Engage Black BlackDoor Duo User manual
BlackDoor Duo
User's Guide
Engage Black
Engage Black
9565 Soquel Drive, Suite 200
Aptos, California 95003
TEL: 831-688-1021 FAX: 831-688-1421
www.engageblack.com
BlackDoor Duo Engage Black
Product Warranty
Seller warrants to the Original Buyer that any unit shipped to the Original Buyer, under normal
and proper use, be free from defects in material and workmanship for a period of 24 months from
the date of shipment to the Original Buyer. This warranty will not be extended to items repaired by
anyone other than the Seller or its authorized agent. The foregoing warranty is exclusive and in lieu
of all other warranties of merchantability, tness for purpose, or any other type, whether express or
implied.
Remedies and Limitation of Liability
A. All claims for breach of the foregoing warranty shall be deemed waived unless notice of such claim
is received by Seller during the applicable warranty period and unless the items to be defective are
returned to Seller within thirty (30) days after such claim. Failure of Seller to receive written notice
of any such claim within the applicable time period shall be deemed an absolute and unconditional
waiver by buyer of such claim irrespective of whether the facts giving rise to such a claim shall have
been discovered or whether processing, further manufacturing, other use or resale of such items shall
have then taken place.
B. Buyer's exclusive remedy, and Seller's total liability, for any and all losses and damages arising
out of any cause whatsoever (whether such cause be based in contract, negligence, strict liability,
other tort or otherwise) shall in no event exceed the repair price of the work to which such cause
arises. In no event shall Seller be liable for incidental, consequential, or punitive damages resulting
from any such cause. Seller may, at its sole option, either repair or replace defective goods or work,
and shall have no further obligations to Buyer. Return of the defective items to Seller shall be at
Buyer's risk and expense.
C. Seller shall not be liable for failure to perform its obligations under the contract if such failure
results directly or indirectly from, or is contributed to by any act of God or of Buyer; riot; re;
explosion; accident; ood; sabotage; epidemics; delays in transportation; lack of or inability to obtain
raw materials, components, labor, fuel or supplies; governmental laws, regulations or orders; other
circumstances beyond Seller's reasonable control, whether similar or dissimilar to the foregoing; or
labor trouble, strike, lockout or injunction (whether or not such labor event is within the reasonable
control of Seller)
Copyright Notice
Copyright
©
2000-2020 Engage Black All rights reserved. This document may not, in part
or in entirety, be copied, photocopied, reproduced, translated, or reduced to any electronic
medium or machine-readable form without rst obtaining the express written consent of Engage
Communication. Restricted rights legend: Use, duplication, or disclosure by the U.S. government
is subject to restrictions set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and
Computer Software clause in DFARS 52.227-7013 and in similar clauses in the FAR and NASA FAR
Supplement.
Information in this document is subject to change without notice and does not represent a
commitment on the part of Engage Communication, Inc.
Page 1
BlackDoor Duo Engage Black
FCC Radio Frequency Interference Statement
This equipment has been tested and found to comply with the limits for a Class A digital device,
pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection
against harmful interference when the equipment is operated in a commercial environment. This
equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in
accordance with the instruction manual, may cause harmful interference to radio communications.
Operation of this equipment in a residential area is likely to cause harmful interference in which case
the user will be required to correct the interference at his own expense.
NOTE - Shielded ethernet cables must be used with the Engage IP
Tube to ensure compliance with
FCC Part 15 Class A limits.
CAUTION { To reduce the risk of re, use only No. 26 AWG or larger listed Telecommunication
cables.
Equipment Malfunction
If trouble is experienced with an BlackDoor Duo, please contact the Engage Communication Service
Center. If the equipment is causing harm to the telephone network, the telecommunications service
provider may request that you disconnect the equipment until the problem is resolved.
Engage Communication Service Center:
Phone (U.S.) +1.831.688.1021
Fax +1.831.688.1421
Email support@engageinc.com
Web www.engageinc.com
Page 2
BlackDoor Duo Engage Black
Contents
1 Introduction 5
1.1 Security ........................................... 5
1.2 Management ........................................ 5
1.3 UnitPortsandIndicators ................................. 5
1.3.1 ConsolePort .................................... 5
1.3.2 LANInterface ................................... 5
1.4 AboutthisGuide...................................... 5
1.4.1 Organization .................................... 5
1.4.2 IntendedAudience................................. 6
2 Installation QuickStart 7
2.1 Communication with BlackDoor Duo . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
2.1.1 ConsolePort .................................... 7
2.1.2 SSH ......................................... 7
2.2 Editing & Pasting Congurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
2.3 BlackDoorDuoCabling .................................. 7
2.4 BlackDoor Duo Conguration Parameters . . . . . . . . . . . . . . . . . . . . . . . . 8
2.4.1 Interface Specic Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
2.4.2 BlackDoor Duo System Parameters . . . . . . . . . . . . . . . . . . . . . . . . 8
3 Installation of BlackDoor Duo 10
3.1 InstallingtheHardware .................................. 10
3.1.1 Locating BlackDoor Duo . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
3.1.2 Powering BlackDoor Duo . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
3.1.3 ConsolePort .................................... 10
3.1.4 Conguring the Engage BlackDoor Duo for the LAN . . . . . . . . . . . . . . 11
3.1.5 EthernetInterfaces................................. 11
3.1.6 EthernetStatusLEDs............................... 11
4 Command Line Interface 12
4.1 ConsoleCommunication.................................. 12
4.2 LoggingintoBlackDoorDuo............................... 12
4.3 OverviewofCommands .................................. 12
4.3.1 Categories...................................... 12
4.3.2 CongurationModes................................ 13
4.3.3 Syntax for Command Parameters . . . . . . . . . . . . . . . . . . . . . . . . . 13
CONTENTS Page 3
BlackDoor Duo Engage Black
4.4 System Level or General Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
4.5 showCommands ...................................... 14
4.6 CongurationCommands ................................. 14
4.6.1 CongCommands ................................. 14
4.6.2 Cong Interface Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
4.6.3 Cong BlackDoor Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
4.6.4 Cong Quantum Key Distribution Commands . . . . . . . . . . . . . . . . . 18
5 Troubleshooting 19
5.1 Unable to Communicate with BlackDoor Duo . . . . . . . . . . . . . . . . . . . . . . 19
5.2 Ethernet/General...................................... 19
5.3 HighEthernetErrorCount ................................ 19
5.4 Can't Communicate using SSH with the BlackDoor Duo . . . . . . . . . . . . . . . . 19
5.5 Can't communicate to BlackDoor Duo - Console Port . . . . . . . . . . . . . . . . . 20
5.6 BlackDoor Duo O Net IP Interconnect Verication . . . . . . . . . . . . . . . . . . 20
5.7 TCP/IPConnection .................................... 20
5.8 Can't IP Ping Remote BlackDoor Duo . . . . . . . . . . . . . . . . . . . . . . . . . . 20
6 Appendix 21
6.1 BlackDoor Duo Specications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
6.1.1 EthernetPort.................................... 21
6.1.2 LANProtocol.................................... 21
6.1.3 UpgradeCapable.................................. 21
6.1.4 Management .................................... 21
6.1.5 PowerSupply.................................... 21
6.1.6 Physical....................................... 21
7 Glossary 22
7.1 GeneralNetworkingTerms ................................ 22
7.2 TCP/IPNetworkingTerms ................................ 22
CONTENTS Page 4
BlackDoor Duo Engage Black
1 Introduction
BlackDoor Duo User's Guide provides the information users require to install, congure and operate
the BlackDoor Duo product developed and manufactured by Engage Communication Inc. This
product will enable the user to install the function, across an IP network, to move data in a securely
packaged form, to a unit in a remote location. Protocols supported include legacy protocols such as
NetBEUI, IPX, AppleTalk and Decnet. Legacy applications that utilize non-routable protocols are
able to access services across an IP point to point connection.
1.1 Security
BlackDoor Duo provides a high level secure communication by only exchanging packets with the
remote network. The Ethernet frames within the IP envelope must be addressed to specic Ethernet
MAC addresses.
Network security is established with Full On Source, Destination Address, UDP Port and IP Packet
ltering. Interconnectivity is selectively controlled at the interface, network device and application
layers.
1.2 Management
Management of BlackDoor Duo is accomplished with a Command Line Interface, (CLI), that
is accessed through the console port or an SSH connection. Templates of the most common
congurations provide for an Edit and Paste approach.
1.3 Unit Ports and Indicators
1.3.1 Console Port
A console port for "Out of Band" management access to the unit.
1.3.2 LAN Interface
BlackDoor Duo provides two 10/100/1000BaseT Ethernet LAN interfaces. Management via the
LAN ports is enabled when access to the unit is more convenient remotely. LAN1 typically receives
unencrypted data from a local network and the LAN2 port moves the encrypted data to a remote
BlackDoor Duo _
LAN protocols IP, TCP and ICMP are supported.
1.4 About this Guide
1.4.1 Organization
Introduction
provides an overview of the
BlackDoor Duo User's Guide
as well as feature descriptions.
Installation QuickStart
provides a concise description of the installation and conguration process,
plus examples to get the experienced user up and running in a minimum of time.
Installation of BlackDoor Duo
gives a detailed step by step of the installation and initial conguration
of the units. It covers the physical environment and connections required to install the units then
1 INTRODUCTION Page 5
BlackDoor Duo Engage Black
steps the administrator through the conguration process of the console port and LAN connections.
Command Line Interface
provides a command-by-command description of the upper level interface
as well as the interfaces to the various ports.
??
details the conguration and ongoing operation of BlackDoor Duo. Several common
congurations are provided as examples.
Troubleshooting
reviews some of the common issues that may occur during installation and normal
operation of the units and provides descriptions of causes and solutions to these issues.
Appendix
- BlackDoor Duo specications, connector pinouts and crossover wiring details and includes
diagrams of the units.
Glossary
- Telecommunication and TCP/IP terminology.
1.4.2 Intended Audience
This manual is intended for administrators of telecommunication and network systems. The
technical content is written for readers who have basic computer, telecommunication and networking
experience.
It is important that any administrator responsible for the installation and operation of Engage
BlackDoor products be familiar with IP networking and data communication concepts, such as
network addressing and synchronous serial interfaces. These terms are central to an understanding
of BlackDoor functionality, and are covered in the Glossary section.
1 INTRODUCTION Page 6
BlackDoor Duo Engage Black
2 Installation QuickStart
This QuickStart Chapter is intended for users who understand how they want their BlackDoor Duo
installed and congured and only require the mechanics of performing that installation.
2.1 Communication with BlackDoor Duo
2.1.1 Console Port
Initial communication with BlackDoor Duo unit is made through the Console port, utilizing the
Command Line interface, (CLI) detailed in Chapter 4:
Command Line Interface.
Please use the provided USB to DB9 serial converter to connect to the BlackDoor Duo's USB port.
The DB9 side of the cable will connect to a computer that is running a Terminal Server program
(TeraTerm, HyperTerm, etc.). It is typical to connect the DB9 to another USB to DB9 serial
converter as DB9 serial ports are not common on todays computers. In this case, use the NULL
MODEM ADAPTER provided to allow communication between BlackDoor Duo and computer. The
use of the null modem adapter is necessary when using two USB to DB9 serial converter cables.
Once a serial connection between a workstation and the BlackDoor Duo console port is established
and a carriage return
<
CR
>
is entered, a
Login
prompt will appear.
The default login is:
root
.
The default password for rst time login is also
root
. It is highly recommended that the password
be changed upon initial login.
2.1.2 SSH
Once an IP address has been assigned, the user can log into the unit via the network and continue
conguration using SSH. Most SSH clients are compatible with the BlackDoor Duo.
2.2 Editing & Pasting Congurations
Users of either CLI have the option of editing a standard BlackDoor Duo conguration in a text
editor and pasting that conguration to BlackDoor Duo. The examples in this section are included
in a conguration le found on the shipping disk.
Edit the desired conguration listing using a simple text editor. Connect to the BlackDoor Duo unit
through SSH or the Console port, then enter the conguration mode with the command:
cong
.
Paste the edited text, comments and all, to the BlackDoor Duo, then issue the command:
save
.
The unit will reset and come up with the new conguration.
To save an BlackDoor Duo conguration to a le, issue the command:
show conguration all
,
and copy the output of the command to a le with your text editor.
2.3 BlackDoor Duo Cabling
BlackDoor Duo uses standard 10/100/1000BaseT Ethernet cabling to connect to an Ethernet switch,
router or hub. A crossover 10/100/1000BaseT cable can be used for direct connection to a single
router, wireless radio or other Ethernet device.
2 INSTALLATION QUICKSTART Page 7
BlackDoor Duo Engage Black
The cabling used to connect BlackDoor Duo LAN Ports to a switch, router or hub is straight through
Ethernet cabling.
2.4 BlackDoor Duo Conguration Parameters
The setup of BlackDoor Duo involves conguration of the:
Interface Specic Parameters
BlackDoor Duo System Parameters
2.4.1 Interface Specic Parameters
Console Conguration Parameters
Serial communication settings to the USB serial port should be set as:
115200 baud, 1 stop bit, no parity, 8 bit data, ow control none
LAN Conguration Parameters
BlackDoor Duo Ethernet number 2 (LAN2) is congured for network connectivity. The following
parameters must match the conguration of the LAN interface to which it is connected.
2.4.2 BlackDoor Duo System Parameters
System parameters include BlackDoor Duo Host name, the Ethernet IP address and the default
router.
host name
Provide a unique name for BlackDoor Duo.
Example:
host name AptosBlackDoor
ip address
BlackDoor Duo requires conguration of the LAN2 interface which will communicate to another
BlackDoor Duo. BlackDoor Duo IP packets communicate over LAN2 only. Conguration of
the LAN1 (Local Network) interface is required in Mode Route but optional in Mode Bridge.
Management access to the unit via SSH is possible via LAN1 or LAN2.
Example:
ip address aaa.bbb.ccc.ddd
default gateway
If the remote BlackDoor Duo, whose IP address is congured with
ip address
, resides on a dierent
IP network from the Local BlackDoor Duo, a default gateway must be specied. The default gateway
is typically the local IP WAN Router.
Example:
default gateway aaa.bbb.ccc.ddd
Conguration Examples
2 INSTALLATION QUICKSTART Page 8
BlackDoor Duo Engage Black
With the
show cong
command you can list the conguration parameters of the system and both
LAN ports.
Example:
This is an example of a conguration of the BlackDoor Duo with ip address for each unit on dierent
networks. Note a default gateway is required for this conguration.
unit 1 unit 2
default gateway 192.168.3.254
interface lan1
ip address 192.168.2.50
interface lan2
ip address 192.168.3.50
peer ip address 192.168.3.50
default gateway 192.168.4.254
interface lan1
ip address 192.168.2.50
interface lan2
ip address 192.168.4.50
peer ip address 192.168.3.50
2 INSTALLATION QUICKSTART Page 9
BlackDoor Duo Engage Black
3 Installation of BlackDoor Duo
This section provides details on the physical location and connections required for the installation of
Engage BlackDoor Duo equipment. Also covered is the initial communication with BlackDoor Duo.
References are made to BlackDoor Duo Command Line Interface as well as Conguration and
Operation. These topics are covered in detail in later chapters.
The use of Engage BlackDoor Duo systems to encrypt trac between two Ethernet LANs over an
IP network requires one BlackDoor Duo unit at each end.
A standard BlackDoor Duo package includes:
BlackDoor Duo unit - with installed LAN interface
Console port adapter and cable
Power Converter (110 or 220 VAC input/12 VDC output)
Documentation Compact Disk with BlackDoor Duo User's Guide and conguration examples
3.1 Installing the Hardware
3.1.1 Locating BlackDoor Duo
Site consideration is important for proper operation of BlackDoor Duo. The user should install the
unit in an environment providing:
A well-ventilated indoor location
Access within six feet of a power outlet
Two feet additional clearance around the unit to permit easy cable connection
As an option, BlackDoor Duo can be mounted in a standard 19 inch equipment rack, (rack mounts
are available from Engage).
3.1.2 Powering BlackDoor Duo
Engage BlackDoor Duo units utilize an external power adapter, available in 110 VAC and 220 VAC
versions, providing DC output.
The appropriate power adapter is provided with each unit. Ensure the power adapter is not
connected to power then plug the DC adapter into the rear panel POWER connector.
3.1.3 Console Port
BlackDoor Duo includes a Console port for initial conguration. It may be used for serial
communication from a local workstation or for remote connection via a modem. The Console port
utilizes a USB port.
Please use the provided USB to DB9 serial converter to connect to the BlackDoor Duo's USB port.
The DB9 side of the cable will connect to a computer that is running a Terminal Server program
(TeraTerm, HyperTerm, etc.). It is typical to connect the DB9 to another USB to DB9 serial
converter as DB9 serial ports are not common on todays computers. In this case, use the NULL
3 INSTALLATION OF BLACKDOOR DUO Page 10
BlackDoor Duo Engage Black
MODEM ADAPTER provided to allow communication between BlackDoor Duo and computer. The
use of the null modem adapter is necessary when using two USB to DB9 serial converter cables.
Communication to the console port should be set for:
115200 baud, 1 stop bit, no parity, 8 bit xed, ow control none
Once a serial connection between a workstation and BlackDoor Duo console port is established and
a carriage return
<
CR
>
is entered, a Login prompt will appear.
The default login is: root.
The default password for rst time login is also
root
. It is highly recommended that the password
be changed upon initial login.
3.1.4 Conguring the Engage BlackDoor Duo for the LAN
BlackDoor Duo needs to be congured with a number of parameters for proper operation on the
network, including:
Ethernet IP address
IP data target unit IP address (peer ip address)
Default gateway if the IP data target is on another IP network
Mode Route or Mode Bridge. Mode Route utilizes layer 3 encryption where the BlackDoor
Duo acts as a router. Mode Bridge utilizes layer 2 encryption where the BlackDoor Duo acts
as a bridge between the LAN1 ports of the local and remote units.
The conguration procedure depends on the network environment in which BlackDoor Duo is to be
installed.
Note: It is strongly suggested that you congure BlackDoor Duo with its unique network identity
before making any Ethernet or Wide Area connections.
3.1.5 Ethernet Interfaces
Engage BlackDoor Duo systems utilize 10/100/1000BaseT Ethernet cable to connect to the Local
Area Network. Each system provides a 10/100/1000BaseT interface on the front panel for connection
to an Ethernet switch or hub using a straight-thru Ethernet cable. For direct connection to a PC
or other LAN device, the user should obtain a 10/100/1000BaseT crossover cable.
10/100/1000BaseT Ethernet cabling and crossover pinouts are provided in the Appendices.
3.1.6 Ethernet Status LEDs
The green LED on the right side of the Ethernet interface indicates link established and it will blink
for activity.
The amber LED on the left side of the Ethernet interface indicates a 1000BaseT link established.
3 INSTALLATION OF BLACKDOOR DUO Page 11
BlackDoor Duo Engage Black
4 Command Line Interface
Command Line access to BlackDoor Duo may be via a serial connection to the Console port or an
SSH connection to the Ethernet interface.
SSH provides a secure communications facility dening a standard method of interfacing terminal
devices to each other. Any standard SSH client can be used to communicate to an Engage BlackDoor
Duo provided there is IP connectivity between the User Host and the BlackDoor Duo.
For communication through the Console port, standard terminal communication software is used.
4.1 Console Communication
Serial communication to the console port should be congured for:
115200 baud, 1 stop bit, no parity, 8 bit xed, ow control none
Please use the provided USB to DB9 serial converter to connect to the BlackDoor Duo's USB port.
The DB9 side of the cable will connect to a computer that is running a Terminal Server program
(TeraTerm, HyperTerm, etc.). It is typical to connect the DB9 to another USB to DB9 serial
converter as DB9 serial ports are not common on todays computers. In this case, use the NULL
MODEM ADAPTER provided to allow communication between BlackDoor Duo and computer. The
use of the null modem adapter is necessary when using two USB to DB9 serial converter cables.
4.2 Logging in to BlackDoor Duo
An SSH session is opened by providing the IP address of the BlackDoor Duo. On opening
a Command Line Interface, (CLI) session, via the Console port or SSH, the
login
prompt
requires entry of a login ID.
The default login ID:
root.
BlackDoor Duo is shipped with default passwords. Passwords are set or modied with the
passwd
command, detailed below.
4.3 Overview of Commands
The Engage CLI supports shorthand character entry. At most 3 characters are required for the
parsing of commands. For example:
show conguration
can be entered as:
sh con
. The CLI is
not case sensitive. Description of the commands uses both upper and lower case for syntax denitions
and examples. A full description of the command line interface follows.
4.3.1 Categories
The command set can be divided into four categories:
General
Show
Cong
Cong Interface
4 COMMAND LINE INTERFACE Page 12
BlackDoor Duo Engage Black
4.3.2 Conguration Modes
For the
cong
and cong
interface
commands, Engage employs a modal approach. The user enters
the Cong mode, makes changes, then Saves those changes. On Saving the changes the user leaves
the Cong mode.
The Cong interface mode, within the Cong mode, is used to set parameters for a specied interface.
Once in the Conguration mode, the user enters the
interface
command. All subsequent commands
apply to the specied interface.
The command prompt indicates the mode of operation:
name#
the single \#" indicates standard mode
name##
indicates BlackDoor Duo is in the Cong mode
name(LAN1)##
BlackDoor Duo is in Cong Interface mode for LAN Port 1
To move up one level, from Interface Cong mode to Cong mode, enter the
interface
command
with no argument. To change between interfaces when in Interface Cong mode, specify the new
interface. For example:
name(s1)## interface lan1
Note: The LAN1 port is the private (local) interface, commonly receives data and LAN2 is the
public (WAN) port and generally sends data.
4.3.3 Syntax for Command Parameters
fg
== one of the parameters in set is required
[ ] == one of the parameters in set is allowed (optional)
4.4 System Level or General Commands
passwd
Allows setting or modifying the login password. The BlackDoor Duo ships with default passwords.
On entering the
passwd
command, the user is prompted to enter, and conrm, the new password.
bye
j
quit
j
logout
Any of these commands will terminate the user session. If you have unsaved conguration changes,
you will be prompted to save or discard the new conguration.
reset
Resets BlackDoor Duo.
ping
f
dest.address
g
[src.address] [ [
f
number
g
] ]
Sends an ICMP ECHO message to the specied address. Any source address from an interface on
BlackDoor Duo can be used. This can be useful to test routes across a LAN or WAN interface.
By default, only 1 message (packet) is sent. A numeric value can be entered to send more than one
message.
upgrade [user@]
f
SFTP host
g
:
f
Filename
g
4 COMMAND LINE INTERFACE Page 13
BlackDoor Duo Engage Black
SFTP (secure le transfer protocol) provides a means for upgrading BlackDoor Duo rmware in
a TCP/IP environment. An SFTP upgrade may be accomplished from a CD provided by Engage
Communication if the user can congure their own local SFTP server and place the appropriate
upgrade le, from the CD or from Engage Tech Support, on the server.
Once a connection to a SFTP server site has been established, issue the
upgrade
command.
Note that an BlackDoor Duo which is running an upgrade must go through a reset when performing
an upgrade. This may cause the SSH connection to drop. If this does occur, simply re-establish the
SSH connection.
4.5 show Commands
show interface [lan1
j
lan2
j
black
j
qkd]
f
info
j
statistics
g
Provides details on either LAN interface. If no interface is specied, either the current interface per
\
interface
" command will be used, or all interfaces will be shown.
info
details the port type, port state, etc., status of the encryption tunnels (black), status of the
quantum key distribution network.
statistics
lists the packets transmitted, received, etc.
show router
provides general conguration and status information, including the Ethernet
hardware address and the rmware version.
show cong all
provides a list of all conguration parameters. No argument is the same as
all
.
This list provides the basis for storing an BlackDoor Duo conguration into a local text le. The
full conguration can be edited oine.
show cong interface [lan1
j
lan2]
If no interface is specied, either the current interface per the
interface
command will be used, or
all interfaces will be shown.
show cong router
lists BlackDoor Duo Hostname, etc.
4.6 Conguration Commands
4.6.1 Cong Commands
Enter the conguration mode, at which point the following commands may be used.
save
Save the changes and exit Conguration mode.
end
Exit Conguration mode.
restore
Restores the current BlackDoor Duo conguration, ignoring any changes which have been made
during the current
cong
session.
host name
f
namestring
g
Provide a unique name for BlackDoor Duo. The new host name does not take eect until a save
4 COMMAND LINE INTERFACE Page 14
BlackDoor Duo Engage Black
and reset is performed. For example:
host name Dallas IPTube
default gateway address
Enter the IP address of the default router or gateway. This must be an IP address on the same
network as BlackDoor Duo.
local gateway address
Species a gateway for LAN1. Eective only when mode route is congured. Use it to specify a
gateway for local encrypted routes that are not on the LAN1 network. This must be an IP address
on the same network as LAN1.
4.6.2 Cong Interface Commands
Conguration of BlackDoor Duo involves setting parameters for the LAN interfaces. The user must
specify which interface is being congured with the command:
interface [lan1
j
lan2]
To move up one level, from
Interface Cong
mode to
Cong
mode, enter the
interface
command
with no argument. To change between interfaces when in
Interface Cong
mode, specify the new
interface. For example:
name(LAN1)##
interface lan1
ip address address
The interface IP address is required for conguration with SSH or connectivity tests with ping. This
conguration parameter is required for LAN2 only. LAN1 is optionally congured for an IP address
Example assigning IP address:
ip address 192.168.1.1
Example removing IP address:
ip address
4.6.3 Cong BlackDoor Commands
enterkey
authentication-string
Enter a string that is used as an authentication secret. The BlackDoor Duo authentication secret
must be the same as congured on the remote unit in order for an encryption tunnel to be set up.
peer ip address address
Species the destination ip address of the remote BlackDoor Duo unit.
mode
f
bridge
j
route
g
bridge
species layer 2 encryption where the BlackDoor Duo acts as a bridge between the LAN1
ports of the local and remote units.
route
species layer 3 encryption where the BlackDoor Duo acts as a router and the specied routes
are encrypted.
tunnel udp port value
Species the UDP port source and destination address for the bridge packet tunnel to the
4 COMMAND LINE INTERFACE Page 15
BlackDoor Duo Engage Black
remoteBlackDoor Duo. This port number is typically 1701 but can be any available port on the
router. Valid only in mode bridge.
remote encrypted routes
f
route[, route]
g
Species routes to be encrypted and sent to the remote BlackDoor Duo. The route must be in CIDR
notation. Example: 192.168.4.0/24. Multiple routes are separated by a comma with no white space
before or after the comma. Valid only in mode route.
local encrypted routes
f
route[, route]
g
Species local routes that are encrypted by the remote and sent to the local BlackDoor Duo.
local
enrypted routes
should match the
remote encrypted routes
specied on the remote BlackDoor
Duo. The route must be in CIDR notation. Example: 192.168.3.0/24. Multiple routes are separated
by a comma with no white space before or after the comma. Valid only in mode route.
rekey period
Species the time in minutes the BlackDoor Duo establishes new encryption and message
authentication keys with the remote unit.
Example:
This is an example of a conguration of the BlackDoor Duo in mode bridge.
unit 1 unit 2
default gateway 192.168.3.254
interface lan1
ip address 192.168.2.50
interface lan2
ip address 192.168.3.50
mode bridge
peer ip address 192.168.4.50
tunnel udp port 1701
default gateway 192.168.4.254
interface lan1
ip address 192.168.2.50
interface lan2
ip address 192.168.4.50
mode bridge
peer ip address 192.168.3.50
tunnel udp port 1701
4 COMMAND LINE INTERFACE Page 16
BlackDoor Duo Engage Black
Example:
This is an example of a conguration of the BlackDoor Duo in mode route with one encrypted
network.
unit 1 unit 2
default gateway 192.168.3.254
interface lan1
ip address 192.168.2.50
interface lan2
ip address 192.168.3.50
mode route
peer ip address 192.168.4.50
remote encrypted routes 192.168.5.0/24
local encrypted routes 192.168.2.0/24
rekey period 60
default gateway 192.168.4.254
interface lan1
ip address 192.168.5.50
interface lan2
ip address 192.168.4.50
mode route
peer ip address 192.168.3.50
remote encrypted routes 192.168.2.0/24
local encrypted routes 192.168.5.0/24
rekey period 60
Example:
This is an example of a conguration of the BlackDoor Duo in mode route with more than one
encrypted network.
unit 1 unit 2
default gateway 192.168.3.254
local gateway 192.168.2.254
interface lan1
ip address 192.168.2.50
interface lan2
ip address 192.168.3.50
mode route
peer ip address 192.168.4.50
remote encrypted routes
192.168.5.0/24,192.168.6.0/24
local encrypted routes
192.168.2.0/24,192.168.1.0/24
rekey period 60
default gateway 192.168.4.254
local gateway 192.168.5.254
interface lan1
ip address 192.168.5.50
interface lan2
ip address 192.168.4.50
mode route
peer ip address 192.168.3.50
remote encrypted routes
192.168.2.0/24,192.168.1.0/24
local encrypted routes
192.168.5.0/24,192.168.6.0/24
rekey period 60
4 COMMAND LINE INTERFACE Page 17
BlackDoor Duo Engage Black
4.6.4 Cong Quantum Key Distribution Commands
kme ip address
Species the IP address of the KME unit providing a quantum key to the BlackDoor Duo.
qkd mode
f
o
j
master
j
slave
g
When
o
the BlackDoor Duo does not utilize Quantum Key Distribution.
master
congures the
BlackDoor Duo to act as a master secure application entity in the quantum key distribution network.
slave
congures the BlackDoor Duo to act as a slave secure application entity.
sae peer id id
Specify a string representing the SAE ID of the BlackDoor Duo remote unit (not this unit). SAE
ID assignment is in the scope of the quantum key distribution network.
Example:
This is an example of a conguration of the BlackDoor Duo for Quantum Key Distribution.
unit 1 unit 2
kme ip address 10.0.0.75
sae master
sae peer id blackdoor-qkd-slave
kme ip address 10.0.0.76
sae slave
sae peer id blackdoor-qkd-master
4 COMMAND LINE INTERFACE Page 18
BlackDoor Duo Engage Black
5 Troubleshooting
Communication and Network systems are subject to problems from a variety of sources. Fortunately,
an organized troubleshooting approach usually leads to the area of the problem in short order. It is
essential to distinguish between problems caused by the LAN (network system), the WAN equipment
(communication equipment) and BlackDoor Duoconguration.
This troubleshooting section is structured with symptoms in the order the user might encounter
them.
5.1 Unable to Communicate with BlackDoor Duo
Installations rst require communication with the BlackDoor Duo through console access or from
the network, usually the same network as BlackDoor Duo itself. Proceed through the following
symptoms if you are unable to communicate with the local BlackDoor Duo using SSH, Ping, etc.
IP Addressing should be double checked if accessing the unit via the network.
5.2 Ethernet/General
Cause: Network Cabling is faulty
Solution: Verify cabling is good by swapping BlackDoor Duo cabling with a known good cable and
connection. Check the status LEDs on the 10/100/1000BaseT switch to conrm a good connection.
If necessary, create a stand-alone LAN with just the workstation and BlackDoor Duo.
5.3 High Ethernet Error Count
Cause: Bad cabling or building wiring
Solution: Check all cabling. Swap to known good port on 10/100/1000BaseT switch or hub to
troubleshoot, (testing with large Ping Packets to ascertain quality of Ethernet Connection). To
eliminate issues with building wiring connect BlackDoor Duo with a known good Ethernet cable in
the same room as the Ethernet hub.
5.4 Can't Communicate using SSH with the BlackDoor Duo
Cause: IP address is not set properly on the BlackDoor Duo
Solution: The Console Port (using cable included with the product) provides direct access to the
command line interface of BlackDoor Duo. The Console port utilizes the CLI, detailed in
Command
Line Interface
. Here the IP address can be double checked for accuracy.
Cause: Workstation not on the same subnet as the BlackDoor Duo
Solution: During an initial conguration of an BlackDoor Duo, communication should come from
within the same net/subnet. With no default router, BlackDoor Duowill not be able to reply to
communication o its own subnet.
Cause: IP stack on the workstation not congured
Solution: Ensure that other devices on the same LAN can be pinged, or otherwise 'seen'.
5 TROUBLESHOOTING Page 19
Other manuals for BlackDoor Duo
2
Other Engage Black Network Hardware manuals
Popular Network Hardware manuals by other brands
Vicon
Vicon SMS Enterprise Installation & operation manual
ICT
ICT Protege PRT-RDE2-PCB installation manual
Kerlink
Kerlink Wirnet iStation 915H quick start guide
Symantec
Symantec NetBackup 5200 Series Product description
Matrix Switch Corporation
Matrix Switch Corporation MSC-HD121AAL product manual
Huawei
Huawei EchoLife HS8245W1 installation guide
