CHAPTER 5: SETTINGS
PRODUCT SETUP
L60 LINE PHASE COMPARISON SYSTEM – INSTRUCTION MANUAL
5-23
5
DEVICE AUTHENTICATION —
This setting is enabled by default, meaning "Yes" is selected. When enabled, Device
authentication with roles is enabled. When this setting is disabled, the UR only authenticates to the AAA server (RADIUS).
However, the Administrator and Supervisor (when enabled) remain active even after device authentication is disabled and
their only permission is to re-enable Device authentication. To re-enable Device authentication, the Supervisor unlocks the
device for settings changes, then the Administrator re-enables device authentication.
BYPASS ACCESS
— The bypass security feature provides an easier access, with no authentication and encryption for those
special situations when this is considered safe. Only the Supervisor, or the Administrator when the Supervisor role is
disabled, can enable this feature.
The bypass options are as follows:
•
Local — Bypasses authentication for push buttons, keypad, RS232, and RS485
•
Remote — Bypasses authentication for Ethernet
•
Local and Remote — Bypasses authentication for push buttons, keypad, RS232, RS485, and Ethernet
•
Pushbuttons — Bypasses authentication for front panel push buttons only. On the graphical front panel, the
authentication for side pushbuttons to control breakers and disconnects also is bypassed.
LOCK RELAY
— This setting uses a Boolean value (Enabled/Disabled) to indicate if the device accepts settings changes and
whether the device can receive a firmware upgrade. This setting can be changed by the Supervisor role, if it is enabled, or
by the Administrator if the Supervisor role is disabled. The Supervisor role disables this setting for the relay to start
accepting settings changes, command changes, or firmware upgrade. After all the setting changes are applied or
commands executed, the Supervisor enables to lock settings changes.
Example:
If this setting is enabled and an attempt is made to change settings or upgrade the firmware, the UR device
denies the settings changes or denies upgrading the firmware. If this setting is disabled, the UR device accepts settings
changes and firmware upgrade.
This role is disabled by default.
FACTORY SERVICE MODE
— When Enabled, the device can go into factory service mode. For this setting to become enabled a
Supervisor authentication is necessary. The default value is Disabled.
SUPERVISOR ROLE
— When Enabled, the Supervisor role is active. To Disable this setting a Supervisor authentication is
necessary. If disabled, the Supervisor role is not allowed to log in. In this case, the Administrator can change the settings
under the Supervisory
menu.
If enabled, Supervisor authentication is required to change the settings in the Supervisory menu. If the Supervisor disables
their role after authentication, the Supervisor session remains valid until they switch to another role using MMI or until they
end the current Supervisor session if using communications.
This role is disabled by default.
SERIAL INACTIVITY TIMEOUT
— The role logged via a serial port is auto logged off after the Serial Inactivity timer times out. A
separate timer is maintained for RS232 and RS485 connections. The default value is 1 minute.
GE recommends setting this value to at least 3 minutes for the following scenario: while connected to a CyberSentry
device, with serial or USB cable connected to the front panel, and performing "Add Device to Offline Window" or an online/
offline comparison. With less than the recommended 3 minutes, the serial activity timeout interrupts the connection and
the security role login window appears. Upon login, the process resumes.
Self-tests
SETTINGS
PRODUCT SETUP
SECURITY
SUPERVISORY
SELF TESTS
Mode
Front panel or serial (RS232, RS485)
Ethernet
Normal mode
Authentication — Role Based Access Control (RBAC)
and passwords in clear
Authentication — RBAC and passwords encrypted
SSH tunneling
Bypass access mode
No passwords for allowed RBAC levels
No passwords for allowed RBAC levels
No SSH tunneling
SELF TESTS
FAILED
AUTHENTICATE
See below