Western Telematic AFS-16-1 User's Manual
Contents
1. 0c eee eee eee 5 10 5 3 3 2 The Temperature Log 0 cee ee 5 10 5 3 3 3 Reading and Erasing Logs eee eee ee 5 10 5 3 4 Callback Security ee 5 11 5 3 5 Scripting Options 0 eee as 5 13 5 3 5 1 Automated Mode cece 5 14 5 4 User ACCOUNTS irst tie hes depo IRE obs We ba Aqu RE Wiles 5 15 5 4 1 Command Access Levels 0000 c eects 5 15 5 4 2 Granting Circuit Module Access 00 0 0 eects 5 16 5 5 Managing User AccountsS 0 0 c cece ett teeta 5 17 5 54 Viewing User Accounts ee 5 17 5 5 2 Adding User Accounts 2 22 isses rr ken 5 17 5 5 8 Modifying User Accounts 0006 c cece tenes 5 19 5 5 4 Deleting User Accounts 0 0 cece eh 5 19 5 6 Circuit Configuration essas aaaeeeaa 5 20 iii Table of Contents 5b Basic Configuration continued 5 7 The Circuit Group Directory lisse n 5 21 5 7 1 Viewing Circuit Groups 6 tte 5 21 5 7 2 Adding Circuit Groups llle 5 22 5 7 3 Modifying Circuit Groups 0 ee eh 5 22 5 7 4 Deleting Circuit Groups 2 2 esee 5 22 5 8 Serial Port Configuration isle nes 5 23 5 8 1 RS232PortModes ssssssseses een 5 23 5 8 2 The Serial Port Configuration Menu sss eere 5 23 5 9 Network Configuration l i n 5 25 5 9 1 Network Port Parameters lsseleleeee ee 5 26 5 9 8 Network Paramete2. SuperUser User or ViewOnly For more information on Command Access Levels please refer to Section 5 4 1 and Section 17 2 Default User 5 38 Basic Configuration Circuit Access Selects the default Circuit Access setting for new TACACS users The Circuit Access setting determines which Circuit Module s each account will be allowed to control Defaults Administrator and SuperUser All Circuits On User All Circuits Off ViewOnly All Circuits Off Notes Administrator and SuperUser level accounts always have access to all circuits User level accounts will only have access to the circuits that are defined via the Circuit Access parameter ViewOnly accounts are not allowed to invoke switching commands Circuit Group Access Selects the default Circuit Group Access setting for new TACACS users For more information on Circuit Groups please refer to Section 5 6 Defaults Administrator and SuperUser All Circuit Groups On User All Circuit Groups Off ViewOnly All Circuit Groups Off Notes In order to use this feature Circuit Groups must first be defined as described in Section 5 6 Administrator and SuperUser level accounts will always have access to all Circuit Groups User Level accounts will only have access to the Circuit groups that are defined via the Circuit Group Access parameter ViewOnly accounts are not allowed to invoke switching commands Service Access Selects th
3. Default Off 5 40 Basic Configuration 5 9 10 1 Dictionary Support for RADIUS The RADIUS dictionary file can allow you to define a user and assign command access rights and port access rights from a central location The RADIUS dictionary file dictionary wti is included on the CDROM along with this user s guide To install the dictionary file on your RADIUS server please refer to the documentation provided with your server some servers will require the dictionary file to reside in a specific directory location others will require the dictionary file to be appended to an existing RADIUS dictionary file The WTI RADIUS dictionary file provides the following commands WTI Super Sets the command access level for the user This command provides the following arguments 0 ViewOnly 1 User 2 SuperUser 3 Administrator For example in order to set command access level to SuperUser the command line would be WTI Super 2 WTI Circuit Access Determines which circuit s the user will be allowed to access This command provides an argument that consists of a four character string with one character for each the AFS 16 s Circuit Modules The following options are available for each switched circuit 0 Off Deny Access 1 On Allow Access For example to allow access to Circuits 2 and 4 the command line would be WTI Circuit Access 0101 WTI Group Access Determines which Circuit Group s the user will
4. Enter Where c The number or name of the Circuit s or Circuit Group s that you wish to switch to the A position To apply the command to several Circuits enter a plus sign between each Circuit number To apply the command to a range of Circuits enter the numbers for the first and last Circuits in the range separated by a colon character To apply the command to all Circuits allowed by your account enter an asterisk character Fei Optional Suppresses the command confirmation prompt Example Assume that your account allows access to Circuit 2 and Circuit 3 To switch Circuits 2 and 3 to the A position without displaying the optional command confirmation prompt invoke the following command line TA 2 3 Y Enter TB Toggle to B Position Toggles a Circuit or a Circuit Group to the B position Note When this command is invoked in Administrator Mode or SuperUser Mode it can be applied to all AFS 16 Circuits and Circuit Groups When this command is invoked in User Mode it can only be applied to the Circuits and or Circuit Groups that have been enabled for your account Availability Administrator SuperUser User Format TB c Y Enter Where c The number or name of the Circuit s or Circuit Group s that you wish to switch to the B position To apply the command to several Circuits enter a plus sign between each Circuit number To apply the command to a range of Circuits enter the num
5. In addition the Serial Port Configuration menu can also be used to set communications parameters disable Administrator level commands and also select a number of other Serial Port Parameters described in Section 5 8 2 When responding to prompts invoking commands and selecting items from port configuration menus note the following Configuration menus are only available to Administrator level accounts f you are configuring the AFS 16 via modem modem parameters will not be changed until after you exit command mode and disconnect from the unit 5 8 1 RS232 Port Modes The AFS 16 offers two different serial port operation modes Normal Mode Allows local communication via the Control Module s RS232 Serial Port Modem Mode Sets up the Control Module s RS232 Port for connection to an optional external modem Allows definition of a Hang Up String Reset String and Initialization String 5 8 2 The Serial Port Configuration Menu The Serial Port Configuration menu allows the following parameters to be defined Note that all of these parameters are available via both the Text Interface and Web Browser Interface and that parameters selected via one interface are also applied to the other Notes e Configuration menus are only available to Administrator level accounts When configuring the AFS 16 via modem Modem Mode parameters will not be changed until after you exit command mode and disconnect from the unit Communicat
6. Place the cursor over the Logs link on the left hand side of the screen wait for the fly out menu to appear To view the Temperature Log click on the Temperature Log Display link to download the Temperature Log click on the Temperature Log download link Note n the Text Interface the following commands are also available Press Enter to display the next screen full of data Press Esc to exit from the log menu and return to the command prompt Type E and press Enter to erase the Temperature Log 9 Operation As discussed in Section 5 the AFS 16 offers two separate command interfaces the Web Browser Interface and the Text Interface also known as the Command Line Interface or CLI Both interfaces offer essentially the same command options and features and in most cases parameters defined via the Web Browser Interface will also apply when communicating via the Text Interface and vice versa 9 1 A B Switching Web Browser Interface When using the Web Browser Interface A B switching commands are invoked via the Circuit Control Screen and Circuit Group Control Screen 9 1 1 The Circuit Control Screen Web Browser Interface The Circuit Control Screen lists the current A B status of the AFS 16 s Circuit Modules and is used to control switching and rebooting of each A B circuit To perform A B switching or set circuits to user defined default states proceed as follows 1 Access the AFS 16 Comma
7. Start FTP SFTP Servers and Save Parameters you may then reestablish a connection with the AFS 16 using your former IP address e f you initially selected Start FTP SFTP Servers and Default Parameters you must then login using the AFS 16 s default IP address Default 192 168 168 168 or access command mode via Serial Port 1 or via Modem When firmware upgrades are available WTI will provide the necessary files At that time an updated Users Guide or addendum will also be available 16 2 17 Command Reference Guide 17 1 Command Conventions Most commands described in this section conform to the following conventions Text Interface Commands discussed in this section can only be invoked via the Text Interface These commands cannot be invoked via the Web Browser Interface Slash Character Most AFS 16 Text Interface commands begin with the Slash Character Apply Command to All Circuits When an asterisk is entered as the argument of the T Toggle TA Toggle to A or TB commands Toggle to B the command will be applied to all circuits For example to switch all circuits to A type TA Enter Circuit Name Wild Card It is not always necessary to enter the entire circuit name Circuit names can be abbreviated in command lines by entering the first character s of the name followed by an asterisk For example a circuit named SERVER could be specified as S Note however that this command
8. Syslog Daemon In order to capture messages sent by the AFS 16 a computer must be running a Syslog Daemon set to UDP Port 514 at the IP address specified in Step 3 above Once the Syslog Address is defined Syslog messages will be generated whenever one of the alarms discussed in Section 7 is triggered Syslog Messages TEST NETWORK OPTIONS SNMP Trap Test Manager 1 SNMP Trap Test Manager 2 Syslog Test Ping Enter lt CR gt to select lt ESC gt to exit Figure 11 1 The Test Menu Text Interface 11 2 Testing Syslog Configuration After you have configured the AFS 16 as described in Section 11 1 the TEST command can be used to make certain that the function is properly set up To test the Syslog function access the AFS 16 command mode via the Text Interface using an account that permits Administrator or SuperUser level commands then type TEST and press Enter to display the Test Menu shown in Figure 11 1 When the Syslog Test feature is selected the AFS 16 will attempt to send a test Syslog message using the current Syslog configuration If the test message is not received by your Syslog Daemon review the procedure outlined in Section 11 1 to make certain the AFS 16 and the Syslog Daemon are properly configured In addition to providing a means to test the Syslog and SNMP Trap features the Test Menu also includes a Ping command option which can be used in a manner similar to the DOS ping comman
9. shortly after Midnight This configuration backup file will contain only the most recently saved AFS 16 parameters and will be overwritten by the next night s daily backup When the I command is invoked a submenu will be displayed which offers several Reboot options Option 4 is used to restore the configuration backup file The date shown next to Option 4 indicates the date that you last changed and saved unit parameters f the daily automatic configuration backup has been triggered since the configuration error was made and the previously saved configuration has been overwritten by newer incorrect parameters then this function will not be able to restore the previously saved correct parameters To restore the previously saved configuration proceed as follows 1 Access command move via the Text Interface using a username password that permits access to Administrator level commands see Section 5 1 1 2 Atthe AFS command prompt type I and press Enter The AFS 16 will display a submenu that offers several different reboot options 3 Atthe submenu you may choose either Item 4 Reboot amp Restore Last Known Working Configuration Type 4 and then press Enter 4 The AFS 16 will reboot and previously saved parameters will be restored 5 45 6 Ping No Answer Fallback Switching The Ping No Answer function can be used to automatically switch one or more circuit modules when an attached device fails to respon
10. 16 includes the WTI Management Utility which allows you to manage multiple WTI units via a single menu For more information on the Management Utility please refer to the User s Guide that is included on the CDROM Typographic Conventions e g X Indicates a control character For example the text X Control X indicates the Ctrl key and the X key must be pressed simultaneously COURIER FONT Indicates characters typed on the keyboard For example AC or TB 2 Bold Font Text set in bold face and enclosed in square brackets indicates a specific key For example Enter or Esc lt gt Indicates required keyboard entries For Example TA lt n gt Indicates optional keyboard entries For Example P n 2 Unit Description The AFS 16 consists of a frame unit one Dual Power Supply Module one Control Module and up to sixteen Circuit Modules 2 1 The Dual Power Supply Module The Dual Power Supply Module shown in Figure 2 1 provides AC power used by the Control Module and Circuit Module s The AFS 16 will always include one Dual Power Supply Module Note that the Power Supply Module is not designed to be removed from the AFS 16 Rack Assembly uu e 8 POWER MODULE AFS 16 Figure 2 1 The Power Supply Module The Power Supply Module faceplate includes the following D Power Switch and ON Indicator Power inlets Not Shown Two 2 IEC320 C14 AC inlets located on the b
11. 16 will display a screen which allows you to modify parameters for the selected Ping No Answer Profile Note that this screen functions identically to the Add Ping No Answer menu as discussed in Section 6 1 Deleting Ping No Answer Profiles After you have defined one or more Ping No Answer profiles you can delete profiles that are no longer needed using the Delete Ping No Answer feature To delete an existing Ping No Answer profile you must access the command mode using a password that allows Administrator level commands 7 Alarm Configuration The AFS 16 can generate alarms when temperature readings exceed user defined trigger levels when input voltage is lost and then restored to the unit when a Ping No Answer condition is detected and when the Invalid Access Lockout feature is triggered In addition the AFS 16 can also generate an alarm when the Monitor Alarm Input feature detects a signal change at the Control Module AUX connector When any of these conditions are detected the AFS 16 can send an Alarm to the proper personnel via Email Syslog Message or SNMP trap Notes In order to send alarm notification via email or text message email addresses and parameters must first be defined as described in Section 5 9 11 Email alarm notification will then be sent for all alarms that are enabled as described in this Section In order to send alarm notification via Syslog Message a Syslog address must first be defined as d
12. 5 17 5 15 5 17 5 19 5 18 5 15 5 15 5 15 5 19 5 19 5 19 5 17 5 18 5 18 5 17 5 17 5 5 5 17 5 42 5 33 5 36 5 36 13 2 5 15 to 5 17 17 2 i to ii 5 18 5 27 5 2 5 6
13. Callback Security option To access the Callback Security menu via the Web Browser Interface place the cursor over the General Parameters link wait for the flyout menu to appear and then Click on the Callback Security link Basic Configuration In both the Text Interface and Web Browser Interface the Callback Security Menu offers the following options Callback Enable This prompt offers five different configuration options for the Callback Security feature Default 2 On Callback Without Password Prompt Off All Callback Security is disabled On Callback Without Password Prompt Callbacks will be performed for user accounts that include a Callback Number and the login prompt will not be displayed when the user s modem answers If the account does not include a Callback Number that user will be granted immediate access and a Callback will not be performed On Callback With Password Prompt Callbacks will be performed for user accounts that include a Callback Number and the login prompt will be displayed when the user s modem answers accounts that include a Callback Number will be required to re enter their username password when their modem answers If the account does not include a Callback Number then that user will be granted immediate access and a Callback will not be performed On Callback ONLY Without Password Prompt Callbacks will be performed for user accounts that include a Callback Number and
14. DB 9M DTE Serial Port Console Port PC Laptop or Other Straight Device with RJ 45 Cable DB 9M DTE Interface DX9F DTE RJ Snap Adapter Figure 4 2 Connecting DB 9M DTE Devices to the AFS Control Module s Serial Port 4 3 Connecting a Local Control Device Use the supplied Ethernet cable and adapter to connect your PC COM port to the RS232 Console Port on the AFS 16 Control Module as shown in Figure 4 1 and Figure 4 2 For a description of the RS232 Port Interface please refer to Appendix A 1 4 4 Connecting an External Modem Optional Access the AFS 16 Command Mode as described in Section 5 1 and then use the Port Parameters menu to configure the RS232 Port for Modem Mode as described in Section 5 8 Use an appropriate cable to connect your external modem the RS232 Port on the AFS 16 s Control Module and then connect your RJ11 phone line to the external modem Hardware Installation Enable Disable Figure 4 3 Circuit Module Jumper 4 5 Module Set Up 4 5 1 Circuit Module Set Up The A B Switch Jumper on the Circuit Module card Figure 4 3 enables disables the individual Circuit Module s A B Switch If you wish to disable manual A B switching control at a specific Module then the A B Switch Jumper on that Module must be set in the Disable position 4 5 2 Control Module SetUp The Control Module includes a jumper that can be used to configure the AUX Connector for use with the Monitor Alarm Input feature I
15. Disables the Return feature which allows the AFS 16 to switch circuits back to their original state after a Monitor Alarm Input event has been cleared Default On Circuit Access Determines which Circuit Modules will be switched when the Monitor Alarm Input feature is triggered Note that in the Text Interface Circuit Access is defined via a separate submenu in the Web Browser Interface Circuit Access is defined via a drop down menu which is accessed by clicking on the plus sign in the Configure Circuit Access field Default undefined Circuit Group Access Determines which Circuit Group s the Monitor Alarm Input feature will be applied to Note that in the Text Interface Circuit Group Access is defined via a separate submenu in the Web Browser Interface Circuit Group Access is defined via a drop down menu which is accessed by clicking on the plus sign Default undefined Alarm Configuration High Low Figure 7 2 Control Module Jumper Control Card AUX Connector Jumper Pin Out 5 7 Pin Signal 1 EI eese MO S 4 Monitor Input 9 9 9 Back Edge of ge Control Card Figure 7 3 Control Module AUX Connector Monitor Input and Ground 7 6 1 Monitor Input Level Settings When the Monitor Alarm Input feature is properly configured the AFS 16 can trigger an alarm and or perform A B switching operations when the signal at Pin 4 Monitor Input on the Control Module AUX connector goes
16. Enter X Serial Port Parameters P Enter X Circuit Parameters PC Enter X Circuit Group Parameters G Enter X Network Configuration N Enter X Ping No Answer Function ENA Enter X Alarm Configuration AC Enter X Reboot System I Enter X Upgrade Firmware UF Enter X Test Network Configuration TEST Enter x lt Q n Administrator and SuperUser modes all circuits are displayed In User and ViewOnly modes the status screen will only include the circuits that are allowed by the account In Administrator and SuperUser modes all Circuit Groups are displayed In User and ViewOnly modes the Circuit Group Status Screen will only include the Circuit Groups allowed by the account In Administrator Mode Help Menus will list all commands In SuperUser User and ViewOnly modes Help Menus will only list the commands allowed by the access level Q User Mode accounts will be allowed to connect to the Serial Port only if Serial Access is enabled for the account The Y argument can be included to suppress the command confirmation prompt Q The Default All Circuits command will only be applied to the Circuits that are allowed by the account Inorderto invoke this command Outbound Telnet SSH and Outbound Service Access must be enabled for your account G In SuperUser mode configuration menus can be displayed but parameters cannot be changed User Mode and ViewOnly accounts are allowed to v
17. Port is locked an external modem connected to that port will not answer If either the RS232 Port or Network Port are locked the other port will remain unlocked unless the Invalid Access Lockout feature has also been triggered at that port e f any one of the AFS 16 s logical network ports is locked all other network connections to the unit will also be locked All invalid access attempts at the AFS 16 Network Port are cumulative the count for invalid access attempts is determined by the total number of all invalid attempts at all 16 logical network ports If a valid login name password is entered at any of the logical network ports then the count for all AFS 16 logical network ports will be restarted f the Network Port has been locked by the Invalid Access Lockout feature it will still respond to the ping command providing that the ping command has not been disabled at the Network Port Basic Configuration In the Text Interface the Invalid Access Lockout configuration menu is accessed via the System Parameters menu In the Web Browser Interface the Invalid Access Lockout configuration is accessed via the General Parameters link The Invalid Access Lockout configuration menus allow you to select the following Lockout Enable Enables Disables the Invalid Access Lockout feature Default On Lockout Attempts The number of invalid attempts required in order to activate the Invalid Access Lockout feature Defa
18. SNMP Manager e SNMP Manager 2 Default Undefined Trap Community Default Public 5 54 Basic Configuration 5 9 8 LDAP Parameters The AFS 16 supports LDAP Lightweight Directory Access Protocol which allows authentication via the Active Directory network Directory Service When LDAP is enabled and properly configured command access rights can be granted to new users without the need to define individual new accounts at each AFS 16 unit and existing users can also be removed without the need to delete the account from each AFS 16 unit This type of authentication also allows administrators to assign users to LDAP groups and then specify which circuits the members of each group will be allowed to control at each AFS 16 unit In order to apply the LDAP feature you must first define User Names and associated Passwords and group membership via your LDAP server and then access the AFS 16 command mode to enable and configure the LDAP settings and define port access rights and command access rights for each group that you have specified at the LDAP server Note that in order to access the LDAP Parameters menu you must login to AFS 16 command mode using a password that permits Administrator level commands Notes Circuit access rights are not defined at the LDAP server They are defined via the LDAP Group configuration menu on each AFS 16 unit and are specific to that AFS 16 unit alone When LDAP is enabled and proper
19. SSL parameters cannot be defined via the Web Browser Interface In order to set up SSL encryption you must contact the AFS 16 via the Text Interface There are two different types of https security certificates Self Signed certificates and Signed certificates Self Signed certificates can be created by the AFS 16 without the need to go to an outside service and there is no need to set up your domain name server to recognize the AFS 16 The principal disadvantage of Self Signed certificates is that when you access the AFS 16 command mode via the Web Browser Interface the browser will display a message which warns that the connection might be unsafe Note however that even though this message is displayed communication will still be encrypted and the message is merely a warning that the AFS 16 is not recognized and that you may not be connecting to the site that you intended Signed certificates must be created via an outside security service e g VeriSign Thawte etc and then uploaded to the AFS 16 unit to verify the user s identity In order to use Signed certificates you must contact an appropriate security service and set up your domain name server to recognize the name that you will assign to the AFS 16 unit e g service wti com Once a signed certificate has been created and uploaded to the AFS 16 you will then be able to access command mode without seeing the warning message that is normally displayed for Self Signed ce
20. To restore the previously saved configuration proceed as follows 1 Access command move via the Text Interface using a username password that permits access to Administrator level commands see Section 5 1 1 2 Atthe RSM command prompt type I and press Enter The AFS 16 will display a submenu that offers several different reboot options 3 Atthe submenu select Item 4 Reboot amp Restore Last Known Working Configuration type 4 and then press Enter 4 The AFS 16 will reboot and previously saved parameters will be restored 15 5 16 Upgrading AFS 16 Firmware When new improved versions of the AFS 16 firmware become available the Upgrade Firmware function can be used to update the unit Updates can be uploaded via FTP or SFTP protocols Notes The FTP SFTP servers can only be started via the Text Interface All other ports will remain active during the firmware upgrade procedure If the upgrade includes new parameters or features not included in the previous firmware version these new parameters will be set to their default values The upgrade procedure will require approximately 15 minutes 1 Obtain the update file Firmware modifications can either be mailed to the customer or downloaded from WTI Place the upgrade CDR in your disk drive or copy the file to your hard drive 2 Access Text Interface command mode via Serial Port Telnet or SSH client session using a username password and port that per
21. Upload Signed Certificate SSL Encryption State or Province Static Route Status Screens Stop Bits Serial Port Subject Invalid Access Lockout Alarm Monitor Alarm Input Over Temperature Alarms Ping No Answer Alarm Power Cycle Alarm Subnet Mask Network Port SuperUser Network Port Support Suppress Sure Prompt Switching Circuits Text Interface Web Browser Interface Switching Commands SW Version Syslog Configuration Syslog Address Syslog Messages Testing Configuration System Parameters Alarm Log Audit Log Automated Mode Callback Security Command Confirmation Control Card A B Switch Control Card Reset Switch Invalid Access Lockout Log Configuration Management Utility Modem Phone Number Real Time Clock Scripting Options Site I D Temperature Calibration Temperature Format User Directory System Reboot Index 7 Index 14 1 to 14 4 14 2 14 2 14 3 14 2 14 2 14 2 14 2 14 2 14 4 14 1 to 14 4 14 2 5 32 8 1 to 8 5 5 27 11 1 to 11 2 11 1 5 28 11 1 11 1 to 11 2 11 2 5 5 to 5 7 17 8 5 6 5 6 5 13 5 14 5 6 5 11 to 5 12 5 13 5 6 5 6 5 5 5 8 5 6 5 9 to 5 10 T TACACS Access Level 5 38 Authentication Port 5 38 Configuration 5 38 Default User Access 5 38 Enable 5 38 Fallback Local 5 38 Fallback Timer 5 38 Plug Access 5 39 Plug Group Access 5 39 Primary Address 5 38 Secondary Address 5 38 Secret Word 5 38 Service Access 5 39 Tech Support Apx 3 Telnet Access 5 18 Outboun
22. Version parameter is set to V1 V2 Default undefined 5 33 Basic Configuration Authentication Protocol Determines which authentication protocol will be used The AFS 16 supports both MD5 and SHA1 authentication Default MD5 Notes The Authentication Protocol that is selected for the AFS 16 must match the protocol that your SNMP client will use when querying the AFS 16 unit The Authentication Protocol option is not available when the Version parameter is set to V1 V2 SNMP Contact Default undefined SNMP Location Default undefined Read Only Community Note that this parameter is not available when the SNMP Version is set to V3 Default Public Read Write Community Note that this parameter is not available when the SNMP Version is set to V3 Default Public Note f identical names are defined for the Read Only Community and Read Write Community then the unit will give priority to the Read Write Community option 5 9 7 SNMP Trap Parameters These menus are used to select parameters that will be used when SNMP traps are sent For more information on SNMP Traps please refer to Section 12 Text Interface and Web Browser Interface allow the following parameters to be defined SNMP Manager 1 The IP Address for the first SNMP Manager For more information please refer to Section 12 Default Undefined Note n order to enable the SNMP Trap feature you must define at least one
23. also available via the Web Browser Interface Section 5 8 describes the procedure for defining serial port parameters Availability Administrator Format P Enter PC Set Circuit Parameters Displays a menu that is used to select options and parameters for the AFS 16 s Circuit Modules All functions provided by the PC command are also available via the Web Browser Interface Section 5 6 describes the procedure for defining Circuit parameters Availability Administrator Format PC Enter 17 8 Command Reference Guide G Circuit Group Parameters Displays a menu that is used to View Add Modify or Delete Circuit Groups For more information on Circuit Groups please refer to Section 5 7 Availability Administrator Format G Enter N Network Port Parameters Displays a menu which is used to select parameters for the Network Port Also allows access to the IP Security function which can restrict network access by unauthorized IP addresses and domain names All of the functions provided by the N command are also available via the Web Browser Interface For more information please refer to Section 5 9 Availability Administrator Format N Enter PNA Configure Ping No Answer Function Displays a menu that is used to configure the Ping No Answer function The Ping No Answer function allows the AFS 16 to automatically perform A B switching when a target device fails to respond to a ping command For more infor
24. and then return to the command prompt Type S and press Enter the Status Screen will be displayed Check the Status Screen to make certain the unit has been configured with the saved parameters 15 2 Saving and Restoring Configuration Parameters 15 5 Restoring Previously Saved Parameters If you make a mistake while configuring the AFS 16 unit and wish to return to the previously saved parameters the Text Interface s Reboot System command 1I offers the option to reinitialize the AFS 16 using previously backed up parameters This allows you to reset the unit to previously saved parameters even after you have changed parameters and saved them Notes The AFS 16 will automatically backup saved parameters once a day shortly after Midnight This configuration backup file will contain only the most recently saved AFS 16 parameters and will be overwritten by the next night s daily backup When the I command is invoked a submenu will be displayed which offers several Reboot options Option 4 is used to restore the configuration backup file The date shown next to option 4 indicates the date that you last changed and saved unit parameters If the daily automatic configuration backup has been triggered since the configuration error was made and the previously saved configuration has been overwritten by newer incorrect parameters then this function will not be able to restore the previously saved correct parameters
25. bottom of the menu or the Set button next to the field The following sections describe options and parameters that can be accessed via each of the configuration menus Please note that essentially the same set of parameters and options are available to both the Web Browser Interface and Text Interface Notes e Configuration menus are only available when you have logged into command mode using a password that permits Administrator Level commands SuperUser accounts are able to view configuration menus but are not allowed to change parameters Configuration menus are not available when you are communicating with the AFS 16 via PDA When defining parameters via the Text Interface make certain to press the Esc key several times to completely exit from the configuration menu and save newly defined parameters When parameters are defined via the Text Interface newly defined parameters will not be saved until the Saving Configuration message has been displayed and the cursor returns to the command prompt Basic Configuration 5 3 Defining System Parameters The System Parameters menus are used to define the Site ID Message set the system clock and calendar set up log functions and calibrate temperature readings To access the System Parameters menu via the Text Interface type F and press Enter To access the System Parameters menu via the Web Browser Interface place the cursor over the General Parameters link wait for the
26. define at least one Circuit Group as described in Section 5 7 To display the Circuit Group Status Screen via the Text Interface type SG and then press Enter To display the Circuit Group Status Screen via the Web Browser Interface click on the Circuit Group Status link The Circuit Group Status Screen will list the following parameters for each Circuit Group Group Name The user defined name for each Circuit Group Circuit Name Common The user defined name for each Circuit Module This name may also be used describe the device that is connected to the common line for each Circuit Module Circuit The number of each Circuit Module in the Circuit Group Pos The currently selected A B circuit path for each Circuit Module Reason This field displays a brief description of the reason for the last successful switching operation at each Circuit Module Mon This field will contain a X if the corresponding Circuit Module has been configured to be switched by the Monitor Alarm Input feature The Status Screens 8 5 The Event Logs 8 5 1 The Audit Log The Audit Log provides a record of most command activity at the AFS 16 unit including A B switching and login and logout activity Note that the Audit Log does not include user information regarding access to configuration menus or status screens To view the Audit Log access command mode using a password that permits Administrator or SuperUser level commands and t
27. defined LDAP Group parameters make certain to save the changes before proceeding In the Web Browser Interface click on the Add LDAP Group button to save parameters in the Text Interface press the Esc key several times until the Saving Configuration message is displayed 5 36 Basic Configuration 5 9 8 2 Viewing LDAP Groups If you need to examine an existing LDAP group definition the View LDAP Groups function can be used to review the group s parameters and Circuit Access settings 5 9 8 5 Modifying LDAP Groups If you need to modify an existing LDAP Group in order to change parameters or circuit access rights the Modify LDAP Group function can be used to reconfigure group parameters To Modify an existing LDAP Group access the AFS 16 command mode using a password that permits access to Administrator Level commands Once you have accessed the Modify LDAP Group menu use the menu options to redefine parameters in the same manner that is used for the Add LDAP Group menu as discussed in Section 5 9 8 1 Note After you have defined LDAP Group parameters make certain to save the changes before proceeding In the Web Browser Interface click on the Modify LDAP Group button to save parameters in the Text Interface press the Esc key several times until the Saving Configuration message is displayed 5 9 8 4 Deleting LDAP Groups The Delete LDAP Group function is used to delete LDAP Groups that are no longer needed To
28. delete an existing LDAP Group you must access command mode using a password that permits access to Administrator Level commands 5 9 8 5 LDAP Kerberos Set Up Kerberos is a network authentication protocol which provides a secure means of identity verification for users who are communicating via a non secure network To display the LDAP Kerberos Set Up menu you must access command mode using a password that permits access to Administrator Level commands The LDAP Kerberos Setup menu allows you to define the following parameters Port Default 88 Realm Default Undefined Key Distribution Centers KDC1 through KDC5 Default Undefined Domain Realms 1 through 5 Default Undefined 5 37 Basic Configuration 5 9 9 TACACS Parameters The TACACS Configuration Menus offer the following options Enable Enables disables the TACACS feature at the Network Port Default Off Primary Address Defines the IP address or domain name up to 64 characters for your primary TACACS server Default undefined Secondary Address Defines the IP address or domain name up to 64 characters for your secondary fallback TACACS server if present Default undefined Secret Word Defines the shared TACACS Secret Word for both TACACS servers Default undefined Fallback Timer Determines how long the AFS 16 will continue to attempt to contact the primary TACACS Server before falling back to the secondary TACAC
29. each Circuit Module by that account In addition each command access level is also used to restricts the Circuit Modules that the account will be allowed to access Administrator Accounts with Administrator access are always allowed to control all Circuit Modules Circuit Module access cannot be disabled for Administrator level accounts SuperUser SuperUser accounts allow access to all Circuit Modules Circuit Module access cannot be disabled for SuperUser level accounts User Accounts with User level access are only allowed to access the Circuit Modules that have been specifically permitted via the Circuit Access parameter in the Add User and Modify User menus ViewOnly Accounts with ViewOnly access are not allowed to invoke A B switching commands ViewOnly accounts can display the status of Circuit Modules but are limited to the Circuit Modules specified by the account 5 16 Basic Configuration 5 5 Managing User Accounts The User Directory function is employed to create new accounts display parameters for existing accounts modify accounts and delete accounts Up to 128 different user accounts can be created The User Directory function is only available when you have logged into command mode using an account that permits Administrator commands In both the Text Interface and the Web Browser Interface the user configuration menu offers the following functions View User Directory Displays currently defined parame
30. flyout menu to appear and then click on the System Parameters link The System Parameters Menus are used to define the following User Directory This function is used to view add modify and delete user accounts and passwords As discussed in Section 5 4 and Section 5 5 the User Directory allows you to set the security level for each account as well as determine which circuits each account will be allowed to control Note The User Directory option does not appear in the Web Browser Interface s System Parameters menu and is instead accessed via the Users link on the left hand side of the menu Site ID A text field generally used to note the installation site or name for the AFS 16 unit Up to 32 chars Default undefined Note The Site I D will be cleared if the AFS 16 is reset to default settings Real Time Clock This prompt provides access to the Real Time Clock menu which is used to set the clock and calendar and to enable and configure the NTP Network Time Protocol feature as described in Section 5 3 1 Note The Real Time Clock option does not appear in the Web Browser Interface s System Parameters menu and is instead accessed via the Real Time Clock link on the left hand side of the screen Invalid Access Lockout If desired this feature can be used to automatically disable the Network Port or RS232 Port after a user specified number of unsuccessful login attempts are made For more information please ref
31. from the Normally Closed contact to the Normally Open contact when an Invalid Access Lockout Alarm is generated For more information on the Output Contacts please refer to Section 7 1 Default On Note f either of the Copy to All Triggers options is selected then the Contact Output Enable parameter for other alarms will also be enabled or disabled as specified by this parameter Alarm Configuration 7 5 The Power Cycle Alarm The Power Cycle Alarm can provide notification when input power to the AFS 16 unit is lost and then restored When the power supply is lost and then restored the AFS 16 can provide notification via Email Syslog Message or SNMP Trap To configure the Power Cycle Alarm you must access the AFS 16 command mode using a password that permits Administrator Level commands The Power Cycle Alarm configuration menu offers the following parameters Trigger Enable Enables Disables the trigger for this alarm When Disabled this alarm will be suppressed Default On Email Message Enables Disables email notification for this alarm Default On Note f either of the Copy to All Triggers options is selected then email notification for other alarms will be switched On or Off as indicated by this parameter Address 1 2 and 3 These parameters are used to select which of the three email addresses defined via the Email Messages menu see Section 5 9 11 will receive the email alarm notification me
32. high or low In set up this feature you must first use the Control Card Jumper to select the non active non alarm state and then use the Monitor Alarm Input configuration menu to select the active alarm state the signal level that will trigger an alarm as described in the Sections that follow Notes The Monitor Input signal Pin 4 is always measured relative to the signal at the common ground Pin 5 A Low signal should be between Zero 0 Volts and 48 Volts and a High signal should be between 5 Volts and 48 Volts Alarm Configuration 7 6 1 1 Monitor Input Signal Trigger When Low To set up the Monitor Alarm Input feature to trigger an alarm when the signal at AUX connector pin 4 the Monitor Input goes Low configure the AFS 16 as follows 1 Control Card Jumper Setting Set the Jumper to the 1 position default This will set the non active non alarm signal state to High as shown in Figure 7 2 Monitor Alarm Input Level Use the Monitor Alarm Input configuration menu to set the Monitor Alarm Input Level to Low as described in Section 7 6 This will configure the Monitor Alarm Input feature to generate an alarm when the Monitor Input signal goes Low Set the Remaining Parameters Use the Monitor Alarm Input configuration menu to select the remaining parameters as described in Section 7 6 Connect Monitor Input Connect the signal line that you wish to monitor to Pin 4 Monitor Input on the Control Modul
33. is the Code Signing Request that you will send to the outside security service e g VeriSign Thawte etc in order to have them sign and activate the certificate Obtain the Signed Certificate Send the captured certificate to the outside security service Refer to the security service s web page for further instructions 14 5 1 2 Setting Up SSL Encryption Upload the Signed Certificate to the AFS 16 After the signed certificate is returned from the security service return to the Web Access menu 8 Access the AFS 16 command mode via the Text Interface using an account that permits Administrator level commands as described previously then type N and press Enter to display the Network Parameters menu and then type 23 and press Enter to display the Web Access menu From the Web Access menu type 14 and press Enter Import CRT to begin the upload process At the CRT Server Key submenu type 1 and press Enter to choose Upload Server Key Use your communications program to send the binary format Signed Certificate to the AFS 16 unit When the upload is complete press Escape to exit from the CRT Server Key submenu After you exit from the CRT Server Key submenu press Escape several times until you have exited from the Network Parameters menu and the Saving Configuration message is displayed After the configuration has been saved test the signed certificate by accessing the AFS 16 via the Web Browser I
34. listing of all available AFS 16 commands Manual A B Switching Use the manual circuit switches to change A B paths Note that this example assumes that the Master A B Gang Switch and individual circuit module switches have not been disabled a Master A B Gang Switch Toggle the Master A B Gang Switch between the A and B positions The LED indicators should follow the Master Switch indicating that each circuit has switched the A and B paths b Circuit Module A B Switch Choose an individual Circuit Module and toggle the module s A B Switch between A and B The LED indicators should indicate that the module has switched the A B path Code Activated Switching To control A B fallback switching using ASCII commands invoke the following commands at the AFS command prompt a Type T Band press Enter All Circuit Modules should switch to the B path b Type T 1 Aand press Enter Circuit Module number 1 should switch to the A path c Type T 2 3 4 Aand press Enter Circuit Modules 2 3 and 4 should Switch to the A path 3 3 Getting Started 8 4 2 Fallback Switching Web Browser Interface In the default state the Web Browser Interface will not be available until you have enabled Web Access as described in Section 5 9 2 After Web Access has been enabled access the AFS 16 Web Browser Interface as described in Section 3 3 and then proceed as follows 1 Access the Circuit Control Menu Clic
35. please refer to Section 11 2 12 2 13 Operation via SNMP If SNMP Access Parameters have been defined as described in Section 5 9 6 then you will be able to manage user accounts control power and reboot switching and display unit status via SNMP This section describes SNMP communication with the AFS 16 unit and lists some common commands that can be employed to manage users control switching and reboot actions and display unit status 13 1 AFS 16 SNMP Agent The AFS 16 s SNMP Agent supports various configuration control status and event notification capabilities Managed objects are described in the WTI AFS MIB txt document which can be found on the CDROM included with the AFS 16 unit or on the WTI web site http www wti com The WTI AFS MIB txt document can be compiled for use with your SNMP client 13 2 SNMPv3 Authentication and Encryption For SNMPv3 the AFS 16 supports two forms of Authentication Privacy Auth noPriv which requires a username password but does not encrypt data going over the internet and Auth Priv which requires a username password AND encrypts the data going over the internet using DES AES is not supported at this time For the Password protocol the AFS 16 supports either MD5 or SHA1 13 3 Configuration via SNMP AFS 16 User accounts can be viewed created modified and deleted via SNMP User accounts are arranged in a table of 128 rows and indexed 1 128 User account parameters a
36. session Note f ihe X command is invoked from within a configuration menu recently defined parameters may not be saved In order to make certain that parameters are saved always press the Esc key to exit from all configuration menus and then wait until Saving Configuration message has been displayed and the cursor has returned to the command prompt before issuing the X command Availability Administrator SuperUser User ViewOnly Format x Enter C Connect This command can be used to establish a bidirectional connection between the Serial Port and the Network Port Note User level accounts can only connect to the Serial Port or Network port if access to the port has been specifically enabled for the account Availability Administrator SuperUser User Format C x Enter Where x indicates the port that you wish to connect to To connect to the Network Port from the Serial port enter an N to connect to the Serial Port from the Network Port enter a 1 17 4 Command Reference Guide TA Toggle to A Position Toggles a Circuit or a Circuit Group to the A position Note When this command is invoked in Administrator Mode or SuperUser Mode it can be applied to all AFS 16 Circuits and Circuit Groups When this command is invoked in User Mode it can only be applied to the Circuits and or Circuit Groups that have been enabled for your account Availability Administrator SuperUser User Format TA c Y
37. the Audit Log Alarm Log At the Display Logs menu type 2 and then press Enter When the Alarm Log appears type E and press Enter to erase the Alarm Log Temperature Log At the Display Logs menu type 3 and press Enter When the Temperature Log menu appears type E and press Enter to erase the Temperature Log Notes e The AFS 16 dedicates a fixed amount of internal memory for Audit Log records and if log records are allowed to accumulate until this memory is filled memory will eventually wrap around and older records will be overwritten by newer records Note that once records have been erased they cannot be recovered 5 3 4 Callback Security The Callback function provides an additional layer of security when callers attempt to access command mode via modem When this function is properly configured modem users will not be granted immediate access to command mode upon entering a valid password instead the unit will disconnect and dial a user defined number before allowing access via that number If desired users may also be required to re enter the password after the AFS 16 dials back In order for Callback Security to function properly you must first enable and configure the feature as described in this section and then define a callback number for each desired user account as described in Section 5 5 To access the Callback Security menu via the Text Interface type F and press Enter and then select the
38. the client will not be allowed to connect 4 Ifthe client s IP Address is not found in the Deny list the client will be allowed to connect even if the address was not found in the Allow list Notes f the AFS 16 finds an IP Address in the Allow list it will not check the Deny list and will allow the client to connect f both the Allow and Deny lists are left blank then the IP Security feature will be disabled and all IP Addresses will be allowed to connect providing that the proper password and or SSH key is supplied When the Allow and Deny lists are defined the user is only allowed to specify the Client List the Daemon List and Shell Command cannot be defined 5 29 Basic Configuration 5 9 5 1 Adding IP Addresses to the Allow and Deny Lists To add an IP Address to the Allow or Deny list and begin configuring the IP Security feature proceed as follows Notes Both the Allow and Deny list can include Linux operators wild cards and net mask pairs n some cases it is not necessary to enter all four digits of the IP Address For example if you wish to allow access to all IP addresses that begin with 192 then you would only need to enter 192 The IP Security Configuration menu is only available when the Administrator Mode is active In order to use domain names in the Allow List and or Deny List you must first define IP address es for the desired Domain Name Server s as described in Se
39. the username password prompt will not be displayed when the user s modem answers Accounts that do not include a Callback Number will not be able to access command mode via modem On Callback ONLY With Password Prompt Callbacks will be performed for user accounts that include a Callback Number and the username password prompt will be displayed when the user s modem answers users will be required to re enter their username password when their modem answers Accounts that do not include a Callback Number will not be able to access command mode via modem Callback Attempts The number of times that the AFS 16 will attempt to contact the Callback number Default 3 attempts Callback Delay The amount of time that the AFS 16 will wait between Callback attempts Default 30 seconds Notes After configuring and enabling Callback Security you must then define a callback phone number for each desired user account as described in Section 5 5 in order for this feature to function properly When using the On Callback With Password Prompt option it is important to remember that accounts that do not include a callback number will be allowed to access command mode without callback verification Basic Configuration 5 3 5 Scripting Options The Scripting Options submenu provides access to parameters that are used to set up the AFS 16 unit for running various scripts The Notes To access Scripting Options paramete
40. to allow the AFS 16 to be controlled by a device which can generate commands to control power switching functions without human intervention When Automated Mode is enabled A B switching commands are executed without a Sure confirmation prompt and without command response messages the only reply to these commands is the AFS gt prompt which is re displayed when each command is completed Note that although Automated Mode can be enabled using either the Web Browser Interface or Text Interface the Automated Mode is designed primarily for users who wish to send ASCII commands to the AFS 16 without operator intervention and therefore does not specifically apply to the Web Browser Interface When Automated Mode is enabled the Web Browser Interface can still be used to invoke switching commands Notes When the Automated Mode is enabled password prompts will not be displayed at login and you will be able to access Administrator Level command functions including the configuration menus and control circuits without entering a password e If you need to enable the Automated Mode but want to restrict network access to configuration menus it is strongly recommended to enable and configure the IP Security Function as described in Section 5 9 3 To enable disable the Automated Mode go to the System Parameters menu see Section 5 3 and then set the Automated Mode option to On When Automated Mode is enabled AFS 16 funct
41. to access command mode via Telnet or SSH Default Serial Port On Telnet SSH On Web On Outbound Access Off Basic Configuration Callback Number Assigns a number that will be called when this account attempts to access command mode via modem and the Callback Security Function has been enabled as described in Section 5 3 5 Default undefined Notes f the Callback Number is not defined then Callbacks will not be performed for this user e f the Callback Number is not defined for a given user and the Callback Security feature is configured to use either of the On Callback options then this user will be granted immediate access to command mode via modem f the Callback Number is not defined for a given user and the Callback Security feature is configured to use the On Callback ONLY option then this user will not be able to access command mode via Modem When using the On Callback With Password Prompt option it is important to remember that accounts that do not include a callback number will be allowed to access command mode without callback verification 5 5 5 Modifying User Accounts The Edit User Directory function allows you to edit existing accounts in order to change parameters circuit access rights or Administrator Command capability Note that the Edit Modify User function is only available when you have accessed command mode using a password that permits Administrator Level comma
42. to create a raw socket connection the command line must end with the text raw 17 7 Command Reference Guide SSH Outbound SSH Creates an outbound SSH connection as described in Section 10 3 Notes In order for the SSH command to function Telnet SSH and Outbound Service Access must be enabled for your user account as described in Section 5 5 In addition SSH Access and Outbound Access must also be enabled via the Network Parameters menu as described in Section 5 9 2 f you have logged in via the Network Port the SSH command will not function Availability Administrator SuperUser User Format SSH ip 1 username Enter Where ip Is the target IP address 1 Lowercase letter L Indicates that the next argument will be the log on name username ls the username that you wish to use to log in to the target device 17 3 3 Configuration Commands F Set System Parameters Displays a menu which is used to define the Site ID message create user accounts set the system clock and configure and enable the Invalid Access Lockout feature All functions provided by the F command are also available via the Web Browser Interface For more information please refer to Section 5 3 Availability Administrator Format F Enter P Set Serial Port Parameters Displays a menu that is used to select options and parameters for the AFS 16 Control Module s serial port All functions provided by the P command are
43. to port 2000 at IP Address 255 255 255 255 access the Text Interface command mode via a free AFS 16 Serial Port using an account that permits Telnet Access and Outbound Access and invoke the TELNET command as follows TELNET 255 255 255 255 2000 raw Enter 10 2 Telnet amp SSH Functions 10 3 Creating an Outbound SSH Connection The AFS 16 s SSH command can be used to create an outbound SSH connection In order to use the SSH command you must access the AFS 16 s Text Interface command mode using an account that permits SSH Access and Outbound Access via the AFS 16 Control Module s RS232 Serial Port as described below Notes In order for the SSH command to function SSH Access and Outbound Service Access must be enabled for your user account as described in Section 5 5 f are communicating with the AFS 16 unit via the Network Port the SSH command will not function To create an outbound SSH connection access the Text Interface via the Control Module s RS232 Serial Port using an account that permits SSH Access and Outbound Access and then invoke the SSH command using the following format SSH ip 1 username Enter Where ip Is the target IP address 1 Lowercase letter L Indicates that the next argument will be the log on name username Is the username that you wish to use to log in to the target device For example to create an outbound SSH connection to a device at IP Address 255 255 255 25
44. unit must be maintained Particular attention should be given to supply connections when connecting to power strips rather than directly to the branch circuit Note 7he AFS 16 includes two power inlets You can connect either one or both of these inputs to your power source If both power inlets are connected they should be connected to separate power sources in order that the second power source can serve as a redundant back up in the event of failure Set the Power Switch on the AFS 16 Power Module to the ON Position The ON LED on the Power Module and the A B indicators on the Control Module should light After about 90 seconds the A B indicators should go out indicating that the unit is ready to receive commands Note that if the AFS 16 needs to download SSH keys it may take longer than 90 seconds for the A B indicators to switch off 4 2 Connecting the Network Cable Use the supplied 10 100Base T Ethernet cable to connect the AFS 16 Ethernet port to your TCP IP network Note that the AFS 16 includes a default IP address 192 168 168 168 and a default subnet mask 255 255 255 0 When installing the AFS 16 in a working network environment it is recommended to define network parameters as described in Section 5 9 4 1 Hardware Installation RJ 45 DB 9F Pin No Pin No Signal 1 8 CTS 2 1 DCD 3 2 RXD 4 5 GND 5 Pins Pin 6 3 TXD 7 4 DTR 8 7 RTS Figure 4 1 DX9F DTE RJ Snap Adapter Interface RJ 45 DCE
45. used to switch all AFS 16 circuits 3 Confirm Switching Actions After you click on the Confirm Circuit Actions button the AFS 16 will display a screen which summarizes the selected switching operation s and asks for confirmation before executing the command To proceed with the selected switching operation click on the Execute Circuit Actions button 4 The AFS 16 will execute the switching operation and then display the Circuit Status Screen This completes the Quick Start procedure for the AFS 16 Prior to placing the unit into operation it is recommended to refer to the remainder of this user s guide for important information regarding advanced configuration capabilities and more detailed operation instructions If you have further questions regarding the AFS 16 unit please contact WTI Customer Support as described in Appendix C 4 Hardware Installation 4 1 Connecting the Power Supply Cable s Refer to the cautions listed below and at the beginning of this User s Guide and then connect the AFS 16 to an appropriate 100 to 240 VAC power supply A cos A Before attempting to install this unit please review the warnings and cautions listed at the front of the user s guide This device should only be operated with the type of power source indicated on the instrument nameplate If you are not sure of the type of power service available please contact your local power company Reliable earthing grounding of this
46. 232 Port on the AFS 16 Control Module The RS232 Port must be configured for Normal Mode and your PC must include a communications program Basic Configuration To access command mode via the Text Interface proceed as follows Note When communicating with the unit for the first time you will not be able to contact the unit via Telnet until you have accessed command mode via Local PC or SSH Client and used the Network Parameters Menu to enable Telnet as described in Section 5 3 1 Contact the AFS 16 Unit a Via Local PC Start your communications program and press Enter Wait for the connect message then proceed to Step 2 b Via Network The AFS 16 includes a default IP address 192 168 168 168 and a default subnet mask 255 255 255 0 This allows you to contact the unit from any network node on the same subnet without first assigning an IP Address to the unit For more information please refer to Section 5 9 i Via SSH Client Start your SSH client and enter the AFS 16 s IP Address Invoke the connect command wait for the connect message then proceed to Step 2 ii Via Telnet Start your Telnet Client and then Telnet to the AFS 16 s IP Address Wait for the connect message then proceed to Step 2 c Via Modem Use your communications program to dial the number for the phone line that you have connected to the AFS 16 s RS232 Serial Port 2 Login Password Prompt A message will be displayed which prompts you to e
47. 4 3 13 5 5 42 5 26 5 24 2 3 5 24 5 18 5 23 5 23 5 23 5 24 5 23 to 5 26 5 23 5 24 Apx 1 5 23 5 24 5 24 5 24 5 24 5 24 5 23 Apx 1 17 8 14 4 5 18 5 36 5 39 9 5 9 2 14 1 to 14 3 5 5 17 4 5 42 SNMP Adding Users Circuit Status Configuration Configuration Via Controlling Circuit Groups Controlling Circuits Deleting Users Modifying Users Sending Traps SNMP Traps Testing Unit Environment Status Unit Operation Via Viewing Users View Unit Status SNMP Agent SNMP Parameters Access Authentication Authentication Protocol Enable Privacy Read Only Read Only Community Read Write Community SNMP Contact SNMP Location SNMPv3 SNMPv3 Password SNMPv3 User Name Version SNMP Trap Configuration SNMP Managers Testing Trap Community SNMPv3 Authentication Authentication Privacy Authentication Protocol Encryption Password Username Software Version Specifications SSH Access Encryption Keys SSH Access SSH Encryption SSH Port 13 2 13 4 12 1 13 1 to 13 5 13 3 13 3 13 2 13 2 13 5 12 1 to 12 2 12 2 13 4 13 1 to 13 5 13 2 13 4 13 1 5 33 to 5 34 5 18 5 33 5 34 5 33 5 33 5 33 5 34 5 34 5 34 5 34 5 33 to 5 38 5 33 5 33 5 33 12 1 5 34 12 2 5 34 5 33 to 5 38 13 1 5 33 5 34 13 1 5 33 5 33 8 1 Apx 2 5 2 5 18 10 1 17 7 5 27 10 1 5 27 SSL Certificate Common Name Country Create CSR Email Address Locality Organizational Name Organizational Unit State or Province
48. 5 with the username employee access the Text Interface command mode via a free AFS 16 Serial Port using an account that permits SSH Access and Outbound Access and invoke the SSH command as follows SSH 255 255 255 255 1 employee Enter 10 3 11 Syslog Messages The Syslog feature can create log records of each Alarm Event As these event records are created they are sent to a Syslog Daemon located at an IP address defined via the Network Parameters menu 11 1 Configuration In order to employ this feature you must set the real time clock and calendar via the System Parameters Menu and define the IP address for the Syslog Daemon via the Network Port Configuration menu To configure the Syslog function please proceed as follows 1 Access command mode Note that the following configuration menus are only available to accounts that permit Administrator level commands 2 System Parameters Menu Access the System Parameters Menu as described in Section 5 3 then set the following parameters a Set Clock and Calendar Set the Real Time Clock and Calendar and or configure and enable the NTP server feature 3 Network Parameters Menu Access the Network Parameters Menu as described in Section 5 9 then set the following parameters a Syslog IP Address Determine the IP address for the device that will run the Syslog Daemon then use the Network Port Configuration menu to define the IP Address for the Syslog Daemon 4
49. 8 1 Adding LDAP Groups Once you have defined several users and passwords via your LDAP server and assigned those users to LDAP Groups you must then grant access rights to each LDAP Group at each AFS 16 unit In order to add LDAP groups you must log in to command mode using a password that permits access to Administrator level commands The Add LDAP Group menu allows the following parameters to be defined Group Name Note that this name must match the LDAP Group names that you have assigned to users at your LDAP server Default undefined Access Level Sets the command access level For more information please refer to Section 5 4 1 Default User Circuit Access This item is used to select the AFS 16 Circuit Modules that members of this LDAP group will be allowed to connect Default All Circuits Off Circuit Group Access This item is used to determine which Circuit Groups the members of this LDAP Group will be allowed to control Default undefined Service Access This item determines how members of this LDAP Group will be allowed to access command mode and whether or not they will be able to create outbound Telnet connections The Service Access parameter is used to allow members of this LDAP group to access command mode via Serial Port Telnet SSH or any combination thereof and also enables disables Outbound Telnet Default Serial Port On Telnet SSH On Outbound Access Off Note After you have
50. Applying a Command to All Circuits From the Circuit Control Menu click the down arrow in the Action column in the All Circuits row then select the desired operation from the dropdown menu and click on the Confirm Circuit Actions button Next the AFS 16 will display a screen which lists the selected switching action s and asks for confirmation before proceeding Click on the Execute Circuit Actions button to apply the selected command to all AFS 16 Circuits Note When each command is complete the Circuit Status Screen will be displayed At that time the Status Screen will list the updated A B status of each circuit 9 1 2 The Circuit Group Control Screen Web Browser Interface The Circuit Group Control Screen is used to apply A B switching commands to all circuits in a user defined Circuit Group As described in Section 5 7 Circuit Groups allow you to define a group of circuits dedicated to a similar purpose or client and then direct switching commands to the group rather than switching one circuit at a time To invoke A B switching commands proceed as follows 1 2 Access the AFS 16 Command Mode as described in Section 5 1 Click on the Circuit Group Control link on the left hand side of the screen to display the Circuit Group Control Screen Notes e When the Circuit Group Control Screen is displayed by an account that permits Administrator or SuperUser command access all user defined Circuit Groups will be dis
51. Consecutive Failures 5 7 Deleting PNA Profiles 5 7 Domain Name 5 7 Interval After Failed Ping 5 7 IP Address 5 7 Modifying PNA Profiles 5 7 Ping Delay After PNA Action Ping Interval 9 1 to 9 7 Ping Test 14 2 PNA Action 14 2 Toggle 5 3 Viewing PNA Profiles 9 10 3 17 8 Ping Test 5 18 5 28 10 2 17 7 Plug Access 7 810 7 5 TACACS 7 4 Plug Group Access 7 3 TACACS 7 3 PNA Action 7 4 Continuous 7 4 Single 7 3 PNA Command 7 3 Port 7 4 Kerberos 7 3 Port Access LDAP Group Port Configuration Port Mode Serial Port Port Name Serial Port Port Number Email Parameters Power Cycle Alarm Address Email Message Subject Trigger Enable Power Inlets Power Supply Power Supply Indicators Power Supply Module Power Switch Power Up Default Circuit Module Primary Address RADIUS TACACS Primary Host Primary NTP Address Primary Secret Word RADIUS 5 2 5 42 5 33 5 3 5 24 5 28 7 6 7 6 7 5 7 6 7 5 17 9 Index 5 5 36 5 23 to 5 43 5 23 5 24 Privacy SNMPv3 Product Information Product Status Screen Public Key Quick Start Procedure RADIUS Accounting Port Authentication Port Debug Dictionary Support Enable Fallback Local Fallback Timer Primary Address Primary Secret Word Retries Secondary Address Secondary Secret Word Set Up Read Only SNMP Parameters Real Time Clock Date NTP Enable NTP Timeout Primary NTP Address Secondary NTP Address Test NTP Servers Time Time Zone Reboo
52. Determines how long the AFS 16 will wait to resend an email message generated by this alarm when the initial attempt to send the notification was unsuccessful Default 60 Minutes Notify Upon Clear When this item is enabled the AFS 16 will send additional notification when the situation that caused the alarm has been corrected For example when Notify Upon Clear is enabled the AFS 16 will send initial notification when it detects that a Ping command has failed and then send a second notification when it determines that the IP address is again responding to the Ping command Default On Alarm Configuration Email Message Enables Disables email notification for this alarm Default On Note f either of the Copy to All Triggers options is selected then email notification for other alarms will be switched On or Off as indicated by this parameter Address 1 2 and 3 These parameters are used to determine which of the three email addresses defined via the Email Messages menu will receive the email alarm notification messages generated by this alarm The Address parameters can be used to select one or any combination of the addresses defined via the Email Messages menu Default All On Note f Email addresses have been previously specified then the text under the parameters will list the current user defined email addresses Subject This parameter is used to define the text that will appear in the Subject f
53. Ground 2 005 7 12 The Help Menu Administrator Mode Text Interface llle eee ee eee 9 4 The Test Menu Text Interface 0 0 0 cece eee 11 2 Web Access Parameters Text Interface Only 0 000 eee eee eee 14 1 Serial Port Interface 0 ect n Apx 1 Vii 1 Introduction The AFS 16 1 is a versatile switching system designed for applications that require routing of analog or digital signals between a common RJ45 jack and A and B RJ45 jacks The AFS 16 1 is ideal for switching RS232 RS422 485 Ethernet UTP or telephone lines The system consists of a Card Rack one Power Supply Module one Control Module and up to 16 Circuit Modules Each Circuit Module is capable of switching all 8 pins of the Common RJ45 jack between Jack A or Jack B Each card can be switched by alarm manually or by command The AFS 16 1 includes an assortment of alarm features which allow the unit to monitor temperature power interruptions and invalid access attempts and then notify you via Email text message Syslog message or SNMP trap when critical conditions are detected The AFS can also monitor device response to ping commands and then switch A B paths and provide notification when devices fail to respond Security and Co Location Features Secure Shell SSHv2 encryption and address specific IP security masks help to prevent unauthorized access to command and configuration functions The AF
54. Linux users may note that other operators and wild cards may also be used EXCEPT This operator creates an exception in either the allow list or deny list For example if the Allow list includes a line which reads 192 EXCEPT 192 255 255 6 then all IP address that begin with 192 will be allowed except 192 255 255 6 providing that this address appears in the Deny list ALL The ALL wild card indicates that all IP Addresses should be allowed or denied When ALL is included in the Allow list all IP addresses will be allowed to connect conversely if ALL is included in the Deny list all IP Addresses will be denied except for IP addresses listed in the Allow list For example if the Deny list includes a line which reads ALL EXCEPT 168 255 192 192 then all IP addresses except 168 255 192 192 will be denied except for IP addresses that are listed in the Allow list Net Mask Pairs An expression of the form n n n n m m m m is interpreted as a net mask pair A host address is matched if net is equal to the bitwise AND of the address and the mask For example the net mask pattern 131 155 72 0 255 255 254 0 matches every address in the range 131 155 72 0 through 131 155 73 255 5 9 5 5 IP Security Examples 1 Mostly Closed Access is denied by default and the only clients allowed are those explicitly listed in the Allow list To deny access to all clients except 192 255 255 192 and 168 112 112 05 the Allo
55. NS Server parameters must first be defined as described in Section 5 9 5 Secondary NTP Address Defines the IP address or domain name up to 64 characters long for the secondary fallback NTP Server Default undefined Note n order to use domain names for web addresses DNS Server parameters must be defined as described in Section 5 9 5 NTP Timeout The amount of time in seconds that will elapse between each attempt to contact the NTP server When the initial attempt is unsuccessful the AFS 16 will retry the connection four times If neither the primary nor secondary NTP server responds the AFS 16 will wait 24 hours before attempting to contact the NTP server again Default 3 Seconds Test NTP Servers Text Interface Only Allows you to send a time request to the IP address or domain names defined via the Primary and Secondary NTP Address prompts or to a new address or domain defined via the Test NTP Servers submenu The AFS 16 will not store the response from the IP address or domain but will verify whether or not the target address or domain is an NTP Server 5 7 Basic Configuration 5 3 2 The Invalid Access Lockout Feature When properly configured and enabled the Invalid Access Lockout feature will watch all login attempts made at the Network Port and RS232 Port If either port exceeds the selected number of invalid attempts then that port will be automatically disabled for a user defined length of time Lock
56. Route Subnet Mask Syslog Address TACACS Telnet Access Telnet Port Network Parameters Network Port Administrator SuperUser Network Port Parameters Network Status Screen Text Interface Normal Mode DTR Output Index 4 Index 7 11 2 8 7 12 7 10 7 10 2 3 7 12 to 7 13 5 26 5 6 5 22 5 20 5 1 5 25 to 5 43 5 26 5 26 5 26 5 27 5 32 5 42 5 27 5 28 5 27 5 27 5 27 5 28 5 26 5 27 5 29 to 5 31 5 37 5 35 to 5 42 5 26 5 26 5 28 5 40 5 26 5 33 5 34 5 27 5 27 2 2 4 1 5 26 5 26 5 26 to 5 27 8 1 17 3 5 24 5 24 Notify Upon Clear Invalid Access Lockout Alarm Over Temperature Alarms Ping No Answer Alarm NTP Enable NTP Timeout Primary NTP Address Secondary NTP Address NTP Enable NTP Timeout Operation Organizational Name Organizational Unit Outbound Access Outbound SSH Outbound Telnet Over Temperature Alarms Address Alarm Clear Threshold Alarm Set Threshold Contact Output Enable Email Message Notify Upon Clear Resend Delay Subject Trigger Enable Password Default Email Parameters SNMPv3 PDAs Periodic Reset Value Modem Mode PIC Version Ping Access Ping Interval Ping No Answer Profile Ping No Answer Alarm Address Contact Output Enable Email Message Notify Upon Clear Resend Delay Subject Trigger Enable Ping No Answer Function 5 2 5 17 7 5 to 7 7 Ping No Answer Profile 7 7 Adding PNA Profiles 7 3 Circuit Access 7 5 Circuit Group Access
57. S Server Default 15 Seconds Fallback Local Determines whether or not the AFS 16 will fallback to its own password username directory when an authentication attempt fails When enabled the AFS 16 will first attempt to authenticate the password by checking the TACACS Server if this fails the AFS 16 will then attempt to authenticate the password by checking its own internal username directory This Parameter offers three options Off Fallback Local is disabled Default On All Failures Fallback Local is enabled and the unit will fallback to it s own internal user directory when it cannot contact the TACACS Server or when a password or username does not match the TACACS Server On Transport Failure Fallback Local is enabled but the unit will only fallback to it s own internal user directory when it cannot contact the TACACS Server Authentication Port The port number for the TACACS function Default 49 Default User Access When enabled this parameter allows TACACS users to access the AFS 16 command mode without first defining a TACACS user account on the AFS 16 When new TACACS users access the AFS 16 command mode they will inherit the default Access Level Circuit Access Circuit Group Access and Service Access that are defined via the items listed below Default On Access Level Selects the default Access Level setting for new TACACS users This option can set the default access level to Administrator
58. S 16 1 also provides four different levels of security for user accounts Administrator SuperUser User and ViewOnly The Administrator level provides complete access to all A B switching functions status displays and configuration menus The SuperUser level allows control of A B switching but does not allow access to configuration functions The User level allows access to only a select group of Administrator defined A B circuits The ViewOnly level allows you to check unit status but does not allow A B switching or access to configuration menus The AFS 16 1 includes full Radius LDAP and TACACS capability DHCP and an invalid access lockout feature An Audit Log records all user access login and logout times and command actions and an Alarm Log records user defined alarm events 1 1 Introduction Environmental Monitoring and Management The AFS 16 can constantly monitor temperature levels ping response and other factors If the AFS 16 detects that user defined thresholds for these values have been exceeded the unit can promptly notify you via email text message SNMP trap or Syslog message The AFS 16 also records temperature readings to a convenient log file The AFS 16 can also notify you when excessive invalid access attempts are detected and can automatically lock ports when it determines that an unauthorized user may be attempting to gain access by hammering the unit with random passwords WTI Management Utility The AFS
59. S 16 SNMP Agent cl gc d vide eae nae oak ea ee Ae ee WEB e 13 1 13 2 SNMPv3 Authentication and Encryption 0 000 c eects 13 1 13 3 Configuration via SNMP 0 0 cette n 13 1 13 3 1 Viewing USCIS 2 061 do bem Re xbv des eae eda dads 13 2 19 3 2 Adding Users eee od bee oe BARRE at Saha 13 2 13 3 9 Modifying Users dox feta a ae Sure ee eee tede ed Dace 13 2 13 3 4 Deleting USES sect ode eel ek AR eee eae eae dee at es 13 2 13 4 Circuit Control via SNMP 0 e ren 13 3 13 4 1 Controlling Circuits usana tee 13 3 13 4 2 Controlling Circuit Groups 1 0 0 eee 13 3 13 5 Viewing AFS 16 Status via SNMP 2 0 0 0 eee 13 4 13 6 1 Circuit Status ions foc bk dh p Heda ee ale edn aud AU Ramee 13 4 13 6 2 Unit Environment Status 0 0 eee 13 4 13 7 Sending Traps via SNMP 0 cece e res 13 5 Setting Up SSL Encryption 0 00 e ee ee 14 1 14 1 Creating a Self Signed Certificate 0 eee 14 2 14 2 Creating a Signed Certificate 0 keene 14 3 14 3 Downloading the Server Private Key 2 0 0 0 cece eee eee 14 4 Saving and Restoring Configuration Parameters 0000 cee eee eee eee 15 1 15 1 Sending Parameters to a File 00 2 ete 15 1 15 2 Restoring Saved Parameters ees 15 2 15 3 Restoring Previously Saved Parameters 00 0 c cece eee eee 15 3 Table of Contents 16 Upgrading AFS 16 Firmware 2 00 e cece eee eee n nnn 16 1 17 Com
60. S 16 will return to the Web Access Menu indicating that the CSR has been successfully created b When the Web Access Menu is re displayed press Esc several times until you exit from the Network Parameters menu and the Saving Configuration message is displayed After the new configuration has been saved test the Self Signed certificate by accessing the AFS 16 via the Web Interface using an HTTPS connection a Before the connection is established the AFS 16 should display the warning message described previously This indicates that the Self Signed certificate has been successfully created and saved b Click on the Yes button to proceed The AFS 16 will prompt you to enter a user name and password After keying in your password the main menu should be displayed indicating that you have successfully accessed command mode 14 2 Creating a Signed Certificate To create a Signed certificate and eliminate the warning message first set up your domain name server to recognize the Common Name item 5 that you will assign to the unit Next complete steps one through five as described in Section 14 1 and then proceed as follows 1 Capture the Newly Created Certificate Type 13 and press Enter View CSR The AFS 16 will prompt you to configure your communications Telnet program to receive the certificate Set up your communications program to receive a binary file and then press Enter to capture the file and save it This
61. String Although the AFS 16 will pulse the DTR line to hang up an attached modem the Hang Up string is often useful for controlling modems that do not use the DTR line Default undefined Periodic Reset Value Determines how often the Reset String will be sent to the modem at this port 15 Minutes Note When communicating with the AFS 16 via modem these parameters will not be changed until after you exit command mode and disconnect 5 24 Basic Configuration 5 9 Network Configuration The Network Parameters Menus are used to select parameters and options for the Network Port and also allow you to implement various security and authentication features Although the Web Browser Interface and Text Interface allow definition of essentially the same parameters parameters are arranged differently in the two interfaces In the Text Interface most network parameters are defined via one menu But in the Web Browser Interface network parameters are divided into separate menus which are accessed via the Network Configuration flyout menu To access the Network Parameters Menus proceed as follows Notes e Settings for network parameters depend on the configuration of your network Please contact your network administrator for appropriate settings The Network Parameters Menu selects parameters for all 16 logical Network Ports The IP Address Subnet Address and Gateway Address cannot be changed via the Web Browser Inte
62. Switch Menus MIB Parameters Modem Access Modem Mode Hang Up String Initialization String Periodic Reset Value Reset String Modem Phone Number Modem Port Configuration Modify Circuit Group LDAP Groups Ping No Answer Reboot PNA Profile User Accounts Via SNMP Monitor Alarm Input Address Circuit Access Circuit Group Access Circuit State Circuits to Switch Contact Output Enable Email Message Level Settings Monitor Alarm Input Delay Monitor Alarm Input Level Notify Upon Clear Resend Delay 4 2 14 2 5 1 5 9 5 9 5 9 5 6 5 9 to 5 10 5 9 to 5 10 5 10 5 10 17 4 9 7 17 4 5 2 5 17 5 26 5 23 5 6 2 4 9 7 2 2 5 4 5 33 to 5 38 4 2 5 1 5 2 5 24 5 24 5 24 5 24 5 24 5 6 5 23 to 5 26 5 22 5 37 6 3 6 3 5 19 13 2 7 10 7 11 7 11 7 11 7 11 7 11 7 10 7 12 7 10 7 10 7 10 7 10 Monitor Alarm Input continued Return Signal Subject Trigger Enable Monitor Input Level Jumper Monitor Input Level Settings Multiple Logins My Phone Number Name Circuit Group Circuit Module Network Access Network Configuration Accept Break Administrator Mode Command Echo DHCP Domain Name Server Email Parameters Gateway Address Harden Web Security HTTP Access HTTP Port HTTPS Access HTTPS Port Inactivity Timeout IP Address IP Security Kerberos Set Up LDAP Parameters Logoff Character Multiple Logins Ping Access RADIUS Sequence Disconnect SNMP Parameters SSH Access SSH Port Static
63. WTI Part No 14069 Rev B AFS 16 1 RJYS Fallback Switch ure p estem ine A Warnings and Cautions installation Instructions Secure Racking If Secure Racked units are installed in a closed or multi unit rack assembly they may require further evaluation by Certification Agencies The following items must be considered 1 The ambient within the rack may be greater than room ambient Installation should be such that the amount of air flow required for safe operation is not compromised The maximum temperature for the equipment in this environment is 45 C Consideration should be given to the maximum rated ambient 2 Installation should be such that a hazardous stability condition is not achieved due to uneven loading Check nameplate ratings to assure there is no overloading of supply circuits that could have an effect on overcurrent protection and supply wiring Reliable earthing of this equipment must be maintained Particular attention should be given to supply connections when connecting to power strips rather than direct connections to the branch circuit No Serviceable Parts Inside Authorized Service Personnel Only Do not attempt to repair or service this device yourself Internal components must be serviced by authorized personnel only Shock Hazard Do Not Enter e Lithium Battery CAUTION Danger of explosion if battery is incorrectly replaced Replace only with same or equivalent type recommended by
64. ability Administrator Format K k Enter Where k is a required argument which indicates the key type The k argument provides the following options 1 SSH1 2 SSH2 RSA 3 SSH2 DSA UL Unlock Port Invalid Access Lockout Manually cancels the AFS 16 s Invalid Access Lockout feature Normally when a series of failed login attempts are detected the Invalid Access Lockout feature can shut down the effected port for a user specified time period in order to prevent further access attempts When the UL command is invoked the AFS 16 will immediately unlock all ports that are currently in the locked state Availability Administrator Format UL Enter TELNET Outbound Telnet Creates an outbound Telnet connection as described in Section 10 2 Notes In order for the TELNET command to function Telnet SSH and Outbound Service Access must be enabled for your user account as described in Section 5 5 In addition Telnet Access and Outbound Access must also be enabled via the Network Parameters menu as described in Section 5 9 2 f you have logged in via the Network Port the TELNET command will not function Availability Administrator SuperUser User Format TELNET ip port raw Enter Where ip Is the target IP address port lIs an optional argument which can be included to indicate the target port at the IP address raw Isan optional argument which can be included to indicate a raw socket connection In order
65. able circuitStatus Current state of the circuit 0 Switch Position B 1 Switch Position A e circuitTable circuitAction Action to be taken on circuit 1 Markto Switch to A does not execute Mark to Switch to B does not execute N A Mark to DEFAULT Circuit does not execute Mark to Switch to A and execute circuit actions Mark to Switch to B and execute circuit actions N A Mark to DEFAULT Circuit and execute circuit actions arn ou fF WD Set circuitTable circuitAction to desired action as specified by values 1 4 above for each circuit index the action is to be applied to For the last circuit you wish to set before executing the commands use values 5 8 instead which will invoke the requested commands all at once 13 4 2 Controlling Circuit Groups A B Switching and Default commands can be issued for circuit groups via SNMP Circuit Groups are arranged in a table of 54 rows one row for each circuit group in the system Circuit Group parameters are described below circuitGroupTable circuitGroupName String indicating the circuit groups name circuitGroupTable circuitGroupAction Action to be taken on circuit group 1 Markto Switch to A does not execute 2 Markto Switch to B does not execute 3 NA 4 Markto DEFAULT Circuit does not execute 5 Markto Switch to A and execute circuit group actions 6 Markto Switch to B and execute circuit group actions 7 N A 8 Markto DEFAULT Circuit and execute circu
66. ack panel of the Dual Power Supply Module which are used to connect the AFS 16 to an appropriate power source Power Supply Indicators Two LEDs located on the back panel of the Dual Power Supply Module which will light when connected to an active power source Note that there is one LED for Inlet A and one LED for Inlet B 2 1 Unit Description 2 2 The Control Module The Control Module shown in Figure 2 2 coordinates switching of the individual Circuit Modules The Control Module includes a Master A B Gang Switch status LEDs a 10 100Base T Ethernet connector and an RJ 45 RS232 Serial Port for connection to your PC control device or external modem An AUX jack is provided to allow connection to a monitored line and optional external alarm The AFS 16 always includes one Control Module ME CONTROL Oi ETHERNET Osi a m ol O Figure 2 2 The Control Module The AFS 16 Control Module includes the following components D Ethernet Port An RJ45 Ethernet port for connection to your 10Base T or 100Base T TCP IP network Note that the AFS 16 features a default IP address 192 168 168 168 This allows you to establish an SSH connection with the unit without first assigning an IP address Note that the Network Port also includes two small LED indicators for Link and Data Activity For more information on Network Port configuration please refer to Section 5 9 Master A B Gang Switch Allows ma
67. al emulation program is ready to receive the file return to the AFS 16 s Save Parameter File menu and press Enter to proceed AFS 16 parameters will be saved on your hard drive in the file specified in Step 2 above 4 The AFS 16 will send a series of XML command lines which specify currently selected parameters When the download is complete press Enter to return to the command prompt 15 1 Saving and Restoring Configuration Parameters 15 2 Restoring Saved Parameters This section describes the procedure for using your terminal emulation program to send saved parameters to the AFS 16 1 Start your terminal emulation program and access the AFS 16 s Text Interface command mode using an account that permits Administrator level commands Configure your terminal emulation program to upload an ASCII text file Upload the ASCII text file with the saved AFS 16 parameters If necessary key in the file name and directory path Your terminal emulation program will send the ASCII text file to the AFS 16 When the terminal program is finished with the upload make certain to terminate the Upload mode Note f ihe AFS 16 detects an error in the file it will respond with the Invalid Parameter message If an error message is received carefully check the contents of the parameters file correct the problem and then repeat the Upload procedure If the parameter upload is successful the AFS 16 will send a confirmation message
68. at the Monitor Alarm Input Level is always set to compliment the setting for the Monitor Input Level Jumper as described in Section 7 5 1 Default Low Monitor Alarm Input Delay Determines how long the signal at the Monitor Input Contact must remain high low in order to generate an alarm Default 0 5 Seconds Resend Delay Determines how long the AFS 16 will wait to resend an email message generated by this alarm when the initial attempt to send notification was unsuccessful Default 60 Minutes Notify Upon Clear When this item is enabled the AFS 16 will send additional notification when the signal at the Monitor Input contact Pin 4 on the Control Module s AUX Connector returns to the normal non alarm state Default On Email Message Enables Disables email notification for this alarm Default On Note f either of the Copy to All Triggers options is selected then email notification for other alarms will be switched On or Off as indicated by this parameter Address 1 2 and 3 These parameters are used to select which of the three email addresses defined via the Email Messages menu see Section 5 9 11 will receive the email alarm notification messages generated by this alarm The Address parameters can be used to select one or any combination of the addresses defined via the Email Messages menu Default All On Note f Email addresses have been previously specified then the text under the paramet
69. ation parameters ViewOnly Accounts with ViewOnly access are allowed to view Status Menus with restrictions but are not allowed to invoke A B switching commands and cannot view configurations menus or change configuration parameters ViewOnly accounts can display Status screens but can only view the status of the AFS 16 Circuit Modules that are specifically allowed by the account Section 17 2 summarizes command access for all four access levels In the default state the AFS 16 includes one predefined account that provides access to Administrator commands and allows to control of all of the AFS 16 s Circuit Modules The default username for this account is super lowercase no quotation marks and the password for the account is also super Notes In order to ensure security it is recommended that when initially setting up the unit a new user account with Administrator access should be created and the super account should then be deleted e f the AFS 16 is reset to default parameters all user accounts will be cleared and the default super account will be restored 5 15 Basic Configuration 5 4 2 Granting Circuit Module Access Each account can be granted access to a different selection of Circuit Modules Note also that several accounts can be allowed access to the Circuit Module When accounts are created the Circuit Access parameter in the Add User or Modify User menu can be used to grant or deny access to
70. be allowed to access The argument for this command includes a character for each defined Circuit Group with the first character in the string being used to represent the first Circuit Group defined and the last character in the string representing the last Circuit Group defined The following options are available for each Circuit Group 0 Off Deny Access 1 On Allow Access For example to allow access to the first three defined Circuit Groups out of a total of six defined Circuit Groups the command line would be WTI Group Access 111000 Example The following command could be used to set the command access level to User allow access to Circuits 1 and 2 and also allow access to the first two of five defined Circuit Groups tom Auth Type Local User Password tom1 Login Service Telnet Login TCP Port Telnet User Name HARRY tom WTI Super 1 WTI Circuit Access 1100 WTI Group Access 11000 5 41 Basic Configuration 5 9 11 Email Messaging Parameters The Email Messaging menu is used to define parameters for email messages that the AFS 16 can send to notify you when an alarm is triggered To define email message parameters you must access the AFS 16 Command Mode using a password that permits access to Administrator Level commands The Email Configuration menu offers the following options Enable Enables Disables the Email Messaging feature When disabled the AFS 16 will not be able to send email m
71. be changed via the Web Browser Interface In order to change these parameters you must access the AFS 16 via the Text Interface IP Address Default 192 168 168 168 Subnet Mask Default 255 255 255 0 Gateway Address Default undefined DHCP Enables Disables Dynamic Host Configuration Protocol When this option is On the AFS 16 will perform a DHCP request Note that in the Text Interface the MAC address for the AFS 16 is listed on the Network Status Screen Default Off Note Before configuring this feature make certain your DHCP server is set up to assign a known fixed IP address You will need this new IP address in order to reestablish a network connection with the AFS 16 unit Telnet Access Enables disables Telnet access When Telnet Access is Off users will not be allowed to establish a Telnet connection to the unit Default Off Telnet Port Selects the TCP IP port number that will be used for Telnet connections In the Text Interface this item is defined via a submenu displayed when the Telnet Access parameter is selected Default 23 SSH Access Enables disables SSH communication Default On SSH Port Selects the TCP IP port number that will be used for SSH connections Note that in the Text Interface this item is defined via a submenu which is displayed when the SSH Access parameter is selected item number 22 Default 22 HTTP Access Web Access Enables disables the Web Brow
72. bers for the first and last Circuits in the range separated by a colon character To apply the command to all Circuits allowed by your account enter an asterisk X Optional Suppresses the command confirmation prompt Example Assume that your account allows access to Circuit 2 and Circuit 3 To switch Circuits 2 and 3 to the B position without displaying the optional command confirmation prompt invoke the following command line TB 243 Y Enter 17 5 Command Reference Guide T Toggle Command This command can be used to toggle any Circuit or Circuit Group to either the A position or the B position Note When this command is invoked in Administrator Mode or SuperUser Mode it can be applied to all AFS 16 Circuits and Circuit Groups When this command is invoked in User Mode it can only be applied to the Circuits and or Circuit Groups that have been enabled for your account Availability Administrator SuperUser User Format T c p Y Enter Where c The number or name of the Circuit s or Circuit Group s that you wish to switch To apply the command to several Circuits enter a plus sign between each Circuit number To apply the command to all Circuits allowed by your account enter an asterisk character P The desired switch position Enter an A to switch specified circuits to the A position or a B to switch circuits to the B position 1X Optional Suppresses the command confir
73. ccess is enabled as described in Section 5 9 2 Start your Telnet client and enter the AFS 16 s default IP address 192 168 168 168 e Via Modem Use your communications program to dial the number for the external modem optional that you have connected to the AFS 16 s RS232 port For more information on connecting a modem to the AFS 16 please refer to Section 4 4 2 Username Password Prompt A message will be displayed which prompts you to enter your username Login and password The default username is super all lower case no quotes and the default password is also super If a valid username and password are entered the AFS 16 will display either the Circuit Control Screen Web Browser Interface or the Circuit Status Screen Text Interface Getting Started Review Help Menu If you are communicating with the AFS 16 via the text interface SSH Telnet or Modem type H and press Enter to display the Help Menu which lists all available AFS 16 commands Note that the Help Menu is not available via the Web Browser Interface 3 4 Fallback Switching A B fallback switching can be controlled via the Text Interface or via the Web Browser Interface 3 4 1 Fallback Switching Text Interface Access the AFS 16 Text Interface as described in Section 3 3 and then proceed as follows 1 Review the Help Menu At the Text Interface command prompt type H and press Enter to display the Help Menu which provides a basic
74. ccess to the Web interface 0 No access 1 Access userTable userCallbackNum 32 character callback number for account e userTable userSubmit Set to 1 to submit changes 13 3 1 Viewing Users To view users issue a GET request on any of the user parameters for the index corresponding to the desired user 13 3 2 Adding Users For an empty index issue a SET request on the desired parameters Minimum requirement is a username and password to create a user all other parameters will be set to defaults if not specified To create the user issue a SET request on the userSubmit object 13 3 3 Modifying Users For the index corresponding to the user you wish to modify issue a SET request on the desired parameters to be modified Once complete issue a SET request on the userSubmit object 13 3 4 Deleting Users For the index corresponding to the user you wish to delete issue a SET request on the username with a blank string Once complete issue a SET request on the userSubmit object 13 2 Operation via SNMP 13 4 Circuit Control via SNMP 13 4 1 Controlling Circuits A B Switching and Default commands can be issued for circuits via SNMP Circuits are arranged in a table of N rows where N is the number of circuits in the system Circuit parameters are described below e circuitTable circuitID String indicating the circuits ID circuitTable circuitName String indicating the circuit s user defined name circuitT
75. characters for the Syslog Daemon that will receive log records generated by the AFS 16 For more information please refer to Section 11 Default undefined Ping Access Enables Disables response to the ping command When Disabled the AFS 16 will not respond to Ping commands Note that disabling Ping Access at the Network Port will not effect the operation of the Ping No Access Alarm Default On Outbound Access Enables Disables the ability to create outbound Telnet and or SSH connections via the AFS 16 Network Port When enabled users who are connected to the AFS 16 command mode via the RS232 Serial Port will be able to connect to the Network Port and then invoke the TELNET and or SSH commands to create an outbound connection For example to create an outbound Telnet connection first make certain that this option is enabled for both the RS232 Serial Port and the password account then access command mode via the Text Interface at the RS232 Port At the AFS gt prompt invoke the TELNET command as described in Section 10 3 Default Off 5 28 Basic Configuration 5 9 5 IP Security The IP Security feature allows the AFS 16 to restrict unauthorized IP addresses from establishing inbound Telnet connections to the unit This allows you to grant Telnet access to only a specific group of IP addresses or block a particular IP address completely In the default state the AFS 16 accepts incoming IP connections from all hos
76. connections to the AFS 16 s Network Port For more information please refer to Section 8 2 Availability Administrator SuperUser Format SN Enter H Help Displays a Help Screen which lists all available Text Interface commands along with a brief description of each command Note n the Administrator Mode the Help Screen will list the entire AFS 16 command set In SuperUser Mode User Mode and ViewOnly Mode the Help Screen will only list the commands that are allowed for that Access Level Availability Administrator SuperUser User ViewOnly Format H Enter 17 3 Command Reference Guide L Log Functions Provides access to a menu which allows you to display the Audit Log Alarm Log and Temperature Log For more information on Log Functions please refer to Section 5 3 4 Availability Administrator SuperUser Format L Enter J Display Site ID Unit Information Displays the user defined Site I D message If the optional asterisk argument is included in the command line the command will also show the model number and software version for the AFS 16 unit Availability Administrator SuperUser User ViewOnly Format J Enter Where is an optional argument which can be included in the command line to display the exact model number and software version of the AFS 16 unit 17 3 2 Control Commands X Exit Command Mode Exits command mode When issued at the Network Port also ends the Telnet
77. ction 5 9 5 1 Access the IP Security Configuration Menu In the Text Interface the IP Security menu is accessed via the Network Configuration menu In the Web Browser Interface the IP Security Configuration menu is accessed via the Network Configuration flyout menu 2 Allow List Enter the IP Address es for the clients that you wish to allow Note that if an IP Address is found in the Allow list the client will be allowed to connect and the AFS 16 will not check the Deny list a Text Interface Note the number for the first empty field in the Allow list then type that number at the command prompt press Enter and then follow the instructions in the resulting submenu b Web Browser Interface Place the cursor in the first empty field in the parameters menu then key in the desired IP Address operators wild cards and or net mask pairs 3 DenyList Enter the IP Address es for the clients that you wish to deny Note that if the client s IP Address is not found in the Deny List that client will be allowed to connect Use the same procedure for entering IP Addresses described in Step 2 above 5 30 Basic Configuration 5 9 3 2 Linux Operators and Wild Cards In addition to merely entering a specific IP address or partial IP address in the Allow or Deny list you may also use any standard Linux operator or wild card In most cases the only operator used is EXCEPT and the only wild card used is ALL but more experienced
78. d Permit the Network Port will be allowed to invoke Administrator level commands providing they are issued by an account that permits them If disabled Deny then accounts that permit Administrator level commands will not be allowed to access command mode via the Network Port Default Permit Logoff Character Defines the Logoff Character for this port This determines which command s must be issued at this port in order to disconnect from the RS232 Serial Port Default x Ctrl plus X Note The Sequence Disconnect parameter can be used to pick a one character or a three character logoff sequence Sequence Disconnect Enables Disables and configures the Resident Disconnect command Offers the option to either disable the Sequence Disconnect or select a one character or three character command format Default 2 One Character Notes The One Character Disconnect is intended for situations where the destination port should not receive the disconnect command When the Three Character format is selected the disconnect sequence will pass through to the destination port prior to breaking the connection When Three Character format is selected the Resident Disconnect uses the format Enter LLL Enter where L is the selected Logoff Character Inactivity Timeout Enables and selects the Inactivity Timeout period for the Network Port If enabled and the port does not receive or transmit data for the specified
79. d 5 28 17 7 Telnet Command 17 7 Telnet Access 5 2 5 27 Telnet Port 5 27 Temperature Calibration 5 5 Temperature Format 5 5 Temperature Log 8 5 5 9 5 10 5 6 Test Ping Test 6 2 Test Menu 11 2 12 2 17 10 Test NTP Servers 5 7 Text Interface 5 1 to 5 2 17 1 to 17 10 Applying Commands to Several Circuits 9 6 Command Set 17 3 to 17 10 Set Circuits to Defaults 9 5 Switching Circuits 9 5 to 9 6 Time 5 7 Time Zone 5 7 TLS SSL Encryption 5 35 To Address Email Parameters 5 42 Toggle Command 17 6 Toggle to A 17 5 Toggle to B 17 5 Trademarks Apx 4 Trigger Enable Invalid Access Lockout Alarm 7 7 Monitor Alarm Input 7 10 Over Temperature Alarms 7 3 Ping No Answer Alarm 7 5 Power Cycle Alarm 7 9 Unit Description Unlock Port Text Interface Upgrading Firmware Upload CRT Server Key Signed Certificate User User Accounts Access Level Access Levels Adding Callback Number Circuit Group Access Circuit Module Access Command Access Levels Default Deleting Editing Modifying Password Port Access Service Access Username Viewing User Directory Username Email Parameters SNMPV3 User Search Base DN User Search Filter Version SNMP View Circuit Group Directory LDAP Groups Ping No Answer Reboot PNA Profile User Accounts Via SNMP ViewOnly W Warnings and Cautions Web Access Web Browser Interface WTI Management Utility Index 8 Index 2 1 to 2 4 17 7 16 1 to 16 2 17 10 14 4 14 4 5 15 to 5 21 17 2 5 15 to 5 21
80. d light After about 90 seconds the A B indicators should go out indicating that the unit is ready to receive commands 3 2 Connect Your PC to the AFS 16 The AFS 16 can either be controlled by a local PC Serial Port controlled via modem or controlled via TCP IP network In order to select parameters or control switching functions commands are issued to the AFS 16 via either the Ethernet Port or RS232 Console Port Ethernet Port Connect your 10Base T or 100Base T network interface to the AFS 16 Control Module s 10 100Base T Network Port RS232 Port Use the supplied Ethernet cable and adapter to connect your PC COM port to the RS232 Console Port on the AFS Control Module as described in Section 4 3 For a description of the RS232 Port Interface please refer to Appendix A 1 Modem If desired an external modem can also be installed at the RS232 Port For more information please refer to Section 4 4 Getting Started 3 3 Communicating with the AFS 16 When properly installed and configured the AFS 16 will allow command mode access via Telnet Web Browser SSH client modem or local PC However in order to ensure security both Telnet and Web Browser access are disabled in the default state To enable Telnet and or Web Browser access please refer to Section 5 9 2 Notes Default AFS 16 serial port parameters are set as follows 9600 bps RTS CTS Handshaking 8 Data Bits One Stop Bit No Parity Although these paramete
81. d the Audit Log Alarm Log or Temperature log access the command mode then proceed as follows Text Interface Type L and press Enter to access the Display Log menu Select the desired Log from the menu key in the appropriate number and press Enter and then follow the instructions in the resulting submenu Web Browser Interface Audit Log Move the cursor over the Logs link on the left hand side of the screen When the fly out menu appears click on the Audit Log Display or the Audit Log Download link and then follow the instructions in the resulting submenu Alarm Log Move the cursor over the Logs link on the left hand side of the screen When the fly out menu appears click on the Alarm Log Display or Alarm Log Download link and then follow the instructions in the resulting submenu Temperature Log Move the cursor over the Logs link on the left hand side of the screen When the fly out menu appears click on the Temperature Log Display or Temperature Log Download link and then follow the instructions in the resulting submenu Basic Configuration To erase log data access command mode via the Text Interface using an account that permits Administrator level commands then type L and press Enter to access the Display Logs menu and then proceed as follows Audit Log At the Display Logs menu type 1 and then press Enter When the Audit Log appears type E and press Enter to erases
82. d then press Enter Note Although the AFS 16 does not support SSH1 the K 1 command will still return a key for SSH1 10 1 Teinet amp SSH Functions 10 2 Creating an Outbound Telnet Connection The AFS 16 includes a TELNET command that can be used to create an outbound Telnet connection In order to use the TELNET command you must access the AFS 16 s Text Interface command mode using an account that permits Telnet Access and Outbound Access via the AFS 16 Control Module s Serial RS232 Port as described below Notes In order for the TELNET command to function Telnet Access and Outbound Service Access must be enabled for your user account as described in Section 5 5 f you are communicating with the AFS 16 via the Network Port the TELNET command will not function To create an outbound Telnet connection access the Text Interface via the Control Module s RS232 Serial Port using an account that permits Telnet Access and Outbound Access and then invoke the TELNET command using the following format TELNET ip port raw Enter Where ip Is the target IP address port Is an optional argument which can be included to indicate the target port at the IP address raw Is an optional argument which can be included to indicate a raw socket connection In order to create a raw socket connection the command line must end with the text raw For example to create a raw socket outbound Telnet connection
83. d to a Ping Command In addition the Ping No Answer function can also be configured to send an email text message Syslog Message or SNMP Trap to notify you whenever a Ping No Answer Action occurs Please refer to Section 7 3 for instructions on setting up email alarm notification for Ping No Answer Actions To set up a Ping No Answer Profile access command mode using a password that permits Administrator level commands and then proceed as follows Text Interface Type PNA and press Enter to display the Ping No Answer Directory menu From the Ping No Answer Directory Menu you can Add Modify View or Delete Ping No Answer Profiles as described in the Sections that follow Web Browser Interface Click on the Ping No Answer Configuration link on the left hand side of the screen to display the Ping No Answer Directory menu From the Ping No Answer Directory menu you can Add Modify View or Delete Ping No Answer Profiles Note After defining or editing Ping No Answer parameters make certain to save the changes before proceeding In the Web Browser Interface click on the Add Ping No Answer button to save parameters in the Text Interface press Esc several times until the AFS 16 displays the Saving Configuration message and the cursor returns to the command prompt 6 1 Adding Ping No Answer Profiles Up to 54 Ping No Answer Profiles can be defined The Add Ping No Answer menu is used to define the following parameters
84. d to check to make certain that the unit is communicating properly Note that in order for the Ping command to function with domain names you must first configure Domain Name Server parameters as described in Section 5 9 5 SNMP is an acronym for Simple Network Management Protocol The SNMP Trap function allows the AFS 16 to send Alarm Notification messages to two different SNMP managers each time one of the Alarms discussed in Section 7 is triggered Note e The SNMP feature cannot be configured via the SNMP Manager SNMP reading ability is limited to the System Group e The SNMP feature includes the ability to be polled by an SNMP Manager Once SNMP Trap Parameters have been defined SNMP Traps will be sent each time an Alarm is triggered and or when a Buffer Mode serial port reaches the user defined Buffer Threshold value For more information on Alarm Configuration please refer to Section 7 12 1 Configuration To configure the SNMP Trap function proceed as follows 1 Access command mode using an account that permits access to Administrator level commands 2 SNMP Trap Parameters Access the SNMP Trap Parameters Menu as described in Section 5 9 7 Set the following a SNMP Managers 1 and 2 The address es that will receive SNMP Traps that are generated by one of the Alarms discussed in Section 7 Consult your network administrator to determine the IP address es for the SNMP Manager s then use the Network Parame
85. d with the upgrade select either option 1 or option 2 The AFS 16 will display a message that indicates that the unit is waiting for data Leave the current Telnet SSH client session connected at this time 5 Open your FTP SFTP application and if you have not already done so login to the AFS 16 unit using a username and password that permit access to Administrator Level commands 6 Transfer the md5 format upgrade file to the AFS 16 7 After the file transfer is complete the AFS 16 will install the upgrade file and then reboot itself and break all port connections Note that it will take approximately 10 minutes to complete the installation process The unit will remain accessible until it reboots a SomeFTP SFTP applications may not automatically close when the file transfer is complete If this is the case you may close your FTP SFTP client manually after it indicates that the file has been successfully transferred b When the upgrade process is complete the AFS 16 will send a message to all currently connected network sessions indicating that the AFS 16 is going down for a reboot Note Do not power down the AFS 16 unit while it is in the process of installing the upgrade file This can damage the unit s operating system 8 If you have accessed the AFS 16 via the Network Port in order to start the FTP SFTP servers the AFS 16 will break the network connection when the system is reinitialized e f you initially selected
86. duct Status Screen via the Text Interface type J and then press Enter To display the Product Status Screen via the Web Browser Interface click on the Product Status link The Product Status Screen lists the following items Product The make model number of the AFS 16 unit SW Version The software version that is currently installed on the AFS 16 unit PIC Version The version of the micro controller chip that is present on the Control Module 8 2 The Network Status Screen The Network Status screen shows activity at the AFS 16 s virtual network ports and lists the TCP Port Number Active Free Status and current user name for each virtual network port To view the Network Status Screen you must access command mode using a password that permits access to Administrator Level commands To display the Network Status Screen via the Text Interface type SN and press Enter To display the Network Status Screen via the Web Browser Interface click on the Network Status link The Network Status Screen lists the following items Port The virtual network port for each connection TCP Port The TCP Port number for each connection Status This column will read Free if no users are currently connected to the corresponding port or Active if a user has currently accessed command mode via this port User Name The user name for the account that has currently accessed command mode via this port Note that when the Netw
87. e AUX Connector as shown in Figure 7 3 7 6 1 2 Monitor Input Signal Trigger When High To set up the Monitor Alarm Input feature to trigger an alarm when the signal at AUX Connector pin 4 the Monitor Input goes High configure the AFS 16 as follows 1 Control Card Jumper Setting Set the Jumper to the 0 position This will set the non active non alarm signal state to Low as shown in Figure 7 2 Monitor Alarm Input Level Use the Monitor Alarm Input configuration menu to set the Monitor Alarm Input Level to High as described in Section 7 6 This will configure the Monitor Alarm Input feature to generate an alarm when the Monitor Input signal goes High Set the Remaining Parameters Use the Monitor Alarm Input configuration menu to select the remaining parameters as described in Section 7 6 Connect Monitor Input Connect the signal line that you wish to monitor to Pin 4 Monitor Input on the Control Module AUX Connector as shown in Figure 7 3 Connect your ground line to the Ground Connector Pin 5 8 The Status Screens The Status Screens are used to display status information about the AFS 16 hardware and firmware Network Port Circuit Modules Circuit Groups and other features The Status Screens are available via both the Text Interface and Web Browser Interface 8 1 Product Status The Product Status Screen lists the model number power rating and software version for your local AFS 16 unit To display the Pro
88. e at the AFS 16 unit Each Log record will include the time and date and the temperature reading Basic Configuration 5 3 3 1 The Audit Log and Alarm Log The System Parameters menu allows you to select three different configuration parameters for the Audit Log and Alarm Log Note that the Audit Log and Alarm Log function independently and parameters selected for one log will not be applied to the other Off The Log is disabled and command activity and or alarm events will not be logged On With Syslog The Log is enabled and A B switching and or alarm events will be logged The AFS 16 will generate a Syslog Message every time a Log record is created Default Setting On Without Syslog The Log is enabled and A B switching and or alarm events will be logged but the AFS 16 will not generate a Syslog Message every time a Log record is created Notes In order for the Audit Log or Alarm Log to generate Syslog Messages Syslog Parameters must first be defined as described in Section 1 1 The Audit Log will truncate usernames that are longer than 22 characters and display two dots in place of the remaining characters 5 3 3 2 The Temperature Log The System Parameters menu allows you to either enable or disable the Temperature Log When the Temperature Log is enabled the AFS 16 will not log temperature readings In the default state the Temperature Log is enabled 5 3 3 3 Reading and Erasing Logs To rea
89. e default Service Access setting for new TACACS users The Service Access setting determines whether each account will be able to access command mode via Serial Port Telnet SSH or Web In addition the Service Access setting also determines whether each account will be able to employ the Outbound Access function For example if Telnet SSH Access is disabled then the default setting for new TACACS accounts will not allow access to command mode via Telnet or SSH Default Serial Port On Telnet SSH On Web On Note f Outbound Access has been disabled via the Network Parameters menu then the Service Access parameter will not be allowed to grant Outbound Access to new TACACS users 5 39 Basic Configuration 5 9 10 RADIUS Parameters The RADIUS Configuration Menus offer the following options Enable Enables disables the RADIUS feature at the Network Port Default Off Primary Address Defines the IP address or domain name up to 64 characters long for your primary RADIUS server Default undefined Primary Secret Word Defines the RADIUS Secret Word for the primary RADIUS server Default undefined Secondary Address Defines the IP address or domain name up to 64 characters for your secondary fallback RADIUS server if present Default undefined Secondary Secret Word Defines the RADIUS Secret Word for the secondary RADIUS server Default undefined Fallback Timer Determines how long the AFS 16
90. e existing firmware as described in Section 16 Note When a firmware upgrade is performed the AFS 16 will require approximately 15 minutes for the upgrade procedure Availability Administrator Format UF Enter TEST Test Network Parameters Displays a menu which is used to test configuration of the Syslog and SNMP Trap functions and can also be used to invoke a Ping Command For more information please refer to Section 11 2 and Section 12 2 Notes In order for the ping command to function with domain names Domain Name Server parameters must be defined as described in Section 5 9 5 The Test Menu s Ping command is not effected by the status of the Network Parameters Menu s Ping Access function Availability Administrator SuperUser Format TEST Enter 17 10 Appendix A Interface Description RJ 45 Pin No RTS 1 Request to Send Control Module DTR 2 Ready Out RS232 Serial Port TXD 3 Data Out j Pin 1 3 J Pin 8 GND 4 Ground 5 RXD 6 Data In DCD 7 Carrier Detect CTS 8 Clear to Send Figure A 1 Serial Port Interface A 1 Serial Port RS232 DCD and DTR hardware lines function as follows 1 When connected a If either port is set for Modem Mode the DTR output at either port reflects the DCD input at the other end b Ifneither port is set for Modem Mode DTR output is held high active 2 When not connected a Ifthe port is set for Modem Mode upon disconnect DTR output is puls
91. e used to select one or any combination of the addresses defined via the Email Messages menu Default All On Note f Email addresses have been previously defined then the text under the parameters will list the current user defined email addresses Subject This parameter is used to define the text that will appear in the Subject field for all email notification messages generated by this alarm Default Alarm Over Temperature Initial or Alarm Over Temperature Critical Contact Output Enable Activates deactivates the Output Contacts on the AFS 16 Control Module AUX Connector When the Contact Output Enable parameter is set to On the Common line will be switched from the Normally Closed contact to the Normally Open contact when an Over Temperature Alarm is generated For more information on the Output Contacts please refer to Section 7 1 Default On Note f either of the Copy to All Triggers options is selected then the Contact Output Enable parameter for other alarms will also be enabled or disabled as specified by this parameter Alarm Configuration 7 3 The Ping No Answer Alarm The Ping No Answer Alarm is intended to provide notification when one of the IP addresses defined via the Ping No Answer function as described in Section 6 fails to respond to a Ping command When one of the user defined IP addresses fails to answer a Ping command the AFS 16 can provide notification via Email Syslog Messa
92. earch the LDAP directory Default undefined pu Y J 5 35 Basic Configuration Search Bind Password Sets the Password for the user who is allowed to search the LDAP directory Default undefined User Search Base DN Sets the directory location for user searches Default undefined User Search Filter Selects the attribute that lists the user name Note that this attribute should always end with s no quotes Default undefined Group Membership Attribute Selects the attribute that lists group membership s Default undefined Group Membership Value Type Default DN Fallback Enables Disables the LDAP fallback feature When enabled the AFS 16 will revert to it s own internal user directory see Section 5 5 if no defined users are found via the LDAP server In this case port access rights will then be granted as specified in the default LDAP group Default Off LDAP Group Setup Provides access to a submenu which is used to define LDAP Groups as described in the Sections 5 9 8 1 through 5 9 8 4 LDAP Kerberos Setup Provides access to the Kerberos Setup menu as described in Section 5 9 8 5 When the Bind Type is set to Kerberos the Kerberos Setup menu is used to select Kerberos parameters In the Text Interface the link to the Kerberos Setup menu will not be displayed unless the Bind Type is set to Kerberos 5 9
93. ecure the Circuit Module to the AFS 16 frame A B Switch Jumper Not Shown A jumper located on the Circuit Module board which is used to enable disable the individual Circuit Module s response to the Master A B Gang Switch as described in Section 4 5 1 2 4 3 Getting Started This section describes a simplified installation procedure for the AFS 16 hardware which will allow you to communicate with the unit in order to demonstrate basic features and check for proper operation Note that this Quick Start procedure does not provide a detailed description of unit configuration or discuss advanced operating features in detail For more information please refer to the remainder of this User s Guide 3 1 Apply Power to the AFS 16 Refer to the safety precautions listed at the beginning of this User s Guide and then connect the unit to a 100 to 240 VAC power source Note The AFS 16 includes two power inlets You can connect either one or both of these inputs to your power source If both power inlets are connected they should be connected to separate power sources in order that the second power source can serve as a redundant back up in the event of failure Connect the power supply cable s to the unit s power inlet s and then connect the cable s to appropriate power supplies Set the Power Switch on the AFS 16 Power Module to the ON Position The ON LED on the Power Module and the A B indicators on the Control Module shoul
94. ed by alarms Default On without Syslog Alarm Log When enabled the Alarm Log will create a record of all alarm activity atthe AFS 16 unit Default 2 On without Syslog Temperature Log When enabled the Temperature Log will create a record of temperature vs time at the AFS 16 unit Default On Callback Security Enables and configures the Callback Security Function as described in Section 5 3 4 In order for this feature to function a Callback number must also be defined for each desired user account as described in Section 5 5 Default On Callback without Password Prompt 3 attempts 30 Minute Delay Notes In the Text Interface Callback Security Parameters are defined via a submenu of the Systems Parameters Menu which is accessed via the Callback Security item In the Web Browser Interface Callback Security Parameters are defined via a separate menu which is accessed by clicking the Callback Security link on the left hand side of the screen e Control Card A B Switch This item can be used to enable disable the Master A B Gang Switch on the AFS 16 Control Module Default On e Control Card Reset Switch This item can be used to enable disable the Reset Switch on the AFS 16 Control Module Default On Modem Phone Number When an optional external modem is connected to the AFS 16 Control Card s RS232 Port the Modem Phone Number parameter can be used to denote the phone number for the externa
95. ed for 0 5 seconds and then held high b Ifthe port is not set for Modem Mode DTR output is controlled by the DTR Output option Serial Port Parameters Menu Option 23 Upon disconnect Option 23 allows DTR output to be held low held high or pulsed for 0 5 seconds and then held high Apx 1 Appendix B Specifications Switch Card Up to 16 Modules Interface RJ45 3 Three Jacks 8 Pins Switched Common Jack to A or B Jack Contacts High Reliability Mechanical Relays Break Before Make Contacts with 1 Amp 30 VDC Rating 100 Million Cycle Life Switching Manual Individual Toggle Switch Gang Switching from Control Module Code Web Browser By Slot Number or by Name Card Rack and Control Unit Ethernet Port 10 100Base T Serial Console Port 1 each RJ45 RS232C AUX Port 5 Pin Quick Connect Terminal Block for External Connection for Alarm Output Monitor Input and Ground Monitor Input Signal is always read relative to ground signal Low Monitor Input Signal OV to 48V High Monitor Input Signal 5V to 48V RS232 Port Interface Connectors One 1 RJ45 connector DTE pinout Coding 7 8 bits Even Odd No Parity 1 2 Stop Bits Flow Control XON XOFF RTS CTS Both or None Data Rate 300 to 115 2K bps all standard rates Inactivity Timeout No activity timeout disconnects port modem sessions Off 5 15 30 90 minutes Break Send Break or Inhibit Break Site ID 32 Characters Port Name 16 Characters pe
96. er The Display Logs menu will be shown At the Display Logs menu type 2 and press Enter to display the Alarm Log Web Browser Interface Place the cursor over the Logs link on the left hand side of the screen wait for the fly out menu to appear To view the Alarm Log click on the Alarm Log Display link to download the Alarm Log click on the Alarm Log download link The Alarm Log will display the following information for each logged event Date The date when the alarm occurred Time The time that the alarm occurred Trigger The name of the alarm which was triggered Description A brief description of the event that triggered the alarm Note n the Text Interface the following commands are also available Press Enter to display the next screen full of data Press Esc to exit from the log menu and return to the command prompt Type E and press Enter to erase the Alarm Log 8 5 5 The Temperature Log The temperature log provides a record of AFS 16 temperature readings in reverse chronological order with the most recent events appearing at the top of the list To view the Temperature Log access command mode using a password that permits Administrator or SuperUser level commands and then proceed as follows Text Interface Type L and press Enter The Display Logs menu will be shown Atthe Display Logs menu type 3 and press Enter to display the Temperature Log Web Browser Interface
97. er to Section 5 3 2 Default On 9 Attempts 30 Minute Duration Note The Invalid Access Lockout item does not appear in the Web Browser Interface s System Parameters menu and is instead accessed via the link on the left hand side of the screen Temperature Format Determines whether the temperature is displayed as Fahrenheit or Celsius Default Fahrenheit Temperature Calibration Used to calibrate the unit s internal temperature sensing abilities To calibrate the temperature place a thermometer inside your equipment rack in a location that usually experiences the highest temperature After a few minutes take a reading from the thermometer and then key the reading into the configuration menu In the Web Browser Interface the temperature is entered at the System Parameters menu in the Temperature Calibration field in the Text Interface the temperature is entered in a submenu of the System Parameters menu which is accessed via the Temperature Calibration item Default undefined Basic Configuration Log Configuration In the Text Interface this item provides access to a submenu which is used to configure the Audit Log Alarm Log and Temperature Log as described in Section 5 3 3 In the Web Browser Interface these parameters are directly accessed via the System Parameters menu Audit Log When enabled the Audit Log will create a record of all A B switching at the AFS 16 unit including switching that was initiat
98. ers will list the current user defined email addresses Subject Define the text that will appear in the Subject field for email notification messages generated by this alarm Default Alarm Monitor Alarm Input Alarm Configuration Contact Output Enable Activates deactivates the Output Contacts on the Control Module AUX Connector When the Contact Output Enable parameter is set to On the Common line will be switched from the Normally Closed contact to the Normally Open contact For more information on the Output Contacts please refer to Section 7 1 Default On Note f either of the Copy to All Triggers options is selected then the Contact Output Enable parameter for other alarms will also be enabled or disabled as specified by this parameter Circuits to Switch Selects the Circuit Module s and Circuit Group s that will be switched when the Monitor Alarm Input feature is triggered determines the A B switch position and enables disables the Return feature This item provides access to a submenu which is used to define the following Enable Enables disables A B switching in response to the Monitor Alarm Input feature When disabled the AFS 16 will not perform A B switching with the Monitor Alarm Input feature is triggered Default Disable Circuit State Specifies the A B position that circuits will be switched to when the Monitor Alarm Input feature is triggered Default B Return Enables
99. escribed in Section 5 9 2 Once the Syslog address has been defined Syslog Messages will be sent for every alarm discussed in this Section providing that the Trigger Enable parameter for the alarm has been set to On In order to send alarm notification via SNMP Trap SNMP Trap parameters must first be defined as described in Section 5 9 7 Once SNMP Trap Parameters have been defined SNMP Traps will be sent for every alarm discussed in this Section providing that the Trigger Enable parameter for the alarm has been set to On After defining parameters via the Text Interface make certain to press the Esc key several times to completely exit from the configuration menu and save newly defined parameters When parameters are defined via the Text Interface newly defined parameters will not be saved until the Saving Configuration message is displayed To configure the AFS 16 s Alarm functions first access command mode using a password that allows Administrator level commands If you are communicating with the unit via the Text Interface type AC and then press Enter If you are communicating via the Web Browser Interface click on the Alarm Configuration link on the left hand side of the screen The Alarm Configuration Menu will be displayed Alarm Configuration AUX Connector G Pin Out O Pin Signal Si 3 Normally Closed 1 2 Common S I 1 Normally Open Back Edge of gu Control Card Figure 7 1 Contro
100. espond to a ping command When disabled the AFS 16 will not switch the specified circuit s when a ping failure is detected but will continue to notify you via Email Syslog Message and or SNMP Trap providing that parameters for these functions have been defined as described in Section 5 9 and the Ping No Answer Answer alarm has been enabled as described in Section 7 3 Default No Notes In order for Email Text Message Notification to function you must first define Email Text Message parameters as described in Section 5 9 1 1 In order for Syslog Message Notification to function you must first define a Syslog Address as described in Section 5 9 2 In order for SNMP Trap Notification to function you must first define SNMP parameters as described in Section 5 9 7 Circuit Access Determines which Circuit Modules will be switched when the IP address for this Ping No Answer Profile does not respond Note that in the Text Interface Circuit Access is defined via a separate submenu in the Web Browser Interface Circuit Access is defined via a drop down menu which is accessed by clicking on the plus sign in the Configure Circuit Access field Default undefined Circuit Group Access Determines which Circuit Group s this Ping No Answer Profile will be applied to Note that in the Text Interface Circuit Group Access is defined via a separate submenu in the Web Browser Interface Circuit Group Access is defined via a drop dow
101. essages when an alarm is generated Default On SMTP Server This prompt is used to define the address of your SMTP Email server Default 192 168 100 43 Port Number Selects the TCP IP port number that will be used for email connections Default 25 Domain The domain name for your email server Default undefined Note n order to use domain names you must first define Domain Name Server parameters as described in Section 5 9 5 User Name The User Name that will be entered when logging into your email server Default undefined Password The password that will be used when logging into your email server Default undefined Auth Type The Authentication type the AFS 16 allows you to select None Plain Login or CRAM MD5 Authentication Default Plain From Name The name that will appear in the From field in email sent by the AFS 16 Default undefined From Address The email address that will appear in the From field in email sent by the AFS 16 Default undefined To Address The address es that will receive email messages generated by the AFS 16 Note that up to three To addresses may be defined and that when Alarm Configuration parameters are selected as described in Section 7 you may then designate one two or all three of these addresses as recipients for email messages that are generated by the alarms Default undefined Send Test Email Sends a test email using the
102. eters Network Status Circuit Parameters Log Circuit Group Parameters Site ID Network Configuration Ping No Answer Alarm Configuration Exit Command Mode Reboot System Connect Local Upgrade Firmware Disconnect Port Test Network Options Switch To Circuit Position A Switch To Circuit Position B Port name Switch To Circuit Position sts s s Circuit name Default Circuit Position c c c c Circuit name Send Parameter File Position A or B Send SSH Keys Key type 1 3 Unlock Invalid Access all lt gt Required entry Optional entry Add Y to bypass Sure AFS gt Figure 9 1 The Help Menu Administrator Mode Text Interface 9 2 A B Switching Text Interface When using the Text Interface all A B switching functions are performed by invoking simple ASCII commands The Text Interface includes a Help Menu which summarizes all available AFS 16 commands To display the Text Interface Help Menu Figure 9 1 type H and press Enter Note When the Help Menu is displayed by an account that permits SuperUser User or ViewOnly level commands the screen will not include commands that are only available to Administrators 9 2 1 The Circuit Status Screen Text Interface When you login to the AFS 16 command mode via the Text Interface the first screen displayed after login is the Circuit Status Screen The Circuit Status Screen lists the current status of the AFS 16 s Circuit Modules and also displays the current tempera
103. eters menu is only available when you have logged into command mode using an account that permits Administrator commands The Circuit Parameters Menu allows you to define the following parameters Name Common Assigns a name to the Common RJ45 connector on the selected Circuit Module Name A Assigns a name to the A RJ45 connector on the selected Circuit Module Name B Assigns a name to the B RJ45 connector on the selected Circuit Module Power Up Default Determines how this A B Switch will react when the Default All Circuits command DF is invoked or after power to the unit has been interrupted and then restored After the default command is invoked or power is restored the AFS 16 will automatically set each A B Switch to the A or B setting as specified by the Power Up Default Default A Notes If you have accessed command mode using an account that has Administrator or SuperUser level command access then the Default command will be applied to all Circuit Modules If you have accessed command mode using an account that has User level command access then the Default command will only be applied to the Circuit Modules that are allowed by your account The Default command is not available to ViewOnly level accounts 5 20 Basic Configuration 5 7 TheCircuit Group Directory The Circuit Group Directory allows you to designate groups of circuits that are dedicated to a similar function a
104. f you intend to use the Input Monitor Alarm then this jumper should be set as described in Section 7 6 4 6 The A C B Connectors Each AFS 16 Circuit Module includes three RJ45 connectors a C Common connector an A Primary Fallback connector and a B Secondary Fallback connector Use an RJ45 Ethernet cable to connect devices to the A C B ports as required This completes the AFS 16 installation instructions Please proceed to the next Section for instructions regarding basic unit configuration 5 Basic Configuration This section describes the basic configuration procedure for AFS 16 units For information on Alarm Functions please refer to Section 7 Communicating with the AFS 16 Unit In order to configure the AFS 16 you must first connect to the unit and access command mode Note that the AFS 16 offers two separate configuration interfaces the Web Browser Interface and the Text Interface In addition the AFS 16 also offers three different methods for accessing command mode via network via modem or via local console The Web Browser interface is only available via TCP IP network and the Text Interface is available via TCP IP network SSH or Telnet modem or local PC 5 1 1 The Text Interface The Text Interface also known as the Command Line Interface or CLI consists of a series of simple ASCII text menus which allow you to set options and define parameters by entering the number for the desired o
105. for each new Ping No Answer Profile P Address or Domain Name The IP address or Domain Name for the device that you wish to Ping When the device at this address fails to respond to the Ping command the AFS 16 will switch the selected circuits Default undefined Note n order to use domain names DNS Server parameters must first be defined as described in Section 5 9 5 Ping Interval Determines how often the Ping command will be sent to the selected IP Address The Ping Interval can be any whole number from 1 to 2 800 minutes Default 15 Minutes Interval After Failed Ping Determines how often the Ping command will be sent after a previous Ping command receives no response Default 1 Minute Ping Delay After PNA Action Determines how long the AFS 16 will wait to send additional Ping commands after Ping No Answer A B switching has been initiated Default 15 Minutes Ping No Answer Fallback Switching Consecutive Failures Determines how many consecutive failures of the Ping command must be detected in order to initiate Ping No Answer fallback switching For example if this value is set to 3 then after three consecutive Ping failures the specified Circuit Module s will then be switched Default 3 Toggle Enables Disables the Ping No Answer Fallback function for the specified IP address When enabled the AFS 16 will switch the selected circuit s or Circuit Group s when the target device fails to r
106. ge argument can only be used with the TA and TB commands All Circuits To apply a command to all circuits enter an asterisk in place of the name or number For example to switch all circuits to the B position enter one of the following commands TB Enter or T B Enter Note When this command is invoked by an account that permits only User level command access it will be applied only to the circuits that are allowed by that account Operation 9 3 Manual Operation In addition to the command driven A B switching functions that are available via the Web Browser Interface and Text Interface the AFS 16 Circuit Modules can also be manually switched Circuit Modules can be individually controlled using the A B switch on the Circuit Module front panel or all 16 Circuit Modules can be manually switched using the Master A B Gang Switch on the Control Module front panel If desired the manual A B Switch on each individual Circuit Module can also be disabled using the A B Switch Jumper as described in Section 4 5 In addition the Master A B Gang Switch can also be completely disabled via the System Parameters Menu as described in Section 5 3 9 4 Logging Out of Command Mode When you have finished communicating with the AFS 16 it is important to always disconnect using either the LogOut link Web Browser Interface or the X command Text Interface rather than by simply closing your browser window or communications
107. ge or SNMP Trap Notes In order for this alarm to function IP Addresses for the Ping No Answer function must first be defined as described in Section 6 1 When a Ping No Answer condition is detected the AFS 16 can still switch the user selected Circuit Module s as described in Section 6 and can also send an email Syslog Message and or SNMP trap if properly configured as described in this section 7 5 1 Defining Ping No Answer IP Addresses In order for the Ping No Answer Alarm to function you must first define at least one Ping No Answer profile as described in Section 6 To define a Ping No Answer profile and associated IP address proceed as described in Section 6 Note 7o define Ping No Answer IP addresses for the Ping No Answer Alarm without enabling the A B switching function make certain that the Toggle option in the Add Ping No Answer Profile menu is set to No 7 5 2 Configuring the Ping No Answer Alarm To configure the Ping No Answer Alarm you must access the AFS 16 command mode using a password that permits Administrator Level commands The Ping No Answer alarm configuration menu offers the following parameters Trigger Enable Enables Disables the trigger for this alarm When Disabled this alarm will be suppressed Default On Note 7o cancel an alarm without correcting the condition that caused the alarm simply toggle the Trigger Enable parameter to Off and then back On again Resend Delay
108. h Monitor Alarm Input CLI Clock and Calendar Command Access Level Command Confirmation Command Echo Network Port Serial Port Command Line Interface Command Mode 8 2 9 4 17 3 7 11 5 1 to 5 2 5 5 5 7 to 5 8 5 17 17 2 5 13 5 26 5 24 5 1 to 5 2 17 1 to 17 10 Access 5 1 to 5 3 Logging Out 9 7 17 4 Command Reference Guide 17 1 to 17 10 Command Set Text Interface 17 3 to 17 10 Common Name 14 2 Communication 5 1 to 5 3 Configuration 5 1 to 5 43 Circuit 5 20 Menus 5 4 Restore Previous 5 43 15 3 Restoring 15 2 Saving 15 1 17 6 Via SNMP 13 1 to 13 2 Connect Command 17 4 Connecting a PC 4 2 Console Port Configuration 17 8 Interface Apx 1 Contact Output Enable Invalid Access Lockout Alarm 7 8 Monitor Alarm Input 7 11 Over Temperature Alarms 7 4 Ping No Answer Alarm 7 6 Control Card A B Switch 5 6 Control Card A B Switch 5 6 Control Card Reset Switch 5 6 Control Module 2 2 to 2 3 4 3 AUX Connector 2 3 Jumper 2 3 Control Module Jumper 7 12 to 7 13 Copyrights Apx 4 Copy to All Triggers Over Temperature Alarms 7 4 Country 14 2 Create CSR 14 3 CRT Server Key Upload 14 4 Customer Service Apx 3 Date Debug RADIUS Default Circuits Default Password Default Switching Default User Access Delete Circuit Group LDAP Groups Ping No Answer Reboot PNA Profile User Accounts Via SNMP Deny List DHCP Dialback Security Dictionary Support RADIUS Domain Name Email Parameters Ping No Answer Profi
109. hen proceed as follows Text Interface Type L and press Enter The Display Logs menu will be shown Atthe Display Logs menu type 1 and press Enter to display the Audit Log Web Browser Interface Place the cursor over the Logs link on the left hand side of the screen wait for the fly out menu to appear To view the Audit Log click on the Audit Log Display link to download the Audit Log click on the Audit Log download link The Audit Log will display the following information for each logged event Date The date when the logged event occurred Time The time that the logged event occurred Username The name of the user account that initiated the logged event Description A brief description of the nature of the logged event Note n the Text Interface the following commands are also available Press Enter to display the next screen full of data Press Esc to exit from the log menu and return to the command prompt Type E and press Enter to erase the Audit Log The Status Screens 8 5 2 The Alarm Log The Alarm Log provides a record of all alarm events that were initiated by the Over Temperature Alarms Ping No Answer Alarm Invalid Access Lockout Alarm Power Cycle Alarm and Monitor Alarm Input feature To view the Alarm Log access command mode using a password that permits Administrator or SuperUser level commands and then proceed as follows Text Interface Type L and press Ent
110. icable Circuit Module then display a Sure prompt and wait for a user response before completing the command The unit will then return to the Circuit Status Screen To switch Circuits or Circuit Groups proceed as follows 1 Switch Circuit s to A Position Type TA n and press Enter Where n is the number or name of the desired Circuit or Circuit Group For example TA 1 Enter or TA DATACENTER Enter Switch Circuit s to B Position Type TB nand press Enter Where n is the number or name of the desired Circuit or Circuit Group For example TB 2 Enter or TB SERVERS Enter Set All Circuits to Default A B Positions Type Dc and press Enter All circuits permitted by your account will be set to their default A B status which is defined via the Circuit Parameters Menu as described in Section 5 7 Notes When you have accessed command mode using an account that permits Administrator or SuperUser level command access the Default command will be applied to all circuits When you have accessed command mode using an account that only permits User level command access the Default command will only be applied to the circuits specifically allowed by that account Switching commands are not available in ViewOnly mode Operation The Toggle Command As an alternative to the TA and TB commands the T Toggle command can also be used to perform A B switching Type T n p and press Enter Where n
111. ield for all email notification messages that are generated by this alarm Default Alarm Ping No Answer Contact Output Enable Activates deactivates the Output Contacts on the AFS 16 Control Module AUX Connector When the Contact Output Enable parameter is set to On the Common line will be switched from the Normally Closed contact to the Normally Open contact when a Ping No Answer Alarm is generated For more information on the Output Contacts please refer to Section 7 1 Default On Note f either of the Copy to All Triggers options is selected then the Contact Output Enable parameter for other alarms will also be enabled or disabled as specified by this parameter Alarm Configuration 7 4 The Invalid Access Lockout Alarm The Invalid Access Lockout Alarm can provide notification when the AFS 16 has locked a port due to repeated invalid attempts to access command mode Normally the Invalid Access Lockout feature discussed in Section 5 3 2 will lock a port whenever the AFS 16 detects that a user defined number of invalid passwords have been entered at the port When the Invalid Access Lockout Alarm is properly configured and enabled as described in this section the AFS 16 can also provide notification via Email Syslog Message or SNMP Trap Notes In order for this alarm to function Invalid Access Lockout parameters must first be configured and enabled as described in Section 5 3 2 e When an Invalid Access Locko
112. iew existing Ping No Answer settings but are not allowed to add or modify settings Q9 n SuperUser mode the I command only offers one option Reboot Only Do Not Default Parameters 17 2 Command Reference Guide 17 3 Command Set This Section provides information on all Text Interface commands sorted by functionality 17 3 1 Display Commands S Display Circuit Status Screen Displays the Circuit Status Screen which lists the current status of the AFS 16 s Circuit Modules For more information please refer to Section 8 3 Note n Administrator Mode and SuperUser Mode all AFS 16 circuits are displayed In User Mode and ViewOnly Mode the Circuit Status Screen will only include the circuits allowed by your account Availability Administrator SuperUser User ViewOnly Format S Enter SG Display Circuit Group Status Screen Displays the Circuit Group Status Screen which lists the available Circuit Groups the Circuits included in each Circuit Group the current A B state and other factors For more information please refer to Section 8 4 Note n Administrator and SuperUser Mode all user defined Circuit Groups are displayed In User Mode and ViewOnly Mode the Circuit Group Status Screen will only include the Circuit Groups allowed by your account Availability Administrator SuperUser User ViewOnly Format S Enter SN Display Network Status Displays the Network Status Screen which lists current network
113. ion Settings Baud Rate Any standard rate from 300 bps to 115 2K bps Default 9600 bps Bits Parity Default 8 None Stop Bits Default 1 Handshake Mode XON XOFF RTS CTS Both or None Default RTS CTS General Parameters Administrator Mode Permits denies port access to Administrator level accounts Default Permit Note Administrator Mode cannot be disabled at the Control Module RS232 Serial Port Logoff Character The Logoff Character determines the command s or character s that must be issued at this port in order to disconnect Default X 5 23 Basic Configuration Sequence Disconnect Enables Disables and configures the Resident Disconnect command This offers the option to disable the Sequence Disconnect select a one character format or a three character format Default One Character Inactivity Timeout Enables and selects the Timeout Period for this port If enabled the Serial Port will disconnect when no additional data activity is detected for the duration of the timeout period Default 5 Minutes Command Echo Enables Disables command echo When disabled commands sent to the Serial Port will still be invoked but keystrokes will not be displayed Default On Accept Break Determines whether the port will accept breaks received from the attached device When enabled breaks received at the port will be passed When disabled breaks will be refused at this por
114. ions will change as follows 1 All Password Security Suppressed When a user attempts to access command mode the password prompt will not be displayed at either the Console Port or Network Port Unless specifically restricted by the IP Security Function all users will be allowed to access both switching and configuration functions and all commands will be immediately accepted without the requirement to enter a password 2 Status Screen Suppressed The Circuit Status Screen will not be automatically displayed after commands are successfully executed Note however that the S command can still be invoked to display the Circuit Status Screen as needed 3 Sure Prompt Suppressed All commands are executed without prompting for user confirmation 4 Error Messages Suppressed Most error messages will be suppressed Note however that an error message will still be generated if commands are invoked using invalid formats or arguments All other status display and configuration commands will still function as normal Basic Configuration 5 4 User Accounts Each time you attempt to access command mode you will be prompted to enter a username and password The username password entered at login determine which circuit s you will be allowed to control and what type of commands you will be allowed to invoke Each username password combination is defined within a user account The AFS 16 allows up to 128 user accounts each account inc
115. is name can be any name that you choose and there is no need to set up your domain name server to recognize this name However if you will use a Signed certificate then your domain name server must be set up to recognize this name e g service yourcompanyname com 6 State or Province The name of the state or province where the AFS 16 unit will be located e g California 7 Locality The city or town where the AFS 16 unit will be located e g Irvine 8 Country The two character country code for the nation where the AFS 16 will be located e g US 9 Email Address An email address that can be used to contact the person responsible for the AFS 16 e g jsmith yourcompany com 10 Organizational Name The name of your company or organization e g Yourcompanyname Inc 11 Organizational Unit The name of your department or division if necessary any random text can be entered in this field e g tech support 14 2 Setting Up SSL Encryption After you have defined parameters 5 through 11 type 12 and press Enter Create CSR to create a Certificate Signing Request By default this will overwrite any existing certificate and create a new Self Signed certificate a The AFS 16 will prompt you to create a password Key in the desired password up to 16 characters and then press Enter When the AFS 16 prompts you to verify the password key it again and then press Enter once After a brief pause the AF
116. is the number or name of the desired Circuit or Circuit Group and p is the desired A B position For example T 2 B Enter or T SERVERS A Enter Suppress Command Confirmation Prompt To execute a switching or default command without displaying the Sure prompt you can either disable command confirmation via the System Parameters Menu or include the Y option at the end of the command line For example TA ROUTER Y Or T 2 B Y 9 2 2 1 Applying Commands to Several Circuits Text Interface As described below A B switching commands can be applied to only one Circuit Module or to an assortment of circuits 1 Switch Several Circuits To apply the TA TB or T command to several circuits enter the numbers or names for the circuits separated by a plus sign or a comma For example to switch circuits 1 3 and 4 to the B position enter one of the following commands TB 14344 Enter or T 1 3 4 B Enter Note When the or are used do not enter spaces between the circuit name or number and the plus sign or comma Switch a Range of Circuits To apply the TA or TB command to a series of circuits enter the numbers for the circuits that mark the beginning and end of the range separated by a colon For example to switch circuits 1 through 3 to the A position enter the following TA 1 3 Enter Note The Range argument is not available when using the T command to switch circuits The Ran
117. it group actions Set circuitGroupTable circuitGroupAction to desired action as specified by values 1 4 above for each circuit group index the action is to be applied to For the last circuit group you wish to set before executing the commands use values 5 8 instead which will invoke the requested commands all at once 13 5 Operation via SNMP 13 5 Viewing AFS 16 Status via SNMP Status of various components of the AFS 16 can be retrieved via SNMP Circuit Status and Environmental Status are currently supported 13 6 1 Circuit Status The status of each circuit in the system can be retrieved using the command below circuitTable circuitStatus The status of the circuit 0 Switch Position B 1 Switch Position A 155 No Circuit Installed in this Slot circuitTable circuitReason Returns a numeric code which describes the reason for the last successful A B switching operation as follows 0 PowerUp 1 User 2 PNA 3 External Alarm 4 Circuit Switch 5 Control Switch 6 Demo 13 6 2 Unit Environment Status The temperature status and Control Module Jumper status can be retrieved The environmentUnitTable contains one row environmentUnitTable environmentUnitTemperature The temperature of the AFS 16 unit environmentUnitTable environmentUnitName Returns the specific model number for the AFS 16 unit e environmentUnitTable environmentUnitMonitorAlarm Returns the current state of the Monitor Input Sig
118. k addresses are entered the Domain Name Server interprets domain names e g www yourcompanyname123 com and translates them into IP addresses Note that if you don t define at least one DNS then IP addresses must be used rather than domain names 5 32 Basic Configuration 5 9 6 SNMP Access Parameters These menus are used to select access parameters for the SNMP feature The SNMP Access Parameters menus allow the following parameters to be defined Note After you have configured SNMP Access Parameters you will then be able to manage the AFS 16 s User Directory and display unit status via SNMP as described in Section 13 Enable Enables disables SNMP Polling Default Off Note This item only applies to external SNMP polling of the AFS 16 it does not effect the ability of the AFS 16 to send SNMP traps Version This parameter determines which SNMP Version the AFS 16 will respond to For example if this item is set to V3 then clients who attempt to contact the AFS 16 using SNMPv2 will not be allowed to connect Default V1 V2 Only Read Only Enables Disables the Read Only Mode which controls the ability to access configuration functions and invoke switching commands When Enabled you will not be able to change configuration parameters or invoke other commands when you contact the AFS 16 via SNMP Default No Note n order to define user names for the AFS 16 via your SNMP client the Read Only feature m
119. k on the Circuit Control link on the left hand side of the screen to display the Circuit Control menu The Circuit Control menu includes a series of dropdown menus that are used to select the desired switching action for each Circuit Module Note The Circuit Control menu also lists the number and user defined name of each Circuit Module present the name of the currently selected A B circuit path the A B position of the switch a brief description of the reason for the last switching action and a column that shows if each circuit is controlled by the Monitor Alarm Input feature 2 Select the Switching Action Use the dropdown menu to select an A B switching operation for the desired Circuit Module For example to switch Circuit 1 to the B position click on the down arrow in the Action column for Circuit 1 to display the dropdown menu select the B option from the dropdown menu and then click on the Confirm Circuit Actions button Notes The dropdown menu for each circuit allows you to select position A position B or the default position Normally the Default option will switch the circuit to the user defined Default position that is selected as described in Section 5 6 However in the case of this Quick Start procedure the Default circuit positions have not yet been defined The Circuit Control Menu also includes the ability to switch all AFS 16 Circuit Modules If desired the dropdown menu in the All Circuits row can be
120. l Module AUX Connector Output Contacts 7 1 The Output Contacts In addition to providing notification when an alarm is generated the Over Temperature Alarms Ping No Answer Alarm Invalid Access Lockout Alarm and Monitor Input Alarm all offer the option to switch the output contacts on the Control Module AUX Connector when an alarm is triggered The output contacts can then be used to activate an audible alarm or other device in response to these alarms When the Contact Output Enable parameter is enabled for any of these alarms the Common line will be switched from the Normally Closed contact to the Normally Open contact in order to drive an attached device Figure 7 1 above shows the location of the Normally Closed Common and Normally Open contacts on the Control Module AUX Connector 7 2 Alarm Configuration 7 2 The Over Temperature Alarms The Over Temperature Alarms are designed to inform you when the temperature level inside your equipment rack reaches or exceeds certain user defined levels There are two separate Over Temperature Alarms the Initial Threshold alarm and the Critical Threshold Alarm Typically the Initial Threshold alarm is used to notify you when the temperature within your equipment rack reaches a point where you might want to investigate it whereas the Critical Threshold alarm is used to notify you when the temperature approaches a level that may harm equipment or inhibit performance The trigger for the I
121. l modem Default undefined Management Utility Enables Disables the Management Utility When enabled the Management Utility allows you to manage multiple WTI units via a single menu For more information on the Management Utility please refer to the Management Utility User s Guide on the CDROM included with the unit Default Off Note Although the Management Utility can be enabled disabled via either the Web Browser Interface and Text Interface the Management Utility can only be accessed and operated via the Web Browser Interface Scripting Options Provides access to a submenu that is used to configure the Command Confirmation and Automated Mode parameters as described in Section 5 3 5 Note n the Text Interface the Scripting Options submenu is accessed via item 13 To access the Scripting Options parameters via the Web Browser Interface place the cursor over the General Parameters link wait for the flyout menu to appear then click on the Scripting Options link 5 6 Basic Configuration 5 5 1 The Real Time Clock and Calendar The Real Time Clock menu is used to set the AFS 16 s internal clock and calendar The configuration menu for the Real Time Clock offers the following options Date The Month Date Year and day of the week for the real time clock calendar Time Sets the Hour Minute and Second for the AFS 16 s real time clock calendar Key in the time using the 24 hour military format Time Z
122. le Domain Name Server DTR Output Email Address SSL Certificate Email Message Invalid Access Lockout Alarm Monitor Alarm Input Over Temperature Alarms Ping No Answer Alarm Power Cycle Alarm Email Parameters Authentication Type Domain Enable From Address From Name Password Port Number Send Test Email SMTP Server To Address User Name Encryption SSH Ethernet Port Exit Command Mode Text Interface External Modem Index 2 Index 5 6 5 11 to 5 12 5 41 to 5 42 5 42 6 1 5 32 5 24 5 42 5 42 5 42 14 1 to 14 3 10 1 2 2 4 1 17 4 4 2 F Fallback 5 36 Fallback Local RADIUS 5 40 TACACS 5 38 Fallback Timer RADIUS 5 40 TACACS 5 38 Firmware Upgrade 16 1 to 16 2 17 10 Firmware Version 8 1 From Address Email Parameters 5 42 From Name Email Parameters 5 42 G Gang Switch 2 2 Gateway Address Network Port 5 27 General Parameters 5 5 to 5 15 Group Membership Attribute 5 36 Group Membership Value Type 5 36 H Hang Up String Modem Mode 5 24 Harden Web Security 5 28 Hardware Installation 4 1 to 4 3 Help Screen Text Interface 9 4 17 3 HTTP Access 5 27 HTTP Interface 5 2 HTTP Port 5 27 HTTPS Access 5 27 HTTPS Port 5 28 l Inactivity Timeout Network Port 5 26 Serial Port 5 24 Initialization String Modem Mode 5 24 Initiating a Reboot Cycle Text Interface 9 5 to 9 6 Input Level Jumper 2 3 Internal Modem Port Configuration 5 23 to 5 26 Invalid Access Lockout 5 5 5 8 to 5 9 7 7 to 7 9 17 7 Lockout A
123. les llle 6 3 6 4 Deleting Ping No Answer Profiles lslleeee BR 6 3 7 Alarm Configuration 0 000 eR n n hh 7 1 7 4 The Output Contacts oi c g cee ee RUE REC RR RUNE PR e p n 7 2 7 2 The Over Temperature Alarms lsssleseeee nnn 7 8 7 3 The Ping No Answer Alarm lisse n 7 5 7 3 1 Defining Ping No Answer IP Addresses 0 0 00 e eee eee eee 7 5 7 89 2 Configuring the Ping No Answer Alarm sss eee eee eee 7 5 7 4 The Invalid Access Lockout Alarm sasssa sanaaa aaea 7 7 7 5 The Power Cycle Alarm sssseeseeseeeseee teens 7 9 7 6 Monitor Alarm Input 0 0 0 0 0 eet tenes 7 10 7 6 1 Monitor Input Level Settings 0 0 c eee tees 7 12 7 6 1 1 Monitor Input Signal Trigger When Low 0 5 7 13 7 6 1 2 Monitor Input Signal Trigger When High 5 7 13 IV 8 10 11 12 13 14 15 Table of Contents The Status Screens ec pee wear iat a acre En a Io ERROR Jn ERR Rd E 8 1 8 1 Product Status besos ERR RU Mp eR pe eere edu ere tes 8 1 8 2 The Network Status Screen 8 1 8 3 The Circuit Status Screen 2 1 teens 8 2 8 4 The Circuit Group Status Screen 0 eae 8 3 8 5 Whe EVent LOGS isu nk pais Gia ebore ale ew qe ege ter C Ue S do RR C D 8 4 8 5 1 IheAudit LOG Ert cete es ed e cele eet en pt 8 4 8 5 2 TheAlarm LOG s ente tet n aec Rare Bent Gri e BOR RIO 8 5 8 5 3 The Tem
124. ludes a username password command access level circuit access rights service access rights and an optional callback number 5 4 1 Command Access Levels In order to restrict access to important command functions the AFS 16 allows you to set the command access level for each account The AFS 16 offers four access levels Administrator SuperUser User and View Only Command privileges for each account are set using the Access Level parameter in the Add User or Modify User menus Each access level grants permission to use a different selection of commands lower access levels are restricted from invoking configuration commands while Administrators are granted access to all commands The four access levels are listed below Administrator Administrators are allowed to invoke all configuration and operation commands can view all status screens and can always direct A B switching commands to all AFS 16 Circuit Modules SuperUser SuperUsers are allowed to invoke A B switching commands and view all status screens SuperUsers can view configuration menus but are not allowed to change configuration parameters SuperUsers are granted access to all AFS 16 Circuit Modules User Users are allowed to A B switching commands and view all status screens but can only apply commands to the AFS 16 Circuit Modules that they have been specifically granted access to In addition Users are not allowed to view configuration menus or change configur
125. ly configured LDAP authentication will supersede any passwords and access rights that have been defined via the AFS 16 user directory If no LDAP groups are defined on a given AFS 16 unit then access rights will be determined as specified by the default LDAP group The default LDAP group cannot be deleted The LDAP Parameters Menu allows the following parameters to be defined Enable Enables disables LDAP authentication Default Off Primary Host Defines the IP address or domain name up to 64 characters for the primary LDAP server Default undefined Secondary Host Defines the IP address or domain name up to 64 characters for the secondary fallback LDAP server Default undefined LDAP Port Defines the port that will be used to communicate with the LDAP server Default 389 TLS SSL Enables Disables TLS SSL encryption Note that when TLS SSL encryption is enabled the LDAP Port should be set to 636 Default Off Bind Type Sets the LDAP bind request password type Note that in the Text Interface when the Bind Type is set to Kerberos LDAP the menu will include an additional prompt item 14 that is used to select Kerberos parameters as described in Section 5 9 8 5 In the Web Interface the button which is used to access the Kerberos Parameters menu is located at the bottom of the LDAP Parameters Menu Default Simple Search Bind DN Selects the user name who is allowed to s
126. mand Reference Guide 0000 cece eee 17 1 17 1 Command Conventions 00 ccc een 17 1 17 2 Command Summary ossi eacee iaie aea ad aa Ea aa aoa W aa a aaia 17 2 17 3 Command S te ar aape ar dk lager dd ouest E PS dE ar aia e a A ads 17 3 17 3 1 Display Commands 2 0 enn 17 3 17 3 2 Control Commands 000 e cece eee tenes 17 4 17 3 3 Configuration Commands 0 000 c ete 17 8 Appendices A Interface Description 000 eee Apx 1 AA Serial Port RS8232 coii es Sadan Rak erie The Sade Se he ee EET Apx 1 B Specifications 2 cick vee eee ere a eran eee ed ieee ater eee ees Apx 2 C Customer Service aa a ccc eee eee eee eee Apx 3 DING OX is suite nica Wace ance fe he a nina D ea ee ea ra ae Oe lee er ee a le te E Index 1 VI Table of Contents List of Figures 2 1 2 2 2 3 4 1 4 2 4 3 7 1 7 2 7 3 9 1 11 1 14 1 A 1 The Power Supply Module sssssseseseeee mr 2 1 The Control Module vezes wi wade In Re reme R3 eed bg ey IERI EY 2 2 The Circuit Module sssesesseseee ee mer 2 4 DX9F DTE RJ Snap Adapter Interface liliis 4 2 Connecting DB 9M DTE Devices to the AFS Control Module s Serial Port 4 2 Circuit Module Jumper 2 6 e n 4 3 Control Module AUX Connector Output Contacts 0 essas aeaaaee 7 2 Control Module Jumper 0 cette eee 7 12 Control Module AUX Connector Monitor Input and
127. mation on the Ping No Answer function please refer to Section 6 Note f desired the Ping No Answer function can also be configured to send email notification whenever a target device fails to respond to a ping command For more information please refer to Section 7 2 Availability Administrator Format PNA Enter AC Alarm Configuration Parameters Displays a menu that is used to configure and enable the Over Temperature Alarms Lost Communication Alarm Ping No Answer Alarm Invalid Access Lockout Alarm Power Cycle Alarm and Monitor Alarm Input function For more information on Alarm Configuration please refer to Section 7 Availability Administrator Format AC Enter 17 9 Command Reference Guide l Reboot System Default Reinitializes the AFS 16 unit and offers the option to keep user defined parameters or reset to default parameters As described in Sections 5 10 1 and 15 3 the I command can also be used to restore the unit to previously saved parameters When the I command is invoked the unit will offer four reboot options Reboot Only Do NOT default parameters Reboot amp Default Keep IP Parameters amp SSH Keys Default all other parameters Reboot amp Default Default ALL parameters Reboot amp Restore Last Known Working Configuration Availability Administrator Format I Enter UF Upgrade Firmware When new versions of the AFS 16 firmware become available this command is used to updat
128. mation prompt Example Assume that your account allows access to Circuit 2 and Circuit 3 To switch Circuits 2 and 3 to the A position without displaying the optional command confirmation prompt invoke the following command line T 2 3 A Y Enter DC Set All Circuits to Default States Sets all Circuit Modules to their user defined default state For information on setting circuit defaults please refer to Section 5 6 Note When this command is invoked in Administrator Mode and SuperUser Mode it will be applied to all AFS 16 circuits When invoked in User Mode the command will only be applied to the Circuits that are allowed by your account Availability Administrator SuperUser User Format DC Y Enter Where Y is an optional command argument which can be included to suppress the command confirmation prompt U Send Parameters to File Sends all AFS 16 configuration parameters to an ASCII text file as described in Section 15 This allows you to back up the configuration of your AFS 16 unit Availability Administrator Format u Enter 17 6 Command Reference Guide K Send SSH Key Instructs the AFS 16 to provide you with a public SSH key for validation purposes This public key can then be provided to your SSH client in order to prevent the SSH client from warning you that the user is not recognized when you attempt to create an SSH connection For more information please refer to Section 10 1 Avail
129. mit Administrator level commands 3 When the command prompt appears type UF and then press Enter The AFS 16 will display a screen which offers the following options a Start FTP SFTP Servers Only Do NOT default parameters To proceed with the upgrade while retaining user defined parameters type 1 and press Enter All existing parameter settings will be restored when the upgrade is complete b Start FTP SFTP Servers amp Default Keep IP parameters amp SSH Keys To proceed with the upgrade and default al user defined parameters except for the IP Parameters and SSH Keys type 2 and press Enter When the upgrade is complete all parameter settings except the IP Parameters and SSH Keys will be reset to factory default values C Start FTP SFTP Servers amp Default Default ALL parameters To proceed with the upgrade and reset parameters to default settings type 3 and press Enter When the upgrade is complete all parameters will be set to default values d Start FTP SFTP Servers for Slip Stream Upgrade This option will upgrade only the WTI Management Utility without updating the AFS 16 s operating firmware To update the WTI Management Utility only type 4 and press Enter Note that after any of the above options is selected the AFS 16 will start the receiving servers and wait for an FTP SFTP client to make a connection and upload a valid firmware binary image 16 1 Upgrading RSM 8R4 Firmware 4 To procee
130. n menu which is accessed by clicking on the plus sign Default undefined PNA Action Determines how the AFS 16 will react when the IP address fails to respond The PNA Action parameter allows you to select either a Continuous action or a Single Action as described below Default Continuous Continuous Default The AFS 16 will continuously restart the PNA Check cycle at the specified circuit s or group s until the IP address responds Single The AFS will switch the specified circuit s or group s only once when the IP Address fails to respond to a ping command Ping Test Text Interface Only Sends a test Ping command to the IP Address or domain name that has been defined for this Ping No Answer Profile Ping No Answer Fallback Switching 6 2 Viewing Ping No Answer Profiles After you have defined one or more Ping No Answer profiles you can review the parameters selected for each profile using the View Ping No Answer feature To view the configuration of an existing Ping No Answer profile you must access command mode using a password that allows Administrator level commands Modifying Ping No Answer Profiles After you have defined a Ping No Answer profile you can modify the configuration of the profile using the Modify Ping No Answer function To modify the configuration of an existing Ping No Answer profile you must access the command mode using a password that allows Administrator level commands The AFS
131. n of each Circuit Group Note that the View Circuit Group Directory function is only available when you have accessed command mode using a password that permits Administrator Level commands 5 21 Basic Configuration 5 7 2 Adding Circuit Groups The Add Circuit Group to Directory option allows you to create new Circuit Groups and assign circuit access rights to each group Note that the Add Circuit Group function is only available when you have accessed command mode using a password that permits Administrator Level commands The Add Circuit Group Menu can be used to define the following parameters for each new account Circuit Group Name Assigns a name to the Circuit Group Default undefined Circuit Access Determines which Circuit Modules this Circuit Group will be allowed to control Default undefined Notes In the Text Interface Circuit Access is configured by selecting item 2 and then selecting the desired circuits from the resulting submenu In the Web Browser Interface Circuit Access is configured by selecting the desired circuits from a list of all circuits in the Add Circuit Group menu After you have finished defining or editing Circuit Group parameters make certain to save the changes before proceeding In the Web Browser Interface click on the Add Circuit Group button to save parameters in the Text Interface press the Esc key several times until the AFS 16 displays the Saving Configurati
132. nal 0 Monitor Input Signal is Low 1 Monitor Input Signal is High 13 4 Operation via SNMP 13 7 Sending Traps via SNMP Traps that report various unit conditions can be sent to an SNMP Management Station from the AFS 16 The following traps are currently supported WarmStart Trap Trap indicating a warm start ColdStart Trap Trap indicating a cold start Test Trap Test trap invoked by user via the Text Interface CLI The AFS 16 can send an SNMP trap to notify you when the Over Temperature Alarms Ping No Answer Alarm Invalid Access Lockout Alarm Power Cycle Alarm or Monitor Alarm Input alarms have been triggered In all cases except the Power Cycle Alarm there will be one trap sent when the alarm is triggered and a second trap sent when the alarm is cleared For more information on alarm functions please refer to Section 7 Alarm Trap Trap indicating an alarm condition A trap with a unique enterprise OID is defined for the Invalid Access Lockout Alarm under which specific trap types are defined to indicate the setting or clearing of that particular alarm condition There are separate traps for the Invalid Access Lockout Alarm The Alarm includes a Set Trap which indicates that the alarm has been triggered and a Clear Trap which indicates that the alarm has been cleared overTemperatureInitialSetTrap Indicates that the Over Temperature Initial Alarm has been triggered The trap will also include a numerical val
133. nd Mode as described in Section 5 1 2 Click on the Circuit Control link on the left hand side of the screen to display the Circuit Control Screen Notes When the Circuit Control Screen is displayed by an account that permits Administrator or SuperUser level commands all switched circuits will be displayed When the Circuit Control Screen is displayed by an account that permits User or ViewOnly command access the screen will only include the circuits that are specifically allowed by the account Operation A B Switching From the Circuit Control Menu click the down arrow in the Action column for the desired circuit s then select position A or position B from the dropdown menu and click on the Confirm Circuit Actions button Next the AFS 16 will display a screen which lists the selected switching action s and asks for confirmation before proceeding Click on the Execute Circuit Actions button to complete the command Setting Circuits to the Default State From the Circuit Control Menu click the down arrow in the Action column for the desired circuit s then select Default from the dropdown menu and click on the Confirm Circuit Actions button Next the AFS 16 will display a screen which lists the selected switching action s and asks for confirmation before proceeding Click on the Execute Circuit Actions button to complete the command all selected circuits will be set to their user defined default state
134. nd saved as an ASCII text file Later if the configuration is accidentally altered the saved parameters can be uploaded to automatically reconfigure the unit without the need to manually assign each parameter Saved parameters can also be uploaded to other identical AFS 16 units allowing rapid set up when several identical units will be configured with the same parameters The Save Parameters procedure can be performed from any terminal emulation program e g HyperTerminal TeraTerm etc that allows downloading of ASCII files Note The Save and Restore features described in this section are only available via the Text Interface 15 1 Sending Parameters to a File 1 Start your terminal emulation program and access the Text Interface command mode using an account that permits Administrator level commands 2 When the command prompt appears type U and press Enter The AFS 16 will prompt you to configure your terminal emulation program to receive an ASCII download Note When using TeraTerm Pro to download parameters set the program to receive a Binary download and enable the Append feature a Setyour terminal emulation program to receive an ASCII download and the specify a name for a file that will receive the saved parameters e g AFS 16 PAR b Disable the Line Wrap function for your terminal emulation program This will prevent command lines from being broken in two during transmission 3 When the termin
135. nd will most likely be switched at the same time Circuit Groups allow you to direct A B switching commands to a series of circuits without addressing each circuit individually For example a set selection of AFS circuits could be assigned to a circuit group named Servers This would allow you to quickly switch all circuits in the group by either including the Servers Circuit Group name in a T command line via the Text Interface or by using the Circuit Group Control menu via the Web Browser Interface The Circuit Group Directory function is only available when you have logged into command mode using an account that permits Administrator commands In both the Text Interface and the Web Browser Interface the Circuit Group Directory menu offers the following functions View Circuit Group Directory Displays currently defined Circuit Module access rights for any AFS 16 Circuit Group as described in Section 5 7 1 Add Circuit Group to Directory Creates new Circuit Groups and allows you to assign circuit access rights to each group as described in Section 5 7 2 Modify Circuit Group Directory This option is used to edit or change circuit access rights for each Circuit Group as described in Section 5 7 3 Delete Circuit Group from Directory Clears Circuit Groups that are no longer needed as described in Section 5 7 4 5 7 1 Viewing Circuit Groups The View Circuit Group Directory option allows you to view the configuratio
136. nds Once you have accessed the Modify Users menu use the menu options to redefine parameters in the same manner employed for the Add User menu as discussed in Section 5 5 2 Note After you have finished changing parameters make certain to save the changes before proceeding In the Web Browser Interface click on the Modify User button to save parameters in the Text Interface press the Esc key several times until the AFS 16 displays the Saving Configuration message 5 5 4 Deleting User Accounts This function is used to delete individual user accounts Note that the Delete User function is only available when you have accessed command mode using a password that permits Administrator Level commands Notes Deleted accounts cannot be automatically restored The AFS 16 allows you to delete the default super account which is included to permit initial access to command mode Before deleting the super account make certain to create another account that permits Administrator Access If you do not retain at least one account with Administrator Access you will not be able to invoke Administrator level commands Basic Configuration 5 6 Circuit Configuration The Circuit Parameters menu allows you to select parameters for the AFS 16 Circuit Modules This allows you to assign names to the A C and B connectors on each Circuit Module and also define a default A B setting for each A B Switch Note that the Circuit Param
137. nitial Threshold alarm is generally set lower than the Critical Threshold alarm If the user defined trigger levels for temperature are exceeded the AFS 16 can also enable the Contact Output on the AFS 16 Control Module s AUX connector To configure the Over Temperature Alarms access the AFS 16 command mode using a password that permits Administrator Level commands and then use the Alarm Configuration menu to select the desired alarm feature Note that both the Initial Threshold menus and Critical Threshold menus offer essentially the same set of parameters but the parameters defined for each alarm are separate and unique Therefore parameters defined for the Critical Threshold Alarm will not be applied to the Initial Threshold Alarm and vice versa Both the Over Temperature Initial Threshold alarm and the Over Temperature Critical Threshold alarm offer the following parameters Trigger Enable Enables Disables the trigger for this alarm When Disabled this alarm will be suppressed Default On Note 7o cancel an alarm without correcting the condition that caused the alarm simply toggle the Trigger Enable parameter Off and then back On again Alarm Set Threshold The trigger level for this alarm When temperature exceeds the Alarm Set Threshold the AFS 16 can send an alarm if enabled Initial Threshold Default 90 F or 32 C Critical Threshold Default 100 F or 38 C Alarm Clear Threshold Determines how l
138. nter a username login name and password The default username is super all lower case no quotes and the default password is also super 3 Ifa valid username and password are entered the AFS 16 will display the Circuit Status Screen 5 1 2 The Web Browser Interface The Web Browser Interface consists of a series of web forms which can be used to select configuration parameters and perform switching operations by clicking on the appropriate buttons and or entering text into designated fields Note n order to use the Web Browser Interface Web Access must first be enabled via the Text Interface Network Parameters Menu as described in Section 5 9 the AFS 16 must be connected to a TCP IP network and your PC must be equipped with a JavaScript enabled web browser 1 Start your JavaScript enabled Web Browser key the AFS 16 s IP address default 192 168 168 168 into the web browser s address bar and press Enter 2 Username Password Prompt A message box will prompt you to enter your username and password The default username is super all lower case no quotes and the default password is also super 3 Ifa valid username and password are entered the Circuit Control Screen will be displayed Basic Configuration 5 1 3 Access Via PDA In addition to the Web Browser Interface and Text Interface the AFS 16 command mode can also be accessed by PDA devices Note however that due to nature of most PDAs onl
139. nterface using an HTTPS connection For example if the common name has been defined as service wti com then you would enter https service wti com in your web browser s address field If the Signed Certificate has been properly created and uploaded the warning message should no longer be displayed 14 3 Downloading the Server Private Key When configuring the AFS 16 s SSL encryption feature or setting up other security authentication features it is recommended to download and save the Server Private Key To download the Server Private Key access the Text interface via Telnet or SSH using a password that permits access to Administrator level commands and then proceed as follows Type N and press Enter to display the Network Parameters menu At the Network Parameters menu type 23 and press Enter to display the Web Access menu Figure 14 1 8 To download the Server Private Key from the AFS 16 unit make certain that SSL parameters have been defined as described in Section 14 1 then type 15 and press Enter and store the resulting key on your hard drive To upload a previously saved Server Private Key to the AFS 16 unit make certain that SSL parameters have been defined as described in Section 14 1 then type 16 and press Enter and follow the instructions in the resulting submenu 14 4 15 Saving and Restoring Configuration Parameters Once the AFS 16 is properly configured parameters can be downloaded a
140. nual control of A B switching at up to sixteen Circuit Modules Note that the Master A B Gang Switch can be disabled as described in Section 5 3 ALM Indicator The ALM Indicator will light when Monitor Input Alarm is triggered For more information on the Monitor Input Alarm please refer to Section 7 6 Unit Description Reset Switch To reinitialize the AFS 16 hold the Reset Switch in the down position for approximately five seconds When the AFS 16 is reset all users will be disconnected from the AFS 16 and the operating system will be reloaded RS232 Connector An RJ 45 Serial Port for connection to your PC control device or external modem Please refer to Appendix A for a description of the RS232 interface AUX Connector Not Shown A five terminal quick connector located on the back edge of the Control Module board The AUX Connector can be used in conjunction with the Monitor Alarm Input feature to generate an alarm when the status of pin 4 changes In addition pins 1 through 3 on the AUX Connector can also be used to switch a connected device On or Off in response to signal changes at Pin 4 For more information please refer to Section 7 Notes The Monitor Input signal Pin 4 is always measured relative to the signal at the common ground Pin 5 A Low signal should be between Zero 0 Volts and 48 Volts and a High signal should be between 5 Volts and 48 Volts Release Pin A snap lock pin that is used
141. og Alarm Set Threshold Authentication Protocol 2 2 SNMPv3 2 4 Authentication Type 2 4 Automated Mode AUX Connector 9 4 to 9 6 B 9 1 to 9 3 Basic Configuration Baud Rate 5 26 Serial Port 5 24 Bind Type 5 15 5 17 17 2 Bits and Parity 5 36 Serial Port 5 38 BlackBerry 5 40 5 15 to 5 23 5 17 5 15 Callback Security Callback Attempts Callback Delay Callback Enable Callback Number 5 22 is Boe Certificate Signing Request 5 36 7 g 1 Circuit Access Monitor Alarm Input B17 43 2 Circuit Control Screen Circuit Group 7 8 Circuit Access 7 10 Name 7 4 Circuit Group Access 7 6 LDAP Group Circuit Group Control 79 webB Interf 5 15 to 5 17 17 2 9 Browser ntertace Circuit Group Control Screen 5 26 A 5 23 Circuit Group Directory Add Group Delete Group Modify View Circuit Group Parameters Circuit Group Status Screen Text Interface Circuit Module 7 3 7 1 to 7 12 17 9 7 7 to 7 8 7 3 to 7 4 7 5 to 7 6 8 5 5 9 to 5 10 5 6 Over Temperature Alarm 7 3 Configuration Granting Access Allow List 5 30 Jumper ALM Indicator 2 2 EA Audit Log 8 4 5 9 to 5 10 5 10 5 6 ME Power Up Default Authentication Set U SNMPv3 5 33 78 P Vn Circuit Parameters Authentication Port Text Interface RADIUS 9 40 circuit State TACACS 5 38 Monitor Alarm Input Index 1 5 13 5 14 5 12 9 2 to 9 3 9 2 to 9 3 5 21 to 5 24 5 22 Circuit Status Screen Text Interface Circuits to Switc
142. on message and the cursor returns to the command prompt 5 7 3 Modifying Circuit Groups The Modify Circuit Group function allows you to edit existing Circuit Groups in order to change circuit access rights Note that this function is only available when you have accessed command mode using a password that permits Administrator Level commands Once you have accessed the Modify Circuit Group menu use the menu options to redefine parameters in the same manner that is used for the Add Circuit Group menu as discussed in Section 5 7 2 Note After you have finished changing or editing parameters make certain to save the changes before proceeding In the Web Browser Interface click on the Modify Circuit Groups button to save parameters in the Text Interface press the Esc key several times until the AFS 16 displays the Saving Configuration message and the cursor returns to the command prompt 5 7 4 Deleting Circuit Groups This function is used to delete individual Circuit Groups Note that this function is only available when you have accessed command mode using a password that permits Administrator Level commands Note Deleted Circuit Groups cannot be automatically restored 5 22 Basic Configuration 5 8 Serial Port Configuration The Serial Port Configuration menus allow you to select parameters for the AFS 16 Control Module s RS232 Serial Port The Serial Port can be configured for connection to a local PC or Modem
143. one Sets the time zone relative to Greenwich Mean Time Note that the Time Zone setting will function differently depending upon whether or not the NTP feature is enabled and properly configured Default GMT No DST NTP Enabled The Time Zone setting is used to adjust the Greenwich Mean Time value from the NTP server in order to determine the precise local time NTP Disabled If NTP is disabled or if the AFS 16 is not able to access the NTP server then AFS 16 will list the selected Time Zone and current Real Time Clock value but will not apply the correction factor to the displayed Clock value NTP Enable When enabled the AFS 16 will contact an NTP server defined via the NTP Address prompts once a day and update its clock based on the NTP server time and selected Time Zone Default Off Notes e The AFS 16 will also contact the NTP server and update the time whenever you change NTP parameters To cause AFS 16 to immediately contact the NTP server at any time make certain that the NTP feature is enabled and configured then type F and press Enter When the System Parameters menu appears press Esc The AFS 16 will save parameters and then attempt to contact the server as specified by currently defined NTP parameters Primary NTP Address Defines the IP address or domain name up to 64 characters long for the primary NTP server Default undefined Note n order to use domain names for web addresses D
144. ork Status Screen is viewed via the Text Interface usernames that are longer than 22 characters will be truncated and the remaining characters will be displayed as two dots The Status Screens 8 5 The Circuit Status Screen The Circuit Status Screen shows the current status of the AFS 16 s Circuit Modules and also lists the unit s current temperature Monitor Alarm Input status and Alarm Contact Output status Note When the Circuit Status screen is viewed by an account with Administrator or SuperUser command access all AFS 16 Circuit Modules present are listed When the Circuit Status screen is viewed by an account with User or ViewOnly command access then the screen will list only the Circuit Modules that are allowed by the account e f a Circuit Module slot is empty then the Circuit Status screen will display a row of dashes for that Circuit Module position To display the Circuit Status Screen via the Text Interface type S and then press Enter To display the Circuit Status Screen via the Web Browser Interface click on the Circuit Status link The Circuit Status Screen will list the following parameters Circuit The number of each Circuit Module Name Common The user defined name for each Circuit Module This name may also be used describe the device that is connected to the common line for each Circuit Module Name Connected To The user defined name for the currently selected A B path for each Ci
145. out Duration The Invalid Access Lockout feature uses two separate counters to track invalid access attempts Serial Port Counter Counts invalid access attempts at the Serial Port If the number of invalid attempts at the port exceeds the user defined Lockout Attempts value then the port will be locked Telnet SSH and Web Browser Counter Counts all invalid attempts to access command mode via Telnet SSH or Web Browser interface If the number of cumulative invalid attempts exceeds the user defined Lockout Attempts value then the Network Port will be locked Note n the Web Browser Interface the Invalid Access Lockout item does not appear in the System Parameters menu and is instead accessed via the General Parameters fly out menu as described below Note that when an Invalid Access Lockout occurs you can either wait for the Lockout Duration period to elapse after which the AFS 16 will automatically reactivate the port or you can issue the UL command type UL and press Enter via the Text Interface to instantly unlock all of the AFS 16 s logical network ports Notes When the Invalid Access Lockout Alarm has been enabled as described in Section 7 4 the AFS 16 can also provide notification via email Syslog Message and or SNMP trap whenever an Invalid Access Lockout occurs Invalid Access Lockout parameters defined via the System Parameters menu will apply to both the Serial Port and the Network Port When a Serial
146. ow the temperature must drop in order for the Alarm condition to be cancelled Initial Threshold Default 80 F or 27 C Critical Threshold Default 90 F or 38 C Note The System Parameters menu is used to set the temperature format for the AFS 16 unit to either Fahrenheit or Celsius as described in Section 5 3 Resend Delay Determines how long the AFS 16 will wait to resend a message generated by this alarm when the initial attempt to send notification was unsuccessful Default 60 Minutes Notify Upon Clear When this item is enabled the AFS 16 will send additional notification when the situation that caused the alarm has been corrected For example when Notify Upon Clear is enabled the AFS 16 will send initial notification when it detects that the temperature has exceeded the trigger value and then send a second notification when it determines that the temperature has fallen below the trigger value Default On Alarm Configuration Email Message Enables Disables email notification for this alarm Default On Note f either of the Copy to All Triggers options is selected then email notification for other alarms will be switched On or Off as indicated by this parameter Address 1 2 and 3 These parameters are used to determine which of the three email addresses defined via the Email Messages menu will receive the email alarm notification messages generated by this alarm The Address parameters can b
147. parameters that are currently defined for the Email configuration menu Note The Send Test Email function is only available via the Text Interface 5 42 Basic Configuration 5 10 Save User Selected Parameters It is strongly recommended to save all user defined parameters to an ASCII file as described in Section 15 This will allow quick recovery in the event of accidental deletion or reconfiguration of port parameters When changing configuration parameters via the Text Interface make certain that the AFS 16 has saved the newly defined parameters before exiting from command mode To save parameters press the Esc key several times until you have exited from all configuration menus and the AFS 16 displays the Saving Configuration menu and the cursor returns to the command prompt If newly defined configuration parameters are not saved prior to exiting from command mode then the AFS 16 will revert to the previously saved configuration after you exit from command mode 5 10 1 Restore Configuration If you make a mistake while configuring the AFS 16 unit and wish to return to the previously saved parameters the Text Interface s Reboot System command 1I offers the option to reinitialize the unit using previously backed up parameters This allows you to reset the unit to previously saved parameters even after you have changed parameters and saved them Notes The AFS 16 will automatically backup saved parameters once a day
148. perature Log sussuslss ndaka eee se dne 8 5 Operation s 24n exau ede agna tdm o Sena ear ware wd AR es wee RO RR Siew ark wereld 9 1 9 1 A B Switching Web Browser Interface lesse eere 9 1 9 1 1 The Circuit Control Screen Web Browser Interface 0 9 1 9 1 2 The Circuit Group Control Screen Web Browser Interface 9 2 9 2 A B Switching Text Interface 1 0 teens 9 4 9 2 1 The Circuit Status Screen Text Interface 0 00 esee 9 4 9 2 2 A B Switching Commands Text Interface 0 00 e cece esse 9 5 9 2 2 1 Applying Commands to Several Circuits Text Interface 9 6 9 3 Manual Operation isse eea aia ai aa eee 9 7 9 4 Logging Out of Command Mode 0 0 0 cect eene 9 7 Telnet amp SSH Functions lese hh hh hn 10 1 10 1 SSH Encryption zumo LL RILEeERSR RE bx REC REG OR AREE UR EHE 10 1 10 2 Creating an Outbound Telnet Connection lll lesen 10 2 10 3 Creating an Outbound SSH Connection eere 10 3 Syslog Messages cerei es duce itc eee is ede je 6 e a E nd De AB a ee 11 1 11 1 Configuratiom siea anea aei De hAY Ue i9 bode pL XN TREE boy 11 1 11 2 Testing Syslog Configuration lile 11 2 SNMP Traps DET 12 1 12 1 Configurations seas eana inaa i een ee eee a head a r Ree id 12 1 12 2 Testing the SNMP Trap Function eese 12 2 Operation via SNMP sssueeeeeeeeeee nnn hn nn 13 1 13 1 AF
149. played When the Circuit Control Screen is displayed by an account that permits User or ViewOnly level commands the screen will only include the Circuit Groups that are allowed by the account 3 Operation A B Switching Circuit Groups From the Circuit Group Control Menu click the down arrow for the desired Circuit Group s then select A or B from the dropdown menu and click on the Confirm Circuit Group Actions button Next the AFS 16 will display a screen which lists the selected switching action s and asks for confirmation before proceeding Click on the Execute Circuit Group Actions button to execute the command s Switching Circuit Groups to Defaults From the Circuit Group Control Menu click the down arrow for the desired group s then select Default from the dropdown menu and click on the Confirm Circuit Group Actions button Next the AFS 16 will display a screen which lists the selected switching action s and asks for confirmation before proceeding Click on the Execute Circuit Group Actions button to execute the command all selected circuit groups will be set to their user defined default states Note When each Circuit Group command is completed the Circuit Status Screen will be displayed At that time the Status Screen will show the updated A B status of each circuit Operation COMMAND MENU Version 1 00 DISPLAY CONFIGURATION S Circuit Status System Parameters Circuit Group Status Port Param
150. program When communicating via a PDA use the PDA s Close function to disconnect and logout When you disconnect using the LogOut link or X command this ensures that the AFS 16 has completely exited from command mode and is not waiting for the inactivity timeout period to elapse before allowing additional connections 10 Telnet amp SSH Functions 10 1 SSH Encryption In addition to standard Telnet protocol the AFS 16 also supports SSH connections which provide secure encrypted access via network In order to communicate with the AFS 16 using SSH protocol your network node must include an appropriate SSH client Note that when the K Send SSH Key command is invoked the AFS 16 can also provide you with a public SSH key which can be used to streamline connection to the AFS 16 when using SSH protocol Although you can establish an SSH connection to the unit without the public key the public key provides validation for the AFS 16 and once this key is supplied to the SSH client the client will no longer display a warning indicating that the AFS 16 is not a recognized user when the client attempts to establish a connection The K command uses the following format K k Enter Where k is an argument that determines which type of public key will be displayed and the k argument offers the following options 1 SSH1 2 SSH2RSA 3 SSH2DSA For example to obtain the public SSH key for an SSH2 RSA client type K 2an
151. ption using your keyboard and then typing in the value for that option Since the Web Browser Interface and Telnet accessibility are both disabled in the default state you will need to use the Text Interface to contact the unit via Local PC or SSH connection when setting up the unit for the first time After you have accessed command mode using the Text Interface you can then enable Web Access and Telnet Access if desired in order to allow future communication with the unit via Web Browser or Telnet You will not be able to contact the unit via Web Browser or Telnet until you have enabled those options Once Telnet Access is enabled you will then be able to use the Text Interface to communicate with the AFS 16 via local PC Telnet or SSH connection You can also use the Text Interface to access command mode via an external modem installed at the RS232 Port on the AFS 16 Control Module In order to use the Text Interface your installation must include Access via Network The AFS 16 must be connected to your TCP IP Network and your PC must include a communications program such as HyperTerminal Access via Modem An external modem must be installed at the Control Module s RS232 Port and the RS232 Port must be configured for Modem Mode as described in Section 5 8 A phone line must be connected to the external modem In addition your PC must include a communications program Access via Local PC Your PC must be connected to the RS
152. r port Usernames amp Passwords 32 character usernames 16 character passwords case sensitive Up to 128 pairs definable circuit module circuit group and system access Physical Environmental Size 5 25 x 19 00 x 6 75 HxW x D Power 100 240 VAC 50 60 Hz 15 watts Weight Shipping Weight Fully Loaded 15 pounds Operating Temperature 32 F to 122 F 0 C to 50 C Humidity 10 90 RH Venting Side vents are used to dissipate heat generated within the unit When mounting the unit in an equipment rack make certain to allow adequate clearance for venting Apx 2 Appendix C Customer Service Customer Service hours are from 8 00 AM to 5 00 PM PST Monday through Friday When calling please be prepared to give the name and make of the unit its serial number and a description of its symptoms If the unit should need to be returned for factory repair it must be accompanied by a Return Authorization number from Customer Service WTI Customer Service 5 Sterling Irvine California 92618 Local Phone 949 586 9950 Toll Free Service Line 1 888 280 7227 Service Fax 949 583 9514 Email service wti com Apx 3 Appendices Trademark and Copyright Information WTI and Western Telematic are trademarks of Western Telematic Inc All other product names mentioned in this publication are trademarks or registered trademarks of their respective companies Information and descriptions contained herein are the propert
153. rcuit Module Note that the name listed in this field will differ depending on which A B Circuit path is selected Pos The currently selected A B circuit path for each Circuit Module Reason This field displays a brief description of the reason for the last successful switching operation at each Circuit Module Mon This field will contain a X if the corresponding Circuit Module has been configured to be switched by the Monitor Alarm Input feature The Circuit Status Screen will also list the following information at the bottom of the Screen System Temperature The current temperature as measured by the AFS 16 unit Monitor Alarm Input The high low status of the Monitor Alarm Input contact on the Control Module s AUX Port Alarm Contact Output The status of the Alarm Contact Output The Status Screens 8 4 The Circuit Group Status Screen The Circuit Group Status screen shows the configuration details and A B switching status for the AFS 16 s user defined Circuit Groups Notes When the Circuit Group Status Screen is viewed by an account with Administrator or SuperUser command access all AFS 16 Circuit Modules and Circuit Groups will be shown When the Circuit Status Screen is viewed by an account with User or ViewOnly command access then the unit will only display the Circuit Modules and Circuit Groups that are allowed by the account In order to display the Circuit Group Status screen you must first
154. rface In order to change these parameters you must access the unit via the Text Interface When a new IP Adaress is selected or the status of the DHCP feature is changed the unit will disconnect and reconfigure itself with the new values when you exit the Network Parameters Menu When configuring the unit via Web or Telnet make certain your DHCP server is set up to assign a known fixed IP address in order to simplify reconnection to the unit after the new address has been assigned The Network Parameters menu is only available when you have logged into command mode using an account and port that permit Administrator level commands Administrator Mode enabled The Network Parameters menu allows you to define the parameters discussed in the following sections Note that although the descriptions of network parameters are arranged according to the Web Browser Interface in the Text Interface most parameters are included in a single menu 5 25 Basic Configuration 5 9 1 Network Port Parameters In the Text Interface these parameters are found in the main Network Configuration menu In the Web Browser Interface these parameters are found by placing the cursor over the Network Configuration link on the left hand side of the screen and then clicking on the Network Port Parameters link in the resulting fly out menu Administrator Mode Permits denies port access to accounts that allow Administrator level commands When enable
155. rm has been corrected For example when Notify Upon Clear is enabled the AFS 16 will send initial notification when it detects that an Invalid Access Lockout has occurred and then send a second notification when it determines that the port has been unlocked Default On Alarm Configuration Email Message Enables Disables email notification for this alarm Default On Note f either of the Copy to All Triggers options is selected then email notification for other alarms will be switched On or Off as indicated by this parameter Address 1 2 and 3 These parameters are used to determine which of the three email addresses defined via the Email Messages menu see Section 5 9 11 will receive the email alarm notification messages generated by this alarm The Address parameters can be used to select one or any combination of the addresses defined via the Email Messages menu Default All On Note f Email addresses have been previously specified then the text under the parameters will list the current user defined email addresses Subject This parameter is used to define the text that will appear in the Subject field for all email notification messages generated by this alarm Default Alarm Invalid Access Lockout Contact Output Enable Activates deactivates the output contacts on the Control Module AUX Connector When the Contact Output Enable parameter is set to On the Common line will be switched
156. rs 0 0 cece n 5 27 59 35 IP Security soil eo sRr ELE BON Pe eee Rea ed aere iei 5 29 5 9 3 1 Adding IP Addresses to the Allow and Deny Lists 5 30 5 9 3 2 Linux Operators and Wild Cards esasa anaana 5 81 5 9 3 3 IP Security Examples lesse eee 5 31 5 9 4 Static ROCs io cessi Ee OE bee we Sere e e eed ees 5 32 5 9 5 Domain Name Server iulslsleeee ee 5 32 5 9 6 SNMP Access Parameters 00 0 c cece ee 5 33 5 9 7 SNMP Trap Parameters l l ne 5 34 5 9 8 LDAP Parameters 0 aiea n a e aii ai nnn 5 35 5 9 8 1 Adding LDAP Groups l l eee 5 36 5 9 82 Viewing LDAP Groups sess 5 37 5 9 8 3 Modifying LDAP Groups ssseeeseee eese 5 37 5 9 8 4 Deleting LDAP Groups 00 00 eee 5 37 5 9 85 LDAP Kerberos Set Up 1 0 0 0 0c cece ects 5 37 5 9 9 TACACS Parameters 0 00 ene 5 38 5 9 10 RADIUS Parameters ssissssesees e 5 40 5 9 10 1 Dictionary Support for RADIUS 00 0 0 eee 5 41 5 9 11 Email Messaging Parameters 0 cece eee ees 5 42 5 10 Save User Selected Parameters 2 0 0 0 cect ett 5 43 5 10 1 Restore Configuration sssusa anaana eee 5 43 6 Ping No Answer Fallback Switching eee nn 6 1 6 1 Adding Ping No Answer Profiles 0 0 ccc ete 6 1 6 2 Viewing Ping No Answer Profiles lllelee e 6 3 6 3 Modifying Ping No Answer Profi
157. rs can be easily redefined for this Quick Start procedure it is recommended to configure your communications program to accept the default parameters The AFS 16 features a default IP Address 192 168 168 168 and a default Subnet Mask 255 255 255 0 This allows network access to command mode providing that you are contacting the AFS 16 from a node on the same subnet When attempting to access the AFS 16 from a node that is not on the same subnet please refer to Section 5 9 for further configuration instructions 1 Access Command Mode The AFS 16 includes two separate user interfaces the Text Interface and the Web Browser Interface The Text Interface is available via Local PC SSH Client Telnet or Modem and can be used to both configure the AFS 16 and create connections between ports The Web Browser interface is only available via TCP IP network and can be used to configure the unit but cannot create connections between ports a Via Local PC Start your communications program and then press Enter b Via SSH Client Start your SSH client enter the default IP address 192 168 168 168 for the AFS 16 and then invoke the connect command c Via Web Browser Make certain that Web Browser access is enabled as described in Section 5 9 2 Start your JavaScript enabled Web Browser enter the default AFS 16 IP address 192 169 168 168 in the Web Browser address bar and then press Enter d Via Telnet Make certain that Telnet a
158. rs via the Text Interface first type F and press Enter to display the System Parameters Menu then key in the number for the Scripting Options item and press Enter To access the Scripting Options parameters via the Web Browser Interface place the cursor over the General Parameters link wait for the flyout menu to appear then click on the Scripting Options link Scripting Options menu allows the following parameters to be defined Command Confirmation This item can be used to suppress the command confirmation prompt which is normally displayed before commands are executed When Command Confirmation is Off the AFS 16 will not display the Are You Sure prompt before executing commands Default On Automated Mode When enabled the AFS 16 will execute commands without displaying a confirmation prompt status screen or confirmation messages For more information please refer to Section 5 3 5 1 Default Off Note When this option is enabled security functions are suppressed and users are able to access configuration menus and control switching without entering a password If security is a concern and the Automated Mode is required it is recommended to use the IP Security feature Section 5 9 3 to restrict access Basic Configuration 5 5 5 1 Automated Mode The Automated Mode allows the AFS 16 to execute A B switching commands without displaying menus or generating response messages Automated Mode is designed
159. rtificate access WEB ACCESS HTTP 1 Enable 2 Port HTTPS Enable On Port 443 Certificates Common Name State or Province Locality Country Email Address Organization Name Organizational Unit Create CSR 15 Export Server Private Key View CSR 16 Import Server Private Key Import CRT 17 Harden Web Security On Enter lt CR gt to change XESC to return to previous menu Figure 14 1 Web Access Parameters Text Interface Only 14 1 Setting Up SSL Encryption 14 1 Creating a Self Signed Certificate To create a Self Signed certificate access the Text interface via Telnet or SSH using a password that permits access to Administrator level commands and then proceed as follows 1 2 Type N and press Enter to display the Network Parameters menu At the Network Parameters menu type 23 and press Enter to display the Web Access menu Figure 14 1 Type 3 and press Enter and then follow the instructions in the resulting submenu to enable HTTPS access Next use the Web Access menu to define the following parameters Note When configuring the AFS 16 make certain to define all of the following parameters Although most SSL applications require only the Common Name in the case of the AFS 16 all of the following parameters are mandatory 5 Common Name A domain name that will be used to identify the AFS 16 unit If you will use a Self Signed certificate then th
160. s seen through the SNMP are summarized below userTable userName 32 character username e userTable userPasswd 16 character password userTable userAccessLevel Account access level 0 ViewOnly Access 1 User Access 2 Superuser Access 3 Administrator Access 13 1 Operation via SNMP e userTable userCircuitAccess A string of up to 16 characters with one character for each of the 16 possible Circuit Modules on the AFS 16 unit A 0 indicates that the account does not have access to the circuit and a 1 indicates that the user does have access to the circuit Note The number of circuits specified in the userCircuitAccess string must not exceed the number of Circuit Modules available on your AFS 16 unit If the userCircuitAccess string specifies more circuits than are available on the unit an error message will be generated userTable userGroupAccess A string of 54 characters with one character for each of the 54 possible Circuit Groups in the system A 0 indicates that the account does not have access to the Circuit Group and a 1 indicates that the user does have access to the Circuit Group userTable userSerialAccess Access to the serial interface 0 No access 1 Access userTable userTelnetSshAccess Access to the Telnet SSH interface 0 No access 1 Access userTable userOutboundTelSshAccess Access to Outbound Telnet SSH 0 No access 1 Access userTable userWebAccess A
161. ser Interface When disabled users will not be allowed to contact the unit via the Web Browser Interface Default Off HTTP Port Selects the TCP IP port number that will be used for HTTP connections Default 80 HTTPS Access Enables disables HTTPS communication For instructions on setting up SSL encryption please refer to Section 14 Default Off 5 27 Basic Configuration HTTPS Port Selects the TCP IP port number that will be used for HTTPS connections Default 443 Notes In the Text Interface HTTP and HTTPS parameters reside in a separate submenu To enable and configure HTTP and HTTPS Access via the Text Interface access the Network Configuration Menu as described in Section 5 9 then type 23 press Enter and use the resulting submenu Figure 14 1 to select parameters as described in Section 14 When the Web Access parameter is accessed via the Text Interface the resulting submenu will also allow you to select SSL encryption parameters as described in Section 14 Harden Web Security When the Harden Web Security feature is On default only the high and medium cypher suites for SSLv3 and TLSv1 will be enabled When the Harden Web Security feature is Off all SSL protocols will be enabled allowing compatibility with older browsers Note that in the Text Interface this option is enabled disabled via the Web Access submenu Default On SYSLOG Address The IP Address or domain name up to 64
162. ser Menu can define the following parameters for each new account Username Up to 32 characters long and cannot include non printable characters Duplicate usernames are not allowed Default undefined Password Five to 16 characters long and cannot include non printable characters Note that passwords are case sensitive Default undefined Access Level Determines which commands this account will be allowed to access This option can set the access level for this account to Administrator SuperUser User or ViewOnly For more information on Command Access Levels please refer to Section 5 4 1 and Section 17 2 Default User Basic Configuration Circuit Access Determines which AFS 16 Circuit Modules this account will be allowed to access Defaults Administrator amp SuperUser All Circuit Modules On User and ViewOnly All Circuit Modules Off Notes In the Text Interface Circuit Access is configured by selecting item 4 and then selecting the desired ports from the resulting submenu In the Web Browser Interface Circuit Access is configured by clicking on the plus symbol to display the drop down menu and then selecting the desired Circuit Modules from the drop down menu Administrator and SuperUser level accounts will always have access to all Circuit Modules ViewOnly accounts are allowed to display the status of Circuit Modules but are limited to the Circuit Modules specified by the accoun
163. ssages generated by this alarm The Address parameters can be used to select one or any combination of the addresses defined via the Email Messages menu Default All On Note f Email addresses have been previously specified then the text under the parameters will list the current user defined email addresses Subject This parameter is used to define the text that will appear in the Subject field for all email notification messages generated by this alarm Default Alarm Power Cycle Alarm Configuration 7 6 Monitor Alarm Input The Monitor Alarm Input feature allows the AFS 16 to monitor Pin 4 on the Control Module s AUX connector and then switch circuit modules and or activate an audible alarm or other external device and or send notification when the signal at Pin 4 changes To configure the Monitor Alarm Input feature you must access the AFS 16 command mode using a password that permits Administrator Level commands The Monitor Alarm Input configuration menu offers the following parameters Trigger Enable Enables Disables the trigger for this alarm When Disabled this alarm will be suppressed Default On Monitor Alarm Input Level Determines whether a high or low signal at the Monitor Input contact Pin 4 on the Control Module s AUX Connector will generate an alarm For example if the Monitor Alarm Input Level is set at Low then an alarm will be triggered when a low signal is detected at Pin 4 Note th
164. t Default On Port Mode Parameters Port Name Allows you to assign a name to the Serial Port Default undefined Port Mode The operation mode for this port Default Normal Mode Depending on the Port Mode selected the AFS 16 will also allow the definition of additional parameters listed below In the Text Interface these parameters are accessible via a submenu which will only be active when the appropriate port mode is selected In the Web Browser Interface fields will be grayed out unless the corresponding port mode is selected Normal Mode Permits access to command mode When Normal Mode is selected the following mode specific parameter can also be defined DTR Output Determines how DTR will react when the port disconnects DTR can be held low held high or pulsed for 0 5 seconds and then held high Default Pulse Modem Mode Permits access to command mode and simplifies connection to an external modem Modem Mode ports can perform all functions available in Normal Mode but Modem Mode also allows definition of a Hang Up String Reset String and Initialization String Modem Reset String Redefines the modem reset string The Reset String can be sent prior to the Initialization string Default ATZ Modem Initialization String Defines a string that can initialize a modem to settings required by your application Default AT amp C1 amp D2S0 1 amp B1 amp Hl1 amp R2 Modem Hang Up
165. t ViewOnly accounts are not allowed to invoke A B Switching commands Circuit Group Access Determines which Circuit Groups this account will be allowed to control Circuit Groups allow you to define a selection of Circuit Modules and then quickly assign that group of circuits to accounts For more information on Circuit Groups please refer to Section 5 7 Default AII Circuit Groups Off Notes In order to use this feature Circuit Groups must first be defined as described in Section 5 7 In the Text Interface Circuit Group Access is configured by selecting item 5 and then selecting the desired Circuit Group s from the resulting submenu In the Web Browser Interface Circuit Group Access is configured by clicking on the plus symbol to display the drop down menu and then selecting the desired Circuit Group s from the drop down menu Administrator and SuperUser level accounts will always have access to all Circuit Groups ViewOnly accounts are allowed to display the status of Circuit Groups but are limited to the Circuit Groups specified by the account ViewOnly accounts are not allowed to invoke A B switching commands Service Access Determines whether this account will be able to access command mode via Serial Port RS232 Port Telnet SSH or Web and whether the account will have access to the Outbound Telnet feature For example if Telnet SSH Access is disabled for this account then this account will not be able
166. t System Resend Delay Invalid Access Lockout Alarm Monitor Alarm Input Over Temperature Alarms Ping No Answer Alarm Reset String Modem Mode Reset Switch Restore Configuration Restoring Parameters Retries RADIUS Return Monitor Alarm Input RS232 Port Interface 5 33 17 4 8 1 10 1 3 1 to 3 4 5 40 5 40 5 40 5 41 to 5 42 5 40 5 40 5 40 5 40 5 40 5 40 5 40 5 40 5 40 5 33 5 5 to 5 6 5 7 5 7 5 7 5 7 5 7 5 7 5 7 5 7 5 43 15 3 17 10 7 7 7 10 7 3 7 5 5 24 2 3 5 43 15 3 15 2 5 40 7 11 2 3 Apx 1 Safety Information Saving Parameters Text Interface Scripting Options Search Bind DN Search Pind Password Secondary Address RADIUS TACACS Secondary Host Secondary NTP Address Secondary Secret Word RADIUS Secret Word TACACS Self Signed Certificate Sending Traps via SNMP Send Test Email Sequence Disconnect Network Port Serial Port Serial Port Accept Break Access Administrator Mode Baud Rate Bits and Parity Command Echo Configuration Handshake Mode Inactivity Timeout Interface Logoff Character Modem Mode Normal Mode Port Mode Port Name Sequence Disconnect Stop Bits Serial Port Interface Serial Port Parameters Server Private Key Service Access LDAP Group TACACS Set Circuits to Defaults Text Interface Setting Circuit to Default Web Browser Interface Signed Certificate Site I D Text Interface SMTP Server Index 6 Index itoii 5 43 15 1 5 38 14 1 to 1
167. ters for any AFS 16 user account as described in Section 5 5 1 Add Username Creates new user accounts and allows you to assign a username password command level Circuit Module access Circuit Group access Service access and callback number as described in Section 5 5 2 Modify User Directory This option is used to edit or change account information as described in Section 5 5 3 Delete User Clears user accounts as described in Section 5 5 4 Note After you have finished selecting or editing user account parameters make certain to save the new account information before proceeding In the Web Browser Interface click on the Add User button to save parameters in the Text Interface press the Esc key several times until the AFS 16 displays the Saving Configuration message and the cursor returns to the command prompt 5 5 1 Viewing User Accounts The View User Directory option allows you to view details about each account The View User option will not display actual passwords and instead the password field will read defined The View User Accounts function is only available when you have accessed command mode using a password that permits Administrator Level commands 5 5 2 Adding User Accounts The Add Username option allows you to create new accounts Note that the Add User function is only available when you have accessed command mode using a password that permits Administrator Level commands The Add U
168. ters menu to set the IP address for each SNMP Manager Note that it is not necessary to define both SNMP Managers Note 7o enable the SNMP Trap feature you must define at least one SNMP Manager SNMP Traps are automatically enabled when at least one SNMP Manager has been defined b Trap Community Consult your network administrator and then use the Network Parameters menus to set the Trap Community Once SNMP Trap Parameters have been defined the AFS 16 will send an SNMP Trap each time an alarm is triggered 12 1 SNMP Traps 12 2 Testing the SNMP Trap Function After you have finished setting up the SNMP Trap function it is recommended to test the configuration to ensure that it is working correctly To test configuration of the SNMP Trap function proceed as follows 1 Configure the SNMP Trap function as described in Section 12 1 2 Access the Text Interface command mode using an account that permits Administrator or SuperUser level commands then invoke the TEST command at the AFS 16 command prompt Note that the TEST Command is only available in Administrator and SuperUser Mode 3 Select Item 1 or 2 to send an SNMP test trap to Manager 1 or 2 respectively It is possible that the ARP table will not be properly setup If this occurs a message to that effect is displayed and the AFS 16 immediately refreshes the ARP table Repeat steps 2 and 3 to try again For more information on the TEST command and the Test Menu
169. that Support HTML Tables is checked enabled 4 Pressthe Menu button and select Save Options When you have finished communicating with the AFS 16 via PDA it is important to always close the session using the PDA s menu functions rather than by simply closing the browser window in order to ensure that the AFS 16 has completely exited from command mode and is not waiting for the inactivity timeout period to elapse For example to close a session on a BlackBerry press the Menu button and then choose Close Basic Configuration 5 2 Configuration Menus Although the Web Browser Interface and Text Interface provide two separate means for selecting parameters both interfaces allow access to the same set of basic parameters and parameters selected via one interface will also be applied to the other To access the configuration menus proceed as follows Text Interface Refer to the Help Screen H and then enter the appropriate command to access the desired menu When the configuration menu appears key in the number for the parameter you wish to define and follow the instructions in the resulting submenu Web Browser Interface Use the links and fly out menus on the left hand of the Screen to access the desired configuration menu To change parameters click in the desired field and key in the new value or select a value from a pull down menu To apply newly selected parameters click on the Change Parameters button at the
170. the AFS 16 0 00 ccc eet eee 3 2 3 4 Fallback Switching 0 0 0 6c eect tte 3 3 3 4 1 Fallback Switching Text Interface 0 0 et ee 3 3 3 4 2 Fallback Switching Web Browser Interface 00 cee eee eee 3 4 4 Hardware Installation 0 0 ccc RR IRI I hh 4 1 4 1 Connecting the Power Supply Cable s lesse 4 1 4 2 Connecting the Network Cable 0 cc cece teens 4 1 4 3 Connecting a Local Control Device 00 ccc eee 4 2 4 4 Connecting an External Modem Optional 0 000 c eee eee eee 4 2 4 5 Module Set Up xe Miata e dered et den RR e dee rd dol b gus RR 4 3 4 5 1 Circuit Module Set Up 0 ett 4 3 4 5 2 Control Module SetUp 0 0 eect tee 4 3 4 6 The A C B Connectors 0 eet ete 4 3 5 Basic Configuration 0 0 ccc 5 1 5 1 Communicating with the AFS 16 Unit 0 0 0 2c eee eee 5 1 5 1 1 The Text Interface lllslsssseeseesese ee ren 5 1 5 1 2 The Web Browser Interface lle 5 2 5 1 9 Access Via PDA ies cese gae Be bebe Ea eR ded e eae 5 3 5 2 Configuration Menus 0 cette eee 5 4 5 3 Defining System Parameters 00 0 0 c cette eee 5 5 5 3 1 The Real Time Clock and Calendar 00 c eee eee eee 5 7 5 3 2 The Invalid Access Lockout Feature 0 ccc eee eee 5 8 5 3 3 Log Configuration lt e ceecee sseui ec 5 9 5 3 3 1 The Audit Log and Alarm Log
171. the manufacturer Discard used batteries according to the manufacturer s instructions Warnings and Cautions Two Power Supply Cables Note that the AFS 16 features two separate power inputs and a separate power supply cable for each power input Make certain to disconnect both power supply cables from their power source before attempting to service or remove the unit Disconnect Power If any of the following events are noted immediately disconnect the unit from the outlet and contact qualified service personnel 1 Ifthe power cord becomes frayed or damaged 2 If liquid has been spilled into the device or if the device has been exposed to rain or water Disconnect Power Before Servicing Before attempting to service or remove this unit please make certain to disconnect the power supply cable from the power source Table of Contents 1 Introducti n ors eu meh rr ra ah RkRRR Ry Ra naX RR RRER ROS ERA RAE EUR wae e 1 1 2 Unit Description c ete asidid oil rad Sea Rer a xn DR oh RI alba ale dM LP DE Ea m 8 w a ER ST x 2 1 2 4 The Dual Power Supply Module 0 00 es 2 1 2 2 The Control Module 02 cect mn 2 2 23 The Circuit Module lssesesesseeeeee eR mmn 2 4 3 Getting Started 20 0 cde ce eer er e koh m edm enm Rom e RE E n Ege En pcs md ed a 3 1 3 1 Apply Power to the AFS 16 0 00 3 1 3 2 Connect Your PC to the AFS 16 0 0 cece tte 3 1 3 3 Communicating with
172. time period the port will disconnect Default 5 Minutes Command Echo Enables or Disables the command echo for the Network Port Default On Accept Break Determines whether the Network Port will accept breaks received from the attached device and pass them along to a connected port When the Accept Break parameter is enabled and the Network Port is connected to the RS232 Serial Port breaks received at the Network Port will be passed to the Serial Port When disabled breaks will be refused at the Network Port Default On Multiple Logins If the AFS 16 is installed in an environment that does not include communication via an open network local communication only then the Multiple Logins parameter can be used to determine whether or not multiple users will be able to communicate with the unit at the same time If this parameter is set to Off then only one user will be allowed to communicate with the unit at a time Default On Note The Multiple Logins prompt is not included in the Web Browser Interface 5 26 Basic Configuration 5 9 2 Network Parameters In the Text Interface these parameters are accessed via the Network Configuration menu Figure 5 9 In the Web Browser Interface these parameters can be found by clicking the Network Parameters link on the left hand side of the screen to display the Network Parameters menu Note The IP Address Subnet Mask Gateway Address and DHCP status cannot
173. to secure the Control Module to the AFS 16 frame Monitor Input Level Jumper Not Shown A jumper located on the Control Module board which is used to configure the AUX Connector for use with the Monitor Alarm Input feature The Monitor Input Level Jumper selects the non active state for the Monitor Alarm Input feature When the jumper is set in the 1 position normally high the Monitor Alarm Input feature can generate an alarm when the Monitor Input signal goes low When the jumper is set in the 0 position normally low the Monitor Alarm Input feature can generate an alarm when the Monitor Input signal goes high For more information on the Monitor Alarm Input feature please refer to Section 7 6 2 3 The Circuit Module The AFS 16 can accept up to sixteen Circuit Modules Each Circuit Module includes a common jack jacks for A and B paths and a Manual A B switch as described in Figure 2 3 Figure 2 3 The Circuit Module The AFS 16 Circuit Module includes the following components 69006 Q A B Switch Each A B Switch can be manually switched or activated by commands sent to the Control Module The A B Switch can also be operated by the Control Module s Master A B Switch A Connector An RJ45 Port used for connection to your primary line C Connector An RJ45 Port used for connection to a common line B Connector An RJ45 Port used for connection to your fallback line Release Pin Used to s
174. ts In the Text Interface IP Security parameters are defined via item 5 in the Network Configuration menu Figure 5 9 In the Web Browser Interface these parameters are found by clicking the IP Security link on the left hand side of the screen In the default state IP Security is disabled The IP Security Function employs a TCP Wrapper program which allows the use of standard Linux operators wild cards and net mask pairs to create a host based access control list The IP Security configuration menus include hosts allow and hosts deny client lists Basically when setting up IP Security you must enter IP addresses for hosts that you wish to allow in the Allow list and addresses for hosts that you wish to deny in the Deny list Since Linux operators wild cards and net mask pairs are allowed these lists can indicate specific addresses or a range of addresses to be allowed or denied When the IP Security feature is properly enabled and a client attempts to connect the AFS 16 will perform the following checks 1 Ifthe client s IP address is found in the hosts allow list the client will be granted immediate access Once an IP address is found in the Allow list the AFS 16 will not check the Deny list and will assume you wish to allow that address to connect 2 Ifthe client s IP address is not found in the Allow list the AFS 16 will then proceed to check the Deny list 3 Ifthe client s IP Address is found in the Deny list
175. ttempts 5 9 Lockout Duration 5 9 Lockout Enable 5 9 Invalid Access Lockout Alarm Address Contact Output Enable Email Message Notify Upon Clear Resend Delay Subject Trigger Enable IP Address Network Port Ping No Answer Profile IP Security Adding IP Addresses Examples Operators and Wildcards J Jumper Settings Circuit Module Control Module Kerberos Domain Realms Key Distribution Centers Port Realm Set Up LDAP Access Level Adding LDAP Groups Bind Type Circuit Group Access Deleting Groups Enable Fallback Group Membership Attribute Group Membership Value Type Group Name Kerberos Set Up LDAP Group Setup LDAP Port Modifying LDAP Groups Parameters Port Access Primary Host Search Bind DN Search Bind Password Secondary Host Service Access TLS SSL Encryption User Search Base DN User Search Filter Viewing LDAP Groups Index 3 5 27 6 1 5 29 to 5 31 5 30 5 31 5 31 4 3 7 12 to 7 13 5 35 5 37 5 37 5 37 5 37 5 37 5 36 5 36 5 35 5 36 5 37 5 35 5 36 5 36 5 36 5 36 5 37 5 36 to 5 40 5 35 5 37 5 35 to 5 42 5 36 5 35 5 35 5 36 5 35 5 36 5 35 5 36 5 36 5 37 Local Control Device Locality Local PC Access Lockout Attempts Lockout Duration Lockout Enable Log Configuration Log Function Reading and Erasing Syslog Text Interface Logging Out Text Interface Login Logoff Character Network Port Serial Port Management Utility Manual Control Manual Operation Master A B Gang
176. ture Monitor Alarm Input status Alarm Contact Output status and the user defined Site I D Message The Circuit Status Screen will be re displayed each time a command is successfully executed 9 4 Operation 9 2 2 A B Switching Commands Text Interface These commands can be used to switch AFS 16 s circuit modules and can also be used to set circuits to the user defined default A B positions Circuits may be specified by number name or Circuit Group Name Notes When the Port and Circuit Status Screen is displayed by an account that permits Administrator or SuperUser level commands all switched circuits will be displayed When the Port and Circuit Status Screen is displayed by an account that permits ViewOnly or User command access the screen will only include the switched circuits that are specifically allowed by the account When you have accessed command mode using an account that permits Administrator or SuperUser level commands switching commands can be applied to all circuits When you have accessed command mode using an account that permits only User level commands switching commands can only be applied to the circuits that are specifically allowed by that account Text Interface commands are not case sensitive When used in command lines circuit names and Circuit Group names are also not case sensitive When A B switching commands are executed the AFS 16 will list specified switching actions for each appl
177. ue that indicates the current unit temperature overTemperatureInitialClearTrap Indicates that the Over Temperature Initial Alarm has been cleared overTemperatureCriticalSetTrap Indicates that the Over Temperature Critical Alarm has been triggered The trap will also include a numerical value that indicates the current unit temperature overTemperatureCriticalClearTrap Indicates that the Over Temperature Critical Alarm has been cleared pingNoAnswerSetTrap Indicates that the Ping No Answer Alarm has been triggered The trap will also include a numerical value that indicates the IP address of the device that failed to respond to the ping command pingNoAnswerClearTrap Indicates that the Ping No Answer Alarm has been cleared lockoutSetTrap Indicates that the Invalid Access Lockout Alarm has been triggered The trap will also include a numerical value that indicates the number of the port where the lockout occurred lockoutClearTrap Indicates that the Invalid Access Lockout Alarm has been cleared powercycleSetTrap Indicates that the Power Cycle Alarm has been triggered monitorAlarmSetTrap Indicates that the Monitor Alarm Input feature has been triggered monitorAlarmClearTrap Indicates that the Monitor Alarm Input feature has been cleared 13 5 14 Setting Up SSL Encryption This section describes the procedure for setting up a secure connection via an https web connection to the AFS 16 Note
178. ult 9 Lockout Duration The length of time that logical network ports will remain locked when an Invalid Access Lockout occurs If the duration is set at Infinite then ports will remained locked until the UL command is issued Default 30 Minutes 5 3 3 Log Configuration This feature allows you to create records of command activity alarm actions and temperature readings for the AFS 16 unit The Log features are enabled and configured via the System Parameters Menus The AFS 16 features three different event logs the Audit Log the Alarm Log and the Temperature Log Audit Log The Audit log creates a record of all switching activity at the AFS 16 unit including A B switching that was initiated by the Ping No Answer feature and the Input Monitor Alarm In addition the Audit Log also includes login logout records for all users Each Log record includes a description of the activity that caused the A B switching the username for the account that initiated the action and the time date that each event occurred Alarm Log The Alarm log creates a record of all Alarm Activity at the AFS 16 unit Each time that an alarm is triggered or cleared the AFS 16 will generate a record that lists the time and date of the alarm the name of the Alarm triggered a description of the Alarm and the time and date that the Alarm was cleared Temperature Log The Temperature Log provides a record of ambient rack temperature levels over tim
179. ust be disabled When the Read Only feature is enabled you will not be able to issue configuration commands to the unit via SNMP Authentication Privacy Configures the Authentication and Privacy features for SNMPv3 communication The Authentication Privacy parameter offers two options which function as follows 1 Auth noPriv An SNMPv3 username and password will be required at log in but encryption will not be used Default Setting 2 Auth Priv An SNMPv3 username and password will be required at log in and all messages will be sent using encryption Notes The Authentication Privacy item is not available when the Version parameter is set to V1 V2 If the Version Parameter is set to V1 V2 V3 all and Authentication Privacy parameter is set to Auth Priv then only V3 data will be encrypted The AFS 16 supports DES encryption but does not currently support the AES protocol e The AFS 16 does not support noAuth noPriv for SNMPv3 communication SNMPv3 User Name Sets the User Name for SNMPv3 Note that this option is not available when the Version parameter is set to V1 V2 Default undefined e SNMPv3 Password Sets the password for SNMPv3 Note that this option is not available when the Version parameter is set to V1 V2 Default undefined SNMPv3 Password Confirm This prompt is used to confirm the SNMPv3 password that was entered at the prompt above Note that this option is not available when the
180. ut occurs the AFS 16 can still lock the network port as described in Section 5 3 2 and can also send an email Syslog Message and or SNMP trap if properly configured f desired the AFS 16 can be configured to count Invalid Access attempts and provide notification when the counter exceeds a user defined trigger level without actually locking the port in question To do this enable the Invalid Access Lockout Alarm as described here but when you configure Invalid Access Lockout parameters as described in Section 5 3 2 set the Lockout Attempts and Lockout Duration as you would normally and then set the Lockout Enable parameter to Off To configure the Invalid Access Lockout Alarm you must access the AFS 16 command mode using a password that permits Administrator Level commands The Invalid Access Lockout alarm configuration menu offers the following parameters Trigger Enable Enables Disables the trigger for this alarm When Disabled this alarm will be suppressed Default On Note 7o cancel an alarm without unlocking the port simply toggle the Trigger Enable parameter Off and then back On again Resend Delay Determines how long the AFS 16 will wait to resend an email message generated by this alarm when the initial attempt to send the notification was unsuccessful Default 60 Minutes Notify Upon Clear When this item is enabled the AFS 16 will send additional notification when the situation that caused the ala
181. w and Deny lists would be defined as follows Allow List 1 192 255 255 192 2 168 112 112 05 Deny List 1 ALL 5 51 Basic Configuration 2 Mostly Open Access is granted by default and the only clients denied access are those explicitly listed in the Deny list and as exceptions in the Allow list To allow access to all clients except 192 255 255 192 and 168 112 112 05 the Allow and Deny lists would be defined as follows Allow List 1 ALL EXCEPT 192 255 255 192 168 112 112 05 Deny List 1 192 255 255 192 168 112 112 05 Notes When defining a line in the Allow or Deny list that includes several IP addresses each individual address is separated by either a space a comma or a comma and a space as shown in Example 2 above Take care when using the ALL wild card When ALL is included in the Allow list it should always include an EXCEPT operator in order to allow the unit to proceed to the Deny list and determine any addresses you wish to deny 5 9 4 Static Route The Static Route menu allows you to type in Linux routing commands that will be automatically executed each time that the unit powers up or reboots In the Text Interface the Static Route menu is accessed via the Network Configuration menu In the Web Browser Interface the Static Route menu via the Network Configuration flyout menu 5 9 5 Domain Name Server The DNS menu is used to select IP addresses for Domain Name Servers When web and networ
182. will continue to attempt to contact the primary RADIUS Server before falling back to the secondary RADIUS Server Default 3 Seconds Fallback Local Determines whether or not the AFS 16 will fallback to its own password username directory when an authentication attempt fails When enabled the AFS 16 will first attempt to authenticate the password by checking the RADIUS Server if this fails the AFS 16 will then attempt to authenticate the password by checking its own internal username directory This parameter offers three options Off Fallback Local is disabled Default On All Failures Fallback Local is enabled and the unit will fallback to it s own internal user directory when it cannot contact the Radius Server or when a password or username does not match the Radius Server On Transport Failure Fallback Local is enabled but the unit will only fallback to it s own internal user directory when it cannot contact the Radius Server Retries Determines how many times the AFS 16 will attempt to contact the RADIUS server Note that the retries parameter applies to both the Primary RADIUS Server and the Secondary RADIUS Server Default 3 Authentication Port The Authentication Port number for the RADIUS function Default 1812 Accounting Port The Accounting Port number for the RADIUS function Default 1813 Debug Text Interface Only When enabled the AFS 16 will put RADIUS debug information into Syslog
183. would also be applied to any other circuit name that begins with an S Suppress Command Confirmation Prompt When the commands are invoked the Y option can be included to override the Command Confirmation Sure prompt For example to switch Circuit 4 to the B position without displaying the Sure prompt type TB 4 Y Enter Enter Key Most commands are invoked by pressing Enter 17 1 Command Reference Guide 17 2 Command Summary Function Command Syntax Command Access Level Admin SuperUser User ViewOnly Display Circuit Status Circuit Group Status s Enter sG Enter Network Status SN Enter X X Help Menu H Enter xe xe xe xe Log Functions L Enter X X Site ID Unit Information Control 3 Enter Exit Command Mode X Enter X X Connect Local Remote c 1 Enter X X xo Switch Circuit c to Position A TA c v Enter e X X X Switch Circuit c to Position B TB c Y Enter e X X X Switch Circuit c to Position p T c p Y Enter e X X X Default All Circuits DC Enter X X xo Send Parameter File U Enter X Send SSH Keys K n Enter X Unlock Invalid Access UL Enter X Outbound Telnet TELNET ip port raw Enter xo xo xo Outbound SSH SSH ip 1 username Enter xo xo xo Configuration System Parameters
184. y a limited selection of AFS 16 operating and status display functions are available to users who communicate with the unit via PDA When the AFS 16 is operated via a PDA only the following functions are available Product Status Screen Unit Info Section 8 1 Circuit Status Screen Section 8 3 Circuit Group Status Screen Section 8 4 Circuit Control Screen Section 9 1 1 Circuit Group Control Screen Section 9 1 2 These screens will allow PDA users to review Circuit Status and Circuit Group Status invoke A B switching and display the Site I D and firmware version Note however that PDA users are not allowed to change or review AFS 16 configuration parameters To configure the AFS 16 for access via PDA first consult your IT department for appropriate settings Access the AFS 16 command mode via the Text Interface or Web Browser interface as described in this section then configure the AFS 16 s Network Port accordingly as described in Section 5 9 In most cases this configuration will be adequate to allow communication with most PDAs Note however that if you wish to use a BlackBerry to contact the AFS 16 you must first make certain to configure the BlackBerry to support HTML tables as described below 1 Power on the BlackBerry and then click on the BlackBerry Internet Browser Icon 2 Press the Menu button and then choose Options 3 From the Options menu choose Browser Configuration then verify to make certain
185. y of Western Telematic Inc Such information and descriptions may not be copied disseminated or distributed without the express written consent of Western Telematic Inc Copyright Western Telematic Inc 2010 April 2010 Part Number 14069 Revision B Trademarks and Copyrights Used in this Manual Hyperterminal is a registered trademark of the Microsoft Corporation Portions copyright Hilgraeve Inc Teraterm is a copyright of Ayera Technologies Inc BlackBerry is a registered trademark of Research In Motion Limited JavaScript is a trademark of Sun Microsystems Inc Telnet is a trademark of Telnet Communications Inc Thawte is a trademark of Thawte Inc VeriSign is a registered trademark of VeriSign Incorporated All other trademarks mentioned in this manual are acknowledged to be the property of the trademark owners Apx 4 A B Gang Switch A B Switch Jumper A B Switching Text Interface Web Browser Interface Accept Break Network Port Serial Port Access Level LDAP Group TACACS Accounting Port RADIUS Accounts Adding Default Add Circuit Group LDAP Group PNA Profile User Accounts Via SNMP Address Invalid Access Lockout Alarm Monitor Alarm Input Over Temperature Alarms Ping No Answer Alarm Power Cycle Alarm Administrator Network Port Serial Port Alarm Clear Threshold Over Temperature Alarm Alarm Configuration Invalid Access Lockout Alarm Over Temperature Alarms Ping No Answer Alarm Alarm L
Download Pdf Manuals
Related Search