Warnings and Cautions
Two Power Supply Cables
Note that the AFS-16 features two separate power inputs, and a separate power supply
cable for each power input. Make certain to disconnect both power supply cables from
their power source before attempting to service or remove the unit.
Disconnect Power
If any of the following events are noted, immediately disconnect the unit from the outlet
and contact qualified service personnel:
1. If the power cord becomes frayed or damaged.
2. If liquid has been spilled into the device or if the device has been exposed to rain
or water.
Disconnect Power Before Servicing
Before attempting to service or remove this unit, please make certain to disconnect the
power supply cable from the power source.
ii
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1
2. Unit Description. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1
2.1. The Dual Power Supply Module. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1
2.2. The Control Module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2
2.3. The Circuit Module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4
3. Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1
3.1. Apply Power to the AFS-16 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1
3.2. Connect Your PC to the AFS-16. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1
3.3. Communicating with the AFS-16 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2
3.4. Fallback Switching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3
3.4.1. Fallback Switching - Text Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3
3.4.2. Fallback Switching - Web Browser Interface . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4
4. Hardware Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1
4.1. Connecting the Power Supply Cable(s). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1
4.2. Connecting the Network Cable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1
4.3. Connecting a Local Control Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2
4.4. Connecting an External Modem (Optional) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2
4.5. Module Set Up . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3
4.5.1. Circuit Module Set Up . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3
4.5.2. Control Module SetUp. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3
4.6. The A/C/B Connectors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3
5. Basic Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-1
5.1. Communicating with the AFS-16 Unit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-1
5.1.1. The Text Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-1
5.1.2. The Web Browser Interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2
5.1.3. Access Via PDA. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-3
5.2. Configuration Menus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-4
5.3. Defining System Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-5
5.3.1. The Real Time Clock and Calendar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-7
5.3.2. The Invalid Access Lockout Feature. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-8
5.3.3. Log Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-9
5.3.3.2. The Temperature Log. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-10
5.3.3.3. Reading and Erasing Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-10
5.3.4. Callback Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-11
5.3.5. Scripting Options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-13
5.3.5.1. Automated Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-14
5.4. User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-15
5.4.1. Command Access Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-15
5.4.2. Granting Circuit Module Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-16
5.5. Managing User Accounts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-17
5.5.1. Viewing User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-17
5.5.2. Adding User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-17
5.5.3. Modifying User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-19
5.5.4. Deleting User Accounts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-19
5.6. Circuit Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-20
iii
Table of Contents
5. Basic Configuration (continued)
5.7. The Circuit Group Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-21
5.7.1. Viewing Circuit Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-21
5.7.2. Adding Circuit Groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-22
5.7.3. Modifying Circuit Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-22
5.7.4. Deleting Circuit Groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-22
5.8. Serial Port Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-23
5.8.1. RS232 Port Modes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-23
5.8.2. The Serial Port Configuration Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-23
5.9. Network Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-25
5.9.1. Network Port Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-26
5.9.2. Network Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-27
5.9.3. IP Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-29
5.9.3.3. IP Security Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-31
5.9.4. Static Route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-32
5.9.5. Domain Name Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-32
5.9.6. SNMP Access Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-33
5.9.7. SNMP Trap Parameters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-34
5.9.8. LDAP Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-35
5.9.8.1. Adding LDAP Groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-36
5.9.8.2 Viewing LDAP Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-37
5.9.8.3. Modifying LDAP Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-37
5.9.8.4. Deleting LDAP Groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-37
5.9.8.5. LDAP Kerberos Set Up. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-37
5.9.9. TACACS Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-38
5.9.10. RADIUS Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-40
5.9.10.1. Dictionary Support for RADIUS . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-41
5.9.11. Email Messaging Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-42
5.10. Save User Selected Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-43
5.10.1. Restore Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-43
6. Ping-No-Answer Fallback Switching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-1
6.1. Adding Ping-No-Answer Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-1
6.2. Viewing Ping-No-Answer Profiles. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-3
6.3. Modifying Ping-No-Answer Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-3
6.4. Deleting Ping-No-Answer Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-3
7. Alarm Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-1
7.1. The Output Contacts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-2
7.2. The Over Temperature Alarms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-3
7.3. The Ping-No-Answer Alarm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-5
7.3.1. Defining Ping-No-Answer IP Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-5
7.3.2. Configuring the Ping-No-Answer Alarm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-5
7.4. The Invalid Access Lockout Alarm. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-7
7.5. The Power Cycle Alarm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-9
7.6. Monitor/Alarm Input . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-10
7.6.1. Monitor Input Level Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-12
iv
Table of Contents
8. The Status Screens. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-1
8.1. Product Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-1
8.2. The Network Status Screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-1
8.3. The Circuit Status Screen. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-2
8.4. The Circuit Group Status Screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-3
8.5. The Event Logs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-4
8.5.1. The Audit Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-4
8.5.2. The Alarm Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-5
8.5.3. The Temperature Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-5
9. Operation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-1
9.1. A/B Switching - Web Browser Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-1
9.1.1. The Circuit Control Screen - Web Browser Interface . . . . . . . . . . . . . . . . . . . . 9-1
9.2. A/B Switching - Text Interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-4
9.2.1. The Circuit Status Screen - Text Interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-4
9.2.2. A/B Switching Commands - Text Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-5
9.3. Manual Operation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-7
9.4. Logging Out of Command Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-7
10. Telnet & SSH Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-1
10.1. SSH Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-1
10.2. Creating an Outbound Telnet Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-2
10.3. Creating an Outbound SSH Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-3
11.1. Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-1
11.2. Testing Syslog Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-2
12. SNMP Traps. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-1
12.1. Configuration:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-1
12.2. Testing the SNMP Trap Function . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-2
13.1. AFS-16 SNMP Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-1
13.2. SNMPv3 Authentication and Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-1
13.3. Configuration via SNMP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-1
13.3.1. Viewing Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-2
13.3.2. Adding Users. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-2
13.3.3. Modifying Users. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-2
13.3.4. Deleting Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-2
13.4. Circuit Control via SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-3
13.4.1. Controlling Circuits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-3
13.4.2. Controlling Circuit Groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-3
13.5. Viewing AFS-16 Status via SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-4
13.6.1. Circuit Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-4
13.6.2. Unit Environment Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-4
13.7. Sending Traps via SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-5
14 Setting Up SSL Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-1
14.1. Creating a Self Signed Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-2
14.2. Creating a Signed Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-3
14.3. Downloading the Server Private Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-4
15.1. Sending Parameters to a File. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-1
15.2. Restoring Saved Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-2
15.3. Restoring Previously Saved Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-3
v
Table of Contents
16. Upgrading AFS-16 Firmware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-1
17.1. Command Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-1
17.2. Command Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-2
17.3. Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-3
17.3.1. Display Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-3
17.3.2. Control Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-4
17.3.3. Configuration Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-8
A. Interface Description. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Apx-1
A.1. Serial Port (RS232). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Apx-1
B. Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Apx-2
C. Customer Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Apx-3
Index. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Index-1
vi
Table of Contents
List of Figures
Control Module Jumper . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-12
The Help Menu (Administrator Mode; Text Interface). . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-4
11.1. The Test Menu (Text Interface) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-2
14.1. Web Access Parameters (Text Interface Only). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-1
Serial Port Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Apx-1
vii
1. Introduction
The AFS-16-1 is a versatile switching system, designed for applications that require
routing of analog or digital signals between a common RJ45 jack and “A” and “B
RJ45 jacks. The AFS-16-1 is ideal for switching RS232, RS422/485, Ethernet/UTP or
telephone lines.
The system consists of a Card Rack, one Power Supply Module, one Control Module,
and up to 16 Circuit Modules. Each Circuit Module is capable of switching all 8 pins of
the Common RJ45 jack between Jack “A” or Jack “B”. Each card can be switched by
alarm, manually, or by command.
The AFS-16-1 includes an assortment of alarm features, which allow the unit to monitor
temperature, power interruptions, and invalid access attempts and then notify you
via Email, text message, Syslog message or SNMP trap when critical conditions are
detected. The AFS can also monitor device response to ping commands and then
switch A/B paths and provide notification when devices fail to respond.
Security and Co-Location Features:
Secure Shell (SSHv2) encryption and address-specific IP security masks help to prevent
unauthorized access to command and configuration functions.
The AFS-16-1 also provides four different levels of security for user accounts:
Administrator, SuperUser, User and ViewOnly. The Administrator level provides
complete access to all A/B switching functions, status displays and configuration
menus. The SuperUser level allows control of A/B switching, but does not allow access
to configuration functions. The User level allows access to only a select group of
Administrator-defined A/B circuits. The ViewOnly level allows you to check unit status,
but does not allow A/B switching or access to configuration menus.
The AFS-16-1 includes full Radius, LDAP and TACACS capability, DHCP and an invalid
access lockout feature. An Audit Log records all user access, login and logout times
and command actions, and an Alarm Log records user-defined alarm events.
1-1
Introduction
Environmental Monitoring and Management:
The AFS-16 can constantly monitor temperature levels, ping response and other factors.
If the AFS-16 detects that user defined thresholds for these values have been exceeded,
the unit can promptly notify you via email, text message, SNMP trap, or Syslog
message. The AFS-16 also records temperature readings to a convenient log file.
The AFS-16 can also notify you when excessive invalid access attempts are detected,
and can automatically lock ports when it determines that an unauthorized user may be
attempting to gain access by "hammering" the unit with random passwords.
WTI Management Utility
The AFS-16 includes the WTI Management Utility, which allows you to manage multiple
WTI units via a single menu. For more information on the Management Utility, please
refer to the User’s Guide that is included on the CDROM.
Typographic Conventions
^(e.g. ^X)
Indicates a control character. For example, the text
"^X" (Control X) indicates the [Ctrl] key and the [X]
key must be pressed simultaneously.
COURIER FONT
[Bold Font]
< >
Indicates characters typed on the keyboard.
For example, /ACor /TB 2.
Text set in bold face and enclosed in square brackets,
indicates a specific key. For example, [Enter] or [Esc].
Indicates required keyboard entries:
For Example: /TA <n>.
[ ]
Indicates optional keyboard entries.
For Example: /P [n].
1-2
2. Unit Description
The AFS-16 consists of a frame unit, one Dual Power Supply Module, one Control
Module, and up to sixteen Circuit Modules.
2.1. The Dual Power Supply Module
The Dual Power Supply Module, shown in Figure 2 1, provides AC power used by the
Control Module and Circuit Module(s). The AFS-16 will always include one Dual Power
Supply Module. Note that the Power Supply Module is not designed to be removed
from the AFS-16 Rack Assembly.
POWER MODULE
AFS-16
ON
1
I
O
Figure 2.1: The Power Supply Module
The Power Supply Module faceplate includes the following:
Power Switch and ON Indicator
Power Inlets: (Not Shown) Two (2) IEC320-C14 AC inlets (located on the back
panel of the Dual Power Supply Module) which are used to connect the AFS-16 to
an appropriate power source.
Power Supply Indicators: Two LEDs (located on the back panel of the Dual Power
Supply Module), which will light when connected to an active power source. Note
that there is one LED for Inlet "A" and one LED for Inlet "B".
2-1
Unit Description
2.2. The Control Module
The Control Module, shown in Figure 2.2, coordinates switching of the individual Circuit
Modules. The Control Module includes a Master A/B Gang Switch, status LEDs, a
10/100Base-T Ethernet connector and an RJ-45 RS232 Serial Port for connection to your
PC, control device or external modem. An AUX jack is provided to allow connection to
a monitored line and optional external alarm. The AFS-16 always includes one Control
Module.
CONTROL
AC
1
LK
ETHERNET
10/100
A
2
6
3
B
ALARM
4
RST
5
RS232
7
Figure 2.2: The Control Module
The AFS-16 Control Module includes the following components:
Ethernet Port: An RJ45 Ethernet port for connection to your 10Base-T or
100Base-T, TCP/IP network. Note that the AFS-16 features a default IP address
(192.168.168.168). This allows you to establish an SSH connection with the unit
without first assigning an IP address. Note that the Network Port also includes two,
small LED indicators for Link and Data Activity. For more information on Network
Port configuration, please refer to Section 5.9.
Master A/B Gang Switch: Allows manual control of A/B switching at up to sixteen
Circuit Modules. Note that the Master A/B Gang Switch can be disabled as
described in Section 5.3.
ALM Indicator: The ALM Indicator will light when Monitor Input Alarm is triggered.
For more information on the Monitor Input Alarm, please refer to Section 7.6.
2-2
Unit Description
Reset Switch: To reinitialize the AFS-16, hold the Reset Switch in the "down"
position for approximately five seconds. When the AFS-16 is reset, all users will be
disconnected from the AFS-16 and the operating system will be reloaded.
RS232 Connector: An RJ-45 Serial Port for connection to your PC, control device,
or external modem. Please refer to Appendix A for a description of the RS232
interface.
AUX Connector: (Not Shown) A five terminal quick connector, located on the back
edge of the Control Module board. The AUX Connector can be used in conjunction
with the Monitor/Alarm Input feature to generate an alarm when the status of pin 4
changes. In addition, pins 1 through 3 on the AUX Connector can also be used to
switch a connected device On or Off in response to signal changes at Pin 4. For
more information, please refer to Section 7.
Notes:
• The Monitor Input signal (Pin 4) is always measured relative to the signal at
the common ground (Pin 5).
• A "Low" signal should be between Zero (0) Volts and -48 Volts and a "High"
signal should be between +5 Volts and +48 Volts.
Release Pin: A snap-lock pin that is used to secure the Control Module to the
AFS-16 frame.
Monitor Input Level Jumper: (Not Shown) A jumper located on the Control
Module board, which is used to configure the AUX Connector for use with the
Monitor/Alarm Input feature. The Monitor Input Level Jumper selects the non-active
state for the Monitor/Alarm Input feature. When the jumper is set in the "1" position
(normally high,) the Monitor/Alarm Input feature can generate an alarm when the
Monitor Input signal goes low. When the jumper is set in the "0" position (normally
low,) the Monitor/Alarm Input feature can generate an alarm when the Monitor Input
signal goes high. For more information on the Monitor/Alarm Input feature, please
refer to Section 7.6.
2-3
Unit Description
2.3. The Circuit Module
The AFS-16 can accept up to sixteen Circuit Modules. Each Circuit Module includes
a common jack, jacks for “A” and “B” paths, and a Manual A/B switch as described in
Figure 2.3.
RJ45-3
1
A
B
2
A
3
C
4
B
5
Figure 2.3: The Circuit Module
The AFS-16 Circuit Module includes the following components:
A/B Switch: Each A/B Switch can be manually switched, or activated by
commands sent to the Control Module. The A/B Switch can also be operated by
the Control Module’s Master A/B Switch.
“A” Connector: An RJ45 Port, used for connection to your primary line.
“C” Connector: An RJ45 Port, used for connection to a common line.
“B” Connector: An RJ45 Port, used for connection to your fallback line.
Release Pin: Used to secure the Circuit Module to the AFS-16 frame.
A/B Switch Jumper: (Not Shown) A jumper, located on the Circuit Module board,
which is used to enable/disable the individual Circuit Module’s response to the
Master A/B Gang Switch as described in Section 4.5.1.
2-4
3. Getting Started
This section describes a simplified installation procedure for the AFS-16 hardware,
which will allow you to communicate with the unit in order to demonstrate basic features
and check for proper operation.
Note that this Quick Start procedure does not provide a detailed description of unit
configuration, or discuss advanced operating features in detail. For more information,
please refer to the remainder of this User’s Guide
3.1. Apply Power to the AFS-16
Refer to the safety precautions listed at the beginning of this User's Guide, and then
connect the unit to a 100 to 240 VAC power source.
Note: The AFS-16 includes two power inlets. You can connect either one or
both of these inputs to your power source. If both power inlets are connected,
they should be connected to separate power sources in order that the second
power source can serve as a redundant back up in the event of failure.
Connect the power supply cable(s) to the unit’s power inlet(s) and then connect the
cable(s) to appropriate power supplies.
Set the Power Switch on the AFS-16 Power Module to the ON Position. The ON LED
on the Power Module and the A/B indicators on the Control Module should light. After
about 90 seconds, the A/B indicators should go out, indicating that the unit is ready to
receive commands.
3.2. Connect Your PC to the AFS-16
The AFS-16 can either be controlled by a local PC Serial Port, controlled via modem,
or controlled via TCP/IP network. In order to select parameters or control switching
functions, commands are issued to the AFS-16 via either the Ethernet Port or RS232
Console Port.
• Ethernet Port: Connect your 10Base-T or 100Base-T network interface to the
AFS-16 Control Module's 10/100Base-T Network Port.
• RS232 Port: Use the supplied Ethernet cable and adapter to connect your PC
COM port to the RS232 Console Port on the AFS Control Module as described
in Section 4.3. For a description of the RS232 Port Interface, please refer to
Appendix A.1.
• Modem: If desired, an external modem can also be installed at the RS232 Port.
For more information, please refer to Section 4.4.
3-1
Getting Started
3.3. Communicating with the AFS-16
When properly installed and configured, the AFS-16 will allow command mode access
via Telnet, Web Browser, SSH client, modem, or local PC. However, in order to ensure
security, both Telnet and Web Browser access are disabled in the default state. To
enable Telnet and/or Web Browser access, please refer to Section 5.9.2.
Notes:
• Default AFS-16 serial port parameters are set as follows: 9600 bps, RTS/
CTS Handshaking, 8 Data Bits, One Stop Bit, No Parity. Although these
parameters can be easily redefined, for this Quick Start procedure, it is
recommended to configure your communications program to accept the
default parameters.
• The AFS-16 features a default IP Address (192.168.168.168) and a default
Subnet Mask (255.255.255.0.) This allows network access to command
mode, providing that you are contacting the AFS-16 from a node on the same
subnet. When attempting to access the AFS-16 from a node that is not on the
same subnet, please refer to Section 5.9 for further configuration instructions.
1. Access Command Mode: The AFS-16 includes two separate user interfaces; the
Text Interface and the Web Browser Interface. The Text Interface is available via
Local PC, SSH Client, Telnet, or Modem and can be used to both configure the
AFS-16 and create connections between ports. The Web Browser interface is only
available via TCP/IP network, and can be used to configure the unit, but cannot
create connections between ports.
a) Via Local PC: Start your communications program and then
press [Enter].
b) Via SSH Client: Start your SSH client, enter the default IP address
(192.168.168.168) for the AFS-16 and then invoke the connect command.
c) Via Web Browser: Make certain that Web Browser access is enabled as
described in Section 5.9.2. Start your JavaScript enabled Web Browser, enter
the default AFS-16 IP address (192.169.168.168) in the Web Browser address
bar, and then press [Enter].
d) Via Telnet: Make certain that Telnet access is enabled as described in
Section 5.9.2. Start your Telnet client, and enter the AFS-16's default IP
address (192.168.168.168).
e) Via Modem: Use your communications program to dial the number for the
external modem (optional) that you have connected to the AFS-16’s RS232
port. For more information on connecting a modem to the AFS-16, please refer
to Section 4.4.
2. Username / Password Prompt: A message will be displayed, which prompts you
to enter your username (Login) and password. The default username is "super"
(all lower case, no quotes), and the default password is also "super". If a valid
username and password are entered, the AFS-16 will display either the Circuit
Control Screen (Web Browser Interface) or the Circuit Status Screen (Text Interface.)
3-2
Getting Started
3. Review Help Menu: If you are communicating with the AFS-16 via the text
interface (SSH, Telnet or Modem), type /Hand press [Enter] to display the Help
Menu, which lists all available AFS-16 commands. Note that the Help Menu is not
available via the Web Browser Interface.
3.4. Fallback Switching
A/B fallback switching can be controlled via the Text Interface or via the Web Browser
Interface.
3.4.1. Fallback Switching - Text Interface
Access the AFS-16 Text Interface as described in Section 3.3 and then proceed as
follows:
1. Review the Help Menu: At the Text Interface command prompt, type /Hand press
[Enter] to display the Help Menu, which provides a basic listing of all available
AFS-16 commands.
2. Manual A/B Switching: Use the manual circuit switches to change A/B paths.
Note that this example assumes that the Master A/B Gang Switch and individual
circuit module switches have not been disabled.
a) Master A/B Gang Switch: Toggle the Master A/B Gang Switch between the
“A” and “B” positions. The LED indicators should follow the Master Switch,
indicating that each circuit has switched the “A” and “B” paths.
b) Circuit Module A/B Switch: Choose an individual Circuit Module and toggle
the module’s A/B Switch between “A” and “B”. The LED indicators should
indicate that the module has switched the A/B path.
3. Code Activated Switching: To control A/B fallback switching using ASCII
commands, invoke the following commands at the AFS command prompt:
a) Type /T *,Band press [Enter]. All Circuit Modules should switch to the
“B” path.
b) Type /T 1,Aand press [Enter]. Circuit Module number 1 should switch to the
“A” path.
c) Type /T 2,3,4,Aand press [Enter]. Circuit Modules 2, 3, and 4 should
switch to the “A” path.
3-3
Getting Started
3.4.2. Fallback Switching - Web Browser Interface
In the default state, the Web Browser Interface will not be available until you have
enabled Web Access as described in Section 5.9.2. After Web Access has been
enabled, access the AFS-16 Web Browser Interface as described in Section 3.3 and
then proceed as follows:
1. Access the Circuit Control Menu: Click on the "Circuit Control" link on the left
hand side of the screen to display the Circuit Control menu. The Circuit Control
menu includes a series of dropdown menus that are used to select the desired
switching action for each Circuit Module.
Note: The Circuit Control menu also lists the number and user-defined name
of each Circuit Module present, the name of the currently selected A/B circuit
path, the A/B position of the switch, a brief description of the reason for the last
switching action and a column that shows if each circuit is controlled by the
Monitor/Alarm Input feature.
2. Select the Switching Action: Use the dropdown menu to select an A/B switching
operation for the desired Circuit Module. For example, to switch Circuit 1 to the B
position, click on the down arrow in the "Action" column for Circuit 1 to display the
dropdown menu, select the "B" option from the dropdown menu and then click on
the "Confirm Circuit Actions" button.
Notes:
• The dropdown menu for each circuit allows you to select position A, position
B or the default position. Normally, the "Default" option will switch the
circuit to the user-defined Default position that is selected as described in
Section 5.6. However, in the case of this Quick Start procedure, the Default
circuit positions have not yet been defined.
• The Circuit Control Menu also includes the ability to switch all AFS-16 Circuit
Modules. If desired, the dropdown menu in the "All Circuits" row can be
used to switch all AFS-16 circuits.
3. Confirm Switching Actions: After you click on the "Confirm Circuit Actions"
button, the AFS-16 will display a screen which summarizes the selected switching
operation(s) and asks for confirmation before executing the command. To proceed
with the selected switching operation, click on the "Execute Circuit Actions" button.
4. The AFS-16 will execute the switching operation and then display the Circuit Status
screen.
This completes the Quick Start procedure for the AFS-16. Prior to placing the unit into
operation, it is recommended to refer to the remainder of this user’s guide for important
information regarding advanced configuration capabilities and more detailed operation
instructions. If you have further questions regarding the AFS-16 unit, please contact
WTI Customer Support as described in Appendix C.
3-4
4. Hardware Installation
4.1. Connecting the Power Supply Cable(s)
Refer to the cautions listed below and at the beginning of this User's Guide, and then
connect the AFS-16 to an appropriate 100 to 240 VAC power supply.
CAUTIONS:
• Before attempting to install this unit, please review the warnings and
cautions listed at the front of the user’s guide.
• This device should only be operated with the type of power source
indicated on the instrument nameplate. If you are not sure of the type of
power service available, please contact your local power company.
• Reliable earthing (grounding) of this unit must be maintained. Particular
attention should be given to supply connections when connecting to
power strips, rather than directly to the branch circuit.
Note: The AFS-16 includes two power inlets. You can connect either one or
both of these inputs to your power source. If both power inlets are connected,
they should be connected to separate power sources in order that the second
power source can serve as a redundant back up in the event of failure.
Set the Power Switch on the AFS-16 Power Module to the ON Position. The ON LED
on the Power Module and the A/B indicators on the Control Module should light. After
about 90 seconds, the A/B indicators should go out, indicating that the unit is ready to
receive commands. Note that if the AFS-16 needs to download SSH keys, it may take
longer than 90 seconds for the A/B indicators to switch off.
4.2. Connecting the Network Cable
Use the supplied 10/100Base-T Ethernet cable to connect the AFS-16 Ethernet
port to your TCP/IP network. Note that the AFS-16 includes a default IP address
(192.168.168.168) and a default subnet mask (255.255.255.0.) When installing the
AFS-16 in a working network environment, it is recommended to define network
parameters as described in Section 5.9.
4-1
Hardware Installation
RJ-45
DB-9F
Pin No.
Pin No. Signal
1
2
3
4
5
6
7
8
8
CTS
DCD
Pin 1
1
2
RXD
GND
5
X
Pin 8
Pin 1
3
4
7
TXD
DTR
RTS
Female
Figure 4.1: DX9F-DTE-RJ Snap Adapter Interface
RJ-45 DCE
Serial Port
DB-9M DTE
Console Port
PC, Laptop
or Other
AFS-16
Device with
DB-9M DTE
Interface
Straight
RJ-45 Cable
DX9F-DTE-RJ
Snap Adapter
Figure 4.2: Connecting DB-9M DTE Devices to the AFS Control Module's Serial Port
4.3. Connecting a Local Control Device
Use the supplied Ethernet cable and adapter to connect your PC COM port to the
RS232 Console Port on the AFS-16 Control Module as shown in Figure 4.1 and
Figure 4.2. For a description of the RS232 Port Interface, please refer to Appendix A.1.
4.4. Connecting an External Modem (Optional)
Access the AFS-16 Command Mode as described in Section 5.1 and then use the
Port Parameters menu to configure the RS232 Port for Modem Mode as described in
Section 5.8. Use an appropriate cable to connect your external modem the RS232 Port
on the AFS-16's Control Module and then connect your RJ11 phone line to the external
modem.
4-2
Hardware Installation
Enable
Disable
E
D
Figure 4.3: Circuit Module Jumper
4.5. Module Set Up
4.5.1. Circuit Module Set Up
The A/B Switch Jumper on the Circuit Module card (Figure 4.3) enables/disables the
individual Circuit Module’s A/B Switch. If you wish to disable manual A/B switching
control at a specific Module, then the A/B Switch Jumper on that Module must be set in
the "Disable" position.
4.5.2. Control Module SetUp
The Control Module includes a jumper that can be used to configure the AUX Connector
for use with the Monitor/Alarm Input feature. If you intend to use the Input Monitor
Alarm, then this jumper should be set as described in Section 7.6.
4.6. The A/C/B Connectors
Each AFS-16 Circuit Module includes three RJ45 connectors: a "C" (Common)
connector, an "A" (Primary Fallback) connector and a "B" (Secondary Fallback)
connector. Use an RJ45 Ethernet cable to connect devices to the A/C/B ports as
required.
This completes the AFS-16 installation instructions. Please proceed to the next Section
for instructions regarding basic unit configuration.
4-3
5. Basic Configuration
This section describes the basic configuration procedure for AFS-16 units. For
information on Alarm Functions, please refer to Section 7.
5.1. Communicating with the AFS-16 Unit
In order to configure the AFS-16, you must first connect to the unit, and access
command mode. Note that, the AFS-16 offers two separate configuration interfaces; the
Web Browser Interface and the Text Interface.
In addition, the AFS-16 also offers three different methods for accessing command
mode; via network, via modem, or via local console. The Web Browser interface is only
available via TCP/IP network, and the Text Interface is available via TCP/IP network (SSH
or Telnet), modem or local PC.
5.1.1. The Text Interface
The Text Interface (also known as the "Command Line Interface" or "CLI") consists of a
series of simple ASCII text menus, which allow you to set options and define parameters
by entering the number for the desired option using your keyboard, and then typing in
the value for that option.
Since the Web Browser Interface and Telnet accessibility are both disabled in the
default state, you will need to use the Text Interface to contact the unit via Local PC or
SSH connection when setting up the unit for the first time. After you have accessed
command mode using the Text Interface, you can then enable Web Access and Telnet
Access, if desired, in order to allow future communication with the unit via Web Browser
or Telnet. You will not be able to contact the unit via Web Browser or Telnet until you
have enabled those options.
Once Telnet Access is enabled, you will then be able to use the Text Interface to
communicate with the AFS-16 via local PC, Telnet or SSH connection. You can also
use the Text Interface to access command mode via an external modem installed at the
RS232 Port on the AFS-16 Control Module.
In order to use the Text Interface, your installation must include:
• Access via Network: The AFS-16 must be connected to your TCP/IP Network, and
your PC must include a communications program (such as HyperTerminal.)
• Access via Modem: An external modem must be installed at the Control Module's
RS232 Port and the RS232 Port must be configured for Modem Mode as described
in Section 5.8. A phone line must be connected to the external modem. In
addition, your PC must include a communications program.
• Access via Local PC: Your PC must be connected to the RS232 Port on the
AFS-16 Control Module. The RS232 Port must be configured for Normal Mode, and
your PC must include a communications program.
5-1
Basic Configuration
To access command mode via the Text Interface, proceed as follows:
Note: When communicating with the unit for the first time, you will not be able
to contact the unit via Telnet until you have accessed command mode via Local
PC or SSH Client and used the Network Parameters Menu to enable Telnet as
described in Section 5.3.
1. Contact the AFS-16 Unit:
a) Via Local PC: Start your communications program and press [Enter]. Wait
for the connect message, then proceed to Step 2.
b) Via Network: The AFS-16 includes a default IP address (192.168.168.168) and
a default subnet mask (255.255.255.0.) This allows you to contact the unit from
any network node on the same subnet, without first assigning an IP Address to
the unit. For more information, please refer to Section 5.9.
i.
Via SSH Client: Start your SSH client, and enter the AFS-16’s IP Address.
Invoke the connect command, wait for the connect message, then
proceed to Step 2.
ii. Via Telnet: Start your Telnet Client, and then Telnet to the AFS-16’s IP
Address. Wait for the connect message, then proceed to Step 2.
c) Via Modem: Use your communications program to dial the number for the
phone line that you have connected to the AFS-16's RS232 Serial Port.
2. Login / Password Prompt: A message will be displayed, which prompts you to
enter a username (login name) and password. The default username is "super" (all
lower case, no quotes), and the default password is also "super".
3. If a valid username and password are entered, the AFS-16 will display the Circuit
Status Screen.
5.1.2. The Web Browser Interface
The Web Browser Interface consists of a series of web forms, which can be used to
select configuration parameters and perform switching operations, by clicking on the
appropriate buttons and/or entering text into designated fields.
Note: In order to use the Web Browser Interface, Web Access must first
be enabled via the Text Interface Network Parameters Menu as described in
Section 5.9, the AFS-16 must be connected to a TCP/IP network, and your PC
must be equipped with a JavaScript enabled web browser.
1. Start your JavaScript enabled Web Browser, key the AFS-16’s IP address
(default = 192.168.168.168) into the web browser’s address bar, and press [Enter].
2. Username / Password Prompt: A message box will prompt you to enter your
username and password. The default username is "super" (all lower case, no
quotes), and the default password is also "super".
3. If a valid username and password are entered, the Circuit Control Screen will be
displayed.
5-2
Basic Configuration
5.1.3. Access Via PDA
In addition to the Web Browser Interface and Text Interface, the AFS-16 command mode
can also be accessed by PDA devices. Note however, that due to nature of most PDAs,
only a limited selection of AFS-16 operating and status display functions are available to
users who communicate with the unit via PDA.
When the AFS-16 is operated via a PDA, only the following functions are available:
• Product Status Screen (Unit Info) (Section 8.1)
• Circuit Status Screen (Section 8.3)
• Circuit Group Status Screen (Section 8.4)
• Circuit Control Screen (Section 9.1.1)
• Circuit Group Control Screen (Section 9.1.2)
These screens will allow PDA users to review Circuit Status and Circuit Group Status,
invoke A/B switching and display the Site I.D. and firmware version. Note however, that
PDA users are not allowed to change or review AFS-16 configuration parameters.
To configure the AFS-16 for access via PDA, first consult your IT department for
appropriate settings. Access the AFS-16 command mode via the Text Interface or Web
Browser interface as described in this section, then configure the AFS-16's Network Port
accordingly, as described in Section 5.9.
In most cases, this configuration will be adequate to allow communication with most
®
PDAs. Note however, that if you wish to use a BlackBerry to contact the AFS-16,
you must first make certain to configure the BlackBerry to support HTML tables, as
described below:
1. Power on the BlackBerry, and then click on the BlackBerry Internet Browser Icon.
2. Press the Menu button, and then choose "Options."
3. From the Options menu, choose "Browser Configuration," then verify to make
certain that "Support HTML Tables" is checked (enabled.)
4. Press the Menu button, and select "Save Options."
When you have finished communicating with the AFS-16 via PDA, it is important to
always close the session using the PDA's menu functions, rather than by simply closing
the browser window, in order to ensure that the AFS-16 has completely exited from
command mode, and is not waiting for the inactivity timeout period to elapse. For
example, to close a session on a BlackBerry, press the Menu button and then choose
"Close."
5-3
Basic Configuration
5.2. Configuration Menus
Although the Web Browser Interface and Text Interface provide two separate means for
selecting parameters, both interfaces allow access to the same set of basic parameters,
and parameters selected via one interface will also be applied to the other. To access
the configuration menus, proceed as follows:
• Text Interface: Refer to the Help Screen (/H) and then enter the appropriate
command to access the desired menu. When the configuration menu appears, key
in the number for the parameter you wish to define, and follow the instructions in
the resulting submenu.
• Web Browser Interface: Use the links and fly-out menus on the left hand of the
screen to access the desired configuration menu. To change parameters, click in
the desired field and key in the new value or select a value from a pull-down menu.
To apply newly selected parameters, click on the "Change Parameters" button at the
bottom of the menu or the "Set" button next to the field.
The following sections describe options and parameters that can be accessed via each
of the configuration menus. Please note that essentially the same set of parameters and
options are available to both the Web Browser Interface and Text Interface.
Notes:
• Configuration menus are only available when you have logged into command
mode using a password that permits Administrator Level commands.
SuperUser accounts are able to view configuration menus, but are not
allowed to change parameters.
• Configuration menus are not available when you are communicating with the
AFS-16 via PDA
• When defining parameters via the Text Interface, make certain to press the
[Esc] key several times to completely exit from the configuration menu
and save newly defined parameters. When parameters are defined via the
Text Interface, newly defined parameters will not be saved until the "Saving
Configuration" message has been displayed and the cursor returns to the
command prompt.
5-4
Basic Configuration
5.3. Defining System Parameters
The System Parameters menus are used to define the Site ID Message, set the system
clock and calendar, set up log functions and calibrate temperature readings.
To access the System Parameters menu via the Text Interface, type /Fand press
[Enter]. To access the System Parameters menu via the Web Browser Interface, place
the cursor over the "General Parameters" link, wait for the flyout menu to appear and
then click on the "System Parameters" link. The System Parameters Menus are used to
define the following:
• User Directory: This function is used to view, add, modify and delete user
accounts and passwords. As discussed in Section 5.4 and Section 5.5, the User
Directory allows you to set the security level for each account as well as determine
which circuits each account will be allowed to control.
Note: The "User Directory" option does not appear in the Web Browser
Interface’s System Parameters menu and is instead accessed via the "Users"
link on the left hand side of the menu.
• Site ID: A text field, generally used to note the installation site or name for the
AFS-16 unit. (Up to 32 chars.; Default = undefined.)
Note: The Site I.D. will be cleared if the AFS-16 is reset to default settings.
• Real Time Clock: This prompt provides access to the Real Time Clock menu,
which is used to set the clock and calendar, and to enable and configure the NTP
(Network Time Protocol) feature as described in Section 5.3.1.
Note: The "Real Time Clock" option does not appear in the Web Browser
Interface’s System Parameters menu, and is instead, accessed via the "Real
Time Clock" link on the left hand side of the screen.
• Invalid Access Lockout: If desired, this feature can be used to automatically
disable the Network Port or RS232 Port after a user specified number of
unsuccessful login attempts are made. For more information, please refer to
Section 5.3.2. (Default = On, 9 Attempts, 30 Minute Duration.)
Note: The "Invalid Access Lockout" item does not appear in the Web Browser
Interface’s System Parameters menu, and is instead, accessed via the link on
the left hand side of the screen.
• Temperature Format: Determines whether the temperature is displayed as
Fahrenheit or Celsius. (Default = Fahrenheit.)
• Temperature Calibration: Used to calibrate the unit's internal temperature sensing
abilities. To calibrate the temperature, place a thermometer inside your equipment
rack, in a location that usually experiences the highest temperature. After a few
minutes, take a reading from the thermometer, and then key the reading into the
configuration menu. In the Web Browser Interface, the temperature is entered
at the System Parameters menu, in the Temperature Calibration field; in the Text
Interface, the temperature is entered in a submenu of the System Parameters menu,
which is accessed via the Temperature Calibration item. (Default = undefined.)
5-5
Basic Configuration
• Log Configuration: In the Text Interface, this item provides access to a submenu
which is used to configure the Audit Log, Alarm Log and Temperature Log as
described in Section 5.3.3. In the Web Browser Interface, these parameters are
directly accessed via the System Parameters menu.
Audit Log: When enabled, the Audit Log will create a record of all A/B switching
at the AFS-16 unit, including switching that was initiated by alarms.
(Default = On without Syslog.)
Alarm Log: When enabled, the Alarm Log will create a record of all alarm activity
at the AFS-16 unit. (Default = On without Syslog.)
Temperature Log: When enabled, the Temperature Log will create a record of
temperature vs. time at the AFS-16 unit. (Default = On.).
• Callback Security: Enables and configures the Callback Security Function as
described in Section 5.3.4. In order for this feature to function, a Callback number
must also be defined for each desired user account as described in Section 5.5.
(Default = On - Callback without Password Prompt, 3 attempts, 30 Minute Delay.)
Notes:
• In the Text Interface, Callback Security Parameters are defined via a submenu
of the Systems Parameters Menu, which is accessed via the Callback
Security item.
• In the Web Browser Interface, Callback Security Parameters are defined via a
separate menu, which is accessed by clicking the "Callback Security" link on
the left hand side of the screen.
•
•
Control Card A/B Switch: This item can be used to enable/disable the Master A/B
Gang Switch on the AFS-16 Control Module. (Default = On.)
Control Card Reset Switch: This item can be used to enable/disable the Reset
Switch on the AFS-16 Control Module. (Default = On.)
• Modem Phone Number: When an optional external modem is connected to the
AFS-16 Control Card's RS232 Port, the Modem Phone Number parameter can be
used to denote the phone number for the external modem. (Default = undefined.)
• Management Utility: Enables/Disables the Management Utility. When enabled,
the Management Utility allows you to manage multiple WTI units via a single menu.
For more information on the Management Utility, please refer to the Management
Utility User's Guide on the CDROM included with the unit. (Default = Off.)
Note: Although the Management Utility can be enabled/disabled via either the
Web Browser Interface and Text Interface, the Management Utility can only be
accessed and operated via the Web Browser Interface.
• Scripting Options: Provides access to a submenu that is used to configure
the Command Confirmation and Automated Mode parameters as described in
Section 5.3.5.
Note: In the Text Interface, the Scripting Options submenu is accessed via
item 13. To access the Scripting Options parameters via the Web Browser
Interface, place the cursor over the "General Parameters" link, wait for the flyout
menu to appear, then click on the "Scripting Options" link.
5-6
Basic Configuration
5.3.1. The Real Time Clock and Calendar
The Real Time Clock menu is used to set the AFS-16's internal clock and calendar. The
configuration menu for the Real Time Clock offers the following options:
• Date: The Month, Date, Year and day of the week for the real-time clock/calendar.
• Time: Sets the Hour, Minute and Second for the AFS-16’s real time clock/calendar.
Key in the time using the 24-hour (military) format.
• Time Zone: Sets the time zone, relative to Greenwich Mean Time. Note that the
Time Zone setting will function differently, depending upon whether or not the NTP
feature is enabled and properly configured. (Default = GMT (No DST).)
NTP Enabled: The Time Zone setting is used to adjust the Greenwich Mean
Time value (from the NTP server) in order to determine the precise local time.
NTP Disabled: If NTP is disabled or if the AFS-16 is not able to access the NTP
server, then AFS-16 will list the selected Time Zone and current Real Time Clock
value, but will not apply the correction factor to the displayed Clock value.
• NTP Enable: When enabled, the AFS-16 will contact an NTP server (defined via the
NTP Address prompts) once a day, and update its clock based on the NTP server
time and selected Time Zone. (Default = Off.)
Notes:
• The AFS-16 will also contact the NTP server and update the time whenever
you change NTP parameters.
• To cause AFS-16 to immediately contact the NTP server at any time, make
certain that the NTP feature is enabled and configured, then type /Fand
press [Enter]. When the System Parameters menu appears, press [Esc].
The AFS-16 will save parameters and then attempt to contact the server, as
specified by currently defined NTP parameters.
• Primary NTP Address: Defines the IP address or domain name (up to 64
characters long) for the primary NTP server. (Default = undefined.)
Note: In order to use domain names for web addresses, DNS Server
parameters must first be defined as described in Section 5.9.5.
• Secondary NTP Address: Defines the IP address or domain name (up to 64
characters long) for the secondary, fallback NTP Server. (Default = undefined.)
Note: In order to use domain names for web addresses, DNS Server
parameters must be defined as described in Section 5.9.5.
• NTP Timeout: The amount of time in seconds, that will elapse between each
attempt to contact the NTP server. When the initial attempt is unsuccessful, the
AFS-16 will retry the connection four times. If neither the primary nor secondary
NTP server responds, the AFS-16 will wait 24 hours before attempting to contact the
NTP server again. (Default = 3 Seconds.)
• Test NTP Servers: (Text Interface Only) Allows you to send a time request to the
IP address or domain names defined via the Primary and Secondary NTP Address
prompts, or to a new address or domain defined via the Test NTP Servers submenu.
The AFS-16 will not store the response from the IP address or domain, but will verify
whether or not the target address or domain is an NTP Server.
5-7
Basic Configuration
5.3.2. The Invalid Access Lockout Feature
When properly configured and enabled, the Invalid Access Lockout feature will watch
all login attempts made at the Network Port and RS232 Port. If either port exceeds the
selected number of invalid attempts, then that port will be automatically disabled for a
user-defined length of time (Lockout Duration.) The Invalid Access Lockout feature uses
two separate counters to track invalid access attempts:
• Serial Port Counter: Counts invalid access attempts at the Serial Port. If the
number of invalid attempts at the port exceeds the user-defined Lockout Attempts
value, then the port will be locked.
• Telnet, SSH and Web Browser Counter: Counts all invalid attempts to access
command mode via Telnet, SSH or Web Browser interface. If the number of
cumulative invalid attempts exceeds the user-defined Lockout Attempts value, then
the Network Port will be locked.
Note: In the Web Browser Interface, the Invalid Access Lockout item does
not appear in the System Parameters menu, and is instead accessed via the
General Parameters fly-out menu as described below.
Note that when an Invalid Access Lockout occurs, you can either wait for the Lockout
Duration period to elapse (after which, the AFS-16 will automatically reactivate the port),
or you can issue the /UL command (type /ULand press [Enter]) via the Text Interface to
instantly unlock all of the AFS-16's logical network ports.
Notes:
• When the Invalid Access Lockout Alarm has been enabled as described
in Section 7.4, the AFS-16 can also provide notification via email, Syslog
Message, and/or SNMP trap whenever an Invalid Access Lockout occurs.
• Invalid Access Lockout parameters, defined via the System Parameters
menu, will apply to both the Serial Port and the Network Port.
• When a Serial Port is locked, an external modem connected to that port will
not answer.
• If either the RS232 Port or Network Port are locked, the other port will remain
unlocked, unless the Invalid Access Lockout feature has also been triggered
at that port.
• If any one of the AFS-16’s logical network ports is locked, all other network
connections to the unit will also be locked.
• All invalid access attempts at the AFS-16 Network Port are cumulative (the
count for invalid access attempts is determined by the total number of
all invalid attempts at all 16 logical network ports.) If a valid login name/
password is entered at any of the logical network ports, then the count for all
AFS-16 logical network ports will be restarted.
• If the Network Port has been locked by the Invalid Access Lockout feature, it
will still respond to the ping command (providing that the ping command has
not been disabled at the Network Port.)
5-8
Basic Configuration
In the Text Interface, the Invalid Access Lockout configuration menu is accessed via the
System Parameters menu. In the Web Browser Interface, the Invalid Access Lockout
configuration is accessed via the "General Parameters" link. The Invalid Access Lockout
configuration menus allow you to select the following:
• Lockout Enable: Enables/Disables the Invalid Access Lockout feature.
(Default = On.)
• Lockout Attempts: The number of invalid attempts required in order to activate the
Invalid Access Lockout feature. (Default = 9.)
• Lockout Duration: The length of time that logical network ports will remain locked
when an Invalid Access Lockout occurs. If the duration is set at "Infinite", then ports
will remained locked until the /UL command is issued. (Default = 30 Minutes.)
5.3.3. Log Configuration
This feature allows you to create records of command activity, alarm actions and
temperature readings for the AFS-16 unit. The Log features are enabled and configured
via the System Parameters Menus.
The AFS-16 features three different event logs: the Audit Log, the Alarm Log and the
Temperature Log:
• Audit Log: The Audit log creates a record of all switching activity at the AFS-16
unit, including A/B switching that was initiated by the Ping No Answer feature and
the Input Monitor Alarm. In addition, the Audit Log also includes login/logout
records for all users. Each Log record includes a description of the activity that
caused the A/B switching, the username for the account that initiated the action and
the time date that each event occurred.
• Alarm Log: The Alarm log creates a record of all Alarm Activity at the AFS-16
unit. Each time that an alarm is triggered or cleared, the AFS-16 will generate a
record that lists the time and date of the alarm, the name of the Alarm triggered, a
description of the Alarm and the time and date that the Alarm was cleared.
• Temperature Log: The Temperature Log provides a record of ambient rack
temperature levels over time at the AFS-16 unit. Each Log record will include the
time and date, and the temperature reading.
5-9
Basic Configuration
5.3.3.1. The Audit Log and Alarm Log
The System Parameters menu allows you to select three different configuration
parameters for the Audit Log and Alarm Log. Note that the Audit Log and Alarm Log
function independently, and parameters selected for one log will not be applied to the
other.
• Off: The Log is disabled, and command activity and/or alarm events will not be
logged.
• On - With Syslog: The Log is enabled, and A/B switching and/or alarm events will
be logged. The AFS-16 will generate a Syslog Message every time a Log record is
created. (Default Setting.)
• On - Without Syslog: The Log is enabled, and A/B switching and/or alarm events
will be logged, but the AFS-16 will not generate a Syslog Message every time a Log
record is created.
Notes:
• In order for the Audit Log or Alarm Log to generate Syslog Messages, Syslog
Parameters must first be defined as described in Section 11.
• The Audit Log will truncate usernames that are longer than 22 characters,
and display two dots (..) in place of the remaining characters.
5.3.3.2. The Temperature Log
The System Parameters menu allows you to either enable or disable the Temperature
Log. When the Temperature Log is enabled, the AFS-16 will not log temperature
readings. In the default state, the Temperature Log is enabled.
5.3.3.3. Reading and Erasing Logs
To read the Audit Log, Alarm Log or Temperature log, access the command mode, then
proceed as follows:
• Text Interface: Type /Land press [Enter] to access the Display Log menu. Select
the desired Log from the menu, key in the appropriate number and press [Enter],
and then follow the instructions in the resulting submenu.
• Web Browser Interface:
• Audit Log: Move the cursor over the "Logs" link on the left hand side of the
screen. When the fly-out menu appears, click on the "Audit Log (Display)" or
the "Audit Log (Download)" link and then follow the instructions in the resulting
submenu.
• Alarm Log: Move the cursor over the "Logs" link on the left hand side of the
screen. When the fly-out menu appears, click on the "Alarm Log (Display" or
"Alarm Log (Download)" link and then follow the instructions in the resulting
submenu.
• Temperature Log: Move the cursor over the "Logs" link on the left hand side
of the screen. When the fly-out menu appears, click on the "Temperature Log
(Display)" or "Temperature Log (Download)" link and then follow the instructions
in the resulting submenu.
5-10
Basic Configuration
To erase log data, access command mode via the Text Interface, using an account that
permits Administrator level commands, then type /Land press [Enter] to access the
Display Logs menu and then proceed as follows:
• Audit Log: At the Display Logs menu, type 1and then press [Enter]. When the
Audit Log appears, type Eand press [Enter] to erases the Audit Log.
• Alarm Log: At the Display Logs menu, type 2and then press [Enter]. When the
Alarm Log appears, type Eand press [Enter] to erase the Alarm Log.
• Temperature Log: At the Display Logs menu, type 3and press [Enter]. When the
Temperature Log menu appears, type Eand press [Enter] to erase the
Temperature Log.
Notes:
• The AFS-16 dedicates a fixed amount of internal memory for Audit Log
records, and if log records are allowed to accumulate until this memory
is filled, memory will eventually "wrap around," and older records will be
overwritten by newer records.
• Note that once records have been erased, they cannot be recovered.
5.3.4. Callback Security
The Callback function provides an additional layer of security when callers attempt to
access command mode via modem. When this function is properly configured, modem
users will not be granted immediate access to command mode upon entering a valid
password; instead, the unit will disconnect, and dial a user-defined number before
allowing access via that number. If desired, users may also be required to re-enter the
password after the AFS-16 dials back.
In order for Callback Security to function properly, you must first enable and configure
the feature as described in this section, and then define a callback number for each
desired user account as described in Section 5.5. To access the Callback Security
menu via the Text Interface, type /Fand press [Enter] and then select the Callback
Security option. To access the Callback Security menu via the Web Browser Interface,
place the cursor over the General Parameters link, wait for the flyout menu to appear,
and then Click on the "Callback Security" link.
5-11
Basic Configuration
In both the Text Interface and Web Browser Interface, the Callback Security Menu offers
the following options:
• Callback Enable: This prompt offers five different configuration options for the
Callback Security feature: (Default = On - Callback (Without Password Prompt.)
Off: All Callback Security is disabled.
On - Callback (Without Password Prompt): Callbacks will be performed for
user accounts that include a Callback Number, and the login prompt will not be
displayed when the user’s modem answers. If the account does not include a
Callback Number, that user will be granted immediate access and a Callback will
not be performed.
On - Callback (With Password Prompt): Callbacks will be performed for user
accounts that include a Callback Number, and the login prompt will be displayed
when the user’s modem answers (accounts that include a Callback Number will
be required to re-enter their username/password when their modem answers.) If
the account does not include a Callback Number, then that user will be granted
immediate access and a Callback will not be performed.
On - Callback ONLY (Without Password Prompt): Callbacks will be performed
for user accounts that include a Callback Number, and the username/password
prompt will not be displayed when the user’s modem answers. Accounts that
do not include a Callback Number will not be able to access command mode via
modem.
On - Callback ONLY (With Password Prompt): Callbacks will be performed
for user accounts that include a Callback Number, and the username/password
prompt will be displayed when the user’s modem answers (users will be required
to re-enter their username/password when their modem answers.) Accounts that
do not include a Callback Number will not be able to access command mode
via modem.
• Callback Attempts: The number of times that the AFS-16 will attempt to contact
the Callback number. (Default = 3 attempts.)
• Callback Delay: The amount of time that the AFS-16 will wait between Callback
attempts. (Default = 30 seconds.)
Notes:
• After configuring and enabling Callback Security, you must then define a
callback phone number for each desired user account (as described in
Section 5.5) in order for this feature to function properly.
• When using the "On - Callback (With Password Prompt)" option, it is
important to remember that accounts that do not include a callback number
will be allowed to access command mode without callback verification.
5-12
Basic Configuration
5.3.5. Scripting Options
The Scripting Options submenu provides access to parameters that are used to set up
the AFS-16 unit for running various scripts.
Notes:
• To access Scripting Options parameters via the Text Interface, first type /F
and press [Enter] to display the System Parameters Menu, then key in the
number for the Scripting Options item and press [Enter].
• To access the Scripting Options parameters via the Web Browser Interface,
place the cursor over the "General Parameters" link, wait for the flyout menu
to appear, then click on the "Scripting Options" link.
The Scripting Options menu allows the following parameters to be defined:
• Command Confirmation: This item can be used to suppress the command
confirmation prompt, which is normally displayed before commands are executed.
When Command Confirmation is "Off", the AFS-16 will not display the "Are You
Sure?" prompt before executing commands. (Default = On.)
• Automated Mode: When enabled, the AFS-16 will execute commands without
displaying a confirmation prompt, status screen or confirmation messages. For
more information, please refer to Section 5.3.5.1. (Default = Off.)
Note: When this option is enabled, security functions are suppressed, and
users are able to access configuration menus and control switching without
entering a password. If security is a concern and the Automated Mode is
required, it is recommended to use the IP Security feature (Section 5.9.3) to
restrict access.
5-13
Basic Configuration
5.3.5.1. Automated Mode
The Automated Mode allows the AFS-16 to execute A/B switching commands, without
displaying menus or generating response messages. Automated Mode is designed to
allow the AFS-16 to be controlled by a device which can generate commands to control
power switching functions without human intervention.
When Automated Mode is enabled, A/B switching commands are executed without a
“Sure?” confirmation prompt and without command response messages; the only reply
to these commands is the “AFS>” prompt, which is re-displayed when each command
is completed.
Note that although Automated Mode can be enabled using either the Web Browser
Interface or Text Interface, the Automated Mode is designed primarily for users who wish
to send ASCII commands to the AFS-16 without operator intervention, and therefore
does not specifically apply to the Web Browser Interface. When Automated Mode is
enabled, the Web Browser Interface can still be used to invoke switching commands.
Notes:
• When the Automated Mode is enabled, password prompts will not be
displayed at login, and you will be able to access Administrator Level
command functions (including the configuration menus) and control circuits
without entering a password.
• If you need to enable the Automated Mode, but want to restrict network
access to configuration menus, it is strongly recommended to enable and
configure the IP Security Function as described in Section 5.9.3.
To enable/disable the Automated Mode, go to the System Parameters menu (see
Section 5.3,) and then set the “Automated Mode” option to “On”. When Automated
Mode is enabled, AFS-16 functions will change as follows:
1. All Password Security Suppressed: When a user attempts to access command
mode, the password prompt will not be displayed at either the Console Port
or Network Port. Unless specifically restricted by the IP Security Function, all
users will be allowed to access both switching and configuration functions, and
all commands will be immediately accepted without the requirement to enter a
password.
2. Status Screen Suppressed: The Circuit Status Screen will not be automatically
displayed after commands are successfully executed. Note however, that the /S
command can still be invoked to display the Circuit Status Screen as needed.
3. “Sure?” Prompt Suppressed: All commands are executed without prompting for
user confirmation.
4. Error Messages Suppressed: Most error messages will be suppressed. Note
however, that an error message will still be generated if commands are invoked
using invalid formats or arguments.
All other status display and configuration commands will still function as normal.
5-14
Basic Configuration
5.4. User Accounts
Each time you attempt to access command mode, you will be prompted to enter a
username and password. The username/password entered at login determine which
circuit(s) you will be allowed to control and what type of commands you will be allowed
to invoke. Each username / password combination is defined within a "user account."
The AFS-16 allows up to 128 user accounts; each account includes a username,
password, command access level, circuit access rights, service access rights and an
optional callback number.
5.4.1. Command Access Levels
In order to restrict access to important command functions, the AFS-16 allows you to
set the command access level for each account. The AFS-16 offers four access levels:
Administrator, SuperUser, User and View Only. Command privileges for each account
are set using the "Access Level" parameter in the Add User or Modify User menus.
Each access level grants permission to use a different selection of commands; lower
access levels are restricted from invoking configuration commands, while Administrators
are granted access to all commands. The four access levels are listed below:
• Administrator: Administrators are allowed to invoke all configuration and operation
commands, can view all status screens, and can always direct A/B switching
commands to all AFS-16 Circuit Modules.
• SuperUser: SuperUsers are allowed to invoke A/B switching commands and view
all status screens. SuperUsers can view configuration menus, but are not allowed
to change configuration parameters. SuperUsers are granted access to all AFS-16
Circuit Modules.
• User: Users are allowed to A/B switching commands and view all status screens,
but can only apply commands to the AFS-16 Circuit Modules that they have
been specifically granted access to. In addition, Users are not allowed to view
configuration menus or change configuration parameters.
• ViewOnly: Accounts with ViewOnly access, are allowed to view Status Menus
(with restrictions,) but are not allowed to invoke A/B switching commands, and
cannot view configurations menus or change configuration parameters. ViewOnly
accounts can display Status screens, but can only view the status of the AFS-16
Circuit Modules that are specifically allowed by the account.
Section 17.2 summarizes command access for all four access levels.
In the default state, the AFS-16 includes one predefined account that provides access
to Administrator commands and allows to control of all of the AFS-16's Circuit Modules.
The default username for this account is "super" (lowercase, no quotation marks), and
the password for the account is also "super".
Notes:
• In order to ensure security, it is recommended that when initially setting up
the unit, a new user account with Administrator access should be created,
and the "super" account should then be deleted.
• If the AFS-16 is reset to default parameters, all user accounts will be cleared,
and the default "super" account will be restored.
5-15
Basic Configuration
5.4.2. Granting Circuit Module Access
Each account can be granted access to a different selection of Circuit Modules. Note
also, that several accounts can be allowed access to the Circuit Module. When
accounts are created, the Circuit Access parameter in the Add User or Modify User
menu can be used to grant or deny access to each Circuit Module by that account.
In addition, each command access level is also used to restricts the Circuit Modules that
the account will be allowed to access:
• Administrator: Accounts with Administrator access are always allowed to control
all Circuit Modules. Circuit Module access cannot be disabled for Administrator
level accounts.
• SuperUser: SuperUser accounts allow access to all Circuit Modules. Circuit
Module access cannot be disabled for SuperUser level accounts.
• User: Accounts with User level access are only allowed to access the Circuit
Modules that have been specifically permitted via the "Circuit Access" parameter in
the Add User and Modify User menus.
• ViewOnly: Accounts with ViewOnly access are not allowed to invoke A/B switching
commands. ViewOnly accounts can display the status of Circuit Modules, but are
limited to the Circuit Modules specified by the account.
5-16
Basic Configuration
5.5. Managing User Accounts
The User Directory function is employed to create new accounts, display parameters
for existing accounts, modify accounts and delete accounts. Up to 128 different user
accounts can be created. The "User Directory" function is only available when you have
logged into command mode using an account that permits Administrator commands.
In both the Text Interface and the Web Browser Interface, the user configuration menu
offers the following functions:
• View User Directory: Displays currently defined parameters for any AFS-16 user
account as described in Section 5.5.1.
• Add Username: Creates new user accounts, and allows you to assign a
username, password, command level, Circuit Module access, Circuit Group access,
service access and callback number, as described in Section 5.5.2.
• Modify User Directory: This option is used to edit or change account information,
as described in Section 5.5.3.
• Delete User: Clears user accounts, as described in Section 5.5.4.
Note: After you have finished selecting or editing user account parameters,
make certain to save the new account information before proceeding. In the
Web Browser Interface, click on the "Add User" button to save parameters; in
the Text Interface, press the [Esc] key several times until the AFS-16 displays
the "Saving Configuration" message and the cursor returns to the command
prompt.
5.5.1. Viewing User Accounts
The "View User Directory" option allows you to view details about each account. The
View User option will not display actual passwords, and instead, the password field
will read "defined". The View User Accounts function is only available when you
have accessed command mode using a password that permits Administrator Level
commands.
5.5.2. Adding User Accounts
The "Add Username" option allows you to create new accounts. Note that the Add User
function is only available when you have accessed command mode using a password
that permits Administrator Level commands. The Add User Menu can define the
following parameters for each new account:
• Username: Up to 32 characters long, and cannot include non-printable characters.
Duplicate usernames are not allowed. (Default = undefined.)
• Password: Five to 16 characters long, and cannot include non-printable
characters. Note that passwords are case sensitive. (Default = undefined.)
• Access Level: Determines which commands this account will be allowed to
access. This option can set the access level for this account to "Administrator",
"SuperUser", "User" or "ViewOnly." For more information on Command Access
Levels, please refer to Section 5.4.1 and Section 17.2. (Default = User.)
5-17
Basic Configuration
• Circuit Access: Determines which AFS-16 Circuit Modules this account will be
allowed to access. (Defaults; Administrator & SuperUser = All Circuit Modules On,
User and ViewOnly = All Circuit Modules Off.)
Notes:
• In the Text Interface, Circuit Access is configured by selecting item 4 and
then selecting the desired ports from the resulting submenu.
• In the Web Browser Interface, Circuit Access is configured by clicking on the
"plus" symbol to display the drop down menu, and then selecting the desired
Circuit Modules from the drop down menu.
• Administrator and SuperUser level accounts will always have access to all
Circuit Modules.
• ViewOnly accounts are allowed to display the status of Circuit Modules,
but are limited to the Circuit Modules specified by the account. ViewOnly
accounts are not allowed to invoke A/B Switching commands.
• Circuit Group Access: Determines which Circuit Groups this account will be
allowed to control. Circuit Groups allow you to define a selection of Circuit
Modules, and then quickly assign that group of circuits to accounts. For more
information on Circuit Groups, please refer to Section 5.7. (Default = All Circuit
Groups Off.)
Notes:
• In order to use this feature, Circuit Groups must first be defined as described
in Section 5.7.
• In the Text Interface, Circuit Group Access is configured by selecting item 5
and then selecting the desired Circuit Group(s) from the resulting submenu.
• In the Web Browser Interface, Circuit Group Access is configured by clicking
on the "plus" symbol to display the drop down menu, and then selecting the
desired Circuit Group(s) from the drop down menu.
• Administrator and SuperUser level accounts will always have access to all
Circuit Groups.
• ViewOnly accounts are allowed to display the status of Circuit Groups,
but are limited to the Circuit Groups specified by the account. ViewOnly
accounts are not allowed to invoke A/B switching commands.
• Service Access: Determines whether this account will be able to access command
mode via Serial Port (RS232 Port), Telnet/SSH or Web and whether the account will
have access to the Outbound Telnet feature. For example, if Telnet/SSH Access
is disabled for this account, then this account will not be able to access command
mode via Telnet or SSH. (Default = Serial Port = On, Telnet/SSH = On, Web = On,
Outbound Access = Off.)
5-18
Basic Configuration
• Callback Number: Assigns a number that will be called when this account
attempts to access command mode via modem, and the Callback Security
Function has been enabled as described in Section 5.3.5. (Default = undefined.)
Notes:
• If the Callback Number is not defined, then Callbacks will not be performed
for this user.
• If the Callback Number is not defined for a given user, and the Callback
Security feature is configured to use either of the "On - Callback" options,
then this user will be granted immediate access to command mode via
modem.
• If the Callback Number is not defined for a given user, and the Callback
Security feature is configured to use the "On - Callback ONLY" option, then
this user will not be able to access command mode via Modem.
• When using the "On - Callback (With Password Prompt)" option, it is
important to remember that accounts that do not include a callback number
will be allowed to access command mode without callback verification.
5.5.3. Modifying User Accounts
The "Edit User Directory" function allows you to edit existing accounts in order to change
parameters, circuit access rights or Administrator Command capability. Note that the
Edit/Modify User function is only available when you have accessed command mode
using a password that permits Administrator Level commands.
Once you have accessed the Modify Users menu, use the menu options to redefine
parameters in the same manner employed for the Add User menu, as discussed in
Section 5.5.2.
Note: After you have finished changing parameters, make certain to save the
changes before proceeding. In the Web Browser Interface, click on the "Modify
User" button to save parameters; in the Text Interface, press the [Esc] key
several times until the AFS-16 displays the "Saving Configuration" message.
5.5.4. Deleting User Accounts
This function is used to delete individual user accounts. Note that the Delete User
function is only available when you have accessed command mode using a password
that permits Administrator Level commands.
Notes:
• Deleted accounts cannot be automatically restored.
• The AFS-16 allows you to delete the default "super" account, which is
included to permit initial access to command mode. Before deleting the
"super" account, make certain to create another account that permits
Administrator Access. If you do not retain at least one account with
Administrator Access, you will not be able to invoke Administrator level
commands.
5-19
Basic Configuration
5.6. Circuit Configuration
The Circuit Parameters menu allows you to select parameters for the AFS-16 Circuit
Modules. This allows you to assign names to the A, C, and B connectors on each
Circuit Module, and also define a default A/B setting for each A/B Switch. Note that the
Circuit Parameters menu is only available when you have logged into command mode
using an account that permits Administrator commands. The Circuit Parameters Menu
allows you to define the following parameters:
• Name (Common): Assigns a name to the Common RJ45 connector on the
selected Circuit Module.
• Name (A): Assigns a name to the "A" RJ45 connector on the selected
Circuit Module.
• Name (B): Assigns a name to the "B" RJ45 connector on the selected
Circuit Module.
• Power Up Default: Determines how this A/B Switch will react when the "Default All
Circuits" command (/DF) is invoked, or after power to the unit has been interrupted
and then restored. After the default command is invoked, or power is restored, the
AFS-16 will automatically set each A/B Switch to the "A" or "B" setting as specified
by the Power-Up Default. (Default = "A").
Notes:
• If you have accessed command mode using an account that has
Administrator or SuperUser level command access, then the Default
command will be applied to all Circuit Modules.
• If you have accessed command mode using an account that has User level
command access, then the Default command will only be applied to the
Circuit Modules that are allowed by your account.
• The Default command is not available to ViewOnly level accounts.
5-20
Basic Configuration
5.7. The Circuit Group Directory
The Circuit Group Directory allows you to designate "groups" of circuits that are
dedicated to a similar function, and will most likely be switched at the same time.
Circuit Groups allow you to direct A/B switching commands to a series of circuits,
without addressing each circuit individually. For example, a set selection of AFS circuits
could be assigned to a circuit group named, "Servers". This would allow you to quickly
switch all circuits in the group, by either including the "Servers" Circuit Group name in a
/T command line via the Text Interface, or by using the Circuit Group Control menu via
the Web Browser Interface.
The Circuit Group Directory function is only available when you have logged into
command mode using an account that permits Administrator commands. In both the
Text Interface and the Web Browser Interface, the Circuit Group Directory menu offers
the following functions:
• View Circuit Group Directory: Displays currently defined Circuit Module access
rights for any AFS-16 Circuit Group as described in Section 5.7.1.
• Add Circuit Group to Directory: Creates new Circuit Groups, and allows you to
assign circuit access rights to each group as described in Section 5.7.2.
• Modify Circuit Group Directory: This option is used to edit or change circuit
access rights for each Circuit Group, as described in Section 5.7.3.
• Delete Circuit Group from Directory: Clears Circuit Groups that are no longer
needed, as described in Section 5.7.4.
5.7.1. Viewing Circuit Groups
The "View Circuit Group Directory" option allows you to view the configuration of each
Circuit Group. Note that the View Circuit Group Directory function is only available when
you have accessed command mode using a password that permits Administrator Level
commands.
5-21
Basic Configuration
5.7.2. Adding Circuit Groups
The "Add Circuit Group to Directory" option allows you to create new Circuit Groups and
assign circuit access rights to each group. Note that the Add Circuit Group function is
only available when you have accessed command mode using a password that permits
Administrator Level commands.
The Add Circuit Group Menu can be used to define the following parameters for each
new account:
• Circuit Group Name: Assigns a name to the Circuit Group. (Default = undefined.)
• Circuit Access: Determines which Circuit Modules this Circuit Group will be
allowed to control. (Default = undefined.)
Notes:
• In the Text Interface, Circuit Access is configured by selecting item 2 and
then selecting the desired circuits from the resulting submenu.
• In the Web Browser Interface, Circuit Access is configured by selecting the
desired circuits from a list of all circuits in the Add Circuit Group menu.
• After you have finished defining or editing Circuit Group parameters, make
certain to save the changes before proceeding. In the Web Browser
Interface, click on the "Add Circuit Group" button to save parameters; in the
Text Interface, press the [Esc] key several times until the AFS-16 displays
the "Saving Configuration" message and the cursor returns to the command
prompt.
5.7.3. Modifying Circuit Groups
The "Modify Circuit Group" function allows you to edit existing Circuit Groups in order
to change circuit access rights. Note that this function is only available when you
have accessed command mode using a password that permits Administrator Level
commands.
Once you have accessed the Modify Circuit Group menu, use the menu options to
redefine parameters in the same manner that is used for the Add Circuit Group menu, as
discussed in Section 5.7.2.
Note: After you have finished changing or editing parameters, make certain
to save the changes before proceeding. In the Web Browser Interface, click
on the "Modify Circuit Groups" button to save parameters; in the Text Interface,
press the [Esc] key several times until the AFS-16 displays the "Saving
Configuration" message and the cursor returns to the command prompt.
5.7.4. Deleting Circuit Groups
This function is used to delete individual Circuit Groups. Note that this function is only
available when you have accessed command mode using a password that permits
Administrator Level commands.
Note: Deleted Circuit Groups cannot be automatically restored.
5-22
Basic Configuration
5.8. Serial Port Configuration
The Serial Port Configuration menus allow you to select parameters for the AFS-16
Control Module's RS232 Serial Port.
The Serial Port can be configured for connection to a local PC or Modem. In addition,
the Serial Port Configuration menu can also be used to set communications parameters,
disable Administrator level commands and also select a number of other Serial Port
Parameters described in Section 5.8.2. When responding to prompts, invoking
commands, and selecting items from port configuration menus, note the following:
• Configuration menus are only available to Administrator level accounts.
• If you are configuring the AFS-16 via modem, modem parameters will not be
changed until after you exit command mode and disconnect from the unit.
5.8.1. RS232 Port Modes
The AFS-16 offers two different serial port operation modes:
• Normal Mode: Allows local communication via the Control Module's RS232
Serial Port.
• Modem Mode: Sets up the Control Module's RS232 Port for connection to an
optional external modem. Allows definition of a Hang-Up String, Reset String, and
Initialization String.
5.8.2. The Serial Port Configuration Menu
The Serial Port Configuration menu allows the following parameters to be defined. Note
that all of these parameters are available via both the Text Interface and Web Browser
Interface, and that parameters selected via one interface are also applied to the other.
Notes:
• Configuration menus are only available to Administrator level accounts.
• When configuring the AFS-16 via modem, Modem Mode parameters will not
be changed until after you exit command mode and disconnect from the unit.
Communication Settings:
• Baud Rate: Any standard rate from 300 bps to 115.2K bps. (Default = 9600 bps.)
• Bits/Parity: (Default = 8-None).
• Stop Bits: (Default = 1).
• Handshake Mode: XON/XOFF, RTS/CTS, Both, or None. (Default = RTS/CTS).
General Parameters:
• Administrator Mode: Permits/denies port access to Administrator level accounts.
(Default = Permit).
Note: Administrator Mode cannot be disabled at the Control Module RS232
Serial Port.
• Logoff Character: The Logoff Character determines the command(s) or
character(s) that must be issued at this port in order to disconnect. (Default = ^X.)
5-23
Basic Configuration
• Sequence Disconnect: Enables/Disables and configures the Resident Disconnect
command. This offers the option to disable the Sequence Disconnect, select a one
character format or a three character format. (Default = One Character.)
• Inactivity Timeout: Enables and selects the Timeout Period for this port. If
enabled, the Serial Port will disconnect when no additional data activity is detected
for the duration of the timeout period. (Default = 5 Minutes.)
• Command Echo: Enables/Disables command echo. When disabled, commands
sent to the Serial Port will still be invoked, but keystrokes will not be displayed.
(Default = On.)
• Accept Break: Determines whether the port will accept breaks received from the
attached device. When enabled, breaks received at the port will be passed. When
disabled, breaks will be refused at this port. (Default = On.)
Port Mode Parameters:
• Port Name: Allows you to assign a name to the Serial Port. (Default = undefined.)
• Port Mode: The operation mode for this port. (Default = Normal Mode)
Depending on the Port Mode selected, the AFS-16 will also allow the definition
of additional parameters listed below. In the Text Interface, these parameters are
accessible via a submenu, which will only be active when the appropriate port
mode is selected. In the Web Browser Interface, fields will be "grayed out" unless
the corresponding port mode is selected.
Normal Mode: Permits access to command mode. When Normal Mode is
selected, the following mode specific parameter can also be defined:
DTR Output: Determines how DTR will react when the port disconnects. DTR
can be held low, held high, or pulsed for 0.5 seconds and then held high.
(Default = Pulse.)
Modem Mode: Permits access to command mode and simplifies connection
to an external modem. Modem Mode ports can perform all functions available
in Normal Mode, but Modem Mode also allows definition of a Hang-Up String,
Reset String, and Initialization String:
Modem Reset String: Redefines the modem reset string. The Reset String
can be sent prior to the Initialization string. (Default = ATZ.)
Modem Initialization String: Defines a string that can initialize a modem to
settings required by your application. (Default = AT&C1&D2S0=1&B1&H1&R2)
Modem Hang-Up String: Although the AFS-16 will pulse the DTR line to
hang-up an attached modem, the Hang-Up string is often useful for controlling
modems that do not use the DTR line. (Default = undefined.)
Periodic Reset Value: Determines how often the Reset String will be sent to
the modem at this port. (15 Minutes.)
Note: When communicating with the AFS-16 via modem, these parameters will
not be changed until after you exit command mode and disconnect.
5-24
Basic Configuration
5.9. Network Configuration
The Network Parameters Menus are used to select parameters and options for the
Network Port and also allow you to implement various security and authentication
features.
Although the Web Browser Interface and Text Interface allow definition of essentially the
same parameters, parameters are arranged differently in the two interfaces. In the Text
Interface, most network parameters are defined via one menu. But in the Web Browser
Interface, network parameters are divided into separate menus, which are accessed via
the Network Configuration flyout menu.
To access the Network Parameters Menus, proceed as follows:
Notes:
• Settings for network parameters depend on the configuration of your network.
Please contact your network administrator for appropriate settings.
• The Network Parameters Menu selects parameters for all 16 logical Network
Ports.
• The IP Address, Subnet Address and Gateway Address cannot be changed
via the Web Browser Interface. In order to change these parameters, you
must access the unit via the Text Interface.
• When a new IP Address is selected, or the status of the DHCP feature is
changed, the unit will disconnect and reconfigure itself with the new values
when you exit the Network Parameters Menu. When configuring the unit via
Web or Telnet, make certain your DHCP server is set up to assign a known,
fixed IP address in order to simplify reconnection to the unit after the new
address has been assigned.
• The Network Parameters menu is only available when you have logged into
command mode using an account and port that permit Administrator level
commands (Administrator Mode enabled.)
The Network Parameters menu allows you to define the parameters discussed in the
following sections. Note that although the descriptions of network parameters are
arranged according to the Web Browser Interface, in the Text Interface, most parameters
are included in a single menu.
5-25
Basic Configuration
5.9.1. Network Port Parameters
In the Text Interface, these parameters are found in the main Network Configuration
menu. In the Web Browser Interface, these parameters are found by placing the cursor
over the "Network Configuration" link on the left hand side of the screen, and then
clicking on the "Network Port Parameters" link in the resulting fly-out menu.
• Administrator Mode: Permits/denies port access to accounts that allow
Administrator level commands. When enabled (Permit), the Network Port will
be allowed to invoke Administrator level commands, providing they are issued
by an account that permits them. If disabled (Deny), then accounts that permit
Administrator level commands will not be allowed to access command mode via
the Network Port. (Default = Permit)
• Logoff Character: Defines the Logoff Character for this port. This determines
which command(s) must be issued at this port in order to disconnect from the
RS232 Serial Port. (Default = ^X([Ctrl] plus [X]).)
Note: The Sequence Disconnect parameter can be used to pick a one
character or a three character logoff sequence.
• Sequence Disconnect: Enables/Disables and configures the Resident Disconnect
command. Offers the option to either disable the Sequence Disconnect, or select a
one character, or three character command format. (Default = One Character).
Notes:
• The One Character Disconnect is intended for situations where the
destination port should not receive the disconnect command. When the
Three Character format is selected, the disconnect sequence will pass
through to the destination port prior to breaking the connection.
• When Three Character format is selected, the Resident Disconnect uses the
format "[Enter]LLL[Enter]", where Lis the selected Logoff Character.
• Inactivity Timeout: Enables and selects the Inactivity Timeout period for the
Network Port. If enabled, and the port does not receive or transmit data for the
specified time period, the port will disconnect. (Default = 5 Minutes).
• Command Echo: Enables or Disables the command echo for the Network Port.
(Default = On).
• Accept Break: Determines whether the Network Port will accept breaks received
from the attached device, and pass them along to a connected port. When the
Accept Break parameter is enabled and the Network Port is connected to the
RS232 Serial Port, breaks received at the Network Port will be passed to the Serial
Port. When disabled, breaks will be refused at the Network Port. (Default = On.)
• Multiple Logins: If the AFS-16 is installed in an environment that does not include
communication via an open network (local communication only), then the Multiple
Logins parameter can be used to determine whether or not multiple users will be
able to communicate with the unit at the same time. If this parameter is set to "Off"
then only one user will be allowed to communicate with the unit at a time.
(Default = On.)
Note: The "Multiple Logins" prompt is not included in the Web Browser
Interface.
5-26
Basic Configuration
5.9.2. Network Parameters
In the Text Interface, these parameters are accessed via the Network Configuration
menu (Figure 5.9.) In the Web Browser Interface, these parameters can be found by
clicking the "Network Parameters" link on the left hand side of the screen to display the
Network Parameters menu.
Note: The IP Address, Subnet Mask, Gateway Address and DHCP status
cannot be changed via the Web Browser Interface. In order to change these
parameters, you must access the AFS-16 via the Text Interface.
• IP Address: (Default = 192.168.168.168.)
• Subnet Mask: (Default = 255.255.255.0.)
• Gateway Address: (Default = undefined.)
• DHCP: Enables/Disables Dynamic Host Configuration Protocol. When this option
is "On", the AFS-16 will perform a DHCP request. Note that in the Text Interface, the
MAC address for the AFS-16 is listed on the Network Status Screen.
(Default = Off.)
Note: Before configuring this feature, make certain your DHCP server is set up
to assign a known, fixed IP address. You will need this new IP address in order
to reestablish a network connection with the AFS-16 unit.
• Telnet Access: Enables/disables Telnet access. When Telnet Access is "Off," users
will not be allowed to establish a Telnet connection to the unit. (Default = Off.)
• Telnet Port: Selects the TCP/IP port number that will be used for Telnet
connections. In the Text Interface, this item is defined via a submenu, displayed
when the Telnet Access parameter is selected. (Default = 23.)
• SSH Access: Enables/disables SSH communication. (Default = On.)
• SSH Port: Selects the TCP/IP port number that will be used for SSH connections.
Note that in the Text Interface, this item is defined via a submenu, which is
displayed when the SSH Access parameter is selected (item number 22.)
(Default = 22.)
• HTTP Access (Web Access): Enables/disables the Web Browser Interface.
When disabled, users will not be allowed to contact the unit via the Web Browser
Interface. (Default = Off.)
• HTTP Port: Selects the TCP/IP port number that will be used for HTTP
connections. (Default = 80.)
• HTTPS Access: Enables/disables HTTPS communication. For instructions on
setting up SSL encryption, please refer to Section 14. (Default = Off.)
5-27
Basic Configuration
• HTTPS Port: Selects the TCP/IP port number that will be used for HTTPS
connections. (Default = 443.)
Notes:
• In the Text Interface, HTTP and HTTPS parameters reside in a separate
submenu. To enable and configure HTTP and HTTPS Access via the
Text Interface, access the Network Configuration Menu as described in
Section 5.9, then type 23, press [Enter] and use the resulting submenu
(Figure 14.1) to select parameters as described in Section 14.
• When the Web Access parameter is accessed via the Text Interface, the
resulting submenu will also allow you to select SSL (encryption) parameters
as described in Section 14.
• Harden Web Security: When the Harden Web Security feature is On (default,) only
the high and medium cypher suites for SSLv3 and TLSv1 will be enabled. When
the Harden Web Security feature is Off, all SSL protocols will be enabled, allowing
compatibility with older browsers. Note that in the Text Interface, this option is
enabled/disabled via the Web Access submenu. (Default = On.)
• SYSLOG Address: The IP Address or domain name (up to 64 characters) for the
Syslog Daemon that will receive log records generated by the AFS-16. For more
information, please refer to Section 11. (Default = undefined.)
• Ping Access: Enables/Disables response to the ping command. When Disabled,
the AFS-16 will not respond to Ping commands. Note that disabling Ping Access at
the Network Port will not effect the operation of the Ping-No-Access Alarm.
(Default = On.)
• Outbound Access: Enables/Disables the ability to create outbound Telnet and/
or SSH connections via the AFS-16 Network Port. When enabled, users who
are connected to the AFS-16 command mode via the RS232 Serial Port will be
able to connect to the Network Port, and then invoke the /TELNET and/or /SSH
commands to create an outbound connection. For example, to create an outbound
Telnet connection, first make certain that this option is enabled for both the RS232
Serial Port and the password/account, then access command mode via the Text
Interface at the RS232 Port. At the AFS> prompt, invoke the /TELNET command as
described in Section 10.3. (Default = Off.)
5-28
Basic Configuration
5.9.3. IP Security
The IP Security feature allows the AFS-16 to restrict unauthorized IP addresses from
establishing inbound Telnet connections to the unit. This allows you to grant Telnet
access to only a specific group of IP addresses, or block a particular IP address
completely. In the default state, the AFS-16 accepts incoming IP connections from all
hosts.
In the Text Interface, IP Security parameters are defined via item 5 in the Network
Configuration menu (Figure 5.9.) In the Web Browser Interface, these parameters are
found by clicking the "IP Security" link on the left hand side of the screen. In the default
state, IP Security is disabled.
The IP Security Function employs a TCP Wrapper program which allows the use of
standard, Linux operators, wild cards and net/mask pairs to create a host based access
control list.
The IP Security configuration menus include "hosts.allow" and "hosts.deny" client lists.
Basically, when setting up IP Security, you must enter IP addresses for hosts that you
wish to allow in the Allow list, and addresses for hosts that you wish to deny in the Deny
list. Since Linux operators, wild cards and net/mask pairs are allowed, these lists can
indicate specific addresses, or a range of addresses to be allowed or denied.
When the IP Security feature is properly enabled, and a client attempts to connect, the
AFS-16 will perform the following checks:
1. If the client’s IP address is found in the "hosts.allow" list, the client will be granted
immediate access. Once an IP address is found in the Allow list, the AFS-16 will not
check the Deny list, and will assume you wish to allow that address to connect.
2. If the client’s IP address is not found in the Allow list, the AFS-16 will then proceed
to check the Deny list.
3. If the client’s IP Address is found in the Deny list, the client will not be allowed to
connect.
4. If the client’s IP Address is not found in the Deny list, the client will be allowed to
connect, even if the address was not found in the Allow list.
Notes:
• If the AFS-16 finds an IP Address in the Allow list, it will not check the Deny
list, and will allow the client to connect.
• If both the Allow and Deny lists are left blank, then the IP Security feature will
be disabled, and all IP Addresses will be allowed to connect (providing that
the proper password and/or SSH key is supplied.)
• When the Allow and Deny lists are defined, the user is only allowed to specify
the Client List; the Daemon List and Shell Command cannot be defined.
5-29
Basic Configuration
5.9.3.1. Adding IP Addresses to the Allow and Deny Lists
To add an IP Address to the Allow or Deny list, and begin configuring the IP Security
feature, proceed as follows.
Notes:
• Both the Allow and Deny list can include Linux operators, wild cards, and
net/mask pairs.
• In some cases, it is not necessary to enter all four "digits" of the IP Address.
For example, if you wish to allow access to all IP addresses that begin with
"192," then you would only need to enter "192."
• The IP Security Configuration menu is only available when the Administrator
Mode is active.
• In order to use domain names in the Allow List and/or Deny List, you must
first define IP address(es) for the desired Domain Name Server(s) as
described in Section 5.9.5.
1. Access the IP Security Configuration Menu. In the Text Interface, the IP Security
menu is accessed via the Network Configuration menu. In the Web Browser
Interface, the IP Security Configuration menu is accessed via the Network
Configuration flyout menu.
2. Allow List: Enter the IP Address(es) for the clients that you wish to allow. Note that
if an IP Address is found in the Allow list, the client will be allowed to connect, and
the AFS-16 will not check the Deny list.
a) Text Interface: Note the number for the first empty field in the Allow list, then
type that number at the command prompt, press [Enter], and then follow the
instructions in the resulting submenu.
b) Web Browser Interface: Place the cursor in the first empty field in the
parameters menu, then key in the desired IP Address, operators, wild cards,
and/or net/mask pairs.
3. Deny List: Enter the IP Address(es) for the clients that you wish to deny. Note that
if the client’s IP Address is not found in the Deny List, that client will be allowed to
connect. Use the same procedure for entering IP Addresses described in Step 2
above.
5-30
Basic Configuration
5.9.3.2. Linux Operators and Wild Cards
In addition to merely entering a specific IP address or partial IP address in the Allow or
Deny list, you may also use any standard Linux operator or wild card. In most cases,
the only operator used is "EXCEPT" and the only wild card used is "ALL," but more
experienced Linux users may note that other operators and wild cards may also be
used.
EXCEPT:
This operator creates an exception in either the "allow" list or "deny" list.
For example, if the Allow list includes a line which reads "192. EXCEPT 192.255.255.6,"
then all IP address that begin with "192." will be allowed; except 192.255.255.6
(providing that this address appears in the Deny list.)
ALL:
The ALL wild card indicates that all IP Addresses should be allowed or denied. When
ALL is included in the Allow list, all IP addresses will be allowed to connect; conversely,
if ALL is included in the Deny list, all IP Addresses will be denied (except for IP
addresses listed in the Allow list.)
For example, if the Deny list includes a line which reads "ALL EXCEPT 168.255.192.192,"
then all IP addresses except 168.255.192.192 will be denied (except for IP addresses
that are listed in the Allow list.)
Net/Mask Pairs:
An expression of the form "n.n.n.n/m.m.m.m" is interpreted as a "net/mask" pair. A host
address is matched if "net" is equal to the bitwise AND of the address and the "mask."
For example, the net/mask pattern "131.155.72.0/255.255.254.0" matches every address
in the range "131.155.72.0" through "131.155.73.255."
5.9.3.3. IP Security Examples
1. Mostly Closed: Access is denied by default and the only clients allowed,
are those explicitly listed in the Allow list. To deny access to all clients except
192.255.255.192 and 168.112.112.05, the Allow and Deny lists would be defined as
follows:
• Allow List:
1. 192.255.255.192
2. 168.112.112.05
• Deny List:
1. ALL
5-31
Basic Configuration
2. Mostly Open: Access is granted by default, and the only clients denied access,
are those explicitly listed in the Deny list, and as exceptions in the Allow list. To
allow access to all clients except 192.255.255.192 and 168.112.112.05, the Allow
and Deny lists would be defined as follows:
• Allow List:
1. ALL EXCEPT 192.255.255.192, 168.112.112.05
• Deny List:
1. 192.255.255.192, 168.112.112.05
Notes:
• When defining a line in the Allow or Deny list that includes several IP
addresses, each individual address is separated by either a space, a comma,
or a comma and a space as shown in Example 2 above.
• Take care when using the "ALL" wild card. When ALL is included in the Allow
list, it should always include an EXCEPT operator in order to allow the unit to
proceed to the Deny list and determine any addresses you wish to deny.
5.9.4. Static Route
The Static Route menu allows you to type in Linux routing commands that will be
automatically executed each time that the unit powers up or reboots. In the Text
Interface, the Static Route menu is accessed via the Network Configuration menu. In
the Web Browser Interface, the Static Route menu via the Network Configuration
flyout menu.
5.9.5. Domain Name Server
The DNS menu is used to select IP addresses for Domain Name Servers. When web
and network addresses are entered, the Domain Name Server interprets domain names
(e.g., www.yourcompanyname123.com), and translates them into IP addresses. Note
that if you don't define at least one DNS, then IP addresses must be used, rather than
domain names.
5-32
Basic Configuration
5.9.6. SNMP Access Parameters
These menus are used to select access parameters for the SNMP feature. The SNMP
Access Parameters menus allow the following parameters to be defined:
Note: After you have configured SNMP Access Parameters, you will then be
able to manage the AFS-16's User Directory and display unit status via SNMP, as
described in Section 13.
• Enable: Enables/disables SNMP Polling. (Default = Off.)
Note: This item only applies to external SNMP polling of the AFS-16; it does
not effect the ability of the AFS-16 to send SNMP traps.
• Version: This parameter determines which SNMP Version the AFS-16 will respond
to. For example, if this item is set to V3, then clients who attempt to contact the
AFS-16 using SNMPv2 will not be allowed to connect. (Default = V1/V2 Only.)
• Read Only: Enables/Disables the "Read Only Mode", which controls the ability to
access configuration functions and invoke switching commands. When Enabled,
you will not be able to change configuration parameters or invoke other commands
when you contact the AFS-16 via SNMP. (Default = No.)
Note: In order to define user names for the AFS-16 via your SNMP client, the
Read Only feature must be disabled. When the Read Only feature is enabled,
you will not be able to issue configuration commands to the unit via SNMP.
• Authentication / Privacy: Configures the Authentication and Privacy features
for SNMPv3 communication. The Authentication / Privacy parameter offers two
options, which function as follows:
1. Auth/noPriv: An SNMPv3 username and password will be required at log in,
but encryption will not be used. (Default Setting.)
2. Auth/Priv: An SNMPv3 username and password will be required at log in, and
all messages will be sent using encryption.
Notes:
• The Authentication / Privacy item is not available when the Version parameter
is set to V1/V2.
• If the Version Parameter is set to V1/V2/V3 (all) and Authentication / Privacy
parameter is set to "Auth/Priv", then only V3 data will be encrypted.
• The AFS-16 supports DES encryption, but does not currently support the AES
protocol.
• The AFS-16 does not support "noAuth/noPriv" for SNMPv3 communication.
• SNMPv3 User Name: Sets the User Name for SNMPv3. Note that this option is
not available when the Version parameter is set to V1/V2. (Default = undefined.)
• SNMPv3 Password: Sets the password for SNMPv3. Note that this option is not
available when the Version parameter is set to V1/V2. (Default = undefined.)
• SNMPv3 Password Confirm: This prompt is used to confirm the SNMPv3
password that was entered at the prompt above. Note that this option is not
available when the Version parameter is set to V1/V2. (Default = undefined.)
5-33
Basic Configuration
• Authentication Protocol: Determines which authentication protocol will be used.
The AFS-16 supports both MD5 and SHA1 authentication. (Default = MD5.)
Notes:
• The Authentication Protocol that is selected for the AFS-16 must match the
protocol that your SNMP client will use when querying the AFS-16 unit.
• The Authentication Protocol option is not available when the Version
parameter is set to V1/V2
• SNMP Contact: (Default = undefined.)
• SNMP Location: (Default = undefined.)
• Read Only Community: Note that this parameter is not available when the SNMP
Version is set to V3. (Default = Public.)
• Read/Write Community: Note that this parameter is not available when the SNMP
Version is set to V3. (Default = Public.)
Note: If identical names are defined for the Read Only Community and
Read/Write Community, then the unit will give priority to the Read/Write
Community option.
5.9.7. SNMP Trap Parameters
These menus are used to select parameters that will be used when SNMP traps are
sent. For more information on SNMP Traps, please refer to Section 12. Text Interface
and Web Browser Interface allow the following parameters to be defined:
• SNMP Manager 1: The IP Address for the first SNMP Manager. For more
information, please refer to Section 12. (Default = Undefined.)
Note: In order to enable the SNMP Trap feature, you must define at least one
SNMP Manager.
• SNMP Manager 2: (Default = Undefined.)
• Trap Community: (Default = Public.)
5-34
Basic Configuration
5.9.8. LDAP Parameters
The AFS-16 supports LDAP (Lightweight Directory Access Protocol,) which allows
authentication via the "Active Directory" network Directory Service. When LDAP is
enabled and properly configured, command access rights can be granted to new users
without the need to define individual new accounts at each AFS-16 unit, and existing
users can also be removed without the need to delete the account from each
AFS-16 unit. This type of authentication also allows administrators to assign users
to LDAP groups, and then specify which circuits the members of each group will be
allowed to control at each AFS-16 unit.
In order to apply the LDAP feature, you must first define User Names and associated
Passwords and group membership via your LDAP server, and then access the AFS-16
command mode to enable and configure the LDAP settings and define port access
rights and command access rights for each group that you have specified at the LDAP
server. Note that in order to access the LDAP Parameters menu, you must login to AFS-
16 command mode using a password that permits Administrator level commands.
Notes:
• Circuit access rights are not defined at the LDAP server. They are defined via
the LDAP Group configuration menu on each AFS-16 unit and are specific to
that AFS-16 unit alone.
• When LDAP is enabled and properly configured, LDAP authentication will
supersede any passwords and access rights that have been defined via the
AFS-16 user directory.
• If no LDAP groups are defined on a given AFS-16 unit, then access rights will
be determined as specified by the "default" LDAP group.
• The "default" LDAP group cannot be deleted.
The LDAP Parameters Menu allows the following parameters to be defined:
• Enable: Enables/disables LDAP authentication. (Default = Off.)
• Primary Host: Defines the IP address or domain name (up to 64 characters) for
the primary LDAP server. (Default = undefined.)
• Secondary Host: Defines the IP address or domain name (up to 64 characters) for
the secondary (fallback) LDAP server. (Default = undefined.)
• LDAP Port: Defines the port that will be used to communicate with the LDAP
server. (Default = 389.)
• TLS/SSL: Enables/Disables TLS/SSL encryption. Note that when TLS/SSL
encryption is enabled, the LDAP Port should be set to 636. (Default = Off.)
• Bind Type: Sets the LDAP bind request password type. Note that in the Text
Interface, when the Bind Type is set to "Kerberos" LDAP, the menu will include an
additional prompt (item 14) that is used to select Kerberos parameters as described
in Section 5.9.8.5. In the Web Interface, the button which is used to access the
Kerberos Parameters menu is located at the bottom of the LDAP Parameters Menu.
(Default = Simple.)
• Search Bind DN: Selects the user name who is allowed to search the LDAP
directory. (Default = undefined.)
5-35
Basic Configuration
• Search Bind Password: Sets the Password for the user who is allowed to search
the LDAP directory. (Default = undefined.)
• User Search Base DN: Sets the directory location for user searches.
(Default = undefined.)
• User Search Filter: Selects the attribute that lists the user name. Note that this
attribute should always end with "=%S" (no quotes.) (Default = undefined.)
• Group Membership Attribute: Selects the attribute that lists group
membership(s). (Default = undefined.)
• Group Membership Value Type: (Default = DN.)
• Fallback: Enables/Disables the LDAP fallback feature. When enabled, the
AFS-16 will revert to it's own internal user directory (see Section 5.5) if no defined
users are found via the LDAP server. In this case, port access rights will then be
granted as specified in the default LDAP group. (Default = Off.)
• LDAP Group Setup: Provides access to a submenu, which is used to define LDAP
Groups as described in the Sections 5.9.8.1 through 5.9.8.4.
• LDAP Kerberos Setup: Provides access to the Kerberos Setup menu as described
in Section 5.9.8.5. When the Bind Type is set to "Kerberos", the Kerberos Setup
menu is used to select Kerberos parameters. In the Text Interface, the link to the
Kerberos Setup menu will not be displayed unless the Bind Type is set to Kerberos.
5.9.8.1. Adding LDAP Groups
Once you have defined several users and passwords via your LDAP server, and
assigned those users to LDAP Groups, you must then grant access rights to each LDAP
Group at each AFS-16 unit. In order to add LDAP groups, you must log in to command
mode using a password that permits access to Administrator level commands. The Add
LDAP Group menu allows the following parameters to be defined:
• Group Name: Note that this name must match the LDAP Group names that you
have assigned to users at your LDAP server. (Default = undefined.)
• Access Level: Sets the command access level. For more information, please refer
to Section 5.4.1. (Default = User.)
• Circuit Access: This item is used to select the AFS-16 Circuit Modules that
members of this LDAP group will be allowed to connect. (Default = All Circuits Off.)
• Circuit Group Access: This item is used to determine which Circuit Groups the
members of this LDAP Group will be allowed to control. (Default = undefined.)
• Service Access: This item determines how members of this LDAP Group will be
allowed to access command mode and whether or not they will be able to create
outbound Telnet connections. The Service Access parameter is used to allow
members of this LDAP group to access command mode via Serial Port, Telnet/SSH
or any combination thereof, and also enables/disables Outbound Telnet.
(Default; Serial Port = On, Telnet/SSH = On, Outbound Access = Off.)
Note: After you have defined LDAP Group parameters, make certain to save
the changes before proceeding. In the Web Browser Interface, click on the
"Add LDAP Group" button to save parameters; in the Text Interface, press the
[Esc] key several times until the "Saving Configuration" message is displayed.
5-36
Basic Configuration
5.9.8.2 Viewing LDAP Groups
If you need to examine an existing LDAP group definition, the "View LDAP Groups"
function can be used to review the group's parameters and Circuit Access settings.
5.9.8.3. Modifying LDAP Groups
If you need to modify an existing LDAP Group in order to change parameters or circuit
access rights, the "Modify LDAP Group" function can be used to reconfigure group
parameters. To Modify an existing LDAP Group, access the AFS-16 command mode
using a password that permits access to Administrator Level commands. Once you
have accessed the Modify LDAP Group menu, use the menu options to redefine
parameters in the same manner that is used for the Add LDAP Group menu, as
discussed in Section 5.9.8.1.
Note: After you have defined LDAP Group parameters, make certain to save
the changes before proceeding. In the Web Browser Interface, click on the
"Modify LDAP Group" button to save parameters; in the Text Interface, press the
[Esc] key several times until the "Saving Configuration" message is displayed.
5.9.8.4. Deleting LDAP Groups
The Delete LDAP Group function is used to delete LDAP Groups that are no longer
needed. To delete an existing LDAP Group, you must access command mode using a
password that permits access to Administrator Level commands.
5.9.8.5. LDAP Kerberos Set Up
Kerberos is a network authentication protocol, which provides a secure means of
identity verification for users who are communicating via a non-secure network. To
display the LDAP Kerberos Set Up menu, you must access command mode using a
password that permits access to Administrator Level commands.
The LDAP Kerberos Setup menu allows you to define the following parameters:
• Port: (Default = 88.)
• Realm: (Default = Undefined.)
• Key Distribution Centers (KDC1 through KDC5): (Default = Undefined.)
• Domain Realms 1 through 5: (Default = Undefined.)
5-37
Basic Configuration
5.9.9. TACACS Parameters
The TACACS Configuration Menus offer the following options:
• Enable: Enables/disables the TACACS feature at the Network Port. (Default = Off.)
• Primary Address: Defines the IP address or domain name (up to 64 characters)
for your primary TACACS server. (Default = undefined.)
• Secondary Address: Defines the IP address or domain name (up to 64 characters)
for your secondary, fallback TACACS server (if present.) (Default = undefined.)
• Secret Word: Defines the shared TACACS Secret Word for both TACACS servers.
(Default = undefined.)
• Fallback Timer: Determines how long the AFS-16 will continue to attempt to
contact the primary TACACS Server before falling back to the secondary TACACS
Server. (Default = 15 Seconds.)
• Fallback Local: Determines whether or not the AFS-16 will fallback to its own
password/username directory when an authentication attempt fails. When enabled,
the AFS-16 will first attempt to authenticate the password by checking the TACACS
Server; if this fails, the AFS-16 will then attempt to authenticate the password by
checking its own internal username directory. This Parameter offers three options:
Off: Fallback Local is disabled (Default.)
On (All Failures): Fallback Local is enabled, and the unit will fallback to it's own
internal user directory when it cannot contact the TACACS Server, or when a
password or username does not match the TACACS Server.
On (Transport Failure): Fallback Local is enabled, but the unit will only fallback
to it's own internal user directory when it cannot contact the TACACS Server.
• Authentication Port: The port number for the TACACS function. (Default = 49.)
• Default User Access: When enabled, this parameter allows TACACS users to
access the AFS-16 command mode without first defining a TACACS user account
on the AFS-16. When new TACACS users access the AFS-16 command mode,
they will inherit the default Access Level, Circuit Access, Circuit Group Access and
Service Access that are defined via the items listed below: (Default = On.)
Access Level: Selects the default Access Level setting for new TACACS users.
This option can set the default access level to "Administrator", "SuperUser",
"User" or "ViewOnly." For more information on Command Access Levels, please
refer to Section 5.4.1 and Section 17.2. (Default = User.)
5-38
Basic Configuration
Circuit Access: Selects the default Circuit Access setting for new TACACS
users. The Circuit Access setting determines which Circuit Module(s) each
account will be allowed to control. (Defaults; Administrator and SuperUser =
All Circuits On, User = All Circuits Off, ViewOnly = All Circuits Off.)
Notes:
• Administrator and SuperUser level accounts always have access to all
circuits.
• User level accounts will only have access to the circuits that are defined via
the "Circuit Access" parameter.
• ViewOnly accounts are not allowed to invoke switching commands.
Circuit Group Access: Selects the default Circuit Group Access setting for
new TACACS users. For more information on Circuit Groups, please refer to
Section 5.6. (Defaults; Administrator and SuperUser = All Circuit Groups On,
User = All Circuit Groups Off, ViewOnly = All Circuit Groups Off.)
Notes:
• In order to use this feature, Circuit Groups must first be defined as described
in Section 5.6.
• Administrator and SuperUser level accounts will always have access to all
Circuit Groups.
• User Level accounts will only have access to the Circuit groups that are
defined via the Circuit Group Access parameter.
• ViewOnly accounts are not allowed to invoke switching commands.
Service Access: Selects the default Service Access setting for new TACACS
users. The Service Access setting determines whether each account will be
able to access command mode via Serial Port, Telnet/SSH or Web. In addition,
the Service Access setting also determines whether each account will be able
to employ the Outbound Access function. For example, if Telnet/SSH Access is
disabled, then the default setting for new TACACS accounts will not allow access
to command mode via Telnet or SSH. (Default = Serial Port = On, Telnet/SSH =
On, Web = On.)
Note: If Outbound Access has been disabled via the Network Parameters
menu, then the Service Access parameter will not be allowed to grant Outbound
Access to new TACACS users.
5-39
Basic Configuration
5.9.10. RADIUS Parameters
The RADIUS Configuration Menus offer the following options:
• Enable: Enables/disables the RADIUS feature at the Network Port. (Default = Off.)
• Primary Address Defines the IP address or domain name (up to 64 characters
long) for your primary RADIUS server. (Default = undefined.)
• Primary Secret Word: Defines the RADIUS Secret Word for the primary RADIUS
server. (Default = undefined.)
• Secondary Address: Defines the IP address or domain name (up to 64 characters)
for your secondary, fallback RADIUS server (if present.) (Default = undefined.)
• Secondary Secret Word: Defines the RADIUS Secret Word for the secondary
RADIUS server. (Default = undefined.)
• Fallback Timer: Determines how long the AFS-16 will continue to attempt to
contact the primary RADIUS Server before falling back to the secondary RADIUS
Server. (Default = 3 Seconds.)
• Fallback Local: Determines whether or not the AFS-16 will fallback to its own
password/username directory when an authentication attempt fails. When enabled,
the AFS-16 will first attempt to authenticate the password by checking the RADIUS
Server; if this fails, the AFS-16 will then attempt to authenticate the password by
checking its own internal username directory. This parameter offers three options:
Off: Fallback Local is disabled (Default.)
On (All Failures): Fallback Local is enabled, and the unit will fallback to it's
own internal user directory when it cannot contact the Radius Server, or when a
password or username does not match the Radius Server.
On (Transport Failure): Fallback Local is enabled, but the unit will only fallback
to it's own internal user directory when it cannot contact the Radius Server.
• Retries: Determines how many times the AFS-16 will attempt to contact the
RADIUS server. Note that the retries parameter applies to both the Primary RADIUS
Server and the Secondary RADIUS Server. (Default = 3.)
• Authentication Port: The Authentication Port number for the RADIUS function.
(Default = 1812.)
• Accounting Port: The Accounting Port number for the RADIUS function.
(Default = 1813.)
• Debug: (Text Interface Only) When enabled, the AFS-16 will put RADIUS debug
information into Syslog. (Default = Off.)
5-40
Basic Configuration
5.9.10.1.
Dictionary Support for RADIUS
The RADIUS dictionary file can allow you to define a user and assign command access
rights and port access rights from a central location. The RADIUS dictionary file,
"dictionary.wti" is included on the CDROM along with this user's guide. To install the
dictionary file on your RADIUS server, please refer to the documentation provided with
your server; some servers will require the dictionary file to reside in a specific directory
location, others will require the dictionary file to be appended to an existing RADIUS
dictionary file. The WTI RADIUS dictionary file provides the following commands:
• WTI-Super- Sets the command access level for the user. This command provides
the following arguments:
0= ViewOnly
1= User
2= SuperUser
3= Administrator
For example, in order to set command access level to "SuperUser", the command
line would be:
WTI-Super="2"
• WTI-Circuit-Access- Determines which circuit(s) the user will be allowed to
access. This command provides an argument that consists of a four character
string, with one character for each the AFS-16's Circuit Modules. The following
options are available for each switched circuit:
0= Off (Deny Access)
1= On (Allow Access)
For example, to allow access to Circuits 2 and 4, the command line would be:
WTI-Circuit-Access="0101"
• WTI-Group-Access- Determines which Circuit Group(s) the user will be allowed
to access. The argument for this command includes a character for each, defined
Circuit Group, with the first character in the string being used to represent the first
Circuit Group defined, and the last character in the string representing the last
Circuit Group defined. The following options are available for each Circuit Group:
0= Off (Deny Access)
1= On (Allow Access)
For example, to allow access to the first three defined Circuit Groups out of a total
of six defined Circuit Groups, the command line would be:
WTI-Group-Access="111000"
Example:
The following command could be used to set the command access level to "User", allow
access to Circuits 1 and 2, and also allow access to the first two of five defined
Circuit Groups:
tom Auth-Type:=Local, User-Password=="tom1"
Login-Service=Telnet,
Login-TCP-Port=Telnet,
User-Name="HARRY-tom",
WTI-Super="1",
WTI-Circuit-Access="1100",
WTI-Group-Access="11000",
5-41
Basic Configuration
5.9.11. Email Messaging Parameters
The Email Messaging menu is used to define parameters for email messages that the
AFS-16 can send to notify you when an alarm is triggered. To define email message
parameters, you must access the AFS-16 Command Mode using a password that
permits access to Administrator Level commands.
The Email Configuration menu offers the following options:
• Enable: Enables/Disables the Email Messaging feature. When disabled, the
AFS-16 will not be able to send email messages when an alarm is generated.
(Default = On.)
• SMTP Server: This prompt is used to define the address of your SMTP Email
server. (Default = 192.168.100.43.)
• Port Number: Selects the TCP/IP port number that will be used for email
connections. (Default = 25.)
• Domain: The domain name for your email server. (Default = undefined.)
Note: In order to use domain names, you must first define Domain Name
Server parameters as described in Section 5.9.5.
• User Name: The User Name that will be entered when logging into your email
server. (Default = undefined.)
• Password: The password that will be used when logging into your email server.
(Default = undefined.)
• Auth Type: The Authentication type; the AFS-16 allows you to select None, Plain,
Login, or CRAM-MD5 Authentication. (Default = Plain.)
• From Name: The name that will appear in the "From" field in email sent by the AFS-
16. (Default = undefined.)
• From Address: The email address that will appear in the "From" field in email sent
by the AFS-16. (Default = undefined.)
• To Address: The address(es) that will receive email messages generated by the
AFS-16. Note that up to three "To" addresses may be defined, and that when Alarm
Configuration parameters are selected as described in Section 7, you may then
designate one, two or all three of these addresses as recipients for email messages
that are generated by the alarms. (Default = undefined.)
• Send Test Email: Sends a test email, using the parameters that are currently
defined for the Email configuration menu.
Note: The "Send Test Email" function is only available via the Text Interface.
5-42
Basic Configuration
5.10. Save User Selected Parameters
It is strongly recommended to save all user-defined parameters to an ASCII file as
described in Section 15. This will allow quick recovery in the event of accidental
deletion or reconfiguration of port parameters.
When changing configuration parameters via the Text Interface, make certain that the
AFS-16 has saved the newly defined parameters before exiting from command mode.
To save parameters, press the [Esc] key several times until you have exited from all
configuration menus and the AFS-16 displays the "Saving Configuration" menu and
the cursor returns to the command prompt. If newly defined configuration parameters
are not saved prior to exiting from command mode, then the AFS-16 will revert to the
previously saved configuration after you exit from command mode.
5.10.1. Restore Configuration
If you make a mistake while configuring the AFS-16 unit, and wish to return to the
previously saved parameters, the Text Interface's "Reboot System" command (/I) offers
the option to reinitialize the unit using previously backed up parameters. This allows
you to reset the unit to previously saved parameters, even after you have changed
parameters and saved them.
Notes:
• The AFS-16 will automatically backup saved parameters once a day, shortly
after Midnight. This configuration backup file will contain only the most
recently saved AFS-16 parameters, and will be overwritten by the next night's
daily backup.
• When the /I command is invoked, a submenu will be displayed which
offers several Reboot options. Option 4 is used to restore the configuration
backup file. The date shown next to Option 4 indicates the date that you last
changed and saved unit parameters.
• If the daily automatic configuration backup has been triggered since the
configuration error was made, and the previously saved configuration has
been overwritten by newer, incorrect parameters, then this function will not
be able to restore the previously saved (correct) parameters.
To restore the previously saved configuration, proceed as follows:
1. Access command move via the Text Interface, using a username/password that
permits access to Administrator level commands (see Section 5.1.1.)
2. At the AFS command prompt, type /Iand press [Enter]. The AFS-16 will display a
submenu that offers several different reboot options.
3. At the submenu, you may choose either Item 4 (Reboot & Restore Last Known
Working Configuration.) Type 4, and then press [Enter].
4. The AFS-16 will reboot and previously saved parameters will be restored.
5-43
6. Ping-No-Answer Fallback Switching
The Ping-No-Answer function can be used to automatically switch one or more circuit
modules when an attached device fails to respond to a Ping Command. In addition,
the Ping-No-Answer function can also be configured to send an email, text message,
Syslog Message or SNMP Trap to notify you whenever a Ping-No-Answer Action occurs.
Please refer to Section 7.3 for instructions on setting up email alarm notification for
Ping-No-Answer Actions.
To set up a Ping-No-Answer Profile, access command mode using a password that
permits Administrator level commands and then proceed as follows:
• Text Interface: Type /PNAand press [Enter] to display the Ping-No-Answer
Directory menu. From the Ping-No-Answer Directory Menu, you can Add, Modify,
View or Delete Ping-No-Answer Profiles as described in the Sections that follow.
• Web Browser Interface: Click on the "Ping-No-Answer Configuration" link on the
left hand side of the screen to display the Ping-No-Answer Directory menu. From
the Ping-No-Answer Directory menu, you can Add, Modify, View or Delete Ping-No-
Answer Profiles.
Note: After defining or editing Ping-No-Answer parameters, make certain
to save the changes before proceeding. In the Web Browser Interface, click
on the "Add Ping No Answer" button to save parameters; in the Text Interface,
press [Esc] several times until the AFS-16 displays the "Saving Configuration"
message and the cursor returns to the command prompt.
6.1. Adding Ping-No-Answer Profiles
Up to 54 Ping-No-Answer Profiles can be defined. The Add Ping-No-Answer menu is
used to define the following parameters for each new Ping-No-Answer Profile:
• IP Address or Domain Name: The IP address or Domain Name for the device
that you wish to Ping. When the device at this address fails to respond to the Ping
command, the AFS-16 will switch the selected circuits. (Default = undefined.)
Note: In order to use domain names, DNS Server parameters must first be
defined as described in Section 5.9.5.
• Ping Interval: Determines how often the Ping command will be sent to the
selected IP Address. The Ping Interval can be any whole number, from 1 to 2,800
minutes. (Default = 15 Minutes.)
• Interval After Failed Ping: Determines how often the Ping command will be sent
after a previous Ping command receives no response. (Default = 1 Minute.)
• Ping Delay After PNA Action: Determines how long the AFS-16 will wait to send
additional Ping commands, after Ping-No-Answer A/B switching has been initiated.
(Default = 15 Minutes.)
6-1
Ping-No-Answer Fallback Switching
• Consecutive Failures: Determines how many consecutive failures of the Ping
command must be detected in order to initiate Ping-No-Answer fallback switching.
For example, if this value is set to "3", then after three consecutive Ping failures, the
specified Circuit Module(s) will then be switched. (Default = 3.)
• Toggle: Enables/Disables the Ping-No-Answer Fallback function for the specified
IP address. When enabled, the AFS-16 will switch the selected circuit(s) or Circuit
Group(s) when the target device fails to respond to a ping command. When
disabled, the AFS-16 will not switch the specified circuit(s) when a ping failure is
detected, but will continue to notify you via Email, Syslog Message and/or SNMP
Trap, providing that parameters for these functions have been defined as described
in Section 5.9 and the Ping-No-Answer Answer alarm has been enabled as
described in Section 7.3. (Default = No.)
Notes:
• In order for Email/Text Message Notification to function, you must first define
Email/Text Message parameters as described in Section 5.9.11.
• In order for Syslog Message Notification to function, you must first define a
Syslog Address as described in Section 5.9.2.
• In order for SNMP Trap Notification to function, you must first define SNMP
parameters as described in Section 5.9.7.
• Circuit Access: Determines which Circuit Modules will be switched when the IP
address for this Ping-No-Answer Profile does not respond. Note that in the Text
Interface, Circuit Access is defined via a separate submenu; in the Web Browser
Interface, Circuit Access is defined via a drop down menu, which is accessed by
clicking on the "plus" sign in the "Configure Circuit Access" field.
(Default = undefined.)
• Circuit Group Access: Determines which Circuit Group(s) this Ping-No-Answer
Profile will be applied to. Note that in the Text Interface, Circuit Group Access
is defined via a separate submenu; in the Web Browser Interface, Circuit Group
Access is defined via a drop down menu, which is accessed by clicking on the
"plus" sign. (Default = undefined.)
• PNA Action: Determines how the AFS-16 will react when the IP address fails to
respond. The PNA Action parameter allows you to select either a Continuous
action or a Single Action as described below: (Default = Continuous.)
• Continuous: (Default) The AFS-16 will continuously restart the PNA Check cycle
at the specified circuit(s) or group(s) until the IP address responds.
• Single: The AFS will switch the specified circuit(s) or group(s) only once when
the IP Address fails to respond to a ping command.
• Ping Test: (Text Interface Only) Sends a test Ping command to the IP Address or
domain name that has been defined for this Ping-No-Answer Profile.
6-2
Ping-No-Answer Fallback Switching
6.2. Viewing Ping-No-Answer Profiles
After you have defined one or more Ping-No-Answer profiles, you can review the
parameters selected for each profile using the View Ping-No-Answer feature. To view
the configuration of an existing Ping-No-Answer profile, you must access command
mode using a password that allows Administrator level commands.
6.3. Modifying Ping-No-Answer Profiles
After you have defined a Ping-No-Answer profile, you can modify the configuration
of the profile using the Modify Ping-No-Answer function. To modify the configuration
of an existing Ping-No-Answer profile, you must access the command mode using a
password that allows Administrator level commands. The AFS-16 will display a screen
which allows you to modify parameters for the selected Ping-No-Answer Profile. Note
that this screen functions identically to the Add Ping-No-Answer menu, as discussed in
Section 6.1.
6.4. Deleting Ping-No-Answer Profiles
After you have defined one or more Ping-No-Answer profiles, you can delete profiles that
are no longer needed using the Delete Ping-No-Answer feature. To delete an existing
Ping-No-Answer profile, you must access the command mode using a password that
allows Administrator level commands.
6-3
7. Alarm Configuration
The AFS-16 can generate alarms when temperature readings exceed user-defined
trigger levels, when input voltage is lost and then restored to the unit, when a Ping-No-
Answer condition is detected and when the Invalid Access Lockout feature is triggered.
In addition, the AFS-16 can also generate an alarm when the Monitor/Alarm Input
feature detects a signal change at the Control Module AUX connector. When any of
these conditions are detected, the AFS-16 can send an "Alarm" to the proper personnel
via Email, Syslog Message or SNMP trap.
Notes:
• In order to send alarm notification via email or text message, email addresses
and parameters must first be defined as described in Section 5.9.11.
Email alarm notification will then be sent for all alarms that are enabled as
described in this Section.
• In order to send alarm notification via Syslog Message, a Syslog address
must first be defined as described in Section 5.9.2. Once the Syslog address
has been defined, Syslog Messages will be sent for every alarm discussed
in this Section, providing that the Trigger Enable parameter for the alarm has
been set to "On."
• In order to send alarm notification via SNMP Trap, SNMP Trap parameters
must first be defined as described in Section 5.9.7. Once SNMP Trap
Parameters have been defined, SNMP Traps will be sent for every alarm
discussed in this Section, providing that the Trigger Enable parameter for the
alarm has been set to "On."
• After defining parameters via the Text Interface, make certain to press the
[Esc] key several times to completely exit from the configuration menu
and save newly defined parameters. When parameters are defined via the
Text Interface, newly defined parameters will not be saved until the "Saving
Configuration" message is displayed.
To configure the AFS-16's Alarm functions, first access command mode using a
password that allows Administrator level commands. If you are communicating with the
unit via the Text Interface, type /AC and then press [Enter]. If you are communicating via
the Web Browser Interface, click on the "Alarm Configuration" link on the left hand side
of the screen. The Alarm Configuration Menu will be displayed.
7-1
Alarm Configuration
AUX Connector
1
0
Pin Out
Pin
3
2
Signal
Normally Closed
Common
1
Normally Open
Back Edge of
Control Card
Figure 7.1: Control Module AUX Connector - Output Contacts
7.1. The Output Contacts
In addition to providing notification when an alarm is generated, the Over Temperature
Alarms, Ping-No-Answer Alarm, Invalid Access Lockout Alarm and Monitor Input Alarm
all offer the option to switch the output contacts on the Control Module AUX Connector
when an alarm is triggered. The output contacts can then be used to activate an
audible alarm or other device in response to these alarms.
When the Contact Output Enable parameter is enabled for any of these alarms, the
Common line will be switched from the Normally Closed contact to the Normally Open
contact in order to drive an attached device.
Figure 7.1 above shows the location of the Normally Closed, Common and Normally
Open contacts on the Control Module AUX Connector.
7-2
Alarm Configuration
7.2. The Over Temperature Alarms
The Over Temperature Alarms are designed to inform you when the temperature level
inside your equipment rack reaches or exceeds certain user-defined levels. There
are two separate Over Temperature Alarms; the Initial Threshold alarm and the Critical
Threshold Alarm.
Typically, the Initial Threshold alarm is used to notify you when the temperature within
your equipment rack reaches a point where you might want to investigate it, whereas the
Critical Threshold alarm is used to notify you when the temperature approaches a level
that may harm equipment or inhibit performance. The trigger for the Initial Threshold
alarm is generally set lower than the Critical Threshold alarm.
If the user-defined trigger levels for temperature are exceeded, the AFS-16 can also
enable the Contact Output on the AFS-16 Control Module's AUX connector.
To configure the Over Temperature Alarms, access the AFS-16 command mode using
a password that permits Administrator Level commands, and then use the Alarm
Configuration menu to select the desired alarm feature.
Note that both the Initial Threshold menus and Critical Threshold menus offer essentially
the same set of parameters, but the parameters defined for each alarm are separate
and unique. Therefore, parameters defined for the Critical Threshold Alarm will not be
applied to the Initial Threshold Alarm and vice versa.
Both the Over Temperature (Initial Threshold) alarm and the Over Temperature (Critical
Threshold) alarm offer the following parameters:
• Trigger Enable: Enables/Disables the trigger for this alarm. When Disabled, this
alarm will be suppressed. (Default = On.)
Note: To cancel an alarm without correcting the condition that caused the
alarm, simply toggle the Trigger Enable parameter Off and then back On again.
Alarm Set Threshold: The trigger level for this alarm. When temperature
exceeds the Alarm Set Threshold, the AFS-16 can send an alarm (if enabled.)
(Initial Threshold: Default = 90°F or 32°C, Critical Threshold: Default = 100°F or
38°C.)
Alarm Clear Threshold: Determines how low the temperature must drop in
order for the Alarm condition to be cancelled. (Initial Threshold: Default = 80°F
or 27°C, Critical Threshold: Default = 90°F or 38°C.)
Note: The System Parameters menu is used to set the temperature format for
the AFS-16 unit to either Fahrenheit or Celsius as described in Section 5.3.
• Resend Delay: Determines how long the AFS-16 will wait to resend a message
generated by this alarm, when the initial attempt to send notification was
unsuccessful. (Default = 60 Minutes.)
• Notify Upon Clear: When this item is enabled, the AFS-16 will send additional
notification when the situation that caused the alarm has been corrected. For
example, when Notify Upon Clear is enabled, the AFS-16 will send initial notification
when it detects that the temperature has exceeded the trigger value, and then send
a second notification when it determines that the temperature has fallen below the
trigger value. (Default = On.)
7-3
Alarm Configuration
• Email Message: Enables/Disables email notification for this alarm. (Default = On.)
Note: If either of the "Copy to All Triggers" options is selected, then email
notification for other alarms will be switched On or Off as indicated by this
parameter.
Address 1, 2, and 3: These parameters are used to determine which of the
three email addresses defined via the "Email Messages" menu will receive
the email alarm notification messages generated by this alarm. The Address
parameters can be used to select one, or any combination of the addresses
defined via the Email Messages menu. (Default = All On.)
Note: If Email addresses have been previously defined, then the text under the
parameters will list the current, user defined email addresses.
• Subject: This parameter is used to define the text that will appear in the "Subject"
field for all email notification messages generated by this alarm. (Default = "Alarm:
Over Temperature (Initial)" or "Alarm: Over Temperature (Critical)".)
• Contact Output Enable: Activates/deactivates the Output Contacts on the
AFS-16 Control Module AUX Connector. When the Contact Output Enable
parameter is set to "On", the Common line will be switched from the Normally
Closed contact to the Normally Open contact when an Over-Temperature Alarm
is generated. For more information on the Output Contacts, please refer to
Section 7.1. (Default = On.)
Note: If either of the "Copy to All Triggers" options is selected, then the Contact
Output Enable parameter for other alarms will also be enabled or disabled as
specified by this parameter.
7-4
Alarm Configuration
7.3. The Ping-No-Answer Alarm
The Ping-No-Answer Alarm is intended to provide notification when one of the IP
addresses defined via the Ping-No-Answer function (as described in Section 6) fails
to respond to a Ping command. When one of the user-defined IP addresses fails
to answer a Ping command, the AFS-16 can provide notification via Email, Syslog
Message or SNMP Trap.
Notes:
• In order for this alarm to function, IP Addresses for the Ping-No-Answer
function must first be defined as described in Section 6.1.
• When a Ping-No-Answer condition is detected, the AFS-16 can still switch
the user-selected Circuit Module(s) as described in Section 6, and can also
send an email, Syslog Message and/or SNMP trap if properly configured as
described in this section.
7.3.1. Defining Ping-No-Answer IP Addresses
In order for the Ping-No-Answer Alarm to function, you must first define at least one
Ping-No-Answer profile as described in Section 6. To define a Ping-No-Answer profile
and associated IP address, proceed as described in Section 6.
Note: To define Ping-No-Answer IP addresses for the Ping-No-Answer Alarm,
without enabling the A/B switching function, make certain that the "Toggle"
option in the Add Ping-No-Answer Profile menu is set to "No."
7.3.2. Configuring the Ping-No-Answer Alarm
To configure the Ping-No-Answer Alarm, you must access the AFS-16 command mode
using a password that permits Administrator Level commands. The Ping-No-Answer
alarm configuration menu offers the following parameters:
• Trigger Enable: Enables/Disables the trigger for this alarm. When Disabled, this
alarm will be suppressed. (Default = On.)
Note: To cancel an alarm without correcting the condition that caused the
alarm, simply toggle the Trigger Enable parameter to Off and then back On
again.
• Resend Delay: Determines how long the AFS-16 will wait to resend an email
message generated by this alarm, when the initial attempt to send the notification
was unsuccessful. (Default = 60 Minutes.)
• Notify Upon Clear: When this item is enabled, the AFS-16 will send additional
notification when the situation that caused the alarm has been corrected. For
example, when Notify Upon Clear is enabled, the AFS-16 will send initial notification
when it detects that a Ping command has failed, and then send a second
notification when it determines that the IP address is again responding to the Ping
command. (Default = On.)
7-5
Alarm Configuration
• Email Message: Enables/Disables email notification for this alarm. (Default = On.)
Note: If either of the "Copy to All Triggers" options is selected, then email
notification for other alarms will be switched On or Off as indicated by this
parameter.
Address 1, 2, and 3: These parameters are used to determine which of the
three email addresses defined via the "Email Messages" menu will receive
the email alarm notification messages generated by this alarm. The Address
parameters can be used to select one, or any combination of the addresses
defined via the Email Messages menu. (Default = All On.)
Note: If Email addresses have been previously specified, then the text under
the parameters will list the current, user defined email addresses.
• Subject: This parameter is used to define the text that will appear in the "Subject"
field for all email notification messages that are generated by this alarm.
(Default = "Alarm: Ping-No-Answer")
• Contact Output Enable: Activates/deactivates the Output Contacts on the
AFS-16 Control Module AUX Connector. When the Contact Output Enable
parameter is set to "On", the Common line will be switched from the Normally
Closed contact to the Normally Open contact when a Ping-No-Answer Alarm
is generated. For more information on the Output Contacts, please refer to
Section 7.1. (Default = On.)
Note: If either of the "Copy to All Triggers" options is selected, then the Contact
Output Enable parameter for other alarms will also be enabled or disabled as
specified by this parameter.
7-6
Alarm Configuration
7.4. The Invalid Access Lockout Alarm
The Invalid Access Lockout Alarm can provide notification when the AFS-16 has locked
a port due to repeated, invalid attempts to access command mode. Normally, the
Invalid Access Lockout feature (discussed in Section 5.3.2) will lock a port whenever the
AFS-16 detects that a user-defined number of invalid passwords have been entered at
the port. When the Invalid Access Lockout Alarm is properly configured and enabled
as described in this section, the AFS-16 can also provide notification via Email, Syslog
Message or SNMP Trap.
Notes:
• In order for this alarm to function, Invalid Access Lockout parameters must
first be configured and enabled as described in Section 5.3.2.
• When an Invalid Access Lockout occurs, the AFS-16 can still lock the
network port as described in Section 5.3.2, and can also send an email,
Syslog Message and/or SNMP trap if properly configured.
• If desired, the AFS-16 can be configured to count Invalid Access attempts
and provide notification when the counter exceeds a user defined trigger
level, without actually locking the port in question. To do this, enable the
Invalid Access Lockout Alarm as described here, but when you configure
Invalid Access Lockout parameters as described in Section 5.3.2, set the
Lockout Attempts and Lockout Duration as you would normally, and then set
the "Lockout Enable" parameter to "Off."
To configure the Invalid Access Lockout Alarm, you must access the AFS-16 command
mode using a password that permits Administrator Level commands. The Invalid
Access Lockout alarm configuration menu offers the following parameters:
• Trigger Enable: Enables/Disables the trigger for this alarm. When Disabled, this
alarm will be suppressed. (Default = On.)
Note: To cancel an alarm without unlocking the port, simply toggle the Trigger
Enable parameter Off and then back On again.
• Resend Delay: Determines how long the AFS-16 will wait to resend an email
message generated by this alarm, when the initial attempt to send the notification
was unsuccessful. (Default = 60 Minutes.)
• Notify Upon Clear: When this item is enabled, the AFS-16 will send additional
notification when the situation that caused the alarm has been corrected. For
example, when Notify Upon Clear is enabled, the AFS-16 will send initial notification
when it detects that an Invalid Access Lockout has occurred, and then send a
second notification when it determines that the port has been unlocked.
(Default = On.)
7-7
Alarm Configuration
• Email Message: Enables/Disables email notification for this alarm. (Default = On.)
Note: If either of the "Copy to All Triggers" options is selected, then email
notification for other alarms will be switched On or Off as indicated by this
parameter.
Address 1, 2, and 3: These parameters are used to determine which of
the three email addresses defined via the "Email Messages" menu (see
Section 5.9.11) will receive the email alarm notification messages generated
by this alarm. The Address parameters can be used to select one, or any
combination of the addresses defined via the Email Messages menu.
(Default = All On.)
Note: If Email addresses have been previously specified, then the text under
the parameters will list the current, user defined email addresses.
• Subject: This parameter is used to define the text that will appear in the "Subject"
field for all email notification messages generated by this alarm. (Default = "Alarm:
Invalid Access Lockout.")
• Contact Output Enable: Activates/deactivates the output contacts on the Control
Module AUX Connector. When the Contact Output Enable parameter is set to "On",
the Common line will be switched from the Normally Closed contact to the Normally
Open contact when an Invalid Access Lockout Alarm is generated. For more
information on the Output Contacts, please refer to Section 7.1. (Default = On.)
Note: If either of the "Copy to All Triggers" options is selected, then the Contact
Output Enable parameter for other alarms will also be enabled or disabled as
specified by this parameter.
7-8
Alarm Configuration
7.5. The Power Cycle Alarm
The Power Cycle Alarm can provide notification when input power to the AFS-16 unit is
lost and then restored. When the power supply is lost and then restored, the AFS-16
can provide notification via Email, Syslog Message or SNMP Trap.
To configure the Power Cycle Alarm, you must access the AFS-16 command mode
using a password that permits Administrator Level commands. The Power Cycle Alarm
configuration menu offers the following parameters:
• Trigger Enable: Enables/Disables the trigger for this alarm. When Disabled, this
alarm will be suppressed. (Default = On.)
• Email Message: Enables/Disables email notification for this alarm. (Default = On.)
Note: If either of the "Copy to All Triggers" options is selected, then email
notification for other alarms will be switched On or Off as indicated by this
parameter.
Address 1, 2, and 3: These parameters are used to select which of the three
email addresses defined via the "Email Messages" menu (see Section 5.9.11)
will receive the email alarm notification messages generated by this alarm.
The Address parameters can be used to select one, or any combination of the
addresses defined via the Email Messages menu. (Default = All On.)
Note: If Email addresses have been previously specified, then the text under
the parameters will list the current, user defined email addresses.
• Subject: This parameter is used to define the text that will appear in the "Subject"
field for all email notification messages generated by this alarm. (Default = "Alarm:
Power Cycle")
7-9
Alarm Configuration
7.6. Monitor/Alarm Input
The Monitor/Alarm Input feature allows the AFS-16 to monitor Pin 4 on the Control
Module's AUX connector, and then switch circuit modules, and/or activate an audible
alarm or other external device and/or send notification when the signal at Pin 4 changes.
To configure the Monitor/Alarm Input feature, you must access the AFS-16 command
mode using a password that permits Administrator Level commands. The Monitor/
Alarm Input configuration menu offers the following parameters:
• Trigger Enable: Enables/Disables the trigger for this alarm. When Disabled, this
alarm will be suppressed. (Default = On.)
• Monitor/Alarm Input Level: Determines whether a high or low signal at the
Monitor Input contact (Pin 4 on the Control Module's AUX Connector) will generate
an alarm. For example, if the Monitor/Alarm Input Level is set at "Low", then
an alarm will be triggered when a low signal is detected at Pin 4. Note that the
Monitor/Alarm Input Level is always set to compliment the setting for the Monitor
Input Level Jumper as described in Section 7.5.1. (Default = Low.)
• Monitor/Alarm Input Delay: Determines how long the signal at the Monitor Input
Contact must remain high/low in order to generate an alarm.
(Default = 0.5 Seconds.)
• Resend Delay: Determines how long the AFS-16 will wait to resend an email
message generated by this alarm, when the initial attempt to send notification was
unsuccessful. (Default = 60 Minutes.)
• Notify Upon Clear: When this item is enabled, the AFS-16 will send additional
notification when the signal at the Monitor Input contact (Pin 4 on the Control
Module's AUX Connector) returns to the normal (non-alarm) state. (Default = On.)
• Email Message: Enables/Disables email notification for this alarm. (Default = On.)
Note: If either of the "Copy to All Triggers" options is selected, then email
notification for other alarms will be switched On or Off as indicated by this
parameter.
Address 1, 2, and 3: These parameters are used to select which of the three
email addresses defined via the "Email Messages" menu (see Section 5.9.11)
will receive the email alarm notification messages generated by this alarm.
The Address parameters can be used to select one, or any combination of the
addresses defined via the Email Messages menu. (Default = All On.)
Note: If Email addresses have been previously specified, then the text under
the parameters will list the current, user defined email addresses.
• Subject: Define the text that will appear in the "Subject" field for email notification
messages generated by this alarm. (Default = "Alarm: Monitor/Alarm Input".)
7-10
Alarm Configuration
• Contact Output Enable: Activates/deactivates the Output Contacts on the Control
Module AUX Connector. When the Contact Output Enable parameter is set to
"On", the Common line will be switched from the Normally Closed contact to the
Normally Open contact. For more information on the Output Contacts, please refer
to Section 7.1. (Default = On.)
Note: If either of the "Copy to All Triggers" options is selected, then the Contact
Output Enable parameter for other alarms will also be enabled or disabled as
specified by this parameter.
• Circuits to Switch: Selects the Circuit Module(s) and Circuit Group(s) that will
be switched when the Monitor/Alarm Input feature is triggered, determines the
A/B switch position and enables/disables the "Return" feature. This item provides
access to a submenu which is used to define the following:
Enable: Enables/disables A/B switching in response to the Monitor/Alarm Input
feature. When disabled, the AFS-16 will not perform A/B switching with the
Monitor/Alarm Input feature is triggered. (Default = Disable.)
Circuit State: Specifies the A/B position that circuits will be switched to when
the Monitor/Alarm Input feature is triggered. (Default = B.)
Return: Enables/Disables the Return feature, which allows the AFS-16 to switch
circuits back to their original state after a Monitor/Alarm Input event has been
cleared. (Default = On.)
Circuit Access: Determines which Circuit Modules will be switched when the
Monitor/Alarm Input feature is triggered. Note that in the Text Interface, Circuit
Access is defined via a separate submenu; in the Web Browser Interface, Circuit
Access is defined via a drop down menu, which is accessed by clicking on the
"plus" sign in the "Configure Circuit Access" field. (Default = undefined.)
Circuit Group Access: Determines which Circuit Group(s) the Monitor/Alarm
Input feature will be applied to. Note that in the Text Interface, Circuit Group
Access is defined via a separate submenu; in the Web Browser Interface, Circuit
Group Access is defined via a drop down menu, which is accessed by clicking
on the "plus" sign. (Default = undefined.)
7-11
Alarm Configuration
High
Low
1
0
Figure 7.2: Control Module Jumper
AUX Connector
Control Card
Jumper
Pin Out
Pin
5
Signal
Ground
1
0
4
Monitor Input
Back Edge of
Control Card
Figure 7.3: Control Module AUX Connector - Monitor Input and Ground
7.6.1. Monitor Input Level Settings
When the Monitor/Alarm Input feature is properly configured, the AFS-16 can trigger an
alarm and/or perform A/B switching operations when the signal at Pin 4 (Monitor Input)
on the Control Module AUX connector goes high or low. In set up this feature, you must
first use the Control Card Jumper to select the non-active (non-alarm) state, and then
use the Monitor/Alarm Input configuration menu to select the active/alarm state (the
signal level that will trigger an alarm) as described in the Sections that follow.
Notes:
• The Monitor Input signal (Pin 4) is always measured relative to the signal at
the common ground (Pin 5).
• A "Low" signal should be between Zero (0) Volts and -48 Volts and a "High"
signal should be between +5 Volts and +48 Volts.
7-12
Alarm Configuration
7.6.1.1. Monitor Input Signal - Trigger When Low
To set up the Monitor/Alarm Input feature to trigger an alarm when the signal at AUX
connector pin 4 (the Monitor Input) goes Low, configure the AFS-16 as follows:
1. Control Card Jumper Setting: Set the Jumper to the "1" position (default.) This
will set the non-active, non-alarm signal state to "High" as shown in Figure 7.2.
2. Monitor/Alarm Input Level: Use the Monitor/Alarm Input configuration menu to
set the Monitor Alarm Input Level to "Low" as described in Section 7.6. This will
configure the Monitor/Alarm Input feature to generate an alarm when the Monitor
Input signal goes Low.
3. Set the Remaining Parameters: Use the Monitor/Alarm Input configuration menu
to select the remaining parameters as described in Section 7.6.
4. Connect Monitor Input: Connect the signal line that you wish to monitor to Pin 4
(Monitor Input) on the Control Module AUX Connector as shown in Figure 7.3.
7.6.1.2. Monitor Input Signal - Trigger When High
To set up the Monitor/Alarm Input feature to trigger an alarm when the signal at AUX
Connector pin 4 (the Monitor Input) goes High, configure the AFS-16 as follows:
1. Control Card Jumper Setting: Set the Jumper to the "0" position. This will set the
non-active, non-alarm signal state to "Low" as shown in Figure 7.2.
2. Monitor/Alarm Input Level: Use the Monitor/Alarm Input configuration menu to
set the Monitor Alarm Input Level to "High" as described in Section 7.6. This will
configure the Monitor/Alarm Input feature to generate an alarm when the Monitor
Input signal goes High.
3. Set the Remaining Parameters: Use the Monitor/Alarm Input configuration menu
to select the remaining parameters as described in Section 7.6.
4. Connect Monitor Input: Connect the signal line that you wish to monitor to Pin 4
(Monitor Input) on the Control Module AUX Connector as shown in Figure 7.3.
Connect your ground line to the Ground Connector (Pin 5).
7-13
8. The Status Screens
The Status Screens are used to display status information about the AFS-16 hardware
and firmware, Network Port, Circuit Modules, Circuit Groups and other features. The
Status Screens are available via both the Text Interface and Web Browser Interface.
8.1. Product Status
The Product Status Screen lists the model number, power rating and software version
for your local AFS-16 unit. To display the Product Status Screen via the Text Interface,
type /J *and then press [Enter]. To display the Product Status Screen via the Web
Browser Interface, click on the "Product Status" link. The Product Status Screen lists the
following items:
• Product: The make/model number of the AFS-16 unit.
• SW Version: The software version that is currently installed on the AFS-16 unit.
• PIC Version: The version of the micro controller chip, that is present on the Control
Module.
8.2. The Network Status Screen
The Network Status screen shows activity at the AFS-16's virtual network ports, and
lists the TCP Port Number, Active/Free Status and current user name for each virtual
network port. To view the Network Status Screen, you must access command mode
using a password that permits access to Administrator Level commands. To display the
Network Status Screen via the Text Interface, type /SNand press [Enter]. To display the
Network Status Screen via the Web Browser Interface, click on the Network Status link.
The Network Status Screen lists the following items:
• Port: The virtual network port for each connection.
• TCP Port: The TCP Port number for each connection.
• Status: This column will read "Free" if no users are currently connected to the
corresponding port, or "Active" if a user has currently accessed command mode via
this port.
• User Name: The user name for the account that has currently accessed command
mode via this port. Note that when the Network Status Screen is viewed via the Text
Interface, usernames that are longer than 22 characters will be truncated and the
remaining characters will be displayed as two dots (..).
8-1
The Status Screens
8.3. The Circuit Status Screen
The Circuit Status Screen shows the current status of the AFS-16's Circuit Modules, and
also lists the unit's current temperature, Monitor/Alarm Input status, and Alarm Contact
Output status.
Note:
• When the Circuit Status screen is viewed by an account with Administrator
or SuperUser command access, all AFS-16 Circuit Modules present are
listed. When the Circuit Status screen is viewed by an account with User or
ViewOnly command access, then the screen will list only the Circuit Modules
that are allowed by the account.
• If a Circuit Module slot is empty, then the Circuit Status screen will display a
row of dashes for that Circuit Module position.
To display the Circuit Status Screen via the Text Interface, type /Sand then press
[Enter]. To display the Circuit Status Screen via the Web Browser Interface, click on the
"Circuit Status" link. The Circuit Status Screen will list the following parameters:
• Circuit: The number of each Circuit Module.
• Name (Common): The user-defined name for each Circuit Module. This name
may also be used describe the device that is connected to the common line for
each Circuit Module.
• Name (Connected To): The user-defined name for the currently selected A/B path
for each Circuit Module. Note that the name listed in this field will differ, depending
on which A/B Circuit path is selected.
• Pos: The currently selected A/B circuit path for each Circuit Module.
• Reason: This field displays a brief description of the reason for the last successful
switching operation at each Circuit Module.
• Mon: This field will contain a "X" if the corresponding Circuit Module has been
configured to be switched by the Monitor/Alarm Input feature.
The Circuit Status Screen will also list the following information at the bottom of the
screen:
• System Temperature: The current temperature, as measured by the AFS-16 unit.
• Monitor/Alarm Input: The high/low status of the Monitor/Alarm Input contact on
the Control Module's AUX Port.
• Alarm Contact Output: The status of the Alarm Contact Output
8-2
The Status Screens
8.4. The Circuit Group Status Screen
The Circuit Group Status screen shows the configuration details and A/B switching
status for the AFS-16's user-defined Circuit Groups.
Notes:
• When the Circuit Group Status Screen is viewed by an account with
Administrator or SuperUser command access, all AFS-16 Circuit Modules
and Circuit Groups will be shown. When the Circuit Status Screen is viewed
by an account with User or ViewOnly command access, then the unit will
only display the Circuit Modules and Circuit Groups that are allowed by the
account.
• In order to display the Circuit Group Status screen, you must first define at
least one Circuit Group as described in Section 5.7.
To display the Circuit Group Status Screen via the Text Interface, type /SGand then
press [Enter]. To display the Circuit Group Status Screen via the Web Browser
Interface, click on the "Circuit Group Status" link. The Circuit Group Status Screen will
list the following parameters for each Circuit Group:
• Group Name: The user-defined name for each Circuit Group.
• Circuit Name (Common): The user-defined name for each Circuit Module. This
name may also be used describe the device that is connected to the common line
for each Circuit Module.
• Circuit: The number of each Circuit Module in the Circuit Group.
• Pos: The currently selected A/B circuit path for each Circuit Module.
• Reason: This field displays a brief description of the reason for the last successful
switching operation at each Circuit Module.
• Mon: This field will contain a "X" if the corresponding Circuit Module has been
configured to be switched by the Monitor/Alarm Input feature.
8-3
The Status Screens
8.5. The Event Logs
8.5.1. The Audit Log
The Audit Log provides a record of most command activity at the AFS-16 unit, including
A/B switching, and login and logout activity. Note that the Audit Log does not include
user information regarding access to configuration menus or status screens.
To view the Audit Log, access command mode using a password that permits
Administrator or SuperUser level commands and then proceed as follows:
• Text Interface: Type /Land press [Enter]. The "Display Logs" menu will be
shown. At the Display Logs menu, type 1and press [Enter] to display the
Audit Log.
• Web Browser Interface: Place the cursor over the "Logs" link on the left hand side
of the screen wait for the fly-out menu to appear. To view the Audit Log, click on
the "Audit Log (Display)" link; to download the Audit Log, click on the "Audit Log
(download)" link.
The Audit Log will display the following information for each logged event:
• Date: The date when the logged event occurred.
• Time: The time that the logged event occurred.
• Username: The name of the user account that initiated the logged event.
• Description: A brief description of the nature of the logged event.
Note: In the Text Interface, the following commands are also available:
• Press [Enter] to display the next screen full of data.
• Press [Esc] to exit from the log menu and return to the command prompt.
• Type Eand press [Enter] to erase the Audit Log.
8-4
The Status Screens
8.5.2. The Alarm Log
The Alarm Log provides a record of all alarm events that were initiated by the Over
Temperature Alarms, Ping-No-Answer Alarm, Invalid Access Lockout Alarm, Power
Cycle Alarm and Monitor/Alarm Input feature.
To view the Alarm Log, access command mode using a password that permits
Administrator or SuperUser level commands and then proceed as follows:
• Text Interface: Type /Land press [Enter]. The "Display Logs" menu will be
shown. At the Display Logs menu, type 2and press [Enter] to display the
Alarm Log.
• Web Browser Interface: Place the cursor over the "Logs" link on the left hand side
of the screen wait for the fly-out menu to appear. To view the Alarm Log, click on
the "Alarm Log (Display)" link; to download the Alarm Log, click on the "Alarm Log
(download)" link.
The Alarm Log will display the following information for each logged event:
• Date: The date when the alarm occurred.
• Time: The time that the alarm occurred.
• Trigger: The name of the alarm which was triggered.
• Description: A brief description of the event that triggered the alarm.
Note: In the Text Interface, the following commands are also available:
• Press [Enter] to display the next screen full of data.
• Press [Esc] to exit from the log menu and return to the command prompt.
• Type Eand press [Enter] to erase the Alarm Log.
8.5.3. The Temperature Log
The temperature log provides a record of AFS-16 temperature readings, in reverse
chronological order, with the most recent events appearing at the top of the list.
To view the Temperature Log, access command mode using a password that permits
Administrator or SuperUser level commands and then proceed as follows:
• Text Interface: Type /Land press [Enter]. The "Display Logs" menu will be
shown. At the Display Logs menu, type 3and press [Enter] to display the
Temperature Log.
• Web Browser Interface: Place the cursor over the "Logs" link on the left hand side
of the screen wait for the fly-out menu to appear. To view the Temperature Log,
click on the "Temperature Log (Display)" link; to download the Temperature Log,
click on the "Temperature Log (download)" link.
Note: In the Text Interface, the following commands are also available:
• Press [Enter] to display the next screen full of data.
• Press [Esc] to exit from the log menu and return to the command prompt.
• Type Eand press [Enter] to erase the Temperature Log.
8-5
9. Operation
As discussed in Section 5, the AFS-16 offers two separate command interfaces; the Web
Browser Interface and the Text Interface (also known as the "Command Line Interface"
or "CLI.") Both interfaces offer essentially the same command options and features, and
in most cases, parameters defined via the Web Browser Interface will also apply when
communicating via the Text Interface (and vice versa.)
9.1. A/B Switching - Web Browser Interface
When using the Web Browser Interface, A/B switching commands are invoked via the
Circuit Control Screen and Circuit Group Control Screen.
9.1.1. The Circuit Control Screen - Web Browser Interface
The Circuit Control Screen lists the current A/B status of the AFS-16’s Circuit Modules
and is used to control switching and rebooting of each A/B circuit. To perform A/B
switching or set circuits to user-defined default states, proceed as follows:
1. Access the AFS-16 Command Mode as described in Section 5.1.
2. Click on the "Circuit Control" link on the left hand side of the screen to display the
Circuit Control Screen.
Notes:
• When the Circuit Control Screen is displayed by an account that permits
Administrator or SuperUser level commands, all switched circuits will be
displayed.
• When the Circuit Control Screen is displayed by an account that permits User
or ViewOnly command access, the screen will only include the circuits that
are specifically allowed by the account.
9-1
Operation
3. A/B Switching: From the Circuit Control Menu, click the down arrow in the "Action"
column for the desired circuit(s), then select position "A" or position "B" from the
dropdown menu and click on the "Confirm Circuit Actions" button. Next the
AFS-16 will display a screen which lists the selected switching action(s) and asks
for confirmation before proceeding. Click on the "Execute Circuit Actions" button to
complete the command.
4. Setting Circuits to the Default State: From the Circuit Control Menu, click the
down arrow in the "Action" column for the desired circuit(s), then select "Default"
from the dropdown menu and click on the "Confirm Circuit Actions" button. Next
the AFS-16 will display a screen which lists the selected switching action(s) and
asks for confirmation before proceeding. Click on the "Execute Circuit Actions"
button to complete the command; all selected circuits will be set to their user-
defined default state.
5. Applying a Command to All Circuits: From the Circuit Control Menu, click the
down arrow in the "Action" column in the "All Circuits" row, then select the desired
operation from the dropdown menu and click on the "Confirm Circuit Actions"
button. Next the AFS-16 will display a screen which lists the selected switching
action(s) and asks for confirmation before proceeding. Click on the "Execute Circuit
Actions" button to apply the selected command to all AFS-16 Circuits.
Note: When each command is complete, the Circuit Status Screen will be
displayed. At that time, the Status Screen will list the updated A/B status of each
circuit.
9.1.2. The Circuit Group Control Screen - Web Browser Interface
The Circuit Group Control Screen is used to apply A/B switching commands to all
circuits in a user-defined Circuit Group. As described in Section 5.7, Circuit Groups
allow you to define a group of circuits, dedicated to a similar purpose or client, and then
direct switching commands to the group, rather than switching one circuit at a time.
To invoke A/B switching commands, proceed as follows:
1. Access the AFS-16 Command Mode as described in Section 5.1.
2. Click on the "Circuit Group Control" link on the left hand side of the screen to
display the Circuit Group Control Screen.
Notes:
• When the Circuit Group Control Screen is displayed by an account that
permits Administrator or SuperUser command access, all user-defined Circuit
Groups will be displayed.
• When the Circuit Control Screen is displayed by an account that permits User
or ViewOnly level commands, the screen will only include the Circuit Groups
that are allowed by the account.
9-2
Operation
3. A/B Switching - Circuit Groups: From the Circuit Group Control Menu, click
the down arrow for the desired Circuit Group(s), then select "A" or "B" from the
dropdown menu and click on the "Confirm Circuit Group Actions" button. Next the
AFS-16 will display a screen which lists the selected switching action(s) and asks
for confirmation before proceeding. Click on the "Execute Circuit Group Actions"
button to execute the command(s.)
4. Switching Circuit Groups to Defaults: From the Circuit Group Control Menu, click
the down arrow for the desired group(s), then select "Default" from the dropdown
menu and click on the "Confirm Circuit Group Actions" button. Next the
AFS-16 will display a screen which lists the selected switching action(s) and asks
for confirmation before proceeding. Click on the "Execute Circuit Group Actions"
button to execute the command; all selected circuit groups will be set to their
user-defined default states.
Note: When each Circuit Group command is completed, the Circuit Status
Screen will be displayed. At that time, the Status Screen will show the updated
A/B status of each circuit.
9-3
Operation
COMMAND MENU:
DISPLAY
Version 1.00
CONFIGURATION
/S
Circuit Status
/F
System Parameters
/SG
/SN
/L
Circuit Group Status
Network Status
Log
/P
/PC
/G
Port Parameters
Circuit Parameters
Circuit Group Parameters
Network Configuration
Ping No Answer
Alarm Configuration
Reboot System
/J [*]
Site ID
/N
/PNA
/AC
/I
/UF
/TEST
CONTROL
/X
/C <n>
/D <n>
/TA <s>
/TB <s>
Exit Command Mode
Connect - Local
Disconnect Port
Switch To Circuit Position A +-------------------------------+
Switch To Circuit Position B | n Port #/name
Upgrade Firmware
Test Network Options
|
|
|
|
|
|
|
|
/T <c,p> Switch To Circuit Position
/DC
/U
/K <k>
/UL
| s s+s s:s Circuit #/name
| c c,c c-c Circuit #/name
| p Position (A or B)
| k Key type (1-3)
| * “all”
Default Circuit Position
Send Parameter File
Send SSH Keys
Unlock (Invalid Access)
| <> Required entry
| [] Optional entry
Add ,Y to bypass “Sure?”
AFS>
+-------------------------------+
Figure 9.1: The Help Menu (Administrator Mode; Text Interface)
9.2. A/B Switching - Text Interface
When using the Text Interface, all A/B switching functions are performed by invoking
simple, ASCII commands. The Text Interface includes a Help Menu, which summarizes
all available AFS-16 commands. To display the Text Interface Help Menu (Figure 9.1),
type /Hand press [Enter].
Note: When the Help Menu is displayed by an account that permits SuperUser,
User or ViewOnly level commands, the screen will not include commands that
are only available to Administrators.
9.2.1. The Circuit Status Screen - Text Interface
When you login to the AFS-16 command mode via the Text Interface, the first screen
displayed after login is the Circuit Status Screen. The Circuit Status Screen lists
the current status of the AFS-16’s Circuit Modules, and also displays the current
temperature, Monitor/Alarm Input status, Alarm Contact Output status and the
user-defined Site I.D. Message. The Circuit Status Screen will be re-displayed each time
a command is successfully executed.
9-4
Operation
9.2.2. A/B Switching Commands - Text Interface
These commands can be used to switch AFS-16’s circuit modules, and can also be
used to set circuits to the user-defined default A/B positions. Circuits may be specified
by number, name or Circuit Group Name.
Notes:
• When the Port and Circuit Status Screen is displayed by an account that
permits Administrator or SuperUser level commands, all switched circuits will
be displayed.
• When the Port and Circuit Status Screen is displayed by an account that
permits ViewOnly or User command access, the screen will only include the
switched circuits that are specifically allowed by the account.
• When you have accessed command mode using an account that permits
Administrator or SuperUser level commands, switching commands can be
applied to all circuits.
• When you have accessed command mode using an account that permits
only User level commands, switching commands can only be applied to the
circuits that are specifically allowed by that account.
• Text Interface commands are not case sensitive. When used in command
lines, circuit names and Circuit Group names are also not case sensitive.
When A/B switching commands are executed, the AFS-16 will list specified switching
actions for each applicable Circuit Module, then display a "Sure?" prompt and wait for a
user response before completing the command. The unit will then return to the Circuit
Status Screen.
To switch Circuits or Circuit Groups, proceed as follows:
1. Switch Circuit(s) to "A" Position: Type /TA n and press [Enter]. Where "n" is
the number or name of the desired Circuit or Circuit Group. For example:
/TA 1 [Enter] or /TA DATACENTER [Enter]
2. Switch Circuit(s) to "B" Position: Type /TB n and press [Enter]. Where "n" is the
number or name of the desired Circuit or Circuit Group. For example:
/TB 2 [Enter] or /TB SERVERS [Enter]
3. Set All Circuits to Default A/B Positions: Type /DCand press [Enter]. All circuits
permitted by your account will be set to their default A/B status, which is defined via
the Circuit Parameters Menu as described in Section 5.7.
Notes:
• When you have accessed command mode using an account that permits
Administrator or SuperUser level command access, the Default command will
be applied to all circuits.
• When you have accessed command mode using an account that only
permits User level command access, the Default command will only be
applied to the circuits specifically allowed by that account.
• Switching commands are not available in ViewOnly mode.
9-5
Operation
4. The "Toggle" Command: As an alternative to the /TA and /TB commands, the /T
(Toggle) command can also be used to perform A/B switching. Type /T n,p and
press [Enter]. Where "n" is the number or name of the desired Circuit or Circuit
Group and "p" is the desired A/B position. For example:
/T 2,B [Enter] or /T SERVERS,A [Enter]
5. Suppress Command Confirmation Prompt: To execute a switching or default
command without displaying the "Sure?" prompt, you can either disable command
confirmation via the System Parameters Menu, or include the ",Y" option at the end
of the command line. For example:
/TA ROUTER,Y or /T 2,B,Y
9.2.2.1. Applying Commands to Several Circuits - Text Interface
As described below, A/B switching commands can be applied to only one Circuit
Module, or to an assortment of circuits.
1. Switch Several Circuits: To apply the /TA, TB or /T command to several circuits,
enter the numbers or names for the circuits, separated by a "plus sign" (+) or a
comma (,). For example to switch circuits 1, 3, and 4 to the "B" position, enter one
of the following commands:
/TB 1+3+4 [Enter]
or
/T 1+3+4,B [Enter]
Note: When the "+" or "," are used, do not enter spaces between the circuit
name or number and the plus sign or comma.
2. Switch a Range of Circuits: To apply the /TA or /TB command to a series of
circuits, enter the numbers for the circuits that mark the beginning and end of the
range, separated by a colon. For example to switch circuits 1 through 3 to the "A"
position, enter the following:
/TA 1:3 [Enter]
Note: The "Range" argument is not available when using the /T command to
switch circuits. The Range (:) argument can only be used with the /TA and /TB
commands.
4. All Circuits: To apply a command to all circuits, enter an asterisk in place of the
name or number. For example, to switch all circuits to the "B" position, enter one of
the following commands:
/TB * [Enter] or /T *,B [Enter]
Note: When this command is invoked by an account that permits only User
level command access, it will be applied only to the circuits that are allowed by
that account.
9-6
Operation
9.3. Manual Operation
In addition to the command driven A/B switching functions that are available via the Web
Browser Interface and Text Interface, the AFS-16 Circuit Modules can also be manually
switched. Circuit Modules can be individually controlled using the A/B switch on the
Circuit Module front panel, or all 16 Circuit Modules can be manually switched using the
Master A/B Gang Switch on the Control Module front panel.
If desired, the manual A/B Switch on each individual Circuit Module can also be
disabled using the A/B Switch Jumper as described in Section 4.5. In addition, the
Master A/B Gang Switch can also be completely disabled via the System Parameters
Menu as described in Section 5.3.
9.4. Logging Out of Command Mode
When you have finished communicating with the AFS-16, it is important to always
disconnect using either the "LogOut" link (Web Browser Interface) or the /X command
(Text Interface), rather than by simply closing your browser window or communications
program. When communicating via a PDA, use the PDA's "Close" function to disconnect
and logout.
When you disconnect using the LogOut link or /X command, this ensures that the
AFS-16 has completely exited from command mode, and is not waiting for the inactivity
timeout period to elapse before allowing additional connections.
9-7
10. Telnet & SSH Functions
10.1. SSH Encryption
In addition to standard Telnet protocol, the AFS-16 also supports SSH connections,
which provide secure, encrypted access via network. In order to communicate with the
AFS-16 using SSH protocol, your network node must include an appropriate SSH client.
Note that when the /K (Send SSH Key) command is invoked, the AFS-16 can also
provide you with a public SSH key, which can be used to streamline connection to the
AFS-16 when using SSH protocol.
Although you can establish an SSH connection to the unit without the public key, the
public key provides validation for the AFS-16, and once this key is supplied to the SSH
client, the client will no longer display a warning indicating that the AFS-16 is not a
recognized user when the client attempts to establish a connection.
The /K command uses the following format:
/K <k> [Enter]
Where kis an argument that determines which type of public key will be displayed, and
the kargument offers the following options:
1. SSH1
2. SSH2 RSA
3. SSH2 DSA
For example, to obtain the public SSH key for an SSH2 RSA client, type
/K 2and then press [Enter].
Note: Although the AFS-16 does not support SSH1, the /K 1 command will still
return a key for SSH1.
10-1
Telnet & SSH Functions
10.2. Creating an Outbound Telnet Connection
The AFS-16 includes a /TELNET command, that can be used to create an outbound
Telnet connection. In order to use the /TELNET command, you must access the
AFS-16's Text Interface command mode using an account that permits Telnet Access
and Outbound Access, via the AFS-16 Control Module's Serial RS232 Port as
described below.
Notes:
• In order for the /TELNET command to function, Telnet Access and Outbound
Service Access must be enabled for your user account as described in
Section 5.5.
• If you are communicating with the AFS-16 via the Network Port, the /TELNET
command will not function.
To create an outbound Telnet connection, access the Text Interface via the Control
Module's RS232 Serial Port, using an account that permits Telnet Access and Outbound
Access and then invoke the /TELNET command using the following format:
/TELNET <ip> [port] [raw] [Enter]
Where:
ip
Is the target IP address.
port
Is an optional argument which can be included to indicate the target port
at the IP address.
raw
Is an optional argument which can be included to indicate a raw socket
connection. In order to create a raw socket connection, the command line
must end with the text "raw".
For example, to create a raw socket, outbound Telnet connection to port 2000 at IP
Address 255.255.255.255, access the Text Interface command mode via a free
AFS-16 Serial Port using an account that permits Telnet Access and Outbound Access
and invoke the TELNET command as follows:
/TELNET 255.255.255.255 2000 raw [Enter]
10-2
Telnet & SSH Functions
10.3. Creating an Outbound SSH Connection
The AFS-16's /SSH command can be used to create an outbound SSH connection. In
order to use the /SSH command, you must access the AFS-16's Text Interface command
mode using an account that permits SSH Access and Outbound Access, via the AFS-16
Control Module's RS232 Serial Port as described below.
Notes:
• In order for the /SSH command to function, SSH Access and Outbound
Service Access must be enabled for your user account as described in
Section 5.5.
• If are communicating with the AFS-16 unit via the Network Port, the /SSH
command will not function.
To create an outbound SSH connection, access the Text Interface via the Control
Module's RS232 Serial Port using an account that permits SSH Access and Outbound
Access and then invoke the /SSH command using the following format:
/SSH <ip> -l <username> [Enter]
Where:
ip
Is the target IP address.
-l
(Lowercase letter "L") Indicates that the next argument will be the
log on name.
username
Is the username that you wish to use to log in to the target device.
For example, to create an outbound SSH connection to a device at IP Address
255.255.255.255, with the username "employee", access the Text Interface command
mode via a free AFS-16 Serial Port using an account that permits SSH Access and
Outbound Access and invoke the SSH command as follows:
/SSH 255.255.255.255 -l employee [Enter]
10-3
11. Syslog Messages
The Syslog feature can create log records of each Alarm Event. As these event records
are created, they are sent to a Syslog Daemon, located at an IP address defined via the
Network Parameters menu.
11.1. Configuration
In order to employ this feature, you must set the real-time clock and calendar via the
System Parameters Menu, and define the IP address for the Syslog Daemon via the
Network Port Configuration menu.
To configure the Syslog function, please proceed as follows:
1. Access command mode: Note that the following configuration menus are only
available to accounts that permit Administrator level commands.
2. System Parameters Menu: Access the System Parameters Menu as described in
Section 5.3, then set the following parameters:
a) Set Clock and Calendar: Set the Real Time Clock and Calendar and/or
configure and enable the NTP server feature.
3. Network Parameters Menu: Access the Network Parameters Menu as described
in Section 5.9, then set the following parameters:
a) Syslog IP Address: Determine the IP address for the device that will run the
Syslog Daemon, then use the Network Port Configuration menu to define the IP
Address for the Syslog Daemon.
4. Syslog Daemon: In order to capture messages sent by the AFS-16, a computer
must be running a Syslog Daemon (set to UDP Port 514) at the IP address specified
in Step 3 above.
Once the Syslog Address is defined, Syslog messages will be generated whenever one
of the alarms discussed in Section 7 is triggered.
11-1
Syslog Messages
TEST NETWORK OPTIONS:
1. SNMP Trap Test Manager 1
2. SNMP Trap Test Manager 2
3. Syslog Test
4. Ping
Enter: #<CR> to select,
<ESC> to exit ...
Figure 11.1: The Test Menu (Text Interface)
11.2. Testing Syslog Configuration
After you have configured the AFS-16 as described in Section 11.1, the /TEST command
can be used to make certain that the function is properly set up. To test the Syslog
function, access the AFS-16 command mode via the Text Interface using an account
that permits Administrator or SuperUser level commands, then type /TEST and press
[Enter] to display the Test Menu shown in Figure 11.1.
When the Syslog Test feature is selected, the AFS-16 will attempt to send a test Syslog
message, using the current Syslog configuration. If the test message is not received by
your Syslog Daemon, review the procedure outlined in Section 11.1 to make certain the
AFS-16 and the Syslog Daemon are properly configured.
In addition to providing a means to test the Syslog and SNMP Trap features, the Test
Menu also includes a Ping command option, which can be used in a manner similar
to the DOS ping command to check to make certain that the unit is communicating
properly. Note that in order for the Ping command to function with domain names, you
must first configure Domain Name Server parameters as described in Section 5.9.5.
11-2
12. SNMP Traps
SNMP is an acronym for "Simple Network Management Protocol". The SNMP Trap
function allows the AFS-16 to send Alarm Notification messages to two different SNMP
managers, each time one of the Alarms discussed in Section 7 is triggered.
Note:
• The SNMP feature cannot be configured via the SNMP Manager.
• SNMP reading ability is limited to the System Group.
• The SNMP feature includes the ability to be polled by an SNMP Manager.
• Once SNMP Trap Parameters have been defined, SNMP Traps will be sent
each time an Alarm is triggered and/or when a Buffer Mode serial port
reaches the user-defined Buffer Threshold value. For more information on
Alarm Configuration, please refer to Section 7.
12.1. Configuration:
To configure the SNMP Trap function, proceed as follows:
1. Access command mode using an account that permits access to Administrator
level commands.
2. SNMP Trap Parameters: Access the SNMP Trap Parameters Menu as described in
Section 5.9.7. Set the following:
a) SNMP Managers 1 and 2: The address(es) that will receive SNMP Traps
that are generated by one of the Alarms discussed in Section 7. Consult
your network administrator to determine the IP address(es) for the SNMP
Manager(s), then use the Network Parameters menu to set the IP address
for each SNMP Manager. Note that it is not necessary to define both SNMP
Managers.
Note: To enable the SNMP Trap feature, you must define at least one SNMP
Manager. SNMP Traps are automatically enabled when at least one SNMP
Manager has been defined.
b) Trap Community: Consult your network administrator, and then use the
Network Parameters menus to set the Trap Community.
Once SNMP Trap Parameters have been defined, the AFS-16 will send an SNMP Trap
each time an alarm is triggered.
12-1
SNMP Traps
12.2. Testing the SNMP Trap Function
After you have finished setting up the SNMP Trap function, it is recommended to test the
configuration to ensure that it is working correctly. To test configuration of the SNMP
Trap function, proceed as follows:
1. Configure the SNMP Trap function as described in Section 12.1.
2. Access the Text Interface command mode using an account that permits
Administrator or SuperUser level commands, then invoke the "/TEST" command at
the AFS-16 command prompt. Note that the /TEST Command is only available in
Administrator and SuperUser Mode.
3. Select Item 1 or 2 to send an SNMP test trap to Manager 1 or 2, respectively. It is
possible that the ARP table will not be properly setup. If this occurs a message
to that effect is displayed and the AFS-16 immediately refreshes the ARP table.
Repeat steps 2 and 3 to try again.
For more information on the /TESTcommand and the Test Menu, please refer to
Section 11.2.
12-2
13. Operation via SNMP
If SNMP Access Parameters have been defined as described in Section 5.9.6, then you
will be able to manage user accounts, control power and reboot switching and display
unit status via SNMP. This section describes SNMP communication with the
AFS-16 unit, and lists some common commands that can be employed to manage
users, control switching and reboot actions and display unit status.
13.1. AFS-16 SNMP Agent
The AFS-16’s SNMP Agent supports various configuration, control, status and event
notification capabilities. Managed objects are described in the WTI-AFS-MIB.txt
document, which can be found on the CDROM included with the AFS-16 unit, or on the
WTI web site (http://www.wti.com). The WTI-AFS-MIB.txt document can be compiled for
use with your SNMP client.
13.2. SNMPv3 Authentication and Encryption
For SNMPv3, the AFS-16 supports two forms of Authentication/Privacy: Auth/noPriv
which requires a username/password, but does not encrypt data going over the internet
and Auth/Priv which requires a username/password AND encrypts the data going over
the internet using DES (AES is not supported at this time). For the Password protocol,
the AFS-16 supports either MD5 or SHA1.
13.3. Configuration via SNMP
AFS-16 User accounts can be viewed, created, modified, and deleted via SNMP. User
accounts are arranged in a table of 128 rows, and indexed 1-128. User account
parameters, as seen through the SNMP, are summarized below.
• userTable::userName– 32 character username
• userTable::userPasswd– 16 character password
• userTable::userAccessLevel– Account access level.
0
1
2
3
ViewOnly Access
User Access
Superuser Access
Administrator Access
13-1
Operation via SNMP
• userTable::userCircuitAccess– A string of up to 16 characters, with one
character for each of the 16 possible Circuit Modules on the AFS-16 unit. A ‘0’
indicates that the account does not have access to the circuit, and a ‘1’ indicates
that the user does have access to the circuit.
Note: The number of circuits specified in the userCircuitAccess string must
not exceed the number of Circuit Modules available on your AFS-16 unit. If the
userCircuitAccess string specifies more circuits than are available on the unit,
an error message will be generated.
• userTable::userGroupAccess– A string of 54 characters, with one character
for each of the 54 possible Circuit Groups in the system. A ‘0’ indicates that the
account does not have access to the Circuit Group, and a ‘1’ indicates that the
user does have access to the Circuit Group.
• userTable::userSerialAccess– Access to the serial interface
0
1
No access
Access
• userTable::userTelnetSshAccess– Access to the Telnet/SSH interface
0
1
No access
Access
• userTable::userOutboundTelSshAccess– Access to Outbound Telnet/SSH
0
1
No access
Access
• userTable::userWebAccess– Access to the Web interface
0
1
No access
Access
• userTable::userCallbackNum– 32 character callback number for account
• userTable::userSubmit– Set to 1to submit changes.
13.3.1. Viewing Users
To view users, issue a GET request on any of the user parameters for the index
corresponding to the desired user.
13.3.2. Adding Users
For an empty index, issue a SET request on the desired parameters. Minimum
requirement is a username and password to create a user, all other parameters will
be set to defaults if not specified. To create the user, issue a SET request on the
userSubmit object.
13.3.3. Modifying Users
For the index corresponding to the user you wish to modify, issue a SET request on
the desired parameters to be modified. Once complete, issue a SET request on the
userSubmit object.
13.3.4. Deleting Users
For the index corresponding to the user you wish to delete, issue a SET request on the
username with a blank string. Once complete, issue a SET request on the userSubmit
object.
13-2
Operation via SNMP
13.4. Circuit Control via SNMP
13.4.1. Controlling Circuits
A/B Switching and Default commands can be issued for circuits via SNMP. Circuits are
arranged in a table of N rows, where N is the number of circuits in the system. Circuit
parameters are described below.
• circuitTable::circuitID– String indicating the circuit's ID
• circuitTable::circuitName- String indicating the circuit's user-defined name.
• circuitTable::circuitStatus– Current state of the circuit
0
1
Switch Position B
Switch Position A
• circuitTable::circuitAction– Action to be taken on circuit
1
2
3
4
5
6
7
8
Mark to Switch to A (does not execute)
Mark to Switch to B (does not execute)
N/A
Mark to DEFAULT Circuit (does not execute)
Mark to Switch to A and execute circuit actions
Mark to Switch to B and execute circuit actions
N/A
Mark to DEFAULT Circuit and execute circuit actions
Set circuitTable::circuitActionto desired action, as specified by values 1-4
above, for each circuit index the action is to be applied to. For the last circuit you wish
to set before executing the commands, use values 5-8 instead, which will invoke the
requested commands all at once.
13.4.2. Controlling Circuit Groups
A/B Switching and Default commands can be issued for circuit groups via SNMP. Circuit
Groups are arranged in a table of 54 rows, one row for each circuit group in the system.
Circuit Group parameters are described below.
• circuitGroupTable::circuitGroupName– String indicating the circuit groups
name
• circuitGroupTable::circuitGroupAction– Action to be taken on circuit
group
1
2
3
4
5
6
7
8
Mark to Switch to A (does not execute)
Mark to Switch to B (does not execute)
N/A
Mark to DEFAULT Circuit (does not execute)
Mark to Switch to A and execute circuit group actions
Mark to Switch to B and execute circuit group actions
N/A
Mark to DEFAULT Circuit and execute circuit group actions
Set circuitGroupTable::circuitGroupActionto desired action, as specified by
values 1-4 above, for each circuit group index the action is to be applied to. For the last
circuit group you wish to set before executing the commands, use values 5-8 instead,
which will invoke the requested commands all at once.
13-3
Operation via SNMP
13.5. Viewing AFS-16 Status via SNMP
Status of various components of the AFS-16 can be retrieved via SNMP. Circuit Status,
and Environmental Status are currently supported.
13.6.1. Circuit Status
The status of each circuit in the system can be retrieved using the command below.
• circuitTable::circuitStatus– The status of the circuit.
0
1
Switch Position B
Switch Position A
155 No Circuit Installed in this Slot
• circuitTable::circuitReason– Returns a numeric code, which describes the
reason for the last successful A/B switching operation as follows:
0
1
2
3
4
5
6
Power Up
User
PNA
External Alarm
Circuit Switch
Control Switch
Demo
13.6.2. Unit Environment Status
The temperature status and Control Module Jumper status can be retrieved. The
environmentUnitTable contains one row.
• environmentUnitTable::environmentUnitTemperature– The temperature
of the AFS-16 unit.
• environmentUnitTable::environmentUnitName– Returns the specific
model number for the AFS-16 unit.
• environmentUnitTable::environmentUnitMonitorAlarm– Returns the
current state of the Monitor Input Signal.
0
1
Monitor Input Signal is Low.
Monitor Input Signal is High
13-4
Operation via SNMP
13.7. Sending Traps via SNMP
Traps that report various unit conditions can be sent to an SNMP Management Station
from the AFS-16. The following traps are currently supported.
• WarmStartTrap – Trap indicating a warm start
• ColdStartTrap – Trap indicating a cold start
• TestTrap – Test trap invoked by user via the Text Interface (CLI)
The AFS-16 can send an SNMP trap to notify you when the Over Temperature Alarms,
Ping No Answer Alarm, Invalid Access Lockout Alarm, Power Cycle Alarm, or Monitor/
Alarm Input alarms have been triggered. In all cases except the Power Cycle Alarm,
there will be one trap sent when the alarm is triggered, and a second trap sent when the
alarm is cleared. For more information on alarm functions, please refer to Section 7.
• AlarmTrap – Trap indicating an alarm condition. A trap with a unique enterprise
OID is defined for the Invalid Access Lockout Alarm, under which specific trap-types
are defined to indicate the setting or clearing of that particular alarm condition.
There are separate traps for the Invalid Access Lockout Alarm. The Alarm includes
a "Set Trap," which indicates that the alarm has been triggered, and a "Clear Trap,"
which indicates that the alarm has been cleared.
• overTemperatureInitialSetTrap- Indicates that the Over Temperature
(Initial) Alarm has been triggered. The trap will also include a numerical value that
indicates the current unit temperature.
• overTemperatureInitialClearTrap- Indicates that the Over Temperature
(Initial) Alarm has been cleared.
• overTemperatureCriticalSetTrap- Indicates that the Over Temperature
(Critical) Alarm has been triggered. The trap will also include a numerical value that
indicates the current unit temperature.
• overTemperatureCriticalClearTrap- Indicates that the Over Temperature
(Critical) Alarm has been cleared.
• pingNoAnswerSetTrap- Indicates that the Ping No Answer Alarm has been
triggered. The trap will also include a numerical value that indicates the IP address
of the device that failed to respond to the ping command.
• pingNoAnswerClearTrap- Indicates that the Ping No Answer Alarm has been
cleared.
• lockoutSetTrap- Indicates that the Invalid Access Lockout Alarm has been
triggered. The trap will also include a numerical value that indicates the number of
the port where the lockout occurred.
• lockoutClearTrap- Indicates that the Invalid Access Lockout Alarm has been
cleared.
• powercycleSetTrap- Indicates that the Power Cycle Alarm has been triggered.
• monitorAlarmSetTrap- Indicates that the Monitor/Alarm Input feature has been
triggered.
• monitorAlarmClearTrap- Indicates that the Monitor/Alarm Input feature has
been cleared.
13-5
14 Setting Up SSL Encryption
This section describes the procedure for setting up a secure connection via an https
web connection to the AFS-16.
Note: SSL parameters cannot be defined via the Web Browser Interface.
In order to set up SSL encryption, you must contact the AFS-16 via the Text
Interface.
There are two different types of https security certificates: "Self Signed" certificates and
"Signed" certificates.
Self Signed certificates can be created by the AFS-16, without the need to go to an
outside service, and there is no need to set up your domain name server to recognize
the AFS-16. The principal disadvantage of Self Signed certificates, is that when you
access the AFS-16 command mode via the Web Browser Interface, the browser will
display a message which warns that the connection might be unsafe. Note however,
that even though this message is displayed, communication will still be encrypted, and
the message is merely a warning that the AFS-16 is not recognized and that you may
not be connecting to the site that you intended.
®
Signed certificates must be created via an outside security service (e.g., VeriSign ,
Thawte™, etc.) and then uploaded to the AFS-16 unit to verify the user's identity. In
order to use Signed certificates, you must contact an appropriate security service and
set up your domain name server to recognize the name that you will assign to the
AFS-16 unit (e.g., service.wti.com.) Once a signed certificate has been created and
uploaded to the AFS-16, you will then be able to access command mode without seeing
the warning message that is normally displayed for Self Signed certificate access.
WEB ACCESS:
HTTP:
1. Enable: On
2. Port:
HTTPS:
80
3. Enable: On
4. Port:
443
SSL Certificates:
5. Common Name:
6. State or Province:
7. Locality:
8. Country:
9. Email Address:
10. Organization Name:
11. Organizational Unit:
12. Create CSR:
13. View CSR:
14. Import CRT:
15. Export Server Private Key:
16. Import Server Private Key:
17. Harden Web Security: On
Enter: #<CR> to change,
<ESC> to return to previous menu ...
Figure 14.1: Web Access Parameters (Text Interface Only)
14-1
Setting Up SSL Encryption
14.1. Creating a Self Signed Certificate
To create a Self Signed certificate, access the Text interface via Telnet or SSH, using a
password that permits access to Administrator level commands and then proceed as
follows:
1. Type /Nand press [Enter] to display the Network Parameters menu.
2. At the Network Parameters menu, type 23and press [Enter] to display the
Web Access menu (Figure 14.1.) Type 3and press [Enter] and then follow the
instructions in the resulting submenu to enable HTTPS access.
3. Next, use the Web Access menu to define the following parameters.
Note: When configuring the AFS-16, make certain to define all of the following
parameters. Although most SSL applications require only the Common Name,
in the case of the AFS-16 all of the following parameters are mandatory.
• 5. Common Name: A domain name, that will be used to identify the AFS-16
unit. If you will use a Self Signed certificate, then this name can be any name
that you choose, and there is no need to set up your domain name server to
recognize this name. However, if you will use a Signed certificate, then your
domain name server must be set up to recognize this name
(e.g., service.yourcompanyname.com.)
• 6. State or Province: The name of the state or province where the AFS-16 unit
will be located (e.g., California.)
• 7. Locality: The city or town where the AFS-16 unit will be located (e.g., Irvine.)
• 8. Country: The two character country code for the nation where the AFS-16
will be located (e.g., US.)
• 9. Email Address: An email address, that can be used to contact the person
responsible for the AFS-16 (e.g., [email protected].)
• 10. Organizational Name: The name of your company or organization
(e.g., Yourcompanyname, Inc.)
• 11. Organizational Unit: The name of your department or division; if necessary,
any random text can be entered in this field (e.g., tech support.)
14-2
Setting Up SSL Encryption
4. After you have defined parameters 5 through 11, type 12and press [Enter] (Create
CSR) to create a Certificate Signing Request. By default, this will overwrite any
existing certificate, and create a new Self Signed certificate.
a) The AFS-16 will prompt you to create a password. Key in the desired
password (up to 16 characters) and then press [Enter]. When the AFS-16
prompts you to verify the password, key it again and then press [Enter] once.
After a brief pause, the AFS-16 will return to the Web Access Menu, indicating
that the CSR has been successfully created.
b) When the Web Access Menu is re-displayed, press [Esc] several times until
you exit from the Network Parameters menu and the "Saving Configuration"
message is displayed.
5. After the new configuration has been saved, test the Self Signed certificate by
accessing the AFS-16 via the Web Interface, using an HTTPS connection.
a) Before the connection is established, the AFS-16 should display the warning
message described previously. This indicates that the Self Signed certificate
has been successfully created and saved.
b) Click on the "Yes" button to proceed. The AFS-16 will prompt you to enter
a user name and password. After keying in your password, the main menu
should be displayed, indicating that you have successfully accessed command
mode.
14.2. Creating a Signed Certificate
To create a Signed certificate, and eliminate the warning message, first set up your
domain name server to recognize the Common Name (item 5) that you will assign to
the unit. Next, complete steps one through five as described in Section 14.1 and then
proceed as follows:
1. Capture the Newly Created Certificate: Type 13and press [Enter] (View CSR).
The AFS-16 will prompt you to configure your communications (Telnet) program to
receive the certificate. Set up your communications program to receive a binary
file, and then press [Enter] to capture the file and save it. This is the Code Signing
Request that you will send to the outside security service (e.g., VeriSign, Thawte,
etc.) in order to have them sign and activate the certificate.
2. Obtain the Signed Certificate: Send the captured certificate to the outside
security service. Refer to the security service's web page for further instructions.
14-3
Setting Up SSL Encryption
3. Upload the Signed Certificate to the AFS-16: After the "signed" certificate is
returned from the security service, return to the Web Access menu.
a) Access the AFS-16 command mode via the Text Interface using an account that
permits Administrator level commands as described previously, then type /N
and press [Enter] to display the Network Parameters menu, and then type 23
and press [Enter] to display the Web Access menu.
b) From the Web Access menu, type 14and press [Enter] (Import CRT) to
begin the upload process. At the CRT Server Key submenu, type 1and press
[Enter] to choose "Upload Server Key."
c) Use your communications program to send the binary format Signed
Certificate to the AFS-16 unit. When the upload is complete, press [Escape] to
exit from the CRT Server Key submenu.
d) After you exit from the CRT Server Key submenu, press [Escape] several times
until you have exited from the Network Parameters menu and the "Saving
Configuration" message is displayed.
4. After the configuration has been saved, test the signed certificate by accessing the
AFS-16 via the Web Browser Interface, using an HTTPS connection. For example,
if the common name has been defined as "service.wti.com", then you would enter
"https://service.wti.com" in your web browser's address field. If the Signed
Certificate has been properly created and uploaded, the warning message should
no longer be displayed.
14.3. Downloading the Server Private Key
When configuring the AFS-16's SSL encryption feature (or setting up other security/
authentication features), it is recommended to download and save the Server Private
Key. To download the Server Private Key, access the Text interface via Telnet or SSH,
using a password that permits access to Administrator level commands and then
proceed as follows:
1. Type /Nand press [Enter] to display the Network Parameters menu.
2. At the Network Parameters menu, type 23and press [Enter] to display the Web
Access menu (Figure 14.1.)
a) To download the Server Private Key from the AFS-16 unit, make certain that
SSL parameters have been defined as described in Section 14.1, then type 15
and press [Enter] and store the resulting key on your hard drive.
b) To upload a previously saved Server Private Key to the AFS-16 unit, make
certain that SSL parameters have been defined as described in Section 14.1,
then type 16and press [Enter] and follow the instructions in the resulting
submenu.
14-4
15. Saving and Restoring Configuration Parameters
Once the AFS-16 is properly configured, parameters can be downloaded and saved as
an ASCII text file. Later, if the configuration is accidentally altered, the saved parameters
can be uploaded to automatically reconfigure the unit without the need to manually
assign each parameter.
Saved parameters can also be uploaded to other identical AFS-16 units, allowing rapid
set-up when several identical units will be configured with the same parameters.
The "Save Parameters" procedure can be performed from any terminal emulation
©
program (e.g. HyperTerminal™, TeraTerm , etc.), that allows downloading of ASCII files.
Note: The Save and Restore features described in this section are only
available via the Text Interface.
15.1. Sending Parameters to a File
1. Start your terminal emulation program and access the Text Interface command
mode using an account that permits Administrator level commands.
2. When the command prompt appears, type /Uand press [Enter]. The AFS-16
will prompt you to configure your terminal emulation program to receive an ASCII
download.
Note: When using TeraTerm Pro to download parameters, set the program to
receive a Binary download and enable the "Append" feature.
a) Set your terminal emulation program to receive an ASCII download, and the
specify a name for a file that will receive the saved parameters
(e.g. AFS-16.PAR).
b) Disable the Line Wrap function for your terminal emulation program. This will
prevent command lines from being broken in two during transmission.
3. When the terminal emulation program is ready to receive the file, return to the
AFS-16’s Save Parameter File menu, and press [Enter] to proceed. AFS-16
parameters will be saved on your hard drive in the file specified in Step 2 above.
4. The AFS-16 will send a series of XML command lines which specify currently
selected parameters. When the download is complete, press [Enter] to return to
the command prompt.
15-1
Saving and Restoring Configuration Parameters
15.2. Restoring Saved Parameters
This section describes the procedure for using your terminal emulation program to send
saved parameters to the AFS-16.
1. Start your terminal emulation program and access the AFS-16’s Text Interface
command mode using an account that permits Administrator level commands.
2. Configure your terminal emulation program to upload an ASCII text file.
3. Upload the ASCII text file with the saved AFS-16 parameters. If necessary, key in
the file name and directory path.
4. Your terminal emulation program will send the ASCII text file to the AFS-16. When
the terminal program is finished with the upload, make certain to terminate the
Upload mode.
Note: If the AFS-16 detects an error in the file, it will respond with the "Invalid
Parameter" message. If an error message is received, carefully check the
contents of the parameters file, correct the problem, and then repeat the Upload
procedure.
5. If the parameter upload is successful, the AFS-16 will send a confirmation message,
and then return to the command prompt. Type /Sand press [Enter], the Status
Screen will be displayed. Check the Status Screen to make certain the unit has
been configured with the saved parameters.
15-2
Saving and Restoring Configuration Parameters
15.3. Restoring Previously Saved Parameters
If you make a mistake while configuring the AFS-16 unit, and wish to return to the
previously saved parameters, the Text Interface's "Reboot System" command (/I) offers
the option to reinitialize the AFS-16 using previously backed up parameters. This allows
you to reset the unit to previously saved parameters, even after you have changed
parameters and saved them.
Notes:
• The AFS-16 will automatically backup saved parameters once a day, shortly
after Midnight. This configuration backup file will contain only the most
recently saved AFS-16 parameters, and will be overwritten by the next night's
daily backup.
• When the /I command is invoked, a submenu will be displayed which offers
several Reboot options. Option 4 is used to restore the configuration backup
file. The date shown next to option 4 indicates the date that you last changed
and saved unit parameters.
• If the daily automatic configuration backup has been triggered since the
configuration error was made, and the previously saved configuration has
been overwritten by newer, incorrect parameters, then this function will not
be able to restore the previously saved (correct) parameters.
To restore the previously saved configuration, proceed as follows:
1. Access command move via the Text Interface, using a username/password that
permits access to Administrator level commands (see Section 5.1.1.)
2. At the RSM command prompt, type /Iand press [Enter]. The AFS-16 will display
a submenu that offers several different reboot options.
3. At the submenu, select Item 4 (Reboot & Restore Last Known Working
Configuration,) type 4, and then press [Enter].
4. The AFS-16 will reboot and previously saved parameters will be restored.
15-3
16. Upgrading AFS-16 Firmware
When new, improved versions of the AFS-16 firmware become available, the "Upgrade
Firmware" function can be used to update the unit. Updates can be uploaded via FTP
or SFTP protocols.
Notes:
• The FTP/SFTP servers can only be started via the Text Interface.
• All other ports will remain active during the firmware upgrade procedure.
• If the upgrade includes new parameters or features not included in the
previous firmware version, these new parameters will be set to their default
values.
• The upgrade procedure will require approximately 15 minutes.
1. Obtain the update file. Firmware modifications can either be mailed to the
customer, or downloaded from WTI. Place the upgrade CDR in your disk drive or
copy the file to your hard drive.
2. Access Text Interface command mode via Serial Port, Telnet or SSH client session,
using a username/password and port that permit Administrator level commands.
3. When the command prompt appears, type /UFand then press [Enter]. The
AFS-16 will display a screen which offers the following options:
a) Start FTP/SFTP Servers Only (Do NOT default parameters): To proceed
with the upgrade, while retaining user-defined parameters, type 1and press
[Enter]. All existing parameter settings will be restored when the upgrade is
complete.
b) Start FTP/SFTP Servers & Default (Keep IP parameters & SSH Keys): To
proceed with the upgrade and default al user-defined parameters except for the
IP Parameters and SSH Keys, type 2and press [Enter]. When the upgrade is
complete, all parameter settings except the IP Parameters and SSH Keys, will
be reset to factory default values.
c) Start FTP/SFTP Servers & Default (Default ALL parameters): To proceed
with the upgrade, and reset parameters to default settings, type 3and press
[Enter]. When the upgrade is complete, all parameters will be set to default
values.
d) Start FTP/SFTP Servers for Slip Stream Upgrade: This option will upgrade
only the WTI Management Utility, without updating the AFS-16's operating
firmware. To update the WTI Management Utility only, type 4and
press [Enter].
Note that after any of the above options is selected, the AFS-16 will start the
receiving servers and wait for an FTP/SFTP client to make a connection and upload
a valid firmware binary image.
16-1
Upgrading RSM-8R4 Firmware
4. To proceed with the upgrade, select either option 1 or option 2. The AFS-16 will
display a message that indicates that the unit is waiting for data. Leave the current
Telnet/SSH client session connected at this time.
5. Open your FTP/SFTP application and (if you have not already done so,) login to the
AFS-16 unit, using a username and password that permit access to Administrator
Level commands.
6. Transfer the md5 format upgrade file to the AFS-16.
7. After the file transfer is complete, the AFS-16 will install the upgrade file and then
reboot itself and break all port connections. Note that it will take approximately 10
minutes to complete the installation process. The unit will remain accessible until it
reboots.
a) Some FTP/SFTP applications may not automatically close when the file transfer
is complete. If this is the case, you may close your FTP/SFTP client manually
after it indicates that the file has been successfully transferred.
b) When the upgrade process is complete, the AFS-16 will send a message to
all currently connected network sessions, indicating that the AFS-16 is going
down for a reboot.
Note: Do not power down the AFS-16 unit while it is in the process of installing
the upgrade file. This can damage the unit's operating system.
8. If you have accessed the AFS-16 via the Network Port, in order to start the FTP/
SFTP servers, the AFS-16 will break the network connection when the system is
reinitialized.
• If you initially selected "Start FTP/SFTP Servers and Save Parameters", you may
then reestablish a connection with the AFS-16 using your former IP address.
• If you initially selected "Start FTP/SFTP Servers and Default Parameters",
you must then login using the AFS-16’s default IP address (Default =
192.168.168.168) or access command mode via Serial Port 1 or via Modem.
When firmware upgrades are available, WTI will provide the necessary files. At that time,
an updated Users Guide or addendum will also be available.
16-2
17. Command Reference Guide
17.1. Command Conventions
Most commands described in this section conform to the following conventions:
• Text Interface: Commands discussed in this section, can only be invoked via the
Text Interface. These commands cannot be invoked via the Web Browser Interface.
• Slash Character: Most AFS-16 Text Interface commands begin with the Slash
Character (/).
• Apply Command to All Circuits: When an asterisk is entered as the argument of
the /T(Toggle), /TA(Toggle to A) or /TBcommands (Toggle to B) the command
will be applied to all circuits. For example, to switch all circuits to "A", type
/TA * [Enter].
• Circuit Name Wild Card: It is not always necessary to enter the entire circuit
name. Circuit names can be abbreviated in command lines by entering the first
character(s) of the name followed by an asterisk (*). For example, a circuit named
"SERVER" could be specified as "S*". Note however, that this command would also
be applied to any other circuit name that begins with an "S".
• Suppress Command Confirmation Prompt: When the commands are invoked,
the ",Y" option can be included to override the Command Confirmation ("Sure?")
prompt. For example, to switch Circuit 4 to the "B" position without displaying the
Sure prompt, type /TB 4,Y [Enter].
• Enter Key: Most commands are invoked by pressing [Enter].
17-1
Command Reference Guide
17.2. Command Summary
Command Access Level
Function
Command Syntax
Admin. SuperUser User ViewOnly
Display
Circuit Status
/S [Enter]
/SG [Enter]
/SN [Enter]
/H [Enter]
/L [Enter]
/J[*] [Enter]
X
X
X
X
X
X
X
X
X
X
Circuit Group Status
Network Status
Help Menu
X
X
X
X
X
X
X
Log Functions
Site ID / Unit Information
Control
X
X
X
Exit Command Mode
/X [Enter]
X
X
X
X
X
X
X
X
X
X
X
X
Connect - Local <Remote> /C 1 [Enter]
Switch Circuit c to Position A /TA <c>[,Y] [Enter]
Switch Circuit c to Position B /TB <c>[,Y] [Enter]
Switch Circuit c to Position p /T <c>,<p>[,Y] [Enter]
X
X
X
X
X
Default All Circuits
Send Parameter File
Send SSH Keys
/DC[,Y] [Enter]
X
X
/U [Enter]
X
/K <n> [Enter]
X
Unlock Invalid Access
Outbound Telnet
/UL [Enter]
X
/TELNET <ip>[port][raw][Enter]
/SSH <ip> -l <username> [Enter]
X
X
X
X
X
X
Outbound SSH
Configuration
System Parameters
Serial Port Parameters
Circuit Parameters
Circuit Group Parameters
Network Configuration
Ping-No-Answer Function
Alarm Configuration
Reboot System
/F [Enter]
X
X
X
X
X
X
X
X
X
X
/P [Enter]
/PC [Enter]
/G [Enter]
/N [Enter]
/PNA [Enter]
/AC [Enter]
/I [Enter]
X
Upgrade Firmware
Test Network Configuration
/UF [Enter]
/TEST [Enter]
X
In Administrator and SuperUser modes, all circuits are displayed. In User and ViewOnly modes, the
status screen will only include the circuits that are allowed by the account.
In Administrator and SuperUser modes, all Circuit Groups are displayed. In User and ViewOnly modes,
the Circuit Group Status Screen will only include the Circuit Groups allowed by the account.
In Administrator Mode, Help Menus will list all commands. In SuperUser, User and ViewOnly modes,
Help Menus will only list the commands allowed by the access level.
User Mode accounts will be allowed to connect to the Serial Port only if Serial Access is enabled for the
account.
The ",Y" argument can be included to suppress the command confirmation prompt.
The "Default All Circuits" command will only be applied to the Circuits that are allowed by the account.
In order to invoke this command, Outbound Telnet/SSH and Outbound Service Access must be enabled
for your account.
In SuperUser mode, configuration menus can be displayed, but parameters cannot be changed.
User Mode and ViewOnly accounts are allowed to view existing Ping-No-Answer settings, but are not
allowed to add or modify settings.
In SuperUser mode, the /I command only offers one option: Reboot Only (Do Not Default Parameters.)
17-2
Command Reference Guide
17.3. Command Set
This Section provides information on all Text Interface commands, sorted by
functionality
17.3.1. Display Commands
/S
Display Circuit Status Screen
Displays the Circuit Status Screen, which lists the current status of the AFS-16's Circuit
Modules. For more information, please refer to Section 8.3.
Note: In Administrator Mode and SuperUser Mode, all AFS-16 circuits are
displayed. In User Mode and ViewOnly Mode, the Circuit Status Screen will
only include the circuits allowed by your account.
Availability: Administrator, SuperUser, User, ViewOnly
Format: /S [Enter]
/SG
Display Circuit Group Status Screen
Displays the Circuit Group Status Screen, which lists the available Circuit Groups, the
Circuits included in each Circuit Group, the current A/B state and other factors. For
more information, please refer to Section 8.4.
Note: In Administrator and SuperUser Mode all user defined Circuit Groups
are displayed. In User Mode and ViewOnly Mode, the Circuit Group Status
Screen will only include the Circuit Groups allowed by your account.
Availability: Administrator, SuperUser, User, ViewOnly
Format: /S [Enter]
/SN
Display Network Status
Displays the Network Status Screen, which lists current network connections to the
AFS-16's Network Port. For more information, please refer to Section 8.2.
Availability: Administrator, SuperUser
Format: /SN [Enter]
/H
Help
Displays a Help Screen, which lists all available Text Interface commands along with a
brief description of each command.
Note: In the Administrator Mode, the Help Screen will list the entire AFS-16
command set. In SuperUser Mode, User Mode and ViewOnly Mode, the Help
Screen will only list the commands that are allowed for that Access Level.
Availability: Administrator, SuperUser, User, ViewOnly
Format: /H [Enter]
17-3
Command Reference Guide
/L
Log Functions
Provides access to a menu which allows you to display the Audit Log, Alarm Log and
Temperature Log. For more information on Log Functions, please refer to Section 5.3.4.
Availability: Administrator, SuperUser
Format: /L [Enter]
/J
Display Site ID / Unit Information
Displays the user-defined Site I.D. message. If the optional asterisk (*) argument is
included in the command line, the command will also show the model number and
software version for the AFS-16 unit.
Availability: Administrator, SuperUser, User, ViewOnly
Format: /J[*] [Enter]
Where * is an optional argument, which can be included in the command line to
display the exact model number and software version of the AFS-16 unit.
17.3.2. Control Commands
/X
Exit Command Mode
Exits command mode. When issued at the Network Port, also ends the Telnet session.
Note: If the /X command is invoked from within a configuration menu, recently
defined parameters may not be saved. In order to make certain that parameters
are saved, always press the [Esc] key to exit from all configuration menus and
then wait until "Saving Configuration" message has been displayed and the
cursor has returned to the command prompt before issuing the /X command.
Availability: Administrator, SuperUser, User, ViewOnly
Format: /X [Enter]
/C
Connect
This command can be used to establish a bidirectional connection between the Serial
Port and the Network Port.
Note: User level accounts can only connect to the Serial Port or Network port
if access to the port has been specifically enabled for the account.
Availability: Administrator, SuperUser, User
Format: /C <x> [Enter]
Where xindicates the port that you wish to connect to. To connect to the Network
Port from the Serial port, enter an N; to connect to the Serial Port from the Network
Port, enter a 1.
17-4
Command Reference Guide
/TA
Toggle to "A" Position
Toggles a Circuit or a Circuit Group to the "A" position.
Note: When this command is invoked in Administrator Mode or SuperUser
Mode, it can be applied to all AFS-16 Circuits and Circuit Groups. When this
command is invoked in User Mode, it can only be applied to the Circuits and/or
Circuit Groups that have been enabled for your account.
Availability: Administrator, SuperUser, User
Format: /TA <c>[,Y] [Enter]
Where:
c
The number or name of the Circuit(s) or Circuit Group(s) that you wish
to switch to the "A" position. To apply the command to several Circuits,
enter a plus sign (+) between each Circuit number. To apply the
command to a range of Circuits, enter the numbers for the first and last
Circuits in the range, separated by a colon character (:). To apply the
command to all Circuits allowed by your account, enter an asterisk
character (*).
,Y
(Optional) Suppresses the command confirmation prompt.
Example:
Assume that your account allows access to Circuit 2 and Circuit 3. To switch Circuits 2
and 3 to the "A" position without displaying the optional command confirmation prompt,
invoke the following command line:
/TA 2+3,Y [Enter]
/TB
Toggle to "B" Position
Toggles a Circuit or a Circuit Group to the "B" position.
Note: When this command is invoked in Administrator Mode or SuperUser
Mode, it can be applied to all AFS-16 Circuits and Circuit Groups. When this
command is invoked in User Mode, it can only be applied to the Circuits and/or
Circuit Groups that have been enabled for your account.
Availability: Administrator, SuperUser, User
Format: /TB <c>[,Y] [Enter]
Where:
c
The number or name of the Circuit(s) or Circuit Group(s) that you wish
to switch to the "B" position. To apply the command to several Circuits,
enter a plus sign (+) between each Circuit number. To apply the
command to a range of Circuits, enter the numbers for the first and last
Circuits in the range, separated by a colon character (:). To apply the
command to all Circuits allowed by your account, enter an asterisk (*).
,Y
(Optional) Suppresses the command confirmation prompt.
Example:
Assume that your account allows access to Circuit 2 and Circuit 3. To switch Circuits 2
and 3 to the "B" position without displaying the optional command confirmation prompt,
invoke the following command line:
/TB 2+3,Y [Enter]
17-5
Command Reference Guide
/T
Toggle Command
This command can be used to toggle any Circuit or Circuit Group to either the "A"
position or the "B: position.
Note: When this command is invoked in Administrator Mode or SuperUser
Mode, it can be applied to all AFS-16 Circuits and Circuit Groups. When this
command is invoked in User Mode, it can only be applied to the Circuits and/or
Circuit Groups that have been enabled for your account.
Availability: Administrator, SuperUser, User
Format: /T <c>,<p>[,Y] [Enter]
Where:
c
The number or name of the Circuit(s) or Circuit Group(s) that you wish
to switch. To apply the command to several Circuits, enter a plus sign (+)
between each Circuit number. To apply the command to all Circuits
allowed by your account, enter an asterisk character (*).
p
The desired switch position. Enter an "A" to switch specified circuits to the
"A" position or a "B" to switch circuits to the "B" position.
,Y
(Optional) Suppresses the command confirmation prompt.
Example:
Assume that your account allows access to Circuit 2 and Circuit 3. To switch Circuits 2
and 3 to the "A" position without displaying the optional command confirmation prompt,
invoke the following command line:
/T 2+3,A,Y [Enter]
/DC
Set All Circuits to Default States
Sets all Circuit Modules to their user-defined default state. For information on setting
circuit defaults, please refer to Section 5.6.
Note: When this command is invoked in Administrator Mode and SuperUser
Mode, it will be applied to all AFS-16 circuits. When invoked in User Mode, the
command will only be applied to the Circuits that are allowed by your account.
Availability: Administrator, SuperUser, User
Format: /DC[,Y] [Enter]
Where ,Y is an optional command argument, which can be included to suppress the
command confirmation prompt.
/U
Send Parameters to File
Sends all AFS-16 configuration parameters to an ASCII text file as described in
Section 15. This allows you to back up the configuration of your AFS-16 unit.
Availability: Administrator
Format: /U [Enter]
17-6
Command Reference Guide
/K
Send SSH Key
Instructs the AFS-16 to provide you with a public SSH key for validation purposes. This
public key can then be provided to your SSH client, in order to prevent the SSH client
from warning you that the user is not recognized when you attempt to create an SSH
connection. For more information, please refer to Section 10.1.
Availability: Administrator
Format: /K k [Enter]
Where k is a required argument, which indicates the key type. The k argument
provides the following options: 1 (SSH1), 2 (SSH2 RSA), 3 (SSH2 DSA.)
/UL
Unlock Port (Invalid Access Lockout)
Manually cancels the AFS-16’s Invalid Access Lockout feature. Normally, when a series
of failed login attempts are detected, the Invalid Access Lockout feature can shut down
the effected port for a user specified time period in order to prevent further access
attempts. When the /UL command is invoked, the AFS-16 will immediately unlock all
ports that are currently in the locked state.
Availability: Administrator
Format: /UL [Enter]
/TELNET
Outbound Telnet
Creates an outbound Telnet connection as described in Section 10.2.
Notes:
• In order for the /TELNET command to function, Telnet/SSH and Outbound
Service Access must be enabled for your user account as described in
Section 5.5. In addition, Telnet Access and Outbound Access must also be
enabled via the Network Parameters menu, as described in Section 5.9.2.
• If you have logged in via the Network Port, the /TELNET command will not
function.
Availability: Administrator, SuperUser, User
Format: /TELNET <ip> [port] [raw] [Enter]
Where:
ip
Is the target IP address.
port Is an optional argument which can be included to indicate the target port
at the IP address.
raw
Is an optional argument which can be included to indicate a raw socket
connection. In order to create a raw socket connection, the command line
must end with the text "raw".
17-7
Command Reference Guide
/SSH
Outbound SSH
Creates an outbound SSH connection as described in Section 10.3.
Notes:
• In order for the /SSH command to function, Telnet/SSH and Outbound
Service Access must be enabled for your user account as described in
Section 5.5. In addition, SSH Access and Outbound Access must also be
enabled via the Network Parameters menu, as described in Section 5.9.2.
• If you have logged in via the Network Port, the /SSH command will not
function.
Availability: Administrator, SuperUser, User
Format: /SSH <ip> -l <username> [Enter]
Where:
ip
-l
Is the target IP address.
(Lowercase letter "L") Indicates that the next argument will be the
log on name.
username Is the username that you wish to use to log in to the target device.
17.3.3. Configuration Commands
/F
Set System Parameters
Displays a menu which is used to define the Site ID message, create user accounts,
set the system clock, and configure and enable the Invalid Access Lockout feature. All
functions provided by the /F command are also available via the Web Browser Interface.
For more information, please refer to Section 5.3.
Availability: Administrator
Format: /F [Enter]
/P
Set Serial Port Parameters
Displays a menu that is used to select options and parameters for the AFS-16 Control
Module's serial port. All functions provided by the /P command are also available via
the Web Browser Interface. Section 5.8 describes the procedure for defining serial port
parameters.
Availability: Administrator
Format: /P [Enter]
/PC
Set Circuit Parameters
Displays a menu that is used to select options and parameters for the AFS-16's Circuit
Modules. All functions provided by the /PC command are also available via the Web
Browser Interface. Section 5.6 describes the procedure for defining Circuit parameters.
Availability: Administrator
Format: /PC [Enter]
17-8
Command Reference Guide
/G
Circuit Group Parameters
Displays a menu that is used to View, Add, Modify or Delete Circuit Groups. For more
information on Circuit Groups, please refer to Section 5.7.
Availability: Administrator
Format: /G [Enter]
/N
Network Port Parameters
Displays a menu which is used to select parameters for the Network Port. Also allows
access to the IP Security function, which can restrict network access by unauthorized
IP addresses and domain names. All of the functions provided by the /N command
are also available via the Web Browser Interface. For more information, please refer to
Section 5.9.
Availability: Administrator
Format: /N [Enter]
/PNA Configure Ping-No-Answer Function
Displays a menu that is used to configure the Ping-No-Answer function. The Ping-No-
Answer function allows the AFS-16 to automatically perform A/B switching when a target
device fails to respond to a ping command. For more information on the Ping-No-
Answer function, please refer to Section 6.
Note: If desired, the Ping-No-Answer function can also be configured to send
email notification whenever a target device fails to respond to a ping command.
For more information, please refer to Section 7.2.
Availability: Administrator
Format: /PNA [Enter]
/AC
Alarm Configuration Parameters
Displays a menu that is used to configure and enable the Over Temperature Alarms,
Lost Communication Alarm, Ping-No-Answer Alarm, Invalid Access Lockout Alarm,
Power Cycle Alarm and Monitor/Alarm Input function. For more information on Alarm
Configuration, please refer to Section 7.
Availability: Administrator
Format: /AC [Enter]
17-9
Command Reference Guide
/I
Reboot System (Default)
Reinitializes the AFS-16 unit and offers the option to keep user-defined parameters or
reset to default parameters. As described in Sections 5.10.1 and 15.3, the /I command
can also be used to restore the unit to previously saved parameters. When the /I
command is invoked, the unit will offer four reboot options:
• Reboot Only (Do NOT default parameters)
• Reboot & Default (Keep IP Parameters & SSH Keys; Default all other parameters)
• Reboot & Default (Default ALL parameters)
• Reboot & Restore Last Known Working Configuration
Availability: Administrator
Format: /I [Enter]
/UF
Upgrade Firmware
When new versions of the AFS-16 firmware become available, this command is used to
update existing firmware as described in Section 16.
Note: When a firmware upgrade is performed, the AFS-16 will require
approximately 15 minutes for the upgrade procedure.
Availability: Administrator
Format: /UF [Enter]
/TEST Test Network Parameters
Displays a menu which is used to test configuration of the Syslog and SNMP Trap
functions and can also be used to invoke a Ping Command. For more information,
please refer to Section 11.2 and Section 12.2.
Notes:
• In order for the ping command to function with domain names, Domain Name
Server parameters must be defined as described in Section 5.9.5.
• The Test Menu's Ping command is not effected by the status of the Network
Parameters Menu's Ping Access function.
Availability: Administrator, SuperUser
Format: /TEST [Enter]
17-10
Appendix A.
Interface Description
RJ-45
Pin No.
RTS
1
Request to Send
Ready Out
DTR 2
Control Module
RS232 Serial Port
TXD
Data Out
3
4
5
6
7
8
Pin 1
Pin 8
GND
Ground
RXD
DCD
CTS
Data In
Carrier Detect
Clear to Send
Figure A.1: Serial Port Interface
A.1. Serial Port (RS232)
DCD and DTR hardware lines function as follows:
1. When connected:
a) If either port is set for Modem Mode, the DTR output at either port reflects the
DCD input at the other end.
b) If neither port is set for Modem Mode, DTR output is held high (active).
2. When not connected:
a) If the port is set for Modem Mode, upon disconnect DTR output is pulsed for
0.5 seconds and then held high.
b) If the port is not set for Modem Mode, DTR output is controlled by the DTR
Output option (Serial Port Parameters Menu, Option 23). Upon disconnect,
Option 23 allows DTR output to be held low, held high, or pulsed for 0.5
seconds and then held high.
Apx-1
Appendix B.
Specifications
Switch Card: Up to 16 Modules
Interface: RJ45-3, Three Jacks, 8 Pins Switched Common Jack to A or B Jack.
Contacts: High Reliability, Mechanical Relays, Break-Before-Make Contacts with 1
Amp @ 30 VDC Rating, 100 Million Cycle Life.
Switching:
Manual: Individual Toggle Switch, Gang Switching from Control Module.
Code/Web Browser: By Slot Number or by Name.
Card Rack and Control Unit
Ethernet Port: 10/100Base-T
Serial Console Port: 1 each, RJ45, RS232C
AUX Port: 5-Pin Quick-Connect Terminal Block for External Connection for Alarm
Output, Monitor Input and Ground. Monitor Input Signal is always read relative to
ground signal.
Low Monitor Input Signal: 0V to -48V
High Monitor Input Signal: +5V to +48V
RS232 Port Interface:
Connectors: One (1) RJ45 connector (DTE pinout.)
Coding: 7/8 bits, Even, Odd, No Parity, 1, 2 Stop Bits.
Flow Control: XON/XOFF, RTS/CTS, Both, or None.
Data Rate: 300 to 115.2K bps (all standard rates).
Inactivity Timeout: No activity timeout disconnects port/modem sessions.
Off, 5, 15, 30, 90 minutes.
Break: Send Break or Inhibit Break
Site ID: 32 Characters.
Port Name: 16 Characters per port.
Usernames & Passwords: 32 character usernames; 16 character passwords (case
sensitive.) Up to 128 pairs, definable circuit module, circuit group and
system access.
Physical/Environmental:
Size: 5.25” x 19.00” x 6.75” (H x W x D)
Power: 100/240 VAC 50/60 Hz, 15 watts
Weight: Shipping Weight, Fully Loaded, 15 pounds
Operating Temperature: 32˚F to 122˚F (0˚C to 50˚C)
Humidity: 10 - 90% RH
Venting: Side vents are used to dissipate heat generated within the unit. When
mounting the unit in an equipment rack, make certain to allow adequate
clearance for venting.
Apx-2
Appendix C.
Customer Service
Customer Service hours are from 8:00 AM to 5:00 PM, PST, Monday through Friday.
When calling, please be prepared to give the name and make of the unit, its serial
number and a description of its symptoms. If the unit should need to be returned for
factory repair it must be accompanied by a Return Authorization number from Customer
Service.
WTI Customer Service
5 Sterling
Irvine, California 92618
Local Phone: (949) 586-9950
Toll Free Service Line: 1-888-280-7227
Service Fax: (949) 583-9514
Email: [email protected]
Apx-3
Appendices
Trademark and Copyright Information
WTI and Western Telematic are trademarks of Western Telematic Inc.. All other product
names mentioned in this publication are trademarks or registered trademarks of their
respective companies.
Information and descriptions contained herein are the property of Western Telematic
Inc.. Such information and descriptions may not be copied, disseminated, or distributed
without the express written consent of Western Telematic Inc..
© Copyright Western Telematic Inc., 2010.
April, 2010
Part Number: 14069, Revision: B
Trademarks and Copyrights Used in this Manual
Hyperterminal is a registered trademark of the Microsoft Corporation. Portions
copyright Hilgraeve, Inc.
Teraterm is a copyright of Ayera Technologies, Inc.
BlackBerry is a registered trademark of Research In Motion Limited.
JavaScript is a trademark of Sun Microsystems, Inc.
Telnet is a trademark of Telnet Communications, Inc.
Thawte is a trademark of Thawte, Inc.
VeriSign is a registered trademark of VeriSign, Incorporated
All other trademarks mentioned in this manual are acknowledged to be the property of
the trademark owners.
Apx-4
Index
A
Authentication Protocol
SNMPv3
2-4 Automated Mode
AUX Connector
A/B Gang Switch
A/B Switch
Jumper
A/B Switching
Text Interface
Web Browser Interface
Accept Break
Network Port
Serial Port
Access Level
LDAP Group
TACACS
Accounting Port
RADIUS
Accounts
Adding
Default
Add
Circuit Group
LDAP Group
PNA Profile
User Accounts
Via SNMP
B
C
Basic Configuration
Baud Rate
Serial Port
Bind Type
Bits and Parity
Serial Port
BlackBerry
Callback Security
Callback Attempts
Callback Delay
Callback Enable
Callback Number
Certificate Signing Request
Circuit Access
Monitor/Alarm Input
Circuit Control Screen
Circuit Group
Circuit Access
Name
Circuit Group Access
LDAP Group
Circuit Group Control
Web Browser Interface
Circuit Group Control Screen
Circuit Group Directory
Add Group
Address
Invalid Access Lockout Alarm
Monitor/Alarm Input
Over Temperature Alarms
Ping No Answer Alarm
Power Cycle Alarm
Administrator
Network Port
Serial Port
Alarm Clear Threshold
Over Temperature Alarm
Alarm Configuration
Invalid Access Lockout Alarm
Over Temperature Alarms
Ping-No-Answer Alarm
Alarm Log
Alarm Set Threshold
Over Temperature Alarm
Allow List
Delete Group
Modify
View
Circuit Group Parameters
Circuit Group Status Screen
Text Interface
Circuit Module
Configuration
Granting Access
Jumper
Name
Power Up Default
Set Up
Circuit Parameters
Text Interface
ALM Indicator
Audit Log
Authentication
SNMPv3
Authentication Port
RADIUS
Circuit State
Monitor/Alarm Input
TACACS
Index-1
Index
Circuit Status Screen
Text Interface
D
Circuits to Switch
Monitor/Alarm Input
CLI
Clock and Calendar
Command Access Level
Command Confirmation
Command Echo
Network Port
Debug
RADIUS
5-13 Default User Access
Delete
Circuit Group
LDAP Groups
Serial Port
Command Line Interface
Command Mode
Access
Ping-No-Answer Reboot
PNA Profile
User Accounts
Via SNMP
Logging Out
Command Reference Guide
Command Set
DHCP
Text Interface
14-2 Dictionary Support
RADIUS
Common Name
Communication
Configuration
Circuit
Menus
Email Parameters
Ping-No-Answer Profile
Restore Previous
Restoring
15-2 DTR Output
Saving
Via SNMP
Connect Command
Connecting a PC
Console Port
E
Email Address
SSL Certificate
Email Message
Invalid Access Lockout Alarm
Monitor/Alarm Input
Over Temperature Alarms
Ping No Answer Alarm
Power Cycle Alarm
Email Parameters
Authentication Type
Domain
Configuration
Interface
Contact Output Enable
Invalid Access Lockout Alarm
Monitor/Alarm Input
Over Temperature Alarms
Ping-No-Answer Alarm
Control Card
Enable
From Address
From Name
Password
Port Number
Send Test Email
SMTP Server
To Address
A/B Switch
Control Card A/B Switch
Control Card Reset Switch
Control Module
AUX Connector
Jumper
Control Module Jumper
Copyrights
Copy to All Triggers
Over Temperature Alarms
Country
User Name
Encryption
SSH
Ethernet Port
Exit Command Mode
Text Interface
Create CSR
CRT Server Key
Upload
External Modem
Customer Service
Index-2
Index
F
Invalid Access Lockout Alarm
Address
Fallback
Fallback Local
RADIUS
TACACS
Fallback Timer
RADIUS
TACACS
Contact Output Enable
Email Message
Notify Upon Clear
Resend Delay
Subject
Trigger Enable
Firmware Upgrade
Firmware Version
From Address
Email Parameters
From Name
Email Parameters
Network Port
Ping-No-Answer Profile
5-42 IP Security
Adding IP Addresses
Examples
Operators and Wildcards
G
Gang Switch
Gateway Address
Network Port
General Parameters
Group Membership Attribute
Group Membership Value Type
J
Jumper Settings
Circuit Module
Control Module
K
Kerberos
H
Hang Up String
Modem Mode
Harden Web Security
Hardware Installation
Help Screen
Text Interface
HTTP Access
HTTP Interface
HTTP Port
HTTPS Access
HTTPS Port
Domain Realms
Key Distribution Centers
Port
Realm
Set Up
L
LDAP
Access Level
Adding LDAP Groups
Bind Type
Circuit Group Access
Deleting Groups
Enable
I
Inactivity Timeout
Network Port
Serial Port
Initialization String
Modem Mode
Initiating a Reboot Cycle
Text Interface
Input Level Jumper
Internal Modem Port
Configuration
Fallback
Group Membership Attribute
Group Membership Value Type
Group Name
Kerberos Set Up
LDAP Group Setup
LDAP Port
Modifying LDAP Groups
Parameters
Port Access
Invalid Access Lockout 5-5, 5-8 to 5-9, 7-7 to 7-9, 17-7
Primary Host
Lockout Attempts
Lockout Duration
Lockout Enable
Search Bind DN
Search Bind Password
Secondary Host
Service Access
TLS/SSL Encryption
User Search Base DN
User Search Filter
Viewing LDAP Groups
Index-3
Index
Local Control Device
Locality
Local PC
4-2 Monitor/Alarm Input (continued)
Return
Signal
Access
Subject
Trigger Enable
Lockout Attempts
Lockout Duration
Lockout Enable
Log Configuration
Log Function
Reading and Erasing
Syslog
Text Interface
Logging Out
Text Interface
Login
5-9 Monitor Input Level Jumper
5-9 Monitor Input Level Settings
N
Name
Circuit Group
Circuit Module
Network Access
Network Configuration
Logoff Character
Network Port
Serial Port
Accept Break
Administrator Mode
Command Echo
M
DHCP
Management Utility
Manual Control
Manual Operation
Master A/B Gang Switch
Menus
MIB Parameters
Modem
Access
Modem Mode
Hang Up String
Initialization String
Periodic Reset Value
Reset String
Modem Phone Number
Modem Port
Configuration
Modify
Domain Name Server
Email Parameters
Gateway Address
Harden Web Security
HTTP Access
HTTP Port
HTTPS Access
HTTPS Port
Inactivity Timeout
IP Address
IP Security
Kerberos Set Up
LDAP Parameters
Logoff Character
Multiple Logins
Ping Access
RADIUS
Circuit Group
LDAP Groups
Ping-No-Answer Reboot
PNA Profile
Sequence Disconnect
SNMP Parameters
SSH Access
SSH Port
User Accounts
Via SNMP
Monitor/Alarm Input
Address
Circuit Access
Circuit Group Access
Circuit State
Circuits to Switch
Contact Output Enable
Email Message
Static Route
Subnet Mask
Syslog Address
TACACS
Telnet Access
Telnet Port
7-11 Network Parameters
7-11 Network Port
Administrator
SuperUser
Level Settings
7-12 Network Port Parameters
7-10 Network Status Screen
Monitor/Alarm Input Delay
Monitor/Alarm Input Level
Notify Upon Clear
Resend Delay
7-10 Normal Mode
DTR Output
Text Interface
Index-4
Index
Notify Upon Clear
Invalid Access Lockout Alarm
Over Temperature Alarms
Ping No Answer Alarm
NTP
Enable
NTP Timeout
Primary NTP Address
Secondary NTP Address
NTP Enable
Ping-No-Answer Profile
Adding PNA Profiles
Circuit Access
Circuit Group Access
Consecutive Failures
Deleting PNA Profiles
Domain Name
Interval After Failed Ping
IP Address
Modifying PNA Profiles
Ping Delay After PNA Action
Ping Interval
Ping Test
PNA Action
Toggle
Viewing PNA Profiles
Ping Test
Plug Access
TACACS
Plug Group Access
TACACS
PNA Action
Continuous
Single
NTP Timeout
O
Operation
Organizational Name
Organizational Unit
Outbound Access
Outbound SSH
Outbound Telnet
Over Temperature Alarms
Address
Alarm Clear Threshold
Alarm Set Threshold
Contact Output Enable
Email Message
PNA Command
Port
Kerberos
Port Access
LDAP Group
Port Configuration
Port Mode
Serial Port
Port Name
Notify Upon Clear
Resend Delay
Subject
Trigger Enable
P
Password
Default
Email Parameters
SNMPv3
PDAs
Periodic Reset Value
Modem Mode
PIC Version
Ping Access
Ping Interval
Ping-No-Answer Profile
Ping-No-Answer Alarm
Address
Contact Output Enable
Email Message
Notify Upon Clear
Resend Delay
Subject
Serial Port
Port Number
Email Parameters
Power Cycle Alarm
Address
Email Message
Subject
Trigger Enable
Power Inlets
Power Supply
Power Supply Indicators
Power Supply Module
Power Switch
Power Up Default
Circuit Module
Primary Address
RADIUS
TACACS
Primary Host
Primary NTP Address
Primary Secret Word
RADIUS
Trigger Enable
Ping-No-Answer Function
Index-5
Index
Privacy
SNMPv3
Product Information
Product Status Screen
Public Key
S
5-33 Safety Information
17-4 Saving Parameters
Text Interface
10-1 Scripting Options
Search Bind DN
Q
R
Search Pind Password
Secondary Address
RADIUS
Quick Start Procedure
RADIUS
TACACS
Accounting Port
Authentication Port
Debug
Dictionary Support
Enable
Fallback Local
Fallback Timer
Primary Address
Primary Secret Word
Retries
Secondary Host
Secondary NTP Address
Secondary Secret Word
RADIUS
Secret Word
TACACS
Self Signed Certificate
Sending Traps via SNMP
Send Test Email
Sequence Disconnect
Network Port
Secondary Address
Secondary Secret Word
Set Up
Serial Port
Serial Port
Read Only
Accept Break
Access
SNMP Parameters
Real Time Clock
Date
NTP Enable
NTP Timeout
Primary NTP Address
Secondary NTP Address
Test NTP Servers
Time
Administrator Mode
Baud Rate
Bits and Parity
Command Echo
Configuration
Handshake Mode
Inactivity Timeout
Interface
Logoff Character
Modem Mode
Normal Mode
Time Zone
Reboot System
Resend Delay
Invalid Access Lockout Alarm
Monitor/Alarm Input
Over Temperature Alarms
Ping No Answer Alarm
Reset String
Modem Mode
Reset Switch
Restore Configuration
Restoring Parameters
Retries
RADIUS
Return
Monitor/Alarm Input
RS232 Port
Interface
Port Mode
Port Name
Sequence Disconnect
Stop Bits
Serial Port Interface
Serial Port Parameters
Server Private Key
Service Access
LDAP Group
TACACS
Set Circuits to Defaults
Text Interface
Setting Circuit to Default
Web Browser Interface
Signed Certificate
Site I.D.
Text Interface
SMTP Server
Index-6
Index
SNMP
Adding Users
SSL Certificate
Common Name
Country
Create CSR
Email Address
Locality
Organizational Name
Organizational Unit
State or Province
Upload Signed Certificate
Circuit Status
Configuration
Configuration Via
Controlling Circuit Groups
Controlling Circuits
Deleting Users
Modifying Users
Sending Traps
SNMP Traps
12-2 State or Province
13-4 Static Route
13-2 Stop Bits
Testing
Unit Environment Status
Unit Operation Via
Viewing Users
View Unit Status
SNMP Agent
SNMP Parameters
Access
Authentication
Authentication Protocol
Enable
13-1 Subject
Invalid Access Lockout Alarm
Serial Port
Monitor/Alarm Input
Over Temperature Alarms
Ping No Answer Alarm
Power Cycle Alarm
Privacy
Read Only
5-33 Subnet Mask
Network Port
5-34 SuperUser
Read Only Community
Read/Write Community
SNMP Contact
SNMP Location
SNMPv3
Network Port
5-34 Support
5-34 Suppress Sure Prompt
SNMPv3 Password
SNMPv3 User Name
Version
Text Interface
Web Browser Interface
5-33 Switching Commands
SW Version
SNMP Trap
Configuration
SNMP Managers
Testing
12-1 Syslog
Configuration
Syslog Address
Syslog Messages
Testing Configuration
Trap Community
SNMPv3
Authentication
Authentication/Privacy
Authentication Protocol
Encryption
Password
Username
13-1 System Parameters
Alarm Log
Audit Log
Automated Mode
Callback Security
Command Confirmation
Control Card A/B Switch
Control Card Reset Switch
Invalid Access Lockout
Log Configuration
Management Utility
Modem Phone Number
Real Time Clock
Software Version
Specifications
SSH
Access
Encryption
Keys
SSH Access
SSH Encryption
SSH Port
Scripting Options
Site I.D.
Temperature Calibration
Temperature Format
User Directory
System Reboot
Index-7
Index
T
U
TACACS
Access Level
Authentication Port
Configuration
Default User Access
Enable
Fallback Local
Fallback Timer
Plug Access
Plug Group Access
Primary Address
Secondary Address
Secret Word
Unit Description
5-38 Unlock Port
Text Interface
5-38 Upgrading Firmware
5-38 Upload
CRT Server Key
Signed Certificate
5-38 User
5-39 User Accounts
Access Level
Access Levels
Adding
Callback Number
Circuit Group Access
Circuit Module Access
Service Access
Tech Support
Telnet
Command Access Levels
Default
Access
Outbound
Deleting
Telnet Command
Telnet Access
Telnet Port
Editing
Modifying
Password
Temperature Calibration
Temperature Format
Temperature Log
Test
Port Access
Service Access
Username
Viewing
Ping Test
Test Menu
6-2 User Directory
Test NTP Servers
Text Interface
Applying Commands to Several Circuits
Command Set
Set Circuits to Defaults
Switching Circuits
Time
Time Zone
TLS/SSL Encryption
To Address
Email Parameters
Toggle Command
Toggle to A
Toggle to B
Trademarks
Trigger Enable
Invalid Access Lockout Alarm
Monitor/Alarm Input
Over Temperature Alarms
Ping No Answer Alarm
Power Cycle Alarm
Email Parameters
SNMPV3
9-6 User Search Base DN
V
Version
SNMP
View
Circuit Group Directory
LDAP Groups
Ping-No-Answer Reboot
PNA Profile
User Accounts
Via SNMP
ViewOnly
W
Warnings and Cautions
Web Access
Web Browser Interface
WTI Management Utility
Index-8
|