Support / Knowledge Base / EtherLite® Authorized Host List Setup

EtherLite® Authorized Host List Setup

By default, an EtherLite® Unit will accept a connection from any host

with the appropriate driver.  However, it is possible to restrict

access to a few specific IP addresses and/or by hosts with a specific

network address.  This is done by loading the Unit with an Authorized

Host List.  This list specifies which hosts may connect to a Unit.

The list may contain up to eight items.



The Authorized Host List is passed to the EtherLite® unit by way of the

BOOTP/DHCP Vendor Specific Information Option.  The format of this

option is shown below:



 Code  Len   Vendor-specific information

+----+----+-----------------------------

| 43 |  n |    |    |    | ...

----------------------------------------



The Vendor-specific information is itself encapsulated in a

code/len/data format which is shown below:



 Code  Len   Data           Code  Len    Data

+----+----+----------------+----+----+---------------

| T1 |  n |    |    |...   | T2 |  n |    |  ...

-----------------------------------------------------



The len field specifies the number of bytes in the data field.



For our purpose, two codes have been defined.  Code 1 is used to pass

a list of authorized host IP addresses the unit.  Code 2 is used to

pass a list of authorized network addresses.  Here is the actual

format of these:



 Code  Len Host_1              Host_2              Host_x

+----+----+-------------------+-------------------+-----

| 1  |  n | a1 | a2 | a3 | a4 | a1 | a2 | a3 | a4 | ...

--------------------------------------------------------



 Code  Len Net_Mask_1          Net_Addr_1          Net_Mask_x

+----+----+-------------------+-------------------+-------------

| 2  |  n | m1 | m2 | m3 | m4 | a1 | a2 | a3 | a4 | m1 | m2 |...

----------------------------------------------------------------- 



As you can see, code 1 consists of a simple list of IP addresses.

However, code 2 consists of list of net_mask/net_address pairs.  The

net_mask is needed to specify which bits are important in the following

net_address.


UNIX® BOOTP 2.4.x

The following examples show how to define the Vendor Specific

Information Option in the "bootptab" file under BOOTP 2.4.x



For each EtherLite® Unit, there is an entry in the "bootptab" file

which looks something like this:



el16_1:ht=ethernet:ha=00a0e7123456:ip=192.9.200.48



To add the Vendor Specific Information Option to this entry, you would

simply append the "T43=" code to the end of the line followed by the

Vendor Specific Data.  The data is entered in hexadecimal format.

BOOTP handles computing the length field for you.  For example, if you

wanted to set up an Authorized Host List containing two hosts, say

192.9.200.50 and 192.9.200.51, your BOOTP entry would look like this:



el16_1:ht=ethernet:ha=00a0e7123456:ip=192.9.200.48:T43=0108c009c832c009c833:



The first byte of the Vendor Specific Data, 01, is the code byte.  The

second byte, 08, is the len byte.  Since we have two IP addresses,

each four bytes in length, the total length is eight bytes.  Following

the length byte is the two IP addresses.



The following example shows how to set up an Authorized Host List with

a network address.  This entry will permit any host on network address

192.9.200 to access the unit.



el16_1:ht=ethernet:ha=00a0e7123456:ip=192.9.200.48:T43=0208ffffff00c009c800:



The first byte of the Vendor Specific Data, 02, is the code byte.  The

second byte, 08, is the len byte.  Since we have one network mask and

one network address, each four bytes in length, the total length is

eight bytes.  The next four bytes is the network mask ffffff00, and

the last four bytes is the network address c009c800 (192.9.200.00).



Having an Authorized Host List with both IP addresses and network

addresses is also possible.  Taking the above network address example,

let us also permit a host with IP address 204.217.31.71 to connect to

the unit.  The Vendor Specific Information Option would look like

this:





      _______________________ Vendor Specific Data

      ||||        ||||

  T43=0104ccd91f470208ffffff00c009c800

          --------    ^^^^^^^^--------

             |           |       |

          IP entry       |   Network address

                         |

                      Netmask




Windows NT® DHCP

The first step in setting up an Authorized Host List for Windows NT is

to decide what the data portion of the Vendor Specific Information

should be.



For example, to set up an Authorized Host List containing two hosts,

say 192.9.200.50 and 192.9.200.51, the data portion of the Vendor

Specific Information would be:



1, 8, 192, 9, 200, 50, 192, 9, 200, 51



The first byte of the Vendor Specific Data, 1, is the code byte.  The

second byte, 8, is the len byte.  Since we have two IP addresses, each

one four bytes in length, the total length is eight bytes.  Following

the length byte is the two IP addresses.



The following example shows how to set up an Authorized Host List with

a network address.  This entry will permit any host on network address

192.9.200 to access the unit.



2, 8, 255, 255, 255, 0, 192, 9, 200, 0



The first byte of the Vendor Specific Data, 2, is the code byte.  The

second byte, 8, is the len byte.  Since we have one network mask and

one network address, each four bytes in length, the total length is

eight bytes.  The next four bytes is the network mask 255.255.255.0,

and the last four bytes is the network address 192.9.200.00.



Having an Authorized Host List with both IP addresses and network

addresses is also possible.  Taking the above network address example,

let us also permit a host with IP address 204.217.31.71 to connect to

the unit.  The Vendor Specific Information Option would look like

this:



  ______________________________________________ Vendor Specific Data

  ||||                                      ||||

  2, 8, 255, 255, 255, 0, 192, 9, 200, 0,   1, 4, 204, 217, 31, 71

        ----------------  --------------          ----------------

            Netmask       Network Address            IP Address



The second step in setting up the Authorized Host List for Windows NT

is to configure the DHCP Manager to send the Vendor Specific

Information Option with your data to the EtherLite® Unit.  Below is an

outline of how to navigate through the DHCP Manager to do this.  It is

assumed that the DHCP Manager has already been configured to do IP

address assignment, and that an IP reservation has been made for your

EtherLite® Unit.



Procedure:

- Launch the "DHCP Manager" from the "Network Administration" program group.

- Click on "Local Machine" in the DHCP Servers list.  The list of

  defined scopes will appear below the "Local Machine" item.

- Click on the scope under which your EtherLite® Unit would appear.

- Choose the "Active Leases..." from the "Scope" menu.

- From the "Client" list, select the EtherLite® Unit you wish to

  configure then click on the "Properties" button.

- Click on the "Options" button.

- From the "Unused Options" list, select "043 Vendor Specific Info",

  then click on "Add" to add the option to the "Active Options" list.

- Click on the "Value >>>" button to set the option value.

- Click on the "Edit Array..." button to open up the "Numeric Array

  Value Editor".

- Use the "Numeric Array Value Editor" to enter the data portion of

  the Vendor Specific Info.  Please note that the "Numeric Array Value

  Editor" will build the array in reverse order, unless you specifically

  move the cursor down in the "Current Value" list.  When you are done,

  click on "OK" to close the editor.

- Click on "OK" to close "DHCP Options" window.

- Click on "Cancel" to close the "Client Properties" window.  Don''''t

  worry.  Your options will be saved.  Remember, you were adding an

  option to an existing lease, not adding a new lease.  Clicking on "OK"

  would result on an error window popping up.



It should suffice to simply power cycle the EtherLite® device to get it

to re-request service from the DHCP server.  However, if this doesn''''t

work, you may try de-activating and reactivating the scope before power

cycling the EtherLite®.  If that doesn''''t work, then restart Windows NT

before power cycling the EtherLite®.  Sometimes, we''''ve seen that the DHCP

server can get into a state where its behavior doesn''''t match its

configuration in the manager, however, a Windows restart always seems to

have fixed it.



Last updated: Aug 08, 2017

Recently Viewed Articles

No recently viewed articles
Contact a Digi expert and get started today! Contact Us