manualshive.com logo in svg

Eaton Network-M3, User Manual


Share
Download
background image

Cybersecurity recommended secure hardening guidelines

Securing the Network Management Module  –  213

5.2.2.3  Risk Assessment

Eaton recommends conducting a risk assessment to identify and assess reasonably foreseeable internal and external risks to the 
confidentiality,  availability  and  integrity  of  the  system  |  device  and  its  environment.   This  exercise  should  be  conducted  in 
accordance with applicable technical and regulatory frameworks such as IEC 62443 and NERC-CIP.   The risk assessment should be 
repeated periodically.

5.2.2.4  Physical Security

An  attacker  with  unauthorized  physical  access can  cause serious  disruption to  system/device functionality.  Additionally,  Industrial 
Control Protocols don’t offer cryptographic protections, making ICS and SCADA communications especially vulnerable to threats to 
their  confidentiality.   Physical  security  is  an  important  layer  of  defense  in  such  cases.  The  Network  module is  designed  to  be 
deployed  and  operated  in  a  physically  secure  location.   Following  are  some  best  practices  that  Eaton  recommends  to  physically 
secure your system/device:

Secure the facility and equipment rooms or closets with access control mechanisms such as locks, entry card readers, 
guards, man traps, CCTV, etc. as appropriate.
Restrict physical access to cabinets and/or enclosures containing the Network module and the associated system.  Monitor 
and log the access at all times.
Physical access to the telecommunication lines and network cabling should be restricted to protect against attempts to 
intercept or sabotage communications. It’s a best practice to use metal conduits for the network cabling running between 
equipment cabinets.
The Network module supports the following physical access ports: RJ45, USB A, USB Micro-B. Access to these ports should 
be restricted.
Do not connect removable media (e.g., USB devices, SD cards, etc.) for any operation (e.g., firmware upgrade, configuration 
change, or boot application change) unless the origin of the media is known and trusted.
Before connecting any portable device through a USB port or SD card slot, scan the device for malware and viruses.

5.2.2.5  Account management

Logical  access  to  the  system  |  device  should  be  restricted  to  legitimate  users,  who  should  be  assigned  only  the  privileges 
necessary  to  complete  their  job  roles/functions.   Some  of  the  following  best  practices  may  need  to  be  implemented  by 
incorporating them into the organization’s written policies:

Ensure default credentials are changed upon first login Network module should not be deployed in production environments 
with default credentials, as default credentials are publicly known.
No account sharing – Each user should be provisioned a unique account instead of sharing accounts and passwords. Security 
monitoring/logging features in the product are designed based on each user having a unique account.  Allowing users to 
share credentials weakens security.
Restrict administrative privileges - Attackers seek to gain control of legitimate credentials, especially those for highly 
privileged accounts.  Administrative privileges should be assigned only to accounts specifically designated for administrative 
duties and not for regular use.
Leverage the roles / access privileges 

admin, operator, viewer to provide tiered access to the users as per the business /

operational need. Follow the principle of least privilege (allocate the minimum authority level and access to system resources 
required for the role).

Summary of Contents for Network-M3

Page 1: ...UPS Network Management Card Network M3 User s Guide English 10 27 2023...

Page 2: ......

Page 3: ...tion in the United States and or other countries UNIX is a registered trademark of The Open Group Linux is the registered trademark of Linus Torvalds in the U S and other countries VMware is a registe...

Page 4: ...21 3 1 Login page 21 3 1 1 Logging in for the first time 21 3 1 2 Troubleshooting 22 3 2 Home 23 3 2 1 Header structure 23 3 2 2 Menu structure 24 3 2 3 Energy flow diagram 25 3 2 4 Outlet status 29...

Page 5: ...h codes 168 3 10 8 Access rights per profiles 169 3 11 User profile 169 3 11 1 Access to the user profile 169 3 11 2 User profile 170 3 11 3 Legal information 173 3 11 4 Component 173 3 11 5 Availabil...

Page 6: ...work Module 194 4 14 Reading device information in a simple way 195 4 14 1 Web page 195 4 15 Subscribing to a set of alarms for email notification 195 4 15 1 Example 1 subscribing only to one alarm lo...

Page 7: ...ault settings and possible parameters 229 7 3 1 Meters 229 7 3 2 Settings 229 7 3 3 Sensors alarm configuration 236 7 3 4 User profile 236 7 4 Access rights per profiles 238 7 4 1 Home 238 7 4 2 Meter...

Page 8: ...288 8 1 3 Action 288 8 2 Card wrong timestamp leads to Full acquisition has failed error message on Software 288 8 2 1 Symptoms 288 8 2 2 Possible cause 288 8 2 3 Action 288 8 3 Client server is not...

Page 9: ...ction 292 8 11 The Network Module fails to boot after upgrading the firmware 293 8 11 1 Possible Cause 293 8 11 2 Action 293 8 12 Web user interface is not up to date after a FW upgrade 293 8 12 1 Sym...

Page 10: ...Table of Contents 10 Applicable product Eaton UPS ATS...

Page 11: ...ove the two screws securing the option slot cover plate and store the plate for possible future use Install the Network Module along the alignment channels in the option slot Secure the Network Module...

Page 12: ...is admin STEP 6 The password must be changed at first login STEP 7 Click Login The Network Module web interface appears At first login STEP 8 Accept License Agreement The Network Module web interface...

Page 13: ...he following information Address Subnet Mask Default Gateway Save the changes 2 5 3 Accessing the web interface through RNDIS This connection is used to access and configure the Network Module network...

Page 14: ...2 Right click on the RNDIS local area connection and select Properties STEP 3 Select Internet Protocol Version 4 TCP IPv4 and press the Properties button STEP 4 Then enter the configuration as below a...

Page 15: ...ork Management Module Accessing the Network Module Modifying the Proxy exception list section in the full documentation STEP 4 Launch a supported browser the browser window appears STEP 5 In the Addre...

Page 16: ...low exclamation mark implying that driver has not been installed follow the steps 4 5 6 7 otherwise configuration is OK STEP 4 Right click on it and select Update Driver Software When prompted to choo...

Page 17: ...For more details refer to Information CLI section 2 5 5 Modifying the Proxy exception list To connect to the Network Module via a USB cable and your system uses a Proxy server to connect to the intern...

Page 18: ...Accessing the Network Module Installing the Network Management Module 18 Select the Connections tab Press LAN Settings Press ADVANCED Add the address 169 254...

Page 19: ...ork Module settings Use the web interface to configure the Network Module The main web interface menus are described below 2 6 1 Menu structure Extend menu display Home Overview and status of the Devi...

Page 20: ...work Management Module 20 Settings Network Module settings or Device settings General information Settings Maintenance Firmware Services Resources System logs FW Display Network module firmware versio...

Page 21: ...3 1 1 Logging in for the first time 3 1 1 1 1 Enter default password As you are logging into the Network Module for the first time you must enter the factory set default username and password Usernam...

Page 22: ...tom After an upgrade The Web interface is not up to date New features of the new FW are not displayed An infinite spinner is displayed on a tile Possible causes The browser is displaying the Web inter...

Page 23: ...on for the device including key measures and active alarms 3 2 1 Header structure Name Displays the Network module name Device name Displays by default the Device model or the system name if filled in...

Page 24: ...g backup time Output load level Help Opens full documentation in a separate browser page Profile Displays user profile password change account information logout and legal information Alarms Open alar...

Page 25: ...nvironment Commissioning Status Alarm configuration Information Settings Network Module settings or Device settings General information Settings Maintenance Firmware Services Resources System logs FW...

Page 26: ...help of the web interface 26 3 2 3 1 Line interactive UPS 3 2 3 2 Online UPS 3 2 3 3 ATS 3 2 3 4 Diagram elements description Description and symbols Description Possible states below the symbol Good...

Page 27: ...C power to DC power Normal HE mode ready ESS mode ready In overload In short circuit In fault Battery Charger Battery and internal battery charger Battery OK Charger Charging Floating Resting Off Batt...

Page 28: ...ion information and nominal values Name Model P N S N Location Firmware version Input Voltage Input Frequency Output Voltage Output Frequency The COPY TO CLIPBOARD button will copy the information to...

Page 29: ...cted Not protected Not powered Load level W availability depending on the UPS model Note To access Controls menu press the icon 3 2 5 Active Alarms Only active alarms are displayed the Alarms icon wil...

Page 30: ...6 Environment UPS ambient temperature is displayed if available Sensor status and data are displayed if available MIN MAX shows the minimal and maximal temperature or humidity measured by the sensor...

Page 31: ...Home Contextual help of the web interface 31 3 2 7 Energy flow diagram examples 3 2 7 1 Line interactive UPS 3 2 7 1 1 Normal mode 3 2 7 1 2 Buck Boost mode...

Page 32: ...Home Contextual help of the web interface 32 3 2 7 1 3 Battery mode 3 2 7 1 4 Off mode...

Page 33: ...Home Contextual help of the web interface 33 3 2 7 2 Online UPS with single input source 3 2 7 2 1 Online mode 3 2 7 2 2 Bypass mode...

Page 34: ...Home Contextual help of the web interface 34 3 2 7 2 3 Battery mode 3 2 7 2 4 Off mode...

Page 35: ...Home Contextual help of the web interface 35 3 2 7 2 5 HE mode ESS mode 3 2 7 3 Online UPS with dual inputs sources and Maintenance bypass 3 2 7 3 1 Online mode...

Page 36: ...Home Contextual help of the web interface 36 3 2 7 3 2 Bypass mode 3 2 7 3 3 Battery mode...

Page 37: ...Home Contextual help of the web interface 37 3 2 7 3 4 HE mode ESS mode 3 2 7 3 5 Maintenance bypass mode...

Page 38: ...2 7 4 ATS 3 2 7 4 1 Normal mode 3 2 7 4 2 Prefered source missing 3 2 8 Access rights per profiles Administrator Operator Viewer Home 3 2 8 1 For other access rights For other access rights see the I...

Page 39: ...39 3 3 Meters 3 3 1 Measures 3 3 1 1 Main utility input Displays the product main utility measures Current A Voltage V Gauge color code Green Value inside thresholds Orange Red Value outside threshold...

Page 40: ...rs Contextual help of the web interface 40 3 3 1 2 Second utility input if available If presents displays the product second utility measures Current A Voltage V 3 3 1 3 Output Voltage V Power W Curre...

Page 41: ...Voltage Current Temperature Min cell voltage Max cell voltage Number of cycles Min temperature Max temperature BMS state Low battery warning threshold s UPS Restart threshold 3 3 2 1 2 Configurable p...

Page 42: ...ttery test result as well as its critical status color and completion time Pass Warning Fail Unknown 3 3 2 2 1 Commands Launch test button is disabled if a battery test is already in progress or sched...

Page 43: ...y Hz Bypass Voltage V Bypass Frequency Hz Output Voltage V Output Frequency Hz Output Current A Output Apparent Power VA Output Active Power W Output Power Factor Output Percent Load Battery Voltage V...

Page 44: ...ration 3 3 5 1 For other access rights 3 3 6 Save and Restore SRR section Settings Possible values Logs measure periodicity time in seconds 3 3 6 1 Additional information For other settings see the In...

Page 45: ...the following buttons is pressed A confirmation window appears Safe OFF This will shut off the load Protected applications will be safely powered down This control is available only if the status is...

Page 46: ...onfirmation window appears Safe OFF This will shut off the load connected to the associated load segment Protected applications are safely powered down This control is available only if the status is...

Page 47: ...of the following buttons is pressed A confirmation window appears Safe OFF This will shut off the load Protected applications will be safely powered down This control is available only if the status i...

Page 48: ...This will shut off the load connected to the associated load segment Protected applications are safely powered down This control is available only if the status is not OFF and if there are no active...

Page 49: ...o the UPS user manual and its instruction on how to configure the UPS settings and allow remote commands Example UPS menu Settings ON OFF settings Remote command Enable 3 4 3 4 1 For other issues 3 4...

Page 50: ...e Inactive 3 4 4 2 Actions 3 4 4 2 1 New Press the New button to create a scheduled shutdown 3 4 4 2 2 Delete Select a schedule shutdown and press the Delete button to delete the scheduled shutdown 3...

Page 51: ...s displayed when you access the Control Schedule or Power outage policy page This action is not allowed by the UPS To enable it please refer to the user manual of the UPS and its instructions on how t...

Page 52: ...atically trusted and accepted After automatic acceptance make sure that all listed agents belong to your infrastructure If not access may be revoked using the Delete button For maximum security Eaton...

Page 53: ...m dd hh mm ss 3 5 1 3 Actions 3 5 1 3 1 Delete When communication with the agent is lost agent can be deleted by using the Delete button Select an agent and press the Delete button to delete the agent...

Page 54: ...e status of the Protected applications MQTT is showing Not valid yet IPP IPM shows The authentication has failed The notifications reception encountered error Possible cause The IPP IPM certificate is...

Page 55: ...assword field Click Login The Network Module web interface appears STEP 2 Navigate to Protection Agents list page STEP 3 In the Pairing with shutdown agents section select the time to accept new agent...

Page 56: ...Protection Contextual help of the web interface 56 3 5 2 Agent shutdown sequencing 3 5 2 1 Agent shutdown sequence timing...

Page 57: ...The tables include the following details Name Delay in seconds OS shutdown duration in seconds 3 5 2 2 Actions 3 5 2 2 1 Set Delay Select and directly change the setting in the table and then Save 3...

Page 58: ...Protection Contextual help of the web interface 58 3 5 2 3 1 Example 1 Shutdown time 210s 10s 220s Immediate shutdown time 120s 10s 130s...

Page 59: ...80s 10s 190s Immediate shutdown time 180s 10s 190s The trigger in the diagram is the moment when the shutdown sequence starts and it is defined in the Contextual help Protection Scheduled shutdown or...

Page 60: ...ibility to prioritize and schedule shutdown actions so that the IT system is powered down in the correct order For example applications first database servers next and storage last It is also possible...

Page 61: ...default To end the shutdown sequence 30s before the end of backup time b Immediate OFF To initiate the shutdown sequence when on battery for 10 seconds Load Shedding To initiate the shutdown sequentia...

Page 62: ...equence after the set time in s before the end of backup time When there are several conditions to start the shutdown sequence the shutdown sequence will start as soon as one of the condition is reach...

Page 63: ...Protection Contextual help of the web interface 63 Example 2 Immediate OFF...

Page 64: ...Protection Contextual help of the web interface 64 Example 4 Custom Settings 1...

Page 65: ...battery the capacity is much lower than anticipated The UPS gives a Low battery warning when there is 2 3 minutes of estimated runtime left depending on the UPS and its settings This time is typicall...

Page 66: ...ailable for each layer when needed A sequential startup will also help avoid a peak power draw in the beginning a Options Keep shutdown sequence running until the end and then restart forced reboot Wa...

Page 67: ...Troubleshooting Action not allowed in Control Schedule Power outage policy Symptom Below message is displayed when you access the Control Schedule or Power outage policy page This action is not allowe...

Page 68: ...nformation and includes the following details Name Location location position elevation Temperature Humidity Dry contact 1 Status and name Dry contact 2 Status and name Communication Connected Lost wi...

Page 69: ...to delete the sensor 3 6 1 2 4 Define offsets 1 Select the sensors 2 Press the Define offset button to adjust the temperature and humidity offsets of the selected sensors 3 Extend the temperature or h...

Page 70: ...ture and humidity Active Yes No Dry contacts Active Yes No Name Polarity Normally open Normally closed The dry contact is close and this is normal because it is configured as normally close The dry co...

Page 71: ...he Network module Action 1 1 Launch again the discovery if it is still not ok go to Action 1 2 Action 1 2 1 Check the EMPs connection and cables Refer to the sections Servicing the EMP Installing the...

Page 72: ...evice and Servicing the EMP Installing the EMP Daisy chaining 3 EMPs 2 Disconnect and reconnect the USB to RS485 cable 3 Launch the discovery if it is still not ok go to Action 1 3 Action 1 3 1 Reboot...

Page 73: ...C or xx F High warning threshold xx C or xx F High critical threshold xx C or xx F Hysteresis x C or x F Visual update Live reading MIN MAX shows the minimal and maximal temperature measured by the se...

Page 74: ...yes no Low critical threshold xx Low warning threshold xx High warning threshold xx High critical threshold xx Hysteresis x Visual update Live reading MIN MAX shows the minimal and maximal humidity m...

Page 75: ...setting in the table and then Save When the dry contacts is not in a normal position an alarm will be sent at the selected level The dry contact is open and this is not normal because it is configured...

Page 76: ...es Alarm severity Info Warning Critical 3 6 2 4 1 For other settings 3 6 2 5 Access rights per profiles Administrator Operator Viewer Environment Alarm configuration 3 6 2 5 1 For other access rights...

Page 77: ...Vendor Part number Firmware version UUID Serial number Location 3 6 3 1 Access rights per profiles Administrator Operator Viewer Environment Information 3 6 3 1 1 For other access rights For other acc...

Page 78: ...tion information Card system information is updated to show the defined location 3 7 1 1 2 Contact Text field that is used to provide the contact name information Card system information is updated to...

Page 79: ...The current date and time appears at the top of the screen You can set the time either manually or automatically 3 7 1 2 1 Manual mode Manually entering the date and time 1 Select the time zone for y...

Page 80: ...the time zone for your geographic area 2 Enter the IP address or host name of the NTP servers in the NTP server fields up to 5 servers 3 Save the changes 3 7 1 2 3 Dynamic NTP Synchronizing the date...

Page 81: ...Displays Events notification Periodic report icons when active Status Active Inactive In delegation 3 7 1 3 2 Actions a Add Press the New button to create a new email sending configuration b Remove S...

Page 82: ...s Status Active Inactive Hide the IP address from the email body Disabled Enabled This setting will be forced to Enabled if Enabled in the SMTP settings Schedule report Active Recurrence Starting Topi...

Page 83: ...m This feature helps us design and propose products that matters for you You can participate and let us gather anonymous data on the product usage as soon as a user agreed to it You can also disable t...

Page 84: ...Settings Contextual help of the web interface 84 3 7 1 5 SMTP settings SMTP is an internet standard for electronic email transmission The following SMTP settings are configurable...

Page 85: ...um Contact 255 characters maximum System name 255 characters maximum Time date settings Manual Time zone selection on map Date Dynamic NTP 1 2 3 4 5 6 7 Gmail Users Google no more allow the card to se...

Page 86: ...rt Active No Yes Recurrence Every day Every week Every month Starting Date and time Card events Subscribe Attach logs Device events Subscribe Attach measures Attach logs SMTP settings Server IP Hostna...

Page 87: ...isplay help page email test r recipient recipient_address Send test email to the recipient_address Email address of the recipient time Description Command used to display or change time and date Help...

Page 88: ...ntp org de pool ntp org Examples of usage Set date 2017 11 08 and time 22 00 time set manual 201711082200 Set preferred and alternate NTP servers time set ntpmanual fr pool ntp org de pool ntp org 3 7...

Page 89: ...tical subscribe attachEventsLog attachMeasuresLog warning subscribe attachEventsLog attachMeasuresLog info subscribe attachEventsLog attachMeasuresLog true false true false true false true false true...

Page 90: ...TP server port Number refer to default settings and possible parameters for constraints enabled true false server IP address or hostname of SMTP server requireAuth true false user Username for server...

Page 91: ...to remove it c Edit Press the pen logo to edit user information You will get access to the following settings Active Profile Username Full name Email Phone Organization Notify by email about account m...

Page 92: ...fter modifications Password settings To set the password strength rules apply the following restrictions Minimum length Minimum upper case Minimum lower case Minimum digit Special character Password e...

Page 93: ...until password expires disabled Main administrator password never expires disabled Number of days until password expires disable enable 1 99999 Main administrator password never expires disable enable...

Page 94: ...characters maximum Phone 64 characters maximum Organization 128 characters maximum 3 7 2 2 1 For other settings 3 7 2 3 Access rights per profiles Administrator Operator Viewer Local users 3 7 2 3 1 F...

Page 95: ...rator password 3 7 2 5 1 For other issues 3 7 2 6 Save and Restore SRR section SRR sub section Settings Possible values Password settings accountService passwordRules strength minLengthminUpperCase mi...

Page 96: ...cal users PredefinedAccounts credentials enabled username passwordExpired locked profile password plaintext cyphered true false String refer to default settings an possible parameters for constraints...

Page 97: ...o be able to configure settings 2 Press Configure to access the following LDAP settings Connectivity Security SSL None Start TLS SSL Verify server certificate Primary server Name Hostname Port Seconda...

Page 98: ...Profile mapping to map remote groups to local profiles 2 Click Save c Users preferences For the list of access rights per profile refer to the section Full documentation Information Access rights per...

Page 99: ...ttings Contextual help of the web interface 99 1 Press Users preferences to define preferences that will apply to all newly logged in LDAP users Language Temperature Date format Time format 2 Click Sa...

Page 100: ...on the button 2 The LDAP test will give you a status ok ko on below parameters to make it easier to troubleshoot Primary Bind User domain dn User name attribute Group domain dn Group name attribute M...

Page 101: ...DIUS server Address hostname or IP address for the RADIUS server Port connection port of the RADIUS Server 3 7 3 2 1 Actions a Configure Enable Radius to be able to configure settings Press Configure...

Page 102: ...e RADIUS server Secret a shared secret between the client and the RADIUS server Address hostname or IP address for the RADIUS server UDP port the UDP port for the RADIUS server 1812 by default Time ou...

Page 103: ...tribute needed for this mapping Mandatory Fill the profile you want your specific radius configuration to be mapped with Profile the local profile you want users to be mapped Note The default mapping...

Page 104: ...rity SSL None Start TLS SSL Verify server certificate disabled enabled Primary server Name 128 characters maximum Hostname 128 characters maximum Port x xxx Secondary server Name 128 characters maximu...

Page 105: ...dary server Name 128 characters maximum Address 128 characters maximum Secret 128 characters maximum UDP port 1 to 65535 Time out 3 to 60 Users preferences Language English French German Italian Japan...

Page 106: ...e primary server optional s secondary Force the test to use secondary server optional v verbose Print the exchanges with LDAP server optional ldap test checkmappedgroups primary secondary v Check LDAP...

Page 107: ...r for password initialization If you are the main administrator your password can be reset manually by following steps described in the Servicing the Network Management Module Recovering main administ...

Page 108: ...traints uri String refer to default settings an possible parameters for constraints port Unsigned number userDomain nameAttribute String refer to default settings an possible parameters for constraint...

Page 109: ...ettings an possible parameters for constraints temperatureUnit String refer to default settings an possible parameters for constraints licenceAgreement String refer to default settings an possible par...

Page 110: ...fier String refer to default settings an possible parameters for constraints ip String refer to default settings an possible parameters for constraints mappings profile String refer to default setting...

Page 111: ...ts 3 7 4 1 Ethernet port and interface settings Eaton screenshot missing 3 7 4 1 1 Edit port Allows to edit the link configuration of the selected port through The different options are listed below A...

Page 112: ...5 2 IPV4 The table shows includes the following details Interface name Status Mode Address Netmask Gateway 3 7 5 2 1 IPV4 configuration After a mouse over on the table click the edit icon to access s...

Page 113: ...f the sub network the Network Module is connected to Enter the gateway address The gateway address allows connections to devices or hosts attached to different network segments b DHCP Select dynamic D...

Page 114: ...the table click the edit icon to access settings and configure the network settings for a dedicated interface Select either the Manual or Router settings option a Manual Select Manual and enter below...

Page 115: ...e FQDN Primary DNS Secondary DNS After a mouse over on the table click the edit icon to access settings and configure the DNS settings for a dedicated interface Select either the Manual or DHCP settin...

Page 116: ...h Usage netconf OPTION Display network information and change configuration h help display help page l lan display Link status and MAC address d domain display Domain mode FQDN Primary and Secondary...

Page 117: ...e Display Link status and MAC address netconf l Set Auto negotiation to Link netconf set lan auto Set custom hostname netconf set domain hostname ups 00 00 00 00 00 00 Set Adress Netmask and Gateway n...

Page 118: ...address ping6 The ping6 utility uses the ICMP protocol s mandatory ECHO_REQUEST datagram to elicit an ICMP ECHO_RESPONSE from a host or gateway ECHO_REQUEST datagrams pings have an IP and ICMP header...

Page 119: ...1 can be activated or not Port can be set for ETH0 and ETH1 An IP whitelists can be defined for ETH0 and ETH1 3 7 6 1 HTTP redirect to HTTPS 3 7 6 2 Secure web HTTPS See the CLI commands in the Inform...

Page 120: ...Settings Contextual help of the web interface 120 3 7 6 3 SSH 3 7 6 4 SNMP 3 7 6 5 MQTT...

Page 121: ...ilter Empty Active Inactive Integer IP address Firewall Secure WEB State Active Port 443 Address Filter Empty Active Inactive Integer IP address Firewall SSH State Active Port 22 Address Filter Empty...

Page 122: ...alues ICMP Firewall ETHx ICMP V4 Enabled true false V6 Enabled true false HTTP_REDIREC T HTTP_REDIREC T Enabled true false port Number refer to default settings an possible parameters for constraints...

Page 123: ...xxx xx xx MQTT MQTT Enabled true false port Number refer to default settings an possible parameters for constraints address White list xx xxx xx xx 3 7 6 10 1 Additional information 3 7 7 Protocols 3...

Page 124: ...the remote monitoring connection settings 1 Enable the Remote monitoring services 2 Configure the Proxy if needed 3 Configure Advanced settings if so advised by the service support and Save after mod...

Page 125: ...itoring Services DNS is set correctly Proxy is set correctly Certificate verification is OK Pending approval The Network Module is connected to the Remote Monitoring Services but not registered to it...

Page 126: ...o the Remote Monitoring Services has failed Certificate verification failed Items to check with your network administrator Proxy does not use a custom certificate to intercept traffic Troubleshooting...

Page 127: ...e syslog server settings 1 Enable syslog Press Save after modifications 2 Configure the syslog server Click the edit icon to access settings Enter or change the server name Select Yes in the Active dr...

Page 128: ...mpty Port 514 Protocol UDP Message transfer method DIsabled in UDP Using unicode byte order mask BOM disabled Enable disable enable Server 1 Name 128 characters maximum Active No Yes Hostname 128 char...

Page 129: ...arent framing Using unicode byte order mask BOM disable enable Server 2 Name 128 characters maximum Status Disabled Enabled Hostname 128 characters maximum Port x xxx Protocol UDP TCP Message transfer...

Page 130: ...ET_COUNTING usingByteOrderMask true false security ssl verifyTlsCert true false name String refer to default settings an possible parameters for constraints enabled true false hostname String refer to...

Page 131: ...IB ATS2 MIB Standard IETF UPS MIB RFC 1628 Sensor MIB Press the Supported MIBs button to download the MIBs 3 7 8 1 1 Settings This screen allows an administrator to configure SNMP settings for compute...

Page 132: ...nication Press Save after modifications b Configure the SNMP V1 V2C settings 1 Click the edit icon on either Read Only or Read Write account to access settings 2 Enter the SNMP Community Read Only str...

Page 133: ...ate the account 4 Select access level Read only The user does not use authentication and privacy to access SNMP variables Read Write The user must use authentication but not privacy to access SNMP var...

Page 134: ...security mechanism select the Privacy algorithms AES fill in password and privacy keys The password can be between 8 and 24 characters and use a combination of alphanumeric and the following special...

Page 135: ...ers 2 Set following settings Enabled Yes No Application name Hostname or IP address Port Protocol V1 V2C V3 Trap community V1 V2C User V3 3 Press the SAVE button b Remove Select a trap receiver and pr...

Page 136: ...ead Write Authentication Auth SHA 1 Password empty Confirm password empty Privacy Secured AES Key empty Confirm key empty Activate SNMP disable enable Port x xxx SNMP V1 disable enable Community 1 128...

Page 137: ...7 8 6 Troubleshooting 3 7 8 6 1 For other issues 3 7 8 7 Save and Restore SRR section SRR sub section Settings Sub settings Example SNMP snmp enabled true port Number refer to default settings an poss...

Page 138: ...true false algorithm password plaintext String refer to default settings an possible parameters for constraints cyphered priv enabled true false algorithm password plaintext String refer to default s...

Page 139: ...nstraints host port Number refer to default settings an possible parameters for constraints community protocol 1 V1 2 V2C 3 V3 user enabled true false 3 7 8 7 1 Additional information 3 7 9 Certificat...

Page 140: ...secured and trusted network For maximum security we recommend following one of the two methods on the certificate settings page Import agent s certificates manually Generate trusted certificate for bo...

Page 141: ...nd then press the Revoke button A confirmation window appears press Continue to proceed this operation cannot be recovered b Export Exports the selected certificate on your OS browser window c Configu...

Page 142: ...ollowing Certificate summary Actions Generate a new self signed certificate Generate a certificate signing request CSR Generate a certificate signing request excluding IP addresses CA CB compliance Im...

Page 143: ...side the card h Import certificate When the CSR is signed by the CA it can be imported into the Network Module When the import is complete the new local certificate information is displayed in the tab...

Page 144: ...rtificate Used for Issued by Issued to Valid from Expiration In case a certificate expires the connection with the client will be lost If this happens the user will have to recreate the connection and...

Page 145: ...4 characters maximum 3 7 9 5 1 For other settings 3 7 9 6 Access rights per profiles Administrator Operator Viewer Certificate 3 7 9 6 1 For other access rights 3 7 9 7 CLI commands certificates Descr...

Page 146: ...PASSWORD batch certificates local export SERVICE_NAME import over SSH type FILE plink USER CARD_ADDRESS pw PASSWORD batch certificates local import SERVICE_NAME csr over SSH plink USER CARD_ADDRESS p...

Page 147: ...dule with IPP IPM and check that the status of the Protected applications MQTT is now valid Communication will then recover if not go to Action 2 STEP 2 Action 2 Pair agent to the Network Module with...

Page 148: ...or other issues 3 7 9 9 Save and Restore SRR section Settings Example Certificate issuer configuration certificateSettings country String refer to default settings an possible parameters for constrain...

Page 149: ...u can see a list of the device characteristics For details on Save and Restore see the Save and Restore section Some UPS may support the download of their system logs This may prove useful in case the...

Page 150: ...the battery is getting close to its estimated end of life Output voltage To select the output voltage that fits best your need 3 8 2 1 Specifics 3 8 2 2 Access rights per profiles Administrator Opera...

Page 151: ...ty LIA UPS Input when the power source of the ATS is a Line Interactive UPS Transfer mode To set the transfer mode between sources Standard by default with no additional break even if sources are no s...

Page 152: ...u chose State Reflect the state of the selected UPM Model The family model of the selected UPM Vendor The vendor of the selected UPM Communication Reflect if the UPM is communicating well with the UPS...

Page 153: ...rk Module does not monitor the Device status To upgrade the firmware 1 Download the latest firmware version from the website For more information see the Servicing the Network Management Module Access...

Page 154: ...g to the folder where you saved the downloaded firmware 4 Click Upload The upload can take up to 5 minutes The firmware that was inactive will be erased by this operation When an upgrade is in progres...

Page 155: ...upgrading the firmware Possible Cause 1 The IP address has changed 2 The Network module LED shows solid red after the upgrade 3 The first boot after the upgrade takes a longer time Note If the applica...

Page 156: ...Possible causes The browser is displaying the Web interface through the cache that contains previous FW data Action Empty the cache of your browser using F5 or CTRL F5 3 9 1 5 1 For other issues 3 9 2...

Page 157: ...1 Service options 3 9 3 1 1 Sanitization Sanitization removes all the data the Network Module will come back to factory default settings To sanitize the Network Module 1 Click Sanitize A confirmation...

Page 158: ...ely less than 2min 3 9 3 1 3 Settings Allow to save and restore the Network module settings Depending on your network configuration the Network Module may restart with a different IP address Refresh t...

Page 159: ...t to include the Network settings if needed A passphrase need to be entered twice to cypher the sensitive data 3 Click on Save 3 9 3 1 5 Restore Below settings are not saved Local users other than the...

Page 160: ...For safety reason re enter your own password to confirm your idendity 3 9 3 1 6 Maintenance The maintenance report is for the service representative use to diagnose problems with the network module It...

Page 161: ...eport by running the maintenance command Then retrieve the report from the card using SCP From a linux host sshpass p PASSWORD scp USER CARD_ADDRESS report zip From a Windows host pscp scp pw PASSWORD...

Page 162: ...mples of usage From a linux host Save over SSH sshpass p PASSWORD ssh USER CARD_ADDRESS save_configuration p PASSPHRASE FILE Restore over SSH cat FILE sshpass p PASSWORD ssh USER CARD_ADDRESS restore_...

Page 163: ...hout confirmation cr Do factory reset of the card 3 9 3 3 1 For other CLI commands 3 9 4 Resources Card resources is an overview of the Network Module processor memory and storage information The COPY...

Page 164: ...64 3 9 4 2 Memory Total size in MB Available size in MB Application size in MB Temporary files size in MB 3 9 4 3 Storage Total size in MB Available size in MB Used size in MB 3 9 4 4 Access rights pe...

Page 165: ...d MB tmpfs temporary files usage MB Flash user data total MB free MB used MB Help systeminfo_statistics Display systeminfo statistics h help Display the help page 3 9 4 5 1 For other CLI commands 3 9...

Page 166: ...Y TO CLIPBOARD button will copy the information to the clipboard 3 9 6 1 Identification System name if filled it replaces the Device model name in the top bar Product Physical name Vendor UUID Part nu...

Page 167: ...er version 3 9 6 3 Access rights per profiles Administrator Operator Viewer System information 3 9 6 3 1 For other access rights 3 10 Alarms 3 10 1 Alarm sorting Alarms can be sorted by selecting All...

Page 168: ...d 10 15 25 50 100 When the number of alarms is above the number of alarms per page the buttons First Previous and Next appears to allow navigation in the Alarm list 3 10 5 Export Press the Export butt...

Page 169: ...r Alarm list Export Clear 3 10 8 1 For other access rights 3 11 User profile 3 11 1 Access to the user profile Press the icon on the top right side of the page to access the user profile window For ot...

Page 170: ...User profile Contextual help of the web interface 170 3 11 2 User profile This page displays the current username with its realm local remote and allows to Change passwords Edit account and Log out...

Page 171: ...1 2 1 Account settings If you have the administrator s rights you can click on Edit account to edit user profile and update the following information Account details Full name Email Phone Organization...

Page 172: ...web interface 172 3 11 2 2 Change password Click on Change password to change the password In some cases it is not possible to change the password if it has already been changed within a day period R...

Page 173: ...ous open source license or under a proprietary license 3 11 4 Component All the open source components included in the Network Module are listed with their licenses 3 11 5 Availability of source code...

Page 174: ...mum Email 128 characters maximum Phone 64 characters maximum Organization 128 characters maximum Preferences Language English French German Italian Japanese Russian Simplified Chinese Spanish Traditio...

Page 175: ...hoami displays current user information Username Profile Realm 3 11 9 1 For other CLI commands 3 11 10 Troubleshooting Password change in My profile is not working Symptoms The password change shows I...

Page 176: ...fer to default settings an possible parameters for constraints email String refer to default settings an possible parameters for constraints phone String refer to default settings an possible paramete...

Page 177: ...e into below sections Installing the Network Management Module How to install and access the Network module Contextual help of the web interface Help for each webpage Extracts from the sections below...

Page 178: ...the web interface 178 3 12 2 Access rights per profiles Administrator Operator Viewer Contextual help Full documentation 3 12 2 1 For other access rights For other access rights see the Information Ac...

Page 179: ...by a CA import the corresponding CA in the Certificate authorities CA list for LDAP service Configure credentials to bind with the LDAP server or select anonymous if no credentials are required Config...

Page 180: ...nning 4 2 Pairing agent to the Network Module Authentication and encryption of connections between the UPS network module and shutdown agents is based on matching certificates 4 2 1 Pairing with crede...

Page 181: ...ck scan Range scan or an Address es scan 3 Define the power source Note After that stage the agent creates a client certificate The power source could show a communication loss since the current clien...

Page 182: ...ne as described below Group 1 Applications Group 2 Database servers Primary Storage 4 3 1 3 Step 2 Agent settings 4 3 1 3 1 Objective Ensure IT solution is shutdown gracefully 4 3 1 3 2 Resulting setu...

Page 183: ...extual help Protection Shutdown on power outage page of the Network Module 2 Make sure Primary is set to Maximize availability Storage is the last one to power down its availability is maximized and i...

Page 184: ...rk Management Module 184 4 3 2 Powering down non priority equipment first 4 3 2 1 Target Powering down non priority equipment first immediately and keep battery power for critical equipment Powering d...

Page 185: ...d below Group 2 non priority equipment Group 1 critical equipment Primary critical equipment 4 3 2 3 Step 2 Agent settings 4 3 2 3 1 Objective Ensure IT solution is shutdown gracefully 4 3 2 3 2 Resul...

Page 186: ...ts 4 3 2 4 Step 3 Power outage policy settings 4 3 2 4 1 Objective Use load segment policies to define shutdown sequencing 4 3 2 4 2 Resulting setup 1 Navigate to Contextual help Protection Shutdown o...

Page 187: ...re the end of backup time 3 Set Group 2 to Immediate off Non priority equipment immediately shuts down when on battery for 10s to keep battery power for critical equipment 4 3 3 Restart sequentially t...

Page 188: ...pment on utility recovery 4 3 3 2 2 Resulting setup UPS provides outlets Group 1 and Group 2 and a primary output Connections to UPS can be done as described below Group 1 Applications Group 2 Databas...

Page 189: ...work Module can be accessed in The Top bar Firmware version x xx x The Card menu Contextual help Maintenance System information Firmware information Version x xx x The Card menu Contextual help Mainte...

Page 190: ...ss ip address of the card to upgrade r reboot the card after upgrade 4 6 3 Example install_updatePackage sh u admin p mypassword f FW_Update tar i cardIpAddress r STARTING UPDATE FROM FW_Update tar to...

Page 191: ...and remove it from the slot 3 Locate the RTC battery cell located on the back of the Network Module 4 Get a new battery cell CR1220 type 5 Replace the battery cell the positive mark should be visible...

Page 192: ...k Module 4 9 1 2 If the Network Module time is lost The Network Module and the UPS time is synchronized with the oldest time between the last know Network Module time and the UPS time 4 9 2 Manual tim...

Page 193: ...r current password the new password twice 4 Press Submit to save the changes 4 12 Recovering main administrator password To recover the main administrator password ask another administrator to initial...

Page 194: ...eeded Connect the Network Module by using the default credentials of the main administrator admin admin You will be forced to change the password accordingly to the current password strength rules 4 1...

Page 195: ...the diagram 4 15 Subscribing to a set of alarms for email notification 4 15 1 Example 1 subscribing only to one alarm load unprotected Follow the steps below 1 Navigate to Contextual help Settings Ge...

Page 196: ...l Email notification settings 2 Press the button New to create a new configuration 3 Select Active Yes Configuration name ALL Critical and User account Warning notification Email address myaddress myc...

Page 197: ...Network Management Module 197 4 Press Save the table will show the new configuration 4 16 Saving Restoring Duplicating Network module configuration settings 4 16 1 Modifying the JSON configuration set...

Page 198: ...File block cannot be modified this is the mandatory structure of the JSON file 4 16 1 1 2 Feature block Feature block contains the full definition of a feature If it is removed from the JSON file this...

Page 199: ...he JSON file these values will not be updated restored c Values Values can be kept as is modified or removed Removed values will not be updated restored 4 16 1 2 Sensitive data like passwords JSON fil...

Page 200: ...sers is not yet available only the predefined account main administrator can be modified 4 16 1 3 3 Modifying SNMP settings Original file Modified file SNMP disabled SNMP enabled on port 161 SNMPv1 di...

Page 201: ...ork Management Module 201 Original file Modified file 4 16 1 3 4 Making a partial update restoration a Example Updating Restoring only LDAP settings If you restore below JSON content only LDAP setting...

Page 202: ...te objectSid x x x xx xxxxxxxxxx xxxxxxxxxx xxxxxxxxxx groupBaseDN OU xxxx DC xxxx groupNameAttribute xx gidAttribute objectSid x x x xx xxxxxxxxxx xxxxxxxxxx xxxxxxxxxx profileMapping remoteGroup xxx...

Page 203: ...easing concern regarding cybersecurity across industries where companies are steadily integrating field devices into enterprise wide information systems This occurs in discrete manufacturing and proce...

Page 204: ...grams and provides access to that device Worm a device program that spreads without user interaction and affects the stability and performance of the ICS network Spyware a device program that changes...

Page 205: ...l protection methods that hide and protect individual devices and computers in a control network These firewalls communicate at the application layer and can provide better inspection capabilities Bec...

Page 206: ...ntrol both physical and logical should be defined and implemented The key consideration when designing access control is defining the required interactions both within a given zone and between zones T...

Page 207: ...ndards 5 1 7 1 Understanding an ICS network Creating an inventory of all the devices applications and services that are hosted in a network can establish an initial baseline for what to monitor Once t...

Page 208: ...ce Extensive testing needs to be conducted before deployment to minimize this impact 5 1 7 5 Continuous assessment and security training It is critical that ICS network administrators and regular user...

Page 209: ...ignificant concern compensating controls should be investigated 5 1 8 Conclusion To protect important assets all organizations must take cybersecurity threats seriously and meet them proactively with...

Page 210: ...bersecurity with Defense In Depth Strategies October 2009 https ics cert us cert gov sites default files FactSheets NCCIC 20ICS_FactSheet_Defense_in_Depth_Strategies_S508C pdf 2 NIST SP 800 82 Guide t...

Page 211: ...roducts and deploying cybersecurity best practices in its products and solutions making them more secure reliable and competitive for customers The following whitepapers are available for more informa...

Page 212: ...IPV4 Status Mode Address Netmask Gateway Domain Mode FQDN Primary DNS Secondary DNS IPV6 Status Mode Addresses 5 2 2 1 3 UPS details It can be retrieved by navigating to Home Details or Home Energy fl...

Page 213: ...ng running between equipment cabinets The Network module supports the following physical access ports RJ45 USB A USB Micro B Access to these ports should be restricted Do not connect removable media e...

Page 214: ...ronization Many operations in power grids and IT networks heavily depend on precise timing information Ensure the system clock is synchronized with an authoritative time source using manual configurat...

Page 215: ...luding all administrative and maintenance activities Logs should be protected from tampering and other risks to their integrity for example by restricting permissions to access and modify logs transmi...

Page 216: ...ed including Updated firmware for the Network module Make it a part of standard operating procedure to update the backup copy as soon as the latest firmware is updated The current configuration Docume...

Page 217: ...le board should be destroyed For the Network module the whole board should be destroyed Destroy Shred disintegrate pulverize or Incinerate by burning the device in a licensed incinerator 5 2 3 Referen...

Page 218: ...alpublication800 41r1 pdf 5 3 Configuring user permissions through profiles The user profile can be defined when creating a new users or changed when modifying an existing one Refer to the section Con...

Page 219: ...es installation by enabling you to install the probe safely without turning off power to the device or to the loads that are connected to it The EMP monitors temperature and humidity information to he...

Page 220: ...the other EMPs 6 3 1 1 1 Example manual addressing of 3 EMPs connected to the Device 6 3 2 Mounting the EMP The EMP includes magnets cable ties slots and keyholes to enable multiple ways of mounting...

Page 221: ...ener Side mounting magnets tie wraps 6 3 2 1 Rack mounting with keyhole example To mount the EMP on the rack use the supplied screw washer and nut Then mount the EMP on the screw and tighten it 6 3 2...

Page 222: ...nd tighten it 6 3 2 4 Wall mounting with nylon fastener example To mount the EMP within the enclosure environment attach one nylon fastener to the EMP and the other nylon fastener to an enclosure rail...

Page 223: ...ble not supplied Device 6 3 3 2 2 Connection steps STEP 1 Connect the USB to RS485 converter cable to the USB port of the Device STEP 2 Connect the USB to RS485 converter cable to the RJ45 female fema...

Page 224: ...Connect the Ethernet cable to the TO SENSORS port of the first EMP and to the FROM DEVICE port of the second EMP STEP 2 Connect the Ethernet cable to the TO SENSORS port of the second EMP and to the...

Page 225: ...appears STEP 2 Navigate to Environment menu STEP 3 Proceed to the commissioning refer to the contextual help for details Click Discover The EMP connected to the Network module appears in the table Pr...

Page 226: ...tches to 1 to set the EMP to the address 31 as indicated on the picture below 6 5 2 Commissioning the EMP Refer to the section Contextual help Environment Commissioning Status 6 5 3 Enabling temperatu...

Page 227: ...twork Module is connected to the network but no activity detected Flashing yellow UPS Network Module is connected to the network and sending or receiving data AUX connector For Network Module accessor...

Page 228: ...tive humidity 5 95 noncondensing Module performance Module input power 5V 12V 5 1A AUX output power 5V 5 200mA Date Time backup CR1220 battery coin cell The RTC is able to keep the date and the time w...

Page 229: ...ngs and possible parameters Meters Default setting Possible parameters Meters Logs Log measures every 60s Log measures every 3600s maximum 7 3 2 Settings Default settings and possible parameters Gener...

Page 230: ...otify events with code Schedule report Active No Yes Recurrence Every day Every week Every month Starting Date and time Card events Subscribe Attach logs Device events Subscribe Attach measures Attach...

Page 231: ...le enable Lock account Lock account after xx invalid tries disabled Main administrator account never blocks disabled Lock account after xx invalid tries disable enable 1 99 Main administrator account...

Page 232: ...ificate disabled enabled Primary server Name 128 characters maximum Hostname 128 characters maximum Port x xxx Secondary server Name 128 characters maximum Hostname 128 characters maximum Port x xxx C...

Page 233: ...1 to 65535 Time out 3 to 60 Users preferences Language English French German Italian Japanese Russian Simplified Chinese Spanish Traditional Chinese Temperature unit C Celsius Date format MM DD YYYY...

Page 234: ...r mask BOM disabled Inactive Active Server 1 Name 128 characters maximum Status Disabled Enabled Hostname 128 characters maximum Port x xxx Protocol UDP TCP Message transfer method Non transparent fra...

Page 235: ...128 characters maximum Enabled Inactive Active Access Read Write SNMP V3 disable enable User 1 32 characters maximum Enabled Inactive Active Access Read only Read Write Authentication Auth SHA 1 None...

Page 236: ...ters maximum 7 3 3 Sensors alarm configuration Default settings and possible parameters Environment Alarm configuration Default setting Possible parameters Temperature Enabled No Low critical 0 C 32 F...

Page 237: ...Temperature C Celsius Account details Full name 128 characters maximum Email 128 characters maximum Phone 64 characters maximum Organization 128 characters maximum Preferences Language English French...

Page 238: ...rs Administrator Operator Viewer Meters Battery health Launch test Abort Logs configuration 7 4 3 Controls Administrator Operator Viewer Control 7 4 4 Protection Administrator Operator Viewer Protecti...

Page 239: ...oning Environment Status Administrator Operator Viewer Environment Alarm configuration Administrator Operator Viewer Environment Information 7 4 6 Settings Administrator Operator Viewer General Admini...

Page 240: ...TS 7 4 7 Maintenance Administrator Operator Viewer System information Administrator Operator Viewer Firmware Administrator Operator Viewer Services Administrator Operator Viewer Resources Administrato...

Page 241: ...help Administrator Operator Viewer Contextual help Full documentation 7 4 11 CLI commands Administrator Operator Viewer get release info Administrator Operator Viewer history Administrator Operator Vi...

Page 242: ...rator Operator Viewer save_configuration restore_configuration Administrator Operator Viewer sanitize Administrator Operator Viewer ssh keygen Administrator Operator Viewer time read only read only Ad...

Page 243: ...Failed to start execution of script script description Client not registered script uuid logSystem csv 0700400 Error Execution of script script description failed with return code script return code s...

Page 244: ...stem csv 0C00B00 Warning Unable to send email Recipient not specified logSystem csv 0F01300 Warning Card reboot due to Device FW upgrade logSystem csv 1000F00 Warning feature settings partial restorat...

Page 245: ...ent certificate id is added for service logSystem csv 0E00600 Notice Certificate authority Client certificate id is revoked for service logSystem csv 0700100 Info Start execution of script script desc...

Page 246: ...00 Notice Network module is operating logSystem csv 0100F00 Notice Network module is starting shutdown sequence logSystem csv 0101000 Notice Network module is ending shutdown sequence logSystem csv 01...

Page 247: ...script parameters logSystem csv 0D00900 Notice IPv4 configuration changed to ipsv4_address logSystem csv 0D01000 Notice IPv6 configuration changed to ipsv6_address logSystem csv 0E00100 Notice Outlet...

Page 248: ...e required 607 Critical Battery test failed Battery test OK Check battery 60D Critical No battery Battery present Check battery 61B Critical Battery BMS fault Battery BMS OK Check battery 629 Critical...

Page 249: ...No more on battery 007 Warning Fan fault Fan OK Service required 00B Warning Parallel UPS redundancy lost Parallel UPS redundancy OK Reduce output load 00E Warning Parallel UPS communication lost Par...

Page 250: ...wiring OK Check bypass wiring 300 Warning DC bus too high DC bus voltage OK Service required 301 Warning DC bus too high DC bus voltage OK Service required 302 Warning DC bus too low DC bus voltage OK...

Page 251: ...heck battery 634 Warning Battery temperature low warning Battery temperature OK Check battery 636 Warning Battery temperature high warning Battery temperature OK Check battery 638 Warning Battery BMS...

Page 252: ...ing Output phase 2 overload Output phase 2 no overload 821 Warning Output phase 3 overload Output phase 3 no overload 900 Warning Maintenance bypass Not on maintenance bypass 901 Warning Maintenance b...

Page 253: ...ency On ESS mode High efficiency disabled ESS disabled 01F Good Ready On normal mode 60E Good UPS external battery set as No battery UPS external battery set as present 826 Good Load powered with no c...

Page 254: ...al Battery charger fault Battery charger OK 2036 Critical Bypass AC static switch failure Bypass AC static switch OK 2246 Critical Neutral current limitation Neutral current OK 2048 Critical Inverter...

Page 255: ...Critical Output breaker failure Output breaker OK 2165 Critical Output phase 1 extreme overload Output phase 1 no extreme overload 2166 Critical Output phase 2 extreme overload Output phase 2 no extre...

Page 256: ...erload No bypass overload 2328 Critical Bypass thermal overload Bypass thermal OK 2364 Critical Internal failure End of internal failure 2365 Critical Ground fault Ground OK 2380 Critical Output phase...

Page 257: ...o high Inverter output current OK 2028 Warning DC bus voltage too high DC bus voltage OK 2029 Warning DC bus voltage too low DC bus voltage OK 2047 Warning Battery discharge current too high Battery d...

Page 258: ...oad Output phase 3 no overload 2168 Warning Battery discharging Battery no longer discharging 2169 Warning On bypass No longer on bypass 2170 Warning Load not powered Load powered 2176 Warning Compati...

Page 259: ...longer out of sync 2396 Warning Input frequency out of sync Input frequency no longer out of sync 2397 Warning Output frequency out of sync Output frequency no longer out of sync 7 5 3 3 Info Code Se...

Page 260: ...ld be closed Automatic bypass breaker closed 2196 Info On AVR Buck End of AVR Buck 2197 Info On AVR Boost End of AVR Boost 2202 Info Ambient temperature is too Low Ambient temperature is OK 2204 Info...

Page 261: ...Unsynchronized sources Synchronized sources F01 Warning Frequency out of range Frequency in range F02 Warning Out of range In range F04 Warning Voltage in derated range Voltage in normal range F06 War...

Page 262: ...n range F1A Warning On alternate source 7 5 4 3 Good Code Severity Active message Non active message Advice F05 Good Source 1 used to power the load Source 1 not used to power the load F0A Good Source...

Page 263: ...tion lost Communication recovered 1202 Warning Temperature is low Temperature is back to normal 1203 Warning Temperature is high Temperature is back to normal 1212 Warning Humidity is low Humidity is...

Page 264: ...ssage Non active message Advice 1016 Info Protection sequential shutdown scheduled Protection sequential shutdown canceled 1017 Info Protection sequential shutdown in progress Protection sequential sh...

Page 265: ...or reference only Trap oid 1 3 6 1 2 1 33 2 0 x Description 1 3 6 1 2 1 33 2 0 1 Sent whenever the UPS transfers on battery then sent every minutes until the UPS Comes back to AC Input 1 3 6 1 2 1 33...

Page 266: ...6 1 2 Xups Mib traps This information is for reference only Trap oid 1 3 6 1 4 1 534 1 11 4 1 0 x Trap message at oid 1 3 6 1 4 1 534 1 1 1 3 0 Code HID For UPS 5P 5PX 9SX 9PX 9xPM 9xE 9xPS Code XCP...

Page 267: ...4 1 534 1 11 4 1 0 20 Breaker open 103 204 606 2106 2107 2108 2109 2137 2251 2252 2254 2255 2252 1 3 6 1 4 1 534 1 11 4 1 0 23 Battery test failed 607 61B 2149 2191 2247 1 3 6 1 4 1 534 1 11 4 1 0 25...

Page 268: ...munication lost 1 3 6 1 4 1 534 10 2 10 2 Communication recovered 1 3 6 1 4 1 534 10 2 10 3 Output powered 1 3 6 1 4 1 534 10 2 10 4 Output not powered 1 3 6 1 4 1 534 10 2 10 5 Overload 1 3 6 1 4 1 5...

Page 269: ...each sensor connected changes 1 3 6 1 4 1 534 6 8 1 2 0 1 Sent whenever one status of each temperature changes 1 3 6 1 4 1 534 6 8 1 3 0 1 Sent whenever one status of each humidity changes 1 3 6 1 4 1...

Page 270: ...if the command is already resolved inserts a space MOVEMENT KEYS CTRL A Move to the start of the line CTRL E Move to the end of the line up Move to the previous command line held in history down Move...

Page 271: ...ays recent commands executed on the card 7 7 4 2 Help history cr Display the current session s command line history by default display last 10 commands Unsigned integer Set the size of history list ze...

Page 272: ...e the maintenance report by running the maintenance command Then retrieve the report from the card using SCP 7 7 6 3 1 From a linux host sshpass p PASSWORD scp USER CARD_ADDRESS report zip 7 7 6 3 2 F...

Page 273: ...atus and MAC address d domain display Domain mode FQDN Primary and Secondary DNS 4 ipv4 display IPv4 Mode Address Netmask and Gateway 6 ipv6 display IPv6 Mode Addresses and Gateway Set commands are us...

Page 274: ...0 00 Set Adress Netmask and Gateway netconf set ipv4 manual 192 168 0 1 255 255 255 0 192 168 0 2 Disable IPv6 7 7 7 3 Examples of usage Display Link status and MAC address netconf l Set Auto negotiat...

Page 275: ...ping6 The ping6 utility uses the ICMP protocol s mandatory ECHO_REQUEST datagram to elicit an ICMP ECHO_RESPONSE from a host or gateway ECHO_REQUEST datagrams pings have an IP and ICMP header followed...

Page 276: ...rvice networkInterfaces eth0 ipv4 Result managers 1 networkService networkInterfaces eth0 ipv4 status managers 1 networkService networkInterfaces eth0 ipv4 address managers 1 networkService networkInt...

Page 277: ...managers 1 identification location 7 7 13 rest exec 7 7 13 1 Usage rest exec path payload This command runs the action at the resource identified by path payload is an optional argument and is action...

Page 278: ...E plink USER CARD_ADDRESS pw PASSWORD batch restore_configuration p PASSPHRASE Require plink tools from putty Where USER is user name the user shall have administrator profile PASSWORD is the user pas...

Page 279: ...lay help cr Renew SSH keys 7 7 16 3 Specifics 7 7 16 4 Access rights per profiles Administrator Operator Viewer ssh keygen 7 7 17 time 7 7 17 1 Description Command used to display or change time and d...

Page 280: ...ternate NTP servers time set ntpmanual fr pool ntp org de pool ntp org 7 7 17 3 Examples of usage Set date 2017 11 08 and time 22 00 time set manual 201711082200 Set preferred and alternate NTP server...

Page 281: ...ile Realm 7 7 19 2 Specifics 7 7 19 3 Access rights per profiles Administrator Operator Viewer whoami 7 7 20 email test 7 7 20 1 Description mail test sends test email to troubleshoot SMTP issues 7 7...

Page 282: ...ge CPU usage upSince date since the system started Ram total MB free MB used MB tmpfs temporary files usage MB Flash user data total MB free MB used MB 7 7 21 2 Help systeminfo_statistics Display syst...

Page 283: ...es local import SERVICE_NAME csr over SSH sshpass p PASSWORD ssh USER CARD_ADDRESS certificates local csr mqtt 7 7 22 3 2 From a Windows host plink tools from putty is required print over SSH plink US...

Page 284: ...org This product includes cryptographic software written by Eric Young eay cryptsoft com This product includes software released under MIT license and developed by various projects peoples and entiti...

Page 285: ...TLS IPP Intelligent Power Protector is a web based application that enables administrators to manage an Devices from a browser based management console Administrators can monitor manage and control a...

Page 286: ...ifying that information to change device behavior SSH Secure Shell is a cryptographic network protocol for operating network services securely over an unsecured network SSL Secure Sockets Layer is a c...

Page 287: ...Acronyms and abbreviations Information 287...

Page 288: ...nfigure the UPS settings and allow remote commands Example UPS menu Settings ON OFF settings Remote command Enable 8 2 Card wrong timestamp leads to Full acquisition has failed error message on Softwa...

Page 289: ...the EMPs connection and cables Refer to the sections Servicing the EMP Installing the EMP Cabling the first EMP to the device and Servicing the EMP Installing the EMP Daisy chaining 3 EMPs 2 Disconnec...

Page 290: ...the same on the missing EMPs 8 5 2 2 Action 2 1 1 Change the address of the EMPs to have different address and avoid all switches to 0 Refer to the section Servicing the EMP Defining EMPs address and...

Page 291: ...ddress Location field enter https xxx xxx xxx xxx where xxx xxx xxx xxx is the static IP address of the Network Module The log in screen appears Enter the user name in the User Name field Enter the pa...

Page 292: ...tector configs tls 8 8 LDAP configuration commissioning is not working Refer to the section Servicing the Network Management Module Commissioning Testing LDAP 8 9 Password change in My profile is not...

Page 293: ...xample the boot will be done on previous firmware 8 11 2 Action 1 Recover the IP address and connect to the card 2 Reset the Network module by using the Restart button on the front panel 3 Wait until...

Page 294: ......

Reviews:

No comments

Related manuals for Network-M3

Garland P1GCCAS Installation Manual preview
P1GCCAS
Brand: Garland Pages: 4
i-MO 540 Series Product Installation Manual preview
540 Series
Brand: i-MO Pages: 58
D-Link DSR-500 User Manual preview
DSR-500
Brand: D-Link Pages: 213
Ubiquiti U5-24-500W Quick Start Manual preview
U5-24-500W
Brand: Ubiquiti Pages: 23
Clavister NetWall W20A Getting Started Manual preview
NetWall W20A
Brand: Clavister Pages: 89
Enginko MCF-LW06424 Operating Manual preview
MCF-LW06424
Brand: Enginko Pages: 19
Dust Networks SmartMesh IA-510 D2511 Manager'S Manual preview
SmartMesh IA-510 D2511
Brand: Dust Networks Pages: 30
Draytek Vigor 2700G Specifications preview
Vigor 2700G
Brand: Draytek Pages: 2
Genie IP8ESP User Manual preview
IP8ESP
Brand: Genie Pages: 6
Supermicro AOC-MGP-i2 User Manual preview
AOC-MGP-i2
Brand: Supermicro Pages: 27
Cisco MERAKI MX450 Installation Manual preview
MX450
Brand: Cisco MERAKI Pages: 4
B&B Electronics Elinx EIR508 Series Quick Start Manual preview
Elinx EIR508 Series
Brand: B&B Electronics Pages: 2
Symantec SV1800 Series Safety And Regulatory Compliance Manual preview
SV1800 Series
Brand: Symantec Pages: 100
Raven RFMOW V2 User Manual preview
RFMOW V2
Brand: Raven Pages: 33
Cayman Systems 2E-H-W User Manual preview
2E-H-W
Brand: Cayman Systems Pages: 170
Valcom VIP-997 Manual preview
VIP-997
Brand: Valcom Pages: 4
ZyXEL Communications GS-1116A Supplementary Manual preview
GS-1116A
Brand: ZyXEL Communications Pages: 1
Juniper EX4600 Hardware Manual preview
EX4600
Brand: Juniper Pages: 230

Brands by name

Popular brands

Load more brands