AMX NI-3101-SIG - page 51

NetLinx Security within the Web Server

45

NI-3101-SIG Signature Series NetLinx Integrated Controller

If a user is not currently logged-into the Master (via the initial Login screen) and they attempt to access a

feature wherein authentication is required, they are prompted with a message to log into the Master (via

the Log In button) (FIG.31). After the user’s information and rights are confirmed, the login process is

successfully completed and the button changes state and displays Log Out. A user must be logged into

the system before their associated rights can be activated for the current session.

There is no limit to the number of concurrent logins allowed for a single user. This feature facilitates the

creation of a single user (which is really an ICSP device such as a touch panel) that is provided to a

number of ICSP devices using the same login to obtain access to the Master.

 As an example, if you had 50 devices connected to a Master, you would not have to create 50

individual user accounts-one for each device. Instead, you only need to create one to which all

50 devices use for access.

By default, the NetLinx Master creates the following accounts, access rights, directory associations, and

security options:

Security Options: FTP Security - Enabled

Admin Change Password Security - Enabled

All other options - Disabled

FIG. 31 Log In/Log Out fields

Log In/Log Out

Username

Password

field

field

button

Authentication is based upon matching the user’s data to pre-configured username

and password information, and then assigning the rights assigned to that user.

The maximum length of a username or password is 20 characters. The minimum

length of a username or password is four characters. Characters such as # (pound) &

(ampersand) and ’ " (single and double quotes) are invalid and should not be used in

usernames, group names, or passwords.

Default Security Configuration (case-sensitive)

Account 1 Account 2 Group 1

Username: administrator Username: NetLinx Group: administrator

Password: password Password: password Rights: All

Group: administrator Group: none Directory Association: /*

Rights: All Rights: FTP Access

Directory Association: /* Directory Association: none

By default, Master Security (and all subordinate options) are disabled. If the user/group is

given FTP access rights by the administrator, all directories can become accessible (read/

write/modify).

Contents

Main AMX Limited Warranty and Disclaimer Configuration and Firmware Update ................................................................21 NetLinx Security within the Web Server ...........................................................41 NetLinx Security with a Terminal Connection .................................................117 Page Introduction NI-3101-SIG Specifications Page NI-3101-SIG Specifications (Cont.) Page Page Installation and Upgrading Device:Port:System (D:P:S) Installation into an Equipment Rack 1. 2. 3. 4. 5. Connections and Wiring Setting the Configuration DIP Switch for the Configuration Port Program Run Disable (PRD) mode Working with the Configuration DIP switch 1. 2. 3. Configuration Port Connections and Wiring Modes and Front Panel LED Blink Patterns Modes and LED Blink Patterns Port Assignments and Functionality AXlink Port and LED Wiring Guidelines Wiring length guidelines Preparing captive wires 1. 2. 3. Wiring a power connection 1. 2. 3. Using the 4-pin mini-Phoenix connector for data and power Using the 4-pin mini-Phoenix connector for data with external power DB9 Device Port: Connections and Wiring Relay Port: Connections and Wiring Up to 8 independent external relay devices may be connected to the Relay connectors on the device. RS-232/422/485 Device Port Wiring Specifications Relay connections Input/Output (I/O) Port: Connections and Wiring IR/Serial Port: Connections and Wiring The IR/Serial connector wiring specifications are listed in the following table: I/O Port Wiring Specifications - NI-3101-SIG IR/Serial Connector Wiring Specifications (per Port) Ethernet/RJ-45 Port: Connections and Wiring The following table lists the pinouts, signals, and pairing for the Ethernet connector. 123 456 78 Ethernet LEDs FIG.11 diagrams the RJ-45 pinouts and signals for the Ethernet RJ-45 connecto r and cable. Ethernet ports used by the Integrated Controllers Ethernet Ports Used by the NetLinx Integrated Controllers Replacing the Timekeeper Battery Configuration and Firmware Update Communicating with the Master via the Program Port 7. 8. Setting the System Value 1. Page Changing the Device Address of a NetLinx Device Recommended NetLinx Device numbers Using the ID Button to Change the Controllers Device Value 1. 2. 3. Resetting the Factory Default System and Device Values Obtaining the Masters IP Address (using DHCP) Page Assigning a Static IP to the NetLinx Master Communicating with the NI Device via an IP Page Page Verifying the current version of NetLinx Master Firmware 1. 2. 3. 4. Upgrading the On-board Master Firmware via an IP 1. 2. 3. 4. 7. 8. 9. 10. 11. 12. 13. Upgrading the NI Controller Firmware via IP Page Page Page NetLinx Security within the Web Server NetLinx Security Terms Accessing an Unsecured Master via an HTTP Address 1. 2. 3. 4. Browser Application Frames Default Security Configuration Page Master Firmware Security Access Parameters Web Control Managing WebControl Connections Security Features Manage WebControl Connection Page Features Security - System Level Security page System Level Security Page System Level Security Page (Cont.) Setting the system security options for a NetLinx Master 1. 2. 3. 4. 5. 6. ICSP Authentication Security - Group Level Security page Configure Group Properties Page Page Page Security - User Level Security page Configure User Properties Page Adding a new User 1. 2. 3. 4. 5. Page System Settings System Settings - Manage System page Manage System Page Components Page Manage System Page Components (Cont.) Manage System - System Menu Buttons Page Page 7. 8. 9. 10. 11. Page Setting up and removing a Diagnostic Filter 1. 2. 3. 4. Diagnostic Configuration Dialog (Cont.) 5. 6. Setting the Masters Port Configurations Manage System - Server 3. 1. frame). SS SS SS SS SS Modifying the Server Port Settings 1. dialog seen above in FIG.47. 2. 3. Enabled checkbox and then entering a value within the Port N umb er field . Server Port Settings 4. button and reconnect to the Master. 5. Server Port Settings (Cont.) SSL Server Certificate Creation Procedures 1. Server Certificate Entries Page Page Page Common Steps for Requesting a Certificate from a CA Page 11. Server - Importing a CA created SSL Certificate 1. 2. 3. 4. Manage System - Device Menu Buttons 4. 5. 6. 7. 8. 9. Page 10. 11. 4. Device Menu - Changing the Device Number 1. 2. Page System Settings - Manage License Adding a new license 1. 3. 2. Page System Settings - Manage NetLinx Devices Manage NetLinx Devices Page (Cont.) Manage NetLinx Devices - Displaying NDP-capable devices 1. 2. Manage NetLinx Devices - Binding/Unbinding - Explained Manage NetLinx Devices - Obtaining NetLinx Device information 1. System Settings - Manage Other Devices - Dynamic Device Discovery Pages Manage Other Devices Page Page Manage Other Devices Page (Cont.) What is Dynamic Device Discovery? What is the difference between Program and Run-time defined binding? Manage Other Devices - Manage Device Bindings Configuring application-defined devices What are Application Devices and their association status? Page Page Manage Other Devices Menu - Viewing Discovered Devices Page Manage Other Devices Menu - Creating a new User-Defined Device 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 3. 4. 5. 6. How do I configure a Run-time installation 1. Accessing an SSL-Enabled Master via an IP Address 3. 1. 2. 4. 5. 6. Page Page 7. 8. 9. 10. 11. What to do when a Certificate Expires NetLinx Security with a Terminal Connection NetLinx Security Features Initial Setup via a Terminal Connection Establishing a Terminal connection via the RS-232/USB Configuration Port 1. 2. 3. 4. 5. 6. 2. 3. 4. Option 1 - Set system security options for NetLinx Master (Security Options Menu) Page The items in the Security Options Menu are described below: Option 2 - Display system security options for NetLinx Master Option 3 - Add user 1. create a new user account. A sample session response is: Security Options Menu 2. 3. 4. 5. 6. Option 4 - Edit User 1. 2. Edit User Menu Access Rights Menu Edit User Menu Option 5 - Delete user 1. user account and returns you to the Security Setup menu. delete an existing user account. A sample session response is: 2. Access Rights Menu Page Edit Group menu: Delete directory association 1. 2. Edit Group menu: List directory associations 1. Edit Group menu: Change Access Rights 1. 2. Edit Group menu: Display Access Rights 1. 2. Option 8 - Edit Group 1. Page Page Main Security Menu The Main Security menu is described below: Main Security Menu Default Security Configuration versions. Main Security Menu (Cont.) disabled. Help menu Type help at the prompt in the Telnet session to display the following help topics: Help Menu Options Help Menu Options (Cont.) Logging Into a Session Logout Help Security Setup Security Page Programming Converting Axcess Code to NetLinx Code Master Send_Commands Master Send_Commands (Cont.) Master IP Local Port Send_Commands Using the ID Button 1. 2. Device:Port:System (D:P:S) Configuration Port Commands Configuration Port Commands Page Page Page Page Page Page Page Page Page Page Page ESC Pass Codes Notes on Specific Telnet/Terminal Clients WindowsTM client programs Linux Telnet client LED Disable/Enable Send_Commands RS232/422/485 ports are Ports 1-6). RS232/422/485 Ports Channels THE FOLLOWING SECTIONS ONLY APPLY TO THE INTEGRATED CONTROLLER COMPONENT OF THE NI-3101-SIG. LED Send_Commands RS-232/422/485 Send_Commands RS-232/422/485 Send_Commands Page Page RS-232/422/485 Send_String Escape Sequences RS-232/422/485 Send_String Escape Sequences IR / Serial Ports Channels IR/Serial Send_Commands IR/Serial Send_Commands PORT 4 IR,CARRIER,IO LINK 0 Page Page Page Page Input/Output Send_Commands I/O ports: Port 17. Channels: 1 - 8 I/O channels. I/O Send_Commands Troubleshooting Troubleshooting Information Troubleshooting Information (Cont.)