Silex technology Server SX-500-1402 User's Manual
Contents
1. AAA E El Damj SOB er Jm ae oaae ol or Be tee Os Ge Bs Bs 4 099906 JD ZS om Configuring the Serial Device Server Select the appropriate wireless encryption mode and enter the required settings check with your network administrator for the proper settings if you do not know them Appendix A lists the possible encryption settings Click the Submit button at the bottom of the window you may need to scroll to save your changes To enter the Authentication Server root signing certifcate click on Configure Authentication Server Certificate Enter the filename containing the CA key certificate used for the Authentication Server public key Use the browse button if desired Click submit to send the certificate to the SX 500 To load SX 500 RSA public and private keys return to the Network Security page and click on Configure Private Key If you are entering an externally generated key pair enter the file name and PEM passphrase if required in the upper form on the page Click submit to send the key data to the SX 500 Ifthe private key and public key certificate are in separate files this will need to be done twice If you wish to have the SX 500 generate the private key public key self signed certificate pair for you enter the desired information for the public key certificate in the second form on the page and click on submit When the generation operation is complete the public key certificate2. Console Commands Sets system contact string The default value is null Format SET SNMP CONtact Sets system location string The default value is null Format Displays serial number of the unit Sample output Serial number is 9047595 Shows server parameters Sample output Serial Server Serial Address 00 40 17 8A 0E lt string gt SET SNMP LOCation lt string gt 9047595 Number 0 Identification Enabled Characteristics Link DOWN Shows server network statistics Sample output Seconds Since Zeroed 163 Bytes Received 72950 Bytes Sent 18726 Frames Received 752 181 Bytes Rev d 64474 2406 Frames Sent Multicast Multicast Bytes Sent Multicast Frames Rev d 626 Multicast Frames Sent 11 Frames Sent Deferred 2014 Silex Part Number 140 00188 210A 2B Name TWC_8A0E Network Server Frames Sent 1 Collision 26 Frames Sent 2 Collision 5 Send Failures 0 Send Failure Reasons 0 Receive Failures 503 Receive Failure Reasons 1 Unrecognized Destination 0 Data Overrun 0 User Buffer Unavailable 0 System Buffer Unavailable 1 Page 48 Command Description SH VErsion ZEROKEYS Shows firmware version of print server Protocols supported NetBIOS SNMP TCP IP EMail DHCP Sample output serial server Firmware Ver 4 19 2004 10 31 Boo
3. Sets the WLAN WEP key entry to the specified hex value For WEP128 the key is 10 hex characters long for WEP128 the key is 26 hex characters long the default value is null Format S EYVAL lt key gt Sets WLAN mode The possible modes are Infrastructure and Ad Hoc the default value is Ad Hoc Format SET NW MOde lt mode gt Shows wireless operating mode Sample output Wifi mode AD HOC 802 11 Shows the selected radio mode of operation Sample output Radio mode is 802 11b g Sets maximum WLAN speed Possible values are 54 48 36 24 18 12 11 9 6 5 5 2 and 1 the default value is 54 Format SET NW SPeed Show the maximum wireless data speed in megabits per second Sample output Speed 54 Sets WLAN SSID The default value is serserv Format SET NW SSid lt name gt Clears SSID value and allows the server to connect to any AP Format CL NW SSid Sets WLAN BSSID to connect to a specific access point s mac address Format SET NW BSsid lt value gt Silex Page 42 Part Number 140 00188 210A Command Description CL NW BSsid Clears BSSID value and allows the server to use SSID not a specific AP Format CL NW BSsid SET NW RTS Sets WLAN RTS threshold The possible values are between 1 and 3000 the default value is 2432 Format ET NW RTS SH NW RTS Shows wireless RTS threshold Sample output Wifi RTS Threshold 2432 SH NW STATS Shows network
4. If n 0 any connection to a remote host is dropped Other value of n is ignored Exits command mode and places the serial port in the data mode Disconnect Return to data mode All subsequent data is sent to the network application if connected until an enter command mode sequence is received Any value of n is ignored if present Quiet mode If n 1 no result codes are returned If n 0 result codes are returned to the local device 0 is the reset default value nn nr NN returned in numerical form If n 1 results are returned as text 1 is the reset Parameter Command Description default value Table 6 Extended AT Commands Console pass through AT C lt string gt Passes the string to the server configuration console The string can be any valid console command Refer to your server documentation for console commands available on your unit Since this command does not follow the normal AT command format of lt command gt lt number gt it must be the last command on the line unless the next command is a command All characters up to the end of line or a F will be considered part of the console command If console quiet mode is not is enabled then the response will be the standard console task response Example AT Cset nw ssid silex Csave Console Quiet mode Ifn 0 a response to a HC command is given If n 1 the response is not provided The default after resetis 1 Page 30 Silex
5. Standard modem dialing command redefined to Command initiate an internet connection to a remote computer Indicates the IP address of the target and optionally the TCP port number to use for connection The T or P option ATDT or ATDP can be present and has no effect If present the IP address must be exactly 12 decimal digits with 3 for each byte of the address If no IP address is given then the ECable destination address defined for the port is used If the destination TCP port is defined it is separated from the IP address by a character and is 1 to 5 decimal digits If TCP port is defined the ECable destination port defined for the serial port is used If the destination port is O the standard Telnet port 23 is used If the destination string ends with a semicolon the server remains in the command mode not the data mode once a connection is made In command mode data is not passed from the remote computer so data could be lost if the unit stays in command mode If the connection cannot be attempted NO CARRIER status is returned If the connection attempt fails NO ANSWER status is returned If the connection succeeds CONNECT status is returned Advanced Configuration Silex Page 29 Part Number 140 00188 210A Parameter Command Description Echo control ATEn If n 0 commands are not echoed If n 1 subsequent commands will be echoed The default upon unit reset is for no echo ATEO
6. silex technology SX 500 1402 Serial Device Server Cryptographic Officer Guidance Manual Part Number 140 00188 210A 2009 Silex Technology America Inc All rights reserved June2009 Silex Technology America SPECIFICALLY DISCLAIMS THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS OF THIS PRODUCT FOR A PARTICULAR PURPOSE Silex shall not be liable for any errors contained in this manual or for any damages resulting from loss of use data profits or any incidental or consequential damages arising from the use of SILEX products or services The information contained in this documentation is subject to change without notice Information and descriptions contained herein are the property of Silex Such information and descriptions may not be copied disseminated or distributed without the express written consent of Silex This publication is subject to change without notice The firmware embedded in this SX 500 serial device server includes the eCos operating system eCos and certain other software programs used in the SX 500 are licensed under GNU GPL compatible Free Software Licenses with the eCos exception clause In compliance with these licenses you can obtain the relevant source code at no charge by contacting Silex at support silexamerica com Trademarks All company or product names referenced in this document may be trademarks or registered trademarks of their respective owners Silex Technology America Inc www
7. SET SERVI lt service name gt POrt SET SERVI lt service name gt PRlority SH SERVI PRI service_num SET SERVI lt service Console Commands Service Name Filter TWC_FEFFEFEE No Filter BINARY P1 No Filter Text Substitution m LF r CRLF WC_FFFFFF Pl 4 No Filter WC_FFFFFF Pl 5 No Filter 0 0 TEXT Pl alte 0 0 4 WC FFFFFF Pl AT PostScript Tagged Binary Sets filter 1 text replacement match string index If the index is zero the default string of lt LF gt line feed is used The default value is 0 Format SE ERVI lt service name gt FRM nn Sets filter 1 text replacement replace string index If the index is zero the default string of lt CRLF gt carriage return line feed is used The default value is 0 Format SE ERVI lt service name gt FRS nn Enables or disables IP based jobs such as Ipd raw tcp and ftp on the service The default value is enabled for service 1 and 2 disabled for all others Format SE ERVI lt service name gt IP ENable DIsable Changes service name The default value varies by service Format SET SERVI lt service name gt NAm lt newname gt Sets output port associated with a service The default value is S1 Format SE ERVI lt service name gt POrt lt portname gt Sets priority for service for multiple service transmissions simultaneously The default
8. string The deprecated command SH NW TTRE also returns this data Sample output Somewhere Enable or disable WPA group key mode If enabled group keys can be used for data link encryption The default value is disabled Sample output SET NW WPAGROUP ENABLE DISABLE NOTE For FIPS 140 2 approved operation this parameter must be DISABLED Shows state of WPA auto connect flag Sample output WPA AUTO Enabled Shows state of the allow WPA group keys flag Sample output WPA GROUP Disabled Sets WPA PSK pass phrase or hex key This value is only used if the authentication mode is WPA PSK or WPA2 PSK The argument to this command is exactly 64 hex characters representing the 256 bit PSK value Format SET NW WPAPSK lt key gt Silex Page 45 Part Number 140 00188 210A Command Description SET NW Sets WPA trace level WPATRACE This command is for internal diagnostic purposes only The default value is O or disabled Format SET NW WPATRACE nn NOTE For FIPS 140 2 approved operation this parameter must be 0 SH NW DISCONN Displays the current value of the network disconnection timer Sample output Disconnect Timer 5 SET NW Sets the period of the network link disconnection watchdog timer In wireless DISCONN infrastructure mode this timer monitors the wireless link and if the unit is not connected to an AP for the time specified the unit is reset SET NW DISCONN nn N 0 watch
9. 0 0 0 Format SET LOAd IP aa bb cc dd Sets filename on host for TFTP get update Format SET LOAd SOftware lt filename gt Initiates firmware update using TFTP get operation The TFTP server address must be set using SET LOAd IP and the filename using SET LOAd SOftware The server will reset after the firmware update is completed Format SET LOAd TFTP Initiates firmware update using the XModem protocol on the serial console The server will reset after the firmware update is completed Format SET LOAd XModem Shows the firmware update parameters Sample output Firmware load is disabled Load Host IP 0 0 0 0 Software file xxxx bin Load Host Name Silex Page 57 Part Number 140 00188 210A Miscellaneous Commands Table 18 Miscellaneous Commands Command Description SET DEFAULT Set parameters to factory defaults EXIT This command exits the current configuration console session SH FATal Shows fatal error log if fatal errors exist CL FATal Clears the fatal error log INIT Instructs the server to execute a soft reset when the next exit command is executed SET PAssword Sets the server access read password SET POWERON Sets Power on delay SH POWERON Displays Power on delay in seconds SET PROTect Sets update password to the string given If set no configuration values can be changed unless this password has been provided CL PROTect Sets update password to lt null gt
10. 2 approved mode the console is not available via the serial port If you have a Serial Device Server wireless model Silex recommends that you temporarily plug the Serial Device into a wired Ethernet network during the configuration process Although it is possible to configure the Serial Device Server with a completely wireless setup it is much simpler to perform the process using a wired Ethernet connection This is primarily because the wireless security on most wireless networks prevents the addition of a new wireless device unless all security parameters are first entered into that device As a result you must set up a temporary dedicated ad hoc wireless network in order to configure the Serial Device Server in a completely wireless environment refer to the step 4 in the First Time IP Address Configuration section of this chapter for instructions on how to set up the Serial Device Server using a completely wireless Ad Hoc environment This is required when entering security encryption keys RSA private key or WPA2 PSK Configuring the Serial Device Server using each of the above methods is described in the following sections of this chapter Page 12 Silex Configuring the Serial Device Server Part Number 140 00188 210A First Time IP Address Configuration NOTE Skip this section if you have already configured the SX 500 IP address If you are configuring the Serial Device Server from a non Windows computer or if you cannot use a
11. 8 8 Flow Flow control None XON XOFF None CTS RTS Parity Parity None Even Odd None Mark Space Speed Baud rate of bits per second 300 600 1200 2400 3600 4800 7200 9600 14400 19200 119200 38400 57600 76800 115200 230400 460800 921600 Page 26 Silex Advanced Configuration Part Number 140 00188 210A Parameter Description Settings Default Setting number required for E Cable UDP mode only Cable connection time resolution Enable Disable Restoring Factory Default Settings The factory default settings can be restored at any time To do this hold down the Reset pushbutton for more than five seconds Modifying TCP IP Settings You can modify the TCP IP settings using the web browser interface or the Serial Device Server Serial Device Server s internal configuration console To modify TCP IP settings 1 You can configure the TCP IP settings using the Web Page configuration Simply log in using the Serial Device Server IP address and select TCP IP D Stex x 510 1402 Mozilla Firefox lol Ele fuk Mew Heey Bookmars Teb Hels e SM ay meona2158 5233 o6m e Bee F lost Visted Getting Started Latest Headines X 510 1402 El Configure TCPAP TCP IP Enable Disable SLASASERA 51 A SLX3AJESA 51 B ES Enabled Services IP Address 1921635233 Subnet Masle 255 265 2660 TP Address Gateway isz 16851 2 Boot Method STA
12. Advanced Configuration Part Number 140 00188 210A Response Codes Table 7 details the response codes for codes other than C commands Table 7 Response Codes Numeric Code Description 0 OK No Carrier Advanced Configuration Silex Page 31 Part Number 140 00188 210A Chapter 6 Troubleshooting If you have experience problems with the Serial Device Server please check the following troubleshooting steps 1 Make sure that you are getting power to the Serial Device Server The orange LED should be on solid if the proper power is being received If it is not on check the power supply connections and if possible try a different Silex Serial Device Server power supply 2 Make sure that you have a valid network connection a Make sure that your network is operating properly that is other devices should be able to communicate using the same hub switch or access point that the Serial Device Server is connected to b If you are using hardwired Ethernet the green LED should be lit or blinking If it is not make sure that the cable is properly connected and if possible try a different Ethernet cable c If you are using a wireless connection both the yellow LED and green LED should be lit or blinking If they are not double check your wireless settings The SSID and security parameters must exactly match the requirements of the access point in order for the Serial Device Server to communicate on an infrastructure
13. COM2 serial ports except that the l O actually goes out over the Ethernet or WLAN to the Serial Device Server and to the serial device that is connected to the Serial Device Server As a result any application program that uses a standard Windows COM port can also use the Serial Port Emulator The SPE is therefore especially useful if you have existing programs that use Windows COM ports The SPE software is a component on the CD ROM that is included with the Serial Device Server or it can be downloaded from the Silex website To install it double click on the installer icon and follow the installation instructions When the installation is complete you can run the SPE software by clicking Start gt Programs gt Silex technology gt Serial Port Emulator gt Serial Port Emulator Configuring the Serial Device Server Silex Page 21 Part Number 140 00188 210A 5 Serial Port Emulator silex technology america Inc Serial Port Emulator silex technology america Inc 10 x l Eile Ports view Tools Help ATT O ituarPonview z s mPLAN Sy Views EZ VirtualPortview 4 gt For Help press F1 Count 1 Protocol TCP IP View VirtualPortView a After the Serial Port Emulator software has started you will see a list of all the configured Serial Device Servers on the network Right click on the name of the Serial Device Server that you want the virtual COM port to connect to the default name is SLXxxxxx
14. Configure Network Security screen in the Serial Device Server internal web pages or use the console command SET NW INAP lt password gt where lt password gt is PAP or MSCHAP_V2 Authentication Certificate Authentication certificates are used by TLS and PEAP You can manually enter the certificate information or you can extract the Root Key and Root Key Exponent from a file on your disk The required information is as follows Page 38 Silex Product Specifications Part Number 140 00188 210A Certificate Root Key This is the authentication key used to verify the root certificate in the certificate chain provided by the authentication server To set to null send leave this field blank Enter the certificate root key on the Configure Authentication Certificate page in the Serial Device Server internal web pages or use the console command SET NW CERTKEY lt value gt where lt value gt is the value of the key Certificate Root Key Exponent This value must match the authentication server certificate value The default is 65537 x10001 Enter the certificate root key on the Configure Authentication Certificate page in the Serial Device Server internal web pages or use the console command SET NW CERTEXP lt value gt where lt value gt is the hexadecimal value of the key default is 10001 Certificate Common Name 1 and Certificate Common Name 2 This is the name of the certificate on the primary authentication server most applications only
15. Peer to Peer Channel 11 SSID or wireless network name serserv Power on the PC and the Serial Device Server You can connect to the Serial Device Server by specifying its default IP address of 192 0 0 192 using a web browser as described in the next section When you have connected to the Serial Device Server you must then change the IP address and enter the required wireless networking parameters using either the web browser interface or the internal command console see next two sections for operation on your wireless network After you complete the entire Serial Device Server configuration process you must set your PC back to its original network settings Silex Configuring the Serial Device Server Part Number 140 00188 210A Using a Web Browser to Configure the Serial Device Server After you have entered an IP address into the Serial Device Server you can use any standard web browser to access the internal web pages for configuring the Serial Device Server Simply specify the IP address of the Serial Device Server in your browser and then follow the steps below IMPORTANT You must click the Submit button when you have finished configuring an internal web page If you do not do this your changes will not be saved 1 When you have connected to the Serial Device Server you will get the Server Info page Click Login on the left side of the screen 000 silex SX 550 WLAN e 2 E D ae Enter th
16. Shift Keying DQPSK Differential Binary Phase Shift Keying DBPSK Channel Number IEEE 802 11b and g Channels 1 to 11 and 12 to 14 Data Rate 54 Mbps with fallback rates of 48 36 24 18 12 11 9 6 5 5 2 and 1 Mbps Security Encryption WEP 64 128 bits WPA TKIP WPA2 AES Authentication WEP Open System and Shared Key WPA PSK WPA2 PSK 802 1X with LEAP TLS TTLS and PEAP ACK architecture 32 bits MAC layer TCP Port Connections The Serial Device Server supports port connections over TCP IP for data transfer to the serial port using raw TCP ports only Table 10 describes the TCP ports allocations Table 10 TCP Port Connections Port Destination Device 3001 RS 232 9100 RS 232 9200 RFC 2217 Product Specifications Silex Page 35 Part Number 140 00188 210A Appendix A Advanced Security Configuration There are numerous possible security settings It is therefore important that you verify the appropriate settings with your network administrator If you enter the settings incorrectly the Serial Device Server will not be able to communicate on your network The following table summarizes the wireless settings required for each encryption mode and authentication type The bold values are those which are FIPS 140 2 approved Open Shared System Key Authentication Type 802 1x Ethernet Network N A N A Basic Configuration Parameters Parameters 1 64 128Bit WEP Ke To use the above table
17. Silex Page 10 Part Number 140 00188 210A Chapter 3 Configuring the Serial Device Server This chapter describes the methods for configuring the basic settings of the Serial Device Server including the IP address serial port settings and wireless security The Serial Device Server also has an extensive range of advanced configuration capabilities that are described in Chapter 5 Appendix A and Appendix B The Serial Device Server configuration should be done by a network administrator or another person with technical knowledge of TCP IP networking and serial communications Basic Configuration Requirements In order to use the Serial Device Server the following basic parameters must be configured TCP IP Settings e P Address e Subnet Mask e Router Address Note The TCP IP settings can be automatically configured using DHCP Wireless Configuration Settings e SSID e Mode Infrastructure or Ad Hoc e Channel required only if using Ad Hoc mode Security Settings e Wireless Encryption Mode WPA2 WPA WPA2 WPA WEP Wireless Encryption Settings Wireless Authentication Mode WPA PSK Open System Shared Key TTLS TLS LEAP PEAP Wired Authentication Mode TTLS TLS PEAP Authentication Settings Note There are numerous possible encryption and authentication settings and every network can have different settings Please refer to Appendix A for a detailed summary of these settings Serial Port Settings must match the settin
18. environment for example access point manufacturer model wireless security routers etc 4 Description of the problem Troubleshooting Silex Page 33 Part Number 140 00188 210A Chapter 7 Product Specifications Table 8 Product Specifications Component Specifications Model SX 500 Serial Device Server Cavium NITROX Soho CN210 RAM Memory 16 Mbytes SDRAM Processor Speed 167 MHz Interfaces Supported Serial RS 232 C Ethernet 10 100BaseT Wireless 802 11b g SX 500 Dimensions SX 500 125 73 x 75 11 x 24 08 mm 4 95 x 2 957 x 0 948 inches not including mounting brackets or connectors Temperature 0 to 50 degrees C operating 20 to 70 degrees C storage maximum 20 degrees C change per hour Humidity 10 to 90 non condensing Altitude 3 1km operating 9km storage Electrical Wired models 5 00mA 5VDC Wireless models 800mA 5VDC Power provide through external AC adapter included or via pin 9 on the 9 pin serial port connector Table 9 Radio Performance Specifications Parameter Specifications Radio Emission Type Complies with IEEE 802 11 b g h and j Direct Sequence Spread Spectrum DSSS physical layer Operating Frequency 2 412 GHz 2 484 GHz ISM band Data Modulation Type Orthogonal Frequency Division Multiplexing OFDM Complementary Code Keying CCK Page 34 Silex Product Specifications Part Number 140 00188 210A Parameter Specifications Differential Quadrature Phase
19. group encryption NOTE FIPS 140 2 approved operation requires WPA2 AES CCMP encryption To set the encryption mode select the desired mode from the pull down menu on the Configure Network Security screen in the Serial Device Server internal web pages or use the console command SET NW ENC lt mode gt where lt mode gt is DISABLE 64 128 WPA OR WPA2 Note that the encryption mode only applies to wireless networks so it is not necessary to set this mode if you are using a wired Ethernet network Key Selection Wireless Security Only This parameter selects which of the four possible WEP keys will be used as the transmit key the first key is the default Select the desired key selection from the pull down menu on the Configure Network Security screen in the Serial Device Server internal web pages or use the console command SET NW KEY n where n is 1 2 3 or 4 WEP Key Value Wireless Security Only Up to four keys can be entered if you are using WEP security The value of the keys must be entered as hexadecimal digits up to 10 hex digits for 64 bit WEP or 26 hex digits for 128 bit WEP Enter the desired key value s on the Configure Network Security screen in the Serial Device Server internal web pages or use the console command SET NW KEYVAL lt key gt where lt key gt is 10 hex digits for WEP64 or 26 hex digits for WEP128 Pre Shared Key Wireless Security Only If you are using WPA2 or WPA with the PSK mode of authentic
20. l O statistics Sample output WiFi statistics TX Unicast frames 0 TX Multicast frames 0 TX Fragments 0 TX Unicast octets 0 TX Multicast octets 0 TX Deferred 0 TX Single retry frames 0 TX Multiple retry frames 0 TX Retry limit exceeded 0 TX Discards 0 RX Unicast frames 0 RX Multicast frames 0 RX Fragments 0 RX Unicast octets 0 RX Multicast octets 0 RX FCS errors O RX Discards no buffer 0 TX Discards wrong SA 0 RX Discards WEP undecr 0 RX Msg in msg fragments 0 RX Msg in Bad msg fragments SET NW CERTCN Sets EAP Common Name The default value is null Format E ERTCN lt name gt Console Command RO PaB Commands Silex Page 43 Part Number 140 00188 210A Command Description SH NW CERTCN SET NW CERTCN2 SH NW CERTCN2 SET NW CERTEXP SH NW CERTEXP SET NW CERTKEY SET NW ID SH NW ID SET NW PW Console Commands Shows the value of first common name check string The default is null blank string The command SH NW TTCN also returns this information Sample output Common name 1 Sets second EAP Common Name Format SET NW CERTCN2 lt name gt Shows the value of the second common name check string The default is null blank string Sample output Common name 2 Sets EAP Certificate Exponent value The default value is 10001 Hex Format S ERTEXP lt exponent gt Shows the value of the certificate expone
21. must manually assign an IP address In this case use a static IP address outside the range reserved for DHCP see your DHCP server documentation for details To assign a static IP address select Set Permanent as the IP Address Resolution and assign a valid static IP address for your network Click on OK to save the new settinas E Pre REECE a OT De 4 Click Wireless on the left side of the screen to aS configure the 802 11a b g wireless settings m 7 for WLAN models only skip to the next Raio mema d E section if you have an Ethernet model To ooo E operate on an 802 11a b g network the Serial 5 Device Server configuration must be o E E configured with the wireless configuration and m 3 p security parameters required to allow the Ge j Serial Device Server to communicate over your wireless network check with your Ener te ts wn goer The stanno manter oly pes AD HOC moie ta network administrator if you do not know Bao sc dy tn tems ot i otte canna these parameters Select either Infrastructure if you are using an access point or Ad Hoc point to point as the wireless mode Enter the SSID for your network If you are using Ad Hoc select the RF channel not required for infrastructure The other parameters on this page do not normally need to be changed refer to Chapter 5 for information on advanced configuration Click the Submit button at the bo
22. select the encryption mode and authentication type you are using For example if you are using WPA2 with PSK authentication you would need to set the WPA PSK pre shared key and enable or disable the WPA Group Key Likewise if you are using WPA2 with 802 1X TLS authentication Page 36 Silex Product Specifications Part Number 140 00188 210A you would need to enter a User ID and Password an Authentication Certificate and a Private Key with corresponding public key certificate The following is a description of the authentication settings used by the Serial Device Server Encryption Mode Wireless Security Only The possible Serial Device Server wireless encryption modes include e 64 and 128 bit WEP These are available for basic WIFI compatibility Because of known security issues WEP should be avoided if possible e Dynamic WEP Dynamic WEP uses WEP encryption with an 802 1X EAP authentication method It is not necessary to set keys with this method because they are automatically assigned e WPA2 WPAZ2 is the latest and strongest wireless security standard It uses CCMP encryption Like WPA it can be used either with a pre shared key or with 802 1X authentication e Wi Fi Protected Access WPA WPA uses TKIP encryption and can be used with either a pre shared key PSK or with 802 1X authentication e WPA2 WPA This mode combines the capabilities of WPA2 and WPA by using CCMP for pairwise encryption but allowing TKIP for
23. type gt is OPEN SHARED TTLS PEAP WPA PSK LEAP or TLS NOTE For FIPS 140 2 approved operation this parameter must be TLS PEAP or PSK Wired Authentication Type Wired Ethernet Networks Only This parameter sets the type of authentication to be performed with a Radius authentication server on a wired Ethernet network The Serial Device Server supports TLS TTLS and PEAP authentication on these types of networks Select the desired wired authentication type on the Configure Network Security screen in the Serial Device Server internal web pages or use the console command SET NW ETHAUTH lt type gt where lt type gt is TTLS TLS or PEAP Authentication Attempts This parameter sets the number of authentication attempts to make before the Serial Device Server assumes the network has no authentication If zero 0 is entered the Serial Device Server attempts to authenticate forever Enter the number of authentication attempts on the Configure Network Security screen in the Serial Device Server internal web pages or use the console command SET NW AUTHTRY n where n is the number of attempts default is 0 User ID This parameter is the logon user ID that the Serial Device Server uses to authenticate to the 802 1x enabled network The user ID and password must be in the authentication server database The default user ID is anonymous Enter the user ID on the Configure Network Security screen in the Serial Device Server internal web pa
24. value is 10 Format SE ERVI lt service name gt PRIority nn Shows priority of service If service_num is not provided the priority of all services is listed Sets receive only mode for a service Silex Page 50 Part Number 140 00188 210A Command Description name gt RECeive This option is required only for host applications that do not operate properly if data is received from the serial device The default value is disabled Sample output SET SERVI lt service name gt RI Disable SET SERVI lt service Sets raw TCP port for service name gt TCP If port number is 0 raw TCP is disabled on service The default value is 9100 for service 1 3001 for service 2 Format SET SERVI lt service name gt TCP nn SH SERVI SUMmary Shows the basic parameters for a specific service If service_num is not service_num provided parameters for all services are displayed The command SH SERVI displays the same data as SHOW SERVI SUM String Commands Table 15 String Commands Command Description SET STRing Set service string table entry String 1 to11 cannot be set or changed Format SET STRing lt string gt value CL STRing Clears the service string table entry Format CL STRing lt string gt Console Commands Silex Page 51 Part Number 140 00188 210A Command Description SH STRing Defines the BOT and EOT strings
25. If fast timeout is enabled the timeout is calculated as seconds If fast timeout is disabled the timeout is calculated as minutes The default value is 1 minute Format SET IP Timeout Sets TCP maximum window size in bytes The default value is 10240 Format SET IP WIndow Silex Part Number 140 00188 210A Page 55 Command Description SH IP Console Commands Shows TCP IP related parameters Sample Output P is enabled P address 192 0 0 192 ubnet mask 0 0 0 0 P Gateway 0 0 0 0 set manually LPD banner disabled LPD retries are disabled Service Port XXXXxx S1 A s1 XXXXXX S1 B Sl Silex Boot tries Boot method Max window Timeout Keepalive TCP port 9100 3001 Part Number 140 00188 210A Page 56 Firmware Update Command Table 17 Firmware Update Description SET LOAd ENable SET LOAd HOst SET LOAd IP SET LOAd SOftware SET LOAd TFTP SET LOAd XModem SH LOAd Console Commands Sets the firmware to perform a soft reset and enter the server boot program after the next Exit command This command is used for diagnostic purposes only The default value is Disable Format S ENable DIsable Sets the node name of the TFTP boot host This command is used for diagnostic purposes only The default value is null gt Format SET LOAd HOst Sets source computer IP address for TFTP get operation The default value is 0
26. MAC address of the Serial Device Server found on the label affixed to the Serial Device Server For example arp s 192 168 5 53 00 40 17 00 00 01 ping 192 168 5 53 Note that Windows systems use the format xx xx xx xx xx xx for the MAC address for example 00 0017 00 00 01 You will see a reply from the Serial Device Server with the number of bytes and other information if the address was successfully set If you get an error message or no response then the IP address was not set If this is the case the Serial Device Server may not be at its default configuration To reset the Serial Device Server to its default settings hold down the reset pushbutton for more than five seconds d You are now ready to configure the Serial Device Server skip the remainder of this section NOTE Skip the following step if you have configured IP address of the Serial Device Server using an Ethernet cable 3 If you are using a wireless connection for the first time configuration of the Serial Device Server you must set up a temporary ad hoc wireless connection as described in the following steps Please note that because this is a fairly complex process we do not recommend it unless it is not possible to use a wired connection a Page 14 Disconnect your PC and the Serial Device Server from your network and temporarily set the PC settings as follows IP address 192 0 0 191 Wireless Mode Ad Hoc sometimes referred to as
27. ODE If the remote host is connected additional data received will be discarded Format CL PORT S1 JOB Sets serial port flow control to NONE XON XOFF CTS or DSR The default value is none Format SET PORT S1 FLOW lt flow gt Sets serial port parity to NONE EVEN ODD MARK or SPACE The default value is none Format SET PORT Sl Parity lt parity gt Sets data bits on the serial port The default value is 8 Format SET PORT S1 SIZE Sets serial port baud rate Options for BAUD are 300 600 1200 2400 7200 9600 19200 38400 57600 115200 230400 460800 921600 The default value is 115200 Format SET PORT S1 SPEED lt baudrate gt Sets serial port stop bits per character The default value is 1 Format SET PORT S1 STOP 1 2 Sets serial port line mode The default value is 232 Format SET PORT S1 STOP 232 422 485 485D Server Information Commands Command Table 13 Server Information Commands Description SET SERVEr Description SET SERVEr NAme Console Commands Sets server description string Format SE ERVE Escription lt description string gt Sets server node name The default value is TWC_xxxxxx where xxxxxx are the last 6 hex digits of the MAC address Silex Page 47 Part Number 140 00188 210A Command Description SET SNMP CONtact SET SNMP LOCation SH SERIAL SH SERVEr SH SERVEr CO
28. SAVE Saves the current configuration to non volatile memory Without this command the configuration is not saved unless an EXIT command is performed SH TEst Sends the configuration data via ASCII to the serial port UNPROTECT If an update password has been defined SET PROTECT this command enters the password to allow configuration items to be modified After entering this command the server will prompt for the update password If entered properly the user will then be able to execute SET commands to modify the server configuration This lasts only until the console session is terminated with an EXIT command Help Commands For help simply enter HELP preceding the command The correct syntax and a brief description of the commands will display For example when inquiring for various commands to display specific IP parameters type HELP SHOW IP or for commands to change specific wireless network security parameters type HELP SET NWRK Page 58 Silex Console Commands Part Number 140 00188 210A Console Commands Silex Page 59 Part Number 140 00188 210A Appendix C Firmware Update Procedures Occasionally it may be necessary to update the Serial Device Server to take advantage of new features or to fix specific problems The simplest way to perform this update is with the Silex UpdatelP utility for Windows XP and 2000 computers This utility can be found on the CD ROM that is included with the Serial Device Server or it can be downl
29. Serial Device Server services To change the TCP port number 1 Connect to the Serial Device Server with a web browser see chapter 3 for instructions on doing this 2 After you have logged in click VO Services on the left side of the page 3 Click on the service name that you want to change any one of the services is OK provided that you are not using the existing TCP port number of that service for a different application 4 Change the Raw TCP Port to the desired number must be greater than 1023 5 Click Submit to save your change You can test this connection by using the TELNET utility from the Windows Command Prompt MS DOS prompt Mac OS X Terminal Utility or UNIX Linux command line as follows telnet ipaddress portnumber Page 22 Silex Configuring the Serial Device Server Part Number 140 00188 210A where ipaddress is the IP address of the Serial Device Server and portnumber is the Serial Device Server TCP port number For example telnet 192 168 5 53 9100 In this example if you have a serial printer or other device capable of displaying ASCII characters connected to the Serial Device Server serial port then every character you type should be printed on that serial device buffered serial devices may need you to type a control character such as a formfeed CONTROL L before the characters are printed RFC 2217 Remote Modem Control Support RFC 2217 allows you to access your device s modem control signals over
30. Standard AT Commands Supported The Serial Device Server recognizes a subset of the standard AT command set The data channel must be in the command mode for commands to be recognized The data channel will be in command mode upon power up or reset There are two operating modes for the unit when the AT command option is enabled In command mode data received from the serial port is passed to the AT command processor and responses are returned to the serial port No data is sent to any network application and any data received from the network is ignored In data mode data from the serial port passes to the network application and vice versa This is equivalent to the normal serial port operating mode without the AT command option Table 5 describes the AT Commands Table 6 details the Extended AT Commands that allow the configuration of the network server operating parameters Any AT command received except the listed commands are acknowledged with OK status This allows existing modem applications to transmit commands without causing an error These include AT lt X gt n but not currently AT amp lt X gt n AT lt X gt n AT lt X gt n where lt X gt is a letter Table 5 AT Commands Parameter Command Description Enter Command mode lt delay gt lt delay gt If the string is seen in data mode with no characters sent for 1 second before or after then command mode is entered Initiate Connection ATD lt destination gt
31. TIC E Boot Tries Y F Mo Subnet Mask RARP Boot Settings I No Gateway 2 W Set address with ARP Ping EID TCPpot WF FIP F Tehet D S TELNET F ETIP Applications Enabled FP HITPS M POP3 SMTP F SNMP Y DNS F TETP F ECHO TCP Window foz ES e LI This page allows you to modify the TCP IP parameters 3 NOTE Fyon disable the IP protocol you will be unable to configure the server using the web Enabled Services The services listed are enabled to be used with TCP IP based protocols view or change the configuration of one of the services cick on the al Dene B 4 Asan 00 gt yr e e Jos Ds Es o ar lo Be e fas Gr Bs Bs dall cows OP SEs OMS BS 20m Figure 2 TCP IP Window Advanced Configuration Silex Page 27 Part Number 140 00188 210A 2 Verify the settings as defined in Table 4 Table 4 TCP IP Settings Parameter Setting IP Address To assign a static IP address enter it in this field The IP address must follow the format XXX XXX XXX XXX where each XXX is a number between 0 and 255 The default IP address mask is 192 0 0 192 Subnet Mask To assign a static subnet mask enter it in this field The subnet mask must follow the format XXX XXX XXX XXX where each XXX is a number between 0 and 255 The default subnet mask is 0 0 0 0 The server interprets a subnet mask of 0 0 0 0 or 255 255 255 255 as no subnet mask specified Default Gateway Sets the defau
32. able is not included because of the wide variety of connector types used on serial devices Verify Package Contents The Serial Device Server includes the components listed in Table 1 Please ensure that all materials listed are present and free from visible damage or defects before proceeding If anything appears to be missing or damaged please contact Silex Table 1 Package Contents Description SX 500 Base Unit w external pole antenna Setup Guide CD ROM containing Serial Port Emulator Software and User s Reference Guide AC Power Supply with power cord Warranty Card Installing the Serial Device Server Follow the steps below to install the Serial Device Server The Serial Device Server s factory default settings should be sufficient for most serial connections however some of the configuration settings may have to be changed for your particular installation 1 Before attempting to install the Serial Device Server make sure you have installed and set up your serial device as described in the documentation that came with the device Installing the Serial Device Server Silex Page 8 Part Number 140 00188 210A 2 Write down the 12 digit MAC Media Access Code address printed on the label located on the bottom of the Serial Device Server for example 004017023F96 You may need this number in order to configure the Serial Device Server 3 If you have a wireless model connect the antenna to the unit 4 Conne
33. ate the Serial Device Server firmware 1 Download the appropriate firmware update file from the Support amp Downloads Section of the Silex website www silexamerica com into a directory on your computer 2 If you are using Windows 2000 XP or Vista enter the following command from the command line of your operating system tftp i ipaddress put filename lt password gt Firmware Update Procedures Silex Page 60 Part Number 140 00188 210A where paddress is the IP address of the Serial Device Server filename is the file name and path if necessary and lt password gt is the Serial Device Server password if you changed this password use your new password instead of access For example to download the file tathsti130 bin from the updates directory on your computer into a Serial Device Server with an IP address of 192 168 5 70 you would enter the command tftp 192 168 5 70 put updates tathsti130 bin access If you are using a different operating system please refer to the documentation of that operating system for information on how to use the tftp command Note that you should specify that the tftp destination file is the Serial Device Server password access by default Firmware Update Procedures Silex Page 61 Part Number 140 00188 210A Appendix D Safety and Regulatory Notices Information for United States Users This equipment has been tested and found to comply within the limits for a Class B digi
34. ation the key value entered here is used to initialize the session with the access point If a key value is entered it must be exactly 64 hex characters Enter the desired PSK on the Configure Network Security screen in the Serial Device Server internal web pages or use the console command SET NW WPAPSK lt psk gt where lt psk gt is the key WPA Group Key Wireless Security Only If the WPA Group Key mode is enabled then group keys may be used for data link encryption the default is disabled Select whether to enable or disable the WPA Group Key on the Configure Network Security screen in the Serial Device Server internal web pages or use the console command SET NW WPAGROUP lt state gt where lt state gt is ENABLED or DISABLED NOTE For FIPS 140 2 approved operation this parameter must be DISABLED Product Specifications Silex Page 37 Part Number 140 00188 210A Wireless Authentication Type Wireless Security Only This parameter sets the type of authentication to be performed with the network access point Radius authentication server or with a peer unit in Ad Hoc mode The Serial Device Server supports Shared Key and Open System Authentication with WEP and PSK TLS TTLS LEAP and PEAP with WPA WPA2 DYNAMIC WEP and WPA2 WPA Select the desired wireless authentication type on the Configure Network Security screen in the Serial Device Server internal web pages or use the console command SET NW AUTHTYPE lt type gt where lt
35. bord aecaat eS 58 Table 18 Miscellaneous COMMANdS ccocccconoccccccnccononnncnnnnonnnnnncnnn nono n cnn narran rre 59 Contents Silex Page iii Part Number 140 00188 210A About This Reference Guide Safety Precautions To prevent damage to the Serial Device Server s electronic circuit components follow established ESD practices and procedures for handling static sensitive devices All ESD sensitive components must be stored and shipped in ESD conductive bags or bubble wrap and labeled as such using the standardized ESD adhesive warning label 7 Ethernet electrical wiring must be at least 6 feet from bare power wiring or lightning rods and associated wires and at least 6 inches from other types of wire antenna wires doorbell wires wires from transformers to neon signs steam or hot water pipes and heating devices 7 Protectors and grounding wire placed by the service provider must not be connected to removed or modified by the customer Emissions Disclaimer Regulatory compliance information can be found in Appendix D of this manual Final emission certification per FCC CE and other agency requirements are the responsibility of the OEM using any printed circuit assemblies or other items used in this developer s kit in their saleable packaged product About This Reference Guide Silex Page 1 Part Number 140 00188 210A REVISION HISTORY Rev No A 2009 08 13 About This Reference Guide Revision by Lee Aydelotte C
36. ct the Serial Device Server to your serial device If you are using RS 232 you may use standard PC cabling you should normally use a null modem crossover cable The 9 pin connector pinouts and cabling are as follows DB 9 Female DTE Pin Description DCD Data Carrier Detect Input DSR Data Set Ready Input RxD Receive Data Input TxD Transmit Data Output DTR Data Terminal Ready Output RTS Request To Send Output CTS Clear To Send Input Ground Ground oc ajo lt ajo n o oO ON ODA NOGA Cri Pair Optional Connection RI Ring Input or 5 VDC Power Input Optional RS 232 connector pinouts and cabling 5 Plug the Serial Device Server power supply adapter into a suitable AC receptacle and then plug the power supply cable into the Serial Device Server Alternatively you can use pin 9 on the 9 pin connector to provide power to the Serial Device Server 1 amp 5V is required When power is applied all three LEDs will be lit The Serial Device Server will run through a sequence of power up diagnostics for a few seconds If the Serial Device Server is operating properly the green and yellow LEDs will turn off and then will show the device status as shown in Table 2 in the next section The orange LED should remain solidly illuminated The unit powers up in the Normal mode which provid
37. ddress of the Serial Device Server for example ftp 192 168 5 50 When the connection is made enter any username and password You can then use the standard FTP put command to send the file from the PC to the device connected to the serial port on the Serial Device Server Console Mode Switching The Serial Device Server allows you to dynamically switch the operation of the serial port from normal mode to console mode This allows your device to control the operation of the Serial Device Server by sending console commands see chapter 6 and Appendix B for a description of the console commands Note that console mode can only be entered when there is no connection to a remote host Page 24 Silex Configuring the Serial Device Server Part Number 140 00188 210A NOTE The serial port console mode cannot be used in a FIPS 140 2 approved mode The Cryptographic Officer must leave the console string as NULL the factory default value To switch the serial port to console mode you must first define a console string When the Serial Device Server receives this string on the serial port it will automatically switch the port to console mode To define the console string use a web browser to access the Serial Device Server internal web pages After you log in click I O Port and then select the desired port S1 for the serial port When you get the IO Port Settings page enter any desired character string for example xyz as the Console Mode St
38. dog timer is disabled 1 255 watchdog timer period in minutes The factory default value is 5 minutes This timer also controls a receive activity monitor when the wireless network link is connected If no packets are received during the time specified and the link remains up the unit will reset at the end of the time period SET NW RESET This command stops and then resets the wireless network interface This will effectively disassociate the unit from an access point if it is connected If the unit is in wireless infrastructure mode the unit will then scan and attempt to reconnect to a suitable access point if one is available Format S ZEROKEYS Zeroizes the module private key and WPA PSK key as well as any temporary key values held in RAM The unit will then automatically perform a soft reset Note that if any wireless encryption is enabled it will be impossible to connect to an access point until the necessary key information has been re configured Port Commands Table 12 Port Commands Command Description SH PORT Shows port parameters Sample output Port Q Size Type Attributes S1 0 serial 115200 N 8 1 XON XOFF CLEAR PORT S1 Aborts the active job on the port JOB Console Commands Silex Page 46 Part Number 140 00188 210A Command Description SET PORT S1 FLOW SET PORT S1 PARITY SET PORT S1 SIZE SET PORT S1 SPEED SET PORT S1 STOP SET PORT S1 M
39. e is 50 ohms To reduce potential radio interference to other users the antenna type and its gain should be so chosen than the equivalent isotropically radiated power EIRP is not more than the required for successful communication Safety and Regulatory Notices Silex Page 63 Part Number 140 00188 210A Information for European Users SX 500 The server and its built in 802 11b and 802 11g wireless technology is in compliance with the Class B Information Technology Equipment requirements and other relevant provisions of European Directive 1999 5 EC The limits for Class B equipment were derived for typical residential environments to provide reasonable protection against interference with licensed communications devices The internal function is a radio device using the 2 4 GHz frequency band 2 400GHz 2 4845 GHz It is intended for wireless communication with other 802 11b and 802 11g enabled devices in an indoor environment The use of 802 11b and 802 11g wireless technology in certain countries may be restricted Before using 802 11x products please confirm with the frequency management authority in the country where you plan to use it Many countries allow indoor use only In Italy general authorization is required if used outside In France the use of certain channels is restricted outdoors In some situations or environments the use of 802 11x wireless technology might be restricted by the proprietor of the building or responsible r
40. e it is concise fast and powerful To use the Internal Command Console 1 To access the Internal Command Console enter the following command from the Windows Command Prompt MS DOS Prompt Mac OS X Terminal Utility or UNIX Linux command line telnet aa bb cc dd where aa bb cc dd is the IP address of the Serial Device Server for example telnet 192 168 5 6 2 Press lt ENTER gt and then enter the password the default value is access at the prompt Press lt ENTER gt at the Enter Username gt prompt When you see the Local gt prompt you can enter console commands 3 If you used the default 192 0 0 192 IP address to connect to the Serial Device Server you MUST change it to a new valid IP address If necessary you must also change the Subnet Mask and Router Gateway The commands are as follows SET IP ADDRESS aa bb cc dd SET IP SUBNET aa bb cc dd SET IP ROUTER aa bb cc dd where aa bb cc dd is the IP address of the Serial Device Server You can use the command SHOW IP to verify the IP address settings 4 Enter the basic wireless settings as follows SET NW SSID lt name gt where lt name gt is the SSID for your network SET NW MODE lt mode gt where mode is INFRASTRUCTURE or AD HOC SET NW CHANNEL n where n is 1 to 11 this is only used in AD HOC MODE 5 Use the appropriate SET NW command to set wireless encryption mode and authentication type check with your network administrator for the proper settings
41. e password access and press SET Submit Network Configuration Login Network Card Access Password silex SK 550 WLAN e aaa pres ae 3 You will return to the Server Info page but new options will be listed on the left side of the screen Click on TCP IP Firmware Version BBES 1 23B 2007 06 05 silex technology Configuring the Serial Device Server Silex Page 15 Part Number 140 00188 210A F osa pies De If you used DHCP verify that the IP address is correctly set If you used the default 192 0 0 192 Pm TE IP address you MUST change it to a new valid IP amasa RRHH g address If necessary change the Subnet Mask a Se and Gateway It is generally not necessary to eae sae i change the other parameters on this page refer to Chapter 5 for advanced configuration information RARP Boot Settings Bien aoe Note that on line help information is available on Oe e800 rms em every configuration page This page allows you to modify the TCP IP parameters 0 ce ie Click the Submit button at the bottom of the window you may need to scroll to save your changes NOTE If you are using DHCP on your network the SX 500 should have acquired valid IP settings at this point and no further configuration is necessary However for some installations a static IP address is preferred If your DHCP server does not allow the SX 500 to keep its assigned IP address permanently then you
42. entation to determine how to set up an Ipr print queue Usually this simply involves specifying the IP address of the Serial Device Server as the printer s address or host name Some implementations require a queue name this name is the name of any of the Serial Device Server services To see the names of the Serial Device Server services connect to the Serial Device Server with a web browser see chapter 3 for instructions on doing this after you have logged in click I O Services on the left side of the page e Port 9100 This method is used to set up a Windows Standard TCP IP port or for compatibility with software that supports the HP JetDirect Print Server for example HP Web JetAdmin To use this capability on Windows with the Add Printer Wizard specify that you want to use a Local printer attached to this computer not a network printer and then select Create a new port specifying Standard TCP IP Port as the type of port It is also possible to change the TCP port number from the default 9100 for compatibility with other printer manufacturer s software To do this refer to the instructions in the Raw TCP Connection section of this chapter FTP The Serial Device Server supports FTP binary or ASCII communications This can be used for example to send the contents of a file from a PC to a device connected to the Serial Device Server using the FTP protocol To use FTP simply enter the standard FTP command from your PC with the IP a
43. epresentatives of the organization for example in airplanes in hospitals or in any other environment where the risk of interference with other devices or services is perceived or identified as harmful If you are uncertain of the policy that applies to the use in a specific organization or environment you are encouraged to ask for authorization to use 802 11x wireless technology prior to switching it on Consult your physician or the manufacturer of personal medical devices pacemakers hearing aids etc regarding any restrictions on the use of 802 11x wireless technology Silex cannot be responsible for any failure to satisfy the protection requirements resulting from a non recommended modification of the product Declaration of Conformity CE SX 500 Manufacturer Silex Technology America Inc 157 West 7065 South Salt Lake City UT 84047 USA Telephone 801 748 1199 Product Ethernet and Wireless 802 11b and 802 11g enabled serial server Model No SX 500 Silex Technology America Inc hereby declares that the above referenced product to which this declaration relates in is conformity with the provisions of Council Directives 1999 5 EC Radio Equipment and Telecommunications Terminal Equipment Standards used and met in the assessment e EN301 489 1 e EN301 489 17 e EN300 328 The documents required by this Directive are maintained at the corporate headquarters of Silex Technology America Inc 157 West 7065 South Sa
44. er security settings for interoperability in non FIPS 140 environments However use of the SX 500 with any settings other than those indicated above is not FIPS 140 2 compliant Introduction Silex Page 5 Part Number 140 00188 210A In particular the WPA2 WPA transition mode is NOT FIPS 140 2 compliant Only networks exclusively using WPA2 AES CCMP encryption comply The current security settings for the device may be observed by logging into the unit web server and navigating to the network security page which will show the currently active and configured values for the above parameters and others The settings may also be observed with the configuration console command SHOW NW This should be done after configuration and before use to verify that the device is properly configured for the intended target environment The SX 500 is validated at level 1 which means it has no physical security beyond the physical protection of its metal case and is presumed to be used in a secure environment If the unit is to be left unused in an unsecured area or is to be transported to a new location via unsupervised means it is recommended that the Cryptographic Officer zeroize the device This is done with the configuration console command ZEROKEYS After zeroization the unit will need to be re configured before wireless communication in FIPS compliant mode are possible The Cryptographic Officer must be aware that all configuration program inputs are
45. erference and 2 this device must accept any interference received including interference that may cause undesired operation Trade Name silex Type of Product Ethernet and Wireless 802 11b and 802 11g enabled serial server Model SX 500 Silex Technology America Inc hereby declares that the equipment specified above conforms to the above requirements Standards used and met in the assessment CFR Title 47 Part 15 Subpart B and Subpart C EN55022 1998 Class B FCC ID N6C SX10WG Information for Canadian Users IC notice SX 500 The term IC before the radio certification number only signifies that Industry of Canada technical specifications were met Operation is subject to the following two conditions 1 this device may not cause interference and 2 this device must accept any interference including interference that may cause undesired operation of the device This Class B digital apparatus meets all requirements of the Canadian Interference Causing Equipment Regulations RSS 210 IC 4908A SX10WG To prevent radio interference to the licensed service this device is intended to be operated indoors and away from windows to provide maximum shielding Equipment that is installed outdoors is subject to licensing This device has been designed to operate with an antenna having a maximum gain of 2 dB Antenna having a higher gain is strictly prohibited per regulations of Industry Canada The required antenna impedanc
46. es for connection from the network to device s connected to the serial port of the Serial Device Server If the orange LED blinks continuously in a regular pattern a problem exists If this is the case try powering the unit OFF and then ON again NOTE Pin 9 is normally configured for supplying 5V from an external power source in lieu of using the AC power supply adapter 6 Connect the Serial Device Server to your network through a switch or hub using a category 5 CAT5 Ethernet cable Then cycle power on the device to switch the server into wired mode and switch off the wireless networking functionality as long as the cable is plugged in NOTE SILEX RECOMMENDS USING A HARDWIRED ETHERNET CONNECTION FOR CONFIGURING WIRELESS SERIAL DEVICE SERVERS If you have a wireless Serial Device Server model and cannot use an Ethernet connection refer to step 4 in the First Time IP Address Configuration section of this chapter for instructions on how to set up the Serial Device Server using a completely wireless Ad Hoc environment Device Keys unit private key and WPA2 PSK must be entered via an isolated wired connection Installing the Serial Device Server Silex Page 9 Part Number 140 00188 210A 7 The Serial Device Server s IP address must be configured before a network connection is available If your network offers DHCP Dynamic Host Configuration Protocol the Serial Device Server will automatically search for a DCHP se
47. ges or use the console command SET NW ID lt user id gt where lt user id gt is the user ID the realm can included in the user id with the separator Realm A realm defines a grouping of users If a realm is required for your network it is separated from the user ID by a character Among other things realms make it easier to segregate user groups into independently administered databases to apply policies on a user group basis and to establish roaming agreements The default realm if not specified is anonymous Enter the realm on the Configure Network Security screen in the Serial Device Server internal web pages or use the console command SET NW REALM lt realm gt where lt realm gt is the name of the realm Password This parameter is the logon password that the server uses to authenticate to the 802 1x enabled network The user ID and password must be in the authentication server database The password may be a text string or a string of hex bytes Enter the password on the Configure Network Security screen in the Serial Device Server internal web pages or use the console command SET NW PW lt password gt where lt password gt is the password default value is anonymous Authentication Protocol This parameter determines how the server authenticates itself to the 802 1x enabled network after an 802 1x session is established The default is PAP MSCHAP_V2 is the alternative protocol Select the desired protocol on the
48. gs of the attached serial device e Baud Rate Speed e Parity e Character Size Configuring the Serial Device Server Silex Page 11 Part Number 140 00188 210A e Flow Control In addition to the above parameters the Serial Device Server allows you to configure numerous other capabilities These other capabilities provide you with the unparalleled flexibility to use the Serial Device Server on virtually any 802 11 or Ethernet network with a wide range of serial devices Configuration Methods There are two ways to configure the Serial Device Server e Internal Web Pages HTTP You can use any standard web browser to access the Serial Device Server internal web pages These web pages provide an easy to use graphical interface for configuring the Serial Device Server In order to use the internal web pages for the first time you must assign the Serial Device Server IP address using some other method for example DHCP or arp ping This initial IP address assignment need only be done one time e Internal Command Console The internal command console provides a sophisticated command line interface for advanced users to configure the Serial Device Server It can be accessed by connecting a serial cable to the serial port and using console mode switching as descried in chapter 4 Once the IP address has been assigned the internal command console can also be accessed via TELNET or via the internal web pages NOTE when operating in a FIPS 140
49. hod of getting IP address The default value is Auto Format S Ethod AUTO BOOTP RARP DHCP STATIC SET IP Pling Sends IP ping packets to test connection to remote host Format o SET IP PIng aa bb cc dd SET IP PRObe Enables or disables TCP connection probes The default value is Disable Format SET IP PRObe ENable DIsable SET IP RARp Enables setting of default router and or subnet mask based on RARP IP address set The default value is 0 Format SET IP RARp nn nn O both 1 no subnet 2 no router 3 neither SET IP REtry Enables or disables LPD retry on incomplete job The default value is Disable Format S Etry ENable DIsable Console Commands Silex Page 54 Part Number 140 00188 210A Command Description SET IP ROuter SET IP SUbnet SET IP TCP SET IP TELnet SET IP TFTP SET IP Timeout SET IP Window Console Commands Sets default router address The default value is 0 0 0 0 Format SET IP ROuter aa bb cc dd Sets IP subnet mask The default value is 0 0 0 0 Format SET IP SUbnet aa bb cc dd Enables or disables the raw TCP 9100 protocol The default value is Enable Format SI ENable DIsable Enables or disables Telnet protocol The default value is Enable Format SI ENable DIsable Enables or disables TFTP protocol The default value is Enable Format SET IP TFTP ENable DIsable Sets TCP inactivity timeout
50. hrough the serial port if enabled for console mode or over the network using a Telnet session or a web browser The console can also be accessed via UART level signals on connector CN5 on the Serial Device Server printed circuit board this requires you to open the Serial Device Server enclosure and use a special cable and adapter board it should only be used by qualified Silex personnel for diagnostic and troubleshooting purposes Wireless and Network Security Commands The following group of commands configures network parameters Table 11 Network Commands Command Description SH NW Displays summary network information Sample output WiFi Mode INFRASTRUCTURE WiFi SSID silex Speed 11 Regulatory Domain 704 WiFi FW Ver 1F 1 7 1 AP density LOW TTLS is Disabled WEP is Disabled Link DOWN SH NW SQ Display wireless network signal quality Sample Output Signal Quality 93 Signal Strength 53 Noise Level Console Commands Silex Page 40 Part Number 140 00188 210A Command Description SET NW AUTHtype SH NW AUTH SET NW ETHAUTH SH NW ETHAUTH SET NW AUTHTRY SH NW AUTHTRY SET NW CHannel SET NW ENC SH NW ENC Console Commands Sets wireless authentication type The default value is Open System Format SET NW AUTHtype OPEN SHARED TTLS LEAP PEAP TLS PSK NOTE For FIPS 140 2 approved operation this parameter must be TLS PEAP or PSK Sh
51. icer on an isolated network with the machine containing Cryptographic Officer s web browser directly connected to the SX 500 and not connected via a LAN The same is true for entry of externally generated RSA private keys public certificates In addition to the wireless security settings above the following settings must be made for operation in FIPS 140 2 mode Item Required Setting HTTPS Disabled factory default S Telnet Disabled factory default TCP data service SSL Disabled factory default Serial port console mode string NULL disabled factory default Serial port filter TRAP factory default Introduction SK age Part Number 140 00188 210A Physical Protection There are no user serviceable parts inside the SX 500 enclosure If the enclosure should be opened for any reason the Cryptographic Officer should zeorize the module before the enclosure is opened Secure Operation The Cryptographic Officer and any users of the SX 500 module must be familiar with the SX 500 Cryptographic Security Policy and must follow its guidelines for proper operation Introduction Silex Page 7 Part Number 140 00188 210A Chapter 2 Installing the Serial Device Server Hardware The Serial Device Server includes most of the hardware and software components required for installation The one item that you will need to purchase separately is a cable to connect your serial device to the Serial Device Server this c
52. if you do not know them SET NW ENC lt mode gt sets encryption mode where lt mode gt is WPA WPA2 64 128 or WPA2 WPA SET NW AUTHTYPE lt type gt sets authentication type where lt type gt is OPEN SHARED TTLS PEAP WPA PSK LEAP or TLS Configuring the Serial Device Server Silex Page 19 Part Number 140 00188 210A For WPA2 PSK or WPA PSK enter the command SET NW WPAPSK lt psk gt sets pre shared key for WPA2 or WPA where lt psk gt is the key SET NW WPAGROUP lt state gt enables or disables WPA group key mode where lt state gt is ENABLED or DISABLED default is DISABLED For WEP WEP64 or WEP 128 use the following commands SET NW KEYVAL lt key gt Sets WEP key where lt key gt is 10 hex characters for WEP64 or 26 hex characters for WEP128 SET NW KEY n sets the number of the WEP key that will be used as the transmit key where n 1 to 4 default value is 1 Configuring 802 1X EAP authentication can be complex Please refer to Appendix A and or Appendix B for details of the required commands 6 To set the serial port enter the following commands SET PORT S1 SPEED lt baudrate gt where lt baudrate gt is 300 to 921600 SET PORT S1 PARITY lt parity gt where lt parity gt is ODD EVEN MARK or SPACE SET PORT S1 SIZE lt databits gt where lt databits gt is 7 or 8 SET PORT S1 FLOW lt flowcontrol gt where lt flowcontrol gt is NONE XON XOFF CTS or DSR The console co
53. in plaintext for purposes of FIPS 140 2 compliance regardless of the transport encoding used The only FIPS 140 2 cryptographic protection claimed for this module is for the wireless link between the unit and an associated Access Point If WPA2 PSK mode is being used the PSK must be entered by the Cryptographic officer on an isolated network with the machine containing Cryptographic Officer s web browser directly connected to the SX 500 and not connected via a LAN The same is true for entry of externally generated RSA private keys public certificates The Crypographic officer must zeroize the module when transitioning the device configur ation from a FIPS 140 2 approved mode to a non approved mode The Cryptographic Of ficer should zeroize the module before resetting the configuration to factory defaults If this is impossible because the reason for resetting is the connection to the unit is im possible the unit must be zeroized after the configuration reset is complete and connec tion has been restored There are two types of bypass states possible with the module non approved modes The first is to use any wireless encryption authentication combination not specified above as being FIPS 140 2 compliant and then reset the unit The second is to configure the unit to not be in Ethernet to Wireless mode plug in a wired Ethernet cable and then reset the unit If WPA2 PSK mode is being used the PSK must be entered by the Cryptographic off
54. l between connection attempts For example by default the Serial Device Server will try once every 30 seconds to make a connection to the destination device if it fails to make this connection it will wait 30 seconds before attempting again Changing this interval will reduce or increase the amount of network traffic 5 Itis also possible to use UDP instead of TCP for communicating to and from the Serial Device Server If you wish to use UDP then Configuring the Serial Device Server Silex Page 23 Part Number 140 00188 210A a Select UDP as ECable I O Mode b Enter the UDP port number Destination Port used by the destination device to communicate with the Serial Device Server This number must be a valid port on the destination device check the documentation for that device to determine the valid port numbers c Enter the UDP port number Local Port used by the Serial Device Server to communicate with the destination device This number must be greater than 1023 but is otherwise arbitrary NOTE ECable mode cannot be used in conjunction with the Serial Port Emulator software Print Server Mode You can use the Serial Device Server as a standard TCP IP print server which is very useful if you are connecting the Serial Device Server to a serial printer The Serial Device Server supports the following standards e Ipr lpd This is one of the most popular ways to print on a TCP IP network Check your computer s docum
55. les or disables setting of IP address with an ARP packet The default value is Enable Format S ENable Disable Enables or disables printing of job banner on LPD jobs The default value is Disable Format SET IP BAnner ENable DIsable Enables or disables verification of IP checksum on received packets The default value is Enable Format SET IP CHKSUM ENable Disable Sets number of tries for each enabled IP boot method if not set to static The default value is 3 Format SET IP BOot Enables or disables all IP based protocols The value is Enable Format S ENable Disable Sets IP timeout If enabled the IP timeout is measured in seconds If disable the IP timeout is in minutes The default value is Disable Format SET IP FTIme ENable DIsable Silex Part Number 140 00188 210A Page 53 Command Description SET IP FTP Enables or disables FTP protocol The default value is Enable Format SI ENable DIsable SET IP HTTP Enables or disables HTTP protocol The default value is Enable Format SET IP HTTP ENable Disable SET IP KEepalive Sets interval in minutes for sending TCP keepalive packets on a connection The default value is 5 minutes Format S Eepalive n SET IP LPD Enables or disables the LPD protocol The default value is Enable Format S ENable DIsable SET IP MEthod Sets met
56. lt Lake City UT 84047 USA Page 64 Silex Safety and Regulatory Notices Part Number 140 00188 210A Appendix E Silex Contact Information Silex Technology America Inc www silexamerica com Technical Support support silexamerica com Sales sales silexamerica com Tel 801 748 1199 8 00 to 5 00 Mountain Time Tel 866 765 8761 toll free Fax 801 748 0730 Silex Technology Europe GmbH www silexeurope com Tel 49 2159 67500 Tel 0800 7453938 German toll free Email contact silexeurope com Silex Technology Beijing Inc www silex com cn Tel 86 10 8497 1430 Email contact silex com cn Corporate Headquarters Silex Technology Inc www silex jp Tel 81 6 6730 3751 Email support silex jp Safety and Regulatory Notices Silex Part Number 140 00188 210A Page 65 silex technology Silex Technology America Inc www silexamerica com
57. lt gateway if your network is attached to other networks Boot Method Set to STATIC for a static IP address set to DHCP or AUTO to attempt to automatically assign the IP parameters from a network server TCP Timeout Sets the timeout and reset values for the TCP connections Keepalive Timer Blocks or broadcasts unsolicited ARP used to notify access point or router that the unit is still connected Sets the DNS addresses 3 For the changes to become effective click the Submit button then reset the Serial Device Server Using AT Modem Commands NOTE The AT Command filter cannot be used in a FIPS 140 2 approved mode The Cryptographic Officer must leave the port filter setting as TRAP the factory default value The Serial Device Server firmware has an optional data filter for configuring using AT style modem commands with the serial port This feature allows devices with an existing AT command interface to configure the unit if the AT commands can be properly modified You must be familiar with the general operation of AT commands Note that AT command processing is not enabled by default Use the command SET PORT S1 FILTER AT to enable this feature All commands begin with AT and are terminated by a new line unless noted below While standard AT commands are defined to be 40 characters or less not including the AT the server accepts commands of up to 80 characters Page 28 Silex Advanced Configuration Part Number 140 00188 210A
58. may be retrieved by clicking on one of the links at the bottom of the page in order to pass the certificate to the Authentication Server Now click I O Port on the left side of the screen to configure the serial port Page 17 Part Number 140 00188 210A silex SX 550 WLAN e AA e De 8 Configure the serial port settings so that they A match the settings on your device For example if your device is set for 9600bps me odd parity and XON XOFF flow control you a a must change the settings on the Serial Device tuo or g Server to these settings E Click the Submit button at the bottom of the u 5 window you may need to scroll to save your e El E changes amaram E When you have finished with all your configuration changes you must restart the Serial Device Server for these changes to take effect You can skip the remainder of this chapter Page 18 Silex Configuring the Serial Device Server Part Number 140 00188 210A Using the Internal Command Console to Configure the Serial Device Server You may skip this section if you have completely configured the SX 500 using the SX 500 Internal Web Pages The Internal Command Console is a command line oriented method for configuring the Serial Device Server It provides more comprehensive capabilities than the Internal Web Pages but is not as easy to use Advanced users may prefer to use this method becaus
59. mmands are summarized in Appendix B of this manual 7 When you have finished entering commands type INIT EXIT These commands will save the configuration and restart the unit You are now ready to use the Serial Device Server IMPORTANT The console command EXIT must always be used in order to save the changes you made with the internal command Console 8 Note that you can also access the Internal Command Console in the following ways e Internal Web Pages Use a web browser to connect to the Serial Device Server internal web pages as described earlier in this chapter After you have logged in click Admin on the left side of the screen and then click Console You can now enter console commands you must click Enter after each command Page 20 Silex Configuring the Serial Device Server Part Number 140 00188 210A Chapter 4 Using the Serial Device Server with Your Application The Serial Device Server includes a number of capabilities that enable it to be used in a wide range of applications These capabilities include Serial Port Emulator SPE software Raw TCP connection RFC2217 ECable Mode Print Server mode FTP Console mode switching AT commands ONOTRWON gt These methods are described in the following sections Serial Port Emulator The Serial Port Emulator SPE software emulates a standard Windows COM port That is it creates a virtual COM port that functions exactly like the Windows COM1 and
60. n Ethernet connection you must first configure the Serial Device Server IP address Note that it is only necessary to perform this task one time once the address has been configured the Serial Device Server can be accessed from any computer on the network that has the appropriate privileges The steps are as follows 1 If your network has a DHCP server and you can use an Ethernet connection to the Serial Device Server a Make sure your PC is connected and has access to your network b Connect an Ethernet cable from your network hub to the Serial Device Server if you have a wireless Serial Device Server and do not have hardwired capabilities then you must go to Step 4 below for setup instructions Power on the Serial Device Server The administration program on most DHCP servers logs the IP address and MAC address of each DHCP client The MAC address of the Serial Device Server can be found on the label affixed to the unit If your DHCP server has logged this information write down the IP address of the Serial Device Server for future reference You are now ready to configure the Serial Device Server skip the remainder of this section e If your DHCP server does not provide client information or if you do not have access to the DHCP server then you can get the IP address by connecting a serial device such as a printer a Windows PC running HyperTerminal or another serial device capable of printing ASCII characters to the serial
61. nononennncnnnnnnnnnnnnnnn nan nnnnnn nr nan nnnrnnnnnannnnncnncnnnnnnnnnnnns 65 Appendix E Silex Contact Information l aa r eee e teeta RAR nn nn nn AE AE EAn 66 Figures Figuro TA ilar a ieee e Susie acca bc O eve deta ANN 3 Elg re 2 PCRAP VW INdOW ii ceed gh anti don lc os aed a a eu hd 28 Tables Tabe 1 Package Contents eera a a a E E AES E A AAI EAA as 8 Table 2 Status MOnmtors ii een a tee ee Ape an OM ba che A E 10 Table 3 Factory Default SettingS cc A A add 27 Table 4 TCP IP SONS is A at 29 Tabe S AT Commands A oa a ds Lo dead 30 Contents Silex Page ii Part Number 140 00188 210A Table 6 Extended AT Commannds cccccccccccceccsceecceeecseeeecesueuceseuceueeuseueaueeaeeeeeusesauueeseueeeueeesaaeeeneueesansesaeeeseesuuss 31 Table 7 Response COS xs s5 ci a e a Sete al 32 Tabl Product Specification 35 Table 9 Radio Performance Specifications c ce ecccccceeceeeeeeeeeeeeeeeeeeeeeseaaceeeeaaaaaaaaeeaeeceeeeeeeeeeeeeeeeeeaaaaes 35 Table 10 TCP Port Connections ici A a ei E AAA ade 36 Table 11 Network Commands cates arean a aa E id 41 Table 12 Port COMMANAS iecccsves necevece ves ascceceves esacceceeeveli A Ad 47 Table 13 Server Information Commands serias peraan n oran nn r a rn rra 48 Table 14 Service Command sarisin na ein anita dined a 50 Table 15 String Commands osceann ti Dc 52 Table 16 TGP IP COMMANAS noe ae aat acest a seh eee ee aa 53 Table 17 Firmware Wpdatesss sc2ec0 a
62. nt The deprecated command SH NW TTEXP also returns this value Sample output 65537 10001h Sets EAP root key Format S E EY lt key value gt Sets authentication User ID This can include the realm separated by The default value is anonymous Sample output SET NW ID lt user id gt Shows the value of the authentication ID including realm if applicable The default realm is a null blank string The deprecated command SH NW TTID also returns this data Sample output anonymous somewhere Sets the password for the 802 1x EAP authentication if enabled The default value is anonymous Format SET NW PW lt password gt Silex Part Number 140 00188 210A Page 44 Command Description SET NW INAP SH NW INAP SET NW REALM SH NW REALM SET NW WPAGROUP SH NW WPAAUTO SH NW WPAGROUP SET NW WPAPSK Console Commands Sets EAP inner authentication protocol The possible protocols are PAP and MSCHAP_V 2 the default value is PAP Format SET NW INAP PAP MSCHAP V2 Shows the inner authentication mode The deprecated command SH NW TTAP also returns this data Sample output Authentication protocol PAP Sets the realm portion of the 802 1x EAP authentication ID This value can also be set with the ID command The default value is null Format S EALM lt realm gt Shows the realm associated with the authentication ID if applicable The default value is null blank
63. oaded from the Support amp Downloads section of the Silex website www silexamerica com When updating the firmware it is important that power not be removed from the module until the update operation is complete Power interruption during firmware update can corrupt the firmware image and render the device unusable The Cryptographic Officer should be sure the update has completed and the unit has reset and returned to normal operation before removing power from the unit To use UpdatelP 1 Download the appropriate firmware update file from the Support amp Download section of the Silex website www silexamerica com into a directory on your computer e Download or copy the UpdatelP software files into a directory on your computer Double click the updateip exe icon to start the UpdatelP application a Click OK when vou aet the About Update for TCP IP splash screen Important Make sure that the UpdatelP application is included as an exception if you have a firewall enabled on your PC on this screen Click OK 7 The program will search the local network for Serial Device Servers Click OK when the search process is complete 8 A list of available Serial Device Servers will appear Highlight the Serial Device Server s that you wish to update 9 From the menu bar select Update and then Start to update the Serial Device Server s If you cannot use UpdatelP you can use the trivial file transfer protocol tftp to upd
64. omments Initial Release Silex Page 2 Part Number 140 00188 210A Chapter 1 Introduction The SX 500 1402 Serial Device Server provides a FIPS 140 compliant encrypted wireless LAN connection for an attached client device The client device may attach to the SX 500 via a serial port or wired Ethernet port Figure 1 SX 500 Introduction Silex Page 3 Part Number 140 00188 210A PHYSICAL PORTS The physical ports on the SX 500 are as follows Port Name Description Power Jack for attachment of external power supply Ethernet RJ 45 connector for attachment of Ethernet cable Serial DB 9 connector for attachment of serial interface cable Wireless RP SMA connector for attachment of an external antenna Button Momentary push button LED Green Yellow and Orange LEDs For installation and connection of the interface ports refer to Chapter 2 Logical Ports The SX 500 has logical interfaces for transfer of data and for configuration and control of the unit These logical interfaces may share a physical port The application firmware in the SX 500 separates and routes the data to the appropriate internal firmware task associated with the logical interface For network ports Ethernet Wireless this separation is based on the TCP or UDP protocol port number For the serial port data or control status mode is controlled by specific protocol strings only one mode is active at a time Serial port control s
65. ons ta tido haben ah 36 Appendix A Advanced Security Configuration E E ON E 37 Appendix B GONMSOlE COMIMANGS EAERI EE E A ET TEE AE EE EA EE A E TT 41 Wireless and Network Security COMMANGG ccccceceeeeeeeeeeenneeeeeeeeeenaeeeeeeeeeeaeeeeseeeesaeeeeeessesiaeeeeeeeeeeeeeeeeeees 41 Port Command Sarni A O A A ts 47 Server Information Command6 cececeececeeeeceeeeeeeeeeeee RR RR RR RR RAR RR Er aiaa adean 48 SECS CONAM NS As 50 SUING COMMANAS cidad tra 52 TOPP Commands vn pt A A AA A A di 53 Elmware Update ct a dl Sid 58 Miscellaneous CommaNdS dsc iaa dae aaant 59 NO MM Atetet ah More enh a Lyi teahe as at tas atte Cee Sh dees elles 59 Appendix C Firmware Update Procedures cccccccceceeeeeeeeeeeeeeeeceeaaeaneaaeceeeeeeeeeeeeeeee see saaaaaaaacsecceaaaaaeaeeeaeeeeeeeeeeeeeeeeeeeeenaaaaes 61 Appendix D Safety and Regulatory Notices cerro eana a ainsi de Hae i 63 Information for United States USEYLS ccccccccccccecceeeeeeeeeeeeeeeeeeeeeeeeeeeaaaaaaaeeaeeeeeeeeeeeeeeeeeeeeeeteeeseeeeeeeesesaaneeeeeees 63 Declaration of Conformity FCC SX 500 J ricana adani A n Na inaid ANN VATSAN Na TAKKEDE a ANEA AANS daa iGS 64 Information for Canadian Users IC notice SX 500 oooocccoonoooccccccconoooncccccnonannncnncconnnnnnnnnnnnnnnnnnnnnnc nana nn ccnnnnnnnnnns 64 Information for European Users SX 500 j emiir ke an 65 Declaration of Conformity CE SX 500 ooooccccccnonoocccccccoonoonccnc
66. osure limits Nevertheless print server shall be used in such a manner that the potential for human contact during normal operation is minimized To satisfy RF exposure requirements this device SX 500 and its antenna s must operate with a separation distance of at least 20 centimeters from all persons and must not be co located or operating in conjunction with any other antenna or transmitter End users must be provided with specific operating instructions for satisfying RF exposure compliance Page 62 Silex Safety and Regulatory Notices Part Number 140 00188 210A Declaration of Conformity FCC SX 500 According to 47CFR Part 2 and 15 for Class B Personal Computers and Peripherals and or CPU Boards and Power Supplies used with Class B Personal Computers We Silex Technology America Inc Located at 157 West 7065 South Salt Lake City UT 84047 USA Declare under sole responsibility that the product identified herein complies with 47CFR Part 2 and 15 of the FCC rules as a Class B digital device FOR HOME OR OFFICE USE Each product marketed is identical to the representative unit tested and found to be compliant with the standards Records maintained continue to reflect the equipment being produced can be expected to be within the variation accepted due to quantity production and testing on a statistical basis as required by 47CFR 2 909 Operation is subject to the following two conditions 1 this device may not cause harmful int
67. ows wireless authentication type Sample output Authentication type EN SYSTE Sets Ethernet wired authentication type The default value is Open System Format SE ETHAUTH TTLS TLS Shows Ethernet wired authentication type Sample output Authentication type Pl Sets number of times the Serial Device Server will attempt to authentication The default value is 0 Format SET NW AUTHTRY n Shows number of authentication tries Sample output Authentication Try Count 3 Sets WLAN ad hoc channel number The valid numbers are 1 through 11 Format SET NW CHannel n Sets WLAN Encryption Mode Supported modes are None 64 bit WEP 128 bit WEP WPA WPA2 WPA2 WPA The default value is Disable Format SET NW ENC Disable 64 128 WPA WPA2 NOTE For FIPS 140 2 approved operation this parameter must be WPA2 Shows the wireless encryption mode The deprecated command SH NW WEP also displays this information Sample output Silex Page 41 Part Number 140 00188 210A Command Description SET NW KEY SET NW KEYVAL SET NW MOde SH NW MODE SH NW RADio SET NW SPeed SH NW SPEED SET NW SSid CL NW SSid SET NW BSsid Console Commands WiFi encryption is Disabled Selects the WLAN WEP key entry the WEP key that will be used as the transmit key The possible values are 1 2 3 or 4 the default value is 1 Format SI EY
68. pability using the I O Port Settings internal web page for the serial port S1 Change the Port Filter setting to AT in order to enable AT mode on that port and press the Submit button to save the change You must restart the Serial Device Server to make the change take effect You can also use the console to enable the AT capabilities For example the command SET PORT S1 FILTER AT enables AT capabilities on the serial port Note If you use the AT commands on the serial port you cannot use SNMP traps or Email alerts or Console Mode for that port The AT commands are described in detail in Chapter 5 Configuring the Serial Device Server Silex Page 25 Part Number 140 00188 210A Chapter 5 Advanced Configuration The Serial Device Server Serial Device Server is equipped with a default configuration that works with most serial to Ethernet connections You can modify the settings to suit your installation requirements The web browser interface is the recommended method for setting advanced configuration parameters However regardless of the method to access the configuration parameters the method for modifying the parameters is virtually identical Factory Default Settings Table 3 displays the serial port configuration parameter descriptions and settings with the default settings indicated in a separate column Table 3 Factory Default Settings Parameter Description Settings Default Setting Character Bits per character 7
69. port the Serial Device Server Your serial device must be set at 115 2Kbps 8 bit character size and no parity f With the serial device and Serial Device Server switched on and ready press the Reset pushbutton on the Serial Device Server This will cause the Serial Device Server configuration data to be sent to the connected serial device The serial device should display or print the current IP address assigned to the Serial Device Server by your network DHCP service Write down this address for future reference You are now ready to configure the Serial Device Server skip the remainder of this section 2 If you can connect the Serial Device Server via Ethernet but do not have a DHCP server then you must use the following procedure for the first time IP configuration of the Serial Device Server a Make sure your PC is connected and has access to your network b Connect an Ethernet cable from your network hub to the Serial Device Server The Serial Device Server must be on the same network segment as the PC that is there can be no router between the Serial Device Server and the PC c From the Windows Command Prompt MS DOS Prompt the Mac OS X Terminal Utility or the UNIX Linux command line enter the command arp s ipaddress macaddress Configuring the Serial Device Server Silex Page 13 Part Number 140 00188 210A ping ipaddress Where ipaddress is the desired IP address of the Serial Device Server and macaddress is the
70. ring Click Submit to save your string and then restart the Serial Device Server to make the change take effect Alternatively you can define the console mode string using the console command from TELNET as shown in the following example SET PORT S1 CONSTR xyz Once you are connected in console mode you can send any of the console commands listed in Chapter 5 Be sure to terminate each console command with a carriage return ASCII 13 or linefeed ASCII 10 character When you are finished using the console you can return to the normal port operation by sending the command EXIT followed by a return or linefeed character AT Commands The Serial Device Server allows you to control the serial port using standard AT modem commands This allows you for instance to initiate connections and to switch between console mode and data mode by sending the appropriate commands These capabilities are similar to the console mode switching described in the previous section but have the following advantages e Your device can initiate a network connection e Operation is compatible with software that uses the AT command set The drawback however is that there is a slight delay when switching from data mode to AT command mode NOTE The AT Command filter cannot be used in a FIPS 140 2 approved mode The Cryptographic Officer must leave the port filter setting as TRAP the factory default value To use the AT commands you must first enable this ca
71. rs an error state all Data Input and Data Output interfaces are disabled If an error state is encountered the LED interface will indicate the error by blinking for several seconds and then the unit will reset The unit will not send or receive any data until the reset is complete The SX 500 performs cryptographic self tests during initialization after power up or a firmware induced reset Until the self tests are complete no data input or output interfaces are active If the self test fails the unit will enter an error state Configuration The Cryptographic Officer is responsible for configuring the unit for use in the target environment See Chapter 3 and Appendix A for instructions on configuring the unit The peripheral unit usually a PC being used to configure the SX 500 must be directly connected to the unit via a crossover cable or local hub which is not connected to any LAN WLAN or other larger network This will enable manual transport and electronic entry of secret and private keys RSA private key and WPA Pre Shared Key in a plaintext form Even if RSA private keys are protected with a PEM passphrase when entered they are still considered to be in plaintext form For the SX 500 to operate in FIPS 140 2 approved mode the wireless security configuration must be set as follows Item Required Setting Wireless Encryption Mode WPA2 AES CCMP Wireless Authentication PSK or TLS or PEAP The SX 500 allows oth
72. rver upon power up and obtain an IP address lf your network does not offer DHCP a static fixed IP address must be assigned see your system administrator for assistance If you use DHCP make sure that the length of the DHCP lease is adequate so that the IP address of the Serial Device Server does not change Monitoring Serial Device Server Status You can monitor the Serial Device Server status using the yellow green and orange LED status indicators on the monitor Table 2 defines the functions of the LED status indicators Table 2 Status Monitors Function Status The Serial Device Server is receiving power O The Serial Device Server is not receiving power Slow Blink 0 6Hz Firmware update in progress Fast Blink 5 10Hz The Serial Device Server is malfunctioning or cryptographic error detected Yellow Off No network connection Green Off Yellow On Wireless network connected not authenticated Green Off Yellow On Wireless network active authenticated in FIPS 140 2 Green On approved mode NEMON status Yellow Blinking SHz Wireless network data received in FIPS 140 2 approved Yellow or Green Green On mode Yellow off Bypass non approved mode no wireless network Green Blinking Hz connection Yellow on Bypass mode wireless network connected Green Blinking 7 Hz Yellow Blinking 5 Hz f i at Bypass mode wireless network data received Green Blinking 5 Hz Installing the Serial Device Server
73. silexamerica com Part Number 140 00188 210A Contents About This Reference Guide iii dd A iaa 1 Salety Procase tne rid 1 EMISSIONS DisclalM ccooo o ti 1 Ghapter T IntroductiON evisos 3 PHYSICAL PORTS outra A A lad este at ede ELA a A Ae 4 Legeal PO Sii A A A A Palin ce eee ena tte 4 DA EEE EEEO EAEE E E A E EE A a ea arti east eee deed 5 Physical Protectolienr aran a a a a ecg dee cet deee 7 Secure Operation ee a aa Meade eee eta a a i den deca dele gece wl led os hla Se A 7 Chapter 2 Installing the Serial Device Server HardWar8 oooccccccinnoocccccccoononncnnncnnnnnnoncnnnonnnnn nn cnn rra n nr rn rra n nn nn 8 Verify Package Contents viii ii lit da id 8 Installing the Serial Device Server ooocococconnococcccccooooannnncconnnonnnoncnonnnononnnncnnnnn nn rn nr cnn nn nara eean EEKE a 8 Monitoring Serial Device Server Status aisiari eeik aana ana Ena E naar nn n nn NEEE NA AAGA NA 10 Chapter 3 Configuring the Serial Device SerVer ooooonooccccncnonooocccccccononnncnnnnnnnnononnnnnnnnnnnnnnnn nr nan nnnnnn nr nan nn nrnn nr nan nn nnnnrrnnnrnnnnnnnnnns 11 Basic Configuration Requirements oocooccconnocccccncconoonnccnnnnnnnoncnnnnn naar nn cnn anna rn rra 11 Configuration Methods it A A A tt 12 First Time IP Address Configuration isione a ig ducapta sane da a a AA dbeeedeleedagecn bones 13 Using a Web Browser to Configure the Serial Device Server oocccccccnnnooccccccconooancnncnconnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnns 15 Using
74. t Ver 1 4 16Mbit Flash Overwrite stored cryptographic keys and CSPs Service Commands Command Table 14 Service Commands Description SET SERVI lt service name gt BOT SET SERVI lt service name gt EOT SH SERVI STRings string_num SET SERVI lt service name gt Filter SH SERVI FlLters Console Commands Sets beginning of transmission BOT string index for service The SH SERVI STRings command displays the available strings and their associated number the default value is 1 Format SET SERVI lt service name gt Sets end of transmission EOT string index for service The SH SERVI STRings command displays the available strings and their associated number the default value is 1 Format SET SERVI lt service name gt E Displays the BOT and EOT strings used in services If string_num is provided then the specific string definition and expansion display If string_num is not provided then all string definitions display without their expansions Sample Output 10 FF O4 FF 05 FF 06 FF 08 Sets filter index for service Format SE ERVI lt service name gt Filter nn Shows filter settings Sample output Silex Page 49 Part Number 140 00188 210A Command Description SET SERVI lt service name gt FMS SET SERVI lt service name gt FRS SET SERVI lt service name gt IP SET SERVI lt service name gt NAme
75. ta line on the Serial Device Server must be connected to the transmit data line on your serial device Modem signals if any must also be connected so that input signals are connected to output signals and vice versa Refer to the cable diagrams in Chapter 2 of this manual Try printing a test page if your serial device is not capable of directly displaying ASCII character output from the Serial Device Server s serial port then disconnect the device and connect a serial printer or terminal to the Serial Device Server If the test page prints OK then the serial port on the Serial Device Server is working properly If it does not print then double check steps 3a 3b and 3c If none of the above steps solves your problem then check the Support and Downloads section of the Silex website www silexamerica com You can also contact Silex support by phone Email or fax as follows Hours of Operation Monday Friday 8 00am 5 00pm MST Phone US toll free 866 765 8761 International 1 801 748 1199 Fax 1 801 748 0730 Email Tech support support silexamerica com Be sure to have the following information ready when you call Silex support 1 Model number and serial number of the Serial Device Server 2 Firmware version of the Serial Device Server 3 Your hardware and software environment a Your CPU and operating system b Type of device that you are connecting to the Serial Device Server Cc Wireless wired networking
76. tal device pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference in a residential installation This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instructions may cause harmful interference to radio communications However there is no guarantee that interference will not occur in a particular installation If this equipment does cause harmful interference to radio and television reception which can be determined by turning the equipment off and on the user is encouraged to try to correct the interference by one or more of the following measures z Reorient or relocate the receiving antenna 7 Increase the separation between the equipment and receiver 7 Connect the equipment into an outlet on a circuit different from that to which the receiver is connected 7 Consult the dealer or an experienced radio TV technician for help The user is cautioned that changes and modifications made to the equipment without the approval of manufacturer could void the user s authority to operate this equipment Operation is subject to the following two conditions 1 This device may not cause harmful interference and 2 this device must accept any interference received including interference that may cause undesired operation The radiated output power of the print server is far below the FCC radio frequency exp
77. tatus mode is only available if the unit is explicitly configured to allow it The following table describes the logical interfaces of the unit when operating in a FIPS 140 2 approved mode FIPS 140 2 Interface Physical Logical Interface Interface Data Input Serial Plaintext data for transmission to network Ethernet Plaintext data for bridging to wireless network Wireless Ciphertext data for Serial or Ethernet port Data Output Serial Plaintext data received from wireless network Ethernet Plaintext data received from wireless network Wireless Ciphertext data from Serial or Ethernet port Control Input Ethernet Control data for console task received via Telnet Control data for web config task received via HTTP Wireless Control data for console task received via Telnet Control data for web config task received via HTTP Introduction Silex Part Number 140 00188 210A Page 4 FIPS 140 2 Interface Physical Logical Interface Interface Button Invoke configuration status function Status Output Ethernet Plaintext status response from console task via Telnet Plaintext status response from web config via HTTP Wireless Status response from console task via Telnet Status response from web config via HTTP Serial Plaintext status response from button push LEDs Indicate link and unit error status Power Interface Power Serial When the module ente
78. the Internal Command Console to Configure the Serial Device Server oooocooconnoocccccccccccccnnnnnnncncncnnnnnnnns 19 Chapter 4 Using the Serial Device Server with Your ApplicatiON oooonooccccnnnnnnoccccnncconcnaccnnnnnnnnnnncnncnnnnnnnnnannnnnnnn nn cnn cn nnnnnn cnn 21 serial Port Emulator iii A de 21 Raw TER CONMECHON ci asian dead delata 22 RFC 2217 Remote Modem Control Suppot ccceeeeeeeeceeceeeeeeeeeeeeeeeeeeeeeeeeeecccccceececenneceeeeeeeeeeaaneeeeeees 23 ECable Modeniisciiea side isis Delbodageca shee 23 AA A A Oe eet ae AS Mth Rh Zo te de 24 EP A Mee AL I ed 24 Console Mode Switching c icenen ena eieaa entan A AE NE EAE EAA ETENA denies 25 AT Commands iaicii coc Waid eaten it ee ate A ENESA FANART ENE A ENANS a EAE ENE ENAA iii EET Aani EES T SANDDE ANAA 25 Chapter 5 Advanced COnfiguratlony c ctn ic E a bd 27 Factory Dedalo dedo os 27 Restoring Factory Default Settings motenn odds dana r canten AAA EE d needs dante 28 Modifying TCP IP Settings siroter oen A ai 28 Using AT Modem Gommands cit e ia 29 Standard AT Commands Supported cceeeeecececceeeeeeeeeeeeeeeeeeeeeeeeaecaeeeeceaaaaaaeeeeseeeeeeeeeeeeeeeeeeeteneeneees 30 RESPONSE COAST Na in ties oh cee dese aie 32 Chapter 6 Troubleshooting mii deli eet as aa en eae A dee ae a in mold a Sh ee 33 Contents Silex Page i Part Number 140 00188 210A Chapter 7 Product Specifications ii A A We ede eg Bees 35 TGP Port Connecti
79. the network It is especially useful for migrating applications that use modem controls from a direct serial connection to a serial device server network connection You can utilize RFC 2217 from the Silex Serial Port Emulator software see below or by connecting to TCP port 9200 from your application program ECable Mode Normally it is up the computer to initiate a connection to the Serial Device Server For some applications it is desirable for the Serial Device Server to initiate the connection to the computer The Serial Device Server supports this capability through its ECable feature To set ECable mode use a web browser to access the Serial Device Server internal web pages see chapter 3 for instructions on using the internal web pages After you have logged in click I O port on the left side of the screen 1d Rate Select the desired speed at which the port should send and receive data Bits ver character Done You can now enable ECable mode and set the required parameters Enable ECable mode by clicking the radio button 2 Enter the address Destination Address of the computer or other device that will be communicating with the Serial Device Server 3 Enter the TCP port number Destination Port used by the destination device for communicating with the Serial Device Server must be greater 1023 4 If desired change the ECable Connection Attempt Time This specifies the time interva
80. ttom of the window you may need to scroll to save your changes Now click Configure Network Security to configure the wireless security parameters Page 16 Silex Configuring the Serial Device Server Part Number 140 00188 210A 000 silex SX 550 WLAN e SS AE mo 792 168 5 253 wisecrm nracessn9ceB17352C40525eapasswardadiargugend V Gr Googe on A cold case everybody Configure Network Security Encryption Mode Disabled 2 Key Selectos rf n El xy ooo ae ya e Key 3 S Wireless Authentication Type open System Wired Authentication Type None z Authentication Attempts E a User w pommos 2 Password T Encryption Mode Select the desired encryption mode for the wireless link 64 and 128 bit WEP are for basic WIFI compatibility Dynamic WEP is displayed if an EAP method which automatically sets keys is selected as the authentication type WPA uses TKIP encryption WPA2 uses CCMP encryption WPA2 WPA uses CCMP for pairwise encryption but allows TKIP for group encryption Key Selection TEWEP enervntion is selected and she authentication made isnot an FAP mode select the desired WEP kev to he used_one AE n _ En ey le Mba E _ sl Dane 5 Ms SOE Ajme ac Jos 0 9s Es aoar Bel BoE Se 139 65 de POTD ID En AE MONTT E emery I
81. use a single certificate common name If both of the common names are set to null all certificates are accepted The default is null Enter the names on the Configure Authentication Certificate page in the Serial Device Server internal web pages or use the console command SET NW CERTCN lt name 1 gt or SET NW CERTCN2 lt name2 gt to enter the two certificate common names where lt name1 gt and lt name2 gt are the desired names Private Key TLS 8 PEAP Wireless Security Only Private key information or the corresponding public key certificate for the Serial Device Server can be loaded from a file Private Key Information File If the file is encoded you must enter the passphrase in the passphrase entry field on the Configure Private Key page in the internal web pages of the Serial Device Server NOTE At present only PEM format files are supported To generate a self signed certificate for the Serial Device Server the following information is required Certificate Common Name Organization name Organization unit City name State name Country name Key Size 2048 You may enter this information on the Configure Private Key page in the internal web pages of the Serial Device Server or via console commands Product Specifications Silex Page 39 Part Number 140 00188 210A Appendix B Console Commands The following tables describe the console commands available from the internal command console Access the command console t
82. used in services string _num If string_num is provided then the specific string definition and expansion are displayed If string_num is not provided then all string definitions are displayed without their expansions Sample output i 1BE 04 1B 12345x PJL ENTER LANGUAGE PCL OA POSTSCRIPT OA FF 04 FF O5 FF 06 FF 07 FF O4 FF 05 FF 06 FF 08 OC SH FiLters Shows the filters that can modify a job stream Sample output Filter No Filter Text Substitution AppleTalk Text to PostScript PostScript Tagged Binary DC1 Special TCP IP Commands Table 16 TCP IP Commands Command Description SET IP ACcess Allows or prevents access to a block of remote addresses The default value is empty list Format SET IP ACcess EN DI ALL aa bb cc dd MAsk ee ff gg hh Console Commands Silex Page 52 Part Number 140 00188 210A Command Description SET IP RANge SH IP ACcess SET IP ADdress SET IP ARP ENable SET IP BAnner SET IP CHKSUM SET IP BOot SET IP ENable SET IP FTlme Console Commands Allows or prevents access to a range of remote addresses The default value is empty list Format SET IP RANge EN DI ee ff gg hh ALL aa bb cc dd MAx Displays current access list settings Sample output All hosts permitted access Sets server IP address The default value is 192 0 0 192 Format ET IP ADdress aa bb cc dd Enab
83. wireless network If you are using Ad Hoc mode the Serial Device Server must have exactly the same SSID security parameters and RF channel as the other wireless device s on the network d Make sure that you have a valid IP address subnet mask and router address check with your network administrator to make sure that you have the correct information You can check to see if the IP address information is correctly set by printing a test page press the RESET pushbutton to send a test page to a printer or terminal connected to the serial port or by using the PING command from a computer system connected to the network 3 If you have a valid network connection and IP address but you cannot communicate with your serial device then a Make sure that the settings of the serial port on your device exactly match the settings of the serial port of the Serial Device Server For example if your device is set for 9600bps 8 bit characters no parity and RTS CTS flow control the Serial Device Server must also have these exact same settings Page 32 Silex Troubleshooting Part Number 140 00188 210A Make sure that have a good cable connection between your serial device and the Serial Device Server If possible try a different cable Make sure that the cable pinouts are correct In order to communicate properly the transmit data line on the Serial Device Server must be connected to the receive data line on your serial device and the receive da
84. x where xxxxxx is the last six digits of the Serial Device Server MAC address and then click Virtual Port You will be asked to select the name of the virtual COM port for example COM3 x Server IP address 1921555 253 Server port number T Virtual portname COM3 y T Connect port when Windows starts Help Cancel Advanced Click OK after you have selected the name and you now ready to use the virtual COM port Using virtual COM port is identical to using a normal COM port For example if you configure a virtual COM port called COM3 this port will show up as one of the available serial ports when you use the Windows HyperTerminal Accessory program Raw TCP connection You can communicate directly from your application program to the Serial Device Server using a raw TCP connection This is done by opening a TCP port on the Serial Device Server and then sending and receiving data to this port via a socket or equivalent API This method is more efficient than using the Serial Port Emulator and does not require any additional software to be installed on your computer If you are using a raw TCP connection the default TCP port number you can use any or all of these port numbers for normal connections If you want to be able to access your device s modem control signals from your computer system then the TCP port number is 9200 this enables RFC 2217 support You can change the port number if desired by modifying one of the
Download Pdf Manuals
Related Search