Server User Manual

ManualsBrandsPerle Systems ManualsServer5500161-40

211

212

213

214

215

216

217

218

219

220

Table Of Contents

SDS/SCS/STS/MDC User’s Guide
Table of Contents
Preface
- About This Book
- Intended Audience
- Documentation
- Typeface Conventions
- Online Help
Introduction
- About the IOLAN
- IOLAN Family Models
- IOLAN Features
Hardware and Connectivity
- Introduction
- IOLAN Components
- Power Supply Specifications
- Getting to Know Your IOLAN
- Powering Up the IOLAN
Configuration Methods
- Introduction
- Configuration Methods Overview
  - Configures an IP Address
  - Requires a Configured IP Address
- Easy Config Wizard
- DeviceManager
- WebManager
- Command Line Interface
- Menu
- DHCP/BOOTP
- SNMP
- IOLAN+ Interface
Getting Started
- Introduction
- Easy Configuration Wizard
- Setting Up the Network
- Setting Up the Serial Port(s)
- Setting Up Users
Using DeviceManager and WebManager
- Introduction
- Navigating DeviceManager/WebManager
- Using DeviceManager to Connect to the IOLAN
- Using WebManager to Connect to the IOLAN
  - Logging into the IOLAN
- Configuration Files
- Managing the IOLAN
Network Settings
- Introduction
- IP Settings
- Advanced
Configuring Serial Ports
- Introduction
- Serial Ports
  - Overview
  - Functionality
- Serial Port Profiles
- Port Buffering
- Advanced
Configuring Users
- Introduction
- User Settings
  - Overview
  - Functionality
- Adding/Editing Users
Configuring Security
- Introduction
- Authentication
- SSH
- SSL/TLS
- VPN
- Services
- Keys and Certificates
Configuring I/O Interfaces
- Introduction
- Settings
- Channels
- I/O UDP
  - UDP Unicast Format
  - UDP Unicast Example
- I/O Modbus Slave
- Modbus I/O Access
- TruePort I/O
  - TruePort/Modbus Combination
  - API Over TruePort Only
- Accessing I/O Data Via TruePort
- I/O SNMP Traps
Configuring Clustering
- Introduction
- Clustering Slave List
Configuring the Option Card
- Introduction
- Option Card Settings
  - Overview
  - Functionality
- Configuring the IOLAN Modem Card
- Configuring a Wireless WAN Card
  - Overview
  - Field Descriptions
Configuring the System
- Introduction
- Alerts
  - Email Alerts
  - Syslog
- Management
Controlling the RPS, I/O Channels, and IPsec Tunnels
- Introduction
- RPS Control
- Serial Port Power Control
  - Overview
  - Field Descriptions
- I/O Channels
  - Overview
- IPsec Tunnel Control
System Administration
- Introduction
- Managing Configuration Files
- Downloading IOLAN Firmware
- Calibrating I/O
- Setting the IOLAN’s Date and Time
- Rebooting the IOLAN
- Resetting the IOLAN to Factory Defaults
- Resetting the SecurID Node Secret
- Language Support
- Downloading Terminal Definitions
  - Creating Terminal Definition Files
- Resetting Configuration Parameters
- Lost Admin Password
Applications
- Introduction
- Configuring Modbus
- Configuring PPP Dial On Demand
- Setting Up Printers
- Configuring a Virtual Private Network
RADIUS and TACACS+
- Introduction
- RADIUS
- TACACS+
SSL/TLS Ciphers
- Introduction
- Valid SSL/TLS Ciphers
Virtual Modem AT Commands
- Virtual Modem Initialization Commands
Pinouts and Cabling Diagrams
- Serial Pinouts
- Power Over Ethernet Pinouts
- EIA-232 Cabling Diagrams
  - Terminal DB25 Connector
  - Modem DB25 Connector
Setting Jumpers
- Introduction
I/O Wiring Diagrams
- Wiring I/O Diagrams
Utilities
- Introduction
- TruePort
- API I/O Access Over TruePort
  - API Request Format
  - API Response Format
- Decoder
Accessories
- Introduction
- Installing a Perle PCI Card
- Starter Kit (Adapters/Cable)
- SCS48C/SCS32C/SCS16C/SCS8C Starter Kit (Adapters/Cable)
Troubleshooting
- Introduction
- Hardware Troubleshooting
  - Power/Ready LED Labels
- Communication Issues
- DeviceManager Problems
- Host Problems
- RADIUS Authentication Problems
- Login Problems
- Problems with Terminals
- Unknown IP Address
- DHCP/BOOTP Problems
- Callback Problems
- Language Problems
- Modem Problems
- PPP Problems
- Printing Problems
- Long Reboot Cycle
- SSL/TLS
- I/O Models
- IPv6 Issues
- Contacting Technical Support
  - Making a Technical Support Query
  - Repair Procedure
  - Feedback on this Manual
Glossary
Index

IOLAN SDS/SCS/STS/MDC User’s Guide, Version 4.0 213

Configuring Security Chapter 9

Introduction

The Security group includes the following configuration options:

z Authentication—When a serial port is configured for the

Console Management or TCP Sockets profile, the user can be

authenticated either locally in the IOLAN user profile or

externally. This option configures the external authentication

server. See

Authentication on page 213 for more information.

z SSH—This configuration window configures the SSH server in

the IOLAN. See

SSH on page 223 for more information.

z SSL/TLS—This configuration window configures global

SSL/TLS settings, which can be overridden on the serial port

level. See

SSL/TLS on page 226 for more information.

z VPN—This configuration window configures the Virtual Personal Network (VPN) IPsec and

L2TP/IPsec tunnel parameters. See

VPN on page 231 for more information.

z Services—This configuration window is used to enable/disabled client and daemon services that

run in the IOLAN. See

Services on page 240 for more information.

Authentication

Authentication can be handled by the IOLAN or through an external authentication server.

Authentication is different from authorization, which can restrict a user’s access to the network

(although this can be done through the concept of creating sessions for a user, see

Sessions Tab on

page 209 for more information). Authentication ensures that the user is defined within the

authentication database—with the exception of using the Guest authentication option under Local

Authentication

, which can accept any user ID as long as the user knows the configured password.

For external authentication, the IOLAN supports RADIUS, Kerberos, LDAP, TACACS+, SecurID,

and NIS. You can specify a primary authentication method and a secondary authentication method. If

the primary authentication method fails (cannot connect to the server or authentication fails), the

secondary authentication method is tried (unless you enable the

Only Use as backup option, in

which case the secondary authentication method will be tried only when the IOLAN cannot

communicate with the primary authentication host). This allows you to specify two different

authentication methods. If you do specify two different authentication methods, the user will be

prompted for his/her username once, but will be prompted for a password for each authentication

method tried. For example, user Alfred’s user ID is maintained in the secondary authentication

database, therefore, he will be prompted for his password twice, because he is not in the primary

authentication database.

Unlike the other external authentication methods, RADIUS and TACACS+ can also send back Serial

Port

and User parameters that are used for the duration of the connection. Therefore, any parameters

configured by RADIUS or TACACS+ will override the same parameters configured in the IOLAN.

See

Appendix A, RADIUS and TACACS+ on page 347 for more information.