Western Telematic Switch AFS 16 1 User Manual

WTI Part No. 14069  
Rev. B  
AFS-16-1  
RJ45 Fallback Switch  
User's Guide  
 
 
Warnings and Cautions  
Two Power Supply Cables  
Note that the AFS-16 features two separate power inputs, and a separate power supply  
cable for each power input. Make certain to disconnect both power supply cables from  
their power source before attempting to service or remove the unit.  
Disconnect Power  
If any of the following events are noted, immediately disconnect the unit from the outlet  
and contact qualified service personnel:  
1. If the power cord becomes frayed or damaged.  
2. If liquid has been spilled into the device or if the device has been exposed to rain  
or water.  
Disconnect Power Before Servicing  
Before attempting to service or remove this unit, please make certain to disconnect the  
power supply cable from the power source.  
ii  
 
 
Table of Contents  
iii  
 
Table of Contents  
5. Basic Configuration (continued)  
iv  
 
Table of Contents  
v
 
Table of Contents  
vi  
 
Table of Contents  
List of Figures  
vii  
 
1. Introduction  
The AFS-16-1 is a versatile switching system, designed for applications that require  
routing of analog or digital signals between a common RJ45 jack and A” and “B  
RJ45 jacks. The AFS-16-1 is ideal for switching RS232, RS422/485, Ethernet/UTP or  
telephone lines.  
The system consists of a Card Rack, one Power Supply Module, one Control Module,  
and up to 16 Circuit Modules. Each Circuit Module is capable of switching all 8 pins of  
the Common RJ45 jack between Jack A” or Jack “B”. Each card can be switched by  
alarm, manually, or by command.  
The AFS-16-1 includes an assortment of alarm features, which allow the unit to monitor  
temperature, power interruptions, and invalid access attempts and then notify you  
via Email, text message, Syslog message or SNMP trap when critical conditions are  
detected. The AFS can also monitor device response to ping commands and then  
switch A/B paths and provide notification when devices fail to respond.  
Security and Co-Location Features:  
Secure Shell (SSHv2) encryption and address-specific IP security masks help to prevent  
unauthorized access to command and configuration functions.  
The AFS-16-1 also provides four different levels of security for user accounts:  
Administrator, SuperUser, User and ViewOnly. The Administrator level provides  
complete access to all A/B switching functions, status displays and configuration  
menus. The SuperUser level allows control of A/B switching, but does not allow access  
to configuration functions. The User level allows access to only a select group of  
Administrator-defined A/B circuits. The ViewOnly level allows you to check unit status,  
but does not allow A/B switching or access to configuration menus.  
The AFS-16-1 includes full Radius, LDAP and TACACS capability, DHCP and an invalid  
access lockout feature. An Audit Log records all user access, login and logout times  
and command actions, and an Alarm Log records user-defined alarm events.  
1-1  
 
 
Introduction  
Environmental Monitoring and Management:  
The AFS-16 can constantly monitor temperature levels, ping response and other factors.  
If the AFS-16 detects that user defined thresholds for these values have been exceeded,  
the unit can promptly notify you via email, text message, SNMP trap, or Syslog  
message. The AFS-16 also records temperature readings to a convenient log file.  
The AFS-16 can also notify you when excessive invalid access attempts are detected,  
and can automatically lock ports when it determines that an unauthorized user may be  
attempting to gain access by "hammering" the unit with random passwords.  
WTI Management Utility  
The AFS-16 includes the WTI Management Utility, which allows you to manage multiple  
WTI units via a single menu. For more information on the Management Utility, please  
refer to the User’s Guide that is included on the CDROM.  
Typographic Conventions  
^(e.g. ^X)  
Indicates a control character. For example, the text  
"^X" (Control X) indicates the [Ctrl] key and the [X]  
key must be pressed simultaneously.  
COURIER FONT  
[Bold Font]  
< >  
Indicates characters typed on the keyboard.  
For example, /ACor /TB 2.  
Text set in bold face and enclosed in square brackets,  
indicates a specific key. For example, [Enter] or [Esc].  
Indicates required keyboard entries:  
For Example: /TA <n>.  
[ ]  
Indicates optional keyboard entries.  
For Example: /P [n].  
1-2  
 
2. Unit Description  
The AFS-16 consists of a frame unit, one Dual Power Supply Module, one Control  
Module, and up to sixteen Circuit Modules.  
2.1. The Dual Power Supply Module  
The Dual Power Supply Module, shown in Figure 2 1, provides AC power used by the  
Control Module and Circuit Module(s). The AFS-16 will always include one Dual Power  
Supply Module. Note that the Power Supply Module is not designed to be removed  
from the AFS-16 Rack Assembly.  
POWER MODULE  
AFS-16  
ON  
1
I
O
Figure 2.1: The Power Supply Module  
The Power Supply Module faceplate includes the following:  
Power Switch and ON Indicator  
Power Inlets: (Not Shown) Two (2) IEC320-C14 AC inlets (located on the back  
panel of the Dual Power Supply Module) which are used to connect the AFS-16 to  
an appropriate power source.  
Power Supply Indicators: Two LEDs (located on the back panel of the Dual Power  
Supply Module), which will light when connected to an active power source. Note  
that there is one LED for Inlet "A" and one LED for Inlet "B".  
2-1  
 
 
Unit Description  
2.2. The Control Module  
The Control Module, shown in Figure 2.2, coordinates switching of the individual Circuit  
Modules. The Control Module includes a Master A/B Gang Switch, status LEDs, a  
10/100Base-T Ethernet connector and an RJ-45 RS232 Serial Port for connection to your  
PC, control device or external modem. An AUX jack is provided to allow connection to  
a monitored line and optional external alarm. The AFS-16 always includes one Control  
Module.  
CONTROL  
AC  
1
LK  
ETHERNET  
10/100  
A
2
6
3
B
ALARM  
4
RST  
5
RS232  
7
Figure 2.2: The Control Module  
The AFS-16 Control Module includes the following components:  
Ethernet Port: An RJ45 Ethernet port for connection to your 10Base-T or  
100Base-T, TCP/IP network. Note that the AFS-16 features a default IP address  
(192.168.168.168). This allows you to establish an SSH connection with the unit  
without first assigning an IP address. Note that the Network Port also includes two,  
small LED indicators for Link and Data Activity. For more information on Network  
Port configuration, please refer to Section 5.9.  
Master A/B Gang Switch: Allows manual control of A/B switching at up to sixteen  
Circuit Modules. Note that the Master A/B Gang Switch can be disabled as  
described in Section 5.3.  
ALM Indicator: The ALM Indicator will light when Monitor Input Alarm is triggered.  
For more information on the Monitor Input Alarm, please refer to Section 7.6.  
2-2  
 
 
Unit Description  
Reset Switch: To reinitialize the AFS-16, hold the Reset Switch in the "down"  
position for approximately five seconds. When the AFS-16 is reset, all users will be  
disconnected from the AFS-16 and the operating system will be reloaded.  
RS232 Connector: An RJ-45 Serial Port for connection to your PC, control device,  
or external modem. Please refer to Appendix A for a description of the RS232  
interface.  
AUX Connector: (Not Shown) A five terminal quick connector, located on the back  
edge of the Control Module board. The AUX Connector can be used in conjunction  
with the Monitor/Alarm Input feature to generate an alarm when the status of pin 4  
changes. In addition, pins 1 through 3 on the AUX Connector can also be used to  
switch a connected device On or Off in response to signal changes at Pin 4. For  
more information, please refer to Section 7.  
Notes:  
• The Monitor Input signal (Pin 4) is always measured relative to the signal at  
the common ground (Pin 5).  
• A "Low" signal should be between Zero (0) Volts and -48 Volts and a "High"  
signal should be between +5 Volts and +48 Volts.  
Release Pin: A snap-lock pin that is used to secure the Control Module to the  
AFS-16 frame.  
Monitor Input Level Jumper: (Not Shown) A jumper located on the Control  
Module board, which is used to configure the AUX Connector for use with the  
Monitor/Alarm Input feature. The Monitor Input Level Jumper selects the non-active  
state for the Monitor/Alarm Input feature. When the jumper is set in the "1" position  
(normally high,) the Monitor/Alarm Input feature can generate an alarm when the  
Monitor Input signal goes low. When the jumper is set in the "0" position (normally  
low,) the Monitor/Alarm Input feature can generate an alarm when the Monitor Input  
signal goes high. For more information on the Monitor/Alarm Input feature, please  
refer to Section 7.6.  
2-3  
 
 
Unit Description  
2.3. The Circuit Module  
The AFS-16 can accept up to sixteen Circuit Modules. Each Circuit Module includes  
a common jack, jacks for A” and “B” paths, and a Manual A/B switch as described in  
Figure 2.3.  
RJ45-3  
1
A
B
2
A
3
C
4
B
5
Figure 2.3: The Circuit Module  
The AFS-16 Circuit Module includes the following components:  
A/B Switch: Each A/B Switch can be manually switched, or activated by  
commands sent to the Control Module. The A/B Switch can also be operated by  
the Control Module’s Master A/B Switch.  
“A” Connector: An RJ45 Port, used for connection to your primary line.  
“C” Connector: An RJ45 Port, used for connection to a common line.  
“B” Connector: An RJ45 Port, used for connection to your fallback line.  
Release Pin: Used to secure the Circuit Module to the AFS-16 frame.  
A/B Switch Jumper: (Not Shown) A jumper, located on the Circuit Module board,  
which is used to enable/disable the individual Circuit Module’s response to the  
Master A/B Gang Switch as described in Section 4.5.1.  
2-4  
 
 
3. Getting Started  
This section describes a simplified installation procedure for the AFS-16 hardware,  
which will allow you to communicate with the unit in order to demonstrate basic features  
and check for proper operation.  
Note that this Quick Start procedure does not provide a detailed description of unit  
configuration, or discuss advanced operating features in detail. For more information,  
please refer to the remainder of this User’s Guide  
3.1. Apply Power to the AFS-16  
Refer to the safety precautions listed at the beginning of this User's Guide, and then  
connect the unit to a 100 to 240 VAC power source.  
Note: The AFS-16 includes two power inlets. You can connect either one or  
both of these inputs to your power source. If both power inlets are connected,  
they should be connected to separate power sources in order that the second  
power source can serve as a redundant back up in the event of failure.  
Connect the power supply cable(s) to the unit’s power inlet(s) and then connect the  
cable(s) to appropriate power supplies.  
Set the Power Switch on the AFS-16 Power Module to the ON Position. The ON LED  
on the Power Module and the A/B indicators on the Control Module should light. After  
about 90 seconds, the A/B indicators should go out, indicating that the unit is ready to  
receive commands.  
3.2. Connect Your PC to the AFS-16  
The AFS-16 can either be controlled by a local PC Serial Port, controlled via modem,  
or controlled via TCP/IP network. In order to select parameters or control switching  
functions, commands are issued to the AFS-16 via either the Ethernet Port or RS232  
Console Port.  
Ethernet Port: Connect your 10Base-T or 100Base-T network interface to the  
AFS-16 Control Module's 10/100Base-T Network Port.  
RS232 Port: Use the supplied Ethernet cable and adapter to connect your PC  
COM port to the RS232 Console Port on the AFS Control Module as described  
in Section 4.3. For a description of the RS232 Port Interface, please refer to  
Appendix A.1.  
Modem: If desired, an external modem can also be installed at the RS232 Port.  
For more information, please refer to Section 4.4.  
3-1  
 
 
Getting Started  
3.3. Communicating with the AFS-16  
When properly installed and configured, the AFS-16 will allow command mode access  
via Telnet, Web Browser, SSH client, modem, or local PC. However, in order to ensure  
security, both Telnet and Web Browser access are disabled in the default state. To  
enable Telnet and/or Web Browser access, please refer to Section 5.9.2.  
Notes:  
• Default AFS-16 serial port parameters are set as follows: 9600 bps, RTS/  
CTS Handshaking, 8 Data Bits, One Stop Bit, No Parity. Although these  
parameters can be easily redefined, for this Quick Start procedure, it is  
recommended to configure your communications program to accept the  
default parameters.  
• The AFS-16 features a default IP Address (192.168.168.168) and a default  
Subnet Mask (255.255.255.0.) This allows network access to command  
mode, providing that you are contacting the AFS-16 from a node on the same  
subnet. When attempting to access the AFS-16 from a node that is not on the  
same subnet, please refer to Section 5.9 for further configuration instructions.  
1. Access Command Mode: The AFS-16 includes two separate user interfaces; the  
Text Interface and the Web Browser Interface. The Text Interface is available via  
Local PC, SSH Client, Telnet, or Modem and can be used to both configure the  
AFS-16 and create connections between ports. The Web Browser interface is only  
available via TCP/IP network, and can be used to configure the unit, but cannot  
create connections between ports.  
a) Via Local PC: Start your communications program and then  
press [Enter].  
b) Via SSH Client: Start your SSH client, enter the default IP address  
(192.168.168.168) for the AFS-16 and then invoke the connect command.  
c) Via Web Browser: Make certain that Web Browser access is enabled as  
described in Section 5.9.2. Start your JavaScript enabled Web Browser, enter  
the default AFS-16 IP address (192.169.168.168) in the Web Browser address  
bar, and then press [Enter].  
d) Via Telnet: Make certain that Telnet access is enabled as described in  
Section 5.9.2. Start your Telnet client, and enter the AFS-16's default IP  
address (192.168.168.168).  
e) Via Modem: Use your communications program to dial the number for the  
external modem (optional) that you have connected to the AFS-16’s RS232  
port. For more information on connecting a modem to the AFS-16, please refer  
to Section 4.4.  
2. Username / Password Prompt: A message will be displayed, which prompts you  
to enter your username (Login) and password. The default username is "super"  
(all lower case, no quotes), and the default password is also "super". If a valid  
username and password are entered, the AFS-16 will display either the Circuit  
Control Screen (Web Browser Interface) or the Circuit Status Screen (Text Interface.)  
3-2  
 
 
Getting Started  
3. Review Help Menu: If you are communicating with the AFS-16 via the text  
interface (SSH, Telnet or Modem), type /Hand press [Enter] to display the Help  
Menu, which lists all available AFS-16 commands. Note that the Help Menu is not  
available via the Web Browser Interface.  
3.4. Fallback Switching  
A/B fallback switching can be controlled via the Text Interface or via the Web Browser  
Interface.  
3.4.1. Fallback Switching - Text Interface  
Access the AFS-16 Text Interface as described in Section 3.3 and then proceed as  
follows:  
1. Review the Help Menu: At the Text Interface command prompt, type /Hand press  
[Enter] to display the Help Menu, which provides a basic listing of all available  
AFS-16 commands.  
2. Manual A/B Switching: Use the manual circuit switches to change A/B paths.  
Note that this example assumes that the Master A/B Gang Switch and individual  
circuit module switches have not been disabled.  
a) Master A/B Gang Switch: Toggle the Master A/B Gang Switch between the  
“A” and “B” positions. The LED indicators should follow the Master Switch,  
indicating that each circuit has switched the A” and “B” paths.  
b) Circuit Module A/B Switch: Choose an individual Circuit Module and toggle  
the module’s A/B Switch between A” and “B”. The LED indicators should  
indicate that the module has switched the A/B path.  
3. Code Activated Switching: To control A/B fallback switching using ASCII  
commands, invoke the following commands at the AFS command prompt:  
a) Type /T *,Band press [Enter]. All Circuit Modules should switch to the  
“B” path.  
b) Type /T 1,Aand press [Enter]. Circuit Module number 1 should switch to the  
“A” path.  
c) Type /T 2,3,4,Aand press [Enter]. Circuit Modules 2, 3, and 4 should  
switch to the A” path.  
3-3  
 
 
Getting Started  
3.4.2. Fallback Switching - Web Browser Interface  
In the default state, the Web Browser Interface will not be available until you have  
enabled Web Access as described in Section 5.9.2. After Web Access has been  
enabled, access the AFS-16 Web Browser Interface as described in Section 3.3 and  
then proceed as follows:  
1. Access the Circuit Control Menu: Click on the "Circuit Control" link on the left  
hand side of the screen to display the Circuit Control menu. The Circuit Control  
menu includes a series of dropdown menus that are used to select the desired  
switching action for each Circuit Module.  
Note: The Circuit Control menu also lists the number and user-defined name  
of each Circuit Module present, the name of the currently selected A/B circuit  
path, the A/B position of the switch, a brief description of the reason for the last  
switching action and a column that shows if each circuit is controlled by the  
Monitor/Alarm Input feature.  
2. Select the Switching Action: Use the dropdown menu to select an A/B switching  
operation for the desired Circuit Module. For example, to switch Circuit 1 to the B  
position, click on the down arrow in the "Action" column for Circuit 1 to display the  
dropdown menu, select the "B" option from the dropdown menu and then click on  
the "Confirm Circuit Actions" button.  
Notes:  
• The dropdown menu for each circuit allows you to select position A, position  
B or the default position. Normally, the "Default" option will switch the  
circuit to the user-defined Default position that is selected as described in  
Section 5.6. However, in the case of this Quick Start procedure, the Default  
circuit positions have not yet been defined.  
• The Circuit Control Menu also includes the ability to switch all AFS-16 Circuit  
Modules. If desired, the dropdown menu in the "All Circuits" row can be  
used to switch all AFS-16 circuits.  
3. Confirm Switching Actions: After you click on the "Confirm Circuit Actions"  
button, the AFS-16 will display a screen which summarizes the selected switching  
operation(s) and asks for confirmation before executing the command. To proceed  
with the selected switching operation, click on the "Execute Circuit Actions" button.  
4. The AFS-16 will execute the switching operation and then display the Circuit Status  
screen.  
This completes the Quick Start procedure for the AFS-16. Prior to placing the unit into  
operation, it is recommended to refer to the remainder of this user’s guide for important  
information regarding advanced configuration capabilities and more detailed operation  
instructions. If you have further questions regarding the AFS-16 unit, please contact  
WTI Customer Support as described in Appendix C.  
3-4  
 
 
4. Hardware Installation  
4.1. Connecting the Power Supply Cable(s)  
Refer to the cautions listed below and at the beginning of this User's Guide, and then  
connect the AFS-16 to an appropriate 100 to 240 VAC power supply.  
CAUTIONS:  
• Before attempting to install this unit, please review the warnings and  
cautions listed at the front of the user’s guide.  
• This device should only be operated with the type of power source  
indicated on the instrument nameplate. If you are not sure of the type of  
power service available, please contact your local power company.  
• Reliable earthing (grounding) of this unit must be maintained. Particular  
attention should be given to supply connections when connecting to  
power strips, rather than directly to the branch circuit.  
Note: The AFS-16 includes two power inlets. You can connect either one or  
both of these inputs to your power source. If both power inlets are connected,  
they should be connected to separate power sources in order that the second  
power source can serve as a redundant back up in the event of failure.  
Set the Power Switch on the AFS-16 Power Module to the ON Position. The ON LED  
on the Power Module and the A/B indicators on the Control Module should light. After  
about 90 seconds, the A/B indicators should go out, indicating that the unit is ready to  
receive commands. Note that if the AFS-16 needs to download SSH keys, it may take  
longer than 90 seconds for the A/B indicators to switch off.  
4.2. Connecting the Network Cable  
Use the supplied 10/100Base-T Ethernet cable to connect the AFS-16 Ethernet  
port to your TCP/IP network. Note that the AFS-16 includes a default IP address  
(192.168.168.168) and a default subnet mask (255.255.255.0.) When installing the  
AFS-16 in a working network environment, it is recommended to define network  
parameters as described in Section 5.9.  
4-1  
 
 
Hardware Installation  
RJ-45  
DB-9F  
Pin No.  
Pin No. Signal  
1
2
3
4
5
6
7
8
8
CTS  
DCD  
Pin 1  
1
2
RXD  
GND  
5
X
Pin 8  
Pin 1  
3
4
7
TXD  
DTR  
RTS  
Female  
Figure 4.1: DX9F-DTE-RJ Snap Adapter Interface  
RJ-45 DCE  
Serial Port  
DB-9M DTE  
Console Port  
PC, Laptop  
or Other  
AFS-16  
Device with  
DB-9M DTE  
Interface  
Straight  
RJ-45 Cable  
DX9F-DTE-RJ  
Snap Adapter  
Figure 4.2: Connecting DB-9M DTE Devices to the AFS Control Module's Serial Port  
4.3. Connecting a Local Control Device  
Use the supplied Ethernet cable and adapter to connect your PC COM port to the  
RS232 Console Port on the AFS-16 Control Module as shown in Figure 4.1 and  
Figure 4.2. For a description of the RS232 Port Interface, please refer to Appendix A.1.  
4.4. Connecting an External Modem (Optional)  
Access the AFS-16 Command Mode as described in Section 5.1 and then use the  
Port Parameters menu to configure the RS232 Port for Modem Mode as described in  
Section 5.8. Use an appropriate cable to connect your external modem the RS232 Port  
on the AFS-16's Control Module and then connect your RJ11 phone line to the external  
modem.  
4-2  
 
 
Hardware Installation  
Enable  
Disable  
E
D
Figure 4.3: Circuit Module Jumper  
4.5. Module Set Up  
4.5.1. Circuit Module Set Up  
The A/B Switch Jumper on the Circuit Module card (Figure 4.3) enables/disables the  
individual Circuit Module’s A/B Switch. If you wish to disable manual A/B switching  
control at a specific Module, then the A/B Switch Jumper on that Module must be set in  
the "Disable" position.  
4.5.2. Control Module SetUp  
The Control Module includes a jumper that can be used to configure the AUX Connector  
for use with the Monitor/Alarm Input feature. If you intend to use the Input Monitor  
Alarm, then this jumper should be set as described in Section 7.6.  
4.6. The A/C/B Connectors  
Each AFS-16 Circuit Module includes three RJ45 connectors: a "C" (Common)  
connector, an "A" (Primary Fallback) connector and a "B" (Secondary Fallback)  
connector. Use an RJ45 Ethernet cable to connect devices to the A/C/B ports as  
required.  
This completes the AFS-16 installation instructions. Please proceed to the next Section  
for instructions regarding basic unit configuration.  
4-3  
 
 
5. Basic Configuration  
This section describes the basic configuration procedure for AFS-16 units. For  
information on Alarm Functions, please refer to Section 7.  
5.1. Communicating with the AFS-16 Unit  
In order to configure the AFS-16, you must first connect to the unit, and access  
command mode. Note that, the AFS-16 offers two separate configuration interfaces; the  
Web Browser Interface and the Text Interface.  
In addition, the AFS-16 also offers three different methods for accessing command  
mode; via network, via modem, or via local console. The Web Browser interface is only  
available via TCP/IP network, and the Text Interface is available via TCP/IP network (SSH  
or Telnet), modem or local PC.  
5.1.1. The Text Interface  
The Text Interface (also known as the "Command Line Interface" or "CLI") consists of a  
series of simple ASCII text menus, which allow you to set options and define parameters  
by entering the number for the desired option using your keyboard, and then typing in  
the value for that option.  
Since the Web Browser Interface and Telnet accessibility are both disabled in the  
default state, you will need to use the Text Interface to contact the unit via Local PC or  
SSH connection when setting up the unit for the first time. After you have accessed  
command mode using the Text Interface, you can then enable Web Access and Telnet  
Access, if desired, in order to allow future communication with the unit via Web Browser  
or Telnet. You will not be able to contact the unit via Web Browser or Telnet until you  
have enabled those options.  
Once Telnet Access is enabled, you will then be able to use the Text Interface to  
communicate with the AFS-16 via local PC, Telnet or SSH connection. You can also  
use the Text Interface to access command mode via an external modem installed at the  
RS232 Port on the AFS-16 Control Module.  
In order to use the Text Interface, your installation must include:  
Access via Network: The AFS-16 must be connected to your TCP/IP Network, and  
your PC must include a communications program (such as HyperTerminal.)  
Access via Modem: An external modem must be installed at the Control Module's  
RS232 Port and the RS232 Port must be configured for Modem Mode as described  
in Section 5.8. A phone line must be connected to the external modem. In  
addition, your PC must include a communications program.  
Access via Local PC: Your PC must be connected to the RS232 Port on the  
AFS-16 Control Module. The RS232 Port must be configured for Normal Mode, and  
your PC must include a communications program.  
5-1  
 
 
Basic Configuration  
To access command mode via the Text Interface, proceed as follows:  
Note: When communicating with the unit for the first time, you will not be able  
to contact the unit via Telnet until you have accessed command mode via Local  
PC or SSH Client and used the Network Parameters Menu to enable Telnet as  
described in Section 5.3.  
1. Contact the AFS-16 Unit:  
a) Via Local PC: Start your communications program and press [Enter]. Wait  
for the connect message, then proceed to Step 2.  
b) Via Network: The AFS-16 includes a default IP address (192.168.168.168) and  
a default subnet mask (255.255.255.0.) This allows you to contact the unit from  
any network node on the same subnet, without first assigning an IP Address to  
the unit. For more information, please refer to Section 5.9.  
i.  
Via SSH Client: Start your SSH client, and enter the AFS-16’s IP Address.  
Invoke the connect command, wait for the connect message, then  
proceed to Step 2.  
ii. Via Telnet: Start your Telnet Client, and then Telnet to the AFS-16’s IP  
Address. Wait for the connect message, then proceed to Step 2.  
c) Via Modem: Use your communications program to dial the number for the  
phone line that you have connected to the AFS-16's RS232 Serial Port.  
2. Login / Password Prompt: A message will be displayed, which prompts you to  
enter a username (login name) and password. The default username is "super" (all  
lower case, no quotes), and the default password is also "super".  
3. If a valid username and password are entered, the AFS-16 will display the Circuit  
Status Screen.  
5.1.2. The Web Browser Interface  
The Web Browser Interface consists of a series of web forms, which can be used to  
select configuration parameters and perform switching operations, by clicking on the  
appropriate buttons and/or entering text into designated fields.  
Note: In order to use the Web Browser Interface, Web Access must first  
be enabled via the Text Interface Network Parameters Menu as described in  
Section 5.9, the AFS-16 must be connected to a TCP/IP network, and your PC  
must be equipped with a JavaScript enabled web browser.  
1. Start your JavaScript enabled Web Browser, key the AFS-16’s IP address  
(default = 192.168.168.168) into the web browser’s address bar, and press [Enter].  
2. Username / Password Prompt: A message box will prompt you to enter your  
username and password. The default username is "super" (all lower case, no  
quotes), and the default password is also "super".  
3. If a valid username and password are entered, the Circuit Control Screen will be  
displayed.  
5-2  
 
 
Basic Configuration  
5.1.3. Access Via PDA  
In addition to the Web Browser Interface and Text Interface, the AFS-16 command mode  
can also be accessed by PDA devices. Note however, that due to nature of most PDAs,  
only a limited selection of AFS-16 operating and status display functions are available to  
users who communicate with the unit via PDA.  
When the AFS-16 is operated via a PDA, only the following functions are available:  
• Product Status Screen (Unit Info) (Section 8.1)  
• Circuit Status Screen (Section 8.3)  
• Circuit Group Status Screen (Section 8.4)  
• Circuit Control Screen (Section 9.1.1)  
• Circuit Group Control Screen (Section 9.1.2)  
These screens will allow PDA users to review Circuit Status and Circuit Group Status,  
invoke A/B switching and display the Site I.D. and firmware version. Note however, that  
PDA users are not allowed to change or review AFS-16 configuration parameters.  
To configure the AFS-16 for access via PDA, first consult your IT department for  
appropriate settings. Access the AFS-16 command mode via the Text Interface or Web  
Browser interface as described in this section, then configure the AFS-16's Network Port  
accordingly, as described in Section 5.9.  
In most cases, this configuration will be adequate to allow communication with most  
®
PDAs. Note however, that if you wish to use a BlackBerry to contact the AFS-16,  
you must first make certain to configure the BlackBerry to support HTML tables, as  
described below:  
1. Power on the BlackBerry, and then click on the BlackBerry Internet Browser Icon.  
2. Press the Menu button, and then choose "Options."  
3. From the Options menu, choose "Browser Configuration," then verify to make  
certain that "Support HTML Tables" is checked (enabled.)  
4. Press the Menu button, and select "Save Options."  
When you have finished communicating with the AFS-16 via PDA, it is important to  
always close the session using the PDA's menu functions, rather than by simply closing  
the browser window, in order to ensure that the AFS-16 has completely exited from  
command mode, and is not waiting for the inactivity timeout period to elapse. For  
example, to close a session on a BlackBerry, press the Menu button and then choose  
"Close."  
5-3  
 
 
Basic Configuration  
5.2. Configuration Menus  
Although the Web Browser Interface and Text Interface provide two separate means for  
selecting parameters, both interfaces allow access to the same set of basic parameters,  
and parameters selected via one interface will also be applied to the other. To access  
the configuration menus, proceed as follows:  
Text Interface: Refer to the Help Screen (/H) and then enter the appropriate  
command to access the desired menu. When the configuration menu appears, key  
in the number for the parameter you wish to define, and follow the instructions in  
the resulting submenu.  
Web Browser Interface: Use the links and fly-out menus on the left hand of the  
screen to access the desired configuration menu. To change parameters, click in  
the desired field and key in the new value or select a value from a pull-down menu.  
To apply newly selected parameters, click on the "Change Parameters" button at the  
bottom of the menu or the "Set" button next to the field.  
The following sections describe options and parameters that can be accessed via each  
of the configuration menus. Please note that essentially the same set of parameters and  
options are available to both the Web Browser Interface and Text Interface.  
Notes:  
• Configuration menus are only available when you have logged into command  
mode using a password that permits Administrator Level commands.  
SuperUser accounts are able to view configuration menus, but are not  
allowed to change parameters.  
• Configuration menus are not available when you are communicating with the  
AFS-16 via PDA  
• When defining parameters via the Text Interface, make certain to press the  
[Esc] key several times to completely exit from the configuration menu  
and save newly defined parameters. When parameters are defined via the  
Text Interface, newly defined parameters will not be saved until the "Saving  
Configuration" message has been displayed and the cursor returns to the  
command prompt.  
5-4  
 
 
Basic Configuration  
5.3. Defining System Parameters  
The System Parameters menus are used to define the Site ID Message, set the system  
clock and calendar, set up log functions and calibrate temperature readings.  
To access the System Parameters menu via the Text Interface, type /Fand press  
[Enter]. To access the System Parameters menu via the Web Browser Interface, place  
the cursor over the "General Parameters" link, wait for the flyout menu to appear and  
then click on the "System Parameters" link. The System Parameters Menus are used to  
define the following:  
User Directory: This function is used to view, add, modify and delete user  
accounts and passwords. As discussed in Section 5.4 and Section 5.5, the User  
Directory allows you to set the security level for each account as well as determine  
which circuits each account will be allowed to control.  
Note: The "User Directory" option does not appear in the Web Browser  
Interface’s System Parameters menu and is instead accessed via the "Users"  
link on the left hand side of the menu.  
Site ID: A text field, generally used to note the installation site or name for the  
AFS-16 unit. (Up to 32 chars.; Default = undefined.)  
Note: The Site I.D. will be cleared if the AFS-16 is reset to default settings.  
Real Time Clock: This prompt provides access to the Real Time Clock menu,  
which is used to set the clock and calendar, and to enable and configure the NTP  
(Network Time Protocol) feature as described in Section 5.3.1.  
Note: The "Real Time Clock" option does not appear in the Web Browser  
Interface’s System Parameters menu, and is instead, accessed via the "Real  
Time Clock" link on the left hand side of the screen.  
Invalid Access Lockout: If desired, this feature can be used to automatically  
disable the Network Port or RS232 Port after a user specified number of  
unsuccessful login attempts are made. For more information, please refer to  
Section 5.3.2. (Default = On, 9 Attempts, 30 Minute Duration.)  
Note: The "Invalid Access Lockout" item does not appear in the Web Browser  
Interface’s System Parameters menu, and is instead, accessed via the link on  
the left hand side of the screen.  
Temperature Format: Determines whether the temperature is displayed as  
Fahrenheit or Celsius. (Default = Fahrenheit.)  
Temperature Calibration: Used to calibrate the unit's internal temperature sensing  
abilities. To calibrate the temperature, place a thermometer inside your equipment  
rack, in a location that usually experiences the highest temperature. After a few  
minutes, take a reading from the thermometer, and then key the reading into the  
configuration menu. In the Web Browser Interface, the temperature is entered  
at the System Parameters menu, in the Temperature Calibration field; in the Text  
Interface, the temperature is entered in a submenu of the System Parameters menu,  
which is accessed via the Temperature Calibration item. (Default = undefined.)  
5-5  
 
 
Basic Configuration  
Log Configuration: In the Text Interface, this item provides access to a submenu  
which is used to configure the Audit Log, Alarm Log and Temperature Log as  
described in Section 5.3.3. In the Web Browser Interface, these parameters are  
directly accessed via the System Parameters menu.  
Audit Log: When enabled, the Audit Log will create a record of all A/B switching  
at the AFS-16 unit, including switching that was initiated by alarms.  
(Default = On without Syslog.)  
Alarm Log: When enabled, the Alarm Log will create a record of all alarm activity  
at the AFS-16 unit. (Default = On without Syslog.)  
Temperature Log: When enabled, the Temperature Log will create a record of  
temperature vs. time at the AFS-16 unit. (Default = On.).  
Callback Security: Enables and configures the Callback Security Function as  
described in Section 5.3.4. In order for this feature to function, a Callback number  
must also be defined for each desired user account as described in Section 5.5.  
(Default = On - Callback without Password Prompt, 3 attempts, 30 Minute Delay.)  
Notes:  
• In the Text Interface, Callback Security Parameters are defined via a submenu  
of the Systems Parameters Menu, which is accessed via the Callback  
Security item.  
• In the Web Browser Interface, Callback Security Parameters are defined via a  
separate menu, which is accessed by clicking the "Callback Security" link on  
the left hand side of the screen.  
Control Card A/B Switch: This item can be used to enable/disable the Master A/B  
Gang Switch on the AFS-16 Control Module. (Default = On.)  
Control Card Reset Switch: This item can be used to enable/disable the Reset  
Switch on the AFS-16 Control Module. (Default = On.)  
Modem Phone Number: When an optional external modem is connected to the  
AFS-16 Control Card's RS232 Port, the Modem Phone Number parameter can be  
used to denote the phone number for the external modem. (Default = undefined.)  
Management Utility: Enables/Disables the Management Utility. When enabled,  
the Management Utility allows you to manage multiple WTI units via a single menu.  
For more information on the Management Utility, please refer to the Management  
Utility User's Guide on the CDROM included with the unit. (Default = Off.)  
Note: Although the Management Utility can be enabled/disabled via either the  
Web Browser Interface and Text Interface, the Management Utility can only be  
accessed and operated via the Web Browser Interface.  
Scripting Options: Provides access to a submenu that is used to configure  
the Command Confirmation and Automated Mode parameters as described in  
Section 5.3.5.  
Note: In the Text Interface, the Scripting Options submenu is accessed via  
item 13. To access the Scripting Options parameters via the Web Browser  
Interface, place the cursor over the "General Parameters" link, wait for the flyout  
menu to appear, then click on the "Scripting Options" link.  
5-6  
 
 
Basic Configuration  
5.3.1. The Real Time Clock and Calendar  
The Real Time Clock menu is used to set the AFS-16's internal clock and calendar. The  
configuration menu for the Real Time Clock offers the following options:  
Date: The Month, Date, Year and day of the week for the real-time clock/calendar.  
Time: Sets the Hour, Minute and Second for the AFS-16’s real time clock/calendar.  
Key in the time using the 24-hour (military) format.  
Time Zone: Sets the time zone, relative to Greenwich Mean Time. Note that the  
Time Zone setting will function differently, depending upon whether or not the NTP  
feature is enabled and properly configured. (Default = GMT (No DST).)  
NTP Enabled: The Time Zone setting is used to adjust the Greenwich Mean  
Time value (from the NTP server) in order to determine the precise local time.  
NTP Disabled: If NTP is disabled or if the AFS-16 is not able to access the NTP  
server, then AFS-16 will list the selected Time Zone and current Real Time Clock  
value, but will not apply the correction factor to the displayed Clock value.  
NTP Enable: When enabled, the AFS-16 will contact an NTP server (defined via the  
NTP Address prompts) once a day, and update its clock based on the NTP server  
time and selected Time Zone. (Default = Off.)  
Notes:  
• The AFS-16 will also contact the NTP server and update the time whenever  
you change NTP parameters.  
To cause AFS-16 to immediately contact the NTP server at any time, make  
certain that the NTP feature is enabled and configured, then type /Fand  
press [Enter]. When the System Parameters menu appears, press [Esc].  
The AFS-16 will save parameters and then attempt to contact the server, as  
specified by currently defined NTP parameters.  
Primary NTP Address: Defines the IP address or domain name (up to 64  
characters long) for the primary NTP server. (Default = undefined.)  
Note: In order to use domain names for web addresses, DNS Server  
parameters must first be defined as described in Section 5.9.5.  
Secondary NTP Address: Defines the IP address or domain name (up to 64  
characters long) for the secondary, fallback NTP Server. (Default = undefined.)  
Note: In order to use domain names for web addresses, DNS Server  
parameters must be defined as described in Section 5.9.5.  
NTP Timeout: The amount of time in seconds, that will elapse between each  
attempt to contact the NTP server. When the initial attempt is unsuccessful, the  
AFS-16 will retry the connection four times. If neither the primary nor secondary  
NTP server responds, the AFS-16 will wait 24 hours before attempting to contact the  
NTP server again. (Default = 3 Seconds.)  
Test NTP Servers: (Text Interface Only) Allows you to send a time request to the  
IP address or domain names defined via the Primary and Secondary NTP Address  
prompts, or to a new address or domain defined via the Test NTP Servers submenu.  
The AFS-16 will not store the response from the IP address or domain, but will verify  
whether or not the target address or domain is an NTP Server.  
5-7  
 
 
Basic Configuration  
5.3.2. The Invalid Access Lockout Feature  
When properly configured and enabled, the Invalid Access Lockout feature will watch  
all login attempts made at the Network Port and RS232 Port. If either port exceeds the  
selected number of invalid attempts, then that port will be automatically disabled for a  
user-defined length of time (Lockout Duration.) The Invalid Access Lockout feature uses  
two separate counters to track invalid access attempts:  
Serial Port Counter: Counts invalid access attempts at the Serial Port. If the  
number of invalid attempts at the port exceeds the user-defined Lockout Attempts  
value, then the port will be locked.  
Telnet, SSH and Web Browser Counter: Counts all invalid attempts to access  
command mode via Telnet, SSH or Web Browser interface. If the number of  
cumulative invalid attempts exceeds the user-defined Lockout Attempts value, then  
the Network Port will be locked.  
Note: In the Web Browser Interface, the Invalid Access Lockout item does  
not appear in the System Parameters menu, and is instead accessed via the  
General Parameters fly-out menu as described below.  
Note that when an Invalid Access Lockout occurs, you can either wait for the Lockout  
Duration period to elapse (after which, the AFS-16 will automatically reactivate the port),  
or you can issue the /UL command (type /ULand press [Enter]) via the Text Interface to  
instantly unlock all of the AFS-16's logical network ports.  
Notes:  
• When the Invalid Access Lockout Alarm has been enabled as described  
in Section 7.4, the AFS-16 can also provide notification via email, Syslog  
Message, and/or SNMP trap whenever an Invalid Access Lockout occurs.  
• Invalid Access Lockout parameters, defined via the System Parameters  
menu, will apply to both the Serial Port and the Network Port.  
• When a Serial Port is locked, an external modem connected to that port will  
not answer.  
• If either the RS232 Port or Network Port are locked, the other port will remain  
unlocked, unless the Invalid Access Lockout feature has also been triggered  
at that port.  
• If any one of the AFS-16’s logical network ports is locked, all other network  
connections to the unit will also be locked.  
• All invalid access attempts at the AFS-16 Network Port are cumulative (the  
count for invalid access attempts is determined by the total number of  
all invalid attempts at all 16 logical network ports.) If a valid login name/  
password is entered at any of the logical network ports, then the count for all  
AFS-16 logical network ports will be restarted.  
• If the Network Port has been locked by the Invalid Access Lockout feature, it  
will still respond to the ping command (providing that the ping command has  
not been disabled at the Network Port.)  
5-8  
 
 
Basic Configuration  
In the Text Interface, the Invalid Access Lockout configuration menu is accessed via the  
System Parameters menu. In the Web Browser Interface, the Invalid Access Lockout  
configuration is accessed via the "General Parameters" link. The Invalid Access Lockout  
configuration menus allow you to select the following:  
Lockout Enable: Enables/Disables the Invalid Access Lockout feature.  
(Default = On.)  
Lockout Attempts: The number of invalid attempts required in order to activate the  
Invalid Access Lockout feature. (Default = 9.)  
Lockout Duration: The length of time that logical network ports will remain locked  
when an Invalid Access Lockout occurs. If the duration is set at "Infinite", then ports  
will remained locked until the /UL command is issued. (Default = 30 Minutes.)  
5.3.3. Log Configuration  
This feature allows you to create records of command activity, alarm actions and  
temperature readings for the AFS-16 unit. The Log features are enabled and configured  
via the System Parameters Menus.  
The AFS-16 features three different event logs: the Audit Log, the Alarm Log and the  
Temperature Log:  
Audit Log: The Audit log creates a record of all switching activity at the AFS-16  
unit, including A/B switching that was initiated by the Ping No Answer feature and  
the Input Monitor Alarm. In addition, the Audit Log also includes login/logout  
records for all users. Each Log record includes a description of the activity that  
caused the A/B switching, the username for the account that initiated the action and  
the time date that each event occurred.  
Alarm Log: The Alarm log creates a record of all Alarm Activity at the AFS-16  
unit. Each time that an alarm is triggered or cleared, the AFS-16 will generate a  
record that lists the time and date of the alarm, the name of the Alarm triggered, a  
description of the Alarm and the time and date that the Alarm was cleared.  
Temperature Log: The Temperature Log provides a record of ambient rack  
temperature levels over time at the AFS-16 unit. Each Log record will include the  
time and date, and the temperature reading.  
5-9  
 
 
Basic Configuration  
5.3.3.1. The Audit Log and Alarm Log  
The System Parameters menu allows you to select three different configuration  
parameters for the Audit Log and Alarm Log. Note that the Audit Log and Alarm Log  
function independently, and parameters selected for one log will not be applied to the  
other.  
Off: The Log is disabled, and command activity and/or alarm events will not be  
logged.  
On - With Syslog: The Log is enabled, and A/B switching and/or alarm events will  
be logged. The AFS-16 will generate a Syslog Message every time a Log record is  
created. (Default Setting.)  
On - Without Syslog: The Log is enabled, and A/B switching and/or alarm events  
will be logged, but the AFS-16 will not generate a Syslog Message every time a Log  
record is created.  
Notes:  
• In order for the Audit Log or Alarm Log to generate Syslog Messages, Syslog  
Parameters must first be defined as described in Section 11.  
• The Audit Log will truncate usernames that are longer than 22 characters,  
and display two dots (..) in place of the remaining characters.  
5.3.3.2. The Temperature Log  
The System Parameters menu allows you to either enable or disable the Temperature  
Log. When the Temperature Log is enabled, the AFS-16 will not log temperature  
readings. In the default state, the Temperature Log is enabled.  
5.3.3.3. Reading and Erasing Logs  
To read the Audit Log, Alarm Log or Temperature log, access the command mode, then  
proceed as follows:  
Text Interface: Type /Land press [Enter] to access the Display Log menu. Select  
the desired Log from the menu, key in the appropriate number and press [Enter],  
and then follow the instructions in the resulting submenu.  
Web Browser Interface:  
Audit Log: Move the cursor over the "Logs" link on the left hand side of the  
screen. When the fly-out menu appears, click on the "Audit Log (Display)" or  
the "Audit Log (Download)" link and then follow the instructions in the resulting  
submenu.  
Alarm Log: Move the cursor over the "Logs" link on the left hand side of the  
screen. When the fly-out menu appears, click on the "Alarm Log (Display" or  
"Alarm Log (Download)" link and then follow the instructions in the resulting  
submenu.  
Temperature Log: Move the cursor over the "Logs" link on the left hand side  
of the screen. When the fly-out menu appears, click on the "Temperature Log  
(Display)" or "Temperature Log (Download)" link and then follow the instructions  
in the resulting submenu.  
5-10  
 
 
Basic Configuration  
To erase log data, access command mode via the Text Interface, using an account that  
permits Administrator level commands, then type /Land press [Enter] to access the  
Display Logs menu and then proceed as follows:  
Audit Log: At the Display Logs menu, type 1and then press [Enter]. When the  
Audit Log appears, type Eand press [Enter] to erases the Audit Log.  
Alarm Log: At the Display Logs menu, type 2and then press [Enter]. When the  
Alarm Log appears, type Eand press [Enter] to erase the Alarm Log.  
Temperature Log: At the Display Logs menu, type 3and press [Enter]. When the  
Temperature Log menu appears, type Eand press [Enter] to erase the  
Temperature Log.  
Notes:  
• The AFS-16 dedicates a fixed amount of internal memory for Audit Log  
records, and if log records are allowed to accumulate until this memory  
is filled, memory will eventually "wrap around," and older records will be  
overwritten by newer records.  
• Note that once records have been erased, they cannot be recovered.  
5.3.4. Callback Security  
The Callback function provides an additional layer of security when callers attempt to  
access command mode via modem. When this function is properly configured, modem  
users will not be granted immediate access to command mode upon entering a valid  
password; instead, the unit will disconnect, and dial a user-defined number before  
allowing access via that number. If desired, users may also be required to re-enter the  
password after the AFS-16 dials back.  
In order for Callback Security to function properly, you must first enable and configure  
the feature as described in this section, and then define a callback number for each  
desired user account as described in Section 5.5. To access the Callback Security  
menu via the Text Interface, type /Fand press [Enter] and then select the Callback  
Security option. To access the Callback Security menu via the Web Browser Interface,  
place the cursor over the General Parameters link, wait for the flyout menu to appear,  
and then Click on the "Callback Security" link.  
5-11  
 
 
Basic Configuration  
In both the Text Interface and Web Browser Interface, the Callback Security Menu offers  
the following options:  
Callback Enable: This prompt offers five different configuration options for the  
Callback Security feature: (Default = On - Callback (Without Password Prompt.)  
Off: All Callback Security is disabled.  
On - Callback (Without Password Prompt): Callbacks will be performed for  
user accounts that include a Callback Number, and the login prompt will not be  
displayed when the user’s modem answers. If the account does not include a  
Callback Number, that user will be granted immediate access and a Callback will  
not be performed.  
On - Callback (With Password Prompt): Callbacks will be performed for user  
accounts that include a Callback Number, and the login prompt will be displayed  
when the user’s modem answers (accounts that include a Callback Number will  
be required to re-enter their username/password when their modem answers.) If  
the account does not include a Callback Number, then that user will be granted  
immediate access and a Callback will not be performed.  
On - Callback ONLY (Without Password Prompt): Callbacks will be performed  
for user accounts that include a Callback Number, and the username/password  
prompt will not be displayed when the user’s modem answers. Accounts that  
do not include a Callback Number will not be able to access command mode via  
modem.  
On - Callback ONLY (With Password Prompt): Callbacks will be performed  
for user accounts that include a Callback Number, and the username/password  
prompt will be displayed when the user’s modem answers (users will be required  
to re-enter their username/password when their modem answers.) Accounts that  
do not include a Callback Number will not be able to access command mode  
via modem.  
Callback Attempts: The number of times that the AFS-16 will attempt to contact  
the Callback number. (Default = 3 attempts.)  
Callback Delay: The amount of time that the AFS-16 will wait between Callback  
attempts. (Default = 30 seconds.)  
Notes:  
• After configuring and enabling Callback Security, you must then define a  
callback phone number for each desired user account (as described in  
Section 5.5) in order for this feature to function properly.  
• When using the "On - Callback (With Password Prompt)" option, it is  
important to remember that accounts that do not include a callback number  
will be allowed to access command mode without callback verification.  
5-12  
 
 
Basic Configuration  
5.3.5. Scripting Options  
The Scripting Options submenu provides access to parameters that are used to set up  
the AFS-16 unit for running various scripts.  
Notes:  
To access Scripting Options parameters via the Text Interface, first type /F  
and press [Enter] to display the System Parameters Menu, then key in the  
number for the Scripting Options item and press [Enter].  
To access the Scripting Options parameters via the Web Browser Interface,  
place the cursor over the "General Parameters" link, wait for the flyout menu  
to appear, then click on the "Scripting Options" link.  
The Scripting Options menu allows the following parameters to be defined:  
Command Confirmation: This item can be used to suppress the command  
confirmation prompt, which is normally displayed before commands are executed.  
When Command Confirmation is "Off", the AFS-16 will not display the "Are You  
Sure?" prompt before executing commands. (Default = On.)  
Automated Mode: When enabled, the AFS-16 will execute commands without  
displaying a confirmation prompt, status screen or confirmation messages. For  
more information, please refer to Section 5.3.5.1. (Default = Off.)  
Note: When this option is enabled, security functions are suppressed, and  
users are able to access configuration menus and control switching without  
entering a password. If security is a concern and the Automated Mode is  
required, it is recommended to use the IP Security feature (Section 5.9.3) to  
restrict access.  
5-13  
 
 
Basic Configuration  
5.3.5.1. Automated Mode  
The Automated Mode allows the AFS-16 to execute A/B switching commands, without  
displaying menus or generating response messages. Automated Mode is designed to  
allow the AFS-16 to be controlled by a device which can generate commands to control  
power switching functions without human intervention.  
When Automated Mode is enabled, A/B switching commands are executed without a  
“Sure?” confirmation prompt and without command response messages; the only reply  
to these commands is the AFS>” prompt, which is re-displayed when each command  
is completed.  
Note that although Automated Mode can be enabled using either the Web Browser  
Interface or Text Interface, the Automated Mode is designed primarily for users who wish  
to send ASCII commands to the AFS-16 without operator intervention, and therefore  
does not specifically apply to the Web Browser Interface. When Automated Mode is  
enabled, the Web Browser Interface can still be used to invoke switching commands.  
Notes:  
• When the Automated Mode is enabled, password prompts will not be  
displayed at login, and you will be able to access Administrator Level  
command functions (including the configuration menus) and control circuits  
without entering a password.  
• If you need to enable the Automated Mode, but want to restrict network  
access to configuration menus, it is strongly recommended to enable and  
configure the IP Security Function as described in Section 5.9.3.  
To enable/disable the Automated Mode, go to the System Parameters menu (see  
Section 5.3,) and then set the Automated Mode” option to “On”. When Automated  
Mode is enabled, AFS-16 functions will change as follows:  
1. All Password Security Suppressed: When a user attempts to access command  
mode, the password prompt will not be displayed at either the Console Port  
or Network Port. Unless specifically restricted by the IP Security Function, all  
users will be allowed to access both switching and configuration functions, and  
all commands will be immediately accepted without the requirement to enter a  
password.  
2. Status Screen Suppressed: The Circuit Status Screen will not be automatically  
displayed after commands are successfully executed. Note however, that the /S  
command can still be invoked to display the Circuit Status Screen as needed.  
3. “Sure?” Prompt Suppressed: All commands are executed without prompting for  
user confirmation.  
4. Error Messages Suppressed: Most error messages will be suppressed. Note  
however, that an error message will still be generated if commands are invoked  
using invalid formats or arguments.  
All other status display and configuration commands will still function as normal.  
5-14  
 
 
Basic Configuration  
5.4. User Accounts  
Each time you attempt to access command mode, you will be prompted to enter a  
username and password. The username/password entered at login determine which  
circuit(s) you will be allowed to control and what type of commands you will be allowed  
to invoke. Each username / password combination is defined within a "user account."  
The AFS-16 allows up to 128 user accounts; each account includes a username,  
password, command access level, circuit access rights, service access rights and an  
optional callback number.  
5.4.1. Command Access Levels  
In order to restrict access to important command functions, the AFS-16 allows you to  
set the command access level for each account. The AFS-16 offers four access levels:  
Administrator, SuperUser, User and View Only. Command privileges for each account  
are set using the "Access Level" parameter in the Add User or Modify User menus.  
Each access level grants permission to use a different selection of commands; lower  
access levels are restricted from invoking configuration commands, while Administrators  
are granted access to all commands. The four access levels are listed below:  
Administrator: Administrators are allowed to invoke all configuration and operation  
commands, can view all status screens, and can always direct A/B switching  
commands to all AFS-16 Circuit Modules.  
SuperUser: SuperUsers are allowed to invoke A/B switching commands and view  
all status screens. SuperUsers can view configuration menus, but are not allowed  
to change configuration parameters. SuperUsers are granted access to all AFS-16  
Circuit Modules.  
User: Users are allowed to A/B switching commands and view all status screens,  
but can only apply commands to the AFS-16 Circuit Modules that they have  
been specifically granted access to. In addition, Users are not allowed to view  
configuration menus or change configuration parameters.  
ViewOnly: Accounts with ViewOnly access, are allowed to view Status Menus  
(with restrictions,) but are not allowed to invoke A/B switching commands, and  
cannot view configurations menus or change configuration parameters. ViewOnly  
accounts can display Status screens, but can only view the status of the AFS-16  
Circuit Modules that are specifically allowed by the account.  
Section 17.2 summarizes command access for all four access levels.  
In the default state, the AFS-16 includes one predefined account that provides access  
to Administrator commands and allows to control of all of the AFS-16's Circuit Modules.  
The default username for this account is "super" (lowercase, no quotation marks), and  
the password for the account is also "super".  
Notes:  
• In order to ensure security, it is recommended that when initially setting up  
the unit, a new user account with Administrator access should be created,  
and the "super" account should then be deleted.  
• If the AFS-16 is reset to default parameters, all user accounts will be cleared,  
and the default "super" account will be restored.  
5-15  
 
 
Basic Configuration  
5.4.2. Granting Circuit Module Access  
Each account can be granted access to a different selection of Circuit Modules. Note  
also, that several accounts can be allowed access to the Circuit Module. When  
accounts are created, the Circuit Access parameter in the Add User or Modify User  
menu can be used to grant or deny access to each Circuit Module by that account.  
In addition, each command access level is also used to restricts the Circuit Modules that  
the account will be allowed to access:  
Administrator: Accounts with Administrator access are always allowed to control  
all Circuit Modules. Circuit Module access cannot be disabled for Administrator  
level accounts.  
SuperUser: SuperUser accounts allow access to all Circuit Modules. Circuit  
Module access cannot be disabled for SuperUser level accounts.  
User: Accounts with User level access are only allowed to access the Circuit  
Modules that have been specifically permitted via the "Circuit Access" parameter in  
the Add User and Modify User menus.  
ViewOnly: Accounts with ViewOnly access are not allowed to invoke A/B switching  
commands. ViewOnly accounts can display the status of Circuit Modules, but are  
limited to the Circuit Modules specified by the account.  
5-16  
 
 
Basic Configuration  
5.5. Managing User Accounts  
The User Directory function is employed to create new accounts, display parameters  
for existing accounts, modify accounts and delete accounts. Up to 128 different user  
accounts can be created. The "User Directory" function is only available when you have  
logged into command mode using an account that permits Administrator commands.  
In both the Text Interface and the Web Browser Interface, the user configuration menu  
offers the following functions:  
View User Directory: Displays currently defined parameters for any AFS-16 user  
account as described in Section 5.5.1.  
Add Username: Creates new user accounts, and allows you to assign a  
username, password, command level, Circuit Module access, Circuit Group access,  
service access and callback number, as described in Section 5.5.2.  
Modify User Directory: This option is used to edit or change account information,  
as described in Section 5.5.3.  
Delete User: Clears user accounts, as described in Section 5.5.4.  
Note: After you have finished selecting or editing user account parameters,  
make certain to save the new account information before proceeding. In the  
Web Browser Interface, click on the "Add User" button to save parameters; in  
the Text Interface, press the [Esc] key several times until the AFS-16 displays  
the "Saving Configuration" message and the cursor returns to the command  
prompt.  
5.5.1. Viewing User Accounts  
The "View User Directory" option allows you to view details about each account. The  
View User option will not display actual passwords, and instead, the password field  
will read "defined". The View User Accounts function is only available when you  
have accessed command mode using a password that permits Administrator Level  
commands.  
5.5.2. Adding User Accounts  
The "Add Username" option allows you to create new accounts. Note that the Add User  
function is only available when you have accessed command mode using a password  
that permits Administrator Level commands. The Add User Menu can define the  
following parameters for each new account:  
Username: Up to 32 characters long, and cannot include non-printable characters.  
Duplicate usernames are not allowed. (Default = undefined.)  
Password: Five to 16 characters long, and cannot include non-printable  
characters. Note that passwords are case sensitive. (Default = undefined.)  
Access Level: Determines which commands this account will be allowed to  
access. This option can set the access level for this account to "Administrator",  
"SuperUser", "User" or "ViewOnly." For more information on Command Access  
Levels, please refer to Section 5.4.1 and Section 17.2. (Default = User.)  
5-17  
 
 
Basic Configuration  
Circuit Access: Determines which AFS-16 Circuit Modules this account will be  
allowed to access. (Defaults; Administrator & SuperUser = All Circuit Modules On,  
User and ViewOnly = All Circuit Modules Off.)  
Notes:  
• In the Text Interface, Circuit Access is configured by selecting item 4 and  
then selecting the desired ports from the resulting submenu.  
• In the Web Browser Interface, Circuit Access is configured by clicking on the  
"plus" symbol to display the drop down menu, and then selecting the desired  
Circuit Modules from the drop down menu.  
• Administrator and SuperUser level accounts will always have access to all  
Circuit Modules.  
• ViewOnly accounts are allowed to display the status of Circuit Modules,  
but are limited to the Circuit Modules specified by the account. ViewOnly  
accounts are not allowed to invoke A/B Switching commands.  
Circuit Group Access: Determines which Circuit Groups this account will be  
allowed to control. Circuit Groups allow you to define a selection of Circuit  
Modules, and then quickly assign that group of circuits to accounts. For more  
information on Circuit Groups, please refer to Section 5.7. (Default = All Circuit  
Groups Off.)  
Notes:  
• In order to use this feature, Circuit Groups must first be defined as described  
in Section 5.7.  
• In the Text Interface, Circuit Group Access is configured by selecting item 5  
and then selecting the desired Circuit Group(s) from the resulting submenu.  
• In the Web Browser Interface, Circuit Group Access is configured by clicking  
on the "plus" symbol to display the drop down menu, and then selecting the  
desired Circuit Group(s) from the drop down menu.  
• Administrator and SuperUser level accounts will always have access to all  
Circuit Groups.  
• ViewOnly accounts are allowed to display the status of Circuit Groups,  
but are limited to the Circuit Groups specified by the account. ViewOnly  
accounts are not allowed to invoke A/B switching commands.  
Service Access: Determines whether this account will be able to access command  
mode via Serial Port (RS232 Port), Telnet/SSH or Web and whether the account will  
have access to the Outbound Telnet feature. For example, if Telnet/SSH Access  
is disabled for this account, then this account will not be able to access command  
mode via Telnet or SSH. (Default = Serial Port = On, Telnet/SSH = On, Web = On,  
Outbound Access = Off.)  
5-18  
 
 
Basic Configuration  
Callback Number: Assigns a number that will be called when this account  
attempts to access command mode via modem, and the Callback Security  
Function has been enabled as described in Section 5.3.5. (Default = undefined.)  
Notes:  
• If the Callback Number is not defined, then Callbacks will not be performed  
for this user.  
• If the Callback Number is not defined for a given user, and the Callback  
Security feature is configured to use either of the "On - Callback" options,  
then this user will be granted immediate access to command mode via  
modem.  
• If the Callback Number is not defined for a given user, and the Callback  
Security feature is configured to use the "On - Callback ONLY" option, then  
this user will not be able to access command mode via Modem.  
• When using the "On - Callback (With Password Prompt)" option, it is  
important to remember that accounts that do not include a callback number  
will be allowed to access command mode without callback verification.  
5.5.3. Modifying User Accounts  
The "Edit User Directory" function allows you to edit existing accounts in order to change  
parameters, circuit access rights or Administrator Command capability. Note that the  
Edit/Modify User function is only available when you have accessed command mode  
using a password that permits Administrator Level commands.  
Once you have accessed the Modify Users menu, use the menu options to redefine  
parameters in the same manner employed for the Add User menu, as discussed in  
Section 5.5.2.  
Note: After you have finished changing parameters, make certain to save the  
changes before proceeding. In the Web Browser Interface, click on the "Modify  
User" button to save parameters; in the Text Interface, press the [Esc] key  
several times until the AFS-16 displays the "Saving Configuration" message.  
5.5.4. Deleting User Accounts  
This function is used to delete individual user accounts. Note that the Delete User  
function is only available when you have accessed command mode using a password  
that permits Administrator Level commands.  
Notes:  
• Deleted accounts cannot be automatically restored.  
• The AFS-16 allows you to delete the default "super" account, which is  
included to permit initial access to command mode. Before deleting the  
"super" account, make certain to create another account that permits  
Administrator Access. If you do not retain at least one account with  
Administrator Access, you will not be able to invoke Administrator level  
commands.  
5-19  
 
 
Basic Configuration  
5.6. Circuit Configuration  
The Circuit Parameters menu allows you to select parameters for the AFS-16 Circuit  
Modules. This allows you to assign names to the A, C, and B connectors on each  
Circuit Module, and also define a default A/B setting for each A/B Switch. Note that the  
Circuit Parameters menu is only available when you have logged into command mode  
using an account that permits Administrator commands. The Circuit Parameters Menu  
allows you to define the following parameters:  
Name (Common): Assigns a name to the Common RJ45 connector on the  
selected Circuit Module.  
Name (A): Assigns a name to the "A" RJ45 connector on the selected  
Circuit Module.  
Name (B): Assigns a name to the "B" RJ45 connector on the selected  
Circuit Module.  
Power Up Default: Determines how this A/B Switch will react when the "Default All  
Circuits" command (/DF) is invoked, or after power to the unit has been interrupted  
and then restored. After the default command is invoked, or power is restored, the  
AFS-16 will automatically set each A/B Switch to the "A" or "B" setting as specified  
by the Power-Up Default. (Default = "A").  
Notes:  
• If you have accessed command mode using an account that has  
Administrator or SuperUser level command access, then the Default  
command will be applied to all Circuit Modules.  
• If you have accessed command mode using an account that has User level  
command access, then the Default command will only be applied to the  
Circuit Modules that are allowed by your account.  
• The Default command is not available to ViewOnly level accounts.  
5-20  
 
 
Basic Configuration  
5.7. The Circuit Group Directory  
The Circuit Group Directory allows you to designate "groups" of circuits that are  
dedicated to a similar function, and will most likely be switched at the same time.  
Circuit Groups allow you to direct A/B switching commands to a series of circuits,  
without addressing each circuit individually. For example, a set selection of AFS circuits  
could be assigned to a circuit group named, "Servers". This would allow you to quickly  
switch all circuits in the group, by either including the "Servers" Circuit Group name in a  
/T command line via the Text Interface, or by using the Circuit Group Control menu via  
the Web Browser Interface.  
The Circuit Group Directory function is only available when you have logged into  
command mode using an account that permits Administrator commands. In both the  
Text Interface and the Web Browser Interface, the Circuit Group Directory menu offers  
the following functions:  
View Circuit Group Directory: Displays currently defined Circuit Module access  
rights for any AFS-16 Circuit Group as described in Section 5.7.1.  
Add Circuit Group to Directory: Creates new Circuit Groups, and allows you to  
assign circuit access rights to each group as described in Section 5.7.2.  
Modify Circuit Group Directory: This option is used to edit or change circuit  
access rights for each Circuit Group, as described in Section 5.7.3.  
Delete Circuit Group from Directory: Clears Circuit Groups that are no longer  
needed, as described in Section 5.7.4.  
5.7.1. Viewing Circuit Groups  
The "View Circuit Group Directory" option allows you to view the configuration of each  
Circuit Group. Note that the View Circuit Group Directory function is only available when  
you have accessed command mode using a password that permits Administrator Level  
commands.  
5-21  
 
 
Basic Configuration  
5.7.2. Adding Circuit Groups  
The "Add Circuit Group to Directory" option allows you to create new Circuit Groups and  
assign circuit access rights to each group. Note that the Add Circuit Group function is  
only available when you have accessed command mode using a password that permits  
Administrator Level commands.  
The Add Circuit Group Menu can be used to define the following parameters for each  
new account:  
Circuit Group Name: Assigns a name to the Circuit Group. (Default = undefined.)  
Circuit Access: Determines which Circuit Modules this Circuit Group will be  
allowed to control. (Default = undefined.)  
Notes:  
• In the Text Interface, Circuit Access is configured by selecting item 2 and  
then selecting the desired circuits from the resulting submenu.  
• In the Web Browser Interface, Circuit Access is configured by selecting the  
desired circuits from a list of all circuits in the Add Circuit Group menu.  
• After you have finished defining or editing Circuit Group parameters, make  
certain to save the changes before proceeding. In the Web Browser  
Interface, click on the "Add Circuit Group" button to save parameters; in the  
Text Interface, press the [Esc] key several times until the AFS-16 displays  
the "Saving Configuration" message and the cursor returns to the command  
prompt.  
5.7.3. Modifying Circuit Groups  
The "Modify Circuit Group" function allows you to edit existing Circuit Groups in order  
to change circuit access rights. Note that this function is only available when you  
have accessed command mode using a password that permits Administrator Level  
commands.  
Once you have accessed the Modify Circuit Group menu, use the menu options to  
redefine parameters in the same manner that is used for the Add Circuit Group menu, as  
discussed in Section 5.7.2.  
Note: After you have finished changing or editing parameters, make certain  
to save the changes before proceeding. In the Web Browser Interface, click  
on the "Modify Circuit Groups" button to save parameters; in the Text Interface,  
press the [Esc] key several times until the AFS-16 displays the "Saving  
Configuration" message and the cursor returns to the command prompt.  
5.7.4. Deleting Circuit Groups  
This function is used to delete individual Circuit Groups. Note that this function is only  
available when you have accessed command mode using a password that permits  
Administrator Level commands.  
Note: Deleted Circuit Groups cannot be automatically restored.  
5-22  
 
 
Basic Configuration  
5.8. Serial Port Configuration  
The Serial Port Configuration menus allow you to select parameters for the AFS-16  
Control Module's RS232 Serial Port.  
The Serial Port can be configured for connection to a local PC or Modem. In addition,  
the Serial Port Configuration menu can also be used to set communications parameters,  
disable Administrator level commands and also select a number of other Serial Port  
Parameters described in Section 5.8.2. When responding to prompts, invoking  
commands, and selecting items from port configuration menus, note the following:  
• Configuration menus are only available to Administrator level accounts.  
• If you are configuring the AFS-16 via modem, modem parameters will not be  
changed until after you exit command mode and disconnect from the unit.  
5.8.1. RS232 Port Modes  
The AFS-16 offers two different serial port operation modes:  
Normal Mode: Allows local communication via the Control Module's RS232  
Serial Port.  
Modem Mode: Sets up the Control Module's RS232 Port for connection to an  
optional external modem. Allows definition of a Hang-Up String, Reset String, and  
Initialization String.  
5.8.2. The Serial Port Configuration Menu  
The Serial Port Configuration menu allows the following parameters to be defined. Note  
that all of these parameters are available via both the Text Interface and Web Browser  
Interface, and that parameters selected via one interface are also applied to the other.  
Notes:  
• Configuration menus are only available to Administrator level accounts.  
• When configuring the AFS-16 via modem, Modem Mode parameters will not  
be changed until after you exit command mode and disconnect from the unit.  
Communication Settings:  
Baud Rate: Any standard rate from 300 bps to 115.2K bps. (Default = 9600 bps.)  
Bits/Parity: (Default = 8-None).  
Stop Bits: (Default = 1).  
Handshake Mode: XON/XOFF, RTS/CTS, Both, or None. (Default = RTS/CTS).  
General Parameters:  
Administrator Mode: Permits/denies port access to Administrator level accounts.  
(Default = Permit).  
Note: Administrator Mode cannot be disabled at the Control Module RS232  
Serial Port.  
Logoff Character: The Logoff Character determines the command(s) or  
character(s) that must be issued at this port in order to disconnect. (Default = ^X.)  
5-23  
 
 
Basic Configuration  
Sequence Disconnect: Enables/Disables and configures the Resident Disconnect  
command. This offers the option to disable the Sequence Disconnect, select a one  
character format or a three character format. (Default = One Character.)  
Inactivity Timeout: Enables and selects the Timeout Period for this port. If  
enabled, the Serial Port will disconnect when no additional data activity is detected  
for the duration of the timeout period. (Default = 5 Minutes.)  
Command Echo: Enables/Disables command echo. When disabled, commands  
sent to the Serial Port will still be invoked, but keystrokes will not be displayed.  
(Default = On.)  
Accept Break: Determines whether the port will accept breaks received from the  
attached device. When enabled, breaks received at the port will be passed. When  
disabled, breaks will be refused at this port. (Default = On.)  
Port Mode Parameters:  
Port Name: Allows you to assign a name to the Serial Port. (Default = undefined.)  
Port Mode: The operation mode for this port. (Default = Normal Mode)  
Depending on the Port Mode selected, the AFS-16 will also allow the definition  
of additional parameters listed below. In the Text Interface, these parameters are  
accessible via a submenu, which will only be active when the appropriate port  
mode is selected. In the Web Browser Interface, fields will be "grayed out" unless  
the corresponding port mode is selected.  
Normal Mode: Permits access to command mode. When Normal Mode is  
selected, the following mode specific parameter can also be defined:  
DTR Output: Determines how DTR will react when the port disconnects. DTR  
can be held low, held high, or pulsed for 0.5 seconds and then held high.  
(Default = Pulse.)  
Modem Mode: Permits access to command mode and simplifies connection  
to an external modem. Modem Mode ports can perform all functions available  
in Normal Mode, but Modem Mode also allows definition of a Hang-Up String,  
Reset String, and Initialization String:  
Modem Reset String: Redefines the modem reset string. The Reset String  
can be sent prior to the Initialization string. (Default = ATZ.)  
Modem Initialization String: Defines a string that can initialize a modem to  
settings required by your application. (Default = AT&C1&D2S0=1&B1&H1&R2)  
Modem Hang-Up String: Although the AFS-16 will pulse the DTR line to  
hang-up an attached modem, the Hang-Up string is often useful for controlling  
modems that do not use the DTR line. (Default = undefined.)  
Periodic Reset Value: Determines how often the Reset String will be sent to  
the modem at this port. (15 Minutes.)  
Note: When communicating with the AFS-16 via modem, these parameters will  
not be changed until after you exit command mode and disconnect.  
5-24  
 
 
Basic Configuration  
5.9. Network Configuration  
The Network Parameters Menus are used to select parameters and options for the  
Network Port and also allow you to implement various security and authentication  
features.  
Although the Web Browser Interface and Text Interface allow definition of essentially the  
same parameters, parameters are arranged differently in the two interfaces. In the Text  
Interface, most network parameters are defined via one menu. But in the Web Browser  
Interface, network parameters are divided into separate menus, which are accessed via  
the Network Configuration flyout menu.  
To access the Network Parameters Menus, proceed as follows:  
Notes:  
• Settings for network parameters depend on the configuration of your network.  
Please contact your network administrator for appropriate settings.  
• The Network Parameters Menu selects parameters for all 16 logical Network  
Ports.  
• The IP Address, Subnet Address and Gateway Address cannot be changed  
via the Web Browser Interface. In order to change these parameters, you  
must access the unit via the Text Interface.  
• When a new IP Address is selected, or the status of the DHCP feature is  
changed, the unit will disconnect and reconfigure itself with the new values  
when you exit the Network Parameters Menu. When configuring the unit via  
Web or Telnet, make certain your DHCP server is set up to assign a known,  
fixed IP address in order to simplify reconnection to the unit after the new  
address has been assigned.  
• The Network Parameters menu is only available when you have logged into  
command mode using an account and port that permit Administrator level  
commands (Administrator Mode enabled.)  
The Network Parameters menu allows you to define the parameters discussed in the  
following sections. Note that although the descriptions of network parameters are  
arranged according to the Web Browser Interface, in the Text Interface, most parameters  
are included in a single menu.  
5-25  
 
 
Basic Configuration  
5.9.1. Network Port Parameters  
In the Text Interface, these parameters are found in the main Network Configuration  
menu. In the Web Browser Interface, these parameters are found by placing the cursor  
over the "Network Configuration" link on the left hand side of the screen, and then  
clicking on the "Network Port Parameters" link in the resulting fly-out menu.  
Administrator Mode: Permits/denies port access to accounts that allow  
Administrator level commands. When enabled (Permit), the Network Port will  
be allowed to invoke Administrator level commands, providing they are issued  
by an account that permits them. If disabled (Deny), then accounts that permit  
Administrator level commands will not be allowed to access command mode via  
the Network Port. (Default = Permit)  
Logoff Character: Defines the Logoff Character for this port. This determines  
which command(s) must be issued at this port in order to disconnect from the  
RS232 Serial Port. (Default = ^X([Ctrl] plus [X]).)  
Note: The Sequence Disconnect parameter can be used to pick a one  
character or a three character logoff sequence.  
Sequence Disconnect: Enables/Disables and configures the Resident Disconnect  
command. Offers the option to either disable the Sequence Disconnect, or select a  
one character, or three character command format. (Default = One Character).  
Notes:  
• The One Character Disconnect is intended for situations where the  
destination port should not receive the disconnect command. When the  
Three Character format is selected, the disconnect sequence will pass  
through to the destination port prior to breaking the connection.  
• When Three Character format is selected, the Resident Disconnect uses the  
format "[Enter]LLL[Enter]", where Lis the selected Logoff Character.  
Inactivity Timeout: Enables and selects the Inactivity Timeout period for the  
Network Port. If enabled, and the port does not receive or transmit data for the  
specified time period, the port will disconnect. (Default = 5 Minutes).  
Command Echo: Enables or Disables the command echo for the Network Port.  
(Default = On).  
Accept Break: Determines whether the Network Port will accept breaks received  
from the attached device, and pass them along to a connected port. When the  
Accept Break parameter is enabled and the Network Port is connected to the  
RS232 Serial Port, breaks received at the Network Port will be passed to the Serial  
Port. When disabled, breaks will be refused at the Network Port. (Default = On.)  
Multiple Logins: If the AFS-16 is installed in an environment that does not include  
communication via an open network (local communication only), then the Multiple  
Logins parameter can be used to determine whether or not multiple users will be  
able to communicate with the unit at the same time. If this parameter is set to "Off"  
then only one user will be allowed to communicate with the unit at a time.  
(Default = On.)  
Note: The "Multiple Logins" prompt is not included in the Web Browser  
Interface.  
5-26  
 
 
Basic Configuration  
5.9.2. Network Parameters  
In the Text Interface, these parameters are accessed via the Network Configuration  
menu (Figure 5.9.) In the Web Browser Interface, these parameters can be found by  
clicking the "Network Parameters" link on the left hand side of the screen to display the  
Network Parameters menu.  
Note: The IP Address, Subnet Mask, Gateway Address and DHCP status  
cannot be changed via the Web Browser Interface. In order to change these  
parameters, you must access the AFS-16 via the Text Interface.  
IP Address: (Default = 192.168.168.168.)  
Subnet Mask: (Default = 255.255.255.0.)  
Gateway Address: (Default = undefined.)  
DHCP: Enables/Disables Dynamic Host Configuration Protocol. When this option  
is "On", the AFS-16 will perform a DHCP request. Note that in the Text Interface, the  
MAC address for the AFS-16 is listed on the Network Status Screen.  
(Default = Off.)  
Note: Before configuring this feature, make certain your DHCP server is set up  
to assign a known, fixed IP address. You will need this new IP address in order  
to reestablish a network connection with the AFS-16 unit.  
Telnet Access: Enables/disables Telnet access. When Telnet Access is "Off," users  
will not be allowed to establish a Telnet connection to the unit. (Default = Off.)  
Telnet Port: Selects the TCP/IP port number that will be used for Telnet  
connections. In the Text Interface, this item is defined via a submenu, displayed  
when the Telnet Access parameter is selected. (Default = 23.)  
SSH Access: Enables/disables SSH communication. (Default = On.)  
SSH Port: Selects the TCP/IP port number that will be used for SSH connections.  
Note that in the Text Interface, this item is defined via a submenu, which is  
displayed when the SSH Access parameter is selected (item number 22.)  
(Default = 22.)  
HTTP Access (Web Access): Enables/disables the Web Browser Interface.  
When disabled, users will not be allowed to contact the unit via the Web Browser  
Interface. (Default = Off.)  
HTTP Port: Selects the TCP/IP port number that will be used for HTTP  
connections. (Default = 80.)  
HTTPS Access: Enables/disables HTTPS communication. For instructions on  
setting up SSL encryption, please refer to Section 14. (Default = Off.)  
5-27  
 
 
Basic Configuration  
HTTPS Port: Selects the TCP/IP port number that will be used for HTTPS  
connections. (Default = 443.)  
Notes:  
• In the Text Interface, HTTP and HTTPS parameters reside in a separate  
submenu. To enable and configure HTTP and HTTPS Access via the  
Text Interface, access the Network Configuration Menu as described in  
Section 5.9, then type 23, press [Enter] and use the resulting submenu  
(Figure 14.1) to select parameters as described in Section 14.  
• When the Web Access parameter is accessed via the Text Interface, the  
resulting submenu will also allow you to select SSL (encryption) parameters  
as described in Section 14.  
Harden Web Security: When the Harden Web Security feature is On (default,) only  
the high and medium cypher suites for SSLv3 and TLSv1 will be enabled. When  
the Harden Web Security feature is Off, all SSL protocols will be enabled, allowing  
compatibility with older browsers. Note that in the Text Interface, this option is  
enabled/disabled via the Web Access submenu. (Default = On.)  
SYSLOG Address: The IP Address or domain name (up to 64 characters) for the  
Syslog Daemon that will receive log records generated by the AFS-16. For more  
information, please refer to Section 11. (Default = undefined.)  
Ping Access: Enables/Disables response to the ping command. When Disabled,  
the AFS-16 will not respond to Ping commands. Note that disabling Ping Access at  
the Network Port will not effect the operation of the Ping-No-Access Alarm.  
(Default = On.)  
Outbound Access: Enables/Disables the ability to create outbound Telnet and/  
or SSH connections via the AFS-16 Network Port. When enabled, users who  
are connected to the AFS-16 command mode via the RS232 Serial Port will be  
able to connect to the Network Port, and then invoke the /TELNET and/or /SSH  
commands to create an outbound connection. For example, to create an outbound  
Telnet connection, first make certain that this option is enabled for both the RS232  
Serial Port and the password/account, then access command mode via the Text  
Interface at the RS232 Port. At the AFS> prompt, invoke the /TELNET command as  
described in Section 10.3. (Default = Off.)  
5-28  
 
 
Basic Configuration  
5.9.3. IP Security  
The IP Security feature allows the AFS-16 to restrict unauthorized IP addresses from  
establishing inbound Telnet connections to the unit. This allows you to grant Telnet  
access to only a specific group of IP addresses, or block a particular IP address  
completely. In the default state, the AFS-16 accepts incoming IP connections from all  
hosts.  
In the Text Interface, IP Security parameters are defined via item 5 in the Network  
Configuration menu (Figure 5.9.) In the Web Browser Interface, these parameters are  
found by clicking the "IP Security" link on the left hand side of the screen. In the default  
state, IP Security is disabled.  
The IP Security Function employs a TCP Wrapper program which allows the use of  
standard, Linux operators, wild cards and net/mask pairs to create a host based access  
control list.  
The IP Security configuration menus include "hosts.allow" and "hosts.deny" client lists.  
Basically, when setting up IP Security, you must enter IP addresses for hosts that you  
wish to allow in the Allow list, and addresses for hosts that you wish to deny in the Deny  
list. Since Linux operators, wild cards and net/mask pairs are allowed, these lists can  
indicate specific addresses, or a range of addresses to be allowed or denied.  
When the IP Security feature is properly enabled, and a client attempts to connect, the  
AFS-16 will perform the following checks:  
1. If the client’s IP address is found in the "hosts.allow" list, the client will be granted  
immediate access. Once an IP address is found in the Allow list, the AFS-16 will not  
check the Deny list, and will assume you wish to allow that address to connect.  
2. If the client’s IP address is not found in the Allow list, the AFS-16 will then proceed  
to check the Deny list.  
3. If the client’s IP Address is found in the Deny list, the client will not be allowed to  
connect.  
4. If the client’s IP Address is not found in the Deny list, the client will be allowed to  
connect, even if the address was not found in the Allow list.  
Notes:  
• If the AFS-16 finds an IP Address in the Allow list, it will not check the Deny  
list, and will allow the client to connect.  
• If both the Allow and Deny lists are left blank, then the IP Security feature will  
be disabled, and all IP Addresses will be allowed to connect (providing that  
the proper password and/or SSH key is supplied.)  
• When the Allow and Deny lists are defined, the user is only allowed to specify  
the Client List; the Daemon List and Shell Command cannot be defined.  
5-29  
 
 
Basic Configuration  
5.9.3.1. Adding IP Addresses to the Allow and Deny Lists  
To add an IP Address to the Allow or Deny list, and begin configuring the IP Security  
feature, proceed as follows.  
Notes:  
• Both the Allow and Deny list can include Linux operators, wild cards, and  
net/mask pairs.  
• In some cases, it is not necessary to enter all four "digits" of the IP Address.  
For example, if you wish to allow access to all IP addresses that begin with  
"192," then you would only need to enter "192."  
• The IP Security Configuration menu is only available when the Administrator  
Mode is active.  
• In order to use domain names in the Allow List and/or Deny List, you must  
first define IP address(es) for the desired Domain Name Server(s) as  
described in Section 5.9.5.  
1. Access the IP Security Configuration Menu. In the Text Interface, the IP Security  
menu is accessed via the Network Configuration menu. In the Web Browser  
Interface, the IP Security Configuration menu is accessed via the Network  
Configuration flyout menu.  
2. Allow List: Enter the IP Address(es) for the clients that you wish to allow. Note that  
if an IP Address is found in the Allow list, the client will be allowed to connect, and  
the AFS-16 will not check the Deny list.  
a) Text Interface: Note the number for the first empty field in the Allow list, then  
type that number at the command prompt, press [Enter], and then follow the  
instructions in the resulting submenu.  
b) Web Browser Interface: Place the cursor in the first empty field in the  
parameters menu, then key in the desired IP Address, operators, wild cards,  
and/or net/mask pairs.  
3. Deny List: Enter the IP Address(es) for the clients that you wish to deny. Note that  
if the client’s IP Address is not found in the Deny List, that client will be allowed to  
connect. Use the same procedure for entering IP Addresses described in Step 2  
above.  
5-30  
 
 
Basic Configuration  
5.9.3.2. Linux Operators and Wild Cards  
In addition to merely entering a specific IP address or partial IP address in the Allow or  
Deny list, you may also use any standard Linux operator or wild card. In most cases,  
the only operator used is "EXCEPT" and the only wild card used is "ALL," but more  
experienced Linux users may note that other operators and wild cards may also be  
used.  
EXCEPT:  
This operator creates an exception in either the "allow" list or "deny" list.  
For example, if the Allow list includes a line which reads "192. EXCEPT 192.255.255.6,"  
then all IP address that begin with "192." will be allowed; except 192.255.255.6  
(providing that this address appears in the Deny list.)  
ALL:  
The ALL wild card indicates that all IP Addresses should be allowed or denied. When  
ALL is included in the Allow list, all IP addresses will be allowed to connect; conversely,  
if ALL is included in the Deny list, all IP Addresses will be denied (except for IP  
addresses listed in the Allow list.)  
For example, if the Deny list includes a line which reads "ALL EXCEPT 168.255.192.192,"  
then all IP addresses except 168.255.192.192 will be denied (except for IP addresses  
that are listed in the Allow list.)  
Net/Mask Pairs:  
An expression of the form "n.n.n.n/m.m.m.m" is interpreted as a "net/mask" pair. A host  
address is matched if "net" is equal to the bitwise AND of the address and the "mask."  
For example, the net/mask pattern "131.155.72.0/255.255.254.0" matches every address  
in the range "131.155.72.0" through "131.155.73.255."  
5.9.3.3. IP Security Examples  
1. Mostly Closed: Access is denied by default and the only clients allowed,  
are those explicitly listed in the Allow list. To deny access to all clients except  
192.255.255.192 and 168.112.112.05, the Allow and Deny lists would be defined as  
follows:  
• Allow List:  
1. 192.255.255.192  
2. 168.112.112.05  
• Deny List:  
1. ALL  
5-31  
 
 
Basic Configuration  
2. Mostly Open: Access is granted by default, and the only clients denied access,  
are those explicitly listed in the Deny list, and as exceptions in the Allow list. To  
allow access to all clients except 192.255.255.192 and 168.112.112.05, the Allow  
and Deny lists would be defined as follows:  
• Allow List:  
1. ALL EXCEPT 192.255.255.192, 168.112.112.05  
• Deny List:  
1. 192.255.255.192, 168.112.112.05  
Notes:  
• When defining a line in the Allow or Deny list that includes several IP  
addresses, each individual address is separated by either a space, a comma,  
or a comma and a space as shown in Example 2 above.  
Take care when using the "ALL" wild card. When ALL is included in the Allow  
list, it should always include an EXCEPT operator in order to allow the unit to  
proceed to the Deny list and determine any addresses you wish to deny.  
5.9.4. Static Route  
The Static Route menu allows you to type in Linux routing commands that will be  
automatically executed each time that the unit powers up or reboots. In the Text  
Interface, the Static Route menu is accessed via the Network Configuration menu. In  
the Web Browser Interface, the Static Route menu via the Network Configuration  
flyout menu.  
5.9.5. Domain Name Server  
The DNS menu is used to select IP addresses for Domain Name Servers. When web  
and network addresses are entered, the Domain Name Server interprets domain names  
(e.g., www.yourcompanyname123.com), and translates them into IP addresses. Note  
that if you don't define at least one DNS, then IP addresses must be used, rather than  
domain names.  
5-32  
 
 
Basic Configuration  
5.9.6. SNMP Access Parameters  
These menus are used to select access parameters for the SNMP feature. The SNMP  
Access Parameters menus allow the following parameters to be defined:  
Note: After you have configured SNMP Access Parameters, you will then be  
able to manage the AFS-16's User Directory and display unit status via SNMP, as  
described in Section 13.  
Enable: Enables/disables SNMP Polling. (Default = Off.)  
Note: This item only applies to external SNMP polling of the AFS-16; it does  
not effect the ability of the AFS-16 to send SNMP traps.  
Version: This parameter determines which SNMP Version the AFS-16 will respond  
to. For example, if this item is set to V3, then clients who attempt to contact the  
AFS-16 using SNMPv2 will not be allowed to connect. (Default = V1/V2 Only.)  
Read Only: Enables/Disables the "Read Only Mode", which controls the ability to  
access configuration functions and invoke switching commands. When Enabled,  
you will not be able to change configuration parameters or invoke other commands  
when you contact the AFS-16 via SNMP. (Default = No.)  
Note: In order to define user names for the AFS-16 via your SNMP client, the  
Read Only feature must be disabled. When the Read Only feature is enabled,  
you will not be able to issue configuration commands to the unit via SNMP.  
Authentication / Privacy: Configures the Authentication and Privacy features  
for SNMPv3 communication. The Authentication / Privacy parameter offers two  
options, which function as follows:  
1. Auth/noPriv: An SNMPv3 username and password will be required at log in,  
but encryption will not be used. (Default Setting.)  
2. Auth/Priv: An SNMPv3 username and password will be required at log in, and  
all messages will be sent using encryption.  
Notes:  
• The Authentication / Privacy item is not available when the Version parameter  
is set to V1/V2.  
• If the Version Parameter is set to V1/V2/V3 (all) and Authentication / Privacy  
parameter is set to "Auth/Priv", then only V3 data will be encrypted.  
• The AFS-16 supports DES encryption, but does not currently support the AES  
protocol.  
• The AFS-16 does not support "noAuth/noPriv" for SNMPv3 communication.  
SNMPv3 User Name: Sets the User Name for SNMPv3. Note that this option is  
not available when the Version parameter is set to V1/V2. (Default = undefined.)  
SNMPv3 Password: Sets the password for SNMPv3. Note that this option is not  
available when the Version parameter is set to V1/V2. (Default = undefined.)  
SNMPv3 Password Confirm: This prompt is used to confirm the SNMPv3  
password that was entered at the prompt above. Note that this option is not  
available when the Version parameter is set to V1/V2. (Default = undefined.)  
5-33  
 
 
Basic Configuration  
Authentication Protocol: Determines which authentication protocol will be used.  
The AFS-16 supports both MD5 and SHA1 authentication. (Default = MD5.)  
Notes:  
• The Authentication Protocol that is selected for the AFS-16 must match the  
protocol that your SNMP client will use when querying the AFS-16 unit.  
• The Authentication Protocol option is not available when the Version  
parameter is set to V1/V2  
SNMP Contact: (Default = undefined.)  
SNMP Location: (Default = undefined.)  
Read Only Community: Note that this parameter is not available when the SNMP  
Version is set to V3. (Default = Public.)  
Read/Write Community: Note that this parameter is not available when the SNMP  
Version is set to V3. (Default = Public.)  
Note: If identical names are defined for the Read Only Community and  
Read/Write Community, then the unit will give priority to the Read/Write  
Community option.  
5.9.7. SNMP Trap Parameters  
These menus are used to select parameters that will be used when SNMP traps are  
sent. For more information on SNMP Traps, please refer to Section 12. Text Interface  
and Web Browser Interface allow the following parameters to be defined:  
SNMP Manager 1: The IP Address for the first SNMP Manager. For more  
information, please refer to Section 12. (Default = Undefined.)  
Note: In order to enable the SNMP Trap feature, you must define at least one  
SNMP Manager.  
SNMP Manager 2: (Default = Undefined.)  
Trap Community: (Default = Public.)  
5-34  
 
 
Basic Configuration  
5.9.8. LDAP Parameters  
The AFS-16 supports LDAP (Lightweight Directory Access Protocol,) which allows  
authentication via the "Active Directory" network Directory Service. When LDAP is  
enabled and properly configured, command access rights can be granted to new users  
without the need to define individual new accounts at each AFS-16 unit, and existing  
users can also be removed without the need to delete the account from each  
AFS-16 unit. This type of authentication also allows administrators to assign users  
to LDAP groups, and then specify which circuits the members of each group will be  
allowed to control at each AFS-16 unit.  
In order to apply the LDAP feature, you must first define User Names and associated  
Passwords and group membership via your LDAP server, and then access the AFS-16  
command mode to enable and configure the LDAP settings and define port access  
rights and command access rights for each group that you have specified at the LDAP  
server. Note that in order to access the LDAP Parameters menu, you must login to AFS-  
16 command mode using a password that permits Administrator level commands.  
Notes:  
• Circuit access rights are not defined at the LDAP server. They are defined via  
the LDAP Group configuration menu on each AFS-16 unit and are specific to  
that AFS-16 unit alone.  
• When LDAP is enabled and properly configured, LDAP authentication will  
supersede any passwords and access rights that have been defined via the  
AFS-16 user directory.  
• If no LDAP groups are defined on a given AFS-16 unit, then access rights will  
be determined as specified by the "default" LDAP group.  
• The "default" LDAP group cannot be deleted.  
The LDAP Parameters Menu allows the following parameters to be defined:  
Enable: Enables/disables LDAP authentication. (Default = Off.)  
Primary Host: Defines the IP address or domain name (up to 64 characters) for  
the primary LDAP server. (Default = undefined.)  
Secondary Host: Defines the IP address or domain name (up to 64 characters) for  
the secondary (fallback) LDAP server. (Default = undefined.)  
LDAP Port: Defines the port that will be used to communicate with the LDAP  
server. (Default = 389.)  
TLS/SSL: Enables/Disables TLS/SSL encryption. Note that when TLS/SSL  
encryption is enabled, the LDAP Port should be set to 636. (Default = Off.)  
Bind Type: Sets the LDAP bind request password type. Note that in the Text  
Interface, when the Bind Type is set to "Kerberos" LDAP, the menu will include an  
additional prompt (item 14) that is used to select Kerberos parameters as described  
in Section 5.9.8.5. In the Web Interface, the button which is used to access the  
Kerberos Parameters menu is located at the bottom of the LDAP Parameters Menu.  
(Default = Simple.)  
Search Bind DN: Selects the user name who is allowed to search the LDAP  
directory. (Default = undefined.)  
5-35  
 
 
Basic Configuration  
Search Bind Password: Sets the Password for the user who is allowed to search  
the LDAP directory. (Default = undefined.)  
User Search Base DN: Sets the directory location for user searches.  
(Default = undefined.)  
User Search Filter: Selects the attribute that lists the user name. Note that this  
attribute should always end with "=%S" (no quotes.) (Default = undefined.)  
Group Membership Attribute: Selects the attribute that lists group  
membership(s). (Default = undefined.)  
Group Membership Value Type: (Default = DN.)  
Fallback: Enables/Disables the LDAP fallback feature. When enabled, the  
AFS-16 will revert to it's own internal user directory (see Section 5.5) if no defined  
users are found via the LDAP server. In this case, port access rights will then be  
granted as specified in the default LDAP group. (Default = Off.)  
LDAP Group Setup: Provides access to a submenu, which is used to define LDAP  
Groups as described in the Sections 5.9.8.1 through 5.9.8.4.  
LDAP Kerberos Setup: Provides access to the Kerberos Setup menu as described  
in Section 5.9.8.5. When the Bind Type is set to "Kerberos", the Kerberos Setup  
menu is used to select Kerberos parameters. In the Text Interface, the link to the  
Kerberos Setup menu will not be displayed unless the Bind Type is set to Kerberos.  
5.9.8.1. Adding LDAP Groups  
Once you have defined several users and passwords via your LDAP server, and  
assigned those users to LDAP Groups, you must then grant access rights to each LDAP  
Group at each AFS-16 unit. In order to add LDAP groups, you must log in to command  
mode using a password that permits access to Administrator level commands. The Add  
LDAP Group menu allows the following parameters to be defined:  
Group Name: Note that this name must match the LDAP Group names that you  
have assigned to users at your LDAP server. (Default = undefined.)  
Access Level: Sets the command access level. For more information, please refer  
to Section 5.4.1. (Default = User.)  
Circuit Access: This item is used to select the AFS-16 Circuit Modules that  
members of this LDAP group will be allowed to connect. (Default = All Circuits Off.)  
Circuit Group Access: This item is used to determine which Circuit Groups the  
members of this LDAP Group will be allowed to control. (Default = undefined.)  
Service Access: This item determines how members of this LDAP Group will be  
allowed to access command mode and whether or not they will be able to create  
outbound Telnet connections. The Service Access parameter is used to allow  
members of this LDAP group to access command mode via Serial Port, Telnet/SSH  
or any combination thereof, and also enables/disables Outbound Telnet.  
(Default; Serial Port = On, Telnet/SSH = On, Outbound Access = Off.)  
Note: After you have defined LDAP Group parameters, make certain to save  
the changes before proceeding. In the Web Browser Interface, click on the  
"Add LDAP Group" button to save parameters; in the Text Interface, press the  
[Esc] key several times until the "Saving Configuration" message is displayed.  
5-36  
 
 
Basic Configuration  
5.9.8.2 Viewing LDAP Groups  
If you need to examine an existing LDAP group definition, the "View LDAP Groups"  
function can be used to review the group's parameters and Circuit Access settings.  
5.9.8.3. Modifying LDAP Groups  
If you need to modify an existing LDAP Group in order to change parameters or circuit  
access rights, the "Modify LDAP Group" function can be used to reconfigure group  
parameters. To Modify an existing LDAP Group, access the AFS-16 command mode  
using a password that permits access to Administrator Level commands. Once you  
have accessed the Modify LDAP Group menu, use the menu options to redefine  
parameters in the same manner that is used for the Add LDAP Group menu, as  
discussed in Section 5.9.8.1.  
Note: After you have defined LDAP Group parameters, make certain to save  
the changes before proceeding. In the Web Browser Interface, click on the  
"Modify LDAP Group" button to save parameters; in the Text Interface, press the  
[Esc] key several times until the "Saving Configuration" message is displayed.  
5.9.8.4. Deleting LDAP Groups  
The Delete LDAP Group function is used to delete LDAP Groups that are no longer  
needed. To delete an existing LDAP Group, you must access command mode using a  
password that permits access to Administrator Level commands.  
5.9.8.5. LDAP Kerberos Set Up  
Kerberos is a network authentication protocol, which provides a secure means of  
identity verification for users who are communicating via a non-secure network. To  
display the LDAP Kerberos Set Up menu, you must access command mode using a  
password that permits access to Administrator Level commands.  
The LDAP Kerberos Setup menu allows you to define the following parameters:  
Port: (Default = 88.)  
Realm: (Default = Undefined.)  
Key Distribution Centers (KDC1 through KDC5): (Default = Undefined.)  
Domain Realms 1 through 5: (Default = Undefined.)  
5-37  
 
 
Basic Configuration  
5.9.9. TACACS Parameters  
The TACACS Configuration Menus offer the following options:  
Enable: Enables/disables the TACACS feature at the Network Port. (Default = Off.)  
Primary Address: Defines the IP address or domain name (up to 64 characters)  
for your primary TACACS server. (Default = undefined.)  
Secondary Address: Defines the IP address or domain name (up to 64 characters)  
for your secondary, fallback TACACS server (if present.) (Default = undefined.)  
Secret Word: Defines the shared TACACS Secret Word for both TACACS servers.  
(Default = undefined.)  
Fallback Timer: Determines how long the AFS-16 will continue to attempt to  
contact the primary TACACS Server before falling back to the secondary TACACS  
Server. (Default = 15 Seconds.)  
Fallback Local: Determines whether or not the AFS-16 will fallback to its own  
password/username directory when an authentication attempt fails. When enabled,  
the AFS-16 will first attempt to authenticate the password by checking the TACACS  
Server; if this fails, the AFS-16 will then attempt to authenticate the password by  
checking its own internal username directory. This Parameter offers three options:  
Off: Fallback Local is disabled (Default.)  
On (All Failures): Fallback Local is enabled, and the unit will fallback to it's own  
internal user directory when it cannot contact the TACACS Server, or when a  
password or username does not match the TACACS Server.  
On (Transport Failure): Fallback Local is enabled, but the unit will only fallback  
to it's own internal user directory when it cannot contact the TACACS Server.  
Authentication Port: The port number for the TACACS function. (Default = 49.)  
Default User Access: When enabled, this parameter allows TACACS users to  
access the AFS-16 command mode without first defining a TACACS user account  
on the AFS-16. When new TACACS users access the AFS-16 command mode,  
they will inherit the default Access Level, Circuit Access, Circuit Group Access and  
Service Access that are defined via the items listed below: (Default = On.)  
Access Level: Selects the default Access Level setting for new TACACS users.  
This option can set the default access level to "Administrator", "SuperUser",  
"User" or "ViewOnly." For more information on Command Access Levels, please  
refer to Section 5.4.1 and Section 17.2. (Default = User.)  
5-38  
 
 
Basic Configuration  
Circuit Access: Selects the default Circuit Access setting for new TACACS  
users. The Circuit Access setting determines which Circuit Module(s) each  
account will be allowed to control. (Defaults; Administrator and SuperUser =  
All Circuits On, User = All Circuits Off, ViewOnly = All Circuits Off.)  
Notes:  
• Administrator and SuperUser level accounts always have access to all  
circuits.  
• User level accounts will only have access to the circuits that are defined via  
the "Circuit Access" parameter.  
• ViewOnly accounts are not allowed to invoke switching commands.  
Circuit Group Access: Selects the default Circuit Group Access setting for  
new TACACS users. For more information on Circuit Groups, please refer to  
Section 5.6. (Defaults; Administrator and SuperUser = All Circuit Groups On,  
User = All Circuit Groups Off, ViewOnly = All Circuit Groups Off.)  
Notes:  
• In order to use this feature, Circuit Groups must first be defined as described  
in Section 5.6.  
• Administrator and SuperUser level accounts will always have access to all  
Circuit Groups.  
• User Level accounts will only have access to the Circuit groups that are  
defined via the Circuit Group Access parameter.  
• ViewOnly accounts are not allowed to invoke switching commands.  
Service Access: Selects the default Service Access setting for new TACACS  
users. The Service Access setting determines whether each account will be  
able to access command mode via Serial Port, Telnet/SSH or Web. In addition,  
the Service Access setting also determines whether each account will be able  
to employ the Outbound Access function. For example, if Telnet/SSH Access is  
disabled, then the default setting for new TACACS accounts will not allow access  
to command mode via Telnet or SSH. (Default = Serial Port = On, Telnet/SSH =  
On, Web = On.)  
Note: If Outbound Access has been disabled via the Network Parameters  
menu, then the Service Access parameter will not be allowed to grant Outbound  
Access to new TACACS users.  
5-39  
 
 
Basic Configuration  
5.9.10. RADIUS Parameters  
The RADIUS Configuration Menus offer the following options:  
Enable: Enables/disables the RADIUS feature at the Network Port. (Default = Off.)  
Primary Address Defines the IP address or domain name (up to 64 characters  
long) for your primary RADIUS server. (Default = undefined.)  
Primary Secret Word: Defines the RADIUS Secret Word for the primary RADIUS  
server. (Default = undefined.)  
Secondary Address: Defines the IP address or domain name (up to 64 characters)  
for your secondary, fallback RADIUS server (if present.) (Default = undefined.)  
Secondary Secret Word: Defines the RADIUS Secret Word for the secondary  
RADIUS server. (Default = undefined.)  
Fallback Timer: Determines how long the AFS-16 will continue to attempt to  
contact the primary RADIUS Server before falling back to the secondary RADIUS  
Server. (Default = 3 Seconds.)  
Fallback Local: Determines whether or not the AFS-16 will fallback to its own  
password/username directory when an authentication attempt fails. When enabled,  
the AFS-16 will first attempt to authenticate the password by checking the RADIUS  
Server; if this fails, the AFS-16 will then attempt to authenticate the password by  
checking its own internal username directory. This parameter offers three options:  
Off: Fallback Local is disabled (Default.)  
On (All Failures): Fallback Local is enabled, and the unit will fallback to it's  
own internal user directory when it cannot contact the Radius Server, or when a  
password or username does not match the Radius Server.  
On (Transport Failure): Fallback Local is enabled, but the unit will only fallback  
to it's own internal user directory when it cannot contact the Radius Server.  
Retries: Determines how many times the AFS-16 will attempt to contact the  
RADIUS server. Note that the retries parameter applies to both the Primary RADIUS  
Server and the Secondary RADIUS Server. (Default = 3.)  
Authentication Port: The Authentication Port number for the RADIUS function.  
(Default = 1812.)  
Accounting Port: The Accounting Port number for the RADIUS function.  
(Default = 1813.)  
Debug: (Text Interface Only) When enabled, the AFS-16 will put RADIUS debug  
information into Syslog. (Default = Off.)  
5-40  
 
 
Basic Configuration  
5.9.10.1.  
Dictionary Support for RADIUS  
The RADIUS dictionary file can allow you to define a user and assign command access  
rights and port access rights from a central location. The RADIUS dictionary file,  
"dictionary.wti" is included on the CDROM along with this user's guide. To install the  
dictionary file on your RADIUS server, please refer to the documentation provided with  
your server; some servers will require the dictionary file to reside in a specific directory  
location, others will require the dictionary file to be appended to an existing RADIUS  
dictionary file. The WTI RADIUS dictionary file provides the following commands:  
WTI-Super- Sets the command access level for the user. This command provides  
the following arguments:  
0= ViewOnly  
1= User  
2= SuperUser  
3= Administrator  
For example, in order to set command access level to "SuperUser", the command  
line would be:  
WTI-Super="2"  
WTI-Circuit-Access- Determines which circuit(s) the user will be allowed to  
access. This command provides an argument that consists of a four character  
string, with one character for each the AFS-16's Circuit Modules. The following  
options are available for each switched circuit:  
0= Off (Deny Access)  
1= On (Allow Access)  
For example, to allow access to Circuits 2 and 4, the command line would be:  
WTI-Circuit-Access="0101"  
WTI-Group-Access- Determines which Circuit Group(s) the user will be allowed  
to access. The argument for this command includes a character for each, defined  
Circuit Group, with the first character in the string being used to represent the first  
Circuit Group defined, and the last character in the string representing the last  
Circuit Group defined. The following options are available for each Circuit Group:  
0= Off (Deny Access)  
1= On (Allow Access)  
For example, to allow access to the first three defined Circuit Groups out of a total  
of six defined Circuit Groups, the command line would be:  
WTI-Group-Access="111000"  
Example:  
The following command could be used to set the command access level to "User", allow  
access to Circuits 1 and 2, and also allow access to the first two of five defined  
Circuit Groups:  
tom Auth-Type:=Local, User-Password=="tom1"  
Login-Service=Telnet,  
Login-TCP-Port=Telnet,  
User-Name="HARRY-tom",  
WTI-Super="1",  
WTI-Circuit-Access="1100",  
WTI-Group-Access="11000",  
5-41  
 
 
Basic Configuration  
5.9.11. Email Messaging Parameters  
The Email Messaging menu is used to define parameters for email messages that the  
AFS-16 can send to notify you when an alarm is triggered. To define email message  
parameters, you must access the AFS-16 Command Mode using a password that  
permits access to Administrator Level commands.  
The Email Configuration menu offers the following options:  
Enable: Enables/Disables the Email Messaging feature. When disabled, the  
AFS-16 will not be able to send email messages when an alarm is generated.  
(Default = On.)  
SMTP Server: This prompt is used to define the address of your SMTP Email  
server. (Default = 192.168.100.43.)  
Port Number: Selects the TCP/IP port number that will be used for email  
connections. (Default = 25.)  
Domain: The domain name for your email server. (Default = undefined.)  
Note: In order to use domain names, you must first define Domain Name  
Server parameters as described in Section 5.9.5.  
User Name: The User Name that will be entered when logging into your email  
server. (Default = undefined.)  
Password: The password that will be used when logging into your email server.  
(Default = undefined.)  
Auth Type: The Authentication type; the AFS-16 allows you to select None, Plain,  
Login, or CRAM-MD5 Authentication. (Default = Plain.)  
From Name: The name that will appear in the "From" field in email sent by the AFS-  
16. (Default = undefined.)  
From Address: The email address that will appear in the "From" field in email sent  
by the AFS-16. (Default = undefined.)  
To Address: The address(es) that will receive email messages generated by the  
AFS-16. Note that up to three "To" addresses may be defined, and that when Alarm  
Configuration parameters are selected as described in Section 7, you may then  
designate one, two or all three of these addresses as recipients for email messages  
that are generated by the alarms. (Default = undefined.)  
Send Test Email: Sends a test email, using the parameters that are currently  
defined for the Email configuration menu.  
Note: The "Send Test Email" function is only available via the Text Interface.  
5-42  
 
 
Basic Configuration  
5.10. Save User Selected Parameters  
It is strongly recommended to save all user-defined parameters to an ASCII file as  
described in Section 15. This will allow quick recovery in the event of accidental  
deletion or reconfiguration of port parameters.  
When changing configuration parameters via the Text Interface, make certain that the  
AFS-16 has saved the newly defined parameters before exiting from command mode.  
To save parameters, press the [Esc] key several times until you have exited from all  
configuration menus and the AFS-16 displays the "Saving Configuration" menu and  
the cursor returns to the command prompt. If newly defined configuration parameters  
are not saved prior to exiting from command mode, then the AFS-16 will revert to the  
previously saved configuration after you exit from command mode.  
5.10.1. Restore Configuration  
If you make a mistake while configuring the AFS-16 unit, and wish to return to the  
previously saved parameters, the Text Interface's "Reboot System" command (/I) offers  
the option to reinitialize the unit using previously backed up parameters. This allows  
you to reset the unit to previously saved parameters, even after you have changed  
parameters and saved them.  
Notes:  
• The AFS-16 will automatically backup saved parameters once a day, shortly  
after Midnight. This configuration backup file will contain only the most  
recently saved AFS-16 parameters, and will be overwritten by the next night's  
daily backup.  
• When the /I command is invoked, a submenu will be displayed which  
offers several Reboot options. Option 4 is used to restore the configuration  
backup file. The date shown next to Option 4 indicates the date that you last  
changed and saved unit parameters.  
• If the daily automatic configuration backup has been triggered since the  
configuration error was made, and the previously saved configuration has  
been overwritten by newer, incorrect parameters, then this function will not  
be able to restore the previously saved (correct) parameters.  
To restore the previously saved configuration, proceed as follows:  
1. Access command move via the Text Interface, using a username/password that  
permits access to Administrator level commands (see Section 5.1.1.)  
2. At the AFS command prompt, type /Iand press [Enter]. The AFS-16 will display a  
submenu that offers several different reboot options.  
3. At the submenu, you may choose either Item 4 (Reboot & Restore Last Known  
Working Configuration.) Type 4, and then press [Enter].  
4. The AFS-16 will reboot and previously saved parameters will be restored.  
5-43  
 
 
6. Ping-No-Answer Fallback Switching  
The Ping-No-Answer function can be used to automatically switch one or more circuit  
modules when an attached device fails to respond to a Ping Command. In addition,  
the Ping-No-Answer function can also be configured to send an email, text message,  
Syslog Message or SNMP Trap to notify you whenever a Ping-No-Answer Action occurs.  
Please refer to Section 7.3 for instructions on setting up email alarm notification for  
Ping-No-Answer Actions.  
To set up a Ping-No-Answer Profile, access command mode using a password that  
permits Administrator level commands and then proceed as follows:  
Text Interface: Type /PNAand press [Enter] to display the Ping-No-Answer  
Directory menu. From the Ping-No-Answer Directory Menu, you can Add, Modify,  
View or Delete Ping-No-Answer Profiles as described in the Sections that follow.  
Web Browser Interface: Click on the "Ping-No-Answer Configuration" link on the  
left hand side of the screen to display the Ping-No-Answer Directory menu. From  
the Ping-No-Answer Directory menu, you can Add, Modify, View or Delete Ping-No-  
Answer Profiles.  
Note: After defining or editing Ping-No-Answer parameters, make certain  
to save the changes before proceeding. In the Web Browser Interface, click  
on the "Add Ping No Answer" button to save parameters; in the Text Interface,  
press [Esc] several times until the AFS-16 displays the "Saving Configuration"  
message and the cursor returns to the command prompt.  
6.1. Adding Ping-No-Answer Profiles  
Up to 54 Ping-No-Answer Profiles can be defined. The Add Ping-No-Answer menu is  
used to define the following parameters for each new Ping-No-Answer Profile:  
IP Address or Domain Name: The IP address or Domain Name for the device  
that you wish to Ping. When the device at this address fails to respond to the Ping  
command, the AFS-16 will switch the selected circuits. (Default = undefined.)  
Note: In order to use domain names, DNS Server parameters must first be  
defined as described in Section 5.9.5.  
Ping Interval: Determines how often the Ping command will be sent to the  
selected IP Address. The Ping Interval can be any whole number, from 1 to 2,800  
minutes. (Default = 15 Minutes.)  
Interval After Failed Ping: Determines how often the Ping command will be sent  
after a previous Ping command receives no response. (Default = 1 Minute.)  
Ping Delay After PNA Action: Determines how long the AFS-16 will wait to send  
additional Ping commands, after Ping-No-Answer A/B switching has been initiated.  
(Default = 15 Minutes.)  
6-1  
 
 
Ping-No-Answer Fallback Switching  
Consecutive Failures: Determines how many consecutive failures of the Ping  
command must be detected in order to initiate Ping-No-Answer fallback switching.  
For example, if this value is set to "3", then after three consecutive Ping failures, the  
specified Circuit Module(s) will then be switched. (Default = 3.)  
Toggle: Enables/Disables the Ping-No-Answer Fallback function for the specified  
IP address. When enabled, the AFS-16 will switch the selected circuit(s) or Circuit  
Group(s) when the target device fails to respond to a ping command. When  
disabled, the AFS-16 will not switch the specified circuit(s) when a ping failure is  
detected, but will continue to notify you via Email, Syslog Message and/or SNMP  
Trap, providing that parameters for these functions have been defined as described  
in Section 5.9 and the Ping-No-Answer Answer alarm has been enabled as  
described in Section 7.3. (Default = No.)  
Notes:  
• In order for Email/Text Message Notification to function, you must first define  
Email/Text Message parameters as described in Section 5.9.11.  
• In order for Syslog Message Notification to function, you must first define a  
Syslog Address as described in Section 5.9.2.  
• In order for SNMP Trap Notification to function, you must first define SNMP  
parameters as described in Section 5.9.7.  
Circuit Access: Determines which Circuit Modules will be switched when the IP  
address for this Ping-No-Answer Profile does not respond. Note that in the Text  
Interface, Circuit Access is defined via a separate submenu; in the Web Browser  
Interface, Circuit Access is defined via a drop down menu, which is accessed by  
clicking on the "plus" sign in the "Configure Circuit Access" field.  
(Default = undefined.)  
Circuit Group Access: Determines which Circuit Group(s) this Ping-No-Answer  
Profile will be applied to. Note that in the Text Interface, Circuit Group Access  
is defined via a separate submenu; in the Web Browser Interface, Circuit Group  
Access is defined via a drop down menu, which is accessed by clicking on the  
"plus" sign. (Default = undefined.)  
PNA Action: Determines how the AFS-16 will react when the IP address fails to  
respond. The PNA Action parameter allows you to select either a Continuous  
action or a Single Action as described below: (Default = Continuous.)  
Continuous: (Default) The AFS-16 will continuously restart the PNA Check cycle  
at the specified circuit(s) or group(s) until the IP address responds.  
Single: The AFS will switch the specified circuit(s) or group(s) only once when  
the IP Address fails to respond to a ping command.  
Ping Test: (Text Interface Only) Sends a test Ping command to the IP Address or  
domain name that has been defined for this Ping-No-Answer Profile.  
6-2  
 
 
Ping-No-Answer Fallback Switching  
6.2. Viewing Ping-No-Answer Profiles  
After you have defined one or more Ping-No-Answer profiles, you can review the  
parameters selected for each profile using the View Ping-No-Answer feature. To view  
the configuration of an existing Ping-No-Answer profile, you must access command  
mode using a password that allows Administrator level commands.  
6.3. Modifying Ping-No-Answer Profiles  
After you have defined a Ping-No-Answer profile, you can modify the configuration  
of the profile using the Modify Ping-No-Answer function. To modify the configuration  
of an existing Ping-No-Answer profile, you must access the command mode using a  
password that allows Administrator level commands. The AFS-16 will display a screen  
which allows you to modify parameters for the selected Ping-No-Answer Profile. Note  
that this screen functions identically to the Add Ping-No-Answer menu, as discussed in  
Section 6.1.  
6.4. Deleting Ping-No-Answer Profiles  
After you have defined one or more Ping-No-Answer profiles, you can delete profiles that  
are no longer needed using the Delete Ping-No-Answer feature. To delete an existing  
Ping-No-Answer profile, you must access the command mode using a password that  
allows Administrator level commands.  
6-3  
 
 
7. Alarm Configuration  
The AFS-16 can generate alarms when temperature readings exceed user-defined  
trigger levels, when input voltage is lost and then restored to the unit, when a Ping-No-  
Answer condition is detected and when the Invalid Access Lockout feature is triggered.  
In addition, the AFS-16 can also generate an alarm when the Monitor/Alarm Input  
feature detects a signal change at the Control Module AUX connector. When any of  
these conditions are detected, the AFS-16 can send an "Alarm" to the proper personnel  
via Email, Syslog Message or SNMP trap.  
Notes:  
• In order to send alarm notification via email or text message, email addresses  
and parameters must first be defined as described in Section 5.9.11.  
Email alarm notification will then be sent for all alarms that are enabled as  
described in this Section.  
• In order to send alarm notification via Syslog Message, a Syslog address  
must first be defined as described in Section 5.9.2. Once the Syslog address  
has been defined, Syslog Messages will be sent for every alarm discussed  
in this Section, providing that the Trigger Enable parameter for the alarm has  
been set to "On."  
• In order to send alarm notification via SNMP Trap, SNMP Trap parameters  
must first be defined as described in Section 5.9.7. Once SNMP Trap  
Parameters have been defined, SNMP Traps will be sent for every alarm  
discussed in this Section, providing that the Trigger Enable parameter for the  
alarm has been set to "On."  
• After defining parameters via the Text Interface, make certain to press the  
[Esc] key several times to completely exit from the configuration menu  
and save newly defined parameters. When parameters are defined via the  
Text Interface, newly defined parameters will not be saved until the "Saving  
Configuration" message is displayed.  
To configure the AFS-16's Alarm functions, first access command mode using a  
password that allows Administrator level commands. If you are communicating with the  
unit via the Text Interface, type /AC and then press [Enter]. If you are communicating via  
the Web Browser Interface, click on the "Alarm Configuration" link on the left hand side  
of the screen. The Alarm Configuration Menu will be displayed.  
7-1  
 
 
Alarm Configuration  
AUX Connector  
1
0
Pin Out  
Pin  
3
2
Signal  
Normally Closed  
Common  
1
Normally Open  
Back Edge of  
Control Card  
Figure 7.1: Control Module AUX Connector - Output Contacts  
7.1. The Output Contacts  
In addition to providing notification when an alarm is generated, the Over Temperature  
Alarms, Ping-No-Answer Alarm, Invalid Access Lockout Alarm and Monitor Input Alarm  
all offer the option to switch the output contacts on the Control Module AUX Connector  
when an alarm is triggered. The output contacts can then be used to activate an  
audible alarm or other device in response to these alarms.  
When the Contact Output Enable parameter is enabled for any of these alarms, the  
Common line will be switched from the Normally Closed contact to the Normally Open  
contact in order to drive an attached device.  
Figure 7.1 above shows the location of the Normally Closed, Common and Normally  
Open contacts on the Control Module AUX Connector.  
7-2  
 
 
Alarm Configuration  
7.2. The Over Temperature Alarms  
The Over Temperature Alarms are designed to inform you when the temperature level  
inside your equipment rack reaches or exceeds certain user-defined levels. There  
are two separate Over Temperature Alarms; the Initial Threshold alarm and the Critical  
Threshold Alarm.  
Typically, the Initial Threshold alarm is used to notify you when the temperature within  
your equipment rack reaches a point where you might want to investigate it, whereas the  
Critical Threshold alarm is used to notify you when the temperature approaches a level  
that may harm equipment or inhibit performance. The trigger for the Initial Threshold  
alarm is generally set lower than the Critical Threshold alarm.  
If the user-defined trigger levels for temperature are exceeded, the AFS-16 can also  
enable the Contact Output on the AFS-16 Control Module's AUX connector.  
To configure the Over Temperature Alarms, access the AFS-16 command mode using  
a password that permits Administrator Level commands, and then use the Alarm  
Configuration menu to select the desired alarm feature.  
Note that both the Initial Threshold menus and Critical Threshold menus offer essentially  
the same set of parameters, but the parameters defined for each alarm are separate  
and unique. Therefore, parameters defined for the Critical Threshold Alarm will not be  
applied to the Initial Threshold Alarm and vice versa.  
Both the Over Temperature (Initial Threshold) alarm and the Over Temperature (Critical  
Threshold) alarm offer the following parameters:  
Trigger Enable: Enables/Disables the trigger for this alarm. When Disabled, this  
alarm will be suppressed. (Default = On.)  
Note: To cancel an alarm without correcting the condition that caused the  
alarm, simply toggle the Trigger Enable parameter Off and then back On again.  
Alarm Set Threshold: The trigger level for this alarm. When temperature  
exceeds the Alarm Set Threshold, the AFS-16 can send an alarm (if enabled.)  
(Initial Threshold: Default = 90°F or 32°C, Critical Threshold: Default = 100°F or  
38°C.)  
Alarm Clear Threshold: Determines how low the temperature must drop in  
order for the Alarm condition to be cancelled. (Initial Threshold: Default = 80°F  
or 27°C, Critical Threshold: Default = 90°F or 38°C.)  
Note: The System Parameters menu is used to set the temperature format for  
the AFS-16 unit to either Fahrenheit or Celsius as described in Section 5.3.  
Resend Delay: Determines how long the AFS-16 will wait to resend a message  
generated by this alarm, when the initial attempt to send notification was  
unsuccessful. (Default = 60 Minutes.)  
Notify Upon Clear: When this item is enabled, the AFS-16 will send additional  
notification when the situation that caused the alarm has been corrected. For  
example, when Notify Upon Clear is enabled, the AFS-16 will send initial notification  
when it detects that the temperature has exceeded the trigger value, and then send  
a second notification when it determines that the temperature has fallen below the  
trigger value. (Default = On.)  
7-3  
 
 
Alarm Configuration  
Email Message: Enables/Disables email notification for this alarm. (Default = On.)  
Note: If either of the "Copy to All Triggers" options is selected, then email  
notification for other alarms will be switched On or Off as indicated by this  
parameter.  
Address 1, 2, and 3: These parameters are used to determine which of the  
three email addresses defined via the "Email Messages" menu will receive  
the email alarm notification messages generated by this alarm. The Address  
parameters can be used to select one, or any combination of the addresses  
defined via the Email Messages menu. (Default = All On.)  
Note: If Email addresses have been previously defined, then the text under the  
parameters will list the current, user defined email addresses.  
Subject: This parameter is used to define the text that will appear in the "Subject"  
field for all email notification messages generated by this alarm. (Default = "Alarm:  
Over Temperature (Initial)" or "Alarm: Over Temperature (Critical)".)  
Contact Output Enable: Activates/deactivates the Output Contacts on the  
AFS-16 Control Module AUX Connector. When the Contact Output Enable  
parameter is set to "On", the Common line will be switched from the Normally  
Closed contact to the Normally Open contact when an Over-Temperature Alarm  
is generated. For more information on the Output Contacts, please refer to  
Section 7.1. (Default = On.)  
Note: If either of the "Copy to All Triggers" options is selected, then the Contact  
Output Enable parameter for other alarms will also be enabled or disabled as  
specified by this parameter.  
7-4  
 
 
Alarm Configuration  
7.3. The Ping-No-Answer Alarm  
The Ping-No-Answer Alarm is intended to provide notification when one of the IP  
addresses defined via the Ping-No-Answer function (as described in Section 6) fails  
to respond to a Ping command. When one of the user-defined IP addresses fails  
to answer a Ping command, the AFS-16 can provide notification via Email, Syslog  
Message or SNMP Trap.  
Notes:  
• In order for this alarm to function, IP Addresses for the Ping-No-Answer  
function must first be defined as described in Section 6.1.  
• When a Ping-No-Answer condition is detected, the AFS-16 can still switch  
the user-selected Circuit Module(s) as described in Section 6, and can also  
send an email, Syslog Message and/or SNMP trap if properly configured as  
described in this section.  
7.3.1. Defining Ping-No-Answer IP Addresses  
In order for the Ping-No-Answer Alarm to function, you must first define at least one  
Ping-No-Answer profile as described in Section 6. To define a Ping-No-Answer profile  
and associated IP address, proceed as described in Section 6.  
Note: To define Ping-No-Answer IP addresses for the Ping-No-Answer Alarm,  
without enabling the A/B switching function, make certain that the "Toggle"  
option in the Add Ping-No-Answer Profile menu is set to "No."  
7.3.2. Configuring the Ping-No-Answer Alarm  
To configure the Ping-No-Answer Alarm, you must access the AFS-16 command mode  
using a password that permits Administrator Level commands. The Ping-No-Answer  
alarm configuration menu offers the following parameters:  
Trigger Enable: Enables/Disables the trigger for this alarm. When Disabled, this  
alarm will be suppressed. (Default = On.)  
Note: To cancel an alarm without correcting the condition that caused the  
alarm, simply toggle the Trigger Enable parameter to Off and then back On  
again.  
Resend Delay: Determines how long the AFS-16 will wait to resend an email  
message generated by this alarm, when the initial attempt to send the notification  
was unsuccessful. (Default = 60 Minutes.)  
Notify Upon Clear: When this item is enabled, the AFS-16 will send additional  
notification when the situation that caused the alarm has been corrected. For  
example, when Notify Upon Clear is enabled, the AFS-16 will send initial notification  
when it detects that a Ping command has failed, and then send a second  
notification when it determines that the IP address is again responding to the Ping  
command. (Default = On.)  
7-5  
 
 
Alarm Configuration  
Email Message: Enables/Disables email notification for this alarm. (Default = On.)  
Note: If either of the "Copy to All Triggers" options is selected, then email  
notification for other alarms will be switched On or Off as indicated by this  
parameter.  
Address 1, 2, and 3: These parameters are used to determine which of the  
three email addresses defined via the "Email Messages" menu will receive  
the email alarm notification messages generated by this alarm. The Address  
parameters can be used to select one, or any combination of the addresses  
defined via the Email Messages menu. (Default = All On.)  
Note: If Email addresses have been previously specified, then the text under  
the parameters will list the current, user defined email addresses.  
Subject: This parameter is used to define the text that will appear in the "Subject"  
field for all email notification messages that are generated by this alarm.  
(Default = "Alarm: Ping-No-Answer")  
Contact Output Enable: Activates/deactivates the Output Contacts on the  
AFS-16 Control Module AUX Connector. When the Contact Output Enable  
parameter is set to "On", the Common line will be switched from the Normally  
Closed contact to the Normally Open contact when a Ping-No-Answer Alarm  
is generated. For more information on the Output Contacts, please refer to  
Section 7.1. (Default = On.)  
Note: If either of the "Copy to All Triggers" options is selected, then the Contact  
Output Enable parameter for other alarms will also be enabled or disabled as  
specified by this parameter.  
7-6  
 
 
Alarm Configuration  
7.4. The Invalid Access Lockout Alarm  
The Invalid Access Lockout Alarm can provide notification when the AFS-16 has locked  
a port due to repeated, invalid attempts to access command mode. Normally, the  
Invalid Access Lockout feature (discussed in Section 5.3.2) will lock a port whenever the  
AFS-16 detects that a user-defined number of invalid passwords have been entered at  
the port. When the Invalid Access Lockout Alarm is properly configured and enabled  
as described in this section, the AFS-16 can also provide notification via Email, Syslog  
Message or SNMP Trap.  
Notes:  
• In order for this alarm to function, Invalid Access Lockout parameters must  
first be configured and enabled as described in Section 5.3.2.  
• When an Invalid Access Lockout occurs, the AFS-16 can still lock the  
network port as described in Section 5.3.2, and can also send an email,  
Syslog Message and/or SNMP trap if properly configured.  
• If desired, the AFS-16 can be configured to count Invalid Access attempts  
and provide notification when the counter exceeds a user defined trigger  
level, without actually locking the port in question. To do this, enable the  
Invalid Access Lockout Alarm as described here, but when you configure  
Invalid Access Lockout parameters as described in Section 5.3.2, set the  
Lockout Attempts and Lockout Duration as you would normally, and then set  
the "Lockout Enable" parameter to "Off."  
To configure the Invalid Access Lockout Alarm, you must access the AFS-16 command  
mode using a password that permits Administrator Level commands. The Invalid  
Access Lockout alarm configuration menu offers the following parameters:  
Trigger Enable: Enables/Disables the trigger for this alarm. When Disabled, this  
alarm will be suppressed. (Default = On.)  
Note: To cancel an alarm without unlocking the port, simply toggle the Trigger  
Enable parameter Off and then back On again.  
Resend Delay: Determines how long the AFS-16 will wait to resend an email  
message generated by this alarm, when the initial attempt to send the notification  
was unsuccessful. (Default = 60 Minutes.)  
Notify Upon Clear: When this item is enabled, the AFS-16 will send additional  
notification when the situation that caused the alarm has been corrected. For  
example, when Notify Upon Clear is enabled, the AFS-16 will send initial notification  
when it detects that an Invalid Access Lockout has occurred, and then send a  
second notification when it determines that the port has been unlocked.  
(Default = On.)  
7-7  
 
 
Alarm Configuration  
Email Message: Enables/Disables email notification for this alarm. (Default = On.)  
Note: If either of the "Copy to All Triggers" options is selected, then email  
notification for other alarms will be switched On or Off as indicated by this  
parameter.  
Address 1, 2, and 3: These parameters are used to determine which of  
the three email addresses defined via the "Email Messages" menu (see  
Section 5.9.11) will receive the email alarm notification messages generated  
by this alarm. The Address parameters can be used to select one, or any  
combination of the addresses defined via the Email Messages menu.  
(Default = All On.)  
Note: If Email addresses have been previously specified, then the text under  
the parameters will list the current, user defined email addresses.  
Subject: This parameter is used to define the text that will appear in the "Subject"  
field for all email notification messages generated by this alarm. (Default = "Alarm:  
Invalid Access Lockout.")  
Contact Output Enable: Activates/deactivates the output contacts on the Control  
Module AUX Connector. When the Contact Output Enable parameter is set to "On",  
the Common line will be switched from the Normally Closed contact to the Normally  
Open contact when an Invalid Access Lockout Alarm is generated. For more  
information on the Output Contacts, please refer to Section 7.1. (Default = On.)  
Note: If either of the "Copy to All Triggers" options is selected, then the Contact  
Output Enable parameter for other alarms will also be enabled or disabled as  
specified by this parameter.  
7-8  
 
 
Alarm Configuration  
7.5. The Power Cycle Alarm  
The Power Cycle Alarm can provide notification when input power to the AFS-16 unit is  
lost and then restored. When the power supply is lost and then restored, the AFS-16  
can provide notification via Email, Syslog Message or SNMP Trap.  
To configure the Power Cycle Alarm, you must access the AFS-16 command mode  
using a password that permits Administrator Level commands. The Power Cycle Alarm  
configuration menu offers the following parameters:  
Trigger Enable: Enables/Disables the trigger for this alarm. When Disabled, this  
alarm will be suppressed. (Default = On.)  
Email Message: Enables/Disables email notification for this alarm. (Default = On.)  
Note: If either of the "Copy to All Triggers" options is selected, then email  
notification for other alarms will be switched On or Off as indicated by this  
parameter.  
Address 1, 2, and 3: These parameters are used to select which of the three  
email addresses defined via the "Email Messages" menu (see Section 5.9.11)  
will receive the email alarm notification messages generated by this alarm.  
The Address parameters can be used to select one, or any combination of the  
addresses defined via the Email Messages menu. (Default = All On.)  
Note: If Email addresses have been previously specified, then the text under  
the parameters will list the current, user defined email addresses.  
Subject: This parameter is used to define the text that will appear in the "Subject"  
field for all email notification messages generated by this alarm. (Default = "Alarm:  
Power Cycle")  
7-9  
 
 
Alarm Configuration  
7.6. Monitor/Alarm Input  
The Monitor/Alarm Input feature allows the AFS-16 to monitor Pin 4 on the Control  
Module's AUX connector, and then switch circuit modules, and/or activate an audible  
alarm or other external device and/or send notification when the signal at Pin 4 changes.  
To configure the Monitor/Alarm Input feature, you must access the AFS-16 command  
mode using a password that permits Administrator Level commands. The Monitor/  
Alarm Input configuration menu offers the following parameters:  
Trigger Enable: Enables/Disables the trigger for this alarm. When Disabled, this  
alarm will be suppressed. (Default = On.)  
Monitor/Alarm Input Level: Determines whether a high or low signal at the  
Monitor Input contact (Pin 4 on the Control Module's AUX Connector) will generate  
an alarm. For example, if the Monitor/Alarm Input Level is set at "Low", then  
an alarm will be triggered when a low signal is detected at Pin 4. Note that the  
Monitor/Alarm Input Level is always set to compliment the setting for the Monitor  
Input Level Jumper as described in Section 7.5.1. (Default = Low.)  
Monitor/Alarm Input Delay: Determines how long the signal at the Monitor Input  
Contact must remain high/low in order to generate an alarm.  
(Default = 0.5 Seconds.)  
Resend Delay: Determines how long the AFS-16 will wait to resend an email  
message generated by this alarm, when the initial attempt to send notification was  
unsuccessful. (Default = 60 Minutes.)  
Notify Upon Clear: When this item is enabled, the AFS-16 will send additional  
notification when the signal at the Monitor Input contact (Pin 4 on the Control  
Module's AUX Connector) returns to the normal (non-alarm) state. (Default = On.)  
Email Message: Enables/Disables email notification for this alarm. (Default = On.)  
Note: If either of the "Copy to All Triggers" options is selected, then email  
notification for other alarms will be switched On or Off as indicated by this  
parameter.  
Address 1, 2, and 3: These parameters are used to select which of the three  
email addresses defined via the "Email Messages" menu (see Section 5.9.11)  
will receive the email alarm notification messages generated by this alarm.  
The Address parameters can be used to select one, or any combination of the  
addresses defined via the Email Messages menu. (Default = All On.)  
Note: If Email addresses have been previously specified, then the text under  
the parameters will list the current, user defined email addresses.  
Subject: Define the text that will appear in the "Subject" field for email notification  
messages generated by this alarm. (Default = "Alarm: Monitor/Alarm Input".)  
7-10  
 
 
Alarm Configuration  
Contact Output Enable: Activates/deactivates the Output Contacts on the Control  
Module AUX Connector. When the Contact Output Enable parameter is set to  
"On", the Common line will be switched from the Normally Closed contact to the  
Normally Open contact. For more information on the Output Contacts, please refer  
to Section 7.1. (Default = On.)  
Note: If either of the "Copy to All Triggers" options is selected, then the Contact  
Output Enable parameter for other alarms will also be enabled or disabled as  
specified by this parameter.  
Circuits to Switch: Selects the Circuit Module(s) and Circuit Group(s) that will  
be switched when the Monitor/Alarm Input feature is triggered, determines the  
A/B switch position and enables/disables the "Return" feature. This item provides  
access to a submenu which is used to define the following:  
Enable: Enables/disables A/B switching in response to the Monitor/Alarm Input  
feature. When disabled, the AFS-16 will not perform A/B switching with the  
Monitor/Alarm Input feature is triggered. (Default = Disable.)  
Circuit State: Specifies the A/B position that circuits will be switched to when  
the Monitor/Alarm Input feature is triggered. (Default = B.)  
Return: Enables/Disables the Return feature, which allows the AFS-16 to switch  
circuits back to their original state after a Monitor/Alarm Input event has been  
cleared. (Default = On.)  
Circuit Access: Determines which Circuit Modules will be switched when the  
Monitor/Alarm Input feature is triggered. Note that in the Text Interface, Circuit  
Access is defined via a separate submenu; in the Web Browser Interface, Circuit  
Access is defined via a drop down menu, which is accessed by clicking on the  
"plus" sign in the "Configure Circuit Access" field. (Default = undefined.)  
Circuit Group Access: Determines which Circuit Group(s) the Monitor/Alarm  
Input feature will be applied to. Note that in the Text Interface, Circuit Group  
Access is defined via a separate submenu; in the Web Browser Interface, Circuit  
Group Access is defined via a drop down menu, which is accessed by clicking  
on the "plus" sign. (Default = undefined.)  
7-11  
 
 
Alarm Configuration  
High  
Low  
1
0
Figure 7.2: Control Module Jumper  
AUX Connector  
Control Card  
Jumper  
Pin Out  
Pin  
5
Signal  
Ground  
1
0
4
Monitor Input  
Back Edge of  
Control Card  
Figure 7.3: Control Module AUX Connector - Monitor Input and Ground  
7.6.1. Monitor Input Level Settings  
When the Monitor/Alarm Input feature is properly configured, the AFS-16 can trigger an  
alarm and/or perform A/B switching operations when the signal at Pin 4 (Monitor Input)  
on the Control Module AUX connector goes high or low. In set up this feature, you must  
first use the Control Card Jumper to select the non-active (non-alarm) state, and then  
use the Monitor/Alarm Input configuration menu to select the active/alarm state (the  
signal level that will trigger an alarm) as described in the Sections that follow.  
Notes:  
• The Monitor Input signal (Pin 4) is always measured relative to the signal at  
the common ground (Pin 5).  
• A "Low" signal should be between Zero (0) Volts and -48 Volts and a "High"  
signal should be between +5 Volts and +48 Volts.  
7-12  
 
 
Alarm Configuration  
7.6.1.1. Monitor Input Signal - Trigger When Low  
To set up the Monitor/Alarm Input feature to trigger an alarm when the signal at AUX  
connector pin 4 (the Monitor Input) goes Low, configure the AFS-16 as follows:  
1. Control Card Jumper Setting: Set the Jumper to the "1" position (default.) This  
will set the non-active, non-alarm signal state to "High" as shown in Figure 7.2.  
2. Monitor/Alarm Input Level: Use the Monitor/Alarm Input configuration menu to  
set the Monitor Alarm Input Level to "Low" as described in Section 7.6. This will  
configure the Monitor/Alarm Input feature to generate an alarm when the Monitor  
Input signal goes Low.  
3. Set the Remaining Parameters: Use the Monitor/Alarm Input configuration menu  
to select the remaining parameters as described in Section 7.6.  
4. Connect Monitor Input: Connect the signal line that you wish to monitor to Pin 4  
(Monitor Input) on the Control Module AUX Connector as shown in Figure 7.3.  
7.6.1.2. Monitor Input Signal - Trigger When High  
To set up the Monitor/Alarm Input feature to trigger an alarm when the signal at AUX  
Connector pin 4 (the Monitor Input) goes High, configure the AFS-16 as follows:  
1. Control Card Jumper Setting: Set the Jumper to the "0" position. This will set the  
non-active, non-alarm signal state to "Low" as shown in Figure 7.2.  
2. Monitor/Alarm Input Level: Use the Monitor/Alarm Input configuration menu to  
set the Monitor Alarm Input Level to "High" as described in Section 7.6. This will  
configure the Monitor/Alarm Input feature to generate an alarm when the Monitor  
Input signal goes High.  
3. Set the Remaining Parameters: Use the Monitor/Alarm Input configuration menu  
to select the remaining parameters as described in Section 7.6.  
4. Connect Monitor Input: Connect the signal line that you wish to monitor to Pin 4  
(Monitor Input) on the Control Module AUX Connector as shown in Figure 7.3.  
Connect your ground line to the Ground Connector (Pin 5).  
7-13  
 
 
8. The Status Screens  
The Status Screens are used to display status information about the AFS-16 hardware  
and firmware, Network Port, Circuit Modules, Circuit Groups and other features. The  
Status Screens are available via both the Text Interface and Web Browser Interface.  
8.1. Product Status  
The Product Status Screen lists the model number, power rating and software version  
for your local AFS-16 unit. To display the Product Status Screen via the Text Interface,  
type /J *and then press [Enter]. To display the Product Status Screen via the Web  
Browser Interface, click on the "Product Status" link. The Product Status Screen lists the  
following items:  
Product: The make/model number of the AFS-16 unit.  
SW Version: The software version that is currently installed on the AFS-16 unit.  
PIC Version: The version of the micro controller chip, that is present on the Control  
Module.  
8.2. The Network Status Screen  
The Network Status screen shows activity at the AFS-16's virtual network ports, and  
lists the TCP Port Number, Active/Free Status and current user name for each virtual  
network port. To view the Network Status Screen, you must access command mode  
using a password that permits access to Administrator Level commands. To display the  
Network Status Screen via the Text Interface, type /SNand press [Enter]. To display the  
Network Status Screen via the Web Browser Interface, click on the Network Status link.  
The Network Status Screen lists the following items:  
Port: The virtual network port for each connection.  
TCP Port: The TCP Port number for each connection.  
Status: This column will read "Free" if no users are currently connected to the  
corresponding port, or "Active" if a user has currently accessed command mode via  
this port.  
User Name: The user name for the account that has currently accessed command  
mode via this port. Note that when the Network Status Screen is viewed via the Text  
Interface, usernames that are longer than 22 characters will be truncated and the  
remaining characters will be displayed as two dots (..).  
8-1  
 
 
The Status Screens  
8.3. The Circuit Status Screen  
The Circuit Status Screen shows the current status of the AFS-16's Circuit Modules, and  
also lists the unit's current temperature, Monitor/Alarm Input status, and Alarm Contact  
Output status.  
Note:  
• When the Circuit Status screen is viewed by an account with Administrator  
or SuperUser command access, all AFS-16 Circuit Modules present are  
listed. When the Circuit Status screen is viewed by an account with User or  
ViewOnly command access, then the screen will list only the Circuit Modules  
that are allowed by the account.  
• If a Circuit Module slot is empty, then the Circuit Status screen will display a  
row of dashes for that Circuit Module position.  
To display the Circuit Status Screen via the Text Interface, type /Sand then press  
[Enter]. To display the Circuit Status Screen via the Web Browser Interface, click on the  
"Circuit Status" link. The Circuit Status Screen will list the following parameters:  
Circuit: The number of each Circuit Module.  
Name (Common): The user-defined name for each Circuit Module. This name  
may also be used describe the device that is connected to the common line for  
each Circuit Module.  
Name (Connected To): The user-defined name for the currently selected A/B path  
for each Circuit Module. Note that the name listed in this field will differ, depending  
on which A/B Circuit path is selected.  
Pos: The currently selected A/B circuit path for each Circuit Module.  
Reason: This field displays a brief description of the reason for the last successful  
switching operation at each Circuit Module.  
Mon: This field will contain a "X" if the corresponding Circuit Module has been  
configured to be switched by the Monitor/Alarm Input feature.  
The Circuit Status Screen will also list the following information at the bottom of the  
screen:  
System Temperature: The current temperature, as measured by the AFS-16 unit.  
Monitor/Alarm Input: The high/low status of the Monitor/Alarm Input contact on  
the Control Module's AUX Port.  
Alarm Contact Output: The status of the Alarm Contact Output  
8-2  
 
 
The Status Screens  
8.4. The Circuit Group Status Screen  
The Circuit Group Status screen shows the configuration details and A/B switching  
status for the AFS-16's user-defined Circuit Groups.  
Notes:  
• When the Circuit Group Status Screen is viewed by an account with  
Administrator or SuperUser command access, all AFS-16 Circuit Modules  
and Circuit Groups will be shown. When the Circuit Status Screen is viewed  
by an account with User or ViewOnly command access, then the unit will  
only display the Circuit Modules and Circuit Groups that are allowed by the  
account.  
• In order to display the Circuit Group Status screen, you must first define at  
least one Circuit Group as described in Section 5.7.  
To display the Circuit Group Status Screen via the Text Interface, type /SGand then  
press [Enter]. To display the Circuit Group Status Screen via the Web Browser  
Interface, click on the "Circuit Group Status" link. The Circuit Group Status Screen will  
list the following parameters for each Circuit Group:  
Group Name: The user-defined name for each Circuit Group.  
Circuit Name (Common): The user-defined name for each Circuit Module. This  
name may also be used describe the device that is connected to the common line  
for each Circuit Module.  
Circuit: The number of each Circuit Module in the Circuit Group.  
Pos: The currently selected A/B circuit path for each Circuit Module.  
Reason: This field displays a brief description of the reason for the last successful  
switching operation at each Circuit Module.  
Mon: This field will contain a "X" if the corresponding Circuit Module has been  
configured to be switched by the Monitor/Alarm Input feature.  
8-3  
 
 
The Status Screens  
8.5. The Event Logs  
8.5.1. The Audit Log  
The Audit Log provides a record of most command activity at the AFS-16 unit, including  
A/B switching, and login and logout activity. Note that the Audit Log does not include  
user information regarding access to configuration menus or status screens.  
To view the Audit Log, access command mode using a password that permits  
Administrator or SuperUser level commands and then proceed as follows:  
Text Interface: Type /Land press [Enter]. The "Display Logs" menu will be  
shown. At the Display Logs menu, type 1and press [Enter] to display the  
Audit Log.  
Web Browser Interface: Place the cursor over the "Logs" link on the left hand side  
of the screen wait for the fly-out menu to appear. To view the Audit Log, click on  
the "Audit Log (Display)" link; to download the Audit Log, click on the "Audit Log  
(download)" link.  
The Audit Log will display the following information for each logged event:  
Date: The date when the logged event occurred.  
Time: The time that the logged event occurred.  
Username: The name of the user account that initiated the logged event.  
Description: A brief description of the nature of the logged event.  
Note: In the Text Interface, the following commands are also available:  
• Press [Enter] to display the next screen full of data.  
• Press [Esc] to exit from the log menu and return to the command prompt.  
• Type Eand press [Enter] to erase the Audit Log.  
8-4  
 
 
The Status Screens  
8.5.2. The Alarm Log  
The Alarm Log provides a record of all alarm events that were initiated by the Over  
Temperature Alarms, Ping-No-Answer Alarm, Invalid Access Lockout Alarm, Power  
Cycle Alarm and Monitor/Alarm Input feature.  
To view the Alarm Log, access command mode using a password that permits  
Administrator or SuperUser level commands and then proceed as follows:  
Text Interface: Type /Land press [Enter]. The "Display Logs" menu will be  
shown. At the Display Logs menu, type 2and press [Enter] to display the  
Alarm Log.  
Web Browser Interface: Place the cursor over the "Logs" link on the left hand side  
of the screen wait for the fly-out menu to appear. To view the Alarm Log, click on  
the "Alarm Log (Display)" link; to download the Alarm Log, click on the "Alarm Log  
(download)" link.  
The Alarm Log will display the following information for each logged event:  
Date: The date when the alarm occurred.  
Time: The time that the alarm occurred.  
Trigger: The name of the alarm which was triggered.  
Description: A brief description of the event that triggered the alarm.  
Note: In the Text Interface, the following commands are also available:  
• Press [Enter] to display the next screen full of data.  
• Press [Esc] to exit from the log menu and return to the command prompt.  
• Type Eand press [Enter] to erase the Alarm Log.  
8.5.3. The Temperature Log  
The temperature log provides a record of AFS-16 temperature readings, in reverse  
chronological order, with the most recent events appearing at the top of the list.  
To view the Temperature Log, access command mode using a password that permits  
Administrator or SuperUser level commands and then proceed as follows:  
Text Interface: Type /Land press [Enter]. The "Display Logs" menu will be  
shown. At the Display Logs menu, type 3and press [Enter] to display the  
Temperature Log.  
Web Browser Interface: Place the cursor over the "Logs" link on the left hand side  
of the screen wait for the fly-out menu to appear. To view the Temperature Log,  
click on the "Temperature Log (Display)" link; to download the Temperature Log,  
click on the "Temperature Log (download)" link.  
Note: In the Text Interface, the following commands are also available:  
• Press [Enter] to display the next screen full of data.  
• Press [Esc] to exit from the log menu and return to the command prompt.  
• Type Eand press [Enter] to erase the Temperature Log.  
8-5  
 
 
9. Operation  
As discussed in Section 5, the AFS-16 offers two separate command interfaces; the Web  
Browser Interface and the Text Interface (also known as the "Command Line Interface"  
or "CLI.") Both interfaces offer essentially the same command options and features, and  
in most cases, parameters defined via the Web Browser Interface will also apply when  
communicating via the Text Interface (and vice versa.)  
9.1. A/B Switching - Web Browser Interface  
When using the Web Browser Interface, A/B switching commands are invoked via the  
Circuit Control Screen and Circuit Group Control Screen.  
9.1.1. The Circuit Control Screen - Web Browser Interface  
The Circuit Control Screen lists the current A/B status of the AFS-16’s Circuit Modules  
and is used to control switching and rebooting of each A/B circuit. To perform A/B  
switching or set circuits to user-defined default states, proceed as follows:  
1. Access the AFS-16 Command Mode as described in Section 5.1.  
2. Click on the "Circuit Control" link on the left hand side of the screen to display the  
Circuit Control Screen.  
Notes:  
• When the Circuit Control Screen is displayed by an account that permits  
Administrator or SuperUser level commands, all switched circuits will be  
displayed.  
• When the Circuit Control Screen is displayed by an account that permits User  
or ViewOnly command access, the screen will only include the circuits that  
are specifically allowed by the account.  
9-1  
 
 
Operation  
3. A/B Switching: From the Circuit Control Menu, click the down arrow in the "Action"  
column for the desired circuit(s), then select position "A" or position "B" from the  
dropdown menu and click on the "Confirm Circuit Actions" button. Next the  
AFS-16 will display a screen which lists the selected switching action(s) and asks  
for confirmation before proceeding. Click on the "Execute Circuit Actions" button to  
complete the command.  
4. Setting Circuits to the Default State: From the Circuit Control Menu, click the  
down arrow in the "Action" column for the desired circuit(s), then select "Default"  
from the dropdown menu and click on the "Confirm Circuit Actions" button. Next  
the AFS-16 will display a screen which lists the selected switching action(s) and  
asks for confirmation before proceeding. Click on the "Execute Circuit Actions"  
button to complete the command; all selected circuits will be set to their user-  
defined default state.  
5. Applying a Command to All Circuits: From the Circuit Control Menu, click the  
down arrow in the "Action" column in the "All Circuits" row, then select the desired  
operation from the dropdown menu and click on the "Confirm Circuit Actions"  
button. Next the AFS-16 will display a screen which lists the selected switching  
action(s) and asks for confirmation before proceeding. Click on the "Execute Circuit  
Actions" button to apply the selected command to all AFS-16 Circuits.  
Note: When each command is complete, the Circuit Status Screen will be  
displayed. At that time, the Status Screen will list the updated A/B status of each  
circuit.  
9.1.2. The Circuit Group Control Screen - Web Browser Interface  
The Circuit Group Control Screen is used to apply A/B switching commands to all  
circuits in a user-defined Circuit Group. As described in Section 5.7, Circuit Groups  
allow you to define a group of circuits, dedicated to a similar purpose or client, and then  
direct switching commands to the group, rather than switching one circuit at a time.  
To invoke A/B switching commands, proceed as follows:  
1. Access the AFS-16 Command Mode as described in Section 5.1.  
2. Click on the "Circuit Group Control" link on the left hand side of the screen to  
display the Circuit Group Control Screen.  
Notes:  
• When the Circuit Group Control Screen is displayed by an account that  
permits Administrator or SuperUser command access, all user-defined Circuit  
Groups will be displayed.  
• When the Circuit Control Screen is displayed by an account that permits User  
or ViewOnly level commands, the screen will only include the Circuit Groups  
that are allowed by the account.  
9-2  
 
 
Operation  
3. A/B Switching - Circuit Groups: From the Circuit Group Control Menu, click  
the down arrow for the desired Circuit Group(s), then select "A" or "B" from the  
dropdown menu and click on the "Confirm Circuit Group Actions" button. Next the  
AFS-16 will display a screen which lists the selected switching action(s) and asks  
for confirmation before proceeding. Click on the "Execute Circuit Group Actions"  
button to execute the command(s.)  
4. Switching Circuit Groups to Defaults: From the Circuit Group Control Menu, click  
the down arrow for the desired group(s), then select "Default" from the dropdown  
menu and click on the "Confirm Circuit Group Actions" button. Next the  
AFS-16 will display a screen which lists the selected switching action(s) and asks  
for confirmation before proceeding. Click on the "Execute Circuit Group Actions"  
button to execute the command; all selected circuit groups will be set to their  
user-defined default states.  
Note: When each Circuit Group command is completed, the Circuit Status  
Screen will be displayed. At that time, the Status Screen will show the updated  
A/B status of each circuit.  
9-3  
 
 
Operation  
COMMAND MENU:  
DISPLAY  
Version 1.00  
CONFIGURATION  
/S  
Circuit Status  
/F  
System Parameters  
/SG  
/SN  
/L  
Circuit Group Status  
Network Status  
Log  
/P  
/PC  
/G  
Port Parameters  
Circuit Parameters  
Circuit Group Parameters  
Network Configuration  
Ping No Answer  
Alarm Configuration  
Reboot System  
/J [*]  
Site ID  
/N  
/PNA  
/AC  
/I  
/UF  
/TEST  
CONTROL  
/X  
/C <n>  
/D <n>  
/TA <s>  
/TB <s>  
Exit Command Mode  
Connect - Local  
Disconnect Port  
Switch To Circuit Position A +-------------------------------+  
Switch To Circuit Position B | n Port #/name  
Upgrade Firmware  
Test Network Options  
|
|
|
|
|
|
|
|
/T <c,p> Switch To Circuit Position  
/DC  
/U  
/K <k>  
/UL  
| s s+s s:s Circuit #/name  
| c c,c c-c Circuit #/name  
| p Position (A or B)  
| k Key type (1-3)  
| * “all”  
Default Circuit Position  
Send Parameter File  
Send SSH Keys  
Unlock (Invalid Access)  
| <> Required entry  
| [] Optional entry  
Add ,Y to bypass “Sure?”  
AFS>  
+-------------------------------+  
Figure 9.1: The Help Menu (Administrator Mode; Text Interface)  
9.2. A/B Switching - Text Interface  
When using the Text Interface, all A/B switching functions are performed by invoking  
simple, ASCII commands. The Text Interface includes a Help Menu, which summarizes  
all available AFS-16 commands. To display the Text Interface Help Menu (Figure 9.1),  
type /Hand press [Enter].  
Note: When the Help Menu is displayed by an account that permits SuperUser,  
User or ViewOnly level commands, the screen will not include commands that  
are only available to Administrators.  
9.2.1. The Circuit Status Screen - Text Interface  
When you login to the AFS-16 command mode via the Text Interface, the first screen  
displayed after login is the Circuit Status Screen. The Circuit Status Screen lists  
the current status of the AFS-16’s Circuit Modules, and also displays the current  
temperature, Monitor/Alarm Input status, Alarm Contact Output status and the  
user-defined Site I.D. Message. The Circuit Status Screen will be re-displayed each time  
a command is successfully executed.  
9-4  
 
 
Operation  
9.2.2. A/B Switching Commands - Text Interface  
These commands can be used to switch AFS-16’s circuit modules, and can also be  
used to set circuits to the user-defined default A/B positions. Circuits may be specified  
by number, name or Circuit Group Name.  
Notes:  
• When the Port and Circuit Status Screen is displayed by an account that  
permits Administrator or SuperUser level commands, all switched circuits will  
be displayed.  
• When the Port and Circuit Status Screen is displayed by an account that  
permits ViewOnly or User command access, the screen will only include the  
switched circuits that are specifically allowed by the account.  
• When you have accessed command mode using an account that permits  
Administrator or SuperUser level commands, switching commands can be  
applied to all circuits.  
• When you have accessed command mode using an account that permits  
only User level commands, switching commands can only be applied to the  
circuits that are specifically allowed by that account.  
Text Interface commands are not case sensitive. When used in command  
lines, circuit names and Circuit Group names are also not case sensitive.  
When A/B switching commands are executed, the AFS-16 will list specified switching  
actions for each applicable Circuit Module, then display a "Sure?" prompt and wait for a  
user response before completing the command. The unit will then return to the Circuit  
Status Screen.  
To switch Circuits or Circuit Groups, proceed as follows:  
1. Switch Circuit(s) to "A" Position: Type /TA n and press [Enter]. Where "n" is  
the number or name of the desired Circuit or Circuit Group. For example:  
/TA 1 [Enter] or /TA DATACENTER [Enter]  
2. Switch Circuit(s) to "B" Position: Type /TB n and press [Enter]. Where "n" is the  
number or name of the desired Circuit or Circuit Group. For example:  
/TB 2 [Enter] or /TB SERVERS [Enter]  
3. Set All Circuits to Default A/B Positions: Type /DCand press [Enter]. All circuits  
permitted by your account will be set to their default A/B status, which is defined via  
the Circuit Parameters Menu as described in Section 5.7.  
Notes:  
• When you have accessed command mode using an account that permits  
Administrator or SuperUser level command access, the Default command will  
be applied to all circuits.  
• When you have accessed command mode using an account that only  
permits User level command access, the Default command will only be  
applied to the circuits specifically allowed by that account.  
• Switching commands are not available in ViewOnly mode.  
9-5  
 
 
Operation  
4. The "Toggle" Command: As an alternative to the /TA and /TB commands, the /T  
(Toggle) command can also be used to perform A/B switching. Type /T n,p and  
press [Enter]. Where "n" is the number or name of the desired Circuit or Circuit  
Group and "p" is the desired A/B position. For example:  
/T 2,B [Enter] or /T SERVERS,A [Enter]  
5. Suppress Command Confirmation Prompt: To execute a switching or default  
command without displaying the "Sure?" prompt, you can either disable command  
confirmation via the System Parameters Menu, or include the ",Y" option at the end  
of the command line. For example:  
/TA ROUTER,Y or /T 2,B,Y  
9.2.2.1. Applying Commands to Several Circuits - Text Interface  
As described below, A/B switching commands can be applied to only one Circuit  
Module, or to an assortment of circuits.  
1. Switch Several Circuits: To apply the /TA, TB or /T command to several circuits,  
enter the numbers or names for the circuits, separated by a "plus sign" (+) or a  
comma (,). For example to switch circuits 1, 3, and 4 to the "B" position, enter one  
of the following commands:  
/TB 1+3+4 [Enter]  
or  
/T 1+3+4,B [Enter]  
Note: When the "+" or "," are used, do not enter spaces between the circuit  
name or number and the plus sign or comma.  
2. Switch a Range of Circuits: To apply the /TA or /TB command to a series of  
circuits, enter the numbers for the circuits that mark the beginning and end of the  
range, separated by a colon. For example to switch circuits 1 through 3 to the "A"  
position, enter the following:  
/TA 1:3 [Enter]  
Note: The "Range" argument is not available when using the /T command to  
switch circuits. The Range (:) argument can only be used with the /TA and /TB  
commands.  
4. All Circuits: To apply a command to all circuits, enter an asterisk in place of the  
name or number. For example, to switch all circuits to the "B" position, enter one of  
the following commands:  
/TB * [Enter] or /T *,B [Enter]  
Note: When this command is invoked by an account that permits only User  
level command access, it will be applied only to the circuits that are allowed by  
that account.  
9-6  
 
 
Operation  
9.3. Manual Operation  
In addition to the command driven A/B switching functions that are available via the Web  
Browser Interface and Text Interface, the AFS-16 Circuit Modules can also be manually  
switched. Circuit Modules can be individually controlled using the A/B switch on the  
Circuit Module front panel, or all 16 Circuit Modules can be manually switched using the  
Master A/B Gang Switch on the Control Module front panel.  
If desired, the manual A/B Switch on each individual Circuit Module can also be  
disabled using the A/B Switch Jumper as described in Section 4.5. In addition, the  
Master A/B Gang Switch can also be completely disabled via the System Parameters  
Menu as described in Section 5.3.  
9.4. Logging Out of Command Mode  
When you have finished communicating with the AFS-16, it is important to always  
disconnect using either the "LogOut" link (Web Browser Interface) or the /X command  
(Text Interface), rather than by simply closing your browser window or communications  
program. When communicating via a PDA, use the PDA's "Close" function to disconnect  
and logout.  
When you disconnect using the LogOut link or /X command, this ensures that the  
AFS-16 has completely exited from command mode, and is not waiting for the inactivity  
timeout period to elapse before allowing additional connections.  
9-7  
 
 
10. Telnet & SSH Functions  
10.1. SSH Encryption  
In addition to standard Telnet protocol, the AFS-16 also supports SSH connections,  
which provide secure, encrypted access via network. In order to communicate with the  
AFS-16 using SSH protocol, your network node must include an appropriate SSH client.  
Note that when the /K (Send SSH Key) command is invoked, the AFS-16 can also  
provide you with a public SSH key, which can be used to streamline connection to the  
AFS-16 when using SSH protocol.  
Although you can establish an SSH connection to the unit without the public key, the  
public key provides validation for the AFS-16, and once this key is supplied to the SSH  
client, the client will no longer display a warning indicating that the AFS-16 is not a  
recognized user when the client attempts to establish a connection.  
The /K command uses the following format:  
/K <k> [Enter]  
Where kis an argument that determines which type of public key will be displayed, and  
the kargument offers the following options:  
1. SSH1  
2. SSH2 RSA  
3. SSH2 DSA  
For example, to obtain the public SSH key for an SSH2 RSA client, type  
/K 2and then press [Enter].  
Note: Although the AFS-16 does not support SSH1, the /K 1 command will still  
return a key for SSH1.  
10-1  
 
 
Telnet & SSH Functions  
10.2. Creating an Outbound Telnet Connection  
The AFS-16 includes a /TELNET command, that can be used to create an outbound  
Telnet connection. In order to use the /TELNET command, you must access the  
AFS-16's Text Interface command mode using an account that permits Telnet Access  
and Outbound Access, via the AFS-16 Control Module's Serial RS232 Port as  
described below.  
Notes:  
• In order for the /TELNET command to function, Telnet Access and Outbound  
Service Access must be enabled for your user account as described in  
Section 5.5.  
• If you are communicating with the AFS-16 via the Network Port, the /TELNET  
command will not function.  
To create an outbound Telnet connection, access the Text Interface via the Control  
Module's RS232 Serial Port, using an account that permits Telnet Access and Outbound  
Access and then invoke the /TELNET command using the following format:  
/TELNET <ip> [port] [raw] [Enter]  
Where:  
ip  
Is the target IP address.  
port  
Is an optional argument which can be included to indicate the target port  
at the IP address.  
raw  
Is an optional argument which can be included to indicate a raw socket  
connection. In order to create a raw socket connection, the command line  
must end with the text "raw".  
For example, to create a raw socket, outbound Telnet connection to port 2000 at IP  
Address 255.255.255.255, access the Text Interface command mode via a free  
AFS-16 Serial Port using an account that permits Telnet Access and Outbound Access  
and invoke the TELNET command as follows:  
/TELNET 255.255.255.255 2000 raw [Enter]  
10-2  
 
 
Telnet & SSH Functions  
10.3. Creating an Outbound SSH Connection  
The AFS-16's /SSH command can be used to create an outbound SSH connection. In  
order to use the /SSH command, you must access the AFS-16's Text Interface command  
mode using an account that permits SSH Access and Outbound Access, via the AFS-16  
Control Module's RS232 Serial Port as described below.  
Notes:  
• In order for the /SSH command to function, SSH Access and Outbound  
Service Access must be enabled for your user account as described in  
Section 5.5.  
• If are communicating with the AFS-16 unit via the Network Port, the /SSH  
command will not function.  
To create an outbound SSH connection, access the Text Interface via the Control  
Module's RS232 Serial Port using an account that permits SSH Access and Outbound  
Access and then invoke the /SSH command using the following format:  
/SSH <ip> -l <username> [Enter]  
Where:  
ip  
Is the target IP address.  
-l  
(Lowercase letter "L") Indicates that the next argument will be the  
log on name.  
username  
Is the username that you wish to use to log in to the target device.  
For example, to create an outbound SSH connection to a device at IP Address  
255.255.255.255, with the username "employee", access the Text Interface command  
mode via a free AFS-16 Serial Port using an account that permits SSH Access and  
Outbound Access and invoke the SSH command as follows:  
/SSH 255.255.255.255 -l employee [Enter]  
10-3  
 
 
11. Syslog Messages  
The Syslog feature can create log records of each Alarm Event. As these event records  
are created, they are sent to a Syslog Daemon, located at an IP address defined via the  
Network Parameters menu.  
11.1. Configuration  
In order to employ this feature, you must set the real-time clock and calendar via the  
System Parameters Menu, and define the IP address for the Syslog Daemon via the  
Network Port Configuration menu.  
To configure the Syslog function, please proceed as follows:  
1. Access command mode: Note that the following configuration menus are only  
available to accounts that permit Administrator level commands.  
2. System Parameters Menu: Access the System Parameters Menu as described in  
Section 5.3, then set the following parameters:  
a) Set Clock and Calendar: Set the Real Time Clock and Calendar and/or  
configure and enable the NTP server feature.  
3. Network Parameters Menu: Access the Network Parameters Menu as described  
in Section 5.9, then set the following parameters:  
a) Syslog IP Address: Determine the IP address for the device that will run the  
Syslog Daemon, then use the Network Port Configuration menu to define the IP  
Address for the Syslog Daemon.  
4. Syslog Daemon: In order to capture messages sent by the AFS-16, a computer  
must be running a Syslog Daemon (set to UDP Port 514) at the IP address specified  
in Step 3 above.  
Once the Syslog Address is defined, Syslog messages will be generated whenever one  
of the alarms discussed in Section 7 is triggered.  
11-1  
 
 
Syslog Messages  
TEST NETWORK OPTIONS:  
1. SNMP Trap Test Manager 1  
2. SNMP Trap Test Manager 2  
3. Syslog Test  
4. Ping  
Enter: #<CR> to select,  
<ESC> to exit ...  
Figure 11.1: The Test Menu (Text Interface)  
11.2. Testing Syslog Configuration  
After you have configured the AFS-16 as described in Section 11.1, the /TEST command  
can be used to make certain that the function is properly set up. To test the Syslog  
function, access the AFS-16 command mode via the Text Interface using an account  
that permits Administrator or SuperUser level commands, then type /TEST and press  
[Enter] to display the Test Menu shown in Figure 11.1.  
When the Syslog Test feature is selected, the AFS-16 will attempt to send a test Syslog  
message, using the current Syslog configuration. If the test message is not received by  
your Syslog Daemon, review the procedure outlined in Section 11.1 to make certain the  
AFS-16 and the Syslog Daemon are properly configured.  
In addition to providing a means to test the Syslog and SNMP Trap features, the Test  
Menu also includes a Ping command option, which can be used in a manner similar  
to the DOS ping command to check to make certain that the unit is communicating  
properly. Note that in order for the Ping command to function with domain names, you  
must first configure Domain Name Server parameters as described in Section 5.9.5.  
11-2  
 
 
12. SNMP Traps  
SNMP is an acronym for "Simple Network Management Protocol". The SNMP Trap  
function allows the AFS-16 to send Alarm Notification messages to two different SNMP  
managers, each time one of the Alarms discussed in Section 7 is triggered.  
Note:  
• The SNMP feature cannot be configured via the SNMP Manager.  
• SNMP reading ability is limited to the System Group.  
• The SNMP feature includes the ability to be polled by an SNMP Manager.  
• Once SNMP Trap Parameters have been defined, SNMP Traps will be sent  
each time an Alarm is triggered and/or when a Buffer Mode serial port  
reaches the user-defined Buffer Threshold value. For more information on  
Alarm Configuration, please refer to Section 7.  
12.1. Configuration:  
To configure the SNMP Trap function, proceed as follows:  
1. Access command mode using an account that permits access to Administrator  
level commands.  
2. SNMP Trap Parameters: Access the SNMP Trap Parameters Menu as described in  
Section 5.9.7. Set the following:  
a) SNMP Managers 1 and 2: The address(es) that will receive SNMP Traps  
that are generated by one of the Alarms discussed in Section 7. Consult  
your network administrator to determine the IP address(es) for the SNMP  
Manager(s), then use the Network Parameters menu to set the IP address  
for each SNMP Manager. Note that it is not necessary to define both SNMP  
Managers.  
Note: To enable the SNMP Trap feature, you must define at least one SNMP  
Manager. SNMP Traps are automatically enabled when at least one SNMP  
Manager has been defined.  
b) Trap Community: Consult your network administrator, and then use the  
Network Parameters menus to set the Trap Community.  
Once SNMP Trap Parameters have been defined, the AFS-16 will send an SNMP Trap  
each time an alarm is triggered.  
12-1  
 
 
SNMP Traps  
12.2. Testing the SNMP Trap Function  
After you have finished setting up the SNMP Trap function, it is recommended to test the  
configuration to ensure that it is working correctly. To test configuration of the SNMP  
Trap function, proceed as follows:  
1. Configure the SNMP Trap function as described in Section 12.1.  
2. Access the Text Interface command mode using an account that permits  
Administrator or SuperUser level commands, then invoke the "/TEST" command at  
the AFS-16 command prompt. Note that the /TEST Command is only available in  
Administrator and SuperUser Mode.  
3. Select Item 1 or 2 to send an SNMP test trap to Manager 1 or 2, respectively. It is  
possible that the ARP table will not be properly setup. If this occurs a message  
to that effect is displayed and the AFS-16 immediately refreshes the ARP table.  
Repeat steps 2 and 3 to try again.  
For more information on the /TESTcommand and the Test Menu, please refer to  
Section 11.2.  
12-2  
 
 
13. Operation via SNMP  
If SNMP Access Parameters have been defined as described in Section 5.9.6, then you  
will be able to manage user accounts, control power and reboot switching and display  
unit status via SNMP. This section describes SNMP communication with the  
AFS-16 unit, and lists some common commands that can be employed to manage  
users, control switching and reboot actions and display unit status.  
13.1. AFS-16 SNMP Agent  
The AFS-16’s SNMP Agent supports various configuration, control, status and event  
notification capabilities. Managed objects are described in the WTI-AFS-MIB.txt  
document, which can be found on the CDROM included with the AFS-16 unit, or on the  
WTI web site (http://www.wti.com). The WTI-AFS-MIB.txt document can be compiled for  
use with your SNMP client.  
13.2. SNMPv3 Authentication and Encryption  
For SNMPv3, the AFS-16 supports two forms of Authentication/Privacy: Auth/noPriv  
which requires a username/password, but does not encrypt data going over the internet  
and Auth/Priv which requires a username/password AND encrypts the data going over  
the internet using DES (AES is not supported at this time). For the Password protocol,  
the AFS-16 supports either MD5 or SHA1.  
13.3. Configuration via SNMP  
AFS-16 User accounts can be viewed, created, modified, and deleted via SNMP. User  
accounts are arranged in a table of 128 rows, and indexed 1-128. User account  
parameters, as seen through the SNMP, are summarized below.  
userTable::userName– 32 character username  
userTable::userPasswd– 16 character password  
userTable::userAccessLevel– Account access level.  
0
1
2
3
ViewOnly Access  
User Access  
Superuser Access  
Administrator Access  
13-1  
 
 
Operation via SNMP  
userTable::userCircuitAccess– A string of up to 16 characters, with one  
character for each of the 16 possible Circuit Modules on the AFS-16 unit. A ‘0’  
indicates that the account does not have access to the circuit, and a ‘1’ indicates  
that the user does have access to the circuit.  
Note: The number of circuits specified in the userCircuitAccess string must  
not exceed the number of Circuit Modules available on your AFS-16 unit. If the  
userCircuitAccess string specifies more circuits than are available on the unit,  
an error message will be generated.  
userTable::userGroupAccess– A string of 54 characters, with one character  
for each of the 54 possible Circuit Groups in the system. A ‘0’ indicates that the  
account does not have access to the Circuit Group, and a ‘1’ indicates that the  
user does have access to the Circuit Group.  
userTable::userSerialAccess– Access to the serial interface  
0
1
No access  
Access  
userTable::userTelnetSshAccess– Access to the Telnet/SSH interface  
0
1
No access  
Access  
userTable::userOutboundTelSshAccess– Access to Outbound Telnet/SSH  
0
1
No access  
Access  
userTable::userWebAccess– Access to the Web interface  
0
1
No access  
Access  
userTable::userCallbackNum– 32 character callback number for account  
userTable::userSubmit– Set to 1to submit changes.  
13.3.1. Viewing Users  
To view users, issue a GET request on any of the user parameters for the index  
corresponding to the desired user.  
13.3.2. Adding Users  
For an empty index, issue a SET request on the desired parameters. Minimum  
requirement is a username and password to create a user, all other parameters will  
be set to defaults if not specified. To create the user, issue a SET request on the  
userSubmit object.  
13.3.3. Modifying Users  
For the index corresponding to the user you wish to modify, issue a SET request on  
the desired parameters to be modified. Once complete, issue a SET request on the  
userSubmit object.  
13.3.4. Deleting Users  
For the index corresponding to the user you wish to delete, issue a SET request on the  
username with a blank string. Once complete, issue a SET request on the userSubmit  
object.  
13-2  
 
 
Operation via SNMP  
13.4. Circuit Control via SNMP  
13.4.1. Controlling Circuits  
A/B Switching and Default commands can be issued for circuits via SNMP. Circuits are  
arranged in a table of N rows, where N is the number of circuits in the system. Circuit  
parameters are described below.  
circuitTable::circuitID– String indicating the circuit's ID  
circuitTable::circuitName- String indicating the circuit's user-defined name.  
circuitTable::circuitStatus– Current state of the circuit  
0
1
Switch Position B  
Switch Position A  
circuitTable::circuitAction– Action to be taken on circuit  
1
2
3
4
5
6
7
8
Mark to Switch to A (does not execute)  
Mark to Switch to B (does not execute)  
N/A  
Mark to DEFAULT Circuit (does not execute)  
Mark to Switch to A and execute circuit actions  
Mark to Switch to B and execute circuit actions  
N/A  
Mark to DEFAULT Circuit and execute circuit actions  
Set circuitTable::circuitActionto desired action, as specified by values 1-4  
above, for each circuit index the action is to be applied to. For the last circuit you wish  
to set before executing the commands, use values 5-8 instead, which will invoke the  
requested commands all at once.  
13.4.2. Controlling Circuit Groups  
A/B Switching and Default commands can be issued for circuit groups via SNMP. Circuit  
Groups are arranged in a table of 54 rows, one row for each circuit group in the system.  
Circuit Group parameters are described below.  
circuitGroupTable::circuitGroupName– String indicating the circuit groups  
name  
circuitGroupTable::circuitGroupAction– Action to be taken on circuit  
group  
1
2
3
4
5
6
7
8
Mark to Switch to A (does not execute)  
Mark to Switch to B (does not execute)  
N/A  
Mark to DEFAULT Circuit (does not execute)  
Mark to Switch to A and execute circuit group actions  
Mark to Switch to B and execute circuit group actions  
N/A  
Mark to DEFAULT Circuit and execute circuit group actions  
Set circuitGroupTable::circuitGroupActionto desired action, as specified by  
values 1-4 above, for each circuit group index the action is to be applied to. For the last  
circuit group you wish to set before executing the commands, use values 5-8 instead,  
which will invoke the requested commands all at once.  
13-3  
 
 
Operation via SNMP  
13.5. Viewing AFS-16 Status via SNMP  
Status of various components of the AFS-16 can be retrieved via SNMP. Circuit Status,  
and Environmental Status are currently supported.  
13.6.1. Circuit Status  
The status of each circuit in the system can be retrieved using the command below.  
circuitTable::circuitStatus– The status of the circuit.  
0
1
Switch Position B  
Switch Position A  
155 No Circuit Installed in this Slot  
circuitTable::circuitReason– Returns a numeric code, which describes the  
reason for the last successful A/B switching operation as follows:  
0
1
2
3
4
5
6
Power Up  
User  
PNA  
External Alarm  
Circuit Switch  
Control Switch  
Demo  
13.6.2. Unit Environment Status  
The temperature status and Control Module Jumper status can be retrieved. The  
environmentUnitTable contains one row.  
environmentUnitTable::environmentUnitTemperature– The temperature  
of the AFS-16 unit.  
environmentUnitTable::environmentUnitName– Returns the specific  
model number for the AFS-16 unit.  
environmentUnitTable::environmentUnitMonitorAlarm– Returns the  
current state of the Monitor Input Signal.  
0
1
Monitor Input Signal is Low.  
Monitor Input Signal is High  
13-4  
 
 
Operation via SNMP  
13.7. Sending Traps via SNMP  
Traps that report various unit conditions can be sent to an SNMP Management Station  
from the AFS-16. The following traps are currently supported.  
WarmStartTrap – Trap indicating a warm start  
ColdStartTrap – Trap indicating a cold start  
TestTrap – Test trap invoked by user via the Text Interface (CLI)  
The AFS-16 can send an SNMP trap to notify you when the Over Temperature Alarms,  
Ping No Answer Alarm, Invalid Access Lockout Alarm, Power Cycle Alarm, or Monitor/  
Alarm Input alarms have been triggered. In all cases except the Power Cycle Alarm,  
there will be one trap sent when the alarm is triggered, and a second trap sent when the  
alarm is cleared. For more information on alarm functions, please refer to Section 7.  
AlarmTrap – Trap indicating an alarm condition. A trap with a unique enterprise  
OID is defined for the Invalid Access Lockout Alarm, under which specific trap-types  
are defined to indicate the setting or clearing of that particular alarm condition.  
There are separate traps for the Invalid Access Lockout Alarm. The Alarm includes  
a "Set Trap," which indicates that the alarm has been triggered, and a "Clear Trap,"  
which indicates that the alarm has been cleared.  
overTemperatureInitialSetTrap- Indicates that the Over Temperature  
(Initial) Alarm has been triggered. The trap will also include a numerical value that  
indicates the current unit temperature.  
overTemperatureInitialClearTrap- Indicates that the Over Temperature  
(Initial) Alarm has been cleared.  
overTemperatureCriticalSetTrap- Indicates that the Over Temperature  
(Critical) Alarm has been triggered. The trap will also include a numerical value that  
indicates the current unit temperature.  
overTemperatureCriticalClearTrap- Indicates that the Over Temperature  
(Critical) Alarm has been cleared.  
pingNoAnswerSetTrap- Indicates that the Ping No Answer Alarm has been  
triggered. The trap will also include a numerical value that indicates the IP address  
of the device that failed to respond to the ping command.  
pingNoAnswerClearTrap- Indicates that the Ping No Answer Alarm has been  
cleared.  
lockoutSetTrap- Indicates that the Invalid Access Lockout Alarm has been  
triggered. The trap will also include a numerical value that indicates the number of  
the port where the lockout occurred.  
lockoutClearTrap- Indicates that the Invalid Access Lockout Alarm has been  
cleared.  
powercycleSetTrap- Indicates that the Power Cycle Alarm has been triggered.  
monitorAlarmSetTrap- Indicates that the Monitor/Alarm Input feature has been  
triggered.  
monitorAlarmClearTrap- Indicates that the Monitor/Alarm Input feature has  
been cleared.  
13-5  
 
 
14 Setting Up SSL Encryption  
This section describes the procedure for setting up a secure connection via an https  
web connection to the AFS-16.  
Note: SSL parameters cannot be defined via the Web Browser Interface.  
In order to set up SSL encryption, you must contact the AFS-16 via the Text  
Interface.  
There are two different types of https security certificates: "Self Signed" certificates and  
"Signed" certificates.  
Self Signed certificates can be created by the AFS-16, without the need to go to an  
outside service, and there is no need to set up your domain name server to recognize  
the AFS-16. The principal disadvantage of Self Signed certificates, is that when you  
access the AFS-16 command mode via the Web Browser Interface, the browser will  
display a message which warns that the connection might be unsafe. Note however,  
that even though this message is displayed, communication will still be encrypted, and  
the message is merely a warning that the AFS-16 is not recognized and that you may  
not be connecting to the site that you intended.  
®
Signed certificates must be created via an outside security service (e.g., VeriSign ,  
Thawte™, etc.) and then uploaded to the AFS-16 unit to verify the user's identity. In  
order to use Signed certificates, you must contact an appropriate security service and  
set up your domain name server to recognize the name that you will assign to the  
AFS-16 unit (e.g., service.wti.com.) Once a signed certificate has been created and  
uploaded to the AFS-16, you will then be able to access command mode without seeing  
the warning message that is normally displayed for Self Signed certificate access.  
WEB ACCESS:  
HTTP:  
1. Enable: On  
2. Port:  
HTTPS:  
80  
3. Enable: On  
4. Port:  
443  
SSL Certificates:  
5. Common Name:  
6. State or Province:  
7. Locality:  
8. Country:  
9. Email Address:  
10. Organization Name:  
11. Organizational Unit:  
12. Create CSR:  
13. View CSR:  
14. Import CRT:  
15. Export Server Private Key:  
16. Import Server Private Key:  
17. Harden Web Security: On  
Enter: #<CR> to change,  
<ESC> to return to previous menu ...  
Figure 14.1: Web Access Parameters (Text Interface Only)  
14-1  
 
 
Setting Up SSL Encryption  
14.1. Creating a Self Signed Certificate  
To create a Self Signed certificate, access the Text interface via Telnet or SSH, using a  
password that permits access to Administrator level commands and then proceed as  
follows:  
1. Type /Nand press [Enter] to display the Network Parameters menu.  
2. At the Network Parameters menu, type 23and press [Enter] to display the  
Web Access menu (Figure 14.1.) Type 3and press [Enter] and then follow the  
instructions in the resulting submenu to enable HTTPS access.  
3. Next, use the Web Access menu to define the following parameters.  
Note: When configuring the AFS-16, make certain to define all of the following  
parameters. Although most SSL applications require only the Common Name,  
in the case of the AFS-16 all of the following parameters are mandatory.  
5. Common Name: A domain name, that will be used to identify the AFS-16  
unit. If you will use a Self Signed certificate, then this name can be any name  
that you choose, and there is no need to set up your domain name server to  
recognize this name. However, if you will use a Signed certificate, then your  
domain name server must be set up to recognize this name  
(e.g., service.yourcompanyname.com.)  
6. State or Province: The name of the state or province where the AFS-16 unit  
will be located (e.g., California.)  
7. Locality: The city or town where the AFS-16 unit will be located (e.g., Irvine.)  
8. Country: The two character country code for the nation where the AFS-16  
will be located (e.g., US.)  
9. Email Address: An email address, that can be used to contact the person  
responsible for the AFS-16 (e.g., [email protected].)  
10. Organizational Name: The name of your company or organization  
(e.g., Yourcompanyname, Inc.)  
11. Organizational Unit: The name of your department or division; if necessary,  
any random text can be entered in this field (e.g., tech support.)  
14-2  
 
 
Setting Up SSL Encryption  
4. After you have defined parameters 5 through 11, type 12and press [Enter] (Create  
CSR) to create a Certificate Signing Request. By default, this will overwrite any  
existing certificate, and create a new Self Signed certificate.  
a) The AFS-16 will prompt you to create a password. Key in the desired  
password (up to 16 characters) and then press [Enter]. When the AFS-16  
prompts you to verify the password, key it again and then press [Enter] once.  
After a brief pause, the AFS-16 will return to the Web Access Menu, indicating  
that the CSR has been successfully created.  
b) When the Web Access Menu is re-displayed, press [Esc] several times until  
you exit from the Network Parameters menu and the "Saving Configuration"  
message is displayed.  
5. After the new configuration has been saved, test the Self Signed certificate by  
accessing the AFS-16 via the Web Interface, using an HTTPS connection.  
a) Before the connection is established, the AFS-16 should display the warning  
message described previously. This indicates that the Self Signed certificate  
has been successfully created and saved.  
b) Click on the "Yes" button to proceed. The AFS-16 will prompt you to enter  
a user name and password. After keying in your password, the main menu  
should be displayed, indicating that you have successfully accessed command  
mode.  
14.2. Creating a Signed Certificate  
To create a Signed certificate, and eliminate the warning message, first set up your  
domain name server to recognize the Common Name (item 5) that you will assign to  
the unit. Next, complete steps one through five as described in Section 14.1 and then  
proceed as follows:  
1. Capture the Newly Created Certificate: Type 13and press [Enter] (View CSR).  
The AFS-16 will prompt you to configure your communications (Telnet) program to  
receive the certificate. Set up your communications program to receive a binary  
file, and then press [Enter] to capture the file and save it. This is the Code Signing  
Request that you will send to the outside security service (e.g., VeriSign, Thawte,  
etc.) in order to have them sign and activate the certificate.  
2. Obtain the Signed Certificate: Send the captured certificate to the outside  
security service. Refer to the security service's web page for further instructions.  
14-3  
 
 
Setting Up SSL Encryption  
3. Upload the Signed Certificate to the AFS-16: After the "signed" certificate is  
returned from the security service, return to the Web Access menu.  
a) Access the AFS-16 command mode via the Text Interface using an account that  
permits Administrator level commands as described previously, then type /N  
and press [Enter] to display the Network Parameters menu, and then type 23  
and press [Enter] to display the Web Access menu.  
b) From the Web Access menu, type 14and press [Enter] (Import CRT) to  
begin the upload process. At the CRT Server Key submenu, type 1and press  
[Enter] to choose "Upload Server Key."  
c) Use your communications program to send the binary format Signed  
Certificate to the AFS-16 unit. When the upload is complete, press [Escape] to  
exit from the CRT Server Key submenu.  
d) After you exit from the CRT Server Key submenu, press [Escape] several times  
until you have exited from the Network Parameters menu and the "Saving  
Configuration" message is displayed.  
4. After the configuration has been saved, test the signed certificate by accessing the  
AFS-16 via the Web Browser Interface, using an HTTPS connection. For example,  
if the common name has been defined as "service.wti.com", then you would enter  
"https://service.wti.com" in your web browser's address field. If the Signed  
Certificate has been properly created and uploaded, the warning message should  
no longer be displayed.  
14.3. Downloading the Server Private Key  
When configuring the AFS-16's SSL encryption feature (or setting up other security/  
authentication features), it is recommended to download and save the Server Private  
Key. To download the Server Private Key, access the Text interface via Telnet or SSH,  
using a password that permits access to Administrator level commands and then  
proceed as follows:  
1. Type /Nand press [Enter] to display the Network Parameters menu.  
2. At the Network Parameters menu, type 23and press [Enter] to display the Web  
Access menu (Figure 14.1.)  
a) To download the Server Private Key from the AFS-16 unit, make certain that  
SSL parameters have been defined as described in Section 14.1, then type 15  
and press [Enter] and store the resulting key on your hard drive.  
b) To upload a previously saved Server Private Key to the AFS-16 unit, make  
certain that SSL parameters have been defined as described in Section 14.1,  
then type 16and press [Enter] and follow the instructions in the resulting  
submenu.  
14-4  
 
 
15. Saving and Restoring Configuration Parameters  
Once the AFS-16 is properly configured, parameters can be downloaded and saved as  
an ASCII text file. Later, if the configuration is accidentally altered, the saved parameters  
can be uploaded to automatically reconfigure the unit without the need to manually  
assign each parameter.  
Saved parameters can also be uploaded to other identical AFS-16 units, allowing rapid  
set-up when several identical units will be configured with the same parameters.  
The "Save Parameters" procedure can be performed from any terminal emulation  
©
program (e.g. HyperTerminal™, TeraTerm , etc.), that allows downloading of ASCII files.  
Note: The Save and Restore features described in this section are only  
available via the Text Interface.  
15.1. Sending Parameters to a File  
1. Start your terminal emulation program and access the Text Interface command  
mode using an account that permits Administrator level commands.  
2. When the command prompt appears, type /Uand press [Enter]. The AFS-16  
will prompt you to configure your terminal emulation program to receive an ASCII  
download.  
Note: When using TeraTerm Pro to download parameters, set the program to  
receive a Binary download and enable the "Append" feature.  
a) Set your terminal emulation program to receive an ASCII download, and the  
specify a name for a file that will receive the saved parameters  
(e.g. AFS-16.PAR).  
b) Disable the Line Wrap function for your terminal emulation program. This will  
prevent command lines from being broken in two during transmission.  
3. When the terminal emulation program is ready to receive the file, return to the  
AFS-16’s Save Parameter File menu, and press [Enter] to proceed. AFS-16  
parameters will be saved on your hard drive in the file specified in Step 2 above.  
4. The AFS-16 will send a series of XML command lines which specify currently  
selected parameters. When the download is complete, press [Enter] to return to  
the command prompt.  
15-1  
 
 
Saving and Restoring Configuration Parameters  
15.2. Restoring Saved Parameters  
This section describes the procedure for using your terminal emulation program to send  
saved parameters to the AFS-16.  
1. Start your terminal emulation program and access the AFS-16’s Text Interface  
command mode using an account that permits Administrator level commands.  
2. Configure your terminal emulation program to upload an ASCII text file.  
3. Upload the ASCII text file with the saved AFS-16 parameters. If necessary, key in  
the file name and directory path.  
4. Your terminal emulation program will send the ASCII text file to the AFS-16. When  
the terminal program is finished with the upload, make certain to terminate the  
Upload mode.  
Note: If the AFS-16 detects an error in the file, it will respond with the "Invalid  
Parameter" message. If an error message is received, carefully check the  
contents of the parameters file, correct the problem, and then repeat the Upload  
procedure.  
5. If the parameter upload is successful, the AFS-16 will send a confirmation message,  
and then return to the command prompt. Type /Sand press [Enter], the Status  
Screen will be displayed. Check the Status Screen to make certain the unit has  
been configured with the saved parameters.  
15-2  
 
 
Saving and Restoring Configuration Parameters  
15.3. Restoring Previously Saved Parameters  
If you make a mistake while configuring the AFS-16 unit, and wish to return to the  
previously saved parameters, the Text Interface's "Reboot System" command (/I) offers  
the option to reinitialize the AFS-16 using previously backed up parameters. This allows  
you to reset the unit to previously saved parameters, even after you have changed  
parameters and saved them.  
Notes:  
• The AFS-16 will automatically backup saved parameters once a day, shortly  
after Midnight. This configuration backup file will contain only the most  
recently saved AFS-16 parameters, and will be overwritten by the next night's  
daily backup.  
• When the /I command is invoked, a submenu will be displayed which offers  
several Reboot options. Option 4 is used to restore the configuration backup  
file. The date shown next to option 4 indicates the date that you last changed  
and saved unit parameters.  
• If the daily automatic configuration backup has been triggered since the  
configuration error was made, and the previously saved configuration has  
been overwritten by newer, incorrect parameters, then this function will not  
be able to restore the previously saved (correct) parameters.  
To restore the previously saved configuration, proceed as follows:  
1. Access command move via the Text Interface, using a username/password that  
permits access to Administrator level commands (see Section 5.1.1.)  
2. At the RSM command prompt, type /Iand press [Enter]. The AFS-16 will display  
a submenu that offers several different reboot options.  
3. At the submenu, select Item 4 (Reboot & Restore Last Known Working  
Configuration,) type 4, and then press [Enter].  
4. The AFS-16 will reboot and previously saved parameters will be restored.  
15-3  
 
 
16. Upgrading AFS-16 Firmware  
When new, improved versions of the AFS-16 firmware become available, the "Upgrade  
Firmware" function can be used to update the unit. Updates can be uploaded via FTP  
or SFTP protocols.  
Notes:  
• The FTP/SFTP servers can only be started via the Text Interface.  
• All other ports will remain active during the firmware upgrade procedure.  
• If the upgrade includes new parameters or features not included in the  
previous firmware version, these new parameters will be set to their default  
values.  
• The upgrade procedure will require approximately 15 minutes.  
1. Obtain the update file. Firmware modifications can either be mailed to the  
customer, or downloaded from WTI. Place the upgrade CDR in your disk drive or  
copy the file to your hard drive.  
2. Access Text Interface command mode via Serial Port, Telnet or SSH client session,  
using a username/password and port that permit Administrator level commands.  
3. When the command prompt appears, type /UFand then press [Enter]. The  
AFS-16 will display a screen which offers the following options:  
a) Start FTP/SFTP Servers Only (Do NOT default parameters): To proceed  
with the upgrade, while retaining user-defined parameters, type 1and press  
[Enter]. All existing parameter settings will be restored when the upgrade is  
complete.  
b) Start FTP/SFTP Servers & Default (Keep IP parameters & SSH Keys): To  
proceed with the upgrade and default al user-defined parameters except for the  
IP Parameters and SSH Keys, type 2and press [Enter]. When the upgrade is  
complete, all parameter settings except the IP Parameters and SSH Keys, will  
be reset to factory default values.  
c) Start FTP/SFTP Servers & Default (Default ALL parameters): To proceed  
with the upgrade, and reset parameters to default settings, type 3and press  
[Enter]. When the upgrade is complete, all parameters will be set to default  
values.  
d) Start FTP/SFTP Servers for Slip Stream Upgrade: This option will upgrade  
only the WTI Management Utility, without updating the AFS-16's operating  
firmware. To update the WTI Management Utility only, type 4and  
press [Enter].  
Note that after any of the above options is selected, the AFS-16 will start the  
receiving servers and wait for an FTP/SFTP client to make a connection and upload  
a valid firmware binary image.  
16-1  
 
 
Upgrading RSM-8R4 Firmware  
4. To proceed with the upgrade, select either option 1 or option 2. The AFS-16 will  
display a message that indicates that the unit is waiting for data. Leave the current  
Telnet/SSH client session connected at this time.  
5. Open your FTP/SFTP application and (if you have not already done so,) login to the  
AFS-16 unit, using a username and password that permit access to Administrator  
Level commands.  
6. Transfer the md5 format upgrade file to the AFS-16.  
7. After the file transfer is complete, the AFS-16 will install the upgrade file and then  
reboot itself and break all port connections. Note that it will take approximately 10  
minutes to complete the installation process. The unit will remain accessible until it  
reboots.  
a) Some FTP/SFTP applications may not automatically close when the file transfer  
is complete. If this is the case, you may close your FTP/SFTP client manually  
after it indicates that the file has been successfully transferred.  
b) When the upgrade process is complete, the AFS-16 will send a message to  
all currently connected network sessions, indicating that the AFS-16 is going  
down for a reboot.  
Note: Do not power down the AFS-16 unit while it is in the process of installing  
the upgrade file. This can damage the unit's operating system.  
8. If you have accessed the AFS-16 via the Network Port, in order to start the FTP/  
SFTP servers, the AFS-16 will break the network connection when the system is  
reinitialized.  
• If you initially selected "Start FTP/SFTP Servers and Save Parameters", you may  
then reestablish a connection with the AFS-16 using your former IP address.  
• If you initially selected "Start FTP/SFTP Servers and Default Parameters",  
you must then login using the AFS-16’s default IP address (Default =  
192.168.168.168) or access command mode via Serial Port 1 or via Modem.  
When firmware upgrades are available, WTI will provide the necessary files. At that time,  
an updated Users Guide or addendum will also be available.  
16-2  
 
 
17. Command Reference Guide  
17.1. Command Conventions  
Most commands described in this section conform to the following conventions:  
Text Interface: Commands discussed in this section, can only be invoked via the  
Text Interface. These commands cannot be invoked via the Web Browser Interface.  
Slash Character: Most AFS-16 Text Interface commands begin with the Slash  
Character (/).  
Apply Command to All Circuits: When an asterisk is entered as the argument of  
the /T(Toggle), /TA(Toggle to A) or /TBcommands (Toggle to B) the command  
will be applied to all circuits. For example, to switch all circuits to "A", type  
/TA * [Enter].  
Circuit Name Wild Card: It is not always necessary to enter the entire circuit  
name. Circuit names can be abbreviated in command lines by entering the first  
character(s) of the name followed by an asterisk (*). For example, a circuit named  
"SERVER" could be specified as "S*". Note however, that this command would also  
be applied to any other circuit name that begins with an "S".  
Suppress Command Confirmation Prompt: When the commands are invoked,  
the ",Y" option can be included to override the Command Confirmation ("Sure?")  
prompt. For example, to switch Circuit 4 to the "B" position without displaying the  
Sure prompt, type /TB 4,Y [Enter].  
Enter Key: Most commands are invoked by pressing [Enter].  
17-1  
 
 
Command Reference Guide  
17.2. Command Summary  
Command Access Level  
Function  
Command Syntax  
Admin. SuperUser User ViewOnly  
Display  
Circuit Status  
/S [Enter]  
/SG [Enter]  
/SN [Enter]  
/H [Enter]  
/L [Enter]  
/J[*] [Enter]  
X  
X  
X
X  
X  
X
X  
X  
X  
X  
Circuit Group Status  
Network Status  
Help Menu  
X  
X
X  
X
X  
X  
X
Log Functions  
Site ID / Unit Information  
Control  
X
X
X
Exit Command Mode  
/X [Enter]  
X
X
X
X
X
X
X
X
X
X  
X
X
Connect - Local <Remote> /C 1 [Enter]  
Switch Circuit c to Position A /TA <c>[,Y] [Enter]  
Switch Circuit c to Position B /TB <c>[,Y] [Enter]  
Switch Circuit c to Position p /T <c>,<p>[,Y] [Enter]  
X
X
X
X
X
Default All Circuits  
Send Parameter File  
Send SSH Keys  
/DC[,Y] [Enter]  
X
X  
/U [Enter]  
X
/K <n> [Enter]  
X
Unlock Invalid Access  
Outbound Telnet  
/UL [Enter]  
X
/TELNET <ip>[port][raw][Enter]  
/SSH <ip> -l <username> [Enter]  
X  
X  
X  
X  
X  
X  
Outbound SSH  
Configuration  
System Parameters  
Serial Port Parameters  
Circuit Parameters  
Circuit Group Parameters  
Network Configuration  
Ping-No-Answer Function  
Alarm Configuration  
Reboot System  
/F [Enter]  
X
X
X
X
X
X
X
X
X
X
/P [Enter]  
/PC [Enter]  
/G [Enter]  
/N [Enter]  
/PNA [Enter]  
/AC [Enter]  
/I [Enter]  
X  
Upgrade Firmware  
Test Network Configuration  
/UF [Enter]  
/TEST [Enter]  
X
In Administrator and SuperUser modes, all circuits are displayed. In User and ViewOnly modes, the  
status screen will only include the circuits that are allowed by the account.  
In Administrator and SuperUser modes, all Circuit Groups are displayed. In User and ViewOnly modes,  
the Circuit Group Status Screen will only include the Circuit Groups allowed by the account.  
In Administrator Mode, Help Menus will list all commands. In SuperUser, User and ViewOnly modes,  
Help Menus will only list the commands allowed by the access level.  
User Mode accounts will be allowed to connect to the Serial Port only if Serial Access is enabled for the  
account.  
The ",Y" argument can be included to suppress the command confirmation prompt.  
The "Default All Circuits" command will only be applied to the Circuits that are allowed by the account.  
In order to invoke this command, Outbound Telnet/SSH and Outbound Service Access must be enabled  
for your account.  
In SuperUser mode, configuration menus can be displayed, but parameters cannot be changed.  
User Mode and ViewOnly accounts are allowed to view existing Ping-No-Answer settings, but are not  
allowed to add or modify settings.  
In SuperUser mode, the /I command only offers one option: Reboot Only (Do Not Default Parameters.)  
17-2  
 
 
Command Reference Guide  
17.3. Command Set  
This Section provides information on all Text Interface commands, sorted by  
functionality  
17.3.1. Display Commands  
/S  
Display Circuit Status Screen  
Displays the Circuit Status Screen, which lists the current status of the AFS-16's Circuit  
Modules. For more information, please refer to Section 8.3.  
Note: In Administrator Mode and SuperUser Mode, all AFS-16 circuits are  
displayed. In User Mode and ViewOnly Mode, the Circuit Status Screen will  
only include the circuits allowed by your account.  
Availability: Administrator, SuperUser, User, ViewOnly  
Format: /S [Enter]  
/SG  
Display Circuit Group Status Screen  
Displays the Circuit Group Status Screen, which lists the available Circuit Groups, the  
Circuits included in each Circuit Group, the current A/B state and other factors. For  
more information, please refer to Section 8.4.  
Note: In Administrator and SuperUser Mode all user defined Circuit Groups  
are displayed. In User Mode and ViewOnly Mode, the Circuit Group Status  
Screen will only include the Circuit Groups allowed by your account.  
Availability: Administrator, SuperUser, User, ViewOnly  
Format: /S [Enter]  
/SN  
Display Network Status  
Displays the Network Status Screen, which lists current network connections to the  
AFS-16's Network Port. For more information, please refer to Section 8.2.  
Availability: Administrator, SuperUser  
Format: /SN [Enter]  
/H  
Help  
Displays a Help Screen, which lists all available Text Interface commands along with a  
brief description of each command.  
Note: In the Administrator Mode, the Help Screen will list the entire AFS-16  
command set. In SuperUser Mode, User Mode and ViewOnly Mode, the Help  
Screen will only list the commands that are allowed for that Access Level.  
Availability: Administrator, SuperUser, User, ViewOnly  
Format: /H [Enter]  
17-3  
 
 
Command Reference Guide  
/L  
Log Functions  
Provides access to a menu which allows you to display the Audit Log, Alarm Log and  
Temperature Log. For more information on Log Functions, please refer to Section 5.3.4.  
Availability: Administrator, SuperUser  
Format: /L [Enter]  
/J  
Display Site ID / Unit Information  
Displays the user-defined Site I.D. message. If the optional asterisk (*) argument is  
included in the command line, the command will also show the model number and  
software version for the AFS-16 unit.  
Availability: Administrator, SuperUser, User, ViewOnly  
Format: /J[*] [Enter]  
Where * is an optional argument, which can be included in the command line to  
display the exact model number and software version of the AFS-16 unit.  
17.3.2. Control Commands  
/X  
Exit Command Mode  
Exits command mode. When issued at the Network Port, also ends the Telnet session.  
Note: If the /X command is invoked from within a configuration menu, recently  
defined parameters may not be saved. In order to make certain that parameters  
are saved, always press the [Esc] key to exit from all configuration menus and  
then wait until "Saving Configuration" message has been displayed and the  
cursor has returned to the command prompt before issuing the /X command.  
Availability: Administrator, SuperUser, User, ViewOnly  
Format: /X [Enter]  
/C  
Connect  
This command can be used to establish a bidirectional connection between the Serial  
Port and the Network Port.  
Note: User level accounts can only connect to the Serial Port or Network port  
if access to the port has been specifically enabled for the account.  
Availability: Administrator, SuperUser, User  
Format: /C <x> [Enter]  
Where xindicates the port that you wish to connect to. To connect to the Network  
Port from the Serial port, enter an N; to connect to the Serial Port from the Network  
Port, enter a 1.  
17-4  
 
 
Command Reference Guide  
/TA  
Toggle to "A" Position  
Toggles a Circuit or a Circuit Group to the "A" position.  
Note: When this command is invoked in Administrator Mode or SuperUser  
Mode, it can be applied to all AFS-16 Circuits and Circuit Groups. When this  
command is invoked in User Mode, it can only be applied to the Circuits and/or  
Circuit Groups that have been enabled for your account.  
Availability: Administrator, SuperUser, User  
Format: /TA <c>[,Y] [Enter]  
Where:  
c
The number or name of the Circuit(s) or Circuit Group(s) that you wish  
to switch to the "A" position. To apply the command to several Circuits,  
enter a plus sign (+) between each Circuit number. To apply the  
command to a range of Circuits, enter the numbers for the first and last  
Circuits in the range, separated by a colon character (:). To apply the  
command to all Circuits allowed by your account, enter an asterisk  
character (*).  
,Y  
(Optional) Suppresses the command confirmation prompt.  
Example:  
Assume that your account allows access to Circuit 2 and Circuit 3. To switch Circuits 2  
and 3 to the "A" position without displaying the optional command confirmation prompt,  
invoke the following command line:  
/TA 2+3,Y [Enter]  
/TB  
Toggle to "B" Position  
Toggles a Circuit or a Circuit Group to the "B" position.  
Note: When this command is invoked in Administrator Mode or SuperUser  
Mode, it can be applied to all AFS-16 Circuits and Circuit Groups. When this  
command is invoked in User Mode, it can only be applied to the Circuits and/or  
Circuit Groups that have been enabled for your account.  
Availability: Administrator, SuperUser, User  
Format: /TB <c>[,Y] [Enter]  
Where:  
c
The number or name of the Circuit(s) or Circuit Group(s) that you wish  
to switch to the "B" position. To apply the command to several Circuits,  
enter a plus sign (+) between each Circuit number. To apply the  
command to a range of Circuits, enter the numbers for the first and last  
Circuits in the range, separated by a colon character (:). To apply the  
command to all Circuits allowed by your account, enter an asterisk (*).  
,Y  
(Optional) Suppresses the command confirmation prompt.  
Example:  
Assume that your account allows access to Circuit 2 and Circuit 3. To switch Circuits 2  
and 3 to the "B" position without displaying the optional command confirmation prompt,  
invoke the following command line:  
/TB 2+3,Y [Enter]  
17-5  
 
 
Command Reference Guide  
/T  
Toggle Command  
This command can be used to toggle any Circuit or Circuit Group to either the "A"  
position or the "B: position.  
Note: When this command is invoked in Administrator Mode or SuperUser  
Mode, it can be applied to all AFS-16 Circuits and Circuit Groups. When this  
command is invoked in User Mode, it can only be applied to the Circuits and/or  
Circuit Groups that have been enabled for your account.  
Availability: Administrator, SuperUser, User  
Format: /T <c>,<p>[,Y] [Enter]  
Where:  
c
The number or name of the Circuit(s) or Circuit Group(s) that you wish  
to switch. To apply the command to several Circuits, enter a plus sign (+)  
between each Circuit number. To apply the command to all Circuits  
allowed by your account, enter an asterisk character (*).  
p
The desired switch position. Enter an "A" to switch specified circuits to the  
"A" position or a "B" to switch circuits to the "B" position.  
,Y  
(Optional) Suppresses the command confirmation prompt.  
Example:  
Assume that your account allows access to Circuit 2 and Circuit 3. To switch Circuits 2  
and 3 to the "A" position without displaying the optional command confirmation prompt,  
invoke the following command line:  
/T 2+3,A,Y [Enter]  
/DC  
Set All Circuits to Default States  
Sets all Circuit Modules to their user-defined default state. For information on setting  
circuit defaults, please refer to Section 5.6.  
Note: When this command is invoked in Administrator Mode and SuperUser  
Mode, it will be applied to all AFS-16 circuits. When invoked in User Mode, the  
command will only be applied to the Circuits that are allowed by your account.  
Availability: Administrator, SuperUser, User  
Format: /DC[,Y] [Enter]  
Where ,Y is an optional command argument, which can be included to suppress the  
command confirmation prompt.  
/U  
Send Parameters to File  
Sends all AFS-16 configuration parameters to an ASCII text file as described in  
Section 15. This allows you to back up the configuration of your AFS-16 unit.  
Availability: Administrator  
Format: /U [Enter]  
17-6  
 
 
Command Reference Guide  
/K  
Send SSH Key  
Instructs the AFS-16 to provide you with a public SSH key for validation purposes. This  
public key can then be provided to your SSH client, in order to prevent the SSH client  
from warning you that the user is not recognized when you attempt to create an SSH  
connection. For more information, please refer to Section 10.1.  
Availability: Administrator  
Format: /K k [Enter]  
Where k is a required argument, which indicates the key type. The k argument  
provides the following options: 1 (SSH1), 2 (SSH2 RSA), 3 (SSH2 DSA.)  
/UL  
Unlock Port (Invalid Access Lockout)  
Manually cancels the AFS-16’s Invalid Access Lockout feature. Normally, when a series  
of failed login attempts are detected, the Invalid Access Lockout feature can shut down  
the effected port for a user specified time period in order to prevent further access  
attempts. When the /UL command is invoked, the AFS-16 will immediately unlock all  
ports that are currently in the locked state.  
Availability: Administrator  
Format: /UL [Enter]  
/TELNET  
Outbound Telnet  
Creates an outbound Telnet connection as described in Section 10.2.  
Notes:  
• In order for the /TELNET command to function, Telnet/SSH and Outbound  
Service Access must be enabled for your user account as described in  
Section 5.5. In addition, Telnet Access and Outbound Access must also be  
enabled via the Network Parameters menu, as described in Section 5.9.2.  
• If you have logged in via the Network Port, the /TELNET command will not  
function.  
Availability: Administrator, SuperUser, User  
Format: /TELNET <ip> [port] [raw] [Enter]  
Where:  
ip  
Is the target IP address.  
port Is an optional argument which can be included to indicate the target port  
at the IP address.  
raw  
Is an optional argument which can be included to indicate a raw socket  
connection. In order to create a raw socket connection, the command line  
must end with the text "raw".  
17-7  
 
 
Command Reference Guide  
/SSH  
Outbound SSH  
Creates an outbound SSH connection as described in Section 10.3.  
Notes:  
• In order for the /SSH command to function, Telnet/SSH and Outbound  
Service Access must be enabled for your user account as described in  
Section 5.5. In addition, SSH Access and Outbound Access must also be  
enabled via the Network Parameters menu, as described in Section 5.9.2.  
• If you have logged in via the Network Port, the /SSH command will not  
function.  
Availability: Administrator, SuperUser, User  
Format: /SSH <ip> -l <username> [Enter]  
Where:  
ip  
-l  
Is the target IP address.  
(Lowercase letter "L") Indicates that the next argument will be the  
log on name.  
username Is the username that you wish to use to log in to the target device.  
17.3.3. Configuration Commands  
/F  
Set System Parameters  
Displays a menu which is used to define the Site ID message, create user accounts,  
set the system clock, and configure and enable the Invalid Access Lockout feature. All  
functions provided by the /F command are also available via the Web Browser Interface.  
For more information, please refer to Section 5.3.  
Availability: Administrator  
Format: /F [Enter]  
/P  
Set Serial Port Parameters  
Displays a menu that is used to select options and parameters for the AFS-16 Control  
Module's serial port. All functions provided by the /P command are also available via  
the Web Browser Interface. Section 5.8 describes the procedure for defining serial port  
parameters.  
Availability: Administrator  
Format: /P [Enter]  
/PC  
Set Circuit Parameters  
Displays a menu that is used to select options and parameters for the AFS-16's Circuit  
Modules. All functions provided by the /PC command are also available via the Web  
Browser Interface. Section 5.6 describes the procedure for defining Circuit parameters.  
Availability: Administrator  
Format: /PC [Enter]  
17-8  
 
 
Command Reference Guide  
/G  
Circuit Group Parameters  
Displays a menu that is used to View, Add, Modify or Delete Circuit Groups. For more  
information on Circuit Groups, please refer to Section 5.7.  
Availability: Administrator  
Format: /G [Enter]  
/N  
Network Port Parameters  
Displays a menu which is used to select parameters for the Network Port. Also allows  
access to the IP Security function, which can restrict network access by unauthorized  
IP addresses and domain names. All of the functions provided by the /N command  
are also available via the Web Browser Interface. For more information, please refer to  
Section 5.9.  
Availability: Administrator  
Format: /N [Enter]  
/PNA Configure Ping-No-Answer Function  
Displays a menu that is used to configure the Ping-No-Answer function. The Ping-No-  
Answer function allows the AFS-16 to automatically perform A/B switching when a target  
device fails to respond to a ping command. For more information on the Ping-No-  
Answer function, please refer to Section 6.  
Note: If desired, the Ping-No-Answer function can also be configured to send  
email notification whenever a target device fails to respond to a ping command.  
For more information, please refer to Section 7.2.  
Availability: Administrator  
Format: /PNA [Enter]  
/AC  
Alarm Configuration Parameters  
Displays a menu that is used to configure and enable the Over Temperature Alarms,  
Lost Communication Alarm, Ping-No-Answer Alarm, Invalid Access Lockout Alarm,  
Power Cycle Alarm and Monitor/Alarm Input function. For more information on Alarm  
Configuration, please refer to Section 7.  
Availability: Administrator  
Format: /AC [Enter]  
17-9  
 
 
Command Reference Guide  
/I  
Reboot System (Default)  
Reinitializes the AFS-16 unit and offers the option to keep user-defined parameters or  
reset to default parameters. As described in Sections 5.10.1 and 15.3, the /I command  
can also be used to restore the unit to previously saved parameters. When the /I  
command is invoked, the unit will offer four reboot options:  
• Reboot Only (Do NOT default parameters)  
• Reboot & Default (Keep IP Parameters & SSH Keys; Default all other parameters)  
• Reboot & Default (Default ALL parameters)  
• Reboot & Restore Last Known Working Configuration  
Availability: Administrator  
Format: /I [Enter]  
/UF  
Upgrade Firmware  
When new versions of the AFS-16 firmware become available, this command is used to  
update existing firmware as described in Section 16.  
Note: When a firmware upgrade is performed, the AFS-16 will require  
approximately 15 minutes for the upgrade procedure.  
Availability: Administrator  
Format: /UF [Enter]  
/TEST Test Network Parameters  
Displays a menu which is used to test configuration of the Syslog and SNMP Trap  
functions and can also be used to invoke a Ping Command. For more information,  
please refer to Section 11.2 and Section 12.2.  
Notes:  
• In order for the ping command to function with domain names, Domain Name  
Server parameters must be defined as described in Section 5.9.5.  
• The Test Menu's Ping command is not effected by the status of the Network  
Parameters Menu's Ping Access function.  
Availability: Administrator, SuperUser  
Format: /TEST [Enter]  
17-10  
 
 
Appendix A.  
Interface Description  
RJ-45  
Pin No.  
RTS  
1
Request to Send  
Ready Out  
DTR 2  
Control Module  
RS232 Serial Port  
TXD  
Data Out  
3
4
5
6
7
8
Pin 1  
Pin 8  
GND  
Ground  
RXD  
DCD  
CTS  
Data In  
Carrier Detect  
Clear to Send  
Figure A.1: Serial Port Interface  
A.1. Serial Port (RS232)  
DCD and DTR hardware lines function as follows:  
1. When connected:  
a) If either port is set for Modem Mode, the DTR output at either port reflects the  
DCD input at the other end.  
b) If neither port is set for Modem Mode, DTR output is held high (active).  
2. When not connected:  
a) If the port is set for Modem Mode, upon disconnect DTR output is pulsed for  
0.5 seconds and then held high.  
b) If the port is not set for Modem Mode, DTR output is controlled by the DTR  
Output option (Serial Port Parameters Menu, Option 23). Upon disconnect,  
Option 23 allows DTR output to be held low, held high, or pulsed for 0.5  
seconds and then held high.  
Apx-1  
 
 
Appendix B.  
Specifications  
Switch Card: Up to 16 Modules  
Interface: RJ45-3, Three Jacks, 8 Pins Switched Common Jack to A or B Jack.  
Contacts: High Reliability, Mechanical Relays, Break-Before-Make Contacts with 1  
Amp @ 30 VDC Rating, 100 Million Cycle Life.  
Switching:  
Manual: Individual Toggle Switch, Gang Switching from Control Module.  
Code/Web Browser: By Slot Number or by Name.  
Card Rack and Control Unit  
Ethernet Port: 10/100Base-T  
Serial Console Port: 1 each, RJ45, RS232C  
AUX Port: 5-Pin Quick-Connect Terminal Block for External Connection for Alarm  
Output, Monitor Input and Ground. Monitor Input Signal is always read relative to  
ground signal.  
Low Monitor Input Signal: 0V to -48V  
High Monitor Input Signal: +5V to +48V  
RS232 Port Interface:  
Connectors: One (1) RJ45 connector (DTE pinout.)  
Coding: 7/8 bits, Even, Odd, No Parity, 1, 2 Stop Bits.  
Flow Control: XON/XOFF, RTS/CTS, Both, or None.  
Data Rate: 300 to 115.2K bps (all standard rates).  
Inactivity Timeout: No activity timeout disconnects port/modem sessions.  
Off, 5, 15, 30, 90 minutes.  
Break: Send Break or Inhibit Break  
Site ID: 32 Characters.  
Port Name: 16 Characters per port.  
Usernames & Passwords: 32 character usernames; 16 character passwords (case  
sensitive.) Up to 128 pairs, definable circuit module, circuit group and  
system access.  
Physical/Environmental:  
Size: 5.25” x 19.00” x 6.75” (H x W x D)  
Power: 100/240 VAC 50/60 Hz, 15 watts  
Weight: Shipping Weight, Fully Loaded, 15 pounds  
Operating Temperature: 32˚F to 122˚F (0˚C to 50˚C)  
Humidity: 10 - 90% RH  
Venting: Side vents are used to dissipate heat generated within the unit. When  
mounting the unit in an equipment rack, make certain to allow adequate  
clearance for venting.  
Apx-2  
 
 
Appendix C.  
Customer Service  
Customer Service hours are from 8:00 AM to 5:00 PM, PST, Monday through Friday.  
When calling, please be prepared to give the name and make of the unit, its serial  
number and a description of its symptoms. If the unit should need to be returned for  
factory repair it must be accompanied by a Return Authorization number from Customer  
Service.  
WTI Customer Service  
5 Sterling  
Irvine, California 92618  
Local Phone: (949) 586-9950  
Toll Free Service Line: 1-888-280-7227  
Service Fax: (949) 583-9514  
Apx-3  
 
 
Appendices  
Trademark and Copyright Information  
WTI and Western Telematic are trademarks of Western Telematic Inc.. All other product  
names mentioned in this publication are trademarks or registered trademarks of their  
respective companies.  
Information and descriptions contained herein are the property of Western Telematic  
Inc.. Such information and descriptions may not be copied, disseminated, or distributed  
without the express written consent of Western Telematic Inc..  
© Copyright Western Telematic Inc., 2010.  
April, 2010  
Part Number: 14069, Revision: B  
Trademarks and Copyrights Used in this Manual  
Hyperterminal is a registered trademark of the Microsoft Corporation. Portions  
copyright Hilgraeve, Inc.  
Teraterm is a copyright of Ayera Technologies, Inc.  
BlackBerry is a registered trademark of Research In Motion Limited.  
JavaScript is a trademark of Sun Microsystems, Inc.  
Telnet is a trademark of Telnet Communications, Inc.  
Thawte is a trademark of Thawte, Inc.  
VeriSign is a registered trademark of VeriSign, Incorporated  
All other trademarks mentioned in this manual are acknowledged to be the property of  
the trademark owners.  
Apx-4  
 
 
Index  
A
Authentication Protocol  
SNMPv3  
2-4 Authentication Type  
2-4 Automated Mode  
AUX Connector  
A/B Gang Switch  
A/B Switch  
Jumper  
A/B Switching  
Text Interface  
Web Browser Interface  
Accept Break  
Network Port  
Serial Port  
Access Level  
LDAP Group  
TACACS  
Accounting Port  
RADIUS  
Accounts  
Adding  
Default  
Add  
Circuit Group  
LDAP Group  
PNA Profile  
User Accounts  
Via SNMP  
B
C
Basic Configuration  
Baud Rate  
Serial Port  
Bind Type  
Bits and Parity  
Serial Port  
BlackBerry  
Callback Security  
Callback Attempts  
Callback Delay  
Callback Enable  
Callback Number  
Certificate Signing Request  
Circuit Access  
Monitor/Alarm Input  
Circuit Control Screen  
Circuit Group  
Circuit Access  
Name  
Circuit Group Access  
LDAP Group  
Circuit Group Control  
Web Browser Interface  
Circuit Group Control Screen  
Circuit Group Directory  
Add Group  
Address  
Invalid Access Lockout Alarm  
Monitor/Alarm Input  
Over Temperature Alarms  
Ping No Answer Alarm  
Power Cycle Alarm  
Administrator  
Network Port  
Serial Port  
Alarm Clear Threshold  
Over Temperature Alarm  
Alarm Configuration  
Invalid Access Lockout Alarm  
Over Temperature Alarms  
Ping-No-Answer Alarm  
Alarm Log  
Alarm Set Threshold  
Over Temperature Alarm  
Allow List  
Delete Group  
Modify  
View  
Circuit Group Parameters  
Circuit Group Status Screen  
Text Interface  
Circuit Module  
Configuration  
Granting Access  
Jumper  
Name  
Power Up Default  
Set Up  
Circuit Parameters  
Text Interface  
ALM Indicator  
Audit Log  
Authentication  
SNMPv3  
Authentication Port  
RADIUS  
Circuit State  
Monitor/Alarm Input  
TACACS  
Index-1  
 
 
Index  
Circuit Status Screen  
Text Interface  
D
Circuits to Switch  
Monitor/Alarm Input  
CLI  
Clock and Calendar  
Command Access Level  
Command Confirmation  
Command Echo  
Network Port  
Debug  
RADIUS  
5-1 to 5-2 Default Circuits  
5-5, 5-7 to 5-8 Default Password  
5-17, 17-2 Default Switching  
5-13 Default User Access  
Delete  
Circuit Group  
LDAP Groups  
Serial Port  
Command Line Interface  
Command Mode  
Access  
Ping-No-Answer Reboot  
PNA Profile  
User Accounts  
Via SNMP  
Logging Out  
Command Reference Guide  
Command Set  
17-1 to 17-10 Deny List  
DHCP  
Text Interface  
17-3 to 17-10 Dialback Security  
14-2 Dictionary Support  
RADIUS  
5-1 to 5-43 Domain Name  
Common Name  
Communication  
Configuration  
Circuit  
Menus  
Email Parameters  
Ping-No-Answer Profile  
Restore Previous  
Restoring  
5-43, 15-3 Domain Name Server  
15-2 DTR Output  
Saving  
Via SNMP  
Connect Command  
Connecting a PC  
Console Port  
E
Email Address  
SSL Certificate  
Email Message  
Invalid Access Lockout Alarm  
Monitor/Alarm Input  
Over Temperature Alarms  
Ping No Answer Alarm  
Power Cycle Alarm  
Email Parameters  
Authentication Type  
Domain  
Configuration  
Interface  
Contact Output Enable  
Invalid Access Lockout Alarm  
Monitor/Alarm Input  
Over Temperature Alarms  
Ping-No-Answer Alarm  
Control Card  
Enable  
From Address  
From Name  
Password  
Port Number  
Send Test Email  
SMTP Server  
To Address  
A/B Switch  
Control Card A/B Switch  
Control Card Reset Switch  
Control Module  
AUX Connector  
Jumper  
Control Module Jumper  
Copyrights  
Copy to All Triggers  
Over Temperature Alarms  
Country  
User Name  
Encryption  
SSH  
Ethernet Port  
Exit Command Mode  
Text Interface  
Create CSR  
CRT Server Key  
Upload  
External Modem  
Customer Service  
Index-2  
 
Index  
F
Invalid Access Lockout Alarm  
Address  
Fallback  
Fallback Local  
RADIUS  
TACACS  
Fallback Timer  
RADIUS  
TACACS  
Contact Output Enable  
Email Message  
Notify Upon Clear  
Resend Delay  
Subject  
Trigger Enable  
Firmware Upgrade  
Firmware Version  
From Address  
Email Parameters  
From Name  
Email Parameters  
Network Port  
Ping-No-Answer Profile  
5-42 IP Security  
Adding IP Addresses  
Examples  
Operators and Wildcards  
G
Gang Switch  
Gateway Address  
Network Port  
General Parameters  
Group Membership Attribute  
Group Membership Value Type  
J
Jumper Settings  
Circuit Module  
Control Module  
K
Kerberos  
H
Hang Up String  
Modem Mode  
Harden Web Security  
Hardware Installation  
Help Screen  
Text Interface  
HTTP Access  
HTTP Interface  
HTTP Port  
HTTPS Access  
HTTPS Port  
Domain Realms  
Key Distribution Centers  
Port  
Realm  
Set Up  
L
LDAP  
Access Level  
Adding LDAP Groups  
Bind Type  
Circuit Group Access  
Deleting Groups  
Enable  
I
Inactivity Timeout  
Network Port  
Serial Port  
Initialization String  
Modem Mode  
Initiating a Reboot Cycle  
Text Interface  
Input Level Jumper  
Internal Modem Port  
Configuration  
Fallback  
Group Membership Attribute  
Group Membership Value Type  
Group Name  
Kerberos Set Up  
LDAP Group Setup  
LDAP Port  
Modifying LDAP Groups  
Parameters  
Port Access  
Primary Host  
Lockout Attempts  
Lockout Duration  
Lockout Enable  
Search Bind DN  
Search Bind Password  
Secondary Host  
Service Access  
TLS/SSL Encryption  
User Search Base DN  
User Search Filter  
Viewing LDAP Groups  
Index-3  
 
Index  
Local Control Device  
Locality  
Local PC  
4-2 Monitor/Alarm Input (continued)  
Return  
Signal  
Access  
Subject  
Trigger Enable  
Lockout Attempts  
Lockout Duration  
Lockout Enable  
Log Configuration  
Log Function  
Reading and Erasing  
Syslog  
Text Interface  
Logging Out  
Text Interface  
Login  
5-9 Monitor Input Level Jumper  
5-9 Monitor Input Level Settings  
5-6, 5-9 to 5-10 Multiple Logins  
5-9 to 5-10 My Phone Number  
N
Name  
Circuit Group  
Circuit Module  
Network Access  
Network Configuration  
Logoff Character  
Network Port  
Serial Port  
Accept Break  
Administrator Mode  
Command Echo  
M
DHCP  
Management Utility  
Manual Control  
Manual Operation  
Master A/B Gang Switch  
Menus  
MIB Parameters  
Modem  
Access  
Modem Mode  
Hang Up String  
Initialization String  
Periodic Reset Value  
Reset String  
Modem Phone Number  
Modem Port  
Configuration  
Modify  
Domain Name Server  
Email Parameters  
Gateway Address  
Harden Web Security  
HTTP Access  
HTTP Port  
HTTPS Access  
HTTPS Port  
Inactivity Timeout  
IP Address  
IP Security  
Kerberos Set Up  
LDAP Parameters  
Logoff Character  
Multiple Logins  
Ping Access  
RADIUS  
Circuit Group  
LDAP Groups  
Ping-No-Answer Reboot  
PNA Profile  
Sequence Disconnect  
SNMP Parameters  
SSH Access  
SSH Port  
User Accounts  
Via SNMP  
Monitor/Alarm Input  
Address  
Circuit Access  
Circuit Group Access  
Circuit State  
Circuits to Switch  
Contact Output Enable  
Email Message  
Static Route  
Subnet Mask  
Syslog Address  
TACACS  
Telnet Access  
Telnet Port  
7-11 Network Parameters  
7-11 Network Port  
Administrator  
SuperUser  
Level Settings  
7-12 Network Port Parameters  
7-10 Network Status Screen  
Monitor/Alarm Input Delay  
Monitor/Alarm Input Level  
Notify Upon Clear  
Resend Delay  
7-10 Normal Mode  
DTR Output  
Text Interface  
Index-4  
 
Index  
Notify Upon Clear  
Invalid Access Lockout Alarm  
Over Temperature Alarms  
Ping No Answer Alarm  
NTP  
Enable  
NTP Timeout  
Primary NTP Address  
Secondary NTP Address  
NTP Enable  
Ping-No-Answer Profile  
Adding PNA Profiles  
Circuit Access  
Circuit Group Access  
Consecutive Failures  
Deleting PNA Profiles  
Domain Name  
Interval After Failed Ping  
IP Address  
Modifying PNA Profiles  
Ping Delay After PNA Action  
Ping Interval  
Ping Test  
PNA Action  
Toggle  
Viewing PNA Profiles  
Ping Test  
Plug Access  
TACACS  
Plug Group Access  
TACACS  
PNA Action  
Continuous  
Single  
NTP Timeout  
O
Operation  
Organizational Name  
Organizational Unit  
Outbound Access  
Outbound SSH  
Outbound Telnet  
Over Temperature Alarms  
Address  
Alarm Clear Threshold  
Alarm Set Threshold  
Contact Output Enable  
Email Message  
PNA Command  
Port  
Kerberos  
Port Access  
LDAP Group  
Port Configuration  
Port Mode  
Serial Port  
Port Name  
Notify Upon Clear  
Resend Delay  
Subject  
Trigger Enable  
P
Password  
Default  
Email Parameters  
SNMPv3  
PDAs  
Periodic Reset Value  
Modem Mode  
PIC Version  
Ping Access  
Ping Interval  
Ping-No-Answer Profile  
Ping-No-Answer Alarm  
Address  
Contact Output Enable  
Email Message  
Notify Upon Clear  
Resend Delay  
Subject  
Serial Port  
Port Number  
Email Parameters  
Power Cycle Alarm  
Address  
Email Message  
Subject  
Trigger Enable  
Power Inlets  
Power Supply  
Power Supply Indicators  
Power Supply Module  
Power Switch  
Power Up Default  
Circuit Module  
Primary Address  
RADIUS  
TACACS  
Primary Host  
Primary NTP Address  
Primary Secret Word  
RADIUS  
Trigger Enable  
Ping-No-Answer Function  
Index-5  
 
Index  
Privacy  
SNMPv3  
Product Information  
Product Status Screen  
Public Key  
S
5-33 Safety Information  
17-4 Saving Parameters  
Text Interface  
10-1 Scripting Options  
Search Bind DN  
Q
R
Search Pind Password  
Secondary Address  
RADIUS  
Quick Start Procedure  
RADIUS  
TACACS  
Accounting Port  
Authentication Port  
Debug  
Dictionary Support  
Enable  
Fallback Local  
Fallback Timer  
Primary Address  
Primary Secret Word  
Retries  
Secondary Host  
Secondary NTP Address  
Secondary Secret Word  
RADIUS  
Secret Word  
TACACS  
Self Signed Certificate  
Sending Traps via SNMP  
Send Test Email  
Sequence Disconnect  
Network Port  
Secondary Address  
Secondary Secret Word  
Set Up  
Serial Port  
Serial Port  
Read Only  
Accept Break  
Access  
SNMP Parameters  
Real Time Clock  
Date  
NTP Enable  
NTP Timeout  
Primary NTP Address  
Secondary NTP Address  
Test NTP Servers  
Time  
Administrator Mode  
Baud Rate  
Bits and Parity  
Command Echo  
Configuration  
Handshake Mode  
Inactivity Timeout  
Interface  
Logoff Character  
Modem Mode  
Normal Mode  
Time Zone  
Reboot System  
Resend Delay  
Invalid Access Lockout Alarm  
Monitor/Alarm Input  
Over Temperature Alarms  
Ping No Answer Alarm  
Reset String  
Modem Mode  
Reset Switch  
Restore Configuration  
Restoring Parameters  
Retries  
RADIUS  
Return  
Monitor/Alarm Input  
RS232 Port  
Interface  
Port Mode  
Port Name  
Sequence Disconnect  
Stop Bits  
Serial Port Interface  
Serial Port Parameters  
Server Private Key  
Service Access  
LDAP Group  
TACACS  
Set Circuits to Defaults  
Text Interface  
Setting Circuit to Default  
Web Browser Interface  
Signed Certificate  
Site I.D.  
Text Interface  
SMTP Server  
Index-6  
 
Index  
SNMP  
Adding Users  
SSL Certificate  
Common Name  
Country  
Create CSR  
Email Address  
Locality  
Organizational Name  
Organizational Unit  
State or Province  
Upload Signed Certificate  
Circuit Status  
Configuration  
Configuration Via  
Controlling Circuit Groups  
Controlling Circuits  
Deleting Users  
Modifying Users  
Sending Traps  
SNMP Traps  
12-1 to 12-2 SSL Encryption  
12-2 State or Province  
13-4 Static Route  
13-1 to 13-5 Status Screens  
13-2 Stop Bits  
Testing  
Unit Environment Status  
Unit Operation Via  
Viewing Users  
View Unit Status  
SNMP Agent  
SNMP Parameters  
Access  
Authentication  
Authentication Protocol  
Enable  
13-1 Subject  
Invalid Access Lockout Alarm  
Serial Port  
Monitor/Alarm Input  
Over Temperature Alarms  
Ping No Answer Alarm  
Power Cycle Alarm  
Privacy  
Read Only  
5-33 Subnet Mask  
Network Port  
5-34 SuperUser  
Read Only Community  
Read/Write Community  
SNMP Contact  
SNMP Location  
SNMPv3  
Network Port  
5-34 Support  
5-34 Suppress Sure Prompt  
5-33 to 5-38 Switching Circuits  
SNMPv3 Password  
SNMPv3 User Name  
Version  
Text Interface  
Web Browser Interface  
5-33 Switching Commands  
SW Version  
SNMP Trap  
Configuration  
SNMP Managers  
Testing  
12-1 Syslog  
Configuration  
Syslog Address  
Syslog Messages  
Testing Configuration  
Trap Community  
SNMPv3  
Authentication  
Authentication/Privacy  
Authentication Protocol  
Encryption  
Password  
Username  
13-1 System Parameters  
Alarm Log  
Audit Log  
Automated Mode  
Callback Security  
Command Confirmation  
Control Card A/B Switch  
Control Card Reset Switch  
Invalid Access Lockout  
Log Configuration  
Management Utility  
Modem Phone Number  
Real Time Clock  
Software Version  
Specifications  
SSH  
Access  
Encryption  
Keys  
SSH Access  
SSH Encryption  
SSH Port  
Scripting Options  
Site I.D.  
Temperature Calibration  
Temperature Format  
User Directory  
System Reboot  
Index-7  
 
Index  
T
U
TACACS  
Access Level  
Authentication Port  
Configuration  
Default User Access  
Enable  
Fallback Local  
Fallback Timer  
Plug Access  
Plug Group Access  
Primary Address  
Secondary Address  
Secret Word  
Unit Description  
5-38 Unlock Port  
Text Interface  
5-38 Upgrading Firmware  
5-38 Upload  
CRT Server Key  
Signed Certificate  
5-38 User  
5-39 User Accounts  
Access Level  
Access Levels  
Adding  
Callback Number  
Circuit Group Access  
Circuit Module Access  
Service Access  
Tech Support  
Telnet  
Command Access Levels  
Default  
Access  
Outbound  
Deleting  
Telnet Command  
Telnet Access  
Telnet Port  
Editing  
Modifying  
Password  
Temperature Calibration  
Temperature Format  
Temperature Log  
Test  
Port Access  
Service Access  
Username  
Viewing  
Ping Test  
Test Menu  
6-2 User Directory  
Test NTP Servers  
Text Interface  
Applying Commands to Several Circuits  
Command Set  
Set Circuits to Defaults  
Switching Circuits  
Time  
Time Zone  
TLS/SSL Encryption  
To Address  
Email Parameters  
Toggle Command  
Toggle to A  
Toggle to B  
Trademarks  
Trigger Enable  
Invalid Access Lockout Alarm  
Monitor/Alarm Input  
Over Temperature Alarms  
Ping No Answer Alarm  
Power Cycle Alarm  
Email Parameters  
SNMPV3  
9-6 User Search Base DN  
17-3 to 17-10 User Search Filter  
V
Version  
SNMP  
View  
Circuit Group Directory  
LDAP Groups  
Ping-No-Answer Reboot  
PNA Profile  
User Accounts  
Via SNMP  
ViewOnly  
W
Warnings and Cautions  
Web Access  
Web Browser Interface  
WTI Management Utility  
Index-8  
 

Whirlpool Dehumidifier AD0402XM0 User Manual
Whirlpool Drums W10663951B User Manual
Whirlpool Trash Compactor GARAGE COMPACTOR User Manual
Xerox All in One Printer 480cx User Manual
Yamaha CD Player CDX 890 User Manual
Zanussi Electric Heater EVO700 User Manual
Zanussi Freezer FREEZER ZV 47 User Manual
Zanussi Refrigerator 102254 User Manual
Zanussi Washer ZWQ 7100 SO User Manual
Zipper Mowers Automobile Parts 309 365 User Manual