GE Multilin
T35 Transformer Protection System
5-13
5 SETTINGS
5.2 PRODUCT SETUP
5
To use local authentication:
1.
Log in as outlined (Administrator or Supervisor, then Observer).
2.
After making any required changes, log off using the
Commands > Relay Maintenance > Security
menu.
Users
logged in through the front panel log out by logging in as None.
Users logged in through the front panel are not timed out and cannot be forcefully logged out by a
supervisor. Roles logged in through the front panel that do no allow multiple instances (Administrator,
Supervisor, Engineer, Operator) must switch to None (equivalent to a logout) when they are done in
order to log out.
To configure remote authentication:
1.
In the EnerVista software, in the login window, choose Device Authentication and log in as Administrator.
2.
Configure the following RADIUS server parameters: IP address, authentication port, shared secret, and vendor ID. The
following procedure outlines how to set up a simple RADIUS server, where the third-party tool used is an example.
a. Download and install
FreeRADIUS from www.freeradius.net
as the RADIUS server. This is a Windows 32-bit instal-
lation that is known to work. If you try another third-party tool and it does not work, use the FreeRADIUS software from
freeradius.net.
b. Open the radius.conf file in the <Path_to_Radius>\etc\raddb folder, locate the "bind_address" field and enter your
RADIUS server IP address. An example is
bind_address = 10.14.61.109
Text editor software that supports direct editing and saving of UNIX text encodings and line breaks, such as EditPad
Lite, is needed for this editing.
c. In the users.conf file in the <Path_to_Radius>\etc\raddb folder, add the following text to configure a user "Tester"
with an Administrator role.
Tester:
->User-Password == "Testing1!1"
->GE-UR-Role = Administrator
d. In the clients.conf file in the <Path_to_Radius>\etc\raddb folder, add the following text to define the UR as a RADIUS
client, where the client IP address is 10.0.0.2, the subnet mask is 255.255.255.0, the shared secret specified here is
also configured on the UR device for successful authentication, and the shortname is a short, optional alias that can be
used in place of the IP address.
client 10.0.0.2/24 {
secret = testing123
shortname = private-network-1
}
e. In the <Path_to_Radius>\etc\raddb folder, create a file called dictionary.ge and add the following content.
# ##########################################################
# GE VSA's
############################################################
VENDOR GE 2910
# Management authorization
BEGIN-VENDOR GE
# Role ID
ATTRIBUTE GE-UR-Role 1 integer
NOTICE
Содержание T35 UR Series
Страница 10: ...x T35 Transformer Protection System GE Multilin TABLE OF CONTENTS ...
Страница 48: ...2 18 T35 Transformer Protection System GE Multilin 2 2 SPECIFICATIONS 2 PRODUCT DESCRIPTION 2 ...
Страница 314: ...5 192 T35 Transformer Protection System GE Multilin 5 10 TESTING 5 SETTINGS 5 ...
Страница 338: ...6 24 T35 Transformer Protection System GE Multilin 6 5 PRODUCT INFORMATION 6 ACTUAL VALUES 6 ...
Страница 350: ...7 12 T35 Transformer Protection System GE Multilin 7 2 TARGETS 7 COMMANDS AND TARGETS 7 ...
Страница 366: ...8 16 T35 Transformer Protection System GE Multilin 8 2 CYBERSENTRY 8 SECURITY 8 ...
Страница 382: ...9 16 T35 Transformer Protection System GE Multilin 9 5 COMMISSIONING TEST TABLES 9 COMMISSIONING 9 ...
Страница 406: ...A 14 T35 Transformer Protection System GE Multilin A 1 PARAMETER LISTS APPENDIX A A ...
Страница 540: ...D 10 T35 Transformer Protection System GE Multilin D 1 IEC 60870 5 104 PROTOCOL APPENDIX D D ...
Страница 552: ...E 12 T35 Transformer Protection System GE Multilin E 2 DNP POINT LISTS APPENDIX E E ...
Страница 560: ...F 8 T35 Transformer Protection System GE Multilin F 3 WARRANTY APPENDIX F F ...