Asentria SiteBoss 530, User Manual

Page 1: ... Installation and Operation Guidelines SiteBoss 530 Remote Site Manager Version 2 05 740 Asentria Corporation 1200 North 96th Street Seattle Washington 98103 U S A Tel 206 344 8800 Fax 206 344 2116 www asentria com ...

Page 2: ...ntions used in this manual Commands are printed in this format COMMANDS Arial font caps bold black although commands used in the unit are not case sensitive Setting Keys are printed in this format setting key Courier New font bold blue but any key values displayed are in normal type Red type indicates a safety or security warning Hyperlinks to other sections in the manual are displayed in Arial fo...

Page 3: ...Events 6 Event Notification 6 Audit Log 6 Integration with SitePath 6 Parts Identification 6 Features and Accessories 6 LEDs Ports DIP Switches and Buttons 7 Getting Connected 11 Power Up Sequence 11 Default Passwords 11 The Status Screen 11 Setup Menu 12 Overview 12 Option Types 12 Web Interface 13 Main Setup Menu 13 Network Settings 14 Serial Settings 28 Modem Settings 31 Security Settings 33 Al...

Page 4: ...g Voltage Current Sensor Setup 104 Relay Output Setup 106 EventSensor Reporting 108 Type2 EventSensor Setup 109 Connections 109 DIP Switch Settings 109 Configuration 109 Calibration of Temperature and Humidity Sensors 109 Relays as Alarm Action 111 Customizable Command Prompts 112 Command Reference 113 User Interface Commands 113 Setup Commands 113 System Commands 114 Usage Commands 115 Expansion ...

Page 5: ...g Example 126 DSL Glossary 126 Battery Module 128 Setup 128 Operation 128 Appendices 129 User Rights Table 129 Control Characters 130 Internal Modem Guidelines 131 Canadian Department of Communications 132 Warranty Information 134 ...

Page 6: ......

Page 7: ...r DC If configured for AC the unit uses a barrel connector for connecting to the 15VDC power adapter shipped with the unit If configured for DC the unit is configured with a 4 pin Molex connector for use with a DC power source The unit is shipped with the cables and instructions for direct connection to a DC power source The instructions are shown below in case they are missing from the box Note T...

Page 8: ... panel Power LED 2 Strip the ends of the wires 3 Using wire nuts not supplied connect the stripped wires to the power source The red wires connect to ground or the most Positive connection on the voltage source The blue wires connect to 48VDC or the most Negative connection on the voltage source Option B Use the supplied kit to make a wire harness 1 You will need a crimping tool that crimps standa...

Page 9: ...rk Right clicking on the line for this unit displays three options Setup Telnet and Web Setup opens another window where the IP Address Subnet Mask and Gateway router can be configured see below Press OK and these will be assigned to the unit and displayed in the previous window Select this option to configure the network settings for the first time Telnet opens a connection to the device using yo...

Page 10: ...uter first check the network settings and connection then consult your System Administrator or Asentria Technical Support 4 Using a Telnet client connect to the IP address assigned to the unit SNMP Trap Setup If you will be using your S530 to send SNMP traps this section will help you ensure it is set up correctly Setup 1 Configure the network settings as described in the previous section 2 Select...

Page 11: ...of data and hardware RS 232 serial Telnet Standard modem serial Security callback modem serial Data may be retrieved from or through the S530 by any of the following methods Serial or modem connection to command processor using Line or Zmodem or passthrough Telnet to command processor or passthrough Telnet real time sockets FTP push automatic delivery to FTP server FTP get manual retrieval from FT...

Page 12: ...ate secure and controlled IP access to remote servers and appliances co located on the same remote network as the S530 SitePath uses an integrated SSL or IPSEC VPN implementation which simplifies otherwise complex VPN setup down to a few easy steps allowing users to access remote devices via the SitePath VPN Gateway The S530 plus SitePath provide IP routing to authorized remote network addresses a...

Page 13: ...modem is connected and blinks when the modem is dialing out ETH Ethernet The Link LED lights solid green whenever an active Telnet or FTP connection is made to the unit ALM Alarm This LED is reserved for future use 25 75 100 The S530 has three LEDs to indicate file full status A blinking percentage full LED indicates the database has less than the amount indicated by that LED but more than the pre...

Page 14: ...switches MMC memory I O card slot two RJ45 Ethernet ports two RJ45 RS232 serial ports Reset button one RJ11 POTS modem port and either two or six slots or expansion bays for optional Expansion Cards that expand the functionality of the unit with wireless modem ADSL card and a variety of sensor and relay I O Ports Memory I O The slot labeled Memory I O can be used for the optional external Temperat...

Page 15: ...and the capabilities of the S530 Contact Asentria Sales sales asentria com for more information on Expansion Cards DIP Switches The bank of 8 DIP switches on the back panel of the S530 are used to control the baud and parity settings of I O 2 to set the operational mode for I O 2 and to put the unit into boot load mode where it can be forced to load a new application firmware image The following t...

Page 16: ...al port I O 2 The Reset button can be used for two different functions 1 To reset the S530 press the Reset button for approximately 1 second and S530 will be begin the reboot process as described in the Power Up Sequence section on the next page 2 To activate the Button Unlock feature which resets the username and password back to default ...

Page 17: ...0262 Date TUE 10 20 09 1 19200 8N1 I O 1 Time 16 42 10 2 19200 8N1 I O 2 Modem Yes Eth 1 STATIC IP Add 0 0 0 0 MAC Add 00 10 A3 60 04 FB Eth 2 STATIC IP Add 0 0 0 0 MAC Add 00 10 A3 60 04 FC COMPLETE SiteBoss 530 indicates that this product is the S530 followed by 2 05 740 the currently loaded firmware version Site Name is the identifier assigned to each S530 by the end user in the General Setting...

Page 18: ...rder received The S530 processes setup changes in real time In other words the unit begins to implement changes to its configuration as soon as they are entered There is no need to exit the setup menu or reboot the unit to apply changes The exception to this rule is IP specific network settings Changes to these settings are implemented only after all open Telnet command processors are closed Optio...

Page 19: ...ettings menu for further description Upon connection you will be greeted by a login screen Log in with your Login ID Username and Password These are the same credentials you would use to log into the command prompt Once logged in the General Status screen will be displayed with a menu bar across the top of the page that displays the same menu options as the command prompt menu system From here you...

Page 20: ... can configure each of the two Ethernet interfaces Default Router displays the configured default router gateway for the unit Refer to the Default Router section in the Features chapter for more information Name Resolution Settings allows you to configure the IP addresses of up to two Domain Name Servers DNS Telnet Duplex controls the echo settings for Telnet Full duplex causes the unit to echo al...

Page 21: ...the optional Asentria SitePath secure unified administration portal software CPE Settings displays the Customer Premises Equipment CPE Settings menu where up to 64 different networked devices can be configured to communicate with the optional Asentria SitePath secure unified administration portal software Ethernet Settings Ethernet Settings displays the following menu where each of the two install...

Page 22: ...web server Default setting is ON Web Session Timeout sets the number of minutes 0 65535 minutes a connection may remain idle before expiring A setting of 0 means the connection will never automatically expire Default setting is 30 HTTP HTTPS Connection Port is the TCP port through which HTTP and HTTPS connections are made Default setting is Port 80 for HTTP and Port 443 for HTTPS Connect using htt...

Page 23: ... and Notification settings Settings previously in this menu Include Data and Time Include Site Name Include Sensor ID Include User Defined Name and Include User Defined State have been moved to the Alarm Event Definitions Event Message Settings menu because these settings now apply to more actions than SNMP traps Security Method toggles between MD5 DES and SHA AES to controls whether MD5 and DES o...

Page 24: ...FTP Settings SiteBoss 530 FTP Settings A FTP Push Enable OFF B FTP Server Address C Username Default FTP Username D Password E Account F Directory G Minutes Between Push Attempts 1440 H Select Files to Push I Remote File Names FTP Push Enable toggles between OFF and REGULAR Default setting is OFF FTP Server Address is the IP address or host name of the FTP server to push to Max length 64 chars Use...

Page 25: ...ctory you configured No data is pushed with this command Connection data displayed on the terminal screen is useful if the connection fails An immediate push of data can be done using the PUSHNOW command PPP Settings SiteBoss 530 PPP Settings A PPP Dialout Settings B PPP Hosting Settings C IP Routing D Route Test Settings PPP Dialout Settings displays settings pertaining to making outbound PPP net...

Page 26: ...it kills PPP when finished PPP Hosting Settings SiteBoss 530 PPP Hosting Settings A PPP Hosting Enabled OFF B Idle Connection Disconnect sec 60 C Local Device IP Address 192 168 105 1 D Remote Caller IP Address 192 168 105 2 PPP Hosting Enabled is an ON OFF toggle to enable inbound PPP connection hosting Default setting is OFF Idle Connection Disconnect sec sets the number of seconds 0 65535 to wa...

Page 27: ...g is ON Ethernet Interface toggles between ETH1or ETH2 to indicate which interface to use for the PPP connection Default setting is ETH1 Refer to the IP Routing section in the Features chapter for a detailed explanation of IP Routing Route Test Settings SiteBoss 530 Route Test Settings A Route Test Enable OFF B Minutes Between Tests 10 C IP Address 1 D IP Address 2 E IP Address 3 Route Test Enable...

Page 28: ... FILE1 Real Time Data Socket Setup A Real Time Socket Mode LISTEN B Show Answer String on Connection ON C Require Xon to Start Data Flow OFF D Idle Connection Close Timer 0 E Close Socket When File Empty OFF F Real Time Socket Push Hostname IP G Real Time Socket Push Port Number 3000 H Real Time Socket Push Retry Timer 5 Real Time Socket Mode toggles between LISTEN PUSH and OFF When set to LISTEN ...

Page 29: ...rap Capture Settings A SNMP Trap Capture Enable OFF B Store Collected Traps In FILE1 SNMP Trap Capture Enable is an ON OFF toggle to enable the capturing of SNMPv1 traps and SNMPv2c inform requests informs Default setting is OFF Store Collected Traps In sets the data file in which the collected traps informs are stored Default setting is FILE1 Refer to the SNMP Trap Capture section in the Features...

Page 30: ...DSL Glossary please refer to the ADSL Modem chapter later in this manual Start Mode toggles between MANUAL and AUTO to set how the DSL interface is to be raised Set this to MANUAL to require user intervention to raise the DSL interface or to let a VPN if it is configured to use DSL raise the DSL interface when the VPN needs to use DSL Set this to AUTO to tell the unit to automatically raise the DS...

Page 31: ...e use of VPNs can be found in the VPN chapter in this User Manual or in the SitePath User Manual Contact Asentria Technical Support for more information General Settings displays a sub menu where the VPN Mode On Demand Port as well as Active and SitePath VPN channels are configured VPN1 VPN2 display the configuration menu for each VPN Commissioning Settings displays a sub menu where all the parame...

Page 32: ...tePath rides ETH1 Ethernet1 ETH2 Ethernet2 PPPP POTS modem PPP if PPP is down unit will raise PPP to raise the VPN so long as PPP dialout is configured WPPP Wireless modem PPP if PPP is down unit will wait until a connection be established so long as Wireless modem is enabled DSL ADSL modem if ADSL link is down unit will raise ADSL to raise the VPN so long as it is configured This setting must mak...

Page 33: ...re Commissioning Settings SiteBoss 530 Commissioning Settings A IPsec Remote Private IP Address 0 0 0 0 B IPsec Commissioning Network 0 0 0 0 0 C Group Settings D Contact Name E Contact Number F Commissioning State Commission Unit Now G Commissioning IP Address 0 0 0 0 Commissioning is covered in detail in the SitePath User Manual Contact Asentria Technical Support for more information CPE Setting...

Page 34: ... other serial ports have plus a few more it will be described in the section below with differences in other ports mentioned when necessary Serial Port Menu SiteBoss 530 Serial 2 A Target Name I O 2 B Baud Rate 19200 C Data Format 8N1 D Handshaking NONE E Wrap Around OFF F Record Stamping G Character Masking ON H Data Alarm Enable OFF I Store Data To 2 J Store Alarms During Pass Through OFF K Dupl...

Page 35: ... Default setting is FULL Inactivity Timeout I O 2 only is the time 1 255 minutes before a serial connection with no activity will be terminated A setting of 0 means an inactive connection will not be terminated Default setting is 0 Port Mode sets the port function I O 1 toggles between DATA ACCESS READER and ESBUS DATA configures the port as an inbound RS232 data port ACCESS READER does not curren...

Page 36: ...llect Lines Before Start Record 0 G End Detection FORMULA H Line Count 0 I End Field 1 Character Position 0 J End Field 1 Text K End Field 2 Character Position 0 L End Field 2 Text Complex Multiline Record Enable is an ON OFF toggle to enable advanced multiline detection Default setting is OFF Start Field n Character Position sets the character position used to define the beginning of the multilin...

Page 37: ...ngth 126 chars Note Make sure to enter AT at the beginning of this initialization string Inactivity Timeout sets the number of minutes 0 255 to wait before disconnecting an idle modem connection A setting of 0 means the connection will never automatically expire Default setting is 0 Upon Modem Connect Go Directly To toggles through a list of actions to control what a user sees directly after conne...

Page 38: ...User Name G PPP Wireless Password H Default Route Enable OFF Note If the optional wireless modem Expansion Card is not installed in the S530 this menu is displayed but changing any of the settings will not do anything except for the PPP Wireless User Name and Password settings see below Note For a complete description of the setup and operation of the wireless modem please refer to the Wireless Mo...

Page 39: ... for setting the security mode as well as specific and general security settings Security Mode toggles between USER PROFILES and RADIUS to determine which Specific Security Settings menu to be displayed Specific Security Settings menu is determined by toggling Security Mode USER PROFILES causes option B Specific Security Settings to display the User Profile Security Settings menu where twelve indi...

Page 40: ... F Upon Login then Go To COMMAND G Set Pass through Pointer To FILE1 H Pass through Permissions I After PT ESC Takes User To MENU J PPP Connection ROUTING K Setup Status Rights MASTER L File Release Permissions M File Delete Permissions N Additional Authentication Options Enable This User Access is an ON OFF toggle to enable access for this user profile User Name Password sets the username and or ...

Page 41: ...but denies all routing to whatever LAN the S530 is connected to ROUTING enables Route Ethernet to PPP and Route PPP to Ethernet for the user but only if those settings are enabled globally NONE disables PPP access for the user Setup Status Rights toggles through the actions available to the user if they are given access to the command prompt Options are MASTER NONE VIEW ADMIN1 ADMIN2 and ADMIN3 Se...

Page 42: ...dentials of the user used to initiate the callback Max length 48 chars Authentication Settings SiteBoss 530 Authentication Settings A Local Command Requires Password OFF B Modem Callin Requires Password OFF C TCP IP Port 23 Requires Password ON D TCP IP Port 210x Requires Password OFF E TCP IP Port 220x Requires Password OFF F Username and or Password Required PASSWORD ONLY Authentication Settings...

Page 43: ...Default port is 1813 CHAP is an ON OFF toggle to set whether the unit uses CHAP Challenge Handshake Authentication Protocol authentication when using RADIUS ON sets authentication to CHAP OFF sets authentication to PAP Password Authentication Protocol Default setting is OFF Timeout sets the number of seconds 1 30 the unit waits for a response from the RADIUS server Default setting is 3 Retries set...

Page 44: ...ent Message Settings Class Table displays the menu for configuring event classification settings Data Alarm Filter Settings displays the menus for configuring serial data event monitors EventSensor Device Settings displays the menus for configuring internal and external sensors and modules that may be installed No Data n Alarm Settings displays the menus for configuring alarms based on period of t...

Page 45: ...S530 will stop processing more data event evaluations on a single record after it has found one match This should be disabled if it is possible to have more than one event in a record This is a global setting it applies to ALL configured data alarms Default setting is OFF Data Alarm Field Settings SiteBoss 530 Data Alarm Field Definition Table Start Length Line Type Name A Definition A 0 0 0 Alpha...

Page 46: ... Data Alarm Filter Settings menu then selecting one of the options which will give you a group of 16 data alarm filters 1 16 17 32 etc This will display a menu where you can select from those 16 data alarm options as follows SiteBoss 530 Data Alarm Filter Settings A Alarm Filter 1 OFF ALARM P Alarm Filter 16 OFF ALARM Q Next Alarm Filter Page R Setup Alarm Filter Fields S Display Alarm Status T Ex...

Page 47: ... reset Default setting is 1 Auto Clear when Threshold Reached is an ON OFF toggle to control whether the unit will clear the event counter each time the threshold is met Default setting is ON Alarm Counter Clear Interval sets an interval at which the unit should clear the match counter for an individual data event Available options are 2 hours 4 hours 6 hours 8 hours 12 hours Daily and Never The f...

Page 48: ...cluding contact closures temperature and humidity sensors analog voltage and current sensors and relays For the purposes of clarity all of these will be generally referred to as EventSensors ES unless a specific type of sensor or relay is being described Internal sensors are those on Expansion Cards that can be installed in the expansion bays on the back of the S530 External sensors are separate d...

Page 49: ...onsive Timeout 30 B Sensor Unresponsive Actions C Sensor Unresponsive Trap Number 50 D Sensor Unresponsive Class Info Sensor Unresponsive Timeout sets the time 10 65535 seconds to wait before declaring a non communicative EventSensor unresponsive Default setting is 30 Sensor Unresponsive Actions displays the Actions List a menu where the action string for the event is configured This field will be...

Page 50: ...ist in the Features chapter for more information Alarm Message sets the text string to be delivered with this event s alarms Default setting is No Data Timeout n Max length 126 chars Alarm Class sets the class for the alarm When this option is selected a list of the classes previously defined in the Class Table is displayed from which you can select one to be assigned to this No Data Alarm Trap Nu...

Page 51: ...ctions have been configured and will show SET if one or more actions have been configured Refer to Action List in the Features chapter for more information Event Message sets the text string to be delivered with this event s action Default setting is Scheduled Event n Max length 126 chars Event Class sets the class for the event When this option is selected a list of the classes previously defined...

Page 52: ...rm Enable is an ON OFF toggle to enable alarming on high or low handshaking levels Default setting is OFF Serial Handshaking Low High Alarm Actions displays the Actions List a menu where the action string for the alarm is configured This field will be empty if no actions have been configured and will show SET if one or more actions have been configured Refer to Action List in the Features chapter ...

Page 53: ...hat employ a trap numbering system to help identify incoming traps The default trap number for CPR Down Events is 511 but any number in the alternate range of 1000 1199 can be used Return to Normal Class sets the class for the alarm When this option is selected a list of the classes previously defined in the Class Table is displayed from which you can select one to be assigned to this alarm Event ...

Page 54: ...e Action Schedule Settings menu where actions can be limited to defined days and times Pager n Settings Menu SiteBoss 530 Pager 1 Settings A Pager Type NUMERIC B Pager Callout Number C Pager ID D Numeric Message E Post Callout Delay seconds 15 F Post ID Delay seconds 5 Pager Type toggles between NUMERIC and ALPHA to select the type of pager to call Default is NUMERIC Pager Callout Number sets the ...

Page 55: ...FF toggle to enable or disable forcing the unit to require an acknowledgment when first connecting and after each Asentria Alarm If disabled the S530 will allow non CRC mode where Asentria Alarms are delivered without waiting for any indication that the messages were properly delivered If enabled CRC mode is required by the S530 Refer to the Asentria Alarms section for more information about CRC a...

Page 56: ...Date Time menu where you can manage the clock daylight savings control and configure a networked time server Joinable Pass through is an ON OFF toggle to allow or disallow multiple user pass through sessions ON allows more than one user to connect on a pass through session OFF does not allow more than one concurrent pass through session and those attempting to join after the first user is connecte...

Page 57: ...be configured Max length 64 chars The S530 uses the following servers by default time nist gov 192 43 244 18 Boulder CO time b nist gov 129 6 15 29 Gaithersburg MD Event Log Settings The Event Log is a record of all data events that occur within the S530 SiteBoss 530 Event Log Settings A List Events File B Clear Events File C Enable Events Log File ON D Maximum File Size 32 E Store Data Alarm Reco...

Page 58: ...larms ON L Store Pass through Activity ON M Store Inactivity Timeouts ON N Store Polling Activity ON List Audit Log File displays the contents of the Audit Log file if any records exist Clear Audit Log File purges the records within the Audit Log file Records in the Audit Log File are deleted immediately when this option is selected so make sure you want to do this before selecting Enable Audit Lo...

Page 59: ...d password that has MASTER rights 2 Type hash at the FTP prompt This is optional it just creates hash marks while the file is transferring so you can see something happening 3 At the next FTP prompt type put drive directory update filename For example put C upgrades 530 x yy zzz std a71 udf 4 Hash marks will now appear to show you that the file is transferring When the transfer is complete you wil...

Page 60: ...n any order or number not all settings need to be uploaded each session As with SK GET both ASCII and Xmodem transfer methods may be used to upload settings to the unit These transfer methods are indicated by using the X and A attributes respectively The S530 monitors for invalid Setting Keys and will notify you after the upload if any invalid data was received When using SK SET in ASCII mode the ...

Page 61: ...gather data to help troubleshoot why the RADIUS user cannot log in If you are logged into the unit you can put traffic on any network to which the unit is connected For example pinging a host on the network FTP ing to it SSH ing to it Telnet ing to it Therefore good security comes from making it so no unauthorized persons have access to the unit This is something you must ensure with the User Prof...

Page 62: ...2 times per second at which point the front panel LEDs will flash briefly for several seconds giving the user immediate Console access using the default MASTER username and password These are the settings that are defaulted by this process sec mode reset to USER PROFILES sec consolereq reset to OFF sec connectvia reset to every method of connecting admin password MASTER credentials for the user pr...

Page 63: ... 2101 refers to the telnet passthrough connection made on serial port 1 Port Address 200x A connection to port 200x is just like a regular Telnet connection to port 23 except it sets the default file for retrieving data or the default port when the BYPASS command is given Port Address 210x A connection to port 210x routes you directly to the device connected to the corresponding serial I O port A ...

Page 64: ...rewalls at customer sites the unit must initiate any kind of network traffic SitePath cannot ordinarily initiate a VPN to a unit deployed behind a firewall For this reason a lightweight UDP network channel is implemented called the Unit SitePath Channel USC When the VPN is not up the USC is used to control when the VPN must be raised When the VPN is up the USC which then operates over the VPN is u...

Page 65: ... to consider when the unit sends data to SitePath 1 the VPN status if it is down it needs to be raised 2 the authorization status all types of traffic sent over the VPN first needs to be authorized to be able to use the VPN and this is negotiated over the VPN with SitePath before that type of traffic e g email alarms etc is commenced Once a type of traffic is authorized for a VPN it remains author...

Page 66: ...or load settings onto the unit By contrast when a unit is commissioned under full trust SitePath always has the authority to load settings and updates In the unit web UI these two settings are represented by the Trust SitePath to load settings updates controls in the Commissioning page These two drop down controls are yes or no but the actual values of the settings are are access levels 0 7 In a m...

Page 67: ...way that the end user authorizes and denies access to the unit from SitePath is by browsing to the General Commission Settings Network CPE Devices section of the unit web UI For each CPE the end user can choose to deny authorize indefinitely authorize for a set of preset durations 1 hour 6 hours 24 hours When authorizing for these durations it means that a timer is set for each CPE for the chosen ...

Page 68: ... IP address or DNS name of the NAT ing firwall viewable from the unit that will route the VPN connections to the server Note that if you use a DNS name you must have DNS configured on the unit Sometimes DNS can be configured automatically when you choose DHCP Ethernet addressing and the net dns mode to be ETH1 DCHP or ETH2 DHCP What network medium network interface should my VPN use Depending on t...

Page 69: ... SSL VPN certificates and other authentication data associated with the VPN The SSLC command takes a variety of command line arguments that tell it what to do These arguments are mainly broken down into actions and items actions o add add an item load it into the unit o list list an item display what is already in the unit o delete delete an item items o certificate o key o CA certificate o DH par...

Page 70: ... look to figure out what you need to configure on the unit The unit essentially maintains the same configuration file but you cannot edit it directly Instead you specify settings via the unit s setting keys and then the unit generates the configuration file from the setting keys Some keys are specific they specify the VPN protcol and VPN port or the certificate to use The previous answers in this ...

Page 71: ...net vpn x remote host key to specify this address Also if firewalls separate the unit and the server you should be aware of the firewall configuration so that the firewall routes traffic to the address on which the server is listening The port and proto items specify what TCP UDP port is used The values for these items should match the values for the net vpn x ssl port and net vpn ssl x proto keys...

Page 72: ...nd a frame to the client no less often than 15 seconds and restart the VPN after 60 seconds This does not require the unit to have a similar configuration although it is recommended that the unit is configured with the ping and ping restart items so that the unit does not think the VPN is up when the physical connection is broken The verb 3 item specifies the verbosity level of the OpenVPN syslog ...

Page 73: ...y when the unit starts If yes then set net vpn x startmode to AUTO PASSIVE If no then set it to MANUAL When in MANUAL startmode start the VPN by setting net vpn x cmd 1 Note that this is different than manually starting an SSL VPN client Once started the VPN will listen until told to stop either by setting net vpn x cmd 0 or by the unit resetting when the VPN is in MANUAL startmode Can multiple VP...

Page 74: ...te its own SSL authentication key certificate You must do this with another OpenVPN server installation and load the certificates keys DH parameters and possibly TLS auth key if you choose the extra layer of security that TLS auth provides on the unit with the SSLC command It is recommended you use the SSLC command either in a trusted network environment via Telnet or via SSH This is for two reaso...

Page 75: ...the unit minus any configuration items that the unit handles automatically for you First let s go over what a generic key is A generic key is of this form net vpn x ssl conf y where y is a number between 1 and 16 For example by default the cipher is BF CBC 128 bit Blowfish CBC You can change this to be stronger with say AES 256 CBC 256 bit AES CBC with the following setting net vpn 1 ssl conf 7 ci...

Page 76: ...d key The unit must be configured with a certificate and key using the SSLC command Note also that if the server certificate is generated with the nsCertType value of server then you can add the ns cert type server config item to the client configuration as an extra layer of authentication The tls auth etc openvpn tlsauth key item specifies the key used for the additional HMAC layer If the client ...

Page 77: ...and override via this net default router setting The values you may choose for this setting i e router addresses are the set of routers which you have specified for Ethernet the ADSL interface peer if you have ADSL hardware installed represented as DSL that which is determined by dynamic network interfaces represented as DYNAMIC DYNAMIC is always a possible value for the default router It simply m...

Page 78: ...r the peer of a PPP connection be it wireless or PSTN If you specify an interface regardless of specifying a gateway then the frame will be transmitted out that interface If it is an Ethernet interface then the destination address which matches the destination net of the route will be arped If it is a PPP interface then the frame which matches its route will be transmitted to the PPP peer Note Spe...

Page 79: ...st is exclusive by default so if you define a single IP address that one is allowed access while all others are denied Wildcards are also available to allow or deny access to larger groups of IP addresses 0 and 255 serve as wildcards for access and no access respectively For example an IP restriction of 0 0 0 0 would allow all access to the unit where 255 255 255 255 would allow none More practica...

Page 80: ...routed frames egressing the unit on the PPP interface sec user ppptype This is a per user setting which controls whether the user under which the PPP session was authenticated can actually route frames to one of the unit s local networks It is for added security Multihomed units only S530 net eth nat This setting controls whether the unit does NAT on routed frames egressing the unit on this interf...

Page 81: ...here the fields occupied by A F are A generic trap number position 6 length 2 padded with 0s The generic trap number indicates the generic trap type of which there are 7 0 coldStart 1 warmStart 2 linkDown 3 linkUp 4 authenticationFailure 5 egpNeighborLoss 6 enterpriseSpecific B specific trap number position 8 length 5 padded with 0s C date the trap was received in MM DD YY format position 15 lengt...

Page 82: ...dgement which provides confirmation that it was delivered Configuration SNMP Informs are configured using the following Setting Keys net snmp ntfn attempts This is the number of attempts of sending a notification trap inform per cycle that is the initial attempt retries If this is 0 then there is 1 infinite cycle net snmp ntfn timeout This is the number of seconds between 2 attempts to send an SNM...

Page 83: ...ers that the unit will register as an authentic escape sequence That is you can set this to 1 4 second meaning that in order to escape passthrough you must enter the escape sequence with at least 1 4 second between each escape The point is to make the unit disregard escape sequences that happen from the passthrough data itself which is assumed to travel across the link without pauses between the e...

Page 84: ...u have some device on I O 6 that requires the serial break condition to wake up If you access the unit and enter passthrough mode to I O 6 and you want to enter Ctrl Break to apply the break condition and have it do that just once per passthrough session configure this serial 6 pt breakchar 3 serial 6 pt breakcount 1 Ctrl Break at least on Windows PCs sends ASCII character 0x03 down the wire so th...

Page 85: ...ier was not negotiated Numeric pages do not fail to dial since nothing is actually negotiated After dialing if the call is successful then called number s failure count is set to 0 Benefit This enables the unit to not continually dial a number if the number has been shown to be unresponsive in order to be a good citizen on the telephone network Configuration There are no settings or UI associated ...

Page 86: ...find it not authentic and silently discard the response In this case it is as if the unit had received no response at all So from the perspective of the unit a response from a RADIUS server is one that is both received and authentic If no response arrives after the timeout or if the unit could not transmit to the server in the first place the server was unreachable because for example no network l...

Page 87: ...sword is not transmitted to the unit from the user unlike PAP Instead the unit first provides the user with a CHAP challenge The user provides the username CHAP ID and CHAP response which is generated from both the challenge and the user s password The user uses some local program to generate a CHAP response based on the user s password CHAP ID and CHAP challenge The CHAP ID is just a number betwe...

Page 88: ...DIUS accounting start and accounting stop messages to the RADIUS server that authenticated the user when that user s login session begins and ends respectively If the RADIUS accounting UDP port sec radius acct port is set to 0 then the unit will not send accounting information For example when a user logs in with RADIUS in PAP mode to the console port the unit does the following four things to or ...

Page 89: ...per second at which point the front panel LEDs will flash briefly for several seconds The user will then have immediate Console access using the default MASTER username and password o sec mode to USER PROFILES o sec consolereq to OFF o sec connectvia to every method of connecting o admin password MASTER credentials for the user profile appropriate to the product o IO2 mode set to COMMAND if applic...

Page 90: ...er x rights FTMLPW Asentria File1 Read Access DENY ALLOW sec user x file 1 readaccess FTMLWR Asentria File2 Read Access DENY ALLOW sec user x file 2 readaccess FTMLWR Asentria File3 Read Access DENY ALLOW sec user x file 3 readaccess FTMLWR Asentria File4 Read Access DENY ALLOW sec user x file 4 readaccess FTMLWR Asentria File5 Read Access DENY ALLOW sec user x file 5 readaccess FTMLWR Asentria Fi...

Page 91: ...FTMLWR Asentria File7 Write Access DENY ALLOW sec user x file 7 writeaccess FTMLWR Asentria File8 Write Access DENY ALLOW sec user x file 8 writeaccess FTMLWR Asentria File9 Write Access DENY ALLOW sec user x file 9 writeaccess FTMLWR Asentria File10 Write Access DENY ALLOW sec user x file 10 writeaccess FTMLWR Asentria File11 Write Access DENY ALLOW sec user x file 11 writeaccess FTMLWR Asentria ...

Page 92: ...taccess TMLWP Asentria Port15 PT Access DENY ALLOW sec user x port 15 ptaccess TMLWP Asentria Port16 PT Access DENY ALLOW sec user x port 16 ptaccess TMLWP Asentria Service Type LOCAL MODEM TELNET PASSTHROUGH FTP RTS WEB PPP SSH N A N A The final column Required by connection method lists the connection methods that require the attribute Here is what the letters mean for this column F FTP T Telnet...

Page 93: ... secret sec radius fallback mode NONE or USER PROFILES sec radius auth port UDP port that server uses for authentication authorization sec radius acct port UDP port that server uses for accounting or 0 sec radius chap ON or OFF sec radius timeout timeout in seconds 1 to 30 sec radius retries number of retries 0 to 30 Example Say you want to configure user bob to access the unit s modem command pro...

Page 94: ...og in then you have locked yourself out of the unit If the reason you cannot log in cannot be attributed to a configuration error on the RADIUS server then you must use the unit s fallback options for getting access to the unit again the RADIUS fallback mode or the button unlock feature From there troubleshooting steps can be taken to see why login failed Please contact Asentria Technical Support ...

Page 95: ...press Enter 4 Select Field Length When prompted to enter a new value enter 4 and press Enter 5 Select Field Name and enter TEST_FIELD then press Enter 6 Press Enter to return to the Field definition Table If configured properly the data event field should appear in this menu 7 Press Enter to return to the Data Alarm Filter Settings menu From here select the Data Alarm Settings menu Alarm Filter Pa...

Page 96: ...a Alarm Enable setting to ON 3 Press CTRL C to return to the command processor Testing Connect to the unit serially on I O 1 and type the word test followed by Enter This should trigger the above data event and an SNMP trap should be sent to SNMP Manager 1 If this is not the case double check the network and data event settings and then call Asentria Technical Support Note There will be a 30 secon...

Page 97: ...olated in a equation an alarm will not be generated nor will an error be presented Note There may be times when two or more fields are necessary to analyze one piece of data For example if a time is represented in hh mm format some calculations may require two different fields Other times wildcards will do the job of masking out non important characters just fine The data alarm equations used in t...

Page 98: ...p to 160 characters in length The macro name is the name by which the macro is referenced in any data alarm equation and can be up to 16 characters in length Macro names are subject to these restrictions Macro names and data field names are not case sensitive therefore DLT35 and Dlt35 are equivalent A macro cannot be given the same name as a data field or another macro The following names are rese...

Page 99: ...8 0000010 N 028 00 DN1197 T001020 02 25 09 19 00 04 30 A 5552530948 0000011 N 029 00 DN6063 T001033 02 25 09 23 00 00 16 A 5557458535 0000012 N 030 00 T002019 DN6447 02 25 09 23 00 00 10 Alarm records 0000001 N 019 00 DN1042 T001034 02 25 09 21 00 00 50 A 5558481677 DA 1 0000001 N 019 00 DN1042 T001034 02 25 09 21 00 00 50 A 5558481677 DA 2 0000011 N 029 00 DN6063 T001033 02 25 09 23 00 00 16 A 55...

Page 100: ...is action list as part of a group identified by groupname not currently used In a future version this will be used to cancel or postpone groups of action lists ID id idname Identify this action list by idname Inform inform ipaddress or index Send an SNMP inform to a specific IP address or index which refers to an IP address or host name configured in the Action Definitions menu Malert malert phone...

Page 101: ... cannot be ARPed if the above two conditions exist and PPP cannot be raised as a backup route Each action can take a varying amount of time depending on what s going on in the unit E g a trap may take less than a second to send if there is a route for it on a network interface that is already up like Ethernet Otherwise if the unit is configured to bring up PPP in case the trap cannot be sent on an...

Page 102: ...ring which is a string value which is the standard concatenated alarm message string used for this and other alarms messages in the S530 The stockTrapString message format looks like this Date Time SiteName Sensor Pod Bank name Sensor Point Name Alarm Alias For example the stockTrapString might actually look like this 10 24 06 43 San Diego Site 12 Sensor Pod 12 Cabinet Temp Temperature Very High F...

Page 103: ...otice A notice is a piece of data formatted in printable ASCII a set of lines delimited by CRLF Each line is of the format field data CRLF The first line has field ID without the quotes The last line has field TEXTx without the quotes where x is some number between 1 and 30 The particular format the describes the alarm and is one of the actions that can be configured for each alarm A notice that r...

Page 104: ...ria Alarm is transmitted with some extra control characters and a CRC and the remote host is required to acknowledge each alarm in a certain format After all Asentria Alarms have been delivered the box waits for 20 seconds for any type of keystroke If a keystroke is detected the box will present a login menu Initial header Note Please see the Control Characters appendix for more information about ...

Page 105: ... SOT Date 10 23 09 Time 10 30 02 TargetPort TargetName AlarmType Data Alarm AlarmName Test Alarm Threshold 0 Severity Critical Text1 text record line Text2 text record line ETX XX CR LF CR LF The alarm ID indicates the index number of each alarm delivered during a call This number restarts at 1 for each new call The severity line represents the Class value defined for this alarm Up to twelve lines...

Page 106: ...wing limitations The user cannot specify the order of event message items The user CAN specify which items are included in event message using the existing mechanism The event class is not included If the event message is too large to fit into the allowed SMS message size it will be broken up into multiple SMS messages Pager Alarms Note requires dial up modem Pager alarm messages contain a concate...

Page 107: ...at determines whether an event will be triggered when the contact closure circuit is opened or closed The default state is CLOSED Threshold is the number of seconds 0 255 the sensor must remain in the event state before an actual event occurs Event State Return to Normal Actions displays the Actions List a menu where the action string for the event is configured This field will be empty if no acti...

Page 108: ...of Low or Very Low the alarm will occur as the temperature drops below the setting Return to Normal Settings displays a menu where the actions to occur when the temperature returns to normal drops below the High Very High settings or rises above the Low Very Low settings can be configured Very High High Low Very Low Event Settings Setup SiteBoss 530 External Temperature Event Settings Device Numbe...

Page 109: ... Number 3 Device ID ESTH00042 Device Name Test ES TH A Humidity Sensor Enabled OFF B Humidity Deadband 3 C Very High Event Settings 90 130 Info D High Event Settings 80 130 Info E Return to Normal Settings 130 Info F Low Event Settings 20 130 Info G Very Low Event Settings 10 130 Info Humidity Sensor Enabled is an ON OFF toggle to enable the humidity sensor Humidity Deadband is the range on either...

Page 110: ...ns have been configured Refer to the Action List for more information Return to Normal Event Trap Number sets the trap number which can be useful when using SNMP trap managers that employ a trap numbering system to help identify incoming traps The default trap number for Humidity Events is 130 but any number in the alternate range of 1000 1199 can be used Return to Normal Class sets the class for ...

Page 111: ...r side of a voltage setting that prevents the alarm from repeatedly going in and out off the alarm state as the actual voltage fluctuates above and below the voltage setting Very High High Low Very Low Event Settings displays a menu where the voltage at each level can be configured to alarm along with the action s to occur trap number and class In the case of Very High or High levels the alarm wil...

Page 112: ...ing SNMP trap managers that employ a trap numbering system to help identify incoming traps The default trap number for analog events is 140 but any number in the alternate range of 1000 1199 can be used Return to Normal Event Class sets the class for the event When this option is selected a list of the classes previously defined in the Class Table is displayed from which you can select one to be a...

Page 113: ...menu except for Internal Sensors Return to the Sensor Events menu to assign it a new slot if desired and reconfigure it Relay n SiteBoss 530 Internal Relay Event 1 A Relay Name B Relay Active State CLOSED Relay Name is a text entry field that allows you to name this relay Relay Active State toggles CLOSED OPEN to set whether the relay will close or open when activated Default setting is CLOSED ...

Page 114: ... EventSensor Reporting Settings SiteBoss 530 EventSensor Reporting Settings A EventSensor Report To IP 0 0 0 0 B EventSensor Report To Port 4000 C Enable EventSensor Reporting Host OFF D EventSensor Reporting Host Port 4000 Options A B are configured on the client unit A is where you enter the IP address of the host S530 and B is where you select a TCP port to use Options C D are configured on the...

Page 115: ...r Tech Support support asentria com DIP Switch Settings Defines up to 16 address locations Note that the DIP switch is numbered from left to right 1 through 4 The Most Significant Bit MSB is switch location 1 1 DIP Switch up 0 DIP Switch down DIP SW Slot DIP SW Slot DIP SW Slot DIP SW Slot 0000 1 0100 5 1000 9 1100 13 0001 2 0101 6 1001 10 1101 14 0010 3 0110 7 1010 11 1110 15 0011 4 0111 8 1011 1...

Page 116: ...in the appropriate settings event sensor x humid y callowin low indicated value event sensor x humid y callowout low reference value event sensor x humid y calhighin high indicated value event sensor x humid y calhighout high reference value For example if the eventsensor 1 indicated 23 RH when the reference indicated 30 R and the eventsensor indicated 84 RH when the reference indicated 90 RH then...

Page 117: ...ng to the relays A device drawing 1A while powered up can draw many times that upon power up This is especially true with capacitive or inductive circuits Action Definition Relays actions are defined in the Action List and below Relay definitions are somewhat more complicated than other sensors in that they must declare the action to perform which sensor the relay is on and which relay on that sen...

Page 118: ...xt to be included in the command prompt setting values can be embedded using a special syntax setting_key_name If this construct is used the value of the specified setting key replaces the construct If the setting key is not accessible for any reason invalid key insufficient user access level etc ERROR is displayed instead To make the system prompt blank set sys prompt to a null value i e sk sys p...

Page 119: ...r Display status screen STATUS or Display the status screen STATUSW or STATUS WIRELESS or WIRE or WIRELESS Display status of wireless modem STATUSW or STATUS WIRELESS or WIRE or WIRELESS Display the status of the wireless modem Setup Commands Command Summary Syntax Description BYPASS Access serial ports BYPASS port_number Provide pass through terminal access between the user and the input port SK ...

Page 120: ...igured action IP hosts action host If you supply an argument then the unit interprets it as a specific host IP or DNS name to which you want one test alarm sent DOMAIL Test emails DOMAIL Sends a test email to all defined email addresses DOPAGE Test pagers DOPAGE Sends a test page to all defined pagers DOTRAP Test traps DOTRAP Sends a test trap to all defined trap managers DOSMS Test SMS DOSMS Send...

Page 121: ... read all keys and be prompted for transfer method sk get a read all keys at terminal sk get x read all keys via xmodem transfer sk set write keys and be prompted for transfer method sk set a write keys at terminal delimit with end on line by itself sk set x write keys by transferring a file of them via xmodem to the unit sk get a custom read non default keys at terminal sk get a net read all net ...

Page 122: ... BusyBox v1 00 2009 09 19 20 48 0000 multi call binary Usage telnet HOST PORT Telnet is used to establish interactive communication with another computer over a network using the TELNET protocol TRACEROUTE TRACEROUTE Version 1 4a5 Usage traceroute dFInrvx g gateway i iface f first_ttl m max_ttl p port q nqueries s src_addr t tos w waittime host packetlen XF XF Usage XF X Y Z T F S A GET PUT filena...

Page 123: ...e NOT hot swappable 2 Unplug the telephone cord from the internal modem if connected This MUST be done before removing any expansion port cover plates 3 Remove the two screws for any expansion bay cover plate and set the plate aside 4 Carefully remove the Expansion Card from its protective ESD bag and slide it into the plastic rails inside the expansion bay Visually confirm that the card is in bot...

Page 124: ...cribed below Changing any of these settings should be done with net wireless mode set to OFF otherwise unexpected behavior may occur Setting Keys Following are the Setting Keys used to configure the wireless modem card All of the Setting Keys below can also be configured in the Setup menus listed in parenthesis after each net wireless mode Setup Modem Settings Wireless Modem Settings Enables or di...

Page 125: ...eless Modem SiteBoss 530 Wireless Modem Settings A Mode OFF B APN C PIN D Idle Timeout minutes 5 E Band GPRS only DUAL 850 1900 F PPP Wireless User Name G PPP Wireless Password H Default Route Enable OFF Operation With net wireless mode set to PERMANENT depending on the type of modem installed the unit attempts to maintain a connection to the wireless network at all times If the connection goes do...

Page 126: ... the following w info Wireless Modem Information Network Registration Registration Status Registered to home network Location Area Code 0xCB52 52050 Cell ID 0xCC89 52361 Signal Strength 5 of 5 bars 0 00 06 ago Subscriber and Equipment IMSI 310410169697053 Phone Number 12069137572 Local IP Address 166 130 3 202 Manufacturer ID SIEMENS Model ID MC75 IMEI 010644000067887 Revision ID REVISION 03 010 N...

Page 127: ...es remote DSLAMs The abbreviations DSL and ADSL are used interchangably in this documentation where DSL is written ADSL also applies unless the difference is explicitly specified Certain terms and acronyms are used throughout this guide that may require further explanation These are hyper linked to the DSL Glossary at the end of the guide Configuration The ADSL modem can be configured via two meth...

Page 128: ...n the case where the DSL link is active This is essentially inaccessible from the outside world because it is completely firewalled on the unit This is provided for you by your DSL provider Value is a dotted quad IP address net dsl mask This controls the mask used on the DSL interface This is provided for you by your DSL provider It is applicable only when net dsl type is STATIC Value is a dotted ...

Page 129: ...net dsl command 0 Once the interface is activated you can use it as an outbound only interface It is completely firewalled to the Internet The only traffic allowed in is traffic associated with existing connections meaning all connections must originate from unit Pinging ICMP TCP and UDP traffic is the only traffic allowed and this traffic must originate from the unit Data on the ADSL connection c...

Page 130: ...n intermediate level of availability moreso than value 1 there is no address usable with the ISP but the DSL is trained and the unit has good communication with its DSL modem 3 means the interface is fully activated DSL is trained and there is an address usable with the ISP These values are analagous to modem LEDs seen on some DSL routers power link DSL Internet 0 can be though of as power 1 can b...

Page 131: ... frame whose destination address matches a rule in the routing table Routing table entries are examined from most restrictive to least restrictive so the default routing table entry is the last entry in the table since it is the least restrictive It is the catch all route it tells the unit how to send a frame when it doesn t know how else to send it The only routes on the unit at this time are net...

Page 132: ...net host from the unit Once it is verified good proceed to configure machines which will use the unit as a DSL router On these machines set their default router to the unit s Ethernet IP address address that is on the same subnet as these machines Optionally you can configure this same address as a DNS server for these machines Test the routing connection by pinging an Internet host from these mac...

Page 133: ...und noise The higher the ratio the less obtrusive the background noise is Trained This refers to the general ability of a modem to adjust itself to optimize the communication channel When a modem modulates data on a line the communication infrastructure degrades the data Some of this degradation is due to noise and some of it is due to the modem s own echo Part of training the modem also sometimes...

Page 134: ...able switch is changed to the disable position the host unit will immediately shut down The host unit cannot be started up from the battery This is because battery relay which connects the battery power to the system is open when no power is applied it gets closed once the unit starts up and the battery manager application runs Only at that point does battery power become available The status of t...

Page 135: ... X X DUPLEX X X X X EXIT X X X X X X FTP X X X X X GET X X X X X HELP X X X X X X LOGOFF X X X X MODEMTALK X PING X X X X PROMPT X X X X PUSHNOW X X X X PUSHTEST X X X X RELOADALL X X X X X X RESTART X X X X X X SENSORS X X X X X SETUP X X X X SK X X X X X STATUS X X X X X TESTTIME X X X X X TYPE X X X X X VER X X X X X WIRELESS X X X X XF X X X X X Setup Menu Permissions Settings View Admin1 Admi...

Page 136: ...ledge BEL 7 07 G Bell BS 8 08 H Backspace HT 9 09 I Horizontal tab LF 10 0A J Line feed VT 11 0B K Vertical tab FF 12 0C L Form feed CR 13 0D M Carriage return SO 14 0E N Shift Out SI 15 0F O Shift In DLE 16 10 P Data link escape DC1 17 11 Q XON DC2 18 12 R Device control 2 DC3 19 13 S XOFF DC4 20 14 T Device control 4 NAK 21 15 U Negative acknowledge SYN 22 16 V Synchronous idle ETB 23 17 W End t...

Page 137: ...iscontinue your service If possible they will notify you in advance If advance notification is not possible you will be notified as soon as possible Your telephone company may make changes in its facilities equipment operations or procedures that could affect proper functioning of your equipment If they do you will be notified in advance to give you an opportunity to maintain uninterrupted telepho...

Page 138: ...s digital apparatus does not exceed the Class A limits for Radio noise emissions from digital apparatus set out in the interference causing equipment standard entitled Digital Apparatus ICES 003 of the Department of Communications AVIS L étiquette du ministère des Communications du Canada identify le materiel homologué Cette étiquette certifie que le matériel est conforme a certaines normes de pro...

Page 139: ...son du circuit bouclé peut etre constituée de n import quelle combinaision de dispositif pourvu que la somme des indices de charge de l ensemble des dispositifs ne dépasse pas 100 L indice de charge de cet produit est 5 Cet appereil numérique respecte les limites de bruits radioélectriques applicables aux appareils numériques de Classe A prescrites dans la norme sur le matériel brouilleur Appareil...

Page 140: ...ce under this warranty This warranty applies if your S530 fails to function properly under normal use and within the manufacturer s specifications This warranty does not apply if in the opinion of Asentria Corporation the unit has been damaged by misuse neglect or improper packing shipping modification or servicing by other than Asentria or an authorized Asentria Service Center In no event shall A...