Perle Systems SCS, STS SSL/TLS

SSL/TLS

216 IOLAN SDS/SCS/STS User’s Guide, Version 3.6

SSL/TLS

Overview

When SSL/TLS is configured, data is encrypted between the IOLAN and the host/device (which must

also support SSL/TLS). When you configure the SSL/TLS settings in the System section, you are

configuring the default global SSL/TLS settings; you are not configuring an SSL/TLS server.

Functionality

You can create an encrypted connection using SSL/TLS for the following profiles: TruePort, TCP

Sockets, Terminal (the user’s Service must be set to SSL_Raw), Serial Tunneling, Virtual Modem,

and Modbus.

When configuring SSL/TLS, the following configu rati on options are available:

zYou can set up the IOLAN to act as an SSL/TLS client or server.

zThere is an extensive selection of SSL/TLS ciphers that you can configure for your SSL/TLS

connection; Appendix B, SSL/TLS Ciphers on page 347 for a list of SSL/TLS ciphers.

zYou can enable peer certificate validation, for which you must supply the validation criteria that

was used when creating the peer certificate (this is case sensitive).

Break String The break string used for inband SSH break signal processing. A break signal

is generated on a specific serial port only when the server's break option is

enabled and the user currently connected using reverse SSH has typed the

break string exactly.

Field Format: maximum 8 characters

Default: ~break, where ~ is tilde

Enable Verbose

Output Displays debug messages on the terminal.

Default: Disabled

Allow Compr e ssion Requests compression of all data. Compression is desirable on modem li nes

and other slow connections, but will only slow down things on fast networks.

Default: Disabled

Note: See Keys and Certificates on page 232 for informati on about SSL/TLS support documents.

Contents

Main Page Table of Contents Preface ...............................................................................25 Chapter 1 Introduction......................................................27 Chapter 2 Hardware and Connectivity ............................31 Power Supply Specifications ....................................................32 Chapter 3 Configuration Methods ...................................43 DeviceManager........................................................................... 46 WebManager............................................................................... 49 Command Line Interface........................................................... 52 Menu............................................................................................ 53 DHCP/BOOTP............................................................................. 55 Chapter 4 Getting Started.................................................65 Chapter 5 Using DeviceManager and WebManager.......73 Chapter 6 Network Settings .............................................81 Chapter 7 Configuring Serial Ports ...............................103 Serial Port Profiles ...................................................................106 Page Page Port Buffering........................................................................... 183 Advanced.................................................................................. 186 Chapter 8 Configuring Users .........................................191 Adding/Editing Users .............................................................. 193 Chapter 9 Configuring Security .....................................203 SSH ............................................................................................213 SSL/TLS .................................................................................... 216 VPN............................................................................................ 221 Services .................................................................................... 230 Chapter 10 Configuring I/O Interfaces...........................235 Channels ...................................................................................243 I/O UDP...................................................................................... 264 I/O Modbus Slave..................................................................... 267 I/O SNMP Traps........................................................................ 279 Modbus I/O Access.................................................................. 268 TruePort I/O .............................................................................. 273 Chapter 11 Configuring Clustering................................281 Chapter 12 Configuring the Option Card ......................285 Chapter 13 Configuring the System ..............................289 Management............................................................................. 292 IPsec Tunnel Control............................................................... 307 Serial Port Power Control ....................................................... 305 I/O Channels............................................................................. 306 Chapter 15 System Administration................................309 Chapter 16 Applications .................................................321 Appendix A RADIUS and TACACS+..............................335 Appendix B SSL/TLS Ciphers ........................................347 Appendix C Virtual Modem AT Commands ..................349 Appendix D Pinouts and Cabling Diagrams .................351 Appendix E Setting Jumpers .........................................361 Introduction.............................................................................. 361 Appendix F I/O Wiring Diagrams ...................................369 Wiring I/O Diagrams................................................................. 369 Appendix G Utilities ........................................................375 Appendix H Accessories ................................................379 Appendix I Troubleshooting...........................................393 Page Preface About This Book Intended Audience Documentation Typeface Conventions Online Help Introduction About the IOLAN IOLAN Family Models IOLAN Features Hardware Software Accessing the IOLAN General Features Advanced Features Security Hardware and Connectivity IOLAN Components Whats Included What You Need to Supply Available Accessories Power Supply Specifications Desktop Models Power Over Ethernet (PoE) Models I/O Models Rack Mount Models Getting to Know Your IOLAN 1-Port 2-Port 4-Port I/O Top View End View Rack Mount Console/Serial Switch Console Mode Serial Mode Dedicated Console Port: Rack Mount Models Powering Up the IOLAN Desktop/Rack Mount Models +- I/O Models 9-30 VDC Left Right DC Power Models Page Page Configuration Methods Configuration Methods Overview Configures an IP Address Requires a Configured IP Address Easy Config Wizard DeviceManager Connecting to the IOLAN Using DeviceManager Page Using DeviceMana ger WebManager Connecting to the IOLAN Using WebManager Using WebManager Command Line Interface Connecting to the IOLAN Using the CLI Through the Network Through the Serial Port Using the CLI Menu Connecting to the IOLAN Using the Menu Using the Menu DHCP/BOOTP Connecting to the IOLAN Using DHCP/BOOTP Using DHCP/BOOTP DHCP/BOOTP Parameters SNMP Connecting to the IOLAN Using SNMP Using the SNMP MIB IOLAN+ Interface Connecting to the IOLAN to Use the IOLAN+ Interface Using the IOLAN+ Interface Changes to the IOLAN+ Interface Page Page Page Page Getting S t arted Easy Configuration Wizard Setting Up the Network Using DeviceMana ger Using WebManager Using a Direct Serial Connection to Specify an IP Address Using a Direct Serial Connection to Enable BOOTP/DHCP Using ARP-Ping For an IPv6 Network Setting Up the Serial Port(s) Page Setting Up Users Using DeviceManager and W ebManager Navigating DeviceManager/WebManager DeviceManager WebManager EasyPort Web Using DeviceManager to Connect to the IOLAN Starting a New Session Assigning a Temporary IP Address to a New IOLAN Adding/Deleting Manual IOLANs Logging in to the IOLAN Using WebManager to Connect to the IOLAN Logging into the IOLAN Configuration Files Creating a New IOLAN Configuration in DeviceManager Opening an Existing Configuration File Managing the IOLAN Network Settings IP Settings IPv4 Settings IPv6 Settings Page Adding/Editing a Custom IPv6 Address Page Page Advanced Host Table Adding/Editing a Host Route List Adding/Editing Routes DNS/WINS Editing/Adding DNS/WINS Servers RIP Page Dynamic DNS Account Settings Page Adding/Editing a Cipher Suite Page IPv6 Tunnels Adding/Editing an IPv6 Tunnel Page Configuring Serial Port s Serial Ports Page Copying a Serial Port Resetting a Serial Port Serial Port Profiles Common Tabs Hardware Tab Field Descriptions Page Email Alert Tab Field Descriptions Packet Forwarding Tab Field Descriptions Page Page SSL/TLS Settings Tab Field Descriptions Page Adding/Editing a Cipher Suite Page Console Management Profile Page Page TruePort Profile Page Adding/Editing Additional TruePort Hosts Page Page Page TCP Sockets Profile Page Adding/Editing Additional Hosts Page Page Page UDP Sockets Profile Page Terminal Profile Page Page Page Page User Service Settings Login Settings Telnet Settings Rlogin Settings SSH Settings SLIP Settings Page PPP Settings Page Page Page Page Printer Profile Serial Tunneling Profile Page Virtual Modem Profile Page Page Page Phone Number to Host Mapping VModem Phone Number Entry Control Signal I/O Profile Input Signal Field Descriptions Page Output Signal Field Descriptions Modbus Gateway Profile Page Advanced Field Descriptions Page Adding/Editing Modbus Slave IP Settings Modbus Slave Advanced Settings Field Descriptions Power Management Profile Editing Power Management Plug Settings Field Descriptions Remote Access (PPP) Profile Page Page Authentication Tab Field Descriptions Page Dynamic DNS Field Descriptions Page Page Page Remote Access (SLIP) Profile Page Page Custom Application Profile General Tab Field De scription Port Buffering Local Port Buffering Remote Port Buffers Field Definitions Page Advanced Advanced Serial Settings Tab Page Modems Tab TruePort Baud Rate Tab Page Configuring Users Page Adding/Editing Users General Tab Page Services Tab Page Advanced Tab Page Sessions Tab Page Serial Port Access Tab Page Configuring Security Authentication Authentication Local RADIUS General Field Descriptions Attributes Field Descriptions Kerberos LDAP TACACS+ SecurID NIS SSH Users Logging into the IOLAN Using SSH Users Passing Through the IOLAN Using SSH (Dir/Sil) Page SSL/TLS Page Page Adding/Editing a Cipher Page VPN IKE Phase 1 Proposals ESP Phase 2 Proposals IPsec Adding/Editing the IPsec Tunnel Page Shared Secret Field Description Remote Validation Criteria Field Descriptions L2TP/IPsec Exceptions Adding/Editing a VPN Exception Field Description Services Page Keys and Certificates Page Page Configuring I/O Interfaces Settings I/O Access Functionality Advanced Slave Modbus Settings Page Failsafe Timer Functionality UDP Functionality I/O UDP Settings Temperature Functionality Channels Analog Page Digital Input Page Page Digital Output Page Page Relay Page Digital I/O Extension Page Digital Input/DSR/DCD/CTS Digital Output/Relay/DTR/RTS Page Adding/Editing Additional Hosts Page Temperature Page Alarm Settings Basic Analog Alarm Settings Advanced Analog Alarm Settings Page I/O UDP UDP Unicast Format UDP Broadcast Packet Analog Section Digita l/Relay Section Serial Pin Signal Section UDP Unicast Example I/O Modbus Slave Modbus Serial Application Connected to the Serial Port Modbus Serial Application Connected to the Network Modbus TCP Application Modbus I/O Access Function Codes I/O Coil/Register Descriptions Serial Port Coil/Register Descriptions A4/T4 Registers A4D2/A4R2 Registers D4/D2R2 Registers Serial Pin Signals TruePort I/O TruePort/Modbus Combination API Over TruePort Only Accessing I/O Data Via TruePort Introduction Setup Format of API Commands Get Commands Response Format Command Format Set Commands Command Format Successful Response Format Unsuccessful Response Format Error Codes I/O SNMP Traps Page Configuring Clustering Clustering Slave List Adding Clustering Slaves Advanced Clustering Slave Options Editing Clustering Slave Settings Page Configuring the Option Card Option Card Settings Configuring the IOLAN Modem Card Configuring a Wireless WAN Card Page Page Configuring the System Alerts Email Alerts Page Syslog Management SNMP Page Time Network Time Tab Field Descriptions Time Zone/Summer Time Tab Field Descriptions Custom App/Plugin Field Description Login Tab Field Descriptions Bootup Files Tab Field Descriptions Message of the Day (MOTD) Tab Field Descriptions TFTP Tab Field Descriptions Console Port Tab Field Descriptions Page Controlling the RPS, I/O Channels, and IPsec Tu n n e l s RPS Control Plug Control Serial Port Power Control Power Plug Status I/O Channels IPsec Tunnel Control Page System Administration Managing Configuration Files Saving Configuration Files Downloading Configuration Files Downloading Configuration Files to Multiple IOLANs Uploading Configuration Files Specifying a Custom Factory Default Configuration Resetting the IOLAN to the Original Factory Default Configuration Downloading IOLAN Firmware Calibrating I/O Calibrating Analog Input Calibrating Voltage Calibrating Current Calibrating Temperature Input Calibrating Thermocouple Calibrating RTD Calibrating Analog Channels Resetting Calibration Data Setting the IOLANs Date and Time Rebooting the IOLAN Resetting the IOLAN to Factory Defaults Resetting the SecurID Node Secret Language Support Loading a Supplied Language Translation Guidance Software Upgrades and Language Files Downloading Terminal Definitions Creating Terminal Definition Files Resetting Configuration Parameters Lost Admin Password Applications Configuring Modbus Configuring a Master Gateway Configuring a Slave Gateway Modbus Gateway Settings Modbus Master Gateway Modbus Slave Gateway Modbus Serial Port Settings Modbus Master Settings Modbus Slave Settings Configuring PPP Dial On Demand Setting Up Printers Remote Printing Using LPD Remote Printing Using RCP Remote Printing Using Host-Based Print Handling Software Configuring a Virtual Private Network IOLAN-to-Host/Network Page Network-to-Network Host-to-Host Page VPN Client-to-Network Page RADIUS and T ACACS+ A Introduction RADIUS Supported RADIUS Parameters Page Page Accounting Message Mapped RADIUS Parameters to IOLAN Parameters Perle RADIUS Dictionary Example Page TACACS+ Accessing the IOLAN Through a Serial Port Users Page Accessing the IOLAN Through a Serial Port User Example Settings Accessing the IOLAN from the Network Users Accessing the IOLAN from the Network User Example Settings SSL/TLS Ciphers B Valid SSL/TLS Ciphers Page Virtual Modem AT Commands C Virtual Modem Initialization Commands Page Pinouts and Cabling Diagrams D Pin 1 Pin 14 Pin 25 DB25 Female Pin 13 Pin 1 Pin 25 Pin 14 RJ45 RJ45 SCS48C/SCS32C/SCS16C/SCS8C DB9 Male (Serial Only) DB9 Male I/O Power Over Ethernet Pinouts EIA-232 Cabling Diagrams Terminal DB25 Connector DB25 Female DB25 Male RJ45 DB9 Male Modem DB25 Connector DB25 Male RJ45 DB9 Male Page Setting Jumpers E 1-Port IOLAN DB25 Male/Female 1-Port IOLAN RJ45 1-Port IOLAN RJ45 P (Power Over Ethernet) 1-Port IOLAN DB9 2-Port IOLAN SDS1M (Modem) 2-Port IOLAN 2-Port IOLAN RJ45 P (Power Over Ethernet) 4-Port Desktop IOLAN Digital I/O Module Analog Input Module Page I/O W iring Diagrams F Wiring I/O Diagrams Digital I/O Digital Input Wet Contact Digita l Output Sink Digita l Output Source Analog Input Current Voltage Temperature Input Thermocouple RTD 2-Wire RTD 3-Wire RTD 4-Wire Relay Output Normally Open Contact Normally Closed Contact Page Utilities G TruePort Network API I/O Access Over TruePort API Request Format API Response Format Error Codes Decoder Page Accessories H Installing a Perle PCI Card Page Page Starter Kit (Adapters/Cable) RJ45F to DB25M DTE Crossover Adapter RJ45F to DB25M DCE Modem Adapter RJ45F to DB25F DTE Crossover Adapter RJ45F to DB9M DTE Crossover Adapter RJ45F to DB9F DTE Crossover Adapter Sun/Cisco RJ45M Connector Cable for Rack Mount Models SCS48C/SCS32C/SCS16C/SCS8C Starter Kit (Adapters/Cable) RJ45F to DB25M DTE Crossover Adapter RJ45F to DB25M DCE Modem Adapter RJ45F to DB25F DTE Crossover Adapter RJ45F to DB9M DTE Crossover Adapter RJ45F to DB9F DTE Crossover Adapter Sun/Cisco Roll-Over Adapter for Rack Mount Models Page T roubleshooting I Hardware Troubleshooting Communication Issues DeviceManager Problems Host Problems RADIUS Authentication Problems Login Problems Problems with Terminals Unknown IP Address DHCP/BOOTP Problems Callback Problems Language Problems Modem Problems PPP Problems Printing Problems Long Reboot Cycle SSL/TLS I/O Models IPv6 Issues Contacting Technical Support Making a Technical Support Query Who To Contact Have Your Product Information Ready Making a support query via the Perle web page Repair Procedure Feedback on this Manual Glossary Page Index A B C D I J K L M R S T U V