Technical Publications Niagara Networking & Connectivity Guide Tridium, Inc. 3951 Westerre Parkway • Suite 350 Richmond, Virginia 23233 USA http://www.tridium.com Phone 804.747.4771 • Fax 804.747.
Copyright Notice: The software described herein is furnished under a license agreement and may be used only in accordance with the terms of the agreement. © 2002 Tridium, Inc. All rights reserved. This document may not, in whole or in part, be copied, photocopied, reproduced, translated, or reduced to any electronic medium or machine-readable form without prior written consent from Tridium, Inc., 3951 Westerre Parkway, Suite 350, Richmond, Virginia 23233.
C O N T E N T S About This Document PREFACE CHAPTER 1 xi Intended Audience. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi Prerequisite Knowledge. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xii Document Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xii Formatting Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents iv Protocols and the OSI Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-12 Access Methods. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-13 Contention Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-13 Token Passing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-13 Polling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents Additional Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . CHAPTER CHAPTER 2 3 Configuration and Troubleshooting Tools 1-36 2-1 Niagara Configuration Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1 Admin Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1 JACE-NP Remote Control Utilities . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2 NetMeeting . . .
Contents CHAPTER vi 4 Windows NT 4.0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-6 Windows 2000. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-8 Connecting a New JACE Controller . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-9 Determining the Default Network Information . . . . . . . . . . . . . . . . . . 3-10 About Ethernet Straight Through and Crossover Cables . . . . . . .
Contents CHAPTER 5 Configuring the Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-12 About the ras.properties File . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-12 Configuring ras.properties for Direct Dial . . . . . . . . . . . . . . . . . . 4-14 Enabling Dial-in . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-16 Configuring Direct Dial on the JACE-NP. . . . . . . . . . . . . . . . . . . . . . . . .
Contents CHAPTER viii 6 Configuring Captive ISP on the JACE-4/5 . . . . . . . . . . . . . . . . . . . . . . . . . 5-8 About Captive ISP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-8 About Disconnects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-8 Installing and Configuring Modems . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-9 Configuring the Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents APPENDIX A Disabling Open Ports on Microsoft Windows NT 4.0 . . . . . . . . . 6-22 Using a Virtual Private Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-23 Niagara System Architectures. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-24 Things to Note. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-24 Configuration Files Used for Communication A-1 Windows-based Niagara Hosts . . . . . . . . . . . . . . . .
Contents x Niagara Networking & Connectivity Guide Niagara Release 2.
About This Document This document is intended to help you connect Niagara hosts to: • Ethernet networks using IP • each other, directly through modems • an ISP for connectivity to other hosts Included are procedures for getting started, station engineering considerations, reference information on networking and IP addressing, troubleshooting tips, and information on network security with Niagara hosts.
Preface About This Document Prerequisite Knowledge To get the most from this guide, you should know or have experience with the following: • Basic Niagara concepts, such as stations, nodes, objects, properties and links. • The JDE (Java Desktop Environment), including necessary tasks to provide system control. Ideally, you should by Niagara-certified, that is, have successfully passed Tridium’s Niagara TCP (Technical Certification Program). • Niagara controllers and Web Supervisors.
Preface About This Document • Italic text is used to refer to the titles of other publications. Examples: – The Microsoft Manual of Style – Niagara Web Solutions Guide • Italic text is also used for non-literal text that represents a variable. Examples: – station_name – DONOFF_n • Italic text is sometimes used to call attention to a specific word or concept. Example: – the backed-up station database • Bold text in a different font is used for extreme emphasis of a specific word or concept.
Preface Tip About This Document Tips typically contain best practices, recommendations, or other helpful instructions that help the reader use the product more effectively. Timesaver Timesavers typically tell readers about a quicker or shorter way to perform a task. They point out keyboard combinations, buttons, or shortcuts that readers can use instead of menu selections or keystrokes to perform the same action. Caution Cautions remind the reader to be very careful.
CHAPTER 1 Understanding Networking and IP Addressing This chapter gives a concise overview of networks and IP addressing, as a guide to the terms and concepts used in later chapters. It does this with these main topics: Introduction to Networking • Networking using IP • Niagara Considerations • Additional Information • Introduction to Networking To understand connecting Niagara devices, one must first understand the basics of network communications.
Chapter 1 Understanding Networking and IP Addressing Introduction to Networking What is Networking? This section introduces LANs and WANs and how networks are used to improve computing productivity. The Concept of Networking A network is simply a method by which computers and/or devices can communicate over a common connection. This means that whether you have 2 PCs, 20 PCs, or 200 PCs, they can all communicate with each other via the network.
Chapter 1 Understanding Networking and IP Addressing Introduction to Networking Types of Networks The evolution of PC networking technology started with specialized disk servers that ran special operating systems (OSs) supporting simultaneous file access from a group of clients. The biggest drawback to this design is that it requires a powerful computer dedicated to running the network operating system.
Chapter 1 Understanding Networking and IP Addressing Introduction to Networking The bus topology uses a single backbone cable to which network devices connect. Devices are connected either directly to it or by way of a short drop cable. As message traffic passes along the network, each PC checks the message to see if it is directed to itself. Each end of the bus segment requires and end-of-line terminator. Bus topology.
Chapter 1 Understanding Networking and IP Addressing Introduction to Networking The star topology uses a central device called a hub to which each network device is connected. Network devices are connected point-to-point to the hub with a patch cable. All messages in a star topology are routed through the hub before reaching their final destination. Figure 1-2 Star topology. Hub or Central PC The star topology requires a lot of cable as all PCs are connected directly to a central hub.
Chapter 1 Understanding Networking and IP Addressing Introduction to Networking Ring topologies consist of several nodes joined together to form a circle. Messages move from one node to the next in one direction only: When a node receives a message that is addressed to itself, the message is copied and placed back on the network with a modification indicating that it was received. Figure 1-3 Ring topology. The ring topology connects each PC to two others.
Chapter 1 Understanding Networking and IP Addressing Introduction to Networking Network Cabling The transmission medium used to support network communications is an extensive subject. There are issues that define the best type of cable suited for different signaling rates, different physical and electrical environments, and various architectural requirements and limitations. The key is to strike an acceptable balance between performance, cost, and capacity.
Chapter 1 Understanding Networking and IP Addressing Introduction to Networking Table 1-1 Category Cable categories. Cable Type Application 6 Coaxial 100 Mbps+ data 7 Fiber Optic 100 Mbps+ data Fiber Optic Cable Optical fiber transmits signals of light through a very fine strand of plastic or glass fiber, which is encased in a tube made of glass called cladding, surrounded by a tough outer sheath.
Chapter 1 Understanding Networking and IP Addressing Introduction to Networking Connectors As discussed earlier, there is a variety of different types of networking cables and there are various ways to connect them. To select the appropriate interface card for a network, determine the type of cabling and connectors required to support the connection. Keep in mind that some NICs come with more than one interface connector, which can be selected by either jumper or software setting.
Chapter 1 Understanding Networking and IP Addressing Introduction to Networking station, handed down to the lower layers in the stack for actual transport processing, over the channel to the next station, then handed up the stack to the appropriate application in the receiving station. Table 1-3 The IEEE 802 Standards OSI layers. Layer Name Basic Function 7 Application Defines the language and syntax that programs use to communicate with each other.
Chapter 1 Understanding Networking and IP Addressing Introduction to Networking Table 1-4 IEEE 802 categories. Number Description 802.3 Carrier-Sense Multiple Access with Collision Detection (CSMA/CD) Ethernet. 802.3U CSMA/CD Fast Ethernet 802.3Z CSMA/CD Gigabit Ethernet 802.4 Token Bus LAN. 802.5 Token Ring LAN. 802.6 Metropolitan Area Network (MAN). 802.7 Broadband Technical Advisory Group 802.8 Fiber Optic Technical Advisory Group 802.9 Integrated Voice/Data Networks 802.
Chapter 1 Understanding Networking and IP Addressing Introduction to Networking Protocols are typically created by vendors and networking standards organizations. Once established, hardware and software vendors implement them into their products. There is a variety of standard protocols each one has particular advantages and disadvantages. For instance, some are simpler than others, some are more reliable, and some are faster.
Chapter 1 Understanding Networking and IP Addressing Introduction to Networking Protocol Bindings Multiple protocols can be bound to the same network card. When more than one protocol is bound to a particular adapter, the binding order becomes important. The order in which protocols are bound determines the order in which the protocols are used to attempt a successful connection. In Windows NT, protocol bindings are made in the NT Control Panel.
Chapter 1 Understanding Networking and IP Addressing Introduction to Networking the network, which in turn passes it on to the next, and so on. Eventually, the frame returns to the (original) transmitting station. At that point, the source station compares the received frame to that which it transmitted. If the transmission is identical (free of errors), the station releases the token. This is the access method used in Token Ring networks.
Chapter 1 Understanding Networking and IP Addressing Introduction to Networking Bridges The function of a bridge is to connect separate networks together, as well as manage traffic among segments of a LAN. Bridges examine the source and destination addresses of data and they use this information to determine which transmissions should be allowed to pass to another network segment. Traffic whose destination is on the same segment as the sender is confined to that segment.
Chapter 1 Understanding Networking and IP Addressing Networking using IP Routers can isolate problems—they keep problematic messaging from being propagated to the other networks. • Routers can connect networks that use different media access methods (i.e., protocols). Disadvantages of routers: • Routers can create potential bottlenecks in networks. • Routers are generally more complex and expensive than bridges and repeaters. • Certain protocols are not routable.
Chapter 1 Understanding Networking and IP Addressing Networking using IP IP Address Allocation—discusses how addresses are allocated, and technologies such as private addressing and network address translation. • Associating IP Addresses with Host Names—discusses name resolution techniques including HOSTS files, DNS, DDNS, and WINS. • Proxy Servers and Firewalls—talks about these special devices on an IP network. Also included is a review of TCP/IP ports.
Chapter 1 Understanding Networking and IP Addressing Networking using IP that provides access to a remote host. And, DNS (Domain Name System) and WINS (Windows Internet Name System) servers resolve names into actual IP addresses, which are required to identify resources on TCP/IP networks. Presentation and Session Layers Layers 6 and 5 of the OSI model are not formally defined in TCP/IP. The services are indeed performed, if needed, in other layers of the TCP/IP stack.
Chapter 1 Understanding Networking and IP Addressing Networking using IP type of data transmission medium used, how that medium interfaces with network devices, and data is encoded into electronic signals for transmission through the medium. Lastly, the physical layer defines what constitutes an acceptable signal. IP Addressing What is an IP Address? In IPv4, an IP address is a 32-bit number which uniquely identifies a host on the Internet. It is typically written in dotted decimal form nnn.nnn.nnn.
Chapter 1 Understanding Networking and IP Addressing Networking using IP For example, in the address 192.168.1.57, the first 3 octets (192.168.1) are the network portion and the last number (57) is the host number. However, this 3-octet boundary is not true for all IP addresses. The boundary changes depending upon which class the address falls into. Classes were designed to accommodate very large to very small networks, as illustrated in Table 1-6.
Chapter 1 Understanding Networking and IP Addressing Networking using IP The following table gives a summary of how many hosts per subnet, and total subnets result when a range of subnet masks are applied to networks of all classes. Table 1-7 Subnetting for each class. Class Number of Subnet Bits A B Subnet Mask Number of Subnets Hosts per Subnet 0 (not subnetted) 255.0.0.0 0 16,777,216 1 255.128.0.0 2 8,388,606 2 255.192.0.0 4 4,194,302 3 255.224.0.0 8 2,097,150 4 255.240.0.
Chapter 1 Understanding Networking and IP Addressing Networking using IP Table 1-7 Subnetting for each class. Class Number of Subnet Bits Subnet Mask Number of Subnets Hosts per Subnet C 0 (not subnetted) 255.255.255.0 0 254 2 255.255.255.192 4 62 3 255.255.255.224 8 30 4 255.255.255.240 16 14 5 255.255.255.248 32 6 6 255.255.255.252 64 2 In some installations, either the last subnet, or the first and last subnet are unavailable.
Chapter 1 Understanding Networking and IP Addressing Networking using IP Table 1-8 Special IP addresses. 240.0.0.0 to 247.255.255.255 10.0.0.0 to 10.255.255.255 These addresses are experimental and should never be assigned as a host address. See “Private IP Addresses”. 172.16.0.0 to 172.31.255.255 192.168.0.0 to 192.168.255.255 IP Address Allocation The organization responsible for ensuring the uniqueness of IP numbers is the Internet Corporation for Assigned Names and Numbers (ICANN).
Chapter 1 Understanding Networking and IP Addressing Networking using IP Note Some administrators have chosen to implement IP addressing on their private networks using legitimate (such as 205.254.1.0) addresses that have not been assigned to them. They use NAT to translate between the legitimate external address and the illegitimate internal address. Depending on how the Internet connection works, this may cause problems in the event of a failure in the connection.
Chapter 1 Understanding Networking and IP Addressing Networking using IP Figure 1-4 Company XYZ has a single network using the private class C address of 192.168.1.0. The network is not subnetted. Network architecture showing typical IP configurations. XYZ Company Host C IP Configuration IP Address: 192.168.1.236 Subnet Mask: 255.255.255.0 Gateway: 192.168.1.
Chapter 1 Understanding Networking and IP Addressing Networking using IP Most larger networks are made up of two types of devices: those that need a static (non-changing) IP address because they are accessed frequently by other devices, and most other hosts, which are rarely accessed by others. Hosts that are accessed frequently (like servers and printers) are typically configured manually with a static IP address. The remaining hosts are configured to receive a dynamic address.
Chapter 1 Understanding Networking and IP Addressing Networking using IP Note One of the advantages of a HOSTS file is that it is not dependent on a server for name resolution, as is required in the other resolution protocols. The HOSTS file is always the first place a host looks for name resolution, and if it finds an entry it uses it and does not check other name sources. DNS The domain name system is the mechanism used by hosts to resolve names on the Internet, and on some private networks as well.
Chapter 1 Understanding Networking and IP Addressing Networking using IP When a host tries to contact a particular name (for example, trying to browse www.bbc.co.uk), it first looks in the local HOSTS file, and upon finding no entry, checks with its name server. The name server either returns the information if it knows it, or contacts a root name server, which passes it the address of one of the name servers responsible for the .uk domain.
Chapter 1 Understanding Networking and IP Addressing Networking using IP but only 250 are expected to be simultaneously connected, the organization can use a private network addressing scheme for the 500 hosts, then lease one legitimate Class C address (providing 254 addresses) for use on the proxy server. In addition, proxy servers often provide caching, which is a function whereby the server stores the data that is passing through it on its way to the recipient.
Chapter 1 Understanding Networking and IP Addressing Networking using IP Application proxy—Also known as an “application gateway”, this technique inserts a true barrier between the client computer, which is requesting access to an application, and the application server. The client actually connects to the application gateway which acts on behalf of the client, negotiating with the destination server for information.
Chapter 1 Understanding Networking and IP Addressing Networking using IP About Ports A port is a communication channel that allows different applications on the same computer to use network resources without interfering with each other. For example, on a multi-function server that runs Telnet, FTP, and web servers, each function uses a different TCP port (typically ports 23, 21, and 80, respectively) for clients to talk to.
Chapter 1 Understanding Networking and IP Addressing Niagara Considerations Table 1-10 Common well-known TCP ports. 990 FTPS (FTP over TLS/SSL) 992 Telnet protocol over TLS/SSL 993 IMAP4 protocol over TLS/SSL 994 IRC protocol over TLS/SSL 995 POP3S (POP3 protocol over TLS/SSL) For a full list of registered and well known ports, see http://www.iana.org/assignments/port-numbers.
Chapter 1 Understanding Networking and IP Addressing Niagara Considerations Table 1-11 Niagara hosts summary. Current1 Hardware Models Engineering PC5 Category 1. 2. 3. 4. 5. Operating System Function Web Supervisor PC Server for Niagara integrations. • Windows NT Can also provide GUI interface 4.0 to Niagara integration. Can also • Windows 2000 be used to engineer and maintain Niagara integrations.
Chapter 1 Understanding Networking and IP Addressing Niagara Considerations Table 1-12 Available networking technologies on Niagara hosts. Web Supervisor/ Technician JACE-NP JACE-4/5 PC x= full availability *= limited availability Technology HOSTS file x x Notes x Because HOSTS files are local to each host, they do not require dependency on a remote server for name resolution. Therefore, they are the recommended method for name resolution for Niagara hosts. DNS x x See previous note.
Chapter 1 Understanding Networking and IP Addressing Niagara Considerations Communication between Niagara Hosts Table 1-13 provides a summary of the types of communication between Niagara hosts and to other IP-based hosts. Included is the host that initiates each type of communication, and the host that receives it. Table 1-13 Communication between Niagara hosts.
Chapter 1 Understanding Networking and IP Addressing Additional Information Table 1-13 Communication between Niagara hosts. Communication Typical Initiating Host (Client) Alarming, continued Any Web Supervisor or Any networked printer JACE-NP Remote Printer notification Receiving Host (Server) Description Connection from the initiating host for the purpose of sending an exception notification or acknowledgement to a printer.
Chapter 1 Understanding Networking and IP Addressing Additional Information Table 1-14 Sources for more information about covered topics. Concept Source Fundamentals of Networking “The World of Computer Networking: A Primer”, 1995, Nortel Networks, Limited, available from http://spark.nstu.nsk.su/BayNetworks/Products/Papers/wp/wpprimer.html “Networking Tutorials”, 2001, Lantronix, Inc., available from http://www.lantronix.com/learning/tutorials/index.
Chapter 1 Understanding Networking and IP Addressing Additional Information 1–38 Niagara Release 2.
CHAPTER 2 Configuration and Troubleshooting Tools This section discusses the tools you can use to set up networking on Niagara devices and to troubleshoot connectivity issues. It contains the following main topics: Niagara Configuration Tools • Connectivity Troubleshooting Utilities • Additional Information • Niagara Configuration Tools When setting up Niagara hosts, there are several tools that you can use for configuration.
Chapter 2 Configuration and Troubleshooting Tools Niagara Configuration Tools Procedure 2-1 Step 1 Step 2 Starting the Admin Tool and accessing network settings. Choose one of the following actions: • If you do not currently have the JDE open, on the Windows task bar, click Start and select Programs > Niagara version > Admin Tool. The Admin Tool opens outside of the JDE. You see a two-pane window. • If you already have the JDE open, double-click Tools to expand the contents.
Chapter 2 Configuration and Troubleshooting Tools Niagara Configuration Tools NetMeeting is set up to run by default on JACE-NPs using Embedded NT. NetMeeting is not set up by default on JACE-NPs running the full version of NT. To access the desktop on this model of JACE, attach a keyboard, mouse, and monitor. You can download the latest version of NetMeeting at http://www.microsoft.com/windows/netmeeting/. Caution Be very careful when using NetMeeting to control a JACE.
Chapter 2 Configuration and Troubleshooting Tools Niagara Configuration Tools Note Step 7 For a new JACE-NP, use the initial user name for the administrator account and use the initial password. These are listed on the packing slip which accompanies the unit. For many JACEs the initial user name is tridium and the initial password is niagara. Click OK. You are connected to the remote JACE-NP with a secure NetMeeting session (see Figure 2-2). If you see the Windows NT 4.0 desktop, you are finished.
Chapter 2 Configuration and Troubleshooting Tools Niagara Configuration Tools Step 9 Type the host administrator name and password. This is the same name and password with which you log into the Admin Tool. Step 10 Click OK. The Windows NT 4.0 Desktop appears. In order to end a NetMeeting session, you cannot close the session window using typical Windows close methods. Use the following procedure to end your NetMeeting session: Procedure 2-3 Step 1 Ending a NetMeeting session.
Chapter 2 Configuration and Troubleshooting Tools Niagara Configuration Tools Caution Be very careful when using RCMD to connect to a JACE. You are logged onto the JACE with administrative privileges, which means you can change many settings. Changes you make could have unexpected consequences, including making the host inoperable. Use the following procedure to open a RCMD session to a JACE-NP: Procedure 2-4 Step 1 Connecting to a JACE-NP with RCMD.
Chapter 2 Configuration and Troubleshooting Tools Niagara Configuration Tools Tip Step 4 If you do not know the name of the JACE, but do know its IP address, use the tracert command to determine the name. Press ENTER. RCMD establishes a session between the remote workstation and the JACE. Each command you issue is carried out at the command prompt of the JACE-NP. For an example, see Figure 2-4. Figure 2-4 Step 5 RCMD to a JACE-NP with the full version of NT.
Chapter 2 Configuration and Troubleshooting Tools Niagara Configuration Tools In the Niagara environment, you can use Hyperterminal to directly connect to a JACE-4/5 when you cannot access it remotely across a LAN and need to change settings to make it accessible. You actually connect to the target shell of the VxWorks OS. About the VxWorks Target Shell Caution The target shell is a command-line interpreter for VxWorks.
Chapter 2 Configuration and Troubleshooting Tools Niagara Configuration Tools Step 2 Open Hyperterminal as follows: On Windows NT—Click Start then choose Programs > Accessories > Hyperterminal > Hyperterminal • On Windows 2000—Click Start then choose Programs > Accessories > Communications > Hyperterminal In the Connection Description dialog box, type a name for this session. For example: • Step 3 Direct connect to JACE Step 4 Click OK.
Chapter 2 Configuration and Troubleshooting Tools Niagara Configuration Tools • On the JACE-4—connect it to the outer-most two pins (Figure 2-5). Figure 2-5 4-pin connector with correct jumper position on the JACE-4. Jumper is connected to outer-most pins of 4-pin MODE connector. • On the JACE-5—connect it to the top two pins (Figure 2-6). If you cannot easily access the connector, remove the plastic and metal covers. Figure 2-6 4-pin connector with correct jumper position on the JACE-5.
Chapter 2 Configuration and Troubleshooting Tools Niagara Configuration Tools Figure 2-7 VxWorks boot. You see a prompt similar to the following: [VxWorks Boot]: You are connected to the target shell and it is ready for command input. Step 14 When finished typing commands at the command prompt, follow the next procedure to disconnect from the JACE. Procedure 2-6 Step 1 Disconnecting from the JACE when using Hyperterminal. Press the Disconnect button on the Hyperterminal tool bar.
Chapter 2 Configuration and Troubleshooting Tools Niagara Configuration Tools About Serial and Null Modem Cables and Adapters The standard RS-232C serial communications interface defines a signal protocol used between data terminal equipment (DTE) (such as your engineering PC) and a data communications equipment (DCE) (such as a modem). The protocol signals are transmitted on a set of lines within the standard serial cable. Two lines (RXD and TXD) are used for sending and receiving data.
Chapter 2 Configuration and Troubleshooting Tools Niagara Configuration Tools You can either purchase a null modem adapter from us, or use the information in Table 2-16 to assemble the DB-9 to RJ-45 adapter. Do not use a third-party ready-made adapter unless you can verify that it has been pinned out in the manner specified in Table 2-16. Table 2-16 DB-9 to RJ-45 adapter pinouts.
Chapter 2 Configuration and Troubleshooting Tools Niagara Configuration Tools Wiring a Silver Satin Null Modem Cable—You can make a null modem cable by attaching the RJ-45 connector upside down on one end, which effectively connects the input signals on one connector to the output signals of the other. However, you should wire pins 4 and 5 straight through, which means you need to actually cross them over in the reversed end (see Table 2-17). Table 2-17 Silver satin null modem cable pinouts.
Chapter 2 Configuration and Troubleshooting Tools Niagara Configuration Tools Step 4 Type: telnetEnable=true Step 5 Optionally, if you wish to change the default port for Telnet, add a new empty line and type: telnetPort=xxx where xxx is the telnet port on which you want the JACE to respond. Your system.properties file should look similar to Figure 2-10, if you added both lines. Figure 2-10 Step 6 Sample system.properties file after Telnet additions. From the system.
Chapter 2 Configuration and Troubleshooting Tools Niagara Configuration Tools where is the name or IP address of the JACE you want to connect to and is the port you (optionally) specified in step 5 of the previous procedure. You are connected to the JACE and see a command prompt similar to the following: JACE login: Step 3 Type the name of the host administrator account. This is the user used to log into the JACE via the Admin Tool. Step 4 Press ENTER.
Chapter 2 Configuration and Troubleshooting Tools Niagara Configuration Tools Step 7 Press ENTER. You are prompted for a password. Step 8 Type the password of the host administrator account. Step 9 Press ENTER. You are logged into the JACE at the command prompt. Step 10 When finished typing commands at the command prompt, disconnect from the JACE and close the Hyperterminal window. FTP FTP (the file transfer protocol) is used in IP networking to transfer files to and from a variety of hosts.
Chapter 2 Configuration and Troubleshooting Tools Niagara Configuration Tools Figure 2-11 Step 5 Sample system.properties file after FTP addition. From the system.properties menu, choose File > Close. You are prompted to save any changes you made to the file. Step 6 Click Yes to save your changes. Otherwise, click No to lose your changes. Clicking Cancel returns you to the system.properties edit window. Step 7 Reboot the JACE. After booting, the JACE can be reached via FTP.
Chapter 2 Configuration and Troubleshooting Tools Connectivity Troubleshooting Utilities Tip To see a list of commands, type help at the ftp> prompt. You can also type help to get a description of each command. Common commands to change directories and transfer files include: Table 2-18 Common FTP commands. Command Use to... lcd local change directory change directories on your PC. For example: cd change directory lcd d:\niagara\R2.300.315\emb change directories on the JACE.
Chapter 2 Configuration and Troubleshooting Tools Connectivity Troubleshooting Utilities These utilities can be used on Niagara hosts that run the Windows OS, but they are not supported on JACE-4/5s. Using Windows Command-line Utilities The versions of these utilities that ship by default with the Windows OS are executed at a command prompt. However, there are many GUI versions freely available for download from the Internet.
Chapter 2 Configuration and Troubleshooting Tools Connectivity Troubleshooting Utilities The typical use of the ping command for a Windows-based host is: ping or ping where is the IP address of the host to which you want to check connectivity. is the name of the host to which you want to check connectivity. Figure 2-12 shows several examples of the use of the ping command. Figure 2-12 Ping utility examples.
Chapter 2 Configuration and Troubleshooting Tools Connectivity Troubleshooting Utilities In the first two examples, a host was pinged using its IP address, then its name. • In the third example a switch was used (-a) to show the name while pinging by IP address. • The host responded in under 10 milliseconds in each of the above instances, showing good connectivity. • The fourth examples shows the response you see when an IP address is not responding.
Chapter 2 Configuration and Troubleshooting Tools Connectivity Troubleshooting Utilities Figure 2-13 Tracert utility example. The following things can be noted about this traceroute: • • • • • nslookup The traceroute lists the IP address for the host (213.48.95.8). The first router hop displayed is the default gateway of the host from which the traceroute was executed. It is on a private network (10.10.8.1). The second hop is the router port on the external network (209.3.205.180).
Chapter 2 Configuration and Troubleshooting Tools Connectivity Troubleshooting Utilities Figure 2-14 shows two examples of an NSLookup to hosts on a local network. Figure 2-14 NSLookup to internal hosts. The following things are shown: In the first query, an IP address of 10.10.8.195 was used and the default name server replied with the FQDN of the host (clutch.tridium.net). • The second query shows the response from the name server when a valid host is not listed on the server.
Chapter 2 Configuration and Troubleshooting Tools Connectivity Troubleshooting Utilities Figure 2-15 shows an example of an NSLookup about an external domain (bbc.co.uk). Figure 2-15 NSLookup to an external domain. The following things can be noted about this example: The query was run using another name server (ns.uu.net or 137.39.1.3). • The query was run specifying information about a domain, rather than a host.
Chapter 2 Configuration and Troubleshooting Tools Connectivity Troubleshooting Utilities or netstat -n where -n shows host information with IP addresses instead of names. Example 2-1 shows an example of netstat run at a command line of a Windows 2000 host called CLOBBER. It shows client connections open to many servers using different server-side ports. In this example, CLOBBER is a Web Supervisor and administration host and Saturn is a JACE-4/5.
Chapter 2 Configuration and Troubleshooting Tools Connectivity Troubleshooting Utilities Windows-specific ipconfig The ipconfig (for IP configuration) command is a command-line utility available on Windows NT 4.0 and Windows 2000 hosts. It is used to report IP configuration information for the host. It shows information for all Ethernet adapters in the host. Tip For Windows 95/98 hosts, the winipconfig (Windows IP Configuration) program provides similar information. It is also a command-line utility.
Chapter 2 Configuration and Troubleshooting Tools Connectivity Troubleshooting Utilities Example 2-2 IPConfig example. C:\>ipconfig /all Windows 2000 IP Configuration Host Name . . . . . . . . . . . . : SATURN Primary DNS Suffix . . . . . . . : tridium.net Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : Yes WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : tridium.net Ethernet adapter Local Area Connection: Connection-specific DNS Suffix .
Chapter 2 Configuration and Troubleshooting Tools Additional Information Additional Information For more information about the topics covered in this section, consult the sources listed in Table 2-19. Note As with any web resource, addresses provided are subject to change. If a listed resource is unavailable, try a search for the article or concept using your favorite search engine. Table 2-19 Sources for more information about covered topics.
Chapter 2 Configuration and Troubleshooting Tools Additional Information 2–30 Niagara Release 2.
CHAPTER 3 Connecting on a LAN This chapter discusses connecting Niagara devices on the same enterprise LAN or WAN using the following main topics: • • • • • Niagara Considerations Connecting an Engineering PC Connecting a New JACE Controller Troubleshooting Connectivity to an Existing JACE Controller Using DHCP Niagara Considerations This section discusses typical system architectures and best practices when engineering Niagara environments.
Chapter 3 Connecting on a LAN Niagara Considerations The Web Supervisor, on the other hand, has a public IP address assigned to it in the firewall. It can be reached by the BUI user located across the Internet (the external user) and also the internal BUI user. In this scenario, the Web Supervisor has been engineered to include GxPages showing real-time information originating from the JACEs. To accomplish this, the Niagara hosts use station-to-station (interstation) links.
Chapter 3 Connecting on a LAN Niagara Considerations Multiple sites In the scenario presented in Figure 3-2, ABC Company has added a JACE to a LAN at another site. The sites connect to each other using a private data line leased from a phone company, thereby creating an enterprise-wide WAN. Interstation links are still used by all JACEs to update the GxPages on the Web Supervisor.
Chapter 3 Connecting on a LAN Niagara Considerations Things to Note You should note the following things about connecting Niagara devices to a LAN or WAN: Connection between Niagara hosts on a LAN/WAN will be faster and more reliable than connection via modem (either direct dial or through an ISP). • Interstation links were designed to be used across connections that are always available. The design assumes that connections between linked hosts go up or down infrequently.
Chapter 3 Connecting on a LAN Niagara Considerations Table 3-1 Niagara hosts in a Microsoft Windows Server Environment. Category Operating System JACE-NP • Embedded Description Windows NT 4.0 • Optional: Full version of Windows NT 4.0 Since the JACE-NP uses Windows NT 4.0 as its operating system, it operates in an Windows NT or Windows 2000 environment just like any other Windows NT 4.0 host.
Chapter 3 Connecting on a LAN Connecting an Engineering PC The second level of Windows security is Windows Domain (in a Windows NT environment) or Active Directory (in a Windows 2000 environment) security. Accounts that are added to a Windows Domain or Active Directory (AD) can access both the local host and other hosts and resources in the Domain or Active Directory, when granted the appropriate permissions.
Chapter 3 Connecting on a LAN Connecting an Engineering PC Procedure 3-1 Connecting a Windows NT 4.0 PC to an Ethernet LAN. Step 1 Attach one end of a standard Category-5 Ethernet unshielded twisted pair (UTP) patch cable to the RJ-45 connector on the PC. Step 2 Attach the other end of the patch cable to a network port or directly to an Ethernet hub. Step 3 Power up the PC. Step 4 Log into Windows NT with administrator access.
Chapter 3 Connecting on a LAN Connecting an Engineering PC Step 11 Reboot the PC. Windows 2000 Use the following procedure to attach an Engineering PC to a LAN. This assumes that the network card has been installed, Windows 2000 has been loaded, and TCP/IP networking has been installed. Procedure 3-2 Step 1 Attach one end of a standard Category-5 Ethernet unshielded twisted pair (UTP) patch cable to the RJ-45 connector on the PC.
Chapter 3 Connecting on a LAN Connecting a New JACE Controller Figure 3-4 Setting up TCP/IP on a Windows 2000 host. Step 10 Click the Advanced button to set DNS and WINS server information (if applicable). Or, if you want to get this information from the DHCP server, click Obtain DNS server address automatically. Step 11 When finished, click OK. The settings are changed. You do not need to reboot the PC.
Chapter 3 Connecting on a LAN Connecting a New JACE Controller Determining the Default Network Information JACE controllers are shipped with pre-assigned network settings. In most cases, this information will not be compatible with the network on which you are installing the equipment, and you will want to change it. But in order to change it, you first need to attach to the JACE using the pre-assigned network information.
Chapter 3 Connecting on a LAN Connecting a New JACE Controller Table 3-3 illustrates the pinouts of a host’s Ethernet MDI port and a hub’s Ethernet MDI-X ports and connection using a straight through cable. Note that the TX (transmit) function of the PC connects (via the straight through cable) to the RX (receive) function of the hub, and vice versa. Table 3-3 MDI to MDI-X connection.
Chapter 3 Connecting on a LAN Connecting a New JACE Controller Ethernet straight through (also called standard) and crossover cables are widely available commercially. However, if you do not have a cable with you that you need you can use the information in Table 3-5 to make up a cable. Both EIA/TIA 568A and 568B pinouts are given. The only real difference between 568A and 568B is that the White/Orange-Orange and White/Green-Green pairs are swapped.
Chapter 3 Connecting on a LAN Connecting a New JACE Controller Note Step 3 The maximum end-to-end distance from the JACE to the hub is 328 feet (100m). Power up the JACE controller. Note The JACE-4/5 controller identifies itself to the Ethernet LAN during power up. If the controller is powered up prior to making this connection, the unit will not be accessible on the network.
Chapter 3 Connecting on a LAN Troubleshooting Connectivity to an Existing JACE Controller Once you have made changes to one or more network settings, you must reboot the host for those changes to be implemented. The Admin Tool provides a reboot function on the Host menu. Step 11 From the menu, select Admin Tool > Host > Reboot to implement your changes. Step 12 Change the network settings on your PC to be in the same range as the new IP address for the JACE.
Chapter 3 Connecting on a LAN Troubleshooting Connectivity to an Existing JACE Controller Mistake in subnet mask or default gateway—If you make a mistake when typing either of these pieces of information, the host will be reachable on the same network segment of the LAN, but will be unreachable by machines on other segments (including from a WAN or from the Internet). In addition, the host will be unable to initiate communications with hosts on other segments.
Chapter 3 Connecting on a LAN Troubleshooting Connectivity to an Existing JACE Controller Determining Network Settings If you are unsure of the network settings on a JACE controller, first attempt to connect to the JACE at the default IP address (see the “Determining the Default Network Information” section on page 3-10). The previous installer may have left the controller at those settings for convenience.
Chapter 3 Connecting on a LAN Troubleshooting Connectivity to an Existing JACE Controller JACE-NP There are two methods you can use to track down misplaced network settings for a JACE-NP. One is fairly easy to implement, but it assumes you know some information about the JACE. The other is more complex, but assumes you know little information about the JACE.
Chapter 3 Connecting on a LAN Troubleshooting Connectivity to an Existing JACE Controller Step 7 If you do not see the name of the JACE you are looking for (or any JACE), click the the Back button of the Workgroup window and search in other listed workgroups and domains for your JACE-NP. Otherwise, continue with the next step. Step 8 Open a command prompt (see Procedure 2-12). Step 9 Ping the JACE by name (see the “ping” section on page 2-20).
Chapter 3 Connecting on a LAN Troubleshooting Connectivity to an Existing JACE Controller Step 5 Look for any IP addresses that fall outside the customer’s normal network address range, and that are unfamiliar to you (i.e., not another host that you already know about). Since the JACE-NP is a Windows device, it sends out regular broadcast messages to any master browser. These messages are sent to the broadcast address of the network range the NP is in. For example, if the source address of the NP is 199.
Chapter 3 Connecting on a LAN Troubleshooting Connectivity to an Existing JACE Controller Figure 3-8 IP address read from a Hyperterminal boot sequence. IP address in dotted decimal Subnet mask in hexadecimal The IP address of the JACE is listed on the line that begins inet on ethernet (e) :. The IP address is listed (in dotted decimal), followed by a colon, and then the subnet mask (in hexadecimal). For information on deciphering the subnet mask, see “Converting the Subnet Mask from Hexadecimal”.
Chapter 3 Connecting on a LAN Troubleshooting Connectivity to an Existing JACE Controller Step 4 Type the first two characters of the hexadecimal number (this is the first octet). For example, if the number displayed is FFFFFFC0, you would type FF. Step 5 Click the Dec (decimal) radio button. Step 6 Read and record the value displayed. In the example, FF (hex) converts to 255 (decimal). This is the first octet, or 255.
Chapter 3 Connecting on a LAN Troubleshooting Connectivity to an Existing JACE Controller Tip If you do not break the boot sequence in time and the JACE fully starts up, you can press ENTER to get to the command prompt (->), then type bootChange to enter system change mode. Step 3 Press ENTER. Step 4 Press ENTER to scroll through each field of the system settings until you reach the fifth field, inet on ethernet (e). You see the current IP address and subnet mask, separated by a colon.
Chapter 3 Connecting on a LAN Using DHCP Step 9 Verify connectivity to the JACE by connecting with the Admin Tool. If you cannot reach a JACE-4/5 with the Admin Tool after making these changes, consult Systems Engineering. Using DHCP Dynamic Host Configuration Protocol (DHCP) is an Internet standard used to aid in configuring IP hosts. For more information about DHCP, see the “Static and Dynamic IP Addressing” section on page 1-25.
Chapter 3 Connecting on a LAN Using DHCP Step 4 At the command prompt, type the following command: arp -a You see information about the pinged host (and other hosts with which you have communicated). Figure 3-10 shows an example of the information produced from the arp command after a host has been pinged. Figure 3-10 Step 5 Ping and ARP commands executed to host 10.10.8.140. In the Internet Address column, find the IP address of the host you pinged.
Chapter 3 Connecting on a LAN Using DHCP • When DHCP is enabled on a JACE-4/5, you cannot change the settings for IP address, subnet mask, default gateway, or DNS domain name using the Admin Tool because these settings are unavailable (see Figure 3-11). You can change the list of DNS servers, but upon reboot, the list will be refreshed with information from the DHCP server. To change any of these parameters, disable DHCP and manually set all of them.
Chapter 3 Connecting on a LAN Using DHCP Step 5 Reconnect with the Admin Tool using the IP address assigned by the DHCP server. The DHCP administrator can tell you this address, or you can figure it out (see “Determining Network Settings”). Step 6 Verify that the network configuration parameters (DNS servers, etc.) have been properly assigned. TroubleThis section discusses common DHCP problem scenarios on the JACE-4/5 and shooting DHCP approaches to resolving them.
Chapter 3 Connecting on a LAN Using DHCP Using Target Shell Commands You may find it necessary to troubleshoot the DHCP settings of a JACE-4/5. Several commands are available from the VxWorks target shell for this purpose. To execute the commands listed in this section, connect to the Target Shell of the JACE as described in “Hyperterminal,” page 2-7, then type the command (without spaces) at the prompt. ifShow—Displays the MAC address of the JACE-4/5. Example 3-1 The ifShow command.
Chapter 3 Connecting on a LAN Using DHCP dhcpcParamsShow(pDhcpcBootCookie)—Displays the configuration data assigned to the JACE by the DHCP server. Example 3-3 The dhcpcServerShow(pDhcpcBootCookie) command. -> dhcpcParamsShow(pDhcpcBootCookie) DHCP server name: Boot file name: DNS domain name: tridium.net Router discovery enabled. RFC 894 Ethernet encapsulation enabled.
Chapter 3 Connecting on a LAN Using DHCP • • • • • • Client rebinding (T2) time value—the amount of time left on the DHCP lease. The time is listed in seconds. If this time expires before the JACE can renew its lease, the Ethernet interface is disabled. DHCP server—the DHCP server that handled the last DHCP request. Assigned IP address—the IP address that the DHCP server assigned to the JACE. Client subnet mask—the subnet mask that the DHCP server assigned to the JACE.
Chapter 3 Connecting on a LAN Using DHCP Figure 3-12 Network Settings tab of Admin Tool on a Windows-based Niagara host using DHCP. The DHCP server is providing DNS domain, IP address, subnet mask, default gateway and DNS servers to this Windows-based Niagara host. Configuring an Engineering PC See “Connecting an Engineering PC” for instructions on how to set up DHCP on any an Engineering PC. Configuring a JACE-NP Use the following steps to set up DHCP on a JACE-NP.
Chapter 3 Connecting on a LAN Using DHCP Lease Renewal Failure Per the DHCP specification, a Windows host will periodically renew its lease, even when using a reserved address. The DHCP server defines the length of the renewal period. If the renewal request ever fails (for example, if the DHCP server is offline, or the Ethernet cable is disconnected when the renewal request occurs) and the lease expires, then one of the following things occurs: • Windows NT 4.0 host—disables its network interface.
Chapter 3 Connecting on a LAN Using DHCP Example 3-4 DHCP settings shown with the ipconfig command for Windows 2000 host. C:\>ipconfig /all Windows 2000 IP Configuration Host Name . . . . . . . . . . . . : WEBSUP1 Primary DNS Suffix . . . . . . . : tridium.net Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : Yes WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : tridium.net Ethernet adapter Local Area Connection: Connection-specific DNS Suffix .
Chapter 3 Connecting on a LAN Using DHCP Default Gateway—the default gateway of this host. This can be set manually or set by the DHCP server. • DHCP Server—the IP address of the DHCP server that handled this host’s last renewal request. • DNS Servers—a list of DNS servers used for DNS lookups by this host. This information can be set manually (if automatic DNS not enabled) or provided by the DHCP server. • Primary WINS Server—a list of WINS servers used for WINS lookups by this host.
Chapter 3 Connecting on a LAN Using DHCP 3–34 Niagara Release 2.
CHAPTER 4 Connecting with Direct Dial A Niagara host can connect to other Niagara devices by dialing them directly. This can be the only connection between hosts, or be a supplementary connection (a secondary connection to a host already on a LAN). This chapter covers how to set up these devices for direct access.
Chapter 4 Connecting with Direct Dial Niagara Considerations System Architectures Figure 4-1 and Figure 4-2 provide examples of typical Niagara job configurations (system architectures) for connecting Niagara hosts through direct dial. In the scenario presented in Figure 4-1, ABC Company has added two additional JACE-4/5s to remote sites (see the “System Architectures” section on page 3-1 for a description of the first two sites).
Chapter 4 Connecting with Direct Dial Niagara Considerations Figure 4-2 shows another typical implementation of dial-up. A systems integrator (SI) has configured a JACE-NP at Company ABC for dial-in. Choosing the JACE-NP for dial-in allows the SI to maintain not only the JACE-NP, but the other Niagara hosts on the LAN/WAN (sites 1 and 2). This is because Windows Remote Access Service (RAS) on the JACE-NP has been configured to allow any host that dials into it full access to its network.
Chapter 4 Connecting with Direct Dial Niagara Considerations station will always dial-up the JACE-NP (or JACE-4/5s), but it will never be dialed into. This is not a function of the machine, or its dial configuration, but rather is a function of the information that it sends or receives. In the examples above, two JACE-4/5s are shown dialing into one Web Supervisor, however, only one of them is connected at any one time.
Chapter 4 Connecting with Direct Dial Niagara Considerations Only a single connection between a host and a remote Niagara software component can exist at one time. For example, if a JACE-4/5 has dialed a Web Supervisor to deliver alarms, you cannot use JDE on the same connection to access a JACE. Conversely, if the Web Supervisor runs the Admin Tool and dials into a JACE, the JACE will not be able to deliver alarms to the Web Supervisor on the same connection.
Chapter 4 Connecting with Direct Dial Niagara Considerations The pass through management feature (which allows you to manage Niagara hosts on the same LAN once you are dialed into a Niagara host) is not available on the JACE-4/5s. It is a function of Windows RAS. • Many IT departments prohibit setting up dial-up on hosts attached to their network. This is considered by many departments to be a network security violation.
Chapter 4 Connecting with Direct Dial Configuring Direct Dial on the JACE-4/5 set up multiple modems on a single Web Supervisor to handle additional incoming and outgoing calls. However, this requires the server version of the Windows operating system (either Windows NT 4.0 Server or Windows 2000 Server). • add additional Web Supervisors or JACE-NPs.
Chapter 4 Connecting with Direct Dial Configuring Direct Dial on the JACE-4/5 ones that implement the AT command set in the same way (see the next section “About the AT Command Set”). You would need to provide the correct initialization string for any non-listed modem. For example, this is the initialization string we use for the US Robotics Sportster: AT&F1E0&A1X4 A breakout of the parameters set in this string is listed in Table 4-1. Table 4-1 US Robotics Sportster initialization string.
Chapter 4 Connecting with Direct Dial Configuring Direct Dial on the JACE-4/5 In addition to the initialization string, the functions described in Table 4-2 are other necessary parameters that need to be set on each modem. On the Sportster, these are controlled by dip switches. These parameters can be set on other modems using dip switches or within the initialization string. Table 4-2 US Robotics Sportster additional settings.
Chapter 4 Connecting with Direct Dial Configuring Direct Dial on the JACE-4/5 Settings made via AT commands are automatically reused by the modem until another command is received to change them, or the modem is turned off. The commands in the initialization string are used to set the parameters on startup. Enabling the JACE-4 Modem (Internal or External) The JACE-4 has two serial ports (one RS-232 and one RS-485) and one optional on-board 56k modem.
Chapter 4 Connecting with Direct Dial Configuring Direct Dial on the JACE-4/5 Figure 4-4 port.properties file opened for editing. Step 4 Make any changes to the text of the file, using any of the options from Table 5. Step 5 From the file menu, choose File > Close. If you made any changes, you are prompted to save them, otherwise the window closes. Step 6 If prompted to save your changes, click one of the following: Step 7 Yes to save your changes. The file saves and the window closes.
Chapter 4 Connecting with Direct Dial Configuring Direct Dial on the JACE-4/5 Tip Attaching a PC to COM1 requires a null modem cable. If you attach the modem to COM2 you will not have to re-cable if you ever need to access the JACE through COM1 (For instance, if you use Hyperterminal. For details, see the “Hyperterminal” section on page 2-7). JACE-4 For a JACE-4, you need to use an 8-wire flat silver satin stranded cable with RJ-45 connectors on both ends.
Chapter 4 Connecting with Direct Dial Configuring Direct Dial on the JACE-4/5 Table 4-1 Parameters of the ras.properties file used to configure direct dial. Section Parameter rasEnable Valid Values and Default Values (in Bold) true Change this to true to enable RAS for this JACE-4/5. The modem will not accept calls when this setting is false. In addition, when this is false, the JACE will not attempt to initialize any attached modem. false General Properties Description Note: When using release 2.
Chapter 4 Connecting with Direct Dial Configuring Direct Dial on the JACE-4/5 Table 4-1 Parameters of the ras.properties file used to configure direct dial. (continued) Section Parameter Valid Values and Default Values (in Bold) 57600 baudrate Description The initial baud rate to use between the JACE and the modem. In most cases you will not have to change this parameter.
Chapter 4 Connecting with Direct Dial Configuring Direct Dial on the JACE-4/5 Figure 4-5 ras.properties file opened for editing. Note The first time you view the ras.properties file, it contains remarks explaining each setting. The remark lines are preceded by a pound sign (see the example above). After saving the file, the remarks are stripped out and any future edits of the file will not contain the remarks. Step 3 Edit the file using the information in Table 4-1 as a guide.
Chapter 4 Connecting with Direct Dial Configuring Direct Dial on the JACE-4/5 updateNvRamFlag—change false to true if you have updated the initialization string. From the file menu, choose File > Close. • Step 4 If you made any changes, you are prompted to save them, otherwise the window closes. Step 5 If prompted to save your changes, click one of the following: Step 6 Yes to save your changes. The file saves and the window closes. • No to discard your changes. The window closes.
Chapter 4 Connecting with Direct Dial Configuring Direct Dial on the JACE-NP Configuring Direct Dial on the JACE-NP Configuring direct dial on the JACE-NP consists of three major steps: Installing and Configuring Modems • Configuring the RAS Software • Granting Dial-in Permissions • Installing and Configuring Modems You can purchase an internal modem when ordering a JACE-NP, or you can attach an external one to either of the RS-232 serial ports.
Chapter 4 Connecting with Direct Dial Configuring Direct Dial on the JACE-NP Step 2 From the Windows NT 4.0 taskbar, open the Control Panel by choosing Start > Settings > Control Panel. Step 3 Double-click the Modems icon to open it. Step 4 Click Add. Step 5 In the Install New Modem dialog box, click the Don’t detect my modem box, and click Next. Step 6 If your modem manufacturer and model are listed (Figure 4-9), choose them from the list and click Next.
Chapter 4 Connecting with Direct Dial Configuring Direct Dial on the JACE-NP d. Click OK. e. In the Install from Disk dialog box (Figure 4-7), click OK to copy the manufacturer’s file from the network location. f. In the Install New Modem dialog box (Figure 4-9), choose the model of your modem and click Next. Figure 4-9 Step 7 Install New Modem dialog box. On the port selection dialog box (Figure 4-10), click the COM port on which you have installed the modem, and click Next.
Chapter 4 Connecting with Direct Dial Configuring Direct Dial on the JACE-NP Step 8 Click Finish. Step 9 On the Modems Properties dialog box, click Close. Step 10 Reboot the JACE-NP by choosing Start > Shutdown, then choosing Yes. Configuring the RAS Software On the JACE-NP, dialing into and out of the JACE-NP is a function of NT’s Remote Access Server (RAS). RAS is an optional Windows NT 4.0 service that allows users to log into an NT-based LAN using a modem, X.25 connection, or WAN link.
Chapter 4 Connecting with Direct Dial Configuring Direct Dial on the JACE-NP Step 6 Figure 4-11 RAS properties. Figure 4-12 Remote Access Setup dialog box. If your modem is listed in the dialog box, click Configure. Otherwise, do the following to add your modem: a. Click Add. b. In the Add RAS Device dialog box (Figure 4-13), click OK. Your modem is added to RAS and is now available to set up. Niagara Release 2.
Chapter 4 Connecting with Direct Dial Configuring Direct Dial on the JACE-NP Figure 4-13 c. Step 7 Add RAS Device dialog box. In the Remote Access Setup dialog box (Figure 4-12), choose your modem and click Configure. On the Configure Port Usage dialog box (Figure 4-14), ensure that your modem is set up to Dial out and Receive calls, then click OK.
Chapter 4 Connecting with Direct Dial Configuring Direct Dial on the JACE-NP Figure 4-15 Network Configuration dialog box. Step 10 In the Server Settings section, click the Configure button next to TCP/IP. Step 11 In the RAS Server TCP/IP Configuration dialog box (Figure 4-16), configure the following options: Allow remote TCP/IP clients to access—if you want the dial-in client to only manage this JACE-NP, choose This computer only.
Chapter 4 Connecting with Direct Dial Configuring Direct Dial on the JACE-NP Figure 4-16 Step 12 RAS Server TCP/IP dialog box. To save your changes: a. On the RAS Server TCP/IP Configuration dialog box, click OK. b. On the Network Configuration dialog box, click OK. c. On the Remote Access Setup dialog box, click Continue. d. On the Network dialog box, click Close. The Windows NT setup wizard finalizes the set up of the service.
Chapter 4 Connecting with Direct Dial Configuring Direct Dial on an Engineering PC Note In order to start the service, your RAS must be configured and your modem must be turned on. Step 3 With Remote Access Server selected, click Startup. Step 4 Click the radio button next to Automatic, then click OK (see Figure 4-17). Figure 4-17 Step 5 Starting RAS. On the Services dialog box, click Close to save your changes.
Chapter 4 Connecting with Direct Dial Configuring Direct Dial on an Engineering PC Installing and Configuring the RAS Software • Granting Dial-in Permissions • Installing and Configuring Modems Supported Modems You can use any modem which provides a driver for the version of the OS you are running on the PC. Installing an External Modem To install the modem, connect a standard serial cable to the male serial port of your choosing on the PC.
Chapter 4 Connecting with Direct Dial Configuring Direct Dial on an Engineering PC Figure 4-18 Step 4 Phone and Modem Options dialog box. Continue with Step 4 in Procedure 4-4 “Installing a modem driver on the JACE-NP.” Installing and Configuring the RAS Software Just as on the JACE-NP, dialing into and out of an engineering PC is a function of NT’s Remote Access Server (RAS). RAS is an optional Windows NT 4.0 or 2000 service that allows users to log into an NT-based LAN using a modem, X.
Chapter 4 Connecting with Direct Dial Configuring Direct Dial on an Engineering PC Note Proper operation of RAS requires a functional installation of Windows NT Service Pack 4. Ensure that Service Pack 4 (or later) has been installed on your computer before attempting to install this service. Procedure 4-8 Installing RAS on a Windows NT 4.0 host. Step 1 On the taskbar of the engineering PC, click Start > Settings > Control Panel. Step 2 Double-click the Network icon, then click the Services tab.
Chapter 4 Connecting with Direct Dial Configuring Direct Dial on an Engineering PC Windows 2000 Notes In order to fully configure RAS, you must log into the Windows 2000 host with administrative privileges. • It is possible for the Windows 2000 domain administrator to override any RAS settings you make with a system policy that restricts these settings. Check with the domain administrator to determine if restrictive policies are in effect for the site.
Chapter 4 Connecting with Direct Dial Configuring Direct Dial on an Engineering PC Figure 4-20 Step 6 In the Virtual Private Network dialog box, click Next. Note Step 7 It is not necessary to set up a VPN between direct-dial hosts. In the Allowed Users dialog box (Figure 4-21), click the check box next to any user who you want to grant permissions to dial into this computer. Note This is equivalent to granting the user dial-in permissions in the Admin Tool.
Chapter 4 Connecting with Direct Dial Configuring Direct Dial on an Engineering PC Figure 4-22 Step 9 Set up networking components. On the Incoming TCP/IP Properties dialog box, set up options as follows. When finished, click OK then Next. Network Access—leave this option checked if you want the host dialing in to be able to access both this host and other resources on the network. • TCP/IP Address Assignment—Specify two IP addresses, one for this computer, and one for any client that will dial-in.
Chapter 4 Connecting with Direct Dial Using Direct Dial Using Direct Dial Now that you have set up direct dial on your Niagara hosts, you must set up a few more things in order to use it. If your host will be making application-initiated calls (see the “User- versus Application-initiated Connections” section on page 4-4), you must configure the station address book so it knows where to find the host with which it wants to communicate.
Chapter 4 Connecting with Direct Dial Using Direct Dial Note Typically, a “gdp” (global data passing) user is created in each station and assigned no security rights and no (blank) password. This user is referenced in AddressBook entries in other stations. Password—Password for the user in the remote station. See the Note above. • Confirm Password—Same password, repeated. • Host Address—For a LAN connected host, this is the IP address (recommended) or hostname for the remote station's host.
Chapter 4 Connecting with Direct Dial Using Direct Dial Figure 4-23 Step 5 New Address dialog box. When finished filling out the new AddressBook entry, click OK. Making a User-initiated Connection from an Engineering PC In order to contact a remote direct-dial server, you must manually initiate a connection from the engineering PC (be it a Web Supervisor or Technician PC).
Chapter 4 Connecting with Direct Dial Using Direct Dial Creating the DUN Connection To create the DUN connection, proceed as follows. Windows NT 4.0 Procedure 4-11 Creating a DUN phonebook entry. Step 1 Double-click My Computer on the Windows NT 4.0 desktop. Step 2 Double-click Dial-Up Networking. Step 3 If you have not already done so, specify the local area code, dialing prefix for accessing an outside line, and other modem properties in the Location Information dialog box, and click Close.
Chapter 4 Connecting with Direct Dial Using Direct Dial Figure 4-25 Step 5 On the Basic tab (Figure 4-26) of the New Phonebook Entry dialog box, do the following: a. Check Use Telephony dialing properties b. Type the Area code and Phone number of the host you want to dial. c. Verify that the correct modem is listed in the Dial using section. Figure 4-26 Step 6 4–36 Phonebook entry wizard. New phonebook entry Basic tab information. Click the Server tab (Figure 4-27) and do the following: a.
Chapter 4 Connecting with Direct Dial Using Direct Dial e. Click the TCP/IP Settings button. Figure 4-27 Step 7 Server tab settings. On the PPP TCP/IP Settings dialog box (Figure 4-28), verify the following settings, then click OK: Server assigned IP address is selected. The PC will receive its IP address from the remote host. • Use IP header compression is checked. • Use a default gateway on remote network is checked. • Figure 4-28 PPP TCP/IP settings.
Chapter 4 Connecting with Direct Dial Using Direct Dial Step 8 Click the Security tab and click the radio button next to Accept only encrypted authentication. Step 9 To save your changes: a. Click OK to close the New Phonebook Entry dialog box. b. Click Close to close the Dial-Up Networking dialog box. Windows 2000 Procedure 4-12 Step 1 On the Windows 2000 taskbar, select Start > Settings > Control Panel.
Chapter 4 Connecting with Direct Dial Using Direct Dial Figure 4-30 Step 6 Phone number to dial. On the Connection Availability dialog box, click Next. This makes the connection you are creating available to all users on this PC. Step 7 Establishing the Connection At the completion dialog box, do the following: a. Type a name for this connection. b. Click Add a shortcut to my desktop if you want to do that. c. Click Finish.
Chapter 4 Connecting with Direct Dial Using Direct Dial Figure 4-31 Step 4 Tip Note Dial the DUN connection. In the Connect to dialog box, type the user name and password that provides you access to the operating system running on the remote host, and click OK. This is the same user that you granted dial-in permissions to on the remote host. You can also select the Save Password check box; however, if you do so, anyone who has access to your PC will have access to the host that you are dialing.
Chapter 4 Connecting with Direct Dial Using Direct Dial The Dial-Up Networking Monitor allows you to check the status of the connection and to discover the IP address assigned to your machine and that of the remote server. Step 7 With the Dial-Up Networking Monitor displayed, click the Details button (Figure 4-33). The IP Address field displays the address assigned to your machine for this connection.
Chapter 4 Connecting with Direct Dial Using Direct Dial Tip This is the same user that you granted dial-in permissions to on the remote host. Figure 4-34 Supply user name and password credentials for remote host. RAS attempts to establish a connection between the modem on your computer and the modem on the remote host. Wait for the connection to be made. Step 4 If a Connection Complete dialog box is displayed, click OK to proceed.
Chapter 4 Connecting with Direct Dial Using Direct Dial Figure 4-35 TCP/IP connection details. With the connection made, you can access the remote host as though you were directly connected. For detailed instructions, see “Accessing the Host or Station,” page 4-43. Step 7 Accessing the Host or Station If you want to check the status of your connection or to disconnect, click the right mouse button on Dial-Up Networking Monitor on the taskbar.
Chapter 4 Connecting with Direct Dial Using Direct Dial Figure 4-36 Opening a station on a remote host. Step 4 In the User Name text box, type a user name to access the station. Step 5 In the Password text box, type the password. Step 6 Click Open. The Tree View updates and displays the open (remote) station. 4–44 Niagara Release 2.
CHAPTER 5 Connecting to an ISP In this chapter we discuss connecting Niagara devices to an ISP for remote access. Principal topics include: Niagara Considerations • Configuring Captive ISP on the JACE-4/5 • Configuring DDNS on the JACE-4/5 • Connecting Windows-based Hosts via Telephone Modem • Connecting via Cable or DSL Modem This section does not cover connecting Niagara host to each other directly using modems. You can find that information in Chapter 4, “Connecting with Direct Dial.
Chapter 5 Connecting to an ISP Niagara Considerations System Architectures Figure 5-1 provides examples of typical Niagara job configurations (system architectures) for connecting JACE-4/5s to an ISP. In the scenario presented in Figure 5-1, ABC Company has added two JACE-4/5s to remote sites (for descriptions of the other sites shown in the figure, see the “System Architectures” sections on page 3-1 and page 4-2). In site 5, the JACE has been configured to dial an ISP.
Chapter 5 Connecting to an ISP Niagara Considerations Figure 5-1 Typical ISP connectivity scenarios (sites 5 and 6). Site 5 ABC Company Name mapped to current IP address of JACE: JACE54.EasyIP.net ISP 1 TZO.COM JACE-4 Internet Site 6 Current IP Address from ISP: 209.98.231.53 JACE-5 Subnet Mask: 255.255.255.0 Name mapped to current IP address of JACE: JACE54.EasyIP.net Static IP Address from ISP: 162.38.94.99 Subnet Mask: 255.255.255.0 Default Gateway (at ISP): 162.38.94.
Chapter 5 Connecting to an ISP Niagara Considerations Connecting Hosts via Cable or DSL Options 3 and 4 show connectivity to the Internet from any Niagara host via a cable or DSL modem. Note that with DSL or cable, the connection to the Niagara host is via the Ethernet connection, rather than the dial-up connection (as it is with a traditional modem). The cable or DSL provider issues a public, static IP address (and other settings) to the Niagara host.
Chapter 5 Connecting to an ISP Niagara Considerations Figure 5-2 Other ISP connectivity scenarios. Option 1 Option 2 JACE-NP Web Supervisor Modem Modem ISP Option 5 TZO.COM or another DDNS provider Internet DSL or Cable ISP DSL o r cable Internal port IP address: 192.168.6.1 External port IP address (assigned by ISP): 209.98.36.10 Default GW: 209.98.36.10 conne ction DSL or Cable Modem Router providing Firewall, NAT and DHCP Network settings assigned by DHCP on router: IP address: 192.168.
Chapter 5 Connecting to an ISP Niagara Considerations With direct dial, there is a restriction in simultaneous user- and application-initiated data passing. If one host makes an application-initiated call, it cannot also send user-initiated data. Nor can one host make an application connection and receive user-connection data. With an ISP connected host, there is no restriction. Hosts can simultaneously pass data, of any type, just as when on a LAN/WAN.
Chapter 5 Connecting to an ISP Niagara Considerations • Many factors are involved in choosing an ISP that will work with our equipment. See “Selecting an ISP.” Selecting an ISP You should think about the following things when selecting an ISP for use with our equipment: Does the ISP provide a phone number that is local to the location of the equipment? Using a local ISP saves long distance charges.
Chapter 5 Connecting to an ISP Configuring Captive ISP on the JACE-4/5 Configuring Captive ISP on the JACE-4/5 In order to connect your JACE-4/5 to an ISP, you must configure the captive ISP service.
Chapter 5 Connecting to an ISP Configuring Captive ISP on the JACE-4/5 Installing and Configuring Modems Just as with a direct dial connection, configuration of the JACE-4/5 begins with modem configuration. If you are unfamiliar with installing and configuring modems on JACE-4/5s, refer to the “Installing and Configuring Modems” section on page 4-7. Step-by-step instructions for configuring modems are also included in “Configuring ras.properties for Captive ISP,” page 5-10.
Chapter 5 Connecting to an ISP Configuring Captive ISP on the JACE-4/5 Note Step 4 Remove any information in the Default Gateway text box to leave it blank. Note Step 5 Caution Configuring ras.properties for Captive ISP Table 5-1 rasEnable General Properties The default gateway function will be handled by the routers at the ISP.
Chapter 5 Connecting to an ISP Configuring Captive ISP on the JACE-4/5 Table 5-1 Parameters of the ras.properties file used to configure captive ISP. (continued) Section Parameter remoteAddr Valid Values and Default Values (in Bold) Description any valid IPv4 address in dotted decimal notation General Properties 192.168.1.111 localAddr any valid IPv4 address in dotted decimal notation Note: In release disabled 2.2, this parameter is not listed in the file. In release 2.
Chapter 5 Connecting to an ISP Configuring Captive ISP on the JACE-4/5 Table 5-1 Parameters of the ras.properties file used to configure captive ISP. (continued) Section Parameter ispPrimaryNumber Valid Values and Default Values (in Bold) Description any valid phone number, including any numbers used to access an outside line and any number of pause characters (,) The primary phone number that the JACE dials to reach the ISP.
Chapter 5 Connecting to an ISP Configuring Captive ISP on the JACE-4/5 Table 5-1 Parameters of the ras.properties file used to configure captive ISP. (continued) Section Parameter Valid Values and Default Values (in Bold) Description false Miscellaneous Properties pppDebug Set to true to see dial-up troubleshooting information. This information is written to the VxWorks target shell and is accessible via direct connect (Hyperterminal) or over a LAN connection (Telnet).
Chapter 5 Connecting to an ISP Configuring Captive ISP on the JACE-4/5 Note The first time you view the ras.properties file, it contains remarks explaining each setting. The remark lines are preceded by a pound sign (see the example above). After saving the file, the remarks are stripped out and any future edits of the file will not contain the remarks. Step 4 Edit the file using the information in Table 5-1 as a guide.
Chapter 5 Connecting to an ISP Configuring Captive ISP on the JACE-4/5 – – – – – – Note Step 6 ispDisconnectTime1 ispDisconnectTime2 ispDisconnectTime3 ispDisconnectTime4 ispDisconnectTime5 ispDisconnectTime6 You must use a unique ispDisconnectTimen for each disconnect you want to schedule. From the file menu, choose File > Close. If you made any changes, you are prompted to save them, otherwise the window closes.
Chapter 5 Connecting to an ISP Configuring Captive ISP on the JACE-4/5 Notes With the IspConnection object, the connect/disconnect schedule resides in the station rather than being managed by the Niagara daemon. Therefore, if the station on the JACE is not running, the JACE will not follow the disconnect schedule. For more information, see the “Troubleshooting Connection Problems” section on page 5-19.
Chapter 5 Connecting to an ISP Configuring Captive ISP on the JACE-4/5 Figure 5-4 Typical IspConnection object logic. In the example at the right, a schedule object controls the connect/disconnect schedule of the IspConnection object. A binary log object logs each change of state (from active to inactive). The JACE successfully connected to the ISP as a client, with a baud rate of 48 K. This example shows that the modem successfully connected to the ISP at 14:19 on 3-April.
Chapter 5 Connecting to an ISP Configuring Captive ISP on the JACE-4/5 Installing and Configuring the Module Use the following steps to install and configure the module and object: Procedure 5-3 Step 1 Install release 2.3 on your engineering workstation and the JACE. Step 2 Configure and test captive ISP and DDNS (if required). Proceed only when working correctly.
Chapter 5 Connecting to an ISP Configuring Captive ISP on the JACE-4/5 E-mail Configuration If you are using the notification service to send e-mail notifications, you must install, then configure the mail service with the following information provided to you by the ISP: SMTP server—host name or IP address of the simple mail transfer protocol (SMTP) server. On the Config tab of the mail service, enter this in the smtpHost text box.
Chapter 5 Connecting to an ISP Configuring Captive ISP on the JACE-4/5 Figure 5-6 Event log ISP connect and disconnect events. Troubleshooting information is also written to the VxWorks target shell, which is accessible via direct connect with Hyperterminal or over an IP connection with Telnet (see “Niagara Configuration Tools,” page 2-1). You can see additional troubleshooting information by enabling the debug parameters listed in Table 5-1.
Chapter 5 Connecting to an ISP Configuring Captive ISP on the JACE-4/5 Example 5-1 Typical connection troubleshooting information as written to the VxWorks target shell. Troubleshooting Information Description [modem:COM2 ] Initializing modem with ATE0Q0V1X4&D2&K3\N3%C2&C1&Q5W2. Modem is initialized, and dials the ISP. Receives a NO DIALTONE error. [modem:COM2 ] Wrote 31 bytes to modem. [modem:COM2 ] Received OK on init. [modem:COM2 ] Dialing . [modem:COM2 ] Wrote 12 bytes to modem.
Chapter 5 Connecting to an ISP Configuring DDNS on the JACE-4/5 Configuring DDNS on the JACE-4/5 The dynamic domain name service (DDNS) allows a device with a dynamic IP address to be accessed using a well-known domain name. DNS servers handle mapping a name (such as JACE54.EasyIP.net) to an IP address. With DDNS, each time a host receives a new IP address, it sends an update to the name-to-IP-address mapping on the DDNS server.
Chapter 5 Connecting to an ISP Configuring DDNS on the JACE-4/5 Configuring the JACE-4/5 for DDNS The JACE-4/5 DDNS client set up in the ddns.properties file, which is accessible via the Admin Tool. About the ddns.properties file Table 5-3 The ddns.properties file includes four parameters, as listed in Table 5-3. Just like the ras.properties file, parameters are listed in the form =. However, unlike the ras.
Chapter 5 Connecting to an ISP Configuring DDNS on the JACE-4/5 Figure 5-7 ddns.properties file opened and in the process of being edited. Step 4 Edit the ddns.properties file using the information in Table 5-3. Step 5 From the file menu, choose File > Close. If you made any changes, you are prompted to save them, otherwise the window closes. Step 6 If prompted to save your changes, click one of the following: Step 7 Yes to save your changes. The file saves and the window closes.
Chapter 5 Connecting to an ISP Configuring DDNS on the JACE-4/5 Figure 5-8 DDNS error in browser-view of event log. In addition to the event log, you can try the following other techniques to diagnose problems after determining the IP address that the JACE is using. use ping and tracert to verify that you can ping that IP address from a remote workstation.
Chapter 5 Connecting to an ISP Connecting Windows-based Hosts via Telephone Modem The JACE-4/5 treats an update failure in the same manner as an ISP connection failure. It hangs up the modem, waits and then retries again. If the update fails several times in a row, then the JACE reverts to dial-in mode. For more information on configuring the wait delays, retry counts, etc., see Table 5-1 in the “Configuring ras.properties for Captive ISP” section on page 5-10.
Chapter 5 Connecting to an ISP Connecting via Cable or DSL Modem “Installing and Configuring the RAS Software,” page 4-27 • “Granting Dial-in Permissions,” page 4-31 Work with your ISP to configure RAS to meet their network requirements. • Connecting via Cable or DSL Modem As mentioned in the “Niagara Considerations” section on page 5-1, you may be able to use cable and DSL modems on Niagara hosts to dial an ISP.
Chapter 5 Connecting to an ISP Connecting via Cable or DSL Modem 5–28 Niagara Release 2.
CHAPTER 6 Using Security Technologies This section discusses the issues associated with installing and using Niagara hosts in a secure environment. It has the following main topics: Security Considerations • Using a Firewall or Proxy Device • Default Niagara Port Numbers • Using a Virtual Private Network • Security Considerations Any host connected to the Internet is vulnerable to attacks by someone else in the Internet community.
Chapter 6 Using Security Technologies Security Considerations Another common point of attack for Internet hosts is the web server that runs on many Internet hosts (including Niagara hosts). However, our web server implementation is proprietary and not subject to the well-advertised attacks on Microsoft Internet Information Server and the Apache HTTP Server. The following security suggestions are provided to help you secure Niagara hosts when connecting them to the Internet.
Chapter 6 Using Security Technologies Security Considerations Guidelines for VxWorks-based Niagara Hosts • Do not enable FTP or telnet—FTP and telnet are standard Internet protocols with well-documented attack points. If you must enable FTP or telnet on an VxWorks host, consider changing the port to keep the novice attacker out. This may not stop a more sophisticated attacker who uses port scanning software to learn about all the open ports on a host.
Chapter 6 Using Security Technologies Using a Firewall or Proxy Device Have at least eight characters (the more characters, the longer it takes to crack) • Have both upper and lower case letters • Contain both letters and numbers • Contain special characters (interspersed between letters and numbers) In addition, a secure host password should also be easy for you to remember so that you are not tempted to write it down and leave it in an insecure area (such as taping it to the unit).
Chapter 6 Using Security Technologies Using a Firewall or Proxy Device Niagara hosts function well in many firewall environments, with the following conditions: • Java applets must be able to be downloaded through the firewall. Any Niagara host serving up GxPage graphics, log charts, and schedule and calendar editors must be able to send the applets associated with these servlet pages to a BUI client. (Figure 6-1). Figure 6-1 Java applet downloading to a BUI client through a firewall.
Chapter 6 Using Security Technologies Using a Firewall or Proxy Device Figure 6-2 Types of Niagara communication blocked with an application proxy or stateful inspection firewall.
Chapter 6 Using Security Technologies Default Niagara Port Numbers Default Niagara Port Numbers Note If you are unfamiliar with the role application ports play in Internet communications, please review the “About Ports” section on page 1-31. As with most Internet-enabled applications, the applications running on Niagara hosts also use default ports for communication with clients (typically other Niagara hosts, or BUI users).
Chapter 6 Using Security Technologies Default Niagara Port Numbers Table 6-1 Communication between Niagara hosts and the default server port used. Communication Client Server Default Server Port Admin Tool Engineering PC Any Niagara host • 3011—for most host-based functions (like changing network settings) • 80—for station functions such as backing up the station, version upgrades and converting the database to a different format.
Chapter 6 Using Security Technologies Default Niagara Port Numbers Changing Niagara Default Ports You will note that most connections between Niagara hosts listed in the previous table occur on the default HTTP port of 80, or the host administration port of 3011. Both of these ports can be changed in our application. You can also change the server port of any Niagara host acting as a time synchronization server.
Chapter 6 Using Security Technologies Default Niagara Port Numbers Figure 6-3 Menu navigation to change HTTP port. Step 3 On the properties sheet, click the Config tab. Step 4 Edit the httpPort text box, removing the default port of 80 and replacing it with your chosen port number (such as 8081). See Figure 6-4. Tip Many ports are assigned to other TCP/IP applications. To avoid a conflict, see http://www.iana.org/assignments/port-numbers for a full list of registered and well known ports.
Chapter 6 Using Security Technologies Default Niagara Port Numbers Changing the HTTP Port used by the Admin Tool for Station Functions When you change the station HTTP port, the Admin Tool will no longer be able to connect to the station to perform station functions. Figure 6-5 provides an example of the type of error you might encounter if you change the HTTP port in the station but fail to make the appropriate change for the Admin Tool.
Chapter 6 Using Security Technologies Default Niagara Port Numbers Figure 6-7 Step 4 station.properties file with added httpPort information. From the file menu, choose File > Close. If you made any changes, you are prompted to save them, otherwise the window closes. Step 5 If prompted to save your changes, click one of the following: Step 6 Yes to save your changes. The file saves and the window closes. • No to discard your changes. The window closes.
Chapter 6 Using Security Technologies Default Niagara Port Numbers Step 2 On the Summary tab, make note of the path listed in the Release Directory field. This is the current release directory. Neither the Admin Tool nor the JDE provide a mechanism to add or edit the niagarad.
Chapter 6 Using Security Technologies Default Niagara Port Numbers Figure 6-8 Tip Changing the admin port in a niagarad.properties file. You can add comment lines to any Niagara text file with the use of preceding # characters, as shown in Figure 6-8. It is a good idea to add comments about any changes you make to a file in case you (or someone else) need to reverse them later. Step 7 From the menu, choose File > Save. The Save dialog box opens.
Chapter 6 Using Security Technologies Default Niagara Port Numbers Step 4 Follow Procedure 6-4 from Step 2. Alternately, you can use one of the two following methods to add or edit the niagarad.properties file: browse the network and locate the JACE-NP. Double-click the niagara share (logging in, if necessary), then change directories to the current release directory, and the nre\lib subdirectory. Open the file (or add it) with Notepad as described previously. • using RCMD, connect to a JACE-NP Full.
Chapter 6 Using Security Technologies Default Niagara Port Numbers In command-line FTP, these steps will look similar to Figure 6-9. Figure 6-9 Using FTP to transfer a file off of a JACE-4/5. Step 3 Edit the file with the Windows Notepad application, as described in steps 1–9 of Procedure 6-4. In this instance, you will not find the file in the current release directory, but rather in the :\niagara directory (or whichever download directory you chose).
Chapter 6 Using Security Technologies Default Niagara Port Numbers Figure 6-10 Using FTP to copy a file to a JACE-4/5. Step 5 Reboot the JACE. Step 6 Verify connectivity to the host by connecting to it using the Admin Tool. Be sure to reference the new port number in the Connect to Host dialog box (see “Impact of Changing Default Niagara Ports,” page 6-18). Changing the Time Synchronization Port With time synchronization, one host can receive updates to its system time from another host.
Chapter 6 Using Security Technologies Default Niagara Port Numbers Step 6 Click Apply. Step 7 Using the Admin Tool, stop and start the station (or reboot the host) and verify that the station is running. Your change is enabled in the station. Step 8 Impact of Changing Default Niagara Ports Verify that a time synchronization client correctly updates its system time. When using the default HTTP and Admin port, you do not need to specify them in the application.
Chapter 6 Using Security Technologies Default Niagara Port Numbers Table 6-2 provides other selected instances where you also need to specify the new port along with the host name or IP address. Table 6-2 Selected examples of specifying a port after a port change. Action Example Opening a station with a changed HTTP port. Adding an address book entry for a host on the network with a changed HTTP port. Adding an address book entry for a dial-up host with a changed HTTP port. Niagara Release 2.
Chapter 6 Using Security Technologies Default Niagara Port Numbers Table 6-2 Selected examples of specifying a port after a port change. (continued) Action Example Changing the time synchronization port a Niagara client uses to contact a server. Note: If you use the Supervisor check box, the application tries to contact its Supervisor on the default port of 37. To contact the Supervisor (or any other time synch host) on another port, use the method shown.
Chapter 6 Using Security Technologies Default Niagara Port Numbers Table 6-3 Additional default (non-Niagara) ports. Embedded and Full JACE-NPs Embedded JACE-NP only, continued Platform Port Function 1. Note 17 QOTD (quote of the day)—RFC 865. Once a client establishes a connection, a short message is sent out on the connection (and any data received is thrown away). The service closes the connection after sending the quote. 19 Chargen (character generator)—RFC 864.
Chapter 6 Using Security Technologies Default Niagara Port Numbers Disabling Open Ports on Microsoft Windows NT 4.0 Use the following procedure to enable only those ports (Niagara and other) that you require: Procedure 6-8 Disabling open ports. Step 1 Access the desktop of the JACE-NP with either a keyboard, monitor and mouse (Full) or NetMeeting (Embedded). For instructions, see “NetMeeting,” page 2-2. Step 2 On the desktop, right-click the Network Neighborhood icon and select Properties.
Chapter 6 Using Security Technologies Using a Virtual Private Network Using a Virtual Private Network An alternate method of securely connecting Internet-attached Niagara hosts is through the use of a virtual private network (VPN). A VPN is an encrypted IP connection between hosts over a public infrastructure such as the Internet or the public telephone network. A VPN embeds a special protocol within the TCP/IP packets carried over the Internet.
Chapter 6 Using Security Technologies Using a Virtual Private Network Niagara System Architectures Figure 6-13 on page 6-25 provides examples of typical Niagara job configurations (system architectures) for connecting Niagara hosts with a VPN. This drawing is similar to those used in previous architecture discussions, but several sites at fictional ABC company have been removed for simplicity. Company ABC has implemented VPN server software on their firewall, and added a new site (site 7).
Chapter 6 Using Security Technologies Using a Virtual Private Network Figure 6-13 VPN in use at ABC Company. ABC Company Site 7 Internal port IP address: 192.168.6.1 External port IP address Assigned by ISP: 209.98.36.10 Assigned by VPN: 192.168.100.12 DSL or Cable Modem JACE-NP Router with NAT, DHCP, and VPN client DS co L o nn r c ec ab tio le n Local IP Address: 209.252.1.27 VPN Address: 192.168.100.57 Network settings assigned by DHCP on router: IP address: 192.168.6.5 Default GW: 192.168.6.
Chapter 6 Using Security Technologies Using a Virtual Private Network 6–26 Niagara Release 2.
APPENDIX A Configuration Files Used for Communication This section provides a summary and some additional information about files used for communication functions by Niagara host. It uses the following conventions: %SystemRoot%—the directory where Windows is installed. Typically, this is c:\winnt. %SystemRoot% is a Microsoft convention you may also see used in Windows environment variables and path statements. • —Niagara release version.
Appendix A Configuration Files Used for Communication JACE-4/5 Table A-1 Communication files used on Windows-based Niagara hosts. File Location Purpose drivers.properties \nre\lib\ Used to implement and configure various drivers. You can edit this file using the Admin Tool (Installation tab). Typically you do not need to edit this file unless configuring a specific driver (follow instructions in the integration document).
Appendix A Configuration Files Used for Communication JACE-4/5 Table A-2 Communication files used on JACE-4/5s. File Location Purpose hosts \sys\net A file with a manually built list used to resolve an IP address to a name. You can edit this file using the Admin Tool. Click the Network Settings tab and click Edit Hosts File. See also “The HOSTS File,” page 1-26. ras.properties Used to both configure modems and enable the direct dial function. See “About the ras.properties File,” page 4-12. ddns.
Appendix A Configuration Files Used for Communication JACE-4/5 A–4 Niagara Release 2.
GLOSSARY A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Commonly Used Terms A Active Directory Active Directory is the Microsoft Windows 2000 server directory service. It identifies resources on the network and makes those resources available to applications and users. In previous versions of Windows server, this function was handled by a combination of DNS, WINS, and the proprietary Windows domain function.
Glossary A B C D E F G H I J K L M N O P Q R S T U V W X Y Z browser A browser is sometimes also called a Web browser. This is an application such as Microsoft Internet Explorer or Netscape Communicator, widely used to locate and display pages on the World Wide Web. BUI Browser User Interface. An acronym sometimes used to mean the user access of a Niagara station (JACE controller or Web Supervisor) using a Web browser, as opposed to using Java Desktop Environment (JDE).
Glossary A B C D E crossover cable F G H I J K L M N O P Q R S T U V W X Y Z A crossover cable can be used to connect two computers together without a hub, or to connect two hubs together (if the hub does not have an uplink port). If your hub has an uplink port, then you should use a standard Ethernet patch cable to connect the hubs instead. D daemon Typically, a process that performs administrative tasks for the operating system.
Glossary A B C D E F G H I J K L M N O P Q R S T U V W X Y Z domain name system See DNS. driver A software program that acts as a translator between a computer and another device. Drivers are specific to each device, as they contain special commands for that device. Many devices require drivers, such as printers, hard drivers, modems and keyboards. dynamic DNS See DDNS. dynamic IP address An IP address that is dynamically assigned to the host from a server.
Glossary A B C D E F G H I J K L M N O P Q R S T U V W X Y Z H host A device on an IP network. This could be a PC, a router, a printer, or any other device that is configured with at least one IP address. HOSTS file The HOSTS file is a text file residing on each local machine. Each line of the text file typically contains an IP address of a host and a name for it.
Glossary A B C D E F G H I J K L M N O P Q R S T U V W X Y Z enterprise LAN connectivity. Since a station database is made using Java objects, it can easily run on multiple platforms ranging from a network computer that supports embedded systems to a desktop server platform that integrates multiple systems. JACE-NP The JACE-NP is the first of the JACE controller platforms, essentially a compact PC platform with an integral hard drive, but no keyboard, mouse or monitor. It uses either Windows NT 4.
Glossary A B C D E F G H I J K L M N O P Q R S T U V W X Y Z leased line A leased line is a high-speed data line leased from a telecommunications carrier. It provides a point-to-point connection between geographically dispersed sites. Data on a leased line is private; it does not travel on a public network. Typically, they are used to connect offices of a company into a WAN, or to connect a company to the Internet. Also referred to as T-1 (max speed 1.544 Mbps) or T-3 (43 Mbps) lines.
Glossary A B C D E null modem cable F G H I J K L M N O P Q R S T U V W X Y Z A null modem cable is like a modem cable but is specially designed to hook two computers together, rather than a computer and a modem. The cable attaches to male serial (RS-232) ports on each computer. O OS Operating system. It is the base program installed on a computer.
Glossary A B C D E public IP address F G H I J K L M N O P Q R S T U V W X Y Z An IP address that is in the public address space. It can be reached directly from the Internet, without the use of NAT. See also private IP address. Q R right-click Some operations require that you click the right mouse button (sometimes called button two). Even though a mouse can be programmed to switch buttons, by convention 'clicking' refers to the left mouse button.
Glossary A B C D E F G H I J K L M N O P Q R S T U V W X Y Z static IP address An IP address that is manually assigned to a host, and rarely changes. Typically, when the IP address is statically assigned, other network settings (such as network mask and default gateway) are also statically assigned. See dynamic IP address. Standard Output window An Admin Tool option providing a special window to view and save a running station’s activity.
Glossary A B C D E F G H I J K L M N O P Q R S T U V W X Y Z U URL Uniform resource locator. The global address of a document or other resource. Within the context of Niagara, a URL is similar to a SWID. A SWID defines a particular node in a Niagara station database, whereas a URL can include a SWID or a resource located elsewhere. V VxWorks A real-time operating system for embedded devices by WindRiver Systems. This is the OS for the JACE-4/5 platform. W WAN Wide area network.
Glossary A B C D E F G H I J K L M N O P Q R S T U V W X Y Z X XML eXtensible Markup Language. A specification developed by the W3C (World Wide Web Consortium). XML is a subset of SGML, designed especially for Web documents. Use of custom tags provides “extensibility”, not available using HTML. XML is expected to eventually supplant HTML as the standard for Web documents. The Niagara Framework uses XML as one method of station database storage. Y Z GL-12 Niagara Release 2.
INDEX A access methods contention methods 1-13 overview 1-13 to 1-14 polling 1-14 token passing 1-13 account Administrator 3-5 Guest 3-5, 3-6 Active Directory 3-6 adapters, serial and null modem about 2-12 JACE-4 2-12, 4-12 JACE-5 2-12, 4-11 Add Address button 4-32 Add RAS Device dialog box 4-21, 4-28 address book 5-5 address book, station 4-6, 4-32, 5-5, 5-6, 5-8, 6-19 administrator passwords, caution about changing 6-2 Administrators group 3-6 Advanced button 3-9 alarm archiving 1-35, 6-8 Alarm Console a
Index Chapter connecting hosts 5-27 connecting hosts discussion 5-4 cables about Ethernet 3-10 to 3-12 coaxial 1-7 connectors 1-9 crossover connection 3-14 Ethernet pinouts 3-12 fiber optic 1-8 serial and null modem about 2-12 JACE-4 2-12, 4-12 JACE-5 2-12, 4-11 twisted pair 1-7 cabling, overview 1-7 captive ISP about 5-8 configuring, JACE-4/5 5-8 to 5-21 network settings 5-9 to 5-10 coaxial cable 1-7 command prompt, opening 2-20 command-line interpreter 2-8 command-line utilities, Windows 2-20 commands ar
Index Chapter Connection Availability dialog box 4-39 Connection Complete dialog box 4-40, 4-42 Connection Description dialog box 2-9, 2-16 connections, direct dial types 4-4 connectors cable, overview 1-9 DB-9 2-13 mode 2-9 RJ-45 2-13 contention methods, network 1-13 creating strong passwords 6-3 crossover cables about 3-10 to 3-12 LAN connection 3-14 current release directory, determining 6-12 D Database service 1-35, 6-8 DBAdmin error 6-11 DDNS about provider 5-22 JACE-4/5 configuration 5-22 to 5-26 JA
Index Chapter Location Information 4-35 Logon 2-2 Network Configuration 4-22 Networking Components 4-30 New Address 4-32 New Phonebook Entry 4-36 Open 6-13 Phone and Modem Options 4-27 Phone Number to Dial 4-38 PPP TCP/IP Settings 4-37 RAS Server TCP/IP Configuration 4-23 Remote Access Setup 4-20, 4-22 Select Distribution Directory 5-18 Services 4-24 Unlock Workstation 2-4 Virtual Private Network 4-30 dialOutOnly parameter 5-10 Dial-Up Networking Monitor 4-40, 4-42 dial-up networking.
Index Chapter DHCP 3-30 direct dial 4-25 to 4-31 RAS 4-28 to 4-31 granting dial-in permissions 4-31 installing modem 4-26 installing modem driver 4-26 specific security guidelines 6-3 starting RAS service 4-31 supported modems 4-26 user-initiated connection 4-34 to 4-44 error, DBAdmin 6-11 Ethernet cables about 3-10 to 3-12 pinouts 3-12 event log 5-19, 5-24 external modem, installing engineering PC 4-26 JACE-4/5 4-11 to 4-12 JACE-NP 4-17 F fiber optic cable 1-8 file transfer protocol.
Index Chapter I ICMP 2-20, 2-22 IEEE 802 standards, overview 1-10 ifShow command 3-27 Incoming Connections dialog box 4-29 Incoming TCP/IP Properties dialog box 4-31 initFailLogOnly parameter 4-14, 5-11 initialization string 4-7 initString parameter 4-14, 5-11 Installation tab 5-18 installing modem driver engineering PC 4-26 JACE-NP 4-17 Internet control message protocol. See ICMP Internet protocol. See IP and TCP/IP Internet service provider.
Index Chapter ispPrimaryNumber parameter 5-12 ispRetryCount parameter 5-12 ispRetryDelay parameter 5-12 ispUsername parameter 5-12 J JACE, connecting multiple to Web Supervisor 4-6 JACE-4 configuring serial ports 4-10 to 4-11 serial and null modem cables and adapters 2-12, 4-12 JACE-4/5 configuration files A-2 configuring captive ISP network settings 5-9 to 5-10 overview 5-8 to 5-21 DDNS 5-23 to 5-24 DHCP 3-25 direct dial 4-7 to 4-16 RAS 4-14 to 4-16 determining MAC address 3-23 DHCP lease renewal failure
Index Chapter public IP address 3-1, 3-2, 3-4 things to note 3-4 lastConnectionAttempt parameter 5-16 lastSuccessfulConnection parameter 5-16 layer application 1-17 data link 1-18 network 1-18 physical 1-18 presentation 1-18 session 1-18 transport 1-18 layered architecture 1-9 local area network.
Index Chapter JACE-4/5 3-19 to 3-21 JACE-NP 3-17 to 3-19, 3-21 new JACE determination 3-10 troubleshooting tool 2-27 to 2-28 types peer-to-peer 1-3 server-based, overview 1-3 specialized servers, overview 1-3 use overview 1-2 wireless 1-8 network address translation.
Index Chapter ispUsername 5-12 key 5-23 lastConnectionAttempt 5-16 lastSuccessfulConnection 5-16 localAddr 5-11 modemDebug 4-14, 5-13 pppDebug 4-14, 5-13 rasDebug 4-14, 5-13 rasEnable 5-10 rasMode 5-10 rate 5-16 remoteAddr 5-11 serverx 5-23 state 5-16 statusOutput 5-16 updateNvRamCmd 4-14, 5-11 updateNvRamFlag 4-14, 5-11 passwords caution about changing administrator 6-2 creating strong 6-3 patch cable 1-5, 3-10 peer-to-peer networks 1-3 permissions, granting dial-in engineering PC 4-31 JACE-4/5 5-15 JACE-
Index Chapter ISP JACE-NP 5-26 installing, Windows NT 4.0 4-27 starting service engineering PC 4-31 JACE-NP 4-24 RAS Server TCP/IP Configuration dialog box 4-23 ras.
Index Chapter system.
Index Chapter DHCP lease renewal failure JACE-4/5 3-26 JACE-NP 3-31 reservation not working JACE-4/5 3-26 JACE-NP 3-31 DNS tool 2-23 to 2-25 ISP connection problems 5-19 to 5-21 JACE connectivity 3-14 to 3-23 network settings tool 2-27 to 2-28 other access methods 3-21 ports tool 2-25 to 2-26 tunneling protocols 6-23 twisted pair cables 1-7 TZO about 5-22 registering 5-22 U Unlock Workstation dialog box 2-4 updateNvRamCmd parameter 4-14, 5-11 updateNvRamFlag parameter 4-14, 5-11 Users tab 3-6 V Virtual P
Index Chapter Index-14 Niagara Networking & Connectivity Guide Niagara Release 2.
You can help make this manual even better! Please help us make our documentation as useful as possible. Use this form to advise us of errors, descriptions that are not clear, or provide any other helpful information. Mail this form to: Tridium, Inc. 3951 Westerre Parkway, Suite 350 Richmond, Virginia 23233 Attention: Tridium Documentation Team Or fax is to us at: (804) 747-5204 Or e-mail your comments to us at: documentation@tridium.