By default, an EtherLite® Unit will accept a connection from any host
with the appropriate driver. However, it is possible to restrict
access to a few specific IP addresses and/or by hosts with a specific
network address. This is done by loading the Unit with an Authorized
Host List. This list specifies which hosts may connect to a Unit.
The list may contain up to eight items.
The Authorized Host List is passed to the EtherLite® unit by way of the
BOOTP/DHCP Vendor Specific Information Option. The format of this
option is shown below:
Code Len Vendor-specific information
+----+----+-----------------------------
| 43 | n | | | | ...
----------------------------------------
The Vendor-specific information is itself encapsulated in a
code/len/data format which is shown below:
Code Len Data Code Len Data
+----+----+----------------+----+----+---------------
| T1 | n | | |... | T2 | n | | ...
-----------------------------------------------------
The len field specifies the number of bytes in the data field.
For our purpose, two codes have been defined. Code 1 is used to pass
a list of authorized host IP addresses the unit. Code 2 is used to
pass a list of authorized network addresses. Here is the actual
format of these:
Code Len Host_1 Host_2 Host_x
+----+----+-------------------+-------------------+-----
| 1 | n | a1 | a2 | a3 | a4 | a1 | a2 | a3 | a4 | ...
--------------------------------------------------------
Code Len Net_Mask_1 Net_Addr_1 Net_Mask_x
+----+----+-------------------+-------------------+-------------
| 2 | n | m1 | m2 | m3 | m4 | a1 | a2 | a3 | a4 | m1 | m2 |...
-----------------------------------------------------------------
As you can see, code 1 consists of a simple list of IP addresses.
However, code 2 consists of list of net_mask/net_address pairs. The
net_mask is needed to specify which bits are important in the following
net_address.
UNIX® BOOTP 2.4.x
The following examples show how to define the Vendor Specific
Information Option in the "bootptab" file under BOOTP 2.4.x
For each EtherLite® Unit, there is an entry in the "bootptab" file
which looks something like this:
el16_1:ht=ethernet:ha=00a0e7123456:ip=192.9.200.48
To add the Vendor Specific Information Option to this entry, you would
simply append the "T43=" code to the end of the line followed by the
Vendor Specific Data. The data is entered in hexadecimal format.
BOOTP handles computing the length field for you. For example, if you
wanted to set up an Authorized Host List containing two hosts, say
192.9.200.50 and 192.9.200.51, your BOOTP entry would look like this:
el16_1:ht=ethernet:ha=00a0e7123456:ip=192.9.200.48:T43=0108c009c832c009c833:
The first byte of the Vendor Specific Data, 01, is the code byte. The
second byte, 08, is the len byte. Since we have two IP addresses,
each four bytes in length, the total length is eight bytes. Following
the length byte is the two IP addresses.
The following example shows how to set up an Authorized Host List with
a network address. This entry will permit any host on network address
192.9.200 to access the unit.
el16_1:ht=ethernet:ha=00a0e7123456:ip=192.9.200.48:T43=0208ffffff00c009c800:
The first byte of the Vendor Specific Data, 02, is the code byte. The
second byte, 08, is the len byte. Since we have one network mask and
one network address, each four bytes in length, the total length is
eight bytes. The next four bytes is the network mask ffffff00, and
the last four bytes is the network address c009c800 (192.9.200.00).
Having an Authorized Host List with both IP addresses and network
addresses is also possible. Taking the above network address example,
let us also permit a host with IP address 204.217.31.71 to connect to
the unit. The Vendor Specific Information Option would look like
this:
_______________________ Vendor Specific Data
|||| ||||
T43=0104ccd91f470208ffffff00c009c800
-------- ^^^^^^^^--------
| | |
IP entry | Network address
|
Netmask
Windows NT® DHCP
The first step in setting up an Authorized Host List for Windows NT is
to decide what the data portion of the Vendor Specific Information
should be.
For example, to set up an Authorized Host List containing two hosts,
say 192.9.200.50 and 192.9.200.51, the data portion of the Vendor
Specific Information would be:
1, 8, 192, 9, 200, 50, 192, 9, 200, 51
The first byte of the Vendor Specific Data, 1, is the code byte. The
second byte, 8, is the len byte. Since we have two IP addresses, each
one four bytes in length, the total length is eight bytes. Following
the length byte is the two IP addresses.
The following example shows how to set up an Authorized Host List with
a network address. This entry will permit any host on network address
192.9.200 to access the unit.
2, 8, 255, 255, 255, 0, 192, 9, 200, 0
The first byte of the Vendor Specific Data, 2, is the code byte. The
second byte, 8, is the len byte. Since we have one network mask and
one network address, each four bytes in length, the total length is
eight bytes. The next four bytes is the network mask 255.255.255.0,
and the last four bytes is the network address 192.9.200.00.
Having an Authorized Host List with both IP addresses and network
addresses is also possible. Taking the above network address example,
let us also permit a host with IP address 204.217.31.71 to connect to
the unit. The Vendor Specific Information Option would look like
this:
______________________________________________ Vendor Specific Data
|||| ||||
2, 8, 255, 255, 255, 0, 192, 9, 200, 0, 1, 4, 204, 217, 31, 71
---------------- -------------- ----------------
Netmask Network Address IP Address
The second step in setting up the Authorized Host List for Windows NT
is to configure the DHCP Manager to send the Vendor Specific
Information Option with your data to the EtherLite® Unit. Below is an
outline of how to navigate through the DHCP Manager to do this. It is
assumed that the DHCP Manager has already been configured to do IP
address assignment, and that an IP reservation has been made for your
EtherLite® Unit.
Procedure:
- Launch the "DHCP Manager" from the "Network Administration" program group.
- Click on "Local Machine" in the DHCP Servers list. The list of
defined scopes will appear below the "Local Machine" item.
- Click on the scope under which your EtherLite® Unit would appear.
- Choose the "Active Leases..." from the "Scope" menu.
- From the "Client" list, select the EtherLite® Unit you wish to
configure then click on the "Properties" button.
- Click on the "Options" button.
- From the "Unused Options" list, select "043 Vendor Specific Info",
then click on "Add" to add the option to the "Active Options" list.
- Click on the "Value >>>" button to set the option value.
- Click on the "Edit Array..." button to open up the "Numeric Array
Value Editor".
- Use the "Numeric Array Value Editor" to enter the data portion of
the Vendor Specific Info. Please note that the "Numeric Array Value
Editor" will build the array in reverse order, unless you specifically
move the cursor down in the "Current Value" list. When you are done,
click on "OK" to close the editor.
- Click on "OK" to close "DHCP Options" window.
- Click on "Cancel" to close the "Client Properties" window. Don''''t
worry. Your options will be saved. Remember, you were adding an
option to an existing lease, not adding a new lease. Clicking on "OK"
would result on an error window popping up.
It should suffice to simply power cycle the EtherLite® device to get it
to re-request service from the DHCP server. However, if this doesn''''t
work, you may try de-activating and reactivating the scope before power
cycling the EtherLite®. If that doesn''''t work, then restart Windows NT
before power cycling the EtherLite®. Sometimes, we''''ve seen that the DHCP
server can get into a state where its behavior doesn''''t match its
configuration in the manager, however, a Windows restart always seems to
have fixed it.