If the LAN-520 channel 1 port # has been changed to 1234 then this is highly indicative that the device has been hacked. The default value for the port number is 10001. This is the number that identifies the channel for remote initiating connections. The range is 1-65535, except for the following reserved numbers.
1 - 1024
Reserved (well known ports)
Reserved for Redirector
Note: Keri Systems strongly recommends that you not use any of the reserved port numbers for this setting as incorrect operation will likely result.
In addition, Keri also strongly recommends setting a Telnet/Web Configuration password on the LAN-520 to reduce the possibility of the device being hacked.
If your LAN-520 has been hacked, the first thing you will need to do is physically go to the device and perform a factory reset.
Note: The factory reset procedure only applies to the LAN-520 AES module. The much older LAN-520 and LAN-520X modules do not have the reset pins and so if these units are hacked it is most likely the unit will need to be replaced.
2.0 LAN-520AES Factory Reset
Perform the following steps to reset the LAN-520AES unit to its factory default settings:
- Power the unit OFF.
- Place a jumper across the Factory Default Jumper pins.
- Power the the unit ON – this resets the LAN-520AES unit.
- Power the unit OFF.
- Remove the jumper from the Factory Default Jumper pins.
3.0 Re-Configure the Unit
4.0 Set a Telnet/Web Manager Password
Keri systems strongly recommends setting the LAN-520 with a password (to prevent unauthorized connections to the module).
Note: The following steps require Telnet to be enabled on the host PC.
- Double-click the LAN-520 device listed in Lantronix Device Installer.
- Select the Telnet tab and then click on the CONNECT button.
- As soon as the Telnet sign-on screen appears, press <Enter> to go into the LAN-520X Setup mode. There is a two to three second window in which you must press <Enter> before the Telnet session automatically closes. If the Telnet session closes before you enter Setup mode (if nothing happens when you press <Enter>), simply click the button to establish the connection.
- Once Telnet connects with the LAN-520 all current configuration information is displayed and the cursor is placed at the “Your choice” field.
- Enter 0 to go into the device's server settings.
- Enter through the list of options until you see: 'Change Telnet/Web Manager Password'.
- Enter Y for Yes, then enter.
- Input the password you wish to assign to the device.
Note: If you forget or lose the LAN-520 assigned password you will need to perform a factory reset on the device (see section 2.0).
5.0 Apply Additional Security Settings
You can change security settings via Telnet or serial connections only, not on the Web-Manager.
- Perform a Telnet connection to the LAN-520.
- From the device main menu screen, enter the number 6 to access the device security settings.
Note: We recommend that you set security over the dedicated network or over the serial setup. If you set parameters over the network (Telnet 9999), someone else could capture these settings. Caution: Disabling both Telnet Setup and Port 77FE prevents users from accessing the setup menu from the network.
Disable SNMP This setting allows you to disable the SNMP protocol on the unit for security reasons.
SNMP Community Name This setting allows you to change the SNMP community name. Community name is a required field for NMS to read or write to a device. The default setting is public. The name is a string of 1 to 13 characters.
Disable Telnet Setup Note: If you choose to disable this option, please note that disabling both Telnet Setup and Port 77FE prevents users from accessing the setup menu from the network. This setting defaults to the N (No) option. The Y (Yes) option disables access to Setup Mode by Telnet (port 9999). It only allows access locally via the web pages and the serial port of the unit.
Disable TFTP Firmware Upgrade This setting defaults to the N (No) option. The Y (Yes) option disables the use of TFTP to perform network firmware upgrades. With this option, you can download firmware upgrades over the serial port using DeviceInstaller’s Recover Firmware procedure. (See Serial Port Recovery Procedure on page 5-3.)
Disable Port 77FE (Hex)
Note: If you choose to disable this option, please note that disabling both Telnet Setup and Port 77FE prevents users from accessing the setup menu from the network.
Port 77FE is a setting that allows DeviceInstaller, Web-Manager, and custom programs to configure the unit remotely. You may wish to disable this capability for security purposes. The default setting is the N (No) option, which enables remote configuration. You can configure the unit by using DeviceInstaller, web pages, Telnet, or serial configuration. The Y (Yes) option disables remote configuration and web sites. Note: The Yes option disables many of the GUI tools for configuring the unit, including the embedded Web-Manager tool.