User Manual - EndRun Technologies
Contents
1. e You have installed NTP on your client computer e You have successfully performed the MDI Authenticated NTP Client Setup on yout client computer if you plan to use MD5 authentication Configure NTP You must edit the n p conf file which ntpd the NTP daemon looks for by default in the the efc directory Assuming that your Pr cis Cntp server has been configured to use key 2 for broadcast authentication as shown in the example in Chapter 2 make sure that key 2 is included in the trustedkey line and add this line to the end of the p conf file broadcastclient If you are not using MD5 authentication you would add these lines disable auth broadcastclient If you are using multicast instead of broadcast mode you would replace the broadcast 25 Pr cis Cntp User s Manual ENDRUN TECHNOLOGIES client keyword with the multicastclient keyword You may remove the line added previously in Basie NIP Client Setup server 192 168 1 245 Przecis Cntp User s Manual 26 ENDRUN TECHNOLOGIES Setting Up NTP Clients on Windows NT 4 0 2000 must have successfully completed the Basic Installation procedures in Chapter 2 This manual is not a How To on installing and using NTP basic approaches to NTP configuration for operation with the Praecis Cntp will be described here Installa tion must be performed by a user with administrative priviledges on the system If you have never used NTP then you should spend some ti2. NTP Simple Network Time Protocol SNTP reply packets in response to NTP SNTP request packets which it has received from clients The timestamps it sends in its NTP SNTP teply packets are accurate to less than one hundred microseconds NTP SNTP client software is available for virtually all operating systems T Pr cis Cntp is a precision server of Universal Coordinated Time UTC that c The Pr cis Cntp is composed of a Pr cis Cntp Code Division Multiple Access CDMA time and frequency engine an IBM PC compatible single board computer with fanless convection cooled 133 MHz CPU with integral ethernet interface and a power supply Non volatile storage of the embedded Linux operating system and the Pr cis Cntp ap plication software on the single board computer is via a solid state FLASH disk For more detailed information that is not included in this manual and links to other sites please visit our website http www endruntechnologies com There you can also download firmware upgrades the latest manuals and other documentation CDMA Timing How it Works CDMA mobile tele The CDMA time and frequency engine in the Pr cis Cntp communications base stations must be synchronized receives transmissions from base stations also known as cell sites that are operating in compliance with the TIA EIA IS 95 standard for Code Division Multiple Access CDMA mobile telecommunications This system requires a means of synchronizing the
3. Using netconfig to Set Up Your IP for details on the use of the command This script creates or modifies these files etc HOSTNAME etc hosts etc networks ete resol conf and etc rc d rcinett All of these are non volatilely stored in the FLASH disk boot ete directory You must re boot the Pr cis Cntp after running this script for the changes to take effect Usage Set netconfig Pr cis Cntp response interactive shell script is started ntpconfig This command starts an interactive shell script that will allow the user to configure the NTP sub system of the Praecis Cntp By default the unit is configured to authenticate its replies to clients using its default MD5 keys in the etc ntp keys file If you need to create your own MD5 keys recommended or set up broadcast multicast operation you must run this script as root Refer to Chapter 2 Configuring the Network Time Protocol for details on the use of this command The two files that are modified are e ntp keys and etc ntp conf Both of these are non volatilely stored in the FLASH disk doot et directory You must re boot the Precis Cntp after running this script for the changes to take effect Usage Set ntpconfig Preecis Cntp response interactive shell script is started updatelilo This command allows the user to update the configuration of the Linux Loader LILO after a new root file system image has been uploaded to the upgrade root file system partition
4. closely monitor or optimize the performance of your Pr cis Cntp you should consult either the web or good Linux reference books like Linux in a Nutshell Seiver O Reilly amp Associates 1999 Running Linux Welsh Dalheimer amp Kaufman O Reilly amp Associates 1999 to learn the ins and out of the Linux command console 35 Przecis Cntp User s Manual ENDRUN TECHNOLOGIES Available User Commands OMMAND UNCTION accessconfig cdmaleapconfig camaleapmode camastat camaversion cntpena bleupgrade Interactive shell telnet ssh and snmpd access to the Pr cis Cntp that is limited to specific hosts The resulting efc hosts allow and etc hosts deny files ate saved to the non volatile FLASH disk Factory default configuration allows access by all hosts i 1 j e way in which UTC leap seconds are handled either AUTOmatically via CDMA basestation transmissions or by USER entered current and future leap second parameters gt either AUTO or USER If USER prints the current and future leap second values tints the CDMA sub system status information to the console rints the COMA firmware and A version information to the console Enables a firmware upgrade by mounting the FLASH dis partitions that hold compressed root file system images rints the ethernet hardware address if the ethernet has been configured oscillator type whic DIP OCXO MS OCXO HS OCXO or Rubidium configured users on the Pr
5. time out condition If the CDMA sub system reaches the unsynchronized TFOM state the NTP daemon will cease to use the timing information returned by the CDMA sub system in its polling event timestamps At this point the NTP daemon will report in its replies to network NTP clients that are receiving synchronization from the Preecis Cntp that it is running at stratum 11 NTP clients will recognize that and cease to use the unsynchronized server Pr cis Cntp User s Manual 48 ENDRUN TECHNOLOGIES RS 232 Serial I O Port Signal Definitions DBIM Pin on Pr cis ignal Name Cntp O oe Ring Indicator RI Null Modem Adapter Cable In order to connect the Pr cis Cntp to another computer a null modem adapter must be used The provided adapter cable is wired this way DB A S 4 3 1 5 7 SE ee Pin 6 is not connected 49 Pr cis Cntp User s Manual ENDRUN TECHNOLOGIES Przecis Cntp User s Manual 50 ENDRUN TECHNOLOGIES Appendix Upgrading the Firmware products available for download from our website All such downloads are freely available to our customers without charge After you have downloaded the ap propriate FLASH binary image file from the EndRun Technologies website you are ready to perform the upgrade to your Preecis Cntp Ps EndRun Technologies will make bug fixes and enhancements to our The firmware consists of two FLASH binary image files One of these is the firmware for the Pr cis
6. Cntp itself This firmware executes on the IBM compatible single board computer and contains the embedded Linux operating system and NTP specific appli cation software The other file is the firmware for the CDMA time and frequency sub system This firmware executes in the Preecis Cntp CDMA time and frequency engine Each of these files may be upgraded independently What You Need To Perform the Upgrade You will need to use ftp or sep to transfer the FLASH binary image file s to the Pr cis Cntp This means that you must place the previously downloaded file s in a place on your network which is accessible to the Pr cis Cntp Performing the Pr cis Cntp Upgrade There are two FLASH disk partitions which hold the compressed root file system im ages These are normally unmounted When an upgrade is to be performed they are mounted at rooffs_O and rootfs 1 The factory shipped image is always stored in the first of these partitions as roeoffs_0 rootfsX_ XX gz Where X_XX is the factory shipped version It is stored with the immutable attribute set so that even 100 cannot inadver tently delete it or overwrite it When performing an upgrade you will be copying the new image to the partition that will be mounted on roo fs_1 51 Pr cis Cntp User s Manual ENDRUN TECHNOLOGIES To perform the upgrade log in as the voor user to the Pr cis Cntp using the local console serial I O port telnet or ssh and perform these operations First e
7. III III IIIT II III IIIA kk k k k kk kkk k k k k k k k d d d k e d e d de de de de de de d de de d d d k k k k k This script will allow you to configure the ntp conf and ntp keys files that control Praecis Cntp NTP daemon operation You will be able to create new MD5 authentication keys which are stored in the ntp keys file You will be able to update the authentication related commands in the ntp conf file You will be able to configure the broadcast mode of operation with or without authentication If you supply the multicast address instead of your network broadcast address then you will be able to configure the time to live of the multicast packets The changes you make now will not take effect until you re boot the Praecis Cntp If you make a mistake just re run ntpconfig prior to re booting You will now be prompted for the necessary set up parameters FF HF HF HF HF FH HF HF FE HF F HF HF HF FF HH HHH HHH HHH HHH kkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk kkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk MD5 Keyfile Configuration Would you like to create a new ntp keys file y es n o y You will be prompted for a key number 1 65534 then the actual key When you have entered all of the keys that you need enter zero at the next prompt for a key number MD5 keys may contain from 1 to 31 ASCII characters They may not cont
8. The example Pr cis Cntp configuration shown in Chapter 2 Configuring the Network Time Protocol will be assumed in the example configuration commands shown here e You have installed NTP on your client computer e You have successfully performed the MDI Authenticated NTP Client Setup on yout client computer if you plan to use MD5 authentication 31 Pr cis Cntp User s Manual ENDRUN TECHNOLOGIES Configure NTP You must edit the p conf file which ntpd the NTP daemon looks for by default in the the winnt system32 drivers ete directory Assuming that your Precis Cntp server has been configured to use key 2 for broadcast authentication as shown in the example in Chapter 2 make sure that key 2 is included in the trustedkey line and add this line to the end of the p conf file broadcastclient If you are not using MD5 authentication you would add these lines disable auth broadcastclient If you are using multicast instead of broadcast mode you would replace the broadcastclient keyword with the multicastclient keyword You may remove the line added previously in Basie NTP Client Setup server 192 168 1 245 or the authenticated version added in MD5 Authenticated NIP Client Setup server 192 168 1 245 key 1 Re start ntpd exe to have it begin using the Pr cis Cntp as a broadcast or multicast server By default the NTP installation program installs ntpd exe as a service called Network Time Protocol and starts it You
9. and print these messages Praecis Cntp DHCP Client was unable to find the DHCP Server Fix the problem and re boot or set up static IP address by running netconfig dnsdomainname Host name lookup failure none Then these messages are printed in either case Activating IPv4 packet forwarding Starting daemons syslogd klogd inetd Starting the Network Time Protocol daemon Starting the SNMP daemon Starting the system logfile manager Starting the system watchdog woof During this process the factory default PraecisCntp_0 root file system is loaded from FLASH disk to an 8MB ramdisk and the remainder of the boot process completes At this point the Pr cis Cntp login prompt is displayed He e e He He He Fe He ke e He He He He He He He He He KEK He e He He He ke KEKE KEKE EKER KEK KKK KEE k k k k k k k k k k k k k k k k k k k k kk kkk kk kkk kkk kkk x Welcome to Praecis Cntp console on cntp your domain Tue Feb 20 2001 21 47 03 UTC He ke e He He He Fe He ke He He He He He He ke He He He He ke ke e He He He ke KEKE KKK EKER KEK k k k KEK k k k k k k k k k k k k k k k k k k kkk kkk kk kkk kkk kkk cntp login 11 Pr cis Cntp User s Manual ENDRUN TECHNOLOGIES Here you may log in as cntpuser with password Praecis or as the root user with password endrun_1 When logged in as cntpuser you may check status informa tion and view log files but you will not be able to modify any system
10. and protection to EndRun Technologies at the address shown below EndRun will not be responsible for damage incurred during shipping to us Customer is responsible for shipping costs to and from EndRun Technologies Be sure the RMA number is clearly identified on the shipping container After the equipment has been received we will evaluate the nature of the problem and contact you with the cost to repair parts and labor and an estimate of the time necessary to complete the work Limitation of Liability The remedies provided herein are Buyer s sole and exclusive remedies EndRun Technologies shall not be liable for any direct indirect special incidental or consequential damages whether based on contract tort or any other legal theory Table of Contents Introduction E CDMA Timing How it Works 1 Where to Use It Main Features 3 Basic Instalati Checking and Identifying the Hardware 5 Pr cis Cntp Physical Description 6 Performing an Initial Site Survey 7 Installing the Pr cis Cntp 8 Mount the Pr cis Cntp 8 Connecting and Configuring Ethernet 8 Connect the RS 232 Serial I O Port 9 Test the Serial Port 9 Using netconfig to Set Up Your IP 12 Verify Network Configuration 14 Check Network Operation 16 Using Telnet 16 Using SSH 17 Configuring the Network Time Protocol 17 Basic NTP Client Setup 22 Configure NTP 22 MD5 Authenticated NTP Client Setup 23 Create the ntp keys file 23 Configure NTP 24 Broadcast Multicast NTP Client
11. ate stored in Upgrades non volatile FLASH memory so the Pr cis Cntp can be easily upgraded in the field using FTP and TELNET or the local RS 232 serial I O port Secure upgrades are possible via SSH and SCP We make all firmware upgrades to our Pr cis products available to our customers free of charge 3 Pr cis Cntp User s Manual ENDRUN TECHNOLOGIES Przecis Cntp User s Manual 4 ENDRUN TECHNOLOGIES Basic Installation lation of your Pracis Cntp Subsequent chapters and appendices will give you the information needed to configure your installation for the maximum perfor mance in your operating environment General NTP client setup instructions will also be supplied to get you started using your Pr cis Cntp quickly Tu chapter will guide you through the most basic checkout and physical instal Basic familiarity with TCP IP networking protocols like ping telnet and ftp is required Though some familiarity with Linux or other Unix like operating systems would be helpful it is not essential If you satisfy these conditions the instructions provided herein should guide you to a successful installation without extensive gnashing of teeth Checking and Identifying the Hardware Unpack and check all the items using the following check list Contact the factory if anything is missing or damaged The Praecis Cntp Hardware Pack part 4003 0000 000 or 4003 variant contains a Pr cis Cntp part 3007 0000 000 or 3007 v
12. authentication and session privacy In addition the Network Time Protocol daemon ntpd supports client server authentication security measures to deter spoofing of NTP clients by rogue NTP servers This appendix describes these security measures and gives the advanced network administrator information that will allow custom con figuration to fit specific security needs Linux Operating System The embedded Linux operating system running in the Pr cis Cntp is based on kernel version 2 2 13 and version 7 of the Slackware Linux distribution As such it supports a complete set of security provisions e System passwords are kept in an encrypted file e c shadow which is not accessible by users other than root e Direct root logins are only permitted on the local RS 232 console or via SSH e The secure copy utility sep eliminates the need to use the insecure ftp protocol for transferring program updates to the Preecis Cntp 63 Pr cis Cntp User s Manual ENDRUN TECHNOLOGIES e Access via SNMP is configurable to provide the security of the latest version 3 Internet standard which supports both view based access control and user based security using modern encryption techniques Previous versions v1 and v2c sup ported access control essentially via passwords transmitted over the network in plain text Refer to Appendix C Simple Network Management Protocol which is dedicated to configuration of SNMP for details e Individual host access
13. being used by the server and client If you transfer the file by ftp or sep this shouldn t be a problem It is also possible to have a typing error in the etc ntp conf file that causes the needed key to not be included in the trustedkey list 33 Pr cis Cntp User s Manual ENDRUN TECHNOLOGIES Przecis Cntp User s Manual 34 ENDRUN TECHNOLOGIES Control and Status Commands tion to a subset of the standard Linux shell commands utilities the Pr cis Cntp supports several application specific commands for performing initialization setup and for monitoring the performance and status of the NTP and CDMA sub sys tems The standard Linux commands are not documented here A wealth of informa tion is available from a variety of sources on those Only the Praecis Cntp specific com mands will be described here The serial I O port physical and electrical characteristics are defined as well Te appendix describes the Pr cis Cntp control and status commands In addi General Linux Shell Operation The command shell used by the Preecis Cntp is a bash equivalent that is known as ash ash offets good compatibility in running shell scripts written for bash but lacks some of the niceties of bash In particular it lacks command line editing All commands and file names are case sensitive which is standard for Unix like operating systems If you are unfamiliar with Unix like operating systems and you would like to be able to more
14. http www sun com solutions blueprints 0701 NTP pdf http www sun com solutions blueprints 0801 NTPpt2 pdf http www sun com solutions blueprints 0901 NTPpt3 pdf Many problems may also be solved by the helpful people who participate in the Internet news group devoted to NTP news f our news servet comp protocols time ntp Three methods of using the Pr cis Cntp with NTP clients on Unix like platforms will be described 21 Pr cis Cntp User s Manual ENDRUN TECHNOLOGIES Basic This is the simplest and will operate without MD5 authentication NTP beginners should always perform this setup first MD5 This method is trickier only because MD5 keys must be set up and dis tributed accurately to the NTP clients in a secure way The Pr cis Cntp is factory configured to authenticate its replies to NTP MD5 clients using its default set of keys Broadcast Multicast This method simplifies configuration of the clients on large networks since specific server addresses need not be configured in each client s efc ntp conf file It can be configured either with or without MD5 authentication However it is highly recommended that authen tication be configured when using broadcast multicast mode due to the relative ease with which a fake NTP server can take over the clock setting of the broadcast multicast clients on the network Basic NTP Client Setup Basic setup is relatively simple if e You have been able to successfully com
15. ke He He ke ke He He KEKE KKK KEKE e He He ke ke ke KEKE KEK ke k KEKE k k k k KEKE k k k k k k k k k k k kkk kkk kkk kkk kkk He e e He He He He He e He He He He He ke He He He He He He ke He He He He ke ke e He He ke ke ke ke ke ke ke k k k k k k k k k k k k k k k k k k k k k k kk kk kkk kkk kkk kkk kkk DHCP Settings Use a DHCP server to configure the ethernet interface y es n o n HOST name setting Set the hostname of your Praecis Cntp Only the base hostname is needed not the domain Enter hostname cntp DOMAIN name setting Set the domain name Do not supply a leading Enter domain name for cntp your domain STATIC IP ADDRESS setting Set the IP address for the Praecis Cntp Example 111 112 113 114 Enter IP address for cntp aaa bbb ccc ddd 192 168 1 245 DEFAULT GATEWAY ADDRESS setting Set the default gateway address such as 111 112 113 1 If you don t have a gateway just hit ENTER to continue Enter default gateway address aaa bbb ccc ddd 192 168 1 241 NETMASK setting Set the netmask This will look something like this 255 255 255 0 Enter netmask aaa bbb ccc ddd 255 255 255 248 Calculating the BROADCAST and NETWORK addresses Broadcast 192 168 1 247 Network 192 168 1 240 Your Praecis Cntp s current IP address full hostname and base hostname 192 168 1 245 cntp your domain cntp DOMAIN NAMESERVER S address setting Will your Praecis Cntp be accessing a nameserver y
16. must use the Services utility in Control Panel to stop the Network Time Protocol service and then re start it Use the NTP utility ntpq exe to check that ntpd exe is able to communicate with the Pr cis Cntp By default it is installed in the Program Files Network Time Protocol sub di rectory of your Windows NT partition After issuing the command ntpq you will see the ntpq command prompt ntpq gt Use the command peers to display the NTP peers which your computer is using One of them should be the Pr cis Cntp server which you have just configured You should verify that is is being reached You may have to continue issuing the peers command for a minute or two before you will see the reach count increment Pr cis Cntp User s Manual 32 ENDRUN TECHNOLOGIES If you ate using authentication you can verify that authentication is being used by issu ing the command associations to display the characteristics of the client server associations In the auth column of the display you should see ORK for the row corresponding to the Pr cis Cntp server If you see bad you should wait a few minutes to be sure that there is a problem since bad is the initial state of this setting If the bad indication persists then you must check your configuration for errors Typically this is due to a typing error in creating the ete ntp Reys file on the client that causes a mismatch between the keys
17. noauth auth and priv and who will have read write access to the entire so 1 branch of the SMI object tree The second line defines a SNMPv3 read only user n puser whose minimum security level will be authenticated but not encrypted and who will have read only access to the entire 150 1 0rg 3 dod 6 internet 1 private 4 enterprises 1 endRun TechnologiesMIB 13827 branch of the SMI object tree After adding the user lines to etc snmpd conf copy it to the boot etc directory using cp p The second file is located on the non volatile FLASH disk and is used by the SNMP agent to store persistent data that may be dynamic in nature This may include the values of the MIB II variables sysLocation sysContact and sysName as well as any con figured SNMPy3 user crypto keys In order to use SNMPv3 you must configure user keys in this file for each SNMPv3 user that you have set up in etc snmpa conf To do this you must add lines to boot ucd snmp snmpd conf like these for each user createUser root MDS endrun 1 DES endrun 1 createUser ntpuser SHA Praecis0 The first line will cause the agent snmpd to create a user root who may be authenticated via Message Digest Algorithm 5 MD5 with password endrun_1 and may use the Data Encryption Standard DES to encrypt the session data with passphrase endrun 1 The second line will cause a user tpuser to be created who may be authenticated using the Secure Hash Algorithm SHA with pass
18. openssh co An excellent book which describes operation and configuration of the various SSH implementations including OpenSSH is available from O Reilley amp Associates SSH The Secure Shell Barrett amp Silverman O Reilley amp Associates 2001 In the interest of conserving scarce system memory resources only the secure shell server daemon sshd and the secure copy utility sep are implemented in the Pr cis Cntp This means that users on remote hosts may log in to the Pr cis Cntp via an ssh client but users logged in on the Preecis Cntp are unable to log in to a remote host via ssh Since sep runs in concert with an ssh client the same limitations exist for its use i e users on remote hosts may transfer files to and from the Pr cis Cntp via sep over ssh but users logged in on the Pr cis Cntp are unable to transfer files to and from a remote host via sep over ssh The factory configuration contains a complete set of security keys for both SSH1 and SSH2 versions of the protocol RSA keys are supported by both versions and DSA keys are supported when using the SSH2 version In addition the Pr cis Cntp is factory configured with a set of public keys for password less public key authentication of the root user To use this capability the corresponding set of private keys for each of the two SSH versions ate provided in the boot root direc tory of the Pr cis Cntp Three files contain these keys sdentity SSH1 id rsa S
19. rooffs_1 of the Pr cis Cntp FLASH disk Refer to Appendix B Upgrading the Firmware for detailed instructions for performing the upgrade procedure Two argu ments are accepted first either 0 or 1 to tell LILO which root file system image should be made the default second the file name of the new compressed root file system image If no arguments or any value other than 1 is given for the first argument the default root file system is set to PraecisCntp_0 If the first argument is 1 then the second argument is read and LILO is re configured to make the default root file system PraecisCntp_1 Upon completion the root file system partitions are unmounted Usage Set boot updatelilo 1 rootfs1 01 gz Preecis Cntp response Pr cis Cntp User s Manual 46 ENDRUN TECHNOLOGIES Added PraecisCntp_0 Added PraecisCntp 1 Unmounting root file system partitions now Run Cntpenableupgrade again to remount them should you need to re run updatelilo The trailing asterisk character indicates that the default root file system is set to PraecisCntp_1 47 Pr cis Cntp User s Manual ENDRUN TECHNOLOGIES Time Figure of Ment The time of day fields printed by the Pr cis Cntp edmastat and entpstat commands contain a character that indicates the level of accuracy that should be included in the interpretation of the time of day contained in the message This character is referred to as the Time Figure of Merit TFOM In all c
20. settings or view secure files In order to perform system setup procedures which includes configuring the IP network settings you must log in as the root user After correctly entering the password at this prompt password the sign on message is shown It identifies the host system as Preecis Cntp and shows the software part number version and build date Praecis Cntp 6010 0003 000 v 1 00 Wed May 9 14 17 44 UTC 2002 Praecis Cntp gt This last line is the standard Pr cis Cntp shell prompt The Pr cis Cntp uses the ash shell which is a reduced functionality bash compatible shell After configuring the unit you should change the passwords using the entppasswd command issued from the shell prompt If you do not see characters displayed by your terminal program within 30 seconds after the unit is powered up you must troubleshoot your setup An incorrectly wired cable of incorrect port setting in your terminal emulation program are the most common problems Refer to Appendix A RS 232 Serial I O Port Signal Definitions for the signal connections for the Pr cis Cntp You must use a null modem cable or adapter if you ate connecting the Praecis Gntp to another computer or other equipment configured as Data Terminal Equipment DTE The supplied cable is a null modem cable Once you have successfully established communications with the Pr cis Cntp you may procede to configuring the network parameters Then you can communicate
21. the oscillator frequency finally reaches one of the actual DAC endpoints The unit should be returned to the factory for oscillator replacement at the customer s convenience No Signal Time Out This bit indicates that the unit has not been able to acquire a CDMA signal for one hour while the Time Figure of Merit has been 9 the unsynchronized condition This could be due to a variety of reasons If there are no other faults that could explain the inability to receive a signal then there could be a base station outage or antenna blockage If the condition persists indefinitely the unit may need to be returned to the factory for repair Pr cis Cntp User s Manual 40 ENDRUN TECHNOLOGIES FPGA Config Fault FLASH Write Fault Local Oscillator PLL Fault Local Oscillator Failure No Polling Events This bit indicates that the microprocessor was unable to configure the FPGA This would be a fatal fault and the unit should be returned to the factory for repair This bit indicates that the microprocessor was unable to verify a write to the FLASH non volatile parameter storage area This should not ever occur under normal operation This fault would cause erratic operation at the next power cycling since important parameters could be corrupt The unit should be returned to the factory for repair This bit indicates that the Local Oscillator Phase Locked Loop PLL synthesizer is unlocked This condition should not normally occur
22. us 7 time error is lt 1 ms Pr cis Cntp User s Manual 38 YEAR DOY ENDRUN TECHNOLOGIES 8 time error is lt 10 ms 9 time error is gt 10 ms unsynchronized state if never been locked to CDMA Refer to Time Figure of Merit at the end of this section for a detailed description of the meaning of this number is the year of the UTC timestamp of the most recent NTP polling request received by the CDMA engine from the NTP reference clock driver is the day of year of the UTC timestamp of most recent NTP polling request received by the CDMA engine from the NTP reference clock driver HH MM 5SS sssssssss PNO AGC VCDAC SN R FERR is the hour minute second subsecond UTC timestamp of the most recent NTP polling request received by the CDMA engine from the NTP daemon reference clock driver is the current number of leap seconds difference between the UTC and GPS timescales 13 at the time of this writing is the Signal Processor State one of 0 Acquiring 1 Signal Detected 2 Code Locking 4 Carrier Locking 8 Locked is the CDMA frequency channel being used one of 0 Primary A 1 Primary B 2 Secondary A 3 Secondary B is the base station PseudoNoise Offset O to 511 in units of 64 PseudoNoise code chips is the Automatic Gain Control DAC byte 0 to 255 with larger numbers implying higher RF gain Typical range is 150 to 220 is the TCXO Voltage Control DAC word 0 to 65535 with large
23. C traceable time and frequency signals for use in precision test and measurement instrumentation OEM Time and Frequency Engines These products provide the core time and frequency capabilities to our customers who require lower cost and tighter integration with their own products About this manual This manual will guide you through simple installation and set up procedures Introduction The Precis Cntp how it works where to use it its main features Basic Installation How to connect configure and test your Pr cis Cntp with your network Client Set Up Two sections one for Unix like platforms and one for Windows NT 2000 If you detect any inaccuracies or omissions please inform us EndRun Technologies cannot be held responsible for any technical or typographical errors and reserves the right to make changes to the product and manuals without prior notice Trademark acknowledgements IBM PC Linux NotePad Timeserv UNIX Windows NT 2000 WordStar ate registered trademarks of the respective holders Pr cis Cntp User s Manual Part No USM3007 0000 000 Copyright EndRun Technologies 2003 Warranty This product manufactured by EndRun Technologies is warranted against defects in material and workmanship for a period of two years from date of shipment under normal use and service During the warranty period EndRun Technologies will repair or replace products which prove to be defective For warranty
24. Cntp User s Manual 10 ENDRUN TECHNOLOGIES VFS Mounted root ext2 filesystem Freeing unused kernel memory 28k freed INIT version 2 76 booting Parallelizing fsck version 1 15 18 Jul 1999 ext2fs check if mount No such file or directory while determining whether dev msys flal is mounted dev msys flal clean 29 80 files 519 591 blocks ext2fs check if mount No such file or directory while determining whether dev msys fla2 is mounted dev msys fla2 clean 15 32 files 67 240 blocks ext2fs check if mount No such file or directory while determining whether dev msys fla3 is mounted dev msys fla3 clean 12 448 files 2117 3560 blocks ext2fs check if mount No such file or directory while determining whether dev msys fla4 is mounted dev msys fla4 clean 12 448 files 2117 3568 blocks fla flal fla2 fla3 fla4 dev msys flal o fla n boot type ext flal2 rw fla2 fla3 fla4 dev msys flal o fla n boot type ext flal2 rw fla2 fla3 fla4 dev msys fla2 o fla n logs type ext flal2 rw fla2 fla3 fla4 dev msys fla3 o fla n rootfs_0 type flal ext2 rw fla2 fla3 fla4 dev msys fla4 on rootfs_1 type ext2 rw proc on proc type proc rw hwclock Can t open dev ttyl errno 19 No such device INIT Entering runlevel 3 Entering multiuser Attempting to configure eth0 by contacting a DHCP server At this point if you do not have a DHCP server configured on your network the unit will time out
25. Local Time Offset implies a longitude east of the Greenwich meridian and that local time is ahead of UTC There are two LOCAL time modes LOCAL AUTO and LOCAL MANUAL In the LOCAL_AUTO mode the local offset from UTC is determined from the CDMA base station transmissions For more precise and deterministic behavior at the DST change over times you should configure your unit for LOCAL_MANUAL operation and set up the local offset and the DST start and stop times using cntptimemodeconfig Usage Query cntptimemode Pr cis Cntp response Time Mode UTC Local Time Offset from UTC 16 half hours DST Start Month Apr Sunday Ist Hour 02 DST Stop Month Oct Sunday Last Hour 02 Pr cis Cntp User s Manual 44 ENDRUN TECHNOLOGIES cntptimemodeconfig This command starts an interactive shell script that will allow the user to configure the time mode of operation of any optional timecode outputs or front panel vacuum fluo rescent display of the Pr cis Cntp These settings have no effect on the operation of the NIP daemon or the underlying Linux operating system time These ALWAYS operate in UTC By default the unit is configured to operate in LOCAL_AUTO mode If you need to modify this operation you must run this script as root Settings made using this com mand are non volatile Usage Set cntptimemodeconfig Pr cis Cntp response interactive shell script is started cntpversion This command displays the firmware version a
26. Notifications and Informs To have your Pr cis Cntp send SNMP v2c notifications SMIv2 RFC 2578 or informs you must configure the communities and destinations by uncommenting and editing one ot both of these lines in etc snmpa conf trap2sink XXX XXX XXX XXX trap2community trap2port informsink XXX XXX XXX XXX informcommunity informport where trap2community and informcommunity should be replaced by your communities and xxx xxx xxx xxx is the IP address or hostname of the destination host for receiv ing the notifications or informs generated by the Pr cis Cntp By default the v2c trap or inform will be sent to port 162 You may optionally add another parameter trap2port of informport to the ends of the above lines to override the default port setting Oth erwise leave it blank Note Though the agent will recognize multiple trap2sink or informsink lines within ete snmpd conf and send the generic SNMP coldStart or authenticationFailure notifi cations and informs to each destination the enterprise notification inform genera tion mechanism of the Pr cis Cntp will only send a notification to the last declared trap2sink and an inform to the last declared informsink in the file After editing efc snmpd conf you must copy it to the boot ete directory and re boot the system It is very important to retain the access mode for the file i e readable only by roof so be sure to use ep p when performing the copy During the boot proc
27. OGIES Przecis Cntp User s Manual 56 ENDRUN TECHNOLOGIES Appendix Simple Network Management Protocol SNMP version 4 2 5 implementation of a SNMP agent snmpd and a SNMP notification trap generation utility snmptrap It supports all versions of the protocol in use today SNMPv1 the original Internet standard SNMPv2c never reached standard status often called community SNMP and SNMPv3 the latest Internet standard Jour Pr cis Cntp includes the University of California at Davis UCD The UCD SNMP project has its roots in the Carnegie Mellon University SNMP implementation For more detailed information about the UCD SNMP project and to obtain management software and detailed configuration information you can visit this website An excellent book which describes operation and configuration of various SNMP managers and agents including the UCD SNMP implementations is available from O Reilley amp Associates Essential SNMP Mauro amp Schmidt O Reilley amp Associates 2001 If you are planning to operate with SNMPv3 it is highly recommended that you make use of both of these resources to familiarize yourself with the agent configuration con cepts SNMPv3 Security Prior to SNMPv3 SNMP had definite security inadequacies due to using two commu nity names in a manner analogous to passwords that were transmitted over the network as clear text In addition since no mechanism existed for authentica
28. OGIES MIB file on your SNMP management system and access the variables defined therein The factory de fault community names are Praecis for the read only community and endrun_1 for the read write community This is all that is required for operation under v1 and v2c of SNMP You can and should change the default community names by editing ec snmpd conf and modifying these two lines rwcommunity endrun 1 rocommunity Praecis Configuring SNMPv1 Trap Generation To have your Pr cis Cntp send SNMPv1 traps RFC 1215 you must configure the community and destination for SNMPv1 traps by uncommenting and editing this line in etc snmpd conf trapsink XXX XXX XXX XXX trapcommunity trapport where trapcommunity should be replaced by your community and xxx xxx xxx xxx IS the IP address or hostname of the destination host for recetving the traps generated by the Pr cis Cntp By default the trap will be sent to port 162 You may optionally add another parameter trapport to the end of the above line to override the default port setting Otherwise leave it blank Note Though the agent will recognize multiple trapsink lines within et snmpd conf and send the generic SNMP coldStart or authenticationFailure traps to each destination the enterprise trap generation mechanism of the Preecis Cntp will only send a trap to the last declared trapsink in the file 59 Pr cis Cntp User s Manual ENDRUN TECHNOLOGIES Configuring SNMPv2c
29. Query cntprootfs Pr cis Cntp response BOOT_IMAGE PraecisCntp_1 cntpstat This command allows the user to query the status of the NTP sub system It retrieves information from the NTP distribution ntpq binary using the peers command to determine the current synchronization status of the NTP sub system It then retrieves the last line in the logfile var log praecisO monitor controlled by the NTP daemon reference clock driver that communicates with the CDMA timing sub system This logfile is updated every 16 seconds under normal operation It parses and formats the data contained therein and prints this fixed length generally grossly unsynchronized states could cause the floating offset field to overflow momentarily string having these fields LKSTAT TO CDMA Offset S ssssss TFOM YEAR DOY HH MM SS sssssssss LS Where LKSTAT is the system peer status of the NTP daemon relative to the COMA sub system engine either LOCKED or NOTLKD NOTLKD can imply several things the system has just started there is a fault in the CDMA sub system which has caused NTP to either be unable to obtain timing information from the CDMA sub system or to reject the timing information that it is obtaining from it S ssssss is the offset in seconds between the NTP system clock and the CDMA sub system clock Positive implies that the system clock is ahead of the CDMA sub system clock TFOM shows the Time Figure of Merit TFOM of the CDMA engine s in
30. SER CDMA leap second mode you must provide the current and future leap second values These are posted by the International Earth Rotation Service approximately six months in advance of their insertion The interactive script is very detailed in explaining how these values are obtained and used Usage Query cdmaleapconfig Pr cis Cntp response interactive shell script is started cdmaleapmode This command displays the CDMA leap mode of operation currently configured There ate two modes AUTO and USER If the mode is USER then the values of the configured current and future leap seconds are also displayed Usage Query cdmaleapmode Pr cis Cntp response CDMA Leap Second Mode is AUTO CDMA Leap Second Mode is USER Current LS 13 Future LS 13 cdmastat This command allows the user to query the status of the CDMA timing sub system During normal operation the NTP daemon polls the CDMA timing sub system every 16 seconds The results of this poll are used to steer the system clock and are saved to a log file This command parses and formats the data contained therein and prints this fixed length string having these fields LKSTAT TFOM YEAR DOY HH MM SS sssssssss LS S C PNO AGC VCDAC SN R F ERR FLTS Where LKSTAT is the tracking status of the engine either LOCKED or NOTLKD TFOM shows the Time Figure of Merit TFOM of the CDMA engine s internal timebase may take values ranging from 6 to 9 6 time error is lt 100
31. SH2 and d dsa SSH2 These must be copied to the user s ss directory on their remote computer Be careful to maintain the proper ownership and access permissions by us 65 Pr cis Cntp User s Manual ENDRUN TECHNOLOGIES ing cp p when copying the files They must be readable only by root The correspond ing public keys are by factory default resident in the rvot ssh directory of the Pr cis Cntp Two files contain these keys authorized_keys SSH1 and authorized_keys2 SSH2 Since the provided private keys are not passphrase protected the user should create a new set of keys after verifying operation with the factory default key sets After creat ing the new keys the public keys should be copied to the boot root ssh directory of the Pr cis Cntp At boot time the Pr cis Cntp will copy these to the actual root ssh direc tory of the system ramdisk thereby replacing the factory default set of public keys Advanced users wishing to modify the configuration of the sshd daemon should edit the etc sshd _config file and then copy it to the boot ete directory of the Pr cis Cntp Be careful to maintain the proper ownership and access permissions by using ep p when copying the file At boot time it will be copied to the ef directory of the system ram disk thereby replacing the factory default configuration file Network Time Protocol The NTP implementation in the Pr cis Cntp is built from version 4 0 99k of the sta
32. SSH implementations for Linux Refer to Appendix D Security for more information about the secure shell protocol and its configuration Using Telnet When establishing a telnet connection with your Preecis Cntp logging in directly as root is not permitted This is a security measure that makes it slightly more difficult to gain access by simply trying passwords since it is also necessary to know the name of a user When you initiate a telnet session with the Pr cis Cntp this banner will be displayed TUSSI IIIS III III KR KR KR IIIS ISI IIIS III III IIT I III II AT A III is Welcome to Praecis Cntp telnet console on cntp your domain kkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk Cntp login Here you may log in as cntpuser with password Praecis When logged in as cnt puser you may check status information and view log files but you will not be able to modify any system settings or view secure files After correctly entering the password at this prompt Password the sign on message is shown It identifies the host system as Preecis Cntp and shows the software part number version and build date Praecis Cntp 6010 0003 000 v 1 00 Wed May 16 14 17 44 UTC 2002 Praecis Cntp gt This last line is the standard Pr cis Cntp shell prompt The Pr cis Cntp uses the ash shell which is a reduced functionality bash compatible shell After configuring the Pr cis Cntp User s Manu
33. Serial I O Port Signal Definitions for details on the signal wiring If you are using a computer Jor your terminal remember which port you are using because you will need to know that in order to set up your terminal software Test the Serial Port You must configure your terminal to use the serial I O port you used in Connect the RS 232 Serial I O Port You must also configure your terminal to use the correct baud rate 9 Pr cis Cntp User s Manual ENDRUN TECHNOLOGIES number of data bits parity type and number of stop bits Be sure to turn off any hardware or software handshaking The settings for the Pr cis Cntp are Q 19200 is the Baud Rate Q 8is the number of Data Bits Q None is the Parity Q 1is the number of Stop Bits After configuring these parameters in your terminal apply power to the Pr cis Cntp After about 20 seconds your terminal should display a sequence of boot messages similar to these LILO Low memory 0262 Kb boot These three lines are the Linux Loader LILO boot prompt This prompt will timeout after 5 seconds and the Linux kernel and the factory default Pr cis Cntp root file system will be loaded When the Linux kernel is loaded from the FLASH disk into RAM a long list of kernel generated informational messages is displayed as the kernel begins execu tion and the various device drivers are initialized Loading PraecisCntp Issues serene ec eee eens Linux version 2 2 13 DOC root endrunl gcc ver
34. Setup 25 Configure NTP 25 Basic NTP Client Setup 28 Configure NTP 28 MD5 Authenticated NTP Client Setup 29 Create the ntp keys file 29 Configure NTP 30 Broadcast Multicast NTP Client Setup 31 Configure NTP 32 Controland Status Commands 08S General Linux Shell Operation 35 Available User Commands 36 Detailed Command Descriptions 37 accessconfig 37 cdmaleapconfig 38 cdmaleapmode 38 cdmastat 38 cdmaversion 42 cntpenableupgrade 42 cntphwaddr 42 cntposctype 42 cntppasswd 42 cntprootfs 43 cntpstat 43 cntptimemode 44 cntptimemodeconfig 45 cntpversion 45 inetdconfig 45 netconfig 45 ntpconfig 46 updatelilo 46 Time Figure of Merit 48 RS 232 Serial VO Port Signal Definitions 49 Null Modem Adapter Cable 49 What You Need To Perform the Upgrade 51 Performing the Pr cis Cntp Upgrade 51 Recovering from a Failed Upgrade 53 Performing the CDMA Upgrade 54 Problems with the CDMA Upgrade 55 SNMPV3 Security 57 Enterprise Management Information Base MIB 58 Invocation of the SNMP daemon 58 Quick Start Configuration SNMPv1 v2c 59 Configuring SNMPv1 Trap Generation 59 Configuring SNMPv2c Notifications and Informs 60 Configuration of SNMPv3 60 Linux Operating System 63 OpenSSH 65 Network Time Protocol 66 Lithium Battery Reo 57 Speciicat 50 ENDRUN TECHNOLOGIES Ch Introduction an be connected via a 10 100Base T ethernet port to any TCP IP network In its most basic operation it sends Network Time Protocol
35. Timing End Run TECHNO LO GIES Pr cis Cntp Network Time Server User s Manual Pr cis Cntp Network Time Server User s Manual EndRun Technologies 1360 North Dutton Avenue 200 Santa Rosa California USA 95401 Phone 707 573 8633 Fax 707 573 8619 Preface Thank you for purchasing the Pr cis Cntp Network Time Server Our goal in developing this product is to bring precise Universal Coordinated Time UTC into your network quickly easily and reliably Your new Pr cis Cntp is fabricated using the highest quality materials and manufacturing processes available today and will give you years of troubleftee service About EndRun Technologies Founded in 1998 and headquartered in Santa Rosa California we are the leaders in the exciting new time and frequency distribution technology based on the Code Division Multiple Access CDMA mobile telecommunications infrastructure Our innovative designs and painstaking attention to the details of efficient manufacturability have made us the first to bring this technology to the broad synchronization market at prices small businesses can afford EndRun Technologies markets this technology in three major product lines Network Time Sources Servers These units are configured for optimum performance in operation with network servers networks running the Internet protocol known as the Network Time Protocol NTP Instrumentation Time and Frequency References These products provide UT
36. ain SPACE TAB LF NULL or characters Enter a key number 1 65534 or 0 to quit 1 Enter the key 1 31 ASCII characters EndRun Technologies LLC Writing key number 1 and Key EndRun_ Technologies LLC to ntp keys Enter a key number 1 65534 or 0 to quit 2 Pr cis Cntp User s Manual 18 ENDRUN TECHNOLOGIES Enter the key 1 31 ASCII characters Praecis Cntp Writing key number 2 and Key Praecis Cntp to ntp keys Enter a key number 1 65534 or 0 to quit 0 NTP Authentication Configuration Do you want authentication enabled using some or all of the keys in the ntp keys file y les n o y You will be prompted for key numbers 1 65534 that you want NTP to trust The key numbers you enter must exist in your ntp keys file If you do not want to use some of the keys in your ntp keys file do not enter them here NTP will treat those keys as untrusted Clients that use any of the trusted keys in their NTP polling packets will receive authenticated replies from the Praecis Cntp When you have entered all of the trusted keys that you need enter zero at the next prompt for a key number Enter a trusted key number 1 65534 or 0 to quit 1 Enter a trusted key number 1 65534 or 0 to quit 2 Enter a trusted key number 1 65534 or 0 to quit 0 NTP Broadcast Multicast Configuration Would you like to enable broadcast multicast server operation y es n o y Set the network broadcast multi
37. al 16 ENDRUN TECHNOLOGIES unit you should change the passwords using the entppasswd command issued from the shell prompt To gain root access you must now issue the super user command at the shell prompt Praecis Cntp gt su root You will then be prompted for the password which is endrun_1 and be granted root access to the system To leave super user mode issue the shell command exit Issu ing exit again will close the telnet session Using SSH When establishing a ssh connection with your Pr cis Cntp logging in directly as root is permitted When you log in as root via a ssh session with the Pr cis Cntp this banner will be displayed kkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk E Welcome to Praecis Cntp SSH console on cntp your domain kkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk root cntp your domain s password Here you may log in as root with password endrun_1 After correctly entering the password the sign on message is shown It identifies the host system as Praecis Cntp and shows the software part number version and build date Praecis Cntp 6010 0003 000 v 1 00 Wed Jan 02 14 17 44 UTC 2002 Praecis Cntp gt This last line is the standard Pr cis Cntp shell prompt The Pr cis Cntp uses the ash shell which is a reduced functionality bash compatible shell After configuring the unit you should change the p
38. and may or may not be present on your unit Time Code TTL Jacks RS 232 Serial I O Jack This DB 9M connector provides the RS 232 serial 1 O console interface to the Pr cis Cntp This console al lows the user to initialize and maintain the Pr cis Cntp A null modem adapter is required to connect this port to another computer Pr cis Cntp User s Manual 6 ENDRUN TECHNOLOGIES 10 100Base T Jack This RJ 45 connector mates with the ethernet twisted pair cable from the network AC Power Input Jack This IEC 320 standard three prong connector pro vides AC power Performing an Initial Site Survey Using the status LED indicators it s easy to find out if your Pr cis Cntp will work in your desired location 1 Screw the SMA plug on the end of the antenna cable onto the SMA antenna input jack on the chassis rear panel of the Praecis Cntp 2 Plug one end of the supplied AC power cord into an 85 270 VAC outlet 3 Plug the other end into the AC input connector on the chassis rear panel of the Preecis Cntp Place the antenna on a flat preferably metallic surface while the unit is searching for the signal Make sure that it is not blocked by large metallic objects closer than one meter Although the antenna should normally be installed in a vertical orientation usually multipath conditions due to signal reflections indoors cause at least some of the signal to be horizontally polarized so do not be surprised if you find that the unit wi
39. ands shown here e You have installed NTP on your client computer e You have successfully performed the Basie NTP Client Setup on your client com puter Create the ntp keys file You must create a file named mp keys in the winnt system32 drivers ete directory It must be a copy of the one residing in the e directory of your Pr cis Cntp You can telnet into your Pr cis Cntp and start an ftp session with your client computer to send the Pr cis Cntp efc ntp keys file to your client computer or use the secure copy utility sep of use a text editor to create the equivalent file Although you should first test your 29 Pr cis Cntp User s Manual ENDRUN TECHNOLOGIES setup using the factory default efc ntp keys file in your Pr cis Cntp server you should create your own keys after you understand the process and have your clients operating correctly with the default file Handling of the e c ntp keys file is the weak link in the MD5 authentication scheme It is very important that it is owned by administrator and not readable by anyone other than administrator After transferring the file make sure that it s security properties are set such that it is readable only by the administrator Configure NTP You must edit the n p conf file which ntpd exe the NTP daemon looks for by default in the the nnt system32 drivers ete directory If your NTP installation placed this file in a different place you m
40. ariant a Pr cis Cntp Users Manual part USM3007 0000 000 Q IEC 320 AC Power Cord part 0501 0003 000 Q DB 9F to DB 9F Null Modem Serial I O Cable part 0501 0002 000 a RJ 45 to RJ 45 CAT 5 patch cable 2 meters part 0501 0002 000 Q Magnetic mount antenna cable assembly part 0502 0001 5 Pr cis Cntp User s Manual ENDRUN TECHNOLOGIES Pr cis Cntp Physical Description Front Panel EndRun wo ge O TECHNO LO GIES ACTIVITY O o e Pr cis Cntp Network Time Server ALARM O e oO Lock Status LED This green LED flashes to indicate synchronization status Link Status LED This amber LED illuminates when the 10 100Base T RJ 45 connector is connected to the network Link Activity LED This amber LED illuminates when the Pr cis Cntp is receiving or transmitting on the network Alarm Status LED This red LED illuminates briefly at power up and thereafter whenever a serious fault condition exists Rear Panel GPSANT 1PPS 10MPPS TIMECODE CDMA ANT ouT ouT OUT OUT OUT our our our CDMA ANT Jack This SMA connector mates with the cable from the external magnetic mount antenna IPPS Jack This BNC connector provides the optional 1PPS TTL output 10 MPPS Jack This BNC connector provides the optional 10 MPPS TTL output Timecode Jack This BNC connector provides the optional IRIG B time code output 10 MHz 5 MHz 1 MHz These BNC connectors are additional optional 5 MPPS 1 MPPS outputs
41. ases the Pr cis Cntp reports this value as accurately as possible even during periods of CDMA signal outage where the Pr cis Cntp is unable to directly measure the relationship of its timing outputs to UTC During these CDMA outage periods assuming that the Pr cis Cntp had been synchronized prior to the outage the Pr cis Cntp extrapolates the expected drift of the Pr cis Cntp timing signals based on its knowledge of the characteristics of the internal Temperature Compensated Crystal Os cillator TCXO Oven Controlled Crystal Oscillator OCXO or Rubidium oscillator The extrapolated TFOM is based on a conservative estimate of the performance of the oscillator and should be considered worst case for a typical benign ambient tempera ture environment Due to this extrapolation behavior after initial synchronization brief periods without CDMA signal reeption will not induce an immediate alarm condition If the condition persists for long enough periods you should see the TFOM character change to indicate a gradually deteriorating accuracy of the timing outputs If the signal loss condition persists longer then the final unsynchronized state will eventually be reached If the Pr cis Cntp is unable to achieve re synchronization within one hour after reaching this state the red LED will illuminate The fault status field returned in either of the cdmas tat of entpstat commands will have the appropriate bit set to indicate a loss of signal
42. asswords using the entppasswd command issued from the shell prompt Issuing exit will close the ssh session Configuring the Network Time Protocol Now that the network has been configured and tested you may configure the opera tion of the NTP server By default the Pr cis Cntp is configured to respond to NTP requests from clients that may or may not be using MD5 authentication If the clients are using MD5 authentication they must be configured properly with the same MD5 authentication keys as the Pr cis Cntp If you need to modify the factory default Pr cis Cntp MD5 keys recommended or set up broadcast multicast operation then you will need to re configure the NTP sub system 17 Pr cis Cntp User s Manual ENDRUN TECHNOLOGIES If you would like to configure your server for multicast operation configute it as you would for broadcast operation with the exception that you must enter this specific NTP multicast address 224 0 1 1 when you are prompted to enter the broadcast address You may perform the configuration from either a telnet or ssh session or the local RS 232 console The following is a transcript of the question and answer configuration utility provided by ntpeonfig The user entered parameters are underlined Praecis Cntp gt ntpconfig kkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk kkkkkkkkkkkkkkkkkkkkkkNetwork Time Protocol Configuration k kidd ddd kkk k k kkk k k FR III
43. base stations throughout the network so that neighboring cells do not interfere with each other and so that calls can be efficiently transferred between the base stations without interruption as the mobile user traverses the cell coverage areas This soft hand off feature means that the mobile telephone must be able to hitlessly drop one base station and pick up the next one To do this the telephone must be able to calculate the relative difference in 1 Pr cis Gntp User s Manual ENDRUN TECHNOLOGIES time between the codes that modulate the signals from each of the base stations which again requires that the base stations be synchronized Each base station The system designers chose the Global Positioning System contains atleast GPS which is itself a CDMA based system as the means of one state of the art GPS timing maintaining synchronization and they defined system time to be receiver with an GPS time Each base station throughout the system contains ultra stable local one ot more high performance GPS timing receivers with oscillator ik sophisticated algorithms that control either an extremely stable ovenized quartz crystal oscillator or a Rubidium vapor atomic frequency standard Such elaborate means are needed to meet the very difficult operating specifications required by the TIA EIA IS 95 standard The base station time synchronization must remain within 10 microseconds of GPS time over periods as lon
44. cast address for the Praecis Cntp to use For broadcast mode this address is the all 1 s address on the sub net Example 111 112 113 255 For multicast operation it is this specific address 224 0 1 1 Enter IP address for NTP broadcast multicast operation aaa bbb ccc ddd 224 0 1 1 You have selected multicast operation Enter the number of hops that are needed for the multicast packets on your network positive integer 1 It is highly recommended that authentication be used if you are using NTP in broadcast multicast mode Otherwise clients may easily be spoofed by a fake NTP server You can specify an MD5 key number that the Praecis Cntp will use in its broadcast multicast packets The clients on your network must be configured to use the same key Would you like to specify an MD5 key number to use with broadcast mode y es n o y Enter the MD5 key number to use 1 65534 2 He e He He He He He He e He He ke He He ke ke He He KEK ke He He He He ke KEK He He ke ke ke EKER KKK k k k k k k k k k k k k k k k k k k k kk kk kkk kkk kkk kkk kkk He e He He He He He He e He He He He He ke e He He He He He ke He He He He ke ke He He He ke ke ke ke ke ke ke k ke k k k k k k k k k k k k k k k k k k k k kk kk kkk kkk kkk kkk kkk The Praecis Cntp Network Time Protocol configuration has been updated Please re boot now for the changes to take effect OF OF He e e He He He He He e e He ke ke He ke ke He He dede ke ke KEKE k k k
45. cis Cntp cntpuser and root This script calls the standard Linux passwd binary and then saves the resulting e shadow file to the non volatile FLASH disk e current root file system image ei default or 1 field upgrade which is running in the Preecis Cntp to the console e output of ntpq c peers to obtain peer status of the NTP CDMA reference clock It also retrieves the current reference clock polling status data and prints it to the console Pr cis Cntp User s Manual 36 ENDRUN TECHNOLOGIES cntptimemode tints the time mode settings in effect for any optiona timecode output or optional front panel vacuum fluorescent display cntpttimemodeconfig Interactive shell script the time mode settings for any optional timecode output or front panel vacuum fluorescent display Allows setting to the LOCAL_AUTO LOCAL_MANUAL GPS or UTC times cale and if LOCAL_MANUAL the setting of the offset to UTC and the Daylight Savings Time DST start and stop date time parameters cntpversion rints the Pr cis Cntp application software version informa tion to the console ntpconfig Interactive shell the Pr cis Cntp NTP sub system Allows configuration of MD5 authentication and broadcast multicast mode All parameters are retained in non volatile FLASH disk storage updatelilo Shell script be run to update the Linux Loader LILO so that it will boot a new root file system image cntpenableupgrade must have been previously executed
46. commended that authentication be configured when using broadcast roulticast mode due to the relative ease with which a fake NTP server can take over the clock setting of the broadcast multicast clients on the network Basic NTP Client Setup Basic setup is relatively simple if e You have been able to successfully communicate with the Pr cis Cntp on your network e You have installed NTP on your client computer Configure NTP You must edit the n p conf file which ntpd exe the NTP daemon looks for by default in the the winnt system32 drivers ete directory of the boot partition If your NTP instal lation placed this file in a different place you must find it and edit it Add this line to the n p conf file server 192 168 1 245 This line tells ntpd exe to use the NTP server at address 192 168 1 245 in addition to any other servers which might also be configured in the m p conf file Re start ntpd exe to have it begin using the Pr cis Cntp server By default the NTP installation program installs ntpd exe as a service called Network Time Protocol and starts it You must use the Services utility in Control Panel to stop the Network Time Protocol service and then re start it Use the NTP utility ntpq exe to check that ntpd exe is able to communicate with the Precis Cntp By default it is installed in the Program Files Network Time Protocol sub directory of your Windows NT partition From a console window after issuing the c
47. d 192 168 1 2 192 168 1 3 snmpd 192 168 1 2 192 168 1 3 This simple shell script handles the needs of most users however the syntax of these two files supports elaborate configuration possibilities which are beyond the capabilites of this simple shell script Advanced users who need these capabilities will need to edit these two files directly and then copy them to the boot et directory A very compact editor with WordStar command keystrokes is available on the system for this purpose Pr cis Cntp User s Manual 64 ENDRUN TECHNOLOGIES edit If you start edit without giving it a file name to open it will display its help screen showing the supported keystrokes Be careful to maintain the proper ownership and access permissions by using ep p when copying the files inetdconfig modifies the e c inetd conf file which is read by inetd to start up various protocol server daemons when requests from remote hosts are received Currently four servers ate configurable via inetdconfig TIME and DAYTIME whose daemons are contained within the inetd daemon itself and in telnetd and sshd Any one or all of these may be enabled or disabled for start up OpenSSH The secure shell protocol server running in the Pr cis Cntp is based on the portable OpenSSH version 3 4p1 for Linux As such it supports both SSH1 and SSH2 protocol versions For more information about this protocol and to obtain client software refer to the OpenSSH website
48. de procedure Refer to Appendix B Upgrading the Firmware for detailed instructions for performing the upgrade procedure Usage Set cntpenableupgrade Pr cis Cntp response Mounting root file system partitions cntphwaddr This command displays the ethernet hardware address if the IP network is properly configured Otherwise it returns nothing Usage Query cntphwaddr Pr cis Cntp response 00 D0 C9 25 78 59 cntposctype This command displays the installed oscillator type It is one of TCXO DIP OCXO MS OCXO HS OCXO or Rubidium The standard oscillator is the TCXO Usage Query cntposctype Preecis Cntp response Installed Oscillator is TCXO cntppasswd This command allows the root user to change the passwords of the two configured us ers on the system rootand cntpuser Arguments passed to entppasswd on the command line are passed verbatim to the real passwd binary program When passwd returns the resulting modified 7c shadow file is copied to the non volatile boot ete directory Usage Set cntppasswd cntpuser Pr cis Cntp response The passwd interactive utility is started Pr cis Cntp User s Manual 42 ENDRUN TECHNOLOGIES cntprootfs This command displays the currently booted root file system image It can be either PraecisCntp_O factory image or PraecisCntp_1 field upgrade image Refer to Ap pendix B Upgrading the Firmware for detailed instructions for performing the upgrade procedure Usage
49. e to try for at least a day however since base stations are taken down for service from time to time If you have a cellular CDMA phone see if it will work in digital mode If it will then your Preecis Cntp may be damaged and should be returned to the factory for repair or exchange Installing the Pr cis Cntp Mount the Pr cis Cntp Ground the unit properly with the supplied power cord Position the power cord so that you can easily disconnect it from the Pr cis Gntp Do not install the Pr cis Gntp where the operating ambient temperature might exceed 122 F 50 C Using standard 19 rack mounting hardware mount the unit in the previously surveyed location Make sure that the antenna is not blocked by metallic objects that are closer than about one meter A good location is the top surface of the equipment rack into which the unit has been installed Ideally it should be mounted vertically as the transmitted signals are vertically polarized When indoors however multipath conditions may exist This means that reflected signals may be present with either vertical or horizontal polarization so your antenna might work in either orientation After mounting the unit and antenna verify that it still acquires and tracks a CDMA signal Connecting and Configuring Ethernet Connect one end of the CAT 5 patch cable supplied with your Pr cis Cntp to the rear panel mounted RJ 45 connector labeled 10 100BASE T Connect the other end of t
50. ee ORK for the row corresponding to the Pr cis Cntp server If you see bad you should wait a few minutes to be sure that there is a problem since bad is the initial state of this setting If the bad indication persists then you must check your configuration for errors Typically this is due to a typing error in creating the ete ntp Reys file on the client that causes a mismatch between the keys being used by the server and client If you transfer the file by ftp or sep this shouldn t be a problem It is also possible to have a typing error in the etc ntp conf file that causes the needed key to not be included in the trustedkey list Broadcast Multicast NTP Client Setup Broadcast multicast client setup is relatively simple if e You have been able to successfully communicate with the Pr cis Cntp on your network e Your Pr cis Cntp has been configured to perform broadcasts or multicasts by running the ntpconfig shell script This is not the factory default configura tion so be sure to run ntpconfig If you are going to use MD5 authentica tion your Praecis Cntp must have been configured to operate with authentica tion in the broadcast multicast mode and you must know which of the trusted keys it is using for broadcast multicast operation The example Pr cis Cntp configuration shown in Chapter 2 Configuring the Network Time Protocol will be assumed in the example configuration commands shown here
51. ess the files contained in the boot ete directory are copied to the working e7 directory on the system RAM disk In this way the factory defaults are over written Configuration of SNMPv3 If you are planning to use SNMPv3 you should definitely make use of the two re sources mentioned previously UCD SNMP website and Essential SNMP and study them carefully There are rather elaborate configuration options available when you are using v3 The instruction presented here will give you the flavor of the configuration but definitely not the full scope of possibilities To access your Pr cis Cntp via v3 of SNMP you will have to configure two files ete snmpd conf boot ucd snmp snmpd conf The first file contains static configuration parameters that the agent uses to control ac cess and to determine where to send notifications traps Other aspects of the agent s Pr cis Cntp User s Manual 60 ENDRUN TECHNOLOGIES operation are also configurable in this file but you should not need to modify those To use the SNMPv3 capabilities of the Preecis Cntp you must first set up user information and access limits for those users in ef snmpd conf Uncomment and edit these two lines to define your v3 users and their access parameters rwuser root PEV al rouser ntpuser auth 1 3 6 1 4 1 13827 The first line defines a SNMPv3 read write user root whose minimum security level will be authenticated and encrypted for privacy choices are
52. f that directly obtainable from the timing information GPS The big difference is that the received signal strengths from pds it indirect the base stations are a minimum of 30 dB larger than those from the GPS satellites which is why you can usually talk on your cell phone indoors Due to the nature of the IS 95 spread spectrum CDMA modulation scheme this timing information may be extracted by a well designed receiver with a precision of a few nanoseconds The CDMA time and frequency engine in the Pr cis Cntp does just that and for this reason we call our technology indirect GPS Pr cis Cntp User s Manual 2 ENDRUN TECHNOLOGIES Where to Use It You must have First the Pr cis Cntp must be deployed in a cellular IS 95 CDMA cellular IS 95 coverage area Cellular is a commonly used term implying that CDMA coverage i ey the frequency band for the base station carrier transmissions is 824 895 MHz This is in contrast to PCS which implies operation in the 1850 1990 MHz frequency band The Pr cis Cntp uses the cellular frequency band because it provides much better propagation characteristics in regards to building penetration and maximum receivable range from the transmitter In general if your cellular CDMA telephone works where you plan to install the Pr cis Cntp then your Pr cis Cntp will work propertly there Just about any Because the Preecis Cntp has been designed to operate in con computer network junction with ex
53. g as twenty four hours during which GPS satellite signals might not be available typically due to antenna cable failure damage or vandalism and in an environment where large ambient temperature swings may occur Equipment capable of meeting these requirements is at the current state of the art The base stations The CDMA time and frequency engine in the Pr cis Cntp transmit a sync signal that all of i f i the phones must stations that are used by the mobile telephones to establish use to establish their synchronization to system time The mobile telephones and maintain system time receives the same initialization signals transmitted by the base cannot communicate in the system until they have established synchronization with the received spread spectrum encoded waveform Unlike the mobile telephones once this synchronization has occurred the CDMA time and frequency engine in the Pr cis Cntp has all of the information that it needs to perform its function of delivering accurate UTC time to a network of computers The mobile telephone must decode much more information establish two way communications with the base station and be a paid subscriber to performs its function of placing and receiving calls Spread spectrum All of this means that during normal operation the quality of modulation al the timing information being transmitted from each of the base lows near perfect saree i extraction of the Stations is virtually a repeat o
54. gent It is important to contact us first as many problems may be resolved with a phone call Please have the serial number of the unit and the nature of the problem available before you call If it is determined that your equipment will require service we will issue an RMA number You will be asked for contact information including your name address phone number and e mail address Ship the unit prepaid in the original container or a container of sufficient strength and protection to EndRun Technologies at the address shown below EndRun will not be responsible for damage incurred during shipping to us Be sure the RMA number is clearly identified on the shipping container Our policy is to fix or repair the unit within 5 business days If it is necessary to order parts or if other circumstances arise that require more than 5 days an EndRun service technician will contact you Repair After Warranty Expiration If the warranty period has expired we offer repair services for equipment you have purchased from EndRun Call and ask for a customer service agent It is important to contact us first as many problems may be resolved with a phone call Please have the serial number of the unit and the nature of the problem available before you call If it is determined that the equipment has failed and you want EndRun to perform the repairs we will issue you an RMA number Ship the unit prepaid in the original container or a container of sufficient strength
55. he patch cable to your network through a straight port on your hub Do not connect it to a crossover port on your hub By factory default the Praecis Cntp will attempt to configure the ethernet interface auto matically via the Dynamic Host Configuration Protocol DHCP The Preecis Cntp will attempt to set the netmask its IP address the IP address of the default gateway the do main name and the IP addresses of any nameservers if the DHCP server is configured to provide them You may optionally configure the Preecis Cntp to also set its hostname via DHCP if your DHCP server is configured to provide it You can do this by running a simple shell script called netconfig after your unit is up on the network Pr cis Cntp User s Manual 8 ENDRUN TECHNOLOGIES If your network does use DHCP for host configuration and you are in a hurry to get yout Pr cis Cntp up and running you may procede to Verifying Network Configuration to make sure that the network parameters were set up correctly Otherwise it is recom mended that you read the following sections on use of the RS 232 serial I O port now since they will help you in debugging any problems that you may encounter with the automatic configuration via DHCP If your network does not use DHCP you will need to configure your ethernet interface using the RS 232 serial I O port In that case after logging in as the roof user you must run a simple shell script called netconfig from
56. ime Figure of Merit change Invocation of the SNMP daemon The SNMP daemon snmpd is started from the etc rc d rclocal system start up script with this line snmpd s c etc snmpd conf By default it will listen on port 161 for SNMP queries from the network management system If you would like to have it listen on another port you could edit the file by adding p port to the end of this line where port is the number of the port you would like for the agent to listen on If you would like to disable starting of the snmpd daemon altogether you can either remove this line or place a character at the beginning of the line so that it will not be executed A very compact editor with WordStar command keystrokes is available on the system for this purpose edit If you start edit without Pr cis Cntp User s Manual 58 ENDRUN TECHNOLOGIES giving it a file name to open it will display its help screen showing the supported key strokes After editing etc rad rz local you must copy it to the boot etc re d directory and re boot the system It is very important to retain the access mode for the file so be sure to use ep p when performing the copy During the boot process the files contained in the boot etc red directory ate copied to the working e tc re d directory on the system RAM disk In this way the factory defaults are over written Quick Start Configuration SNMPv1 v2c You should be able to compile the ENDRUNTECHNOL
57. in order to run this command Detailed Command Descriptions accessconfig This command starts an interactive shell script that will allow the root user to configure limitation of telnet ssh and snmp access to the Precis Cntp By default the unit is configured to allow access by all users If you need to limit telnet ssh or snmp access e g for security reasons you must run this script as roo from either the RS 232 serial I O port or from a telnet or ssh session This script modifies these files et hosts allow and ete hosts deny These are non vola tilely stored in the FLASH disk boot ete directory You must re boot the Pr cis Cntp after running this script for the changes to take effect Usage Set accessconfig Pr cis Cntp response interactive shell script is started 37 Pr cis Cntp User s Manual ENDRUN TECHNOLOGIES cdmaleapconfig This command starts an interactive shell script that will guide the root user in configuring the way that UTC leap seconds are applied Although the CDMA system provides an automatic mechanism for disseminating UTC leap second information to the mobile units it may not be precise enough for many Pr cis Cntp users If you need your Pr cis Cntp to precisely handle any UTC leap seond insertions at midnight on June 30 or January 31 the times that leap seconds are inserted then you should consider configuring your Preecis Cntp to operate in the USER CDMA leap second mode In the U
58. isting public domain NTP SNTP client software using TCP IP can 3 ORS use th Pr cis that has been created for use with similar time servers it may be Cntp used in any computer network environment that is using TCP IP protocols Although client software is available for all platforms for the most precise applications the Unix like operating systems are best supported Main Features Performance The Pr cis Cntp provides high performance and reliability reliability and combined with low power consumption and cost Its internal economy sub assemblies are fabricated using state of the art components and processes and are integrated in a solid high quality chassis Flexibility It supports a variety of TCP IP network protocols compatible with a variety of platforms and operating systems Easy Installation Its standard 1U high 19 rack mountable chassis and rooftop or window mounted antenna make installation simpler compared to competing products that require rooftop installation of the antenna The rack mount chassis may be mounted in any convenient location Connect it to your network via the rear panel mounted 10 100Base T RJ 45 connector and plug in the AC power cord Initial network configuration is automatic on networks using the Dynamic Host Configuration Protocol DHCP Manual network configuration is via the RS 232 serial I O port and a simple Linux shell script Free FLASH Firmware and configurable hardware parameters
59. k factors can limit NTP client synchronization accuracy to 5 2 ms typical Timestamping accuracy is maintained to less than 100 us while processing hundreds of NTP packets per second Supported Protocols SNTP NTP v2 v3 v4 and broadcast multicast mode MD5 authentication SSH server with secure copy utility SCP Open SSH version 3 4p1 SNMP v1 v2c v3 with Enterprise MIB MD5 authentication TIME and DAYTIME server TELNET client server FTP client DHCP client Optional Timing Outputs rear panel BNC jacks e 1PPS 1 ms wide positive TTL pulse 500 Accuracy lt 10 microseconds to UTC when locked typical Range to base station may degrade this in fringe area applications due to increased propagation delay Stability TDEV lt 50 ns T lt 10 seconds e Time Code 1 Vrms 500 Format YRIG B122 Optional Frequency Output rear panel BNC jack e 10 MPPS TTL squarewave 5002 Accuracy lt 1x 107 to UTC for 24 hour averaging times when locked Stability 10 _ 10 O E S E E S ae E SENG T S o a amp 10 l 1 10 100 10 10 10 Tau TCXO DIP OCXO MS OCXO HS OCXO Rb Pr cis Gntp User s Manual 70 ENDRUN TECHNOLOGIES Additional Optional Time Frequency Outputs rear panel BNC jacks 10 MHz 1Vrms sinewave 50Q harmonics lt 45 dBc 5 MHz 1Vrms sinewave 50Q harmonics lt 45 dBc 1 MHz 1Vrms sinewave 50Q harm
60. k k k k k k k k k k k k k k k k k k k k kk kkk kkk kkk kkk kkk kk He ke He He He He He ke e e He ke ke ke ke ke ke ke ke ke ke ke ke ke k ke k k k k k k k k k k k k k k k k k k k k k k kkk kkk kkk kkk kkk kkkkkkkkkkkkkkkk He e ke He He He He He e He He ke He He ke ke He He He ke ke ke He He He He ke e He He ke ke ke ke ke ke ke k k k k k k k k k k k k k k k k k k k k k k k kk kk kkk kkk kkk kkk kkk 19 Pr cis Cntp User s Manual ENDRUN TECHNOLOGIES Przecis Cntp User s Manual 20 ENDRUN TECHNOLOGIES Setting Up NTP Clients on Unbclike Platforms uccessfully completed the Basic Installation procedures in Chapter 2 This man ual is not a How To on installing and using NTP basic approaches to NTP client configuration for operation with the Pr cis Cntp will be described It is expected that you ate or have access to a capable Unix Linux system administrator and know more than a little about installing distributions from source code Installation must be performed by a user with mo priviledges on the system If you have never used NTP then you should spend some time reading the on line documents especially the Distri bution Notes FAQ and Configuration subject matter which are available at T configure your Unix like computer to use your Pr cis Cntp you must have s Although all the information is available at the above site the following are excellent tutorials on setting up NTP and are easier to understand
61. l Pr cis Cntp User s Manual 52 ENDRUN TECHNOLOGIES Added PraecisCntp_0 Added PraecisCntp 1 Unmounting root file system partitions now Run cntpenableupgrade again to remount them should you need to re run updatelilo The trailing asterisk following the second line indicates that the LILO configuration file is set to default to the new PraecisCntp_1 root file system that you just installed on root s_1 Now reboot the system by issuing this command at the shell prompt shutdown r now Wait about 30 seconds for the system to shutdown and re boot Then log in to the Pr cis Cntp using telnet or ssh If all has gone well you should be able to log in the usual way After you have entered your password the system message will be displayed You should notice that it now indicates the software version and date of the upgrade that you previously downloaded You can also check this at any time by issuing cntpversion which will cause the system message to be re displayed You can also check to see which root file system image the system is currently booted under by issuing this command at the shell prompt cntprootfs Which should cause this to be printed to the console BOOT _IMAGE PraecisCntp 1 If so and your unit seems to be operating normally you have successfully completed the upgrade If your unit does not boot up successfully and you are not able to telnet or ssh into the system after 30 seconds then there has been so
62. l I O port telnet or ssh and perform these operations Change the working directory to the mp directory cd tmp If you are using ftp to perform the upgrade transfer the previously downloaded file us ing binary transfer mode from the remote host to the working directory mp substitute the name of the CDMA sub system image that your are installing for cdmaupgrade bin ftp remote_host perform ftp login on remote host bin set transfer mode to binary get cdmaupgrade bin transfer the file quit close the ftp session after the transfer If you are using ssh you may open another command window on the remote computer and securely transfer the CDMA sub system image to the mp directory using sep from the remote computer A command like this could be used scp p cdmaupgrade bin root cntp your domain tmp Now issue the following command to the Pr cis Cntp CDMA engine to initiate the upload echo e upload r gt dev ttyS0O This command tells the Pr cis Cntp CDMA engine to enter the waiting for download mode Now issue this command to start the transfer of the binary file using the XMO DEM protocol lsz Xk cdmaupgrade bin lt dev ttyS0O gt dev ttySO 2 gt amp 1 Pr cis Cntp User s Manual 54 ENDRUN TECHNOLOGIES After issuing this command you will have to wait for about one minute for the transfer to complete before the prompt will be re displayed There will be no diagnostic error messages dis
63. les n o y Set the IP address of the primary name server to use for domain your domain Enter primary name server IP address aaa bbb ccc ddd 192 168 1 1 Will your Praecis Cntp be accessing a secondary nameserver y les n o y 13 Pr cis Cntp User s Manual ENDRUN TECHNOLOGIES Set the IP address of the secondary name server to use for domain your domain Enter secondary name server IP address aaa bbb ccc ddd 192 168 1 2 Setting up TCP IP Creating etc HOSTNAME Creating etc rce d rc inetl Creating etc networks Creating etc hosts Creating etc resolv conf He e e He He He He ke e He ke ke ke ke ke e ke ke KEK KKK KKK KEKE k k k k k k k k k k k k k k k k kkk kkk kkk kkk kkk kkkkkkkkkkkkkkkk He e He He He He He He e e He He He He ke He He He He He He ke He He He He ke ke e He ke ke ke ke ke k ke ke k k k k k k k k k k k k k k k k k k k k k kkk kkk kkk kkk kkk kkk kk The Praecis Cntp network configuration has been updated Please re boot now for the changes to take effect 2 He e ke He ke ke He ke ke e ke ke ke ke ke ke ke ke ke k k k ke ke k k k k k k k k k k k k k k k k k k k k kk kk kkk kkk kkk kk kkk kkkkkkkkkkkkkkkkk kkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk He e He He He Fe He ke e He He ke He He ke He He He He He He ke He He He ke ke ke e He He ke ke ke ke ke k k k k k k k k k k k k k k k k k k k k k k k kkk kkk kkk kkk kkk kkk kk Verif
64. ll work with the antenna oriented either way Multipath conditions can also cause another effect signal cancellation Since the wavelength of the signal is only about thirty centimeters movement of the antenna just a few centimeters can sometimes cause significant signal strength changes Initially upon power up 1 The unit will light the red Alarm Status LED for about ten seconds 2 Then it will continuously light the green Lock Status LED 3 When the unit has detected a CDMA signal the green Lock Status LED will begin to flash very slowly about a 4 Hz rate 4 As the unit locks onto the CDMA signal and begins to decode the timing data the green Lock Status LED will flash very rapidly about a 6 Hz rate until the data is fully decoded 5 Then the green Lock Status LED will pulse at precisely a 1 Hz rate synchronized to UTC seconds with a short on duration relative to the off duration At this point the CDMA time and frequency engine has fully synchronized and you may procede to permanently mounting the chassis and antenna in the desired location 7 Pr cis Cntp User s Manual ENDRUN TECHNOLOGIES If this sequence has not occurred within twenty minutes you should move the antenna and or change its orientation and re try If you are unable to find an antenna location where the unit will acquire the CDMA signals you may not have coverage in your area or the signal might be too weak in your facility You should continu
65. m This example gives the simplest configuration to begin using SNMPv3 but doesn t make use of the full capabilities of the VACM in defining groups and views for fine grained access control The factory default et snmpd conf file contains commented blocks of lines that can be uncommented to give you a basic configuration that uses the User based Security Model USM described in RFC 2274 and the View based Access Con trol Model VACM described in RFC 2275 The comments included in the file should help you in modifying it for your specific requirements Pr cis Cntp User s Manual 62 ENDRUN TECHNOLOGIES Appendix Security Jour Pr cis Cntp incorporates several important security features to prevent unauthorized tampering with its operation Many of these are standard mul tiple user access control features of the underlying Linux operating system which controls the Pr cis Cntp Others are provided by the additional protocol servers selected for inclusion in your Pr cis Cntp and the way that they are configured Secure user authentication and session privacy while performing routine monitoring and maintenance tasks are provided by the OpenSSH implementations of the secure shell daemon sshd and its companion secure copy utility sep The UCD SNMP imple mentation of the Simple Network Management Protocol SNMP daemon snmpd conforms to the latest Internet standard known as SNMPv3 which also supports se cure user
66. me kind of problem with the upgrade It is possible that the file downloaded was corrupt or that you forgot to set your FTP download file mode to binary when downloading the file either from the EndRun Technologies website or when transferring it to the Pr cis Cntp Recovering from a Failed Upgrade To restore your Pr cis Cntp to a bootable state using the factory root file system you must use the serial I O port and re boot the Pr cis Cntp by cycling the power Refer to Chapter 1 Connect the Serial I O Port and Test the Serial I O Port for setup details When you have connected your terminal to the serial I O port apply power to the Pr cis Cntp 53 Pr cis Cntp User s Manual ENDRUN TECHNOLOGIES Pay close attention to the terminal window while the unit is re booting When the LILO prompt is displayed you must press the ESC key once on your keyboard within five sec onds to let LILO know that you ate going to enter the name of a root file system label that it should boot in place of the default Now type PraecisCntp 0 This tells LILO to boot the factory root file system Now watch the rest of the boot process to make sure that you have successfully recovered from the failed upgrade If the system boots normally then you should resolve the problems with the previous upgrade and re perform it Performing the CDMA Upgrade To perform this upgrade log in as the root user to the Pr cis Cntp using either the local console seria
67. me reading the on line documents at T configure your Windows NT 4 0 2000 computer to use your Pr cis Cntp you lnttp www ntp org Although all the information is available at the above site the following are excellent tutorials on setting up NTP and ate easier to understand http www sun com solutions blueprints 0701 NTP pdf http www sun com solutions blueprints 0801 NTPpt2 pdf http www sun com solutions blueprints 0901 NTPpt3 pdf Many problems may also be solved by the helpful people who participate in the Internet news group devoted to NTP news our news servet comp protocols time ntp Three methods of using the Pr cis Cntp with NTP clients on Window NT 4 0 plat forms will be described Basic This is the simplest and will operate without MD5 authentication NTP beginners should always perform this setup first 27 Przecis Cntp User s Manual ENDRUN TECHNOLOGIES MD5 This method is trickier only because MD5 keys must be set up and dis tributed accurately to the NTP clients in a secure way The Pr cis Cntp is factory configured to authenticate its replies to NTP MD5 clients using its default set of keys Broadcast Multicast This method simplifies configuration of the clients on large networks since specific server addresses need not be configured in each clients s nnt system32 drivers etc ntp conf file It can be config ured either with or without MD5 authentication However it is highly re
68. municate with the Pr cis Cntp on your network e You have installed NTP on your client computer Configure NTP You must edit the n p conf file which ntpd the NTP daemon looks for by default in the the ef directory Add this line to the ntp conf file server 192 168 1 245 This line tells ntpd to use the NTP server at address 192 168 1 245 in addition to any other servers which might also be configured in the client s p conf file Re start ntpd to have it begin using the Preecis Cntp server Use the NTP utility ntpq to check that ntpd is able to communicate with the Pr cis Cntp After issuing the com mand ntpq you will see the ntpq command prompt ntpq gt Pr cis Cntp User s Manual 22 ENDRUN TECHNOLOGIES Use the command peers to display the NTP peers which your computer is using One of them should be the Pr cis Cntp server which you have just configured You should verify that it is being reached You may have to continue issuing the peers command for a minute or two before you will see the reach count increment If you have other peers configured verify that the offset information for the Pr cis Cntp server peer and your other peers is in agreement to within a few milliseconds assuming that the other peers are synchro nized to that level of accuracy It may also be useful to start the NTP daemon in debug mode ntpd d to confirm successful configuration Refer to the NTP documentation fo
69. nable the upgrade partition by issuing this command at the shell prompt cntpenableupgrade This command will mount the FLASH disk root file system partitions Now change the working directory to the upgrade partition cd rootfs 1 Now remove any previously installed root file system image that may be on the upgrade partition rm rootfs_ 1 gz If you are using ftp to perform the upgrade transfer the previously downloaded file using binary transfer mode from the remote host to the working directory rooffs_7 us ing FTP substitute the name of the root file system image that your are installing for rootfsupgrade g2 ftp remote_host perform ftp login on remote host bin set transfer mode to binary get rootfsupgrade gz transfer the file quit close the ftp session after the transfer If you are using ssh you may open another command window on the remote computer and securely transfer the root file system image using sep from the remote computer A command like this could be used scp p rootfsupgrade gz root cntp your domain rootfs_ 1 Now you must leave the rooffs_1 directory in order to execute the updatelilo com mand and complete the upgrade cd root Update the LILO configuration by executing this shell script substitute the name of the root file system image that your are installing for rooffsupgrade gz boot updatelilo 1 rootfsupgrade gz You should see these lines displayed if the update is successfu
70. nd build date of the Pr cis Cntp Usage Query cntpversion Pr cis Cntp response Praecis Cntp 6010 0002 000 v 1 00 Wed Jan 16 22 38 21 UTC 2002 inetdconfig This command starts an interactive shell script that will allow the user to configure the list of protocol servers which are started by the inetd server daemon running in the Pr cis Cntp Four protocol servers may be configured TIME DAYTIME TELNET and SSH By default the unit is configured to start all of these protocol servers If you need to disable start up of some or all of these e g for security reasons you must run this script as root from either the RS 232 serial I O port or from a telnet or ssh ses sion This script modifies the e c inetd conf file which is non volatilely stored in the FLASH disk boot ete directory You must re boot the Pr cis Cntp after running this script for the changes to take effect Usage Set inetdconfig Pr cis Cntp response interactive shell script is started netconfig This command starts an interactive shell script that will allow the user to configure the IP network sub system of the Pr cis Cntp By default the unit is configured to config ure itself using the Dynamic Host Configuration Protocol DHCP If you need to set up static IP configuration you must run this script as roof from the RS 232 serial I O 45 Pr cis Cntp User s Manual ENDRUN TECHNOLOGIES port during the installation process Refer to Chapter 2
71. ndard distribution from the site It has been patched with the security update 4 0 99k23 which corrects a security flaw in the remote control sub system By factory default remote control of the NTP daemon ntpd is disabled Query only op eration is supported from the two NTP companion utilities ntpq and ntpde Control via these two utilities is disabled in the e c ntp conf file in two ways First MD5 authentication keys are not defined for control operation via a requestkey or controlkey dec laration Second this default address restriction line is present in the file restrict default notrust nomodify This line eliminates control access from ALL hosts Query access is not affected by this restriction Knowledgable NTP users who would like to customize the security aspects of the configuration of the NTP daemon in the Pr cis Cntp should edit the etc ntp conf file directly and then copy it to the boot et directory Be sure to retain the ownership and permissions of the original file by using ep p when performing the copy If you ate planning to make changes to the e c ntp conf file you must not restrict query access from the local host to the NTP daemon Various system monitoring processes running on the system require this access Pr cis Cntp User s Manual 66 ENDRUN TECHNOLOGIES Lithium Battery Replacement board computer sub system component This battery is of user servicable and your Preecis Cntp should be returned t
72. o the factory should its replacement be come necessary 3 J our Pr cis Cntp incorporates a lithium battery on its IBM PC compatible single 67 Przecis Gntp User s Manual ENDRUN TECHNOLOGIES Przecis Gntp User s Manual 68 ENDRUN TECHNOLOGIES Appendix Specifications CDMA Receiver e AMPS Mobile Receive Band 869 894 MHz e TIA EIA IS 95 CDMA Pilot and Sync channels Antenna e SMA jack on rear panel Z 50Q e 824 896 MHz magnetic base 4 2 monopole with integral 12 ft RG 58 U cable and SMA plug Local Oscillator TCXO OCXO or Rubidium options Time to Lock lt 5 minutes typical Network I O rear panel RJ 45 jack 10 100Base T ethernet System Status Indicators front panel e Lock LED green indicator that pulses to indicate the current CDMA acquisition and lock status e Link LED amber indicator that illuminates when the ethernet connection is up e Activity LED amber indicator that flashes when ethernet packets are received or transmitted e Alarm LED red indicator that illuminates when a serious fault condition exists Linux Maintenance Console RS 232 serial I O on rear panel DB9M jack for secure local terminal access Parameters fixed at 19200 baud 8 data bits no parity 1 stop bit For communication with another computer 2 meter DB9F DBO9F null modem adapter cable is included 69 Przecis Gntp User s Manual ENDRUN TECHNOLOGIES NTP Client Synchronization Accuracy Networ
73. ommand Pr cis Cntp User s Manual 28 ENDRUN TECHNOLOGIES ntpq you will see the ntpq command prompt ntpq gt Use the command peers to display the NTP peers which your computer is using One of them should be the Pr cis Cntp server which you have just configured You should verify that is is being reached You may have to continue issuing the peers command for a minute or two before you will see the reach count increment If you have other peers configured verify that the offset information for the Pr cis Cntp server peer and your other peers is in agreement to within a few milliseconds assuming that the other peers are synchro nized to that level of accuracy It may also be useful to start the NTP daemon in debug mode ntpd d to confirm successful configuration The debug version of the NTP daemon is located in the debug sub directory of your NTP directory Refer to the NTP documentation for detailed us age of these debug utilities MD5 Authenticated NTP Client Setup MD5 authenticated setup is relatively simple if e You have been able to successfully communicate with the Pr cis Cntp on your network e Your Pr cis Cntp has been configured to perform authentication either by fac tory default or by running the ntpcontfig shell script The example Pr cis Cntp authentication configuration shown in Chapter 2 Configuring the Network Time Protocol will be assumed in the example configuration comm
74. ompt and check the other configuration parameters using ifconfig Praecis Cntp gt ifconfig eth0 Link encap Ethernet HWaddr 00 D0 C9 11 33 41 inet addr 192 168 1 245 Bcast 192 168 1 247 Mask 255 255 255 248 UP BROADCAST RUNNING MULTICAST MTU 1500 Metric 1 RX packets 3779 errors 0 dropped 0 overruns 0 frame 0 TX packets 727 errors 0 dropped 0 overruns 0 carrier 0 collisions 0 txqueuelen 100 Interrupt 5 Base address 0x300 lo Link encap Local Loopback inet addr 127 0 0 1 Mask 255 0 0 0 UP LOOPBACK RUNNING MTU 3924 Metric 1 RX packets 170 errors 0 dropped 0 overruns 0 frame 0 TX packets 170 errors 0 dropped 0 overruns 0 carrier 0 collisions 0 txqueuelen 0 Pay particular attention to the settings shown for eth0 and in particular the Mask set ting which should match that which is appropriate for your network Now check the remaining configuration parameters using route Praecis Cntp gt route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface localnet 255 255 255 248 U 0 0 0 eth0 loopback 255 0 0 0 U 0 0 0 lo default 192 168 1 241 0 0 0 0 UG 1 0 0 eth0 Here you are interested in the default gateway address It should match the appropriate one for your network If so then the ethernet interface of your Pr cis Cntp has been succesfully configured to operate on your network and you are ready to check operation of the Pr cis Cntp over the network If not you should re check your configuration and or
75. onics lt 45 dBc 5 MPPS TTL squarewave 500 1MPPS TTL squarewave 50Q Time Code TTL IRIG B022 DC shift TTL 500 e o Power e 85 270 VAC 47 63 Hz 5 A Max 120 VAC 25 A Max 240 VAC e 110 370 VDC 0 5A Max 120 VDC e 3 Pin IEC 320 on rear panel 2 meter line cord is included Size e Chassis 1 75 H x 17 0 W x 10 75 D e Antenna 14 H x 2 0 Dia at base Weight lt 5 Ib 2 70 kg Environmental e Temperature 0 to 50 C e Humidity 0 to 95 non condensing CE FCC Compliance RTTE Directive 99 5 EC Low Voltage Directive 73 23 EC EMC Directive 89 336 EC With Amendment 93 68 EC Supplementary Compliance Data e Safety EN 60950 1992 A1 A2 1993 A3 1995 A4 1997 A11 1998 e EMC EN 55024 1998 EN61000 3 2 1995 w A1 amp A2 98 EN61000 3 3 1995 w A1 98 EN55022 1998 w A1 00 Class A VCCI April 2000 Class A CISPR 22 1997 Class A PCC Part 15 Subpart B Section 15 109 Class A ICES 003 Class A ANSI C63 4 1992 AS NZS 3548 w A1 amp A2 97 Class A 71 Przecis Gntp User s Manual ENDRUN TECHNOLOGIES Przecis Gntp User s Manual 72
76. played if the upload is successful Following a successful upload you will see the front panel ALARM and LOCK LEDs go through the start up sequence After about one minute you should query the CDMA firmware version using the com mand cdmaversion The new version information should be displayed Problems with the CDMA Upgrade Should you have difficulties with the upgrade due to a corrupt file power failure dur ing upload or other accident do not be alarmed Even though you may have lost the existing application program the Pr cis Cntp CDMA engine boot loader program will remain intact On boot up it will check to see if a valid application program is in the FLASH memory If there is not it will immediately go into the waiting for download mode You may verify this by issuing this command cat lt dev ttys0 You should now see the C character being received every three seconds This is the character that the Preecis Cntp CDMA engine boot loader sends to indicate to the XMO DEM utility that it is wating for a download You may now re try the upload procedure assuming that you have corrected any original problem with the binary file First kill the cat command by typing CTRL C You should see a command prompt Now issue this command to start the transfer of the binary file using the XMODEM protocol lsz Xk cdmaupgrade bin lt dev ttyS0O gt dev ttySO 2 gt amp 1 55 Pr cis Cntp User s Manual ENDRUN TECHNOL
77. r numbers implying higher TCXO frequency Typical range is 20000 to 38000 is the carrier Signal to Noise Ratio 0 00 to 99 9 measured in the Sync Channel symbol rate bandwidth Typical range is 2 5 to 11 0 is the Sync Channel Frame Error Rate 0 000 to 1 000 with a higher number implying more Cyclical Redundancy Check failures when 39 Pr cis Cntp User s Manual ENDRUN TECHNOLOGIES processing the Sync Channel message frames Higher numbers will correlate with lower Signal to Noise Ratios FLIS is the fault status which displays the current summary status of the CDMA timing sub system The summary status is contained in sixteen bits which are displayed in four hexadecimal characters Assertion of any of these bits will also be indicated by illumination of the red LED Each bit of each character indicates the status of a sub system component Bit 0 FLASH Write FPGA Config No Signal DAC Control aul d Time Qu O et R an oe Loca Local Events ron DAC Control Over Range This bit indicates that the electronic frequency control DAC for the oscillator has reached either the high 55000 or low 10000 limit while locked to the CDMA signal Unless the unit is being subjected to out of specification environmental conditions this would indicate that the oscillator frequency has drifted near to the end of life region This should normally only occur after about ten years of operation The unit will continue to function until
78. r detailed usage of these debug utilities MD5 Authenticated NTP Client Setup MD5 authenticated setup is relatively simple if e You have been able to successfully communicate with the Pr cis Cntp on your network e Your Precis Cntp has been configured to perform authentication either by fac tory default or by running the ntpconfig shell script The example Pr cis Cntp authentication configuration shown in Chapter 2 Configuring the Network Time Protocol will be assumed in the example configuration commands shown here e You have installed NTP on your client computer e You have successfully performed the Basie NTP Client Setup on your client com puter Create the ntp keys file You must create a file named n p keys in the ef directory It must be a copy of the one residing in the e directory of your Pr cis Cntp You can telnet into your Pr cis Cntp and start an ftp session with your client computer to send the Pr cis Cntp s etc ntp keys file to your client computer use the secure copy utility sep or you can just use a text editor on your client computer to create an equivalent file 23 Pr cis Cntp User s Manual ENDRUN TECHNOLOGIES Handling of the etc nip keys file is the weak link in the MD5 authentication scheme It is very important that it is owned by 7002 and not readable by anyone other than 7007 After transferring the file by ftp and placing it in the e directory on the client com puter iss
79. repeat the netconfig procedute If you have configured a nameserver s for your network you may check that by issuing this shell command Praecis Cntp gt cat etc resolv conf search your domain nameserver 192 168 1 1 nameserver 192 168 1 2 Which displays the contents of the ef resoluconf file containing your domain name and the nameserver IP address es to use for that domain 15 Pr cis Cntp User s Manual ENDRUN TECHNOLOGIES Check Network Operation With your Pr cis Cntp network parameters properly configured you are ready to test the setup using ping from a server or workstation that is able to access the network connected to the Pr cis Cntp Alternatively you could ping one of your servers or workstations from the Pr cis Cntp shell prompt to test the setup Once you have successfully established network communications with the Praecis Cntp you may perform all maintenance and monitoring activities via telnet and ftp The Pr cis Cntp provides both client and server operation using telnet For security rea sons as well as to reduce the memory footprint in the Pr cis Cntp only client operation is supported using ftp Security conscious users will want to use ssh the secure shell replacement for telnet as the login means The companion utility sep provides a secure replacement for tp as a means of transferring files to and from the Praecis Cntp Both of these protocols are supported in the Praecis Cntp via the Open
80. service or repair this product must be returned to EndRun Technologies Buyer shall prepay shipping charges to EndRun Technologies and EndRun Technologies shall pay shipping charges to return the product to Buyer However Buyer shall pay all shipping charges duties and taxes for products returned to EndRun Technologies from another country Products not manufactured by EndRun Technologies but included as an integral part of a system e g peripherals options are warranted for ninety days or longer as provided by the original equipment manufacturer from date of shipment Extended Warranty The standard warranty may be extended beyond the standard two year period A record of warranty extensions is documented on the sales order for the product purchased All other conditions of the standard warranty apply for the extended period Limitation of Warranty The foregoing warranty shall not apply to defects resulting from improper or inadequate maintenance by Buyer Buyer supplied software or interfacing unauthorized modification or misuse operation outside of the environmental specifications for the product or improper site preparation or maintenance NO OTHER WARRANTY IS EXPRESSED OR IMPLIED ENDRUN TECHNOLOGIES SPECIFICALLY DISCLAIMS THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE Warranty Repair If you believe your equipment is in need of repair call EndRun Technologies and ask for a customer service a
81. sion egcs 2 91 66 19990314 Linux egcs 1 1 2 release 8 Thu Dec 28 12 59 41 PST 2000 Calibrating delay loop 66 56 BogoMIPS Memory 12960k 16384k available 564k kernel code 440k reserved 356k data 28k init Checking if this processor honours the WP bit even in supervisor mode Ok CPU AMD Am5x86 WB stepping 04 Checking 386 387 coupling OK FPU using exception 16 error reporting Checking hlt instruction OK POSIX conformance testing by UNIFIX Linux NET4 0 for Linux 2 2 Based upon Swansea University Computer Society NET3 039 NET4 Unix domain sockets 1 0 for Linux NET4 0 NET4 Linux TCP IP 1 0 for NET4 0 IP Protocols ICMP UDP TCP Starting kswapd v 1 5 Serial driver version 4 27 with no serial options enabled ttysS00 at 0x03f8 irq 4 is a 16550A ttyS01 at 0x02f8 irq 3 is a 16550A RAM disk driver initialized 16 RAM disks of 8192K size Flash disk driver for DiskOnChip2000 Copyright C 1998 2000 M Systems Flash Disk Pioneers Ltd Copyright C 2000 Lineo DOC device s found 1 Fat Filter Enabled ne c v1 10 9 23 94 Donald Becker becker cesdis gsfc nasa gov NE 000 ethercard probe at 0x340 00 d0 c9 11 33 41 eth0 NE2000 found at 0x340 using IRQ 10 fl geninit registered device at major 100 partition 0 start sect 0 nr_sects 3e30 Fl blk _size 1 18kb partition 1 start sect 0 nr sects 0 Fl_blk_size Okb Partition check fla flal fla2 fla3 fla4 RAMDISK Compressed image found at block 0 Pr cis
82. ternal timebase may take values ranging from 6 to 9 6 time error is lt 100 us 7 time error is lt 1 ms 8 time error is lt 10 ms 9 time error is gt 10 ms unsynchronized state if never been locked to CDMA 43 Pr cis Cntp User s Manual ENDRUN TECHNOLOGIES Refer to Time Figure of Merit at the end of this section for a detailed description of the meaning of this number YEAR is the year of the UTC timestamp of most recent NTP polling request received by the CDMA engine from the NTP reference clock driver DOY is the day of year of the UTC timestamp of most recent NTP polling request received by the CDMA engine from the NTP reference clock driver HH MM amp SS sssssssss is the hour minute second subsecond UTC timestamp of the most recent NTP polling request received by by the CDMA engine from the NTP daemon reference clock driver LS is the current number of leap seconds difference between the UTC and GPS timescales 13 at the time of this writing Usage Query cntpstat Preecis Cntp response LOCKED TO CDMA Offset 0 000024 TFOM 6 2001 092 06 03 10 904312858 13 cntptimemode This command displays the current time mode settings for any optional timecode out puts or the front panel vacuum fluorescent display The displayed Local Time Offset from UTC is valid in either of the two LOCAL modes but the Daylight Savings Time DST Start Stop parameters are only valid in the LOCAL MANUAL mode A posi tive
83. the ash shell prompt This shell script will prompt you for the needed information and perform some syntax checking on yout inputs Then it will create or modify the appropriate files needed to configure the ethernet interface The following sections will guide you in setting up communications with the Precis Cntp using its RS 232 serial I O port Connect the RS 232 Serial I O Port You will need to use the RS 232 serial I O port if your network does not support the Dynamic Host Configuration Protocol DHCP In that case you must be able to configure the Pr cis Cntp network parameters manually using the Linux console shell interface which is provided by this serial I O port Under certain conditions you may also need to use the RS 232 serial I O port if you encounter a problem while upgrading the firmware in your Pr cis Cntp To test serial communications with the Pr cis Cntp you will need either a VT100 compatible terminal or a terminal emulation program run ning on your computer We will refer to either of these as terminal for the remainder of this instruction 1 Disconnect power from the Preecis Cntp 2 Connect one end of the DB9F to DB9F null modem adapter cable to the serial I O jack on the Pr cis Cntp 3 Connect the other end of the DB9F to DB9F null modem adapter cable to the terminal If the serial I O port on your terminal does not have a DB9M con nector you may need to use an adapter Refer to Appendix A RS 232
84. ting or encrypting session data any number of man in the middle data corruption replacement exploits were possible in addition to plain old snooping to learn the community names SNMPv3 57 Pr cis Cntp User s Manual ENDRUN TECHNOLOGIES implements the User based Security Model USM defined in RFC 2274 which employs modern cryptographic technologies to both authenticate multiple users and to encrypt their session data for privacy much in the same way that SSH does for remote login shell users In addition it implements the View based Access Control Model VACM defined in RFC 2275 This RFC defines mechanisms for limiting the access of multiple users having various security levels no authentication authentication or authentication plus privacy to specific views of the Structure of Management Information SMI object tree Enterprise Management Information Base MIB In addition to providing the SNMP variables contained in MIB II as described in RFC 1213 EndRun Technologies has implemented an enterprise MIB using the syntax of the SMI version 2 SMIv2 as described in RFC 2578 ENDRUNTECHNOLOGIES MIB Which is located on your Pr cis Cntp in this ASCII file usr local share snmp mibs ENDRUNTECHNOLOGIES MIB xt In addition to a complete set of NTP and CDMA status objects the MIB defines four SMIv2 notification objects e NTP Leap Indicator Bits status change e NIP Stratum change e CDMA Fault Status change e CDMA T
85. to display the characteristics of the client server associations In the auth column of the display you should see OR for the row corresponding to the Pr cis Cntp server If you see bad you should wait a few minutes to be sure that there is a problem since bad is the initial state of this setting If the bad indication persists then you must check your configuration for errors Typically this is due to a typing error in creating the winnt system32 drivers etA ntp keys file on the client that causes a mismatch between the keys being used by the server and client If you transfer the file by ftp or sep this shouldn t be a problem It is also possible to have a typing error in the winnt system32 drivers ete ntp conf file that causes the needed key to not be included in the trustedkey list Broadcast Multicast NTP Client Setup Broadcast multicast client setup is relatively simple if e You have been able to successfully communicate with the Pr cis Cntp on your network e Your Pr cis Cntp has been configured to perform broadcasts or multicasts by running the ntpconfig shell script This is not the factory default configura tion so be sure to run ntpconfig If you are going to use MD5 authentica tion your Pr cis Cntp must have been configured to operate with authentica tion in the broadcast multicast mode and you must know which of the trusted keys it is using for broadcast multicast operation
86. to protocol server daemons such as in telnetd snmpd or sshd may be controlled by the tepd daemon and etc hosts allow and ete hosts deny e Risky protocols like TIME DAYTIME and TELNET may be completely disabled by configuration of the inetd super server daemon The last two topics are supported on the Pr cis Cntp by a pair of shell scripts which ease configuration for the inexperienced user of Unix like operating systems These are accessconfig and inetdconfig accessconfig modifies two files which are used by tepd and the standalone daemon snmpd to determine whether or not to grant access to a requesting host e c hosts allow and etc hosts deny These two files may contain configuration information for a number of protocol servers but in the Pr cis Cntp only access control to the protocol server daemons in telnetd sshd and snmpd is configured As shipped from the factory these two files are empty When the user runs access config these lines are added to the et hosts deny file in telnetd ALL sshd ALL snmpd ALL This tells tepd to deny access to in telnetd and sshd to all hosts not listed in the etc hosts allow file The snmpd daemon also parses this file itself prior to granting ac cess to a requesting host Then the user is prompted to enter a list of hosts that will be granted access to in telnetd sshd and snmpd These appear in the etc hosts allow as lines like this in telnetd 192 168 1 2 192 168 1 3 ssh
87. ue these two commands at the shell prompt chown root root etc ntp keys chmod 600 etc ntp keys Configure NTP You must edit the w p conf file which ntpd the NTP daemon looks for by default in the ete directory Assuming that you have created two trusted keys as shown in the example in the previous chapter add these lines to the end of the p conf file keys etc ntp keys trustedkey 1 2 Modify the line added previously in Basie NIP Chent Setup so that authentication will be used with the Pr cis Cntp server using one of the trusted keys in this case key 1 server 192 168 1 245 key 1 Re start ntpd to have it begin using the Pr cis Cntp server with MD5 authentication Use the NTP utility ntpq to check that ntpd is able to communicate with the Pr cis Cntp After issuing the command ntpq you will see the ntpq command prompt ntpq gt Use the command peers to display the NTP peers which your computer is using One of them should be the Preecis Cntp server which you have just configured You should verify that it is being reached You may have to continue issuing the peers command for a minute or two before you will see the reach count increment You can verify that authentication is being used by issuing the command associations Pr cis Cntp User s Manual 24 ENDRUN TECHNOLOGIES to display the characteristics of the client server associations In the auth column of the display you should s
88. unless the unit is subjected to out of specification environmental conditions Otherwise this would be a fatal fault and the unit should be returned to the factory for repair This bit indicates that the Local Oscillator Phase Locked Loop PLL synthesizer has failed This condition should not normally occur unless the unit is subjected to out of specification environmental conditions This is a fatal fault and the unit should be returned to the factory for repair This bit indicates that the CDMA timing sub system is not receiving polling request from the NTP sub system This could be due to a hardware or software failure If the condition persists after cycling the power to the unit this is a fatal fault and the unit should be returned to the factory for repair The example response indicates that there has been a period without tracking a CDMA signal that exceeded the time out period that there was a FLASH Write Fault and that there is a Local Oscillator PLL fault Usage Query Pr cis Cntp response cdmastat LOCKED TFOM 6 2001 092 04 48 56 347916732 13 8 1 132 179 28605 8 6 0 000 001A 41 Pr cis Cntp User s Manual ENDRUN TECHNOLOGIES cdmaversion This command displays the firmware and hardware versions of the CDMA sub sys tem Usage Query cdmaversion Pr cis Cntp response F W 2 00 FPGA 06 cntpenableupgrade This command mounts the two FLASH disk root file system partitions as part of the firmware upgra
89. ust find it and edit it Add these lines to the end of the mzp conf file keys winnt system32 drtivers etc ntp keys trustedkey 1 2 Modify the line added previously in Basie NIP Client Setup so that authentication will be used with the Preecis Cntp server using one of the trusted keys in this case key 1 server 192 168 1 245 key 1 Re start ntpd exe to have it begin using the Pr cis Cntp server with MD5 authentica tion By default the NTP installation program installs ntpd exe as a service called Network Time Protocol and starts it You must use the Services utility in Control Panel to stop the Network Time Protocol service and then re start it Use the NTP utility ntpq exe to check that ntpd exe is able to communicate with the Pr cis Cntp By default it is installed in the Program Files Network Time Protocol sub directory of your Windows NT partition From a console window after issuing the command ntpq you will see the ntpq command prompt ntpq gt Use the command peers Pr cis Cntp User s Manual 30 ENDRUN TECHNOLOGIES to display the NTP peers which your computer is using One of them should be the Pr cis Cntp server which you have just configured You should verify that is is being reached You may have to continue issuing the peers command for a minute or two before you will see the reach count increment You can verify that authentication is being used by issuing the command associations
90. with the Pr cis Cntp over the network using telnet or ssh and synchronize your network computers to UTC using NTP Using netconfig to Set Up Your IP The following is a sample transcript which illustrates the use of netconfig The entries made by the user are underlined and are provided purely for illustrative purposes You must provide equivalent entries that are specific to your network Those shown here are appropriate for a typical network that does not use DHCP Start the configuration process by typing netconfig at the shell prompt Praecis Cntp gt netconfig Pr cis Cntp User s Manual 12 ENDRUN TECHNOLOGIES He e e He He Fe He He e He He He He He ke ke He He KEKE KKK KKK KKK ke ke KEK ke ke k k k k k k k k k k KE k k k k k k k k k k k k k kkk kkk kkk kkk kkk kkkkkkkkkkkkkkkkkkkk Draecis Cntp Network Configuration ee eee dede dedede de k k k k k k Fe e e e e e e e e e e e e e e e e e e e e e e e e e e e e KKK KKK KK e He He He e e He e e e e e RR e E e k ke ke ke k k kk kk kkk kkk kkk kkk kkk This script will configure the TCP IP network parameters for your Praecis Cntp You will be able to reconfigure your system at any time by typing netconfig The settings you make now will not take effect until you restart your Praecis Cntp so if you make a mistake just re run this script before re booting You will be prompted to enter your network parameters now FF FF FF FF FH HH HH OO He e e He He He Fe He e e He
91. word PraecisO Passwords and passphrases must have a minimum of 8 characters or you will not be able to be authenticated You must kill the snmpd process prior to editing boot ucd snmmp snmpd conf Otherwise the secret key creation may not complete properly Issue the command ps e to have the operating system display the list of running processes Look for the PID of the snmpd process and issue the kill command to stop it For example if the PID listed for the snmpd process is 53 then you would issue this command kill 53 You can verify that the process was terminated by re issuing the ps e command 61 Pr cis Cntp User s Manual ENDRUN TECHNOLOGIES After re booting the agent will read the boot ucd snmp snmpd conf configuration file and compute secret key s for each of the users and delete the createUser lines from the file It will then write the secret key s to the file These lines begin with the string usmUser In this way un encrypted passwords are not stored on the system The encryption algorithms used by the agent are dependent upon the IP address of the Preecis Cntp Because of this new keys must be generated anytime your Pr cis Cntp s IP address is changed It also means that you cannot use the same boot ucd snmp snmpd conf file with multiple Pr cis Cntp units To generate new keys stop the snmpd process delete the existing usmUser key lines from the file and then add new createUser lines Then re boot the syste
92. y Network Configuration If you have made changes to your network configuration using netconfig you should shutdown the Pr cis Cntp and re boot it There are two ways to do this 1 Cycle power to the Pr cis Cntp 2 Issue the shutdown with re boot command at the shell prompt Praecis Cntp gt shutdown r now If you are using the RS 232 serial I O port to communicate with the Pr cis Cntp you will be able to see the kernel generated boot messages when the unit re boots You should note the line Configuring ethO as 192 168 1 245 if you have set up a static IP address or this line Attempting to configure eth0 by contacting a DHCP server if you ate using DHCP It appears near the end of the kernel generated boot mes sages If you ate using DHCP and ate not using the RS 232 serial I O port you will have to check the DHCP configuration information maintained by your DHCP server to de termine the expected IP address and log in to the Pr cis Cntp using telnet or ssh to verify successful DHCP configuration Refer to the subsequent topics in this section Using Telnet and Using SSH for details on logging in to the Pr cis Cntp that way Once you have logged in you may perform the following checks Pr cis Cntp User s Manual 14 ENDRUN TECHNOLOGIES If you are not using DHCP the IP address shown should match the static IP address which you entered during the netconfig procedure If so log in as root at the login pr
Download Pdf Manuals
Related Search