ICMP ARP Finger Protocols TFTP Telnet Rtelnet DHCP BOOTP HTTP SNMP Syslog PPP 1 5 un ________ 2 GENERAL 0 89 207 VAC to 253 VAC 90 to 60 Hz 6 5 VA Ize 102 5 x 175 x 47 mm 3 Power Supply 76 4 8 ports 4 8 LAN ETHERNET Yes CD ROUTING tatic routing Yes SECURITY 5 adius client Yes ser data
60. otocol supports less options than DHCP To deactivate MI ETH s DHCP client use the none option MI ETH does not know the DHCP server IP address It broadcast 1s request on the LAN to join the DHCP server If you want to specify a particular DHCP server IP address just use the system dhcp server command Example ROOT gt gt dhcp client server 192 168 10 1 If you want to go back to the broadcast method enter the following command gt gt dhcp client server 255 255 255 255 When is booting if the DHCP client 15 active it sends its DHCP request on the LAN and waits for a reply If it does not receive a reply after 30 seconds MI ETH assumes that the request fails Then MI ETH use IP address and other parameters saved in flash memory To modify the reply timeout use the dhcp clent timeout command Example ROOT gt gt dhcp client timeout 60 To visualize the current parameters of your customer DHCP enter ROOT gt gt dhcp client show WARNING To validate DHCP commands you must save new parameters in flash memory The next time MI ETH will boot it will use these new parameters 74 13 3 DHCP relay MI ETH holds the function of DHCP relay To activate this function you just have to use the system dhcp relay command This syntax command is the following SYSTEM DHCP RELAY server 1 server2 gt IP address gt If the IP address of your DHCP server is 192 168 1 1 the following comma
61. r i dec siam sarveur2 decision fr 3 decision fr serveur logir serveur login serveurs login ALT F3 ALT Session 2 ALT F2 A terminal with an emulation that can bear a change of screen switching ANSI WYSE60 etc makes a multi screens between different Telnet sessions possible It is necessary to setup asynchronous port with ROOT gt gt serial termtype ansi Note that the specified terminal type ANSI in this example 15 the remote application terminal type negociated during session establishment With ALT F2 ALT F3 and F control keys you can respectively commute terminal on sessions 2 3 and 4 With ALT F1 combination you can go back to session 1 in order to execute a new session or to suppress an active session It is possible to display the open sessions list gt serial session 5 Port Sessionl Hostl Session2 Host2 Session3 31 To close or several sessions on port use the close session command For example if user connected on port 7 wants to close his first session he will have to enter ROOT gt close session 1 If the same user wants to close all his sessions he will enter ROOT gt close session all V 4 Automatic Telnet It is possible to automatically launch a Telnet to a certain server system as soon as the user 1 connected To achieve this you just have to add the syst
62. r on which the printer is connected to If a printer 1s found on the port 4 the configuration will be the following gt gt serial mode printer 4 OK In order to control paperoff or offline signal you must use Xon Xoff RTS CTS double flow control with the following wiring MI ETH DTE toward the asynchronous printer DTE Use the XON XOFF flow control Detection of the printer unavailability OFF LINE is possible thanks to the printer DTR Signals that are not by are necessary and sufficient the ones that are by a are optionnals and correspond to a more standard wiring DTE RJ45 DB25 DB9 DTE RxD 4 2 3 TxD TxD 2 3 2 AxD RTS 7 6 6 DSR CTS 20 4 DTR Ground T 5 Ground DSR 8 4 7 RTS DCD 5 8 1 DCD 6 5 8 CTS 50 IX Rtelnet Mode IX 1 Definition With the Rtelnet protocol you can interconnect an equipment without network interface with a TCP IP network This equipment can be for example an operating system without TCP IP stack MOS PICK etc or a peripheral that can be setup by a serial terminal The serial equipment interface 15 connected to a MI ETH port in Rtelnet mode The user connects to this equipment when he executes a Telnet session from a TCP IP machine qd We es nn m 192 168 1 1 Servaur n 2 192 169 1 0 192 168 1 2 Figure 6 The TCP IP
63. s for the first rule that characterizes the IP frame to be analyzed If it finds none a default policy is adopted WARNING MI ETH looks for the first rule that characterizes the IP frame Order of rules is very important Enter rules in bad order may forbid any access to MI ETH A rule is applied to an IP frame if the following conditions occur P sender AND Mask Source P target AND Mask Destination The protocol matches the one indicated in the rule Eventually port matches the one s indicated in the rule There is two other parameters that you must define when you create a rule 66 XI 1 3 1 Bidirectionnal option The Bidirectionnal option create a reciprocal rule It is equivalent as the creation of a second rule with target value of the first rule as source and source value of the first rule as target WARNING This option is valide only in a Forward Firewall chain XI 1 3 2 Type Of Service TOS There are five Type of Service Minimum Delay Maximum Throughput Maximum Reliability Minimum Cost Standard These services allows in few cases to optimize connections Most of the time standard option is good enough Mostly used configurations are Minimun Delay for Telnet connections and Maximum throughput for data transfert with FTP 1 4 Examples UAL NOVELL DHCP i i EET ES 1 Ba Ba eR ds d 3 _
64. shed features You will find the following features with any MI ETH CD ROM contains RemoteCOM drivers Rawtty drivers and a few usefull softs Please read the readme html file for more information A power supply cable for 4 or 8 ports version only 1 3 Symbolics In all pictures of this documentation we will use the following symbols User manual Serial Ports Server a Ethernet Metwork LT E Aquisition de Portable computer Serial port server unction Raw Mode Terminal server X Remote access function router function Mux Mode function overview 1 2 ports MI ETH 2 provides 2 asynchronous ports on which you can connect passive terminals Thanks to MI ETH s integrated Telnet client every terminal will be able to open up to three sessions on the server Thanks to MI ETH s remote access server function you can perform a dial in PPP connection on each MI ETH s port It makes possible for a PPP compatible portable using a modem to connect to the company s network Thanks to the raw function of MI ETH you can connect printers or any other serial equipment bar code reader data acquisition system a s o Just run on your Unix server the rawtty application to redirect the in and out data flow of the specified communication port dev ttyx to one of MI ETH port RemoteCOM 15 provides the same function for Windows 95 98 NT systems Thanks to th
65. t in the main menu Create select Create Enter MI ETH s IP address ex 192 168 4 23 MI ETH s port number ex 7 WINDOWS device ex COM3 and connection s parameters Change select View amp Modify Delete select Delete Advanced Communication Server Administrator E Admin Explorateur RemoteCom Fen tres Aide Avanc e Keep alive D lai d ouverture Garder la connexion Reconnexion sur erreur Taille du huffer D lai inter carac Fax Class 1 Sync donn es signaux Opening timeout Default parameter is 10 secondes rarely modified WARNING You must add some timeouts created by the network Results of the connection trie can come after the open timeout delay 34 Keepalive Enables you to detect any error on the network link means that KEEPALIVE is stopped A too small value uselessly overloads the network 15 seconds is a good value Keep the connection The network connection will be established at start of RemoteCOM service The port will not be used by another station Restart connection if error Automatically restart connection with a delay of 10 seconds after a disconnection performed by remote MI ETH RemoteCOM will try to restart connection every 10 seconds Packet mode Synchronise application that is use RemoteCOM with data flow The data transmitted EV TXEMPTY WaitCommEvent label 18 right only when transmitted
66. t IP gt _address gt ROUTE ADD NET lt interface gt lt destination gt lt gateway gt lt netmask gt Example ROOT gt gt ifconfig ip ethO 192 168 1 11 Ok ROOT gt gt route add net 192 168 1 0 0 0 0 0 255 255 255 0 Ok ROOT gt gt ifconfig ip eth 192 168 2 22 Ok ROOT gt gt route add net eth 192 168 2 0 0 0 0 0 255 255 255 0 Ok To save your configuration parameters it is necessary to write it in permanent memory FLASH EPROM Enter the save command to do achieve this gt gt save Status Done gt gt IV 3 Configuration Netscape Internet Explorer can be configured text mode Console Telnet or in graphic mode The following pages of this manual excusively deal with a text mode configuration However all text mode commands have their equivalents in graphic mode To set up parameters in graphic mode you just need a web browser Netscape Internet Explorer and to enter MI ETH s IP address in URL field 14 7 ADVANCED 31 Microsoft Internet Explorer Fichier Edition Favors Outils 7 429 Precedente Arr ter Actualiser De manrage Rechercher Favors Historique Courrier Imprimer Editar Discussion Adresse amp http 132 158 1 252 cgi bin admin cqi page frame 01 23428201 33958293 cp DK Liens ADVANCED ADVANCED 31 configuration COMMURICATION SERV
67. t Telnet a t a BA ow client serveur E E i Telnet protocol has a client part linked to the terminal and a server part linked to the network server These 2 parts communicate through TCP IP whose physical support can be for example an Ethernet LAN MI ETH manages Telnet client part while server part is managed by the system server For example if the user wants to connect to the server myserver he will execute the following command gt telnet monserveur From now on the Telnet client will ask Telnet server to open a session on the system server Then Telnet client and server are going to converse together so that all characters entered with the keyboard will be transmitted to the open session on the system server As a consequence the server will return characters to display on the terminal screen 30 A Telnet session is open on TCP port 23 If you want to open a session on another port 1301 for example type the following command ROOT telnet monserveur 1301 V 3 Multi sessions Up to three Telnet sessions may be issued on one same terminal S essian 1 Welcome to XC 320 terminal server Enter username user TAGORE telnet serveur TAGORE telnet serveure TAGORE telnet ALT F2 ALT F4 ALT F1 ALT F3 ALT F1 ALT F1 Session 3 Session 4 Trying 200 1 1 1 ALT Trying 200 1 1 1 ALT F3 Trying 200 1 4 1 sarveu
68. tem RemoteCOM will warn you and then you will be able to choose the activation mode of RemoteCOM service You can change service activation mode service at any time with WINNT services control panel 35 Displaying RemoteCom service status Click on Service gt parameters Select COM port you want display Check log box if you want keep information in a file C RemoteCOM rc_log tet Be sure that RemoteCOM is not used by any application Click on Service gt Stop Click on Service gt Start to reset RemoteCOM with new parameters Click on Status gt View in the main menu CAUTION the visualized connections are the last takings into account by the RemoteOM service and not those which could be published previously 5 Etats RemoteC M 132 158 4 23 7 COM 3 20 777 lt lt Dc DaF 1128V R6 20 977 lt lt V7 03 0d 0a 0d 0aMDDEM CHIP ROCKWELL RC288DPi0d Da Dd DaFAX 21 177 lt lt CLASS 1 AND CLASS 2 0d 0s 0d Oa0K Od Oa ese ce isles ate iss ce neler DII eere ee ene eere wha ar prea eran are era anes Cii Exi ray cae ey Yi RR ae ay ee oe i Rn Y Sen Cp er aa ae es eae eae el eae T CERE UE rye err al eer FACT ZR CE Ee M In wa eral SS cR C RE M re e REM mae e e RE ln ACA ERI me hate Seat rant Yar
69. terminal or a terminal emulator 39 serial mode mux 1 mux 192 168 2 1 1 mux port 1 1 mux dsrredirect none 1 mux ctsredirect none 1 mux Show 1 Port Mode Sync Flush KAlive Remote IP port DCD gt DSR gt 192 168 2 1 1 none none ROOT gt gt serial show 1 Port Mode Speed FlowCtrl LineC Cs Par Stop ModemName Rtelnet TimeO mux 9600 soft local 8 none 1 40 VII 4 3 Configuration of server s side MI ETH ROOT gt gt serial mode raw 1 Ok ROOT gt gt mux dsrredirect none 1 Ok ROOT gt gt mux ctsredirect none 1 Ok ROOT gt gt mux show 1 Port Mode Sync Flush KAlive Remote IP port DCD gt DSR gt ROOT gt gt serial show 1 Port Mode Speed FlowCtrl LineC Cs Par Stop ModemName Rtelnet TimeO raw 9600 soft local 8 none 1 5 Example n 2 Remote management of a PLC by more than one technician solution 1 VII 5 1 Description Two technicians each have a terminal and they want to manage one after the other a PLC located on a remote TCP IP network 41 VII 5 2 Solution You cannot establish two mux TCP connections to the same destination port at the same time To solve this problem we will establish each mux TCP connection only when technician s terminal will be powered The technician must power off his terminal to permit the other technician to manage the PLC When a terminal is powered there is at least one signal activated RTS for a terminal or DTR for a term
70. un the ping command ROOT gt gt ping 192 168 1 20 adresse IP d une machine du r seau PING 192 168 1 20 192 168 1 20 56 data bytes 64 bytes from 192 168 1 20 seq 0 ttl 255 time 0 6 ms 64 bytes from 192 168 1 20 1cmp seq 1 ttl 255 time 38 2 ms 64 bytes from 192 168 1 20 1cmp seq 2 ttl 255 time 2 7 ms 64 bytes from 192 168 1 20 seq 3 ttl 255 time 2 7 ms 64 bytes from 192 168 1 20 seq 4 ttl 255 time 2 8 ms 192 168 1 20 ping statistics 5 packets transmitted 5 packets received 096 packet loss round trip min avg max 0 6 9 4 38 2 ms gt gt IV 4 4 Routing table Before sending an IP frame MI ETH consults its routing table order to find an entry indicating the route to use In the following example terminals connect to server thanks to MI ETH Note that the server is to be found on the sub network 192 168 1 0 at the address 192 168 1 2 and that MI ETH belongs to the sub network 792 168 2 0 at the address 192 168 2 2 A bridge helps to the interconnection of the two sub networks 182 168 1 2 _ 182 158 1 1 132 158 2 1 192 168 2 0 gt gt See cme 192 168 2 2 Figure 5 Network example make routing table 17 send IP frames to server you must necessarily inform that these frames run through the 192 168 2 1 router There are three manners for this The first consists in informing
71. workstation connects to the no TCP IP server through a Telnet session on MI ETH Under UNIX the command to execute will be telnet 192 168 1 1 2001 If you have an external modem online on one of MI ETH port you could temporarily use the Rtelnet mode to setup it from a remote site IX 2 Configuration The network port number that is attributed to the Telnet connection 1s like 20nn shaped nn is MI ETH port number declared in the Rtelnet mode This declaration 1s made with the command gt gt serial mode rtelnet ROOT gt gt reset port 1 It is possible to change TCP port number assigned to one MI ETH port To achieve this enter serial rtelnet 2004 1 In our example port number 2004 15 associated to port 1 To know what TCP port numbers are assigned to MI ETH ports enter IX 3 Rtelnet Pool If you assign the same TCP port number to a group of asynchronous ports you can create a rtelnet pool The Telnet client will connect to the first available asynchronous port Example ROOT gt gt serial rtelnet 2001 12345678 Asynchrone PPP Mode X 1 Introduction The PPP Point to Point Protocol protocol provides a transmission method for IP datagram on serial connections This enables an interconnection of two remote networks or more simply connection of a remote host to a network The serial connection can commute through public network systems PSTN ISDN that 1s wh
72. y be required to take adequate measures III 5 2 2 General note The hardware and software described in this document may change without warning The information in this document may change without warning ACKSYS reserves itself the right to revise this publication without having to provide notification for such revisions Aslong as reasonable precautions have been taken ACKSYS assumes no responsibility for errors that may appear in this document No part of this publication may be copied or reproduced in any form or by means without prior written consent of ACKSYS Windows and Microsoft Windows are trademarks of Microsoft Corporation Ethernet 1s a trademark of the Xerox corporation Netscape 15 a trademark of Netscape Communications Corporation other brand and product names and trademarks mentioned herein are trademarks of their respective owners 12 IV Configuration IV 1 Introduction The three ways to configure your MI ETH are With an asynchronous terminal or a terminal emulator connected to one of its serial ports From another network host using Telnet protocol From a web browser Netscape Internet Explorer Before using Telnet or HTTP protocols you just need to fix IP address This can be made with Administrator or with a terminal Before reaching the mode of configuration login and a password are required it 15 about root root IV 2 Entering IP adress IV 2 1
73. y this protocol provides a double level of security with PAP Password Authentication Protocol and CHAP Challenge Handshake Authentication Protocol MI ETH can accept a PPP connection Dial IN This property gives MI ETH a remote access server function X 2 PAP and CHAP authentication PAP 15 similar to the Unix password system The client introduces itself by providing MI ETH with a user name and a password These are compared to the ones defined in MI ETH user forms With CHAP MI ETH sends a challenge to the client for an authentication this 1s a generated random chain of characters sent with its host name The client has to use the name to find the corresponding code to combine it with the chain and to encrypt the chain The result 15 sent back to MI ETH with the client machine name MI ETH computes these informations and in matching case authorizes the access to the client Moreover CHAP sends challenges regularly during the communication to insure that the machine has not been replaced by another X 3 PPP connection setup MI ETH uses the concept of PPP form which includes the totality of the necessary parameters for the definition of a PPP connection If the administrator wants to define for example PPP output connections Dial OUT and PPP input connections Dial IN he will create a different form for each of these two configurations The creation of PPP forms 15 detailed paragraph X 6 PPP form X 4 Dial IN
Download Pdf Manuals
Related Search