NetLinx Security Features | AMX NI-3101-SIG specs

NetLinx Security with a Terminal Connection

NetLinx Security with a Terminal Connection

NetLinx Masters currently have built-in security capabilities. They require a user entering a valid username and password to access the NetLinx System’s Telnet, HTTP, ICSP, and FTP services.

The security capabilities are configured and applied via a Telnet connection or the NetLinx Master’s RS- 232/USB terminal interface (the RS232/USB Configuration Port).

Always use the RS232/USB Configuration Port when entering potentially sensitive security information. The Telnet server interface exposes this security information to the network in clear text format, which could be intercepted by an unauthorized network client. Using the RS232/USB Configuration Port offers security during the configuration of the database due to the physical proximity of the user to the system.

NetLinx Security Features

NetLinx security allows a qualified user to define access rights for users or groups.

A "User" represents a single potential client of the NetLinx Master, while a "Group" represents a logical collection of users. Any properties possessed by groups (i.e., access rights, directory associations, etc.) are inherited by all the members of the group.

The following table lists the NetLinx features that the administrator (or other 'qualified' user) may grant or deny access to.

NetLinx Security Features

NetLinx Master Security Configuration	The user has access to the security configuration commands of the
	Master. Only those users with security configuration access rights
	granted will have access to the security configuration
	commands.

Telnet Security	The user has access to the Telnet server functionality. All basic
	commands are available to the user.

Terminal (RS232/USB) Security	The user has access to the Terminal server functionality through the
	USB connector. All basic commands are available to the user.

HTTP (web server) Security	The user has access to the HTTP server functionality. Directory
	associations assign specific directories/files to a particular user.

FTP Security	The user has access to the FTP server functionality. Only the
	administrator account has access to the root directory; all other
	'qualified' clients are restricted to the /user/ directory and its 'tree'.

ICSP	The user has access to the ICSP communication functionality.
	Communication and encryption rights are available to an authorized
	user.

ICSP Encryption	The user has access to the ICSP data encryption functionality.
	Enabling encryption of ICSP data requires that both:
	- AMX hardware or software communicating with the target
	Master provide a valid username and password.
	- All communication is encrypted.

NI-3101-SIG Signature Series NetLinx Integrated Controller	117

Image 123

AMX NI-3101-SIG manual NetLinx Security Features, User has access to the Icsp communication functionality

Contents

NI-3101-SIG AMX Limited Warranty and Disclaimer Introduction NetLinx Security within the Web Server NetLinx Security with a Terminal Connection 117 Troubleshooting 167 NI-3101-SIG FG2105-08 NetLinx Integrated Master Controller Features MB Flash NI-3101-SIG SpecificationsNI-3101-SIG Specifications Blue LED bar lights when powered up RS-232/422/485 Ports 1 IR ports support data mode at limited baud rates and wiring DistancesD notation is used to represent a device number NI-3101-SIG Specifications Page Numberportsystem DevicePortSystem DPSWhere Structure DEV Installation into an Equipment Rack PRD Mode Program Run Disable PRD modeWorking with the Configuration DIP switch PRD Mode Settings Modes and LED Blink Patterns Configuration Port Connections and WiringMode Description Blue White Modes and Front Panel LED Blink Patterns Rear Port Assignments are as follows Off No power, or the controller is not functioning properlyPort Assignments and Functionality AXlink Port and LED Wiring Guidelines NI-3101 @ 900 mA Wiring GuidelinesWiring length guidelines Preparing captive wires Using the 4-pin mini-Phoenix connector for data and power Wiring a power connection GND AXP/TX AXM/RX Pin DB9 Device Port Connections and WiringRelay Port Connections and Wiring RS-232/422/485 Device Port Wiring Specifications Input/Output I/O Port Connections and Wiring Relay connectionsPort +12V 6 5 4 3 2 Signal Function IR/Serial Port Connections and WiringPort Wiring Specifications NI-3101-SIG IR/Serial Connector Wiring Specifications per Port Ethernet/RJ-45 Port Connections and Wiring Ethernet RJ-45 Pinouts and SignalsSignals Connection Pairing Color On-board Master has a built-in FTP server 21/20 TCP Ethernet ports used by the Integrated ControllersEthernet Ports Used by the NetLinx Integrated Controllers Port type Description Standard Port Replacing the Timekeeper Battery Configuration and Firmware Update Communicating with the Master via the Program Port Master Communication Settings dialog box COM1 Setting the System Value Using multiple NetLinx Masters Device Addressing dialog changing the device value Changing the Device Address of a NetLinx Device 301 Using the ID Button to Change the Controller’s Device ValueRecommended NetLinx Device numbers Axcess Devices use Axcess standards Resetting the Factory Default System and Device Values Network Addresses dialog for a Dhcp IP Address Obtaining the Master’s IP Address using Dhcp Configuration and Firmware Update Assigning a Static IP to the NetLinx Master Communicating with the NI Device via an IP Communications Settings dialog box TCP/IP Settings dialog box Master Controller User Name and Password dialog box Sample NetLinx Workspace window showing OnLine Tree tab Verifying the current version of NetLinx Master Firmware Firmware Kit File usage for NI Controllers Upgrading the On-board Master Firmware via an IP Select the NI Master’s Kit file from the Files section FIG After the last component fails to install, click Done Upgrading the NI Controller Firmware via IP Configuration and Firmware Update Configuration and Firmware Update Page Username and profile NetLinx Security within the Web Server NetLinx Security Terms NetLinx Security TermsCase sensitive Accessing an Unsecured Master via an Http Address Browser Application Frames Default Security Configuration Account Group Default Security Configuration case-sensitive Telnet Security Master Firmware Security Access Parameters Managing WebControl Connections Web Control Internet Security FeaturesManage WebControl Connection Page Features Feature Description Compatible Devices Field Group Level Security FeaturesFeature Description System Level Security System Level Security System Level Security And/or SSH Ports. SSH version 2 is only supported Configuration/Reset, URL list settings, MasterCommunication settings, and security parameters Master must provide a valid username and password Section on page 49 for more detailed field descriptions Setting the system security options for a NetLinx Master Administrator group account cannot be deleted or modified Manage Group Icsp AuthenticationYou are logged in as a user with Configuration Access Security Group Level Security Configure Group Properties IP configuration/Reset, URL list settings, MasterCommunication settings, and file transfers Modifying the properties of an existing Group Adding a new Group Deleting an existing Group Feature Description Manage Users Security User Level SecurityManage Users User Security Details Configure User PropertiesFeature Description Configure User Properties To this Sensitive and must be unique Configure Users PropertiesFeature Description User Security Details Adding a new User Modifying the properties of an existing User Click the Back button to return to the Manage User Deleting an existing User System Settings Online Tree System Settings Manage SystemFeature Description Online Tree menu Manage System Page Components Menus Feature Description Management menu optionsSystem menu buttons This button is available from within all Management Port menu buttons Feature Description Device menu buttons System Menu Modifying the Date/Time Manage System System Menu Buttons System Menu Rebooting the Master System Menu Changing the System NumberSystem Menu Controlling/Emulating Devices on the Master Control/Emulate dialog Select either the Control or Emulate option Minimum Value Maximum Value Valid Level Data Types and Ranges Diagnostics dialog showing modify popup Manage System Diagnostics Setting up and removing a Diagnostic Filter Diagnostic Configuration DialogFeature Update Remove Description Feature Description Presets New Preset. Refer to of this section for more informationSystem/Device/Port NetLinx Security within the Web Server Server Submenu Options Setting the Master’s Port ConfigurationsDefault port for each service is listed to the right Manage System Server FTP SSH Modifying the Server Port Settings Server Port SettingsIs determined by the user Address field of the SSH Client application FeatureDescriptionEnabled but the value can not be changed SSH Port Certificate consists of two different Keys SSL Server Certificate Creation Procedures Desired Server Certificate EntriesContained in the certificate on the target Master From an external source Server Creating a self-generated SSL Certificate Server Display SSL Server Certificate Information Server Creating a Request for an SSL Certificate Server Regenerating an SSL Server Certificate Request State/province name must be fully spelled out Communicating with the CA Common Steps for Requesting a Certificate from a CA Export SSL Certificate dialog Server Exporting an SSL Certificate Request Before importing a CA server certificate Server Importing a CA created SSL Certificate Manage System Device Menu Buttons Device Menu Configuring the Network Settings Network Settings Dialog Feature Description IP AddressDNS Address Click the Back button to return to the main URL List dialog Device Menu Developing a URL List URL List dialog with entries Device Menu Changing the Device Number Device Menu Viewing the Log Device Menu Running a Diagnostic FilterDevice Menu Controlling or Emulating a device Master section on page 67 for more information Adding a new license System Settings Manage License Removing a license System Settings Manage NetLinx Devices Feature Clear List Refresh List DescriptionManage NetLinx Devices After a period of time, unable to establish communication Feature Description Device Listings Manage NetLinx Devices Displaying NDP-capable devices Click the icon to collapse the particular Master’s listingManage NetLinx Devices Binding/Unbinding Explained MAC Address of the Master in FIG Manage NetLinx Devices Obtaining NetLinx Device information System Settings Manage Other Devices Must always be User-Defined devices Feature Description Dynamic Device Discovery linksConfigure Binding Options Manage Other Devices This selection is a one-time occurrence. Upon the next Reboot, the selection is cleared Deleted via the Purge Bound Modules on Reset selection Dynamic Device Discovery Concepts What is Dynamic Device Discovery? Manage Other Devices Manage Device Bindings Defineconstant Definetype Definevariable Configuring application-defined devicesWhat are Application Devices and their association status? PROGRAMNAME=DDD Manage Device Bindings NetLinx Security within the Web Server View Discovered Devices Manage Other Devices Menu Viewing Discovered Devices Module Properties displayed via a mouse-over popup dialog Switcher SDK-Class TypesAmplifier DocumentCamera SlideProjector AudioConferencer How do I write a program that uses Dynamic Device Discovery To configure a Static application interface How do I configure a Run-time installation Accessing an SSL-Enabled Master via an IP Address Security Alert and Certificate popups Certificate Import Wizard Using your NetLinx Master to control the G4 panel WebControl VNC installation and Password entry screens Connection Details dialog What to do when a Certificate Expires NetLinx Security Features NetLinx Security FeaturesUser has access to the Icsp communication functionality Logout Close Initial Setup via a Terminal ConnectionAccessing the Security configuration options Setup security Access NetLinx Security with a Terminal Connection Enabled Select to change current security optionOr Enter to return to previous menu Security Options Option 3 Add user CommandItems in the Security Options Menu are described below Option 2 Display system security options for NetLinx Master Edit User Menu Option 4 Edit User Edit User Menu Command DescriptionPassword from that point forward Select to change current access right Option 5 Delete user Access Rights Menu Option 6 Show the list of authorized users Option 7 Add GroupPress Enter to display the following Edit Group menu Results.txt Press Enter to return to the Edit Group menuPath User1 Select from the following list Administrator Group Option 8 Edit GroupOr Enter to return to previous menu Set Rights Option 10 Show List of Authorized Groups Option 11 Set Telnet Timeout in secondsSpecify Telnet Timeout in seconds Option 9 Delete Group Option 12 Display Telnet Timeout in seconds Telnet Timeout is 10 secondsOption 13 Make changes permanent by saving to flash Set system security options for Main Security MenuMain Security menu is described below Main Security Menu Security Options FTP Security Enabled Reset DatabaseAdministrator only function Group Group administrator Rights All Help Menu Options Help menu SET DNS DPS NAME,COMMANDSET Icsp TCP Timeout NAME,STRING SET Date Logging Into a Session Setup Security LogoutHelp Security Page Clock Master SendCommandsMaster SendCommands Converting Axcess Code to NetLinx Code Used to determine each unique listing ClockcommandsSendcommand 010,~IGNOREEXTERNALCLOCKCOMMANDS G4WC Udpsendto Master IP Local Port SendCommandsUsing the ID Button Master IP Local Port SendCommands NI-2x00 Port Assignments Configuration Port CommandsPC COM Port Communication Settings DevicePortSystem DPS Echo on Configuration Port CommandsDate Echo OFF GET Ethernet Mode PortMSG on or MSG OFF Ping IP Address OFF DPS, or NameChan On DPS, NAME, Chan Name,String Name,CommandPulse DPS, or Name PWD Rent Java memory heap size as measured in Megabytes. This Entering N no cancels the operationPrompts you to enter the new date for the Master Master-to-Master systems Enter Y yes to approve/store the information into the Master Subnet Mask, and Gateway IP Address Set Queue Size Menu Use caution when adjusting these valuesSET Queue Size Set queue size SET UPD BC Rate Displays a list of all devices present on the bus Example Show BuffersEach queue Example Displays a list of any combined devices Example If end is not entered, the last 20 messages will be shown Show LOGDisplays the log of messages stored in the Masters memory Master logs all internal messages and keeps the most recent Show MAX Buffers Displays the current time on the Master Example Show SystemSystems listed are in numerical order Example Lists all active TCP/IP connections Example Escape Pass Codes ESC Pass CodesWindowsTM client programs Linux Telnet client RS232/422/485 ports are Ports LED Disable/Enable SendCommandsLED SendCommands RS232/422/485 Ports Channels RS-232/422/485 SendCommands RS-232/422/485 SendCommandsThese examples DEV = device Rxclr GET BaudHsoff Hson Xoff SET BaudTset Baud Txclr RS-232/422/485 SendString Escape Sequences RS-232/422/485 SendString Escape SequencesXON Sendstring DEV,27,20,1 Command Description 27,20,1IR / Serial Ports Channels IR / Serial Ports Channels Caron IR/Serial SendCommandsIR/Serial SendCommands Caroff Iroff GET ModeCtof Cton POD POFPON SET IO Link PtofPton Meters for the IR Ports Short cable length 10 feet SET ModeSendcommand IR1,SET Mode IR Sendcommand IR1, SP,25 Xchm Sendcommand DEV,XCHM extended channel modeSendcommand IR1,XCHM Sendcommand IR1,XCH SET Input Input/Output SendCommandsSendCommands GET Input Troubleshooting Information TCP/IP Page It’s Your World Take Control