manualshive.com logo in svg

AMX NetLinx Master-Ethernet Card/Module NXC-ME260, Programming Manual

Share
Download
AMX NetLinx Master-Ethernet Card/Module NXC-ME260 Programming Manual Download Page 132

Appendix A: IPSec Configuration File

124

NI Series WebConsole & Programming Guide

Internet Key Exchange (IKE)

ikeAddPeerAuth 

ikeAddPeerAuth

NAME

ikeAddPeerAuth 

– add a peer's authentication information

SYNOPSIS

ikeAddPeerAuth=configString

DESCRIPTION

This rule is used to specify IKE authentication information between the host and a peer. This 
rule may be called multiple times to define a set of peers with which the host will conduct IKE 
negotiations.

NOTE

Specifying KEYPFS to this function will not enable perfect forward secrecy when negotiating 
with the peer unless a DHGROUP is also specified in the Phase 2 attributes, set via 
spdSetPropAttrib.

Rule Value:

configString

A string formatted as follows:

peerIpAddress,interfaceIpAddress,proposalName,PFS, 

authenticationMethod,authenticationInfo

where

peerIpAddress

 is the address of the IKE peer.

interfaceIpAddress

 is the local IP address that is to communicate with the peer.

proposalName

 is an existing Phase 1 proposal name, defined via ikeSetProp.

authenticationMethod

 is PSK (pre-shared key) or RSA (certificate support).

authenticationInfo

 depends on authenticationMethod. See below.

When authenticationMethod is PSK, authenticationInfo is the pre-shared key, represented as 
printable ASCII.
When authenticationMethod is RSA, authenticationInfo is a string formatted as follows:

localKey,localKeyPassword,localCertificate[,PEER_CERT,peerCertifica

te] 

localKey

 - The filename where the local peer's key is stored.

localKeyPassword

 - The password for the local peer's key. Specify NOPASS if there is no 

password. Note that the maximum password length is 
MAX_PRIVATE_KEY_PASSWORD_LENGTH.

localCertificate

 - The filename where the local peer's certificate is stored.

peerCertificate

 - The filename where the remote peer's certificate is locally stored. If 

PEER_CERT is specified, any certificate payload(s) received from the remote IKE peer 
during IKE phase 1 negotiation will be ignored and the certificate specified in 
peerCertificate will be used to authenticate the remote peer.

All keys and certificates are stored on the local file system, in the directory set by the project 
facility parameter IKE_CERT_PATH.

Summary of Contents for NetLinx Master-Ethernet Card/Module NXC-ME260

Page 1: ...WebConsole Programming Guide NetLinx Integrated Controllers Last Revised 10 31 2008 NI Series NetLinx Integrated Controllers NI 700 900 NI 2000 3000 4000 NI 2100 3100 4100 NI 3101 SIG NXC ME260 64 ...

Page 2: ...rked on the outside of each box The RMA is valid for a 30 day period After the 30 day period the RMA will be cancelled Any shipments received not consistent with the RMA or after the RMA is cancelled will be refused AMX is not responsible for products returned without a valid RMA number AMX is not liable for any damages caused by its products or for the failure of its products to perform This incl...

Page 3: ...Configuring the NI Controller for Ethernet Communication 8 Using the ID Button to Change the Master Device Value 8 Obtaining the NI Controller s IP Address using DHCP 9 Assigning a Static IP to the NI Controller 11 Communicating Via an IP 12 Verifying the Firmware Version On the Master 14 Upgrading the On board Master Firmware via an IP 15 Upgrading the NI Controller Firmware Via IP 17 If The Conn...

Page 4: ...ifying the Properties of an Existing Group 38 Deleting a Group 39 System Security User Level 40 Adding a New User 40 Viewing and Editing User Security Settings 41 Deleting a User 41 WebConsole System Options 43 System Overview 43 System Manage System 43 Manage System System Number 44 Changing the System Number On the Master 44 Using Multiple NetLinx Masters 44 Resetting the Master Controller to th...

Page 5: ...er NetLinx Programming API 64 System Manage License 64 Adding A New License 64 Removing a License 65 System Manage NetLinx 66 System Manage Devices 68 Manage Devices Device Options 68 Configuring Device Binding Options 68 Managing Device Modules 69 Manage Devices Bindings 70 Configuring Application Defined Devices 71 Application Devices and Association Status 72 Viewing Physical Device Properties ...

Page 6: ...ing a Terminal Connection Via Telnet 98 Terminal Commands 99 ESC Pass Codes 113 Accessing the Security Configuration Options 113 Setup Security Menu 115 Security Options Menu 116 Edit User Menu 117 Edit Group Menu 117 Access Rights Menu 118 Adding a Group 118 Edit Group Menu Add Directory Association 119 Default Security Configuration 120 Telnet Diagnostics Commands 121 Logging Out of a Terminal S...

Page 7: ...anual Key Manager MKM 138 mkmAddBypass 138 mkmAddDiscard 139 mkmAddTransport 140 mkmAddTunnel 141 mkmSetInboundAH 142 mkmSetInboundESP 143 mkmSetOutboundAH 144 mkmSetOutboundESP 145 Sample IPSec Configuration File 146 IPSec Web Configuration Interface 147 Appendix B Clock Manager NetLinx Programming API 149 Types Constants 149 Library Calls 150 ...

Page 8: ...vi NI Series WebConsole Programming Guide Table of Contents ...

Page 9: ...ifying and communicating with devices which support this beaconing technology Refer to the Manage Devices Device Options section on page 68 for more detailed information on the use of Dynamic Device Discovery DDD About This Document This document describes using the on board Web Console as well as NetLinx send commands and terminal communications to configure the NI Controllers Each major section ...

Page 10: ...nnect and communicate with the on board Master via the Program port Set the System Value being used with the on board Master Re assign any Device values You can then either get a DHCP Address for the on board Master or assign a Static IP to the on board Master Once the IP information is determined rework the parameters for Master Communication in order to connect to the on board Master via the Eth...

Page 11: ...this document we will refer to Bonjour for Windows It is free and widely available for download If you don t already have it installed on your PC download and install Bonjour for Windows before you begin Connecting to a Network with a DHCP Server By using the Controllers s zeroconf feature and the Bonjour for Windows plug in utility multiple devices can be installed and configured on the network w...

Page 12: ...Overview 4 NI Series WebConsole Programming Guide FIG 1 Internet Explorer with BonJour plug in ...

Page 13: ...Overview 5 NI Series WebConsole Programming Guide ...

Page 14: ...Overview 6 NI Series WebConsole Programming Guide ...

Page 15: ...n with the Controller via the PROGRAM DB9 port 1 Launch NetLinx Studio 2 x default location is Start Programs AMX Control Disc NetLinx Studio 2 NetLinx Studio 2 2 Select Settings Master Communication Settings from the menu bar to open the Master Communication Settings dialog box 3 Click the Communications Settings button to open the Communications Settings dialog 4 Click the NetLinx Master radio b...

Page 16: ...ic IP Address by selecting the Specify IP Address radio button enter the IP parameters into the available fields then click the SET IP Information button to retain the pre reserved IP Address to the Master and then click the Reboot Master OK buttons to finish the process 4 Repeat steps 1 5 from the previous section but rather than selecting the Serial option choose TCP IP and edit the settings to ...

Page 17: ...to read the device value of the NI Controller and assign it to the new value entered in step 2 Once the swap has been successfully made a red Successful Identification Made field appears The previous Device and System numbers of the NI Controller are displayed below the red field Example Previous D S 32002 1 where 32002 represents the previous device value of the NI Controller D and 1 represents t...

Page 18: ...ign it to the on board Master A popup window then appears to notify you that Setting the IP information was successful and it is recommended that the Master be rebooted 8 Click OK to accept the change to the new IP DNS information 9 Click the Reboot Master button and select Yes to close the Network Addresses dialog 10 Click Reboot from the Tools Reboot the Master Controller dialog and wait for the...

Page 19: ...cify IP Address radio button from the IP Address section With this action all IP fields become editable 5 Verify that NetLinx appears in the Host Name field if not then enter it in at this time 6 Enter the IP Address Subnet Mask and Gateway information into their respective fields 7 Click the Set IP Information button to cause the on board Master to retain this new IP Address pre obtained from the...

Page 20: ... on board Master s IP Address was Static Set via the Set IP Info command or Dynamically obtained via the Get IP Info command use the IP Address information from the Network Addresses dialog to establish communication via the Ethernet connected Master 1 Use NetLinx Studio to obtain the IP Address of the NI Controller from your System Administrator If you do not have an IP Address Follow the steps o...

Page 21: ...tion Required radio box if your Master has been previously secured with a username password 12 Click on the Authentication Required radio box if the Master is secured and then press the User Name and Password button to open the Master Controller User Name and Password dialog 13 Within this dialog you must enter a previously configured username and password with sufficient rights before being able ...

Page 22: ...ied System and populates the list with devices on that system The communication method is highlighted in green on the bottom of the NetLinx Studio window 3 After the Communication Verification dialog indicates active communication between the PC and the Master verify the NetLinx Master 00000 NI Master appears within the OnLine Tree tab of the Workspace window FIG 6 The default NI Master value is z...

Page 23: ...ated System number and select Refresh System This establishes a new connection to the specified System and populates the list with devices on that system The communication method is highlighted in green on the bottom of the NetLinx Studio window Firmware Kit File usage for NI Controllers NI 4100 On board Master Kit file 2105_04_NI X100_Master Integrated Controller Kit file 2105_04_NI X100 NI 3100 ...

Page 24: ...e to open the Send to NetLinx Device dialog FIG 7 Verify the target s System number matches the value listed within the active System folder in the OnLine Tree tab of the Workspace The Device number is always 0 for the NI Master 8 Select the NI Master s Kit file from the Files section FIG 7 First upgrade of the on board Master using the Master s Kit file The Integrated Controller can later be upgr...

Page 25: ...a an IP section on page 12 to connect to the target NI device via the web 2 After Studio has established a connection to the target Master click the OnLine Tree tab of the Workspace window to view the devices on the System The default System value is one 1 3 Right click the associated System number and select Refresh System This establishes a new connection to the specified System and populates th...

Page 26: ... listed within the active System folder in the OnLine Tree tab of the Workspace The Device must match the entry for the on board Integrated Controller ex NI 4000 or NI 700 device FIG 8 Sample NetLinx Workspace window showing separate NI Master and Controller FIG 9 Send to NetLinx Device dialog showing on board Integrated Controller firmware update via IP On board Integrated Controller NI X000 Unbo...

Page 27: ...r your communication parameters and repeat steps 2 thru 11 Upgrading NXC Card Firmware Via IP Before beginning with this section verify that both the on board Master and on board Integrated Controller have been updated with the latest firmware and that the NetLinx cards are securely inserted into the NI 4000 or NI 4100 1 Follow the procedures outlined within the Communicating Via an IP section on ...

Page 28: ...ndow 9 Select the Control Card s Kit file from the Files section FIG 11 in our above example we chose to update the NXC VOL4 card 10 Enter the System and Device numbers associated with the desired Master listed in the Workspace window A device value of 00003 is the same as a value of 3 11 Click the Reboot Device checkbox to reboot the NI unit after the firmware update process is complete and then ...

Page 29: ...on page 9 by either one of these two methods Right click on any system device listed in the Workspace and select Device Addressing Select Diagnostics Device Addressing from the Main menu 2 Click the Set Device System to Factory Default button This resets both the system value and device addresses for definable devices to their factory default settings The system information in the OnLine Tree tab ...

Page 30: ...lick the associated System number or anywhere within the tab itself and select Refresh System This establishes a new connection to the specified System and populates the list with devices on that system 8 Use Ctrl S to save these changes to your NetLinx Project By setting the system to its default value 1 Modero panels that were set to connect to the Master on another System value will not appear ...

Page 31: ...tem Security page The options in this page allow you to configure various aspects of NetLinx System and Security on the Master see the WebConsole Security Options section on page 29 System Click to access the System Details page The options on this page allow you to view and configure various aspects of the NetLinx System see the WebConsole System Options section on page 43 FIG 12 Master Configura...

Page 32: ...lick the Show Device Tree checkbox to show hide the online device tree which indicates all devices currently connected to this Master Use the plus and minus symbols to the left of each item in the Device Tree to expand the view to include System devices ports and individual Port settings At the Port view you can use the Device Tree to make specific port assignments including Channel and Level assi...

Page 33: ...he device s network settings Refer to the System Manage System section on page 43 for details ZeroConfig Networking Use these radio buttons to enable disable the new Zero Configuration zeroconf client in the Master By default zeroconf is enabled On option selected With zeroconf enabled the Master s web interface will be registered via zeroconf and can be viewed through a zeroconf browser plug in s...

Page 34: ...Onboard WebConsole User Interface 26 NI Series WebConsole Programming Guide ...

Page 35: ...d the ICSP Connectivity option must be enabled within the System Level Security page Compression Options The checkboxes at the bottom of this page allow you to choose from two compression options Use compression to decrease response delay when viewing G4WebControl windows over a bandwidth restricted network or over the Internet By default compression options are disabled Use Compression allows you...

Page 36: ...WebConsole WebControl Options 28 NI Series WebConsole Programming Guide ...

Page 37: ...ion on page 31 for details Group Level changes made at this level affect specific User Groups See the System Security Group Level section on page 35 for details User Level changes made at this level affect individual Users See the System Security User Level section on page 40 for details The default view for the option is System Level Security System Security Settings FIG 17 FIG 17 System Security...

Page 38: ...e gaining access to various features of the WebConsole User access is specified by the administrator in the Group and User Level pages of the Security section User Name and Password Rules Case sensitive Must be between 4 and 20 characters Characters such as pound ampersand and single and double quotes are invalid and should not be used in usernames group names or passwords Default Security Configu...

Page 39: ...Level Security System Security Settings Click the System Security Settings link to access the System Security Details page FIG 18 The options in this page allow you to establish wether the Master will require a valid username and password be entered prior to gaining access to the configuration options These are global options that enable or disable the login requirement for both users and groups C...

Page 40: ...re that any application or hardware communicating with the Master must provide a valid username and password In a Master to Master system the Master which accepts the IP connection initiates the authentication process This configuration provides compatibility with existing implementations and provides more flexibility for the implementation of other devices Note The ICSP Connectivity option is req...

Page 41: ...tails page FIG 20 The options in this page allow you configure IPSec specific security options on the Master at the System level FIG 19 Port Communication Settings FIG 20 IPSec Security Settings Page Username and Password are required when enabled Telnet Port ICSP Port HTTP Port HTTPS Port SSH Port FTP Port NetLinx Master HTTP Access option Telnet Access option ICSP Connectivity and Encryption opt...

Page 42: ...he Master The display is separated into three tabs click to view the selected type of Certificate Files Certificates This tab displays all Identity certificates on the Master CA Certificates This tab displays all Certificate Authority CA certificates on the Master CRL Certificates This tab displays all Certificate Revocation List CRL certificates on the Master To delete a Certificate from the Mast...

Page 43: ...the Group Name field enter a unique name for the new group The name must be a valid character string consisting of 4 20 alpha numeric characters The string is case sensitive and must be unique The word administrator cannot be used for a new group name since it already exists by default 4 Enable the security access rights you want to provide to the group By default all of these options are disabled...

Page 44: ...all lower groups in that tree will be selected Security changes made from within the web browser are applied instantly without the need to reboot Group and User Security Access Options Option Description Admin Change Password Access This selection enables or disables the Administrator right to change Group and User passwords Terminal RS232 Access If selected a valid username and password is requir...

Page 45: ...ation or hardware communicating with the Master must provide a valid username and password In a Master to Master system the Master which accepts the IP connection initiates the authentication process This configuration provides compatibility with existing implementations and provides more flexibility for the implementation of other devices Note The ICSP Connectivity option is required to allow aut...

Page 46: ...curity Details page 2 Click the Edit button to open the Group Security Details page for the selected group FIG 25 3 Modify the previously configured access rights by enabling disabling the checkboxes See the Group and User Security Access Options section on page 36 for details 4 Modify the selected group s directory access rights in the Group Directory Associations section as necessary place remov...

Page 47: ...ton to remove the selected group and refresh the page The system will prompt you to verify this action click OK to proceed If you are not logged into the Master you receive a reminder message You must login before Security Settings can be changed In this case log into the Master and repeat the previous steps If the group is associated with several users you might get an error while trying to delet...

Page 48: ...r page FIG 27 3 In the User Name field enter a unique name for the new group The name must be a unique alpha numeric character string 4 20 characters and is case sensitive The words administrator and NetLinx cannot be used since they already exist by default 4 In the Group drop down list choose from a list of pre configured Groups and associate these rights to the new user 5 Enter a user password ...

Page 49: ...ccept button to save your changes to the Master Viewing and Editing User Security Settings Click on any User listed in the User Security Details page to view and edit security settings for the selected User FIG 28 Click the Edit button to edit the Security Access options for the selected User Click Delete to delete the selected User from the Master Deleting a User 1 Select the User Level tab in th...

Page 50: ...re Security Settings can be changed In this case log into the Master and repeat the previous steps 3 Reboot the Master via the Reboot button on the Manage System Page select the System control button to access FIG 28 User Level Security Settings Page Viewing User Security Settings Details Click to edit Access settings for this User Click to delete this User ...

Page 51: ...and License Key to the Master See the System Manage License section on page 64 for details Manage NetLinx Options in this tab allow you to view a detailed list of NetLinx devices connected to the Master See the System Manage NetLinx section on page 66 for details Manage Devices Options in this tab allow you to view the details of additional attached devices including module supported third party d...

Page 52: ...ding the updated system number assignment If the Device Tree does not refresh within a few minutes press the Refresh button and reconnect to the Master Using Multiple NetLinx Masters When using more than one Master each unit must be assigned to a separate System value A Master s System value can be changed but it s device Address must always be set to zero 00000 The Device Addressing dialog will n...

Page 53: ...ontrol a device means that the program generates messages which appear to a specified device to have come from the Master To Emulate a device means that the program generates messages which appear to the Master to have come from a specified device physical or virtual When Emulate is selected a Push button is added to the Channel Code section see FIG 30 FIG 30 Manage System Control Emulate Push but...

Page 54: ... configuration details for the selected device See the Device Network Settings Pages section on page 25 for details c Click on the Control Emulate link This opens a Control Emulate Options page for the selected device FIG 31 2 Select either the Control or Emulate option 3 In the Channel Code section enter a valid Channel number to emulate Channel messages i e Push Release CHON and CHOFF for the sp...

Page 55: ... can be sent as either a String or Command and press Send to transmit to the Master When entering a Send Command do not include the send c or send_command in the statement only type what would normally occur within the quotes but don t include the quotes either For example to send the CALIBRATE send command type CALIBRATE no quotes rather than SEND_COMMAND dev CALIBRATE String Expressions start an...

Page 56: ...Emulate via the Device Tree a Click the Show Device Tree option to show the Device Tree window if it is not already enabled b In the Device Tree click on the Information i icon for the device for which you want to enable or modify Diagnostics options This opens a Network Settings page showing detailed FIG 32 Diagnostics Options Page with diagnostic messages enabled Diagnostic Options table The Sys...

Page 57: ...d device FIG 33 2 By default all diagnostics are disabled see FIG 33 To enable diagnostic messages from this device click on one of the Edit buttons along the bottom of the Diagnostics Options table FIG 33 Select Diagnostics from within a selected Device s Network Settings page Click on Diagnostics from within the device s Network Settings page to enable modify diagnostics for that device The curr...

Page 58: ...ents at the top of the Diagnostics Option list with the currently enabled diagnostics indicated with a green checkmark FIG 35 FIG 34 Edit Options window Click to delete this device from the Diagnostics page disables all diagnostics on this device Click to apply changes Click to close the Edit Options window without disabling diagnostics Click to select from Presets saved sets of enabled Diagnostic...

Page 59: ...s 1 3 Alternatively you can click one of the Edit buttons to open the Edit Options window and specify a System Number Device and Port for a known System Device Select the Diagnostics messages that you want to enable for this device and click Update The device will appear in the Diagnostics Options window in the next available column to the right of the last device added see FIG 36 FIG 35 Edit Opti...

Page 60: ...nt to enable notifications A value of 0 for any option gives you all of the systems devices or ports This dialog also allows you to store recall presets Messages Online Offline Generates a message when there is a change in the target device s online offline status Configuration Generates a message when there is a change in the target device s configuration Status Generates a message when there is ...

Page 61: ...tions and click Store 4 A popup window prompts you to name this Preset Enter a name and click OK To recall an existing Preset select it from the drop down list and click on Recall Diagnostic Options Cont Device Options Level Changes From Generates a message when there is a level channel change from the target device Level Changes To Generates a message when there is a level channel change to the t...

Page 62: ...isting and pending license keys manage the active NetLinx system communication parameters Configure modify the SSL certificates on the target Master The options on this page are described below Port Settings Allows a user to modify the server settings specifically those port assignments associated with individual services All items can be either enabled disabled via the Enabled checkboxes The port...

Page 63: ...consecutive session to the target Master has to add the port value at the end of the address within the Address field An example is if the port were changed to 99 the new address information would be http 192 192 192 192 99 HTTPS SSL The port value used by web browser to securely communicate between the web server UI and the target Master This port is also used to simultaneously encrypt this data ...

Page 64: ...TP The default port value used for FTP communication This port can be disabled enabled but the value can not be changed The default port value is 21 If the Device Tree contents do not refresh within a few minutes press the browser s Refresh button and reconnect to the Master SSL Certificate Options Create SSL Certificate Opens the Create SSL Certificate window where you can create a self generated...

Page 65: ...nct DNS name there must be a certificate installed Each website for SSL must also have a distinct IP Address This domain name must be associated to a resolvable URL Address when creating a request for a purchased certificate The address does not need to be resolvable when obtaining a free certificate Action Provides a drop down selection with a listing of certificate actions Display Certificate Po...

Page 66: ...ies section on page 57 3 Click the down arrow next to Action and choose Self Generate Certificate When this request is submitted the certificate is generated and installed into the Master in one step 4 Click Create SSL Certificate to save the new encrypted certificate information to the Master Click Close to exit without making changes to the Master Regenerating an SSL Server Certificate Request T...

Page 67: ... receive a CA approved certificate 5 Copy Ctrl C the text to the clipboard 6 Paste Ctrl V this text into the Submit Request field on the CA s Retrieve Certificate web page 7 Choose to view the certificate response in raw DER format Note the Authorization Code and Reference Number for use in the e mail submission of the request 8 Submit the request 9 Paste the copied text into your e mail document ...

Page 68: ... cursor inside the text box and paste the returned certificate text in its entirety 4 Click Import SSL Certificate to save the new certificate information to the Master 5 Click the Display Certificate link to confirm the new certificate was imported properly to the target Master FIG 40 Import SSL Certificate window Once a certificate has been received from an external CA and installed on a Master ...

Page 69: ...ws you to connect to a specific NIST Internet Time Service Server Setting the Mode for the Clock Manager 1 In the Mode Settings tab FIG 41 select a Time Synch option Network Time This option allows the Master to manage it s clock by connecting to a NIST Internet Time Service Server When this option is selected the Master will connect to the default NIST Server to get date and time information You ...

Page 70: ...Starts fields to specify the date and time hh mm to start Daylight Savings time Select by Occurrence to specify the calendar date when the rule applies as a heuristic the 3rd Sunday in March When by Occurrence is selected use the Week of the Month Day of the Week Month and Starts fields to specify the occurrence to start Daylight Savings time The range is 1 through Last where Last indicates the la...

Page 71: ...ver Manager list 2 In the URL field enter the URL of the NIST Server The URL is used only to help you manage entries and is not verified or used internally by the clock manager 3 Enter the NIST Server s IP Address in the IP field This is used internally and must be a valid IP address 4 Enter the NIST Server s location in the Location field This is used only to help the user manage entries and it i...

Page 72: ... used modules products Adding new License Keys requires the entry of both a Product ID and a Serial Key example i Voting The Master confirms this registration information before running the module or product Adding A New License 1 Click the Add New License button to access the Add a License page FIG 45 2 Enter the Product ID certificate number provided with the product into the Product ID fields C...

Page 73: ...ave the information If there are no errors with the information on this page a Key successfully added for Product ID XXXX is displayed at the top of the page Removing a License 1 Click the Remove x icon to the left of the license that you want to remove 2 The system will prompt you to verify this action before the license is removed from the Master Click OK to proceed 3 Press the Accept button to ...

Page 74: ...tLinx Device Details Column Description System Displays the System value being used by the listed NetLinx Master Device Displays the assigned device value of the listed unit This Device entry applies to both the Master and those NDP capable devices currently connected to that Master Device Type Displays a description of the target Master or connected device and its current firmware version Example...

Page 75: ...tatus Indicates the Master or device state This Master Indicates its the target Master currently being used and being browsed to Its this Master s web pages which are currently being viewed Orphan Indicates that the device is currently not yet bound or assigned to communicate with a particular Master This state shows an adjacent Bind button which is used to bind the device to the Master whose web ...

Page 76: ...e Binding Options options to specify how the Master will manage Bound Devices FIG 47 System Manage Devices Details for Additional Devices Binding Options Option Description Enable Auto Bind This selection allows you to toggle the state of the automatic binding for DDD On Off When auto binding is enabled the Master automatically attempts to con nect any newly discovered device with an associated ap...

Page 77: ...to Shutdown is enabled If automatic termination of mod ules when they have lost communication is not desired this selection should be disabled Enable Subnet Match This selection allows you to specify whether or not IP devices should only be detected discovered if they are on the same IP Subnet as the Master Purge Bound Modules on Reset This selection indicates that all modules should be deleted fr...

Page 78: ... Devices Bindings Click the Bindings link in the Manage Devices tab to access the Manage Device Bindings page FIG 48 Use the options on this page to configure application defined Duet virtual devices with discovered physical devices The table on this page displays a list of all application defined devices including each device s Friendly Name the Duet virtual device s D P S assignment the associat...

Page 79: ...DEFINE_DEVICE COM1 5001 1 0 COM2 5001 2 0 dvRECEIVER1 41000 1 0 dvDiscDevice 41001 1 0 DEFINE_CONSTANT DEFINE_TYPE DEFINE_VARIABLE DEFINE_START STATIC_PORT_BINDING dvDiscDevice COM1 DUET_DEV_TYPE_DISC_DEVICE My DVD DUET_DEV_POLLED DYNAMIC_POLLED_PORT COM2 DYNAMIC_APPLICATION_DEVICE dvRECEIVER1 DUET_DEV_TYPE_RECEIVER My Receiver THE EVENTS GO BELOW DEFINE_EVENT DATA_EVENT dvRECEIVER1 Duet Virtual d...

Page 80: ...device is always associated i e statically bound Dynamic application devices specify both the Duet virtual device and its associated Device SDK with no association to a physical port Binding of an application device to a physical device port occurs at run time either via auto binding or manual binding Application devices that have a bound physical device display their physical device ID within the...

Page 81: ...his button is selected a secondary display appears with a listing of all available unbound physical devices that match the application device s Device SDK class type The administrator user can then select one of the available physical devices to bind with the associated application device When the Save button is selected the binding is created and a process begins within the target Master to find ...

Page 82: ...f the dynamic devices that have been discovered in the system and allows you to add and delete User Defined Devices Adding a User Defined Device 1 Click the Add Device button in the User Defined Devices page to access the Add User Defined Device page FIG 52 FIG 50 Manage Device Bindings Device Properties pop up FIG 51 System Manage Devices User Defined Devices Hold the mouse cursor over the Device...

Page 83: ...elow provides a listing of the available choices GUID Enter the manufacturer specified device s GUID Global Unique Identification information Either the GUID or Make Model must be specified in this field Make Enter the name of the manufacturer for the device being used ex Sony ONKYO etc Up to 55 alpha numeric characters Either the GUID or Make Model must be specified within this field Spaces in th...

Page 84: ...ules Searching For All Compatible Duet Modules for a Selected Device 1 Click the Search button for the device that you want to find a Duet Module for This action initiates a search for compatible modules based on the following options SDK Class Types Amplifier HVAC SlideProjector AudioConferencer IODevice Switcher AudioMixer Keypad Text Keypad AudioProcessor Light TV AudioTape Monitor UPS AudioTun...

Page 85: ...m either the Internet or from the manufacturer s device are then placed into the unbound directory and automatically overwrite any existing module of the same name 2 Once a list of all compatible modules is compiled the Available Modules list is displayed on this page Each module is listed with its calculated match value The greater the match value the better the match between the Duet Module s pr...

Page 86: ...e options on this page allow you to view modify settings for all polled ports in the System Editing Polled Port Settings Click the Edit button for a port in the Physical Port list to access the Edit Port Settings page FIG 56 FIG 55 System Manage Devices Manage Polled Ports Click to open the Edit Port Settings page Polled Ports must be specified in the Master s code in order for this page to be pop...

Page 87: ...e drop down menus to modify the Port settings Click Reset to Default Settings to return this port to its default configuration FIG 56 Manage Polled Ports Edit Port Settings Default Port Settings Baud Rate 9600 Data Bits 8 Parity None Stop Bits 1 Flow Control None 485 Disabled ...

Page 88: ...WebConsole System Options 80 NI Series WebConsole Programming Guide ...

Page 89: ...t Assignments By NI Model NI Model RS 232 422 485 IR Serial IR RX Relays I O NI 700 Ports 1 2 Port 3 Port 5 Port 4 NI 900 Port 1 Ports 2 4 Port 6 Port 5 NI 2000 Ports 1 3 Ports 5 8 Port 4 Port 9 NI 3000 Ports 1 7 Ports 9 16 Port 8 Port 17 NI 4000 Ports 1 7 Ports 9 16 Port 8 Port 17 NI 2100 Ports 1 3 Ports 5 8 Port 4 Port 9 NI 3100 Ports 1 7 Ports 9 16 Port 8 Port 17 NI 4100 Ports 1 7 Ports 9 16 Po...

Page 90: ...er IP Address URL A string containing the IP Address of the G4 Web Control server or a URL to the G4 Web Control server IP Port A string containing the IP Port of the G4 Web Control Server Enabled 1 or 0 If it is a 1 then the link is displayed If it is a 0 then the link is disabled The combination of Name Description IP Address URL and IP Port are used to determine each unique listing Example SEND...

Page 91: ...Local Ports Type 2 and Type 3 are referring to the protocol type that is part of the IP_CLIENT_OPEN call 4th parameter Type 1 is TCP Type 2 is UDP standard Type 3 is UDP 2 way The NetLinx axi defines constants for the protocol types CHAR IP_TCP 1 CHAR IP_UDP 2 CHAR IP_UDP_2WAY 3 Syntax SEND_COMMAND D P S UDPSENDTO IP or URL UDP Port Number Variables IP or URL A string containing the IP Address or ...

Page 92: ...n Port 1 of the Controller LED EN Enable the LED on 32 LED hardware for a port When the port is active the LED is lit When the port is not active the LED is not lit Issue the command to port 1 to enable the LEDs on the Controller default setting When activity occurs on a port s or Controller the LEDs illuminate Syntax SEND_COMMAND DEV LED EN Example SEND_COMMAND System_1 LED EN Enables the System_...

Page 93: ...V CHARDM time Variable time 0 255 Measured in 1 millisecond increments Example SEND_COMMAND RS232_1 CHARDM 10 Sets a 10 millisecond delay between all transmitted characters CTSPSH Enable Pushes Releases and Status information to be reported via channel 255 using the CTS hardware handshake input This command turns On enables channel tracking of the handshaking pins If Clear To Send CTS is set high ...

Page 94: ...evice from transmitting received characters to the Master RXON Start transmitting received characters to the Master default Enables sending incoming received characters to the Master This command is automatically sent by the Master when a CREATE_BUFFER program instruction is executed Syntax SEND_COMMAND DEV RXON Example SEND_COMMAND RS232_1 RXON Sets the RS232_1 device to transmit received charact...

Page 95: ...bles RS 422 485 Enable Enables RS 485 mode and disables RS 422 Note The only valid 9 bit combination is baud N 9 1 Example SEND_COMMAND RS232_1 TSET BAUD 115200 N 8 1 485 ENABLE Sets the RS232_1 port s communication parameters to 115 200 baud no parity 8 data bits 1 stop bit and enables RS 485 mode TXCLR Stop and clear all characters waiting in the transmit out buffer and stops transmis sion Synta...

Page 96: ...le SEND_STRING RS232_1 27 18 0 Sets the RS232_1 device s ninth data bit to 0 on all character transmissions 27 18 1 Set the ninth data bit to 1 for all subsequent characters to be transmitted Used in conjunction with the B9MON command Syntax SEND_STRING DEV 27 18 1 Example SEND_STRING RS232_1 27 18 1 Sets the RS232_1 device s ninth data bit to 1 on all character transmissions 27 19 time Insert a t...

Page 97: ...status 00256 65000 IR commands 65000 65534 Future use The NI series of NetLinx Masters support Serial control via the IR RX port when using firmware version 300 or greater IR Serial Ports Channels 00001 00255 PUSH and RELEASE channels for the received IR code IR Serial Send_Commands Command Description CAROFF Disable the IR carrier signal until a CARON command is received Syntax SEND_COMMAND DEV C...

Page 98: ...d elapses CP Halt and Clear all active or buffered IR commands and then send a single IR pulse You can set the Pulse and Wait times with the CTON and CTOF commands Syntax SEND_COMMAND DEV CP code Variable code IR port s channel value 0 252 253 255 reserved Example SEND_COMMAND IR_1 CP 2 Clears the active buffered commands and pulses IR_1 port s channel 2 CTOF Set the duration of the Off time no si...

Page 99: ...and settings Channel 255 changes are enabled This command is used in conjunction with the I O Link command Syntax SEND_COMMAND DEV POD Example SEND_COMMAND IR_1 POD Disables the PON and POF command settings on the IR_1 device POF Turn Off a device connected to an IR port based on the status of the corresponding I O Link input If at any time the IR sensor input reads that the device is ON such as i...

Page 100: ...D_COMMAND DEV PON Example SEND_COMMAND IR_1 PON Sends power up IR commands 27 or 9 to the IR_1 port PTOF Set the time duration between power pulses in 10 second increments This time increment is stored in permanent memory This command also sets the delay between pulses generated by the PON or POF send commands in tenths of seconds It also sets the delay required after a power ON command before a n...

Page 101: ... on the IR port The I O channel is used for power sensing via a PCS or VSS A channel of zero disables the I O link Syntax SEND_COMMAND DEV SET IO LINK I O number Variable I O number 1 8 Setting the I O channel to 0 disables the I O link Example SEND_COMMAND IR_1 SET IO LINK 1 Sets the IR_1 port link to I O channel 1 The IR port uses the specified I O input as power status for processing PON and PO...

Page 102: ...code as 3 enter SEND_COMMAND IR_1 XCH 34 Transmits the IR code as 3 4 enter SEND_COMMAND IR_1 XCH 343 Transmits the IR code as 3 4 3 enter Mode 1 Example x x x enter SEND_COMMAND IR_1 XCH 3 Transmits the IR code as 0 0 3 enter SEND_COMMAND IR_1 XCH 34 Transmits the IR code as 0 3 4 enter SEND_COMMAND IR_1 XCH 343 Transmits the IR code as 3 4 3 enter Mode 2 Example x x x SEND_COMMAND IR_1 XCH 3 Tra...

Page 103: ...AND DEV GET INPUT channel Variable channel Input channel 1 8 Example SEND_COMMAND IO GET INPUT 1 Gets the I O port s active state The system could respond with INPUT1 ACTIVE HIGH SET INPUT Set the input channel s active state An active state can be high logic high or low logic low or contact closure Channel changes Pushes and Releases generate reports based on their active state Setting an input t...

Page 104: ...Programming 96 NI Series WebConsole Programming Guide ...

Page 105: ...g of all commands available in a terminal session Note that all commands in the table are available for both Program Port and Telnet sessions with two exceptions Help Security and Resetadminpassword These commands are only available via a Program Port connection Establishing a Terminal Connection Via the Program Port To establish a terminal session via the Program Port the PC COM RS232 port on you...

Page 106: ...X XXX 4 Press Enter Unless Telnet security is enabled a session will begin with a welcome banner Welcome to NetLinx vX XX XXX Copyright AMX Corp 1999 2006 If Telnet security is enabled type in the word login to be prompted for a Username and Password before gaining access to the Master 5 Enter your username to be prompted for a password If the password is correct you will see the welcome banner If...

Page 107: ...on with the exception of the Help Security and Resetadminpassword commands which are only available to a Program Port RS232 connection In your terminal program type Help or a question mark and Enter to access the Help Menu and display the Program port commands described below Terminal Commands Command Description Help D P S Extended diag messages are OFF D P S Device Port System If omitted assumes...

Page 108: ...he Master s device holdoff setting Note This command reveals the state of the device holdoff set using the DEVICE HOLDOFF ON OFF command Example GET DEVICE HOLDOFF Device Holdoff is off GET DUET MEMORY Display the amount of memory allocated for Duet Java pool This is the current Java memory heap size as measured in Megabytes An example is a value of 5 5 MB GET ETHERNET MODE Displays the current et...

Page 109: ...e IP connections IPSEC ON OFF STATUS Enables Disables IPSec security or displays current setting MEM Displays the largest free block of the Master s memory Example MEM The largest free block of memory is 11442776 bytes MSG ON OFF Enables Disables extended diagnostic messages MSG On sets the terminal program to display all messages generated by the Master MSG OFF disables the display Example MSG ON...

Page 110: ...evice that is defined in the DEFINE_DEVICE section of the pro gram Mode is exited by ESC ESC Display Format is set by ESC n Where n A format ASCII D format Decimal H Hex Note Refer to the ESC Pass Codes section on page 113 for detailed descriptions of the supported pass codes Example pass 5001 7 4 Entering pass mode PHYSICAL STATUS Retrieve the current LED states PING ADDRESS Pings an address IP o...

Page 111: ...settings removal of all user files resetting to DHCP and load ing an empty NetLinx program The Master will be effectively in an out of box state ROUTE MODE DIRECT NORMAL Sets the Master to Master route mode Normal mode allows a Master to communicate with any Master accessible via the routing tables shown with the SHOW ROUTE command This includes a directly connected Master route metric 1 and indir...

Page 112: ... the Master Entering N no cancels the operation Note The device must be rebooted to enable new settings Example SET DNS 0 1 0 Enter New Values or just hit Enter to keep current settings Enter Domain Suffix amx com Enter DNS Entry 1 192 168 20 5 Enter DNS Entry 2 12 18 110 8 Enter DNS Entry 3 12 18 110 7 You have entered Domain Name amx com DNS Entry 1 192 168 20 5 DNS Entry 2 12 18 110 8 DNS Entry...

Page 113: ...he follow ing message Setting HTTPS port number to New HTTPS port number set reboot the master for the change to take affect SET ICSP PORT Sets the Master s IP port listened to for ICSP connections Note The Master must be rebooted to enable new settings Example SET ICSP PORT Current ICSP port number 1319 Enter new ICSP port number Usually 1319 0 disable ICSP Once you enter a value and press the EN...

Page 114: ...Enter new log count between 50 10000 Once you enter a value and press the ENTER key you get the follow ing message Setting log count to New log count set reboot the Master for the change to take affect SET QUEUE SIZE Provides the capability to modify maximum message queue sizes for various threads Example set queue size This will set the maximum message queue sizes for several threads Use caution ...

Page 115: ...tion are the values that will be published for the Master via SNMP The system must be rebooted once the new values are entered SET SSH PORT Sets the Master s IP port listened to for SSH connections Note The Master must be rebooted to enable new settings Example SET SSH PORT Current SSH port number 22 Enter new SSH port number Usually 22 0 disable SSH Once you enter a value and press the ENTER key ...

Page 116: ...g Thresholds to Interpreter 2000 Lontalk 50 IP 600 New thresholds set reboot the Master for the changes to take affect SET TIME Sets the current time When the time is set on the Master the new time will be reflected on all devices in the system that have clocks i e touch panels By the same token if you set the time on any system device the new time will be reflected on the system s Master and on a...

Page 117: ...ink 0 UDP 0 0 Sent NO Waiting NO IPCon Mgr 0 Con Manager 0 Interpreter 0 Device Mgr 0 Diag Mgr 0 Msg Dispatch 0 Cfg Mgr 0 Route Mgr 0 Notify Mgr 0 Total 0 0 0 GrandTotal 0 Note See SHOW MAX BUFFERS SHOW COMBINE Displays a list of devices levels and channels that are currently combined Example SHOW COMBINE Combines Combined Device 33096 1 1 96 1 1 Combined Level 33096 1 1 1 128 1 1 1 10128 1 1 1 Co...

Page 118: ...nager Memory Available 11528920 11512 4 11 01 2001 THU 14 10 21 TelnetSvr Accepted Telnet connection socket 14 addr 192 168 16 110 port 2979 5 11 01 2001 THU 14 05 51 Interpreter CIpEvent OnLine 10002 1 50 6 11 01 2001 THU 14 05 51 Interpreter CIpEvent OnLine 128 1 50 7 11 01 2001 THU 14 05 51 Interpreter CIpEvent OffLine 128 1 50 8 11 01 2001 THU 14 05 51 Interpreter CIpEvent OnLine 96 1 50 9 11 ...

Page 119: ...devices this system requires input from and the types of information needed If when a NetLinx Master connects to another NetLinx Master the newly connecting system has a device that the local system desires input from the new system is told what information is desired from what device Note The local system number is 1062 Example SHOW REMOTE Device List of Remote Devices requested by this System De...

Page 120: ...188 COLOR LCD TOUCH PAN 00001 AMX Corp 32778 v5 01d PID 0 OID 0 Serial 0000000000000000 Physical Address Axlink 05001 00257 NXI Download 00001 AMX Corp 00260 v1 00 20 PID 0 OID 0 Serial 0 0 0 0 0 0 0 0 0 0 0 0 Physical Address NeuronID 000189145801 00257 NXI NXI 1000 Boot 00001 00261 v1 00 00 PID 0 OID 1 Serial 0 0 0 0 0 0 0 0 0 0 0 0 10002 00003 PHAST PLK IMS 00001 Phast Corp 0003 v3 12 PID 0 OID...

Page 121: ...elnet session returns to normal ESC A ASCII Display Mode Typing a plus shift followed by another plus followed by an ESC the escape key followed by an A sets the display to ASCII mode Any ASCII characters received by the device will be displayed by their ASCII symbol Any non ASCII characters will be displayed with a followed by two hex char acters to indicate the characters hex value ESC D Decimal...

Page 122: ...o flash Or ENTER to return to previous menu Security Setup 3 The Setup Security menu shows a list of choices and a prompt To select one of the listed choices simply enter the number of the choice 1 13 at the prompt and press Enter Each option in the Setup Security menu displays a submenu specific to that option The following subsections describe using each of the Setup Security menu options Change...

Page 123: ...elect a User to edit properties for Once you have selected the User you want to edit it will take you to the Edit User menu so you can edit the User s rights see page 117 5 Delete user This selection will prompt you select a user to delete 6 Show the list of authorized users This selection displays a list of users 7 Add group This selection will prompt you for a name for the Group you are add ing ...

Page 124: ...minus passwords their group assignment if any and their rights as well as all groups and their rights Security Options Menu Command Description 1 Terminal RS232 Security Enabled Disabled This selection enables disables Terminal Security on the Program RS232 Port If Terminal Security is enabled a user must have sufficient access rights to login to a Program Port terminal session 2 HTTP Security Ena...

Page 125: ...will prompt you to select the directory association you want to delete 5 List Directory Associations This selection will display any current Directory Associations assigned to the user 6 Change Access Rights This selection will display access the Access Rights menu which allows you to set the rights assigned to the user Note See the Access Rights Menu section below for descrip tions of each menu i...

Page 126: ...t access rights to change the administrator password if this option is enabled 3 FTP Access Enable Disable Enables disables FTP Access The account has sufficient access rights to access the NetLinx Master s FTP Server if this option is enabled 4 HTTP Access Enable Disable This selection enables disables HTTP Web Server Access The account has sufficient access rights to browse to the NetLinx Master...

Page 127: ...ted to enter the path for a Directory Association the NetLinx Master will attempt to validate the path If the directory or file is not valid i e it does not exist at the time you entered the path the NetLinx Master will ask you whether you were intending to grant access to a file or directory From the answer it will enter the appropriate Directory Association The NetLinx Master will not create the...

Page 128: ...irectory Association none Group 1 Group administrator Rights All Directory Association Security Options FTP Security Enabled Admin Change Password Security Enabled All other options disabled The administrator user account cannot be deleted or modified with the exception of its password Only a user with Change Admin Password Access rights can change the administrator password The NetLinx user accou...

Page 129: ...ge refreshing every 10sec SPY is very similar to a Windows Task Manager output This option may be useful in cases where a remote Master seems to be running but very slowly Enabling SPY might indicate if a specific task is using up the CPU SPY can also be useful in detecting infinite loops in NetLinx or Duet Java code since the Interpreter or Java threads will show that they re using all of the CPU...

Page 130: ... hit keypad 0 then release ALT The standard line feed code is entered decimal 10 Windows will perform an ANSI to OEM conversion on some codes entered this way because of the way Windows handles languages and code pages The following codes are known to be altered but others may be affected depending on the computer s setup Characters 15 21 22 and any characters above 127 This affects both Windows T...

Page 131: ... string are case sensitive and white space is relevant Lines beginning with a symbol are considered comments and are subsequently ignored during the loading process All references to the Master s IP address in configuration lines can be substituted by LOCAL_ADDR in order to provide flexibility and reuse of an IPSec Config file At boot all occurrences of LOCAL_ADDR will be replaced by the actual IP...

Page 132: ...l name defined via ikeSetProp authenticationMethod is PSK pre shared key or RSA certificate support authenticationInfo depends on authenticationMethod See below When authenticationMethod is PSK authenticationInfo is the pre shared key represented as printable ASCII When authenticationMethod is RSA authenticationInfo is a string formatted as follows localKey localKeyPassword localCertificate PEER_C...

Page 133: ...ert crt ikeAddPeerAuth 192 168 1 36 192 168 1 35 ph1_g1_1 NOPFS RSA local_key key NOPASS local_cert crt Config String Format peerIpAddress interfaceIpAddress proposalName authenticationMethod authenticationInfo Pre defined proposal names The following are proposal names already defined inside the AMX Firmware and available for use in the ikeAddPeerAuth configuration mm_g2 mm_3des_sha mm_3des_md5 m...

Page 134: ... ikeSetXform EXAMPLES ikeSetProp mm_group2 mm_3des_sha mm_3des_md5 mm_des_sha mm_des_md5 Config String Format proposalName transformName transformName transformName Pre defined proposal names A transform consists of an encryption algorithm and a hash algorithm The first value is the encryption the second the hash mm_3des_sha 3DES SHA 1 mm_3des_sha2_256 3DES SHA2 256 mm_3des_sha2_384 3DES SHA2 384 ...

Page 135: ...he following table Attribute Type Attribute Value DHGROUP G1 for DH Group 1 or G2 for DH Group 2 UNITOFTIME SECS MINS or HRS for seconds minutes or hours default is minutes LIFETIME Default is 28800 seconds If the lifetime is greater than 0 and less than PHASE1_MIN_LIFE_IN_SECS then it defaults to PHASE1_MIN_LIFE_IN_SECS which is defined in ike h SOFTLIFETIME Default is 75 of the LIFETIME If the s...

Page 136: ...is an address in the format ipAddress1 ipAddress2 ipMaskPrefix sourceAddressSelector is an address in the format ipAddress1 ipAddress2 ipMaskPrefix directionality is IN for inbound or OUT for outbound If IN this policy applies to traffic coming into the current host If OUT it applies to traffic going out of the current host A mir rored policy is automatically created for the opposite traffic flow ...

Page 137: ... an address in the format ipAddress1 ipAddress2 ipMaskPrefix directionality is IN for inbound or OUT for outbound If IN this policy applies to traffic coming into the current host If OUT it applies to traffic going out of the current host A mir rored policy is automatically created for the opposite traffic flow useSelectors is PACKET use packet selectors or POLICY use policy selectors keyManager i...

Page 138: ...alue port number or ANY destinationAddressSelector is an address in the format ipAddress1 ipAddress2 ipMaskPrefix sourceAddressSelector is an address in the format ipAddress1 ipAddress2 ipMaskPrefix directionality is IN for inbound or OUT for outbound If IN this policy applies to traffic coming into the current host If OUT it applies to traffic going out of the current host mirroring is NOTMIRRORE...

Page 139: ...ecValue port number or ANY destinationAddressSelector is an address in the format ipAddress1 ipAddress2 ipMaskPrefix sourceAddressSelector is an address in the format ipAddress1 ipAddress2 ipMaskPrefix directionality is IN for inbound or OUT for outbound If IN this policy applies to traffic coming into the current host If OUT it applies to traffic going out of the current host mirroring is NOTMIRR...

Page 140: ...ransform You can specify up to eight transform names EXAMPLES spdSetProp proposal_foo ah_xform Config String Format proposalName transformName transformName Pre defined proposal names The following are Phase II proposal names already defined inside the AMX Firmware and available for use ah_g1_transport ah_sha ah_md5 Attributes DHGROUP G1 ENCAP TRANSPORT HARDLIFETIME 1800 SOFTLIFETIME 1500 ah_g2_tr...

Page 141: ...P TUNNEL HARDLIFETIME 1800 SOFTLIFETIME 1500 esp_g2_tunnel esp_3des_sha esp_3des_md5 esp_3des esp_des_sha esp_des_md5 esp_ des esp_null_sha esp_null_md5 Attributes DHGROUP G2 ENCAP TUNNEL HARDLIFETIME 1800 SOFTLIFETIME 1500 Pre defined Phase II transform names AH Transforms ah_sha AH_SHA ah_sha2_256 AH_SHA2 256 ah_sha2_384 AH_SHA2 384 ah_sha2_512 AH_SHA2 512 ah_md5 AH_MD5 ah_ripemd AH_RIPEMD ah_ae...

Page 142: ...Y_LENGTH 192 HMAC SHA2 384 esp_aes_cbc_192_hmac_sha2_512 ESP_AES CBC KEY_LENGTH 192 HMAC SHA2 512 esp_aes_cbc_192_hmac_ripemd ESP_AES CBC KEY_LENGTH 192 HMAC RIPEMD esp_aes_cbc_192_aes ESP_AES CBC KEY_LENGTH 192 AES XCBC MAC esp_aes_cbc_192_hmac_md5 ESP_AES CBC KEY_LENGTH 192 HMAC MD5 esp_aes_cbc_192 ESP_AES CBC KEY_LENGTH 192 esp_aes_cbc_256_sha ESP_AES CBC KEY_LENGTH 256 SHA esp_aes_cbc_256_md5 ...

Page 143: ...SP_AES CTR KEY_LENGTH 256 SHA esp_aes_ctr_256_hmac_sha ESP_AES CTR KEY_LENGTH 256 HMAC SHA esp_aes_ctr_256_hmac_sha2_256 ESP_AES CTR KEY_LENGTH 256 HMAC SHA2 256 esp_aes_ctr_256_hmac_sha2_384 ESP_AES CTR KEY_LENGTH 256 HMAC SHA2 384 esp_aes_ctr_256_hmac_sha2_512 ESP_AES CTR KEY_LENGTH 256 HMAC SHA2 512 esp_aes_ctr_256_hmac_ripemd ESP_AES CTR KEY_LENGTH 256 HMAC RIPEMD esp_aes_ctr_256_aes ESP_AES C...

Page 144: ...PHASE2_MIN_HARD_LIFE_IN_SECS which is defined to be 120 seconds Behavior is undefined if attributeValue 0 SOFTLIFETIME Default is 75 of HARDLIFETIME attributeValue is converted to seconds If attributeValue 0 and attributeValue PHASE2_MIN_SOFT_LIFE_IN_SECS then it defaults to PHASE2_MIN_SOFT_LIFE_IN_SECS which is defined to be 90 seconds Behavior is undefined if attributeValue 0 HARDLIFESIZE Defaul...

Page 145: ...of an existing proposal with its attributes already set You can specify up to four proposal names proposalNumber is the proposal number which determines the ordering and combination of proposals in the SA proposal When combining ESP and AH transforms you may configure an ESP tunnel policy with an AH tunnel policy or an ESP transport policy with an AH transport policy by using the same proposal num...

Page 146: ...rotocol number decValue ANY Use 6 for TCP or 17 for UDP destinationPort and sourcePort are decValue ANY destinationAddressSelector and sourceAddressSelector are ipAddress1 ipAddress2 ipMaskPrefix directionality is IN OUT If IN then this policy applies to traffic coming into the current host If OUT it applies to traffic going out of the current host A mirrored policy will automatically be created f...

Page 147: ...umber decValue ANY Use 6 for TCP or 17 for UDP destinationPort and sourcePort are decValue ANY destinationAddressSelector and sourceAddressSelector are ipAddress1 ipAddress2 ipMaskPrefix directionality is IN OUT If IN then this policy applies to traffic coming into the current host If OUT it applies to traffic going out of the current host A mirrored policy will automatically be created for the op...

Page 148: ... to the SA protocolSelector is the IANA IP protocol number decValue ANY Use 6 for TCP or 17 for UDP destinationPort and sourcePort are decValue ANY destinationAddressSelector and sourceAddressSelector are ipAddress1 ipAddress2 ipMaskPrefix directionality is IN OUT If IN then this policy applies to traffic coming into the current host If OUT it applies to traffic going out of the current host A mir...

Page 149: ...e decValue ANY destinationAddressSelector and sourceAddressSelector are ipAddress1 ipAddress2 ipMaskPrefix directionality is IN OUT If IN then this policy applies to traffic coming into the current host If OUT it applies to traffic going out of the current host A mirrored policy will automatically be created for the opposite traffic flow tunnelEndpointIPAddress is the identity of the remote gatewa...

Page 150: ...ARY which is defined as 2048 ahTransformID is MD5 SHA HMAC MD5 HMAC SHA HMAC SHA2 256 HMAC SHA2 384 HMAC SHA2 512 HMAC RIPEMD AES XCBC MAC Note that MD5 deprecated is equivalent to HMAC MD5 SHA deprecated is equivalent to HMAC SHA key is the authentication algorithm key in hexadecimal It must be 32 characters for MD5 40 characters for SHA 64 characters for SHA2 256 96 characters for SHA2 384 128 c...

Page 151: ...he form ESP_xxx and the deprecated forms will be removed in the future Attribute types and values are shown in the following table Attribute Type Attribute Value DECKEY Decryption key in hexadecimal format must be 16 characters for DES 48 characters for 3DES and 32 characters for AES AUTHALG MD5 SHA HMAC MD5 HMAC SHA HMAC SHA2 256 HMAC SHA2 384 HMAC SHA2 512 HMAC RIPEMD AES XCBC MAC AUTHKEY Authen...

Page 152: ...NDARY which is defined as 2048 ahTransformID is MD5 SHA HMAC MD5 HMAC SHA HMAC SHA2 256 HMAC SHA2 384 HMAC SHA2 512 HMAC RIPEMD AES XCBC MAC Note that MD5 deprecated is equivalent to HMAC MD5 SHA deprecated is equivalent to HMAC SHA key is the authentication algorithm key in hexadecimal It must be 32 characters for MD5 40 characters for SHA 64 characters for SHA2 256 96 characters for SHA2 384 128...

Page 153: ... the future Attribute types and values are shown in the following table Attribute Type Attribute Value ENCKEY Decryption key in hexadecimal format must be 16 characters for DES 48 characters for 3DES and 32 characters for AES AUTHALG MD5 SHA HMAC MD5 HMAC SHA HMAC SHA2 256 HMAC SHA2 384 HMAC SHA2 512 HMAC RIPEMD AES XCBC MAC AUTHKEY Authentication key in hexadecimal format must be 32 characters fo...

Page 154: ... PACKET IKE qm_sa_g2_transport spdAddTransport ANY 192 168 220 37 LOCAL_ADDR OUT PACKET IKE qm_sa_g2_transport add bypass for IKE TCP port 500 spdAddBypass 17 500 500 192 168 220 57 LOCAL_ADDR OUT MIRRORED spdAddBypass 17 500 500 192 168 220 37 LOCAL_ADDR OUT MIRRORED add bypass for IPSEC ESP protocol spdAddBypass 50 192 168 220 57 LOCAL_ADDR OUT MIRRORED spdAddBypass 50 192 168 220 37 LOCAL_ADDR ...

Page 155: ...d then at least one certificate must be present in the CRL Certificates directory on the Master The Upload Configuration File section provides the capability to upload the IPSec Config file onto a Master Simply browse to the file s location on a PC select the file and select Submit The file will be uploaded to its proper location on the Master There is no delete capability for the Config file New ...

Page 156: ...Appendix A IPSec Configuration File 148 NI Series WebConsole Programming Guide ...

Page 157: ...INTEGER HOURS INTEGER MINUTES INTEGER SECONDS Added v1 28 Clock Manager Time Server Entry Structure STRUCTURE CLKMGR_TIMESERVER_STRUCT CHAR IS_SELECTED TRUE FALSE CHAR IS_USER_DEFINED TRUE FALSE CHAR IP_ADDRESS_STRING 48 Allow enough room for IPv6 in the future CHAR URL_STRING 32 Example time organization net CHAR LOCATION_STRING 32 Example Boulder Colorado US Added v1 28 Clock Manager INTEGER CLK...

Page 158: ...KMGR_GET_DAYLIGHTSAVINGS_OFFSET CLKMGR_TIMEOFFSET_STRUCT T Populates the TIMEOFFSET structure with the cur rent Daylight Savings Offset configured The function returns a negative SLONG value if it encounters an error CLKMGR_SET_DAYLIGHTSAVINGS_OFFSET CONSTANT CLKMGR_TIMEOFFSET_STRUCT T Sets the Daylight Savings Offset to the specified value CLKMGR_GET_ACTIVE_TIMESERVER CLKMGR_TIMESERVER_STRUCT T P...

Page 159: ...00 00 October 5 at 4 00PM occurence 5 1 10 02 00 00 last Sunday in Octo ber at 2 00AM CLKMGR_SET_START_DAYLIGHTSAVINGS_RULE CONSTANT CHAR RECORD Sets the START Daylight Savings rule to the speci fied string which must be in either the Fixed Date format or the Occurence Of Day format The function returns a negative SLONG value if it encounters an error The Fixed Date rules have the form fixed DAY M...

Page 160: ...00 00 October 5 at 4 00PM occurence 5 1 10 02 00 00 last Sunday in Octo ber at 2 00AM CLKMGR_SET_END_DAYLIGHTSAVINGS_RULE CONSTANT CHAR RECORD Sets the END Daylight Savings rule to the specified string which MUST be in either the Fixed Date for mat or the Occurence Of Day format The function returns a negative SLONG value if it encounters an error The Fixed Date rules have the form fixed DAY MONTH...

Page 161: ...Terminal Program Port Telnet Commands 153 NI Series WebConsole Programming Guide ...

Page 162: ...registered trademarks of AMX AMX reserves the right to alter specifications without notice at any time It s Your World Take Control 3000 RESEARCH DRIVE RICHARDSON TX 75082 USA 800 222 0193 469 624 8000 469 624 7153 fax 800 932 6993 technical support www amx com ...

Reviews:

No comments

Brands by name

Popular brands

Load more brands