AMX NI-3101-SIG 4. , 5. , 6.

NetLinx Security within the Web Server

53

NI-3101-SIG Signature Series NetLinx Integrated Controller

4. Click on the desired access parameters and configuration checkboxes necessary to require user

validation prior to usage.

 Enabling the Terminal, HTTP, and Telnet Access options require that a valid username and

password be entered prior to gaining access to the desired action. If the HTTP Access option

is enabled, upon the initial connection to the Master (via the web browser) the Login

page appears and requires a valid username and password be entered before allowing

access to the web server pages.

 Enabling the Configuration option requires that the user be logged in and their rights validated

before allowing any modification to the current Master security configuration and

communication parameters. If the Configuration option is enabled and the user wants to

modify the Master’s IP Address; they would either be prompted to log in (via the Login

button) or if already logged in, notified whether their rights are sufficient to allow them

to change the current parameter.

 The ICSP Connectivity option is required to allow authenticated and/or secure

communication between the Master and other AMX hardware/software. To establish an

authenticated ICSP connection (where the external AMX hardware/software would have to

provide a valid username and password). This option must be enabled (checked).

5. Click on the checkbox next to Require Encryption to enable the requirement of data encryption

over the ICSP connection. Note that this is optional and if enabled, requires more processor cycles

to maintain.

6. Click the Update button to accept and save any changes on this page back to the Master. Updating

these changes is instantaneous and does not require a reboot. Successful incorporation of the

changes to the Master’s security configurations results in an on-screen message stating: "Security is

enabled when it is checked".

FIG. 36 System Level Security - Enable/Disable System Security page with selections

NetLinx Master

security features

Require Encryption

option (enable/disable)

Security Level features

A Group represents a logical collection of individual users. Any properties possessed

by a group (ex: access rights, directory associations, etc.) are inherited by all

members of that group.

The "administrator" group account cannot be deleted or modified.

Contents

Main AMX Limited Warranty and Disclaimer Configuration and Firmware Update ................................................................21 NetLinx Security within the Web Server ...........................................................41 NetLinx Security with a Terminal Connection .................................................117 Page Introduction NI-3101-SIG Specifications Page NI-3101-SIG Specifications (Cont.) Page Page Installation and Upgrading Device:Port:System (D:P:S) Installation into an Equipment Rack 1. 2. 3. 4. 5. Connections and Wiring Setting the Configuration DIP Switch for the Configuration Port Program Run Disable (PRD) mode Working with the Configuration DIP switch 1. 2. 3. Configuration Port Connections and Wiring Modes and Front Panel LED Blink Patterns Modes and LED Blink Patterns Port Assignments and Functionality AXlink Port and LED Wiring Guidelines Wiring length guidelines Preparing captive wires 1. 2. 3. Wiring a power connection 1. 2. 3. Using the 4-pin mini-Phoenix connector for data and power Using the 4-pin mini-Phoenix connector for data with external power DB9 Device Port: Connections and Wiring Relay Port: Connections and Wiring Up to 8 independent external relay devices may be connected to the Relay connectors on the device. RS-232/422/485 Device Port Wiring Specifications Relay connections Input/Output (I/O) Port: Connections and Wiring IR/Serial Port: Connections and Wiring The IR/Serial connector wiring specifications are listed in the following table: I/O Port Wiring Specifications - NI-3101-SIG IR/Serial Connector Wiring Specifications (per Port) Ethernet/RJ-45 Port: Connections and Wiring The following table lists the pinouts, signals, and pairing for the Ethernet connector. 123 456 78 Ethernet LEDs FIG.11 diagrams the RJ-45 pinouts and signals for the Ethernet RJ-45 connecto r and cable. Ethernet ports used by the Integrated Controllers Ethernet Ports Used by the NetLinx Integrated Controllers Replacing the Timekeeper Battery Configuration and Firmware Update Communicating with the Master via the Program Port 7. 8. Setting the System Value 1. Page Changing the Device Address of a NetLinx Device Recommended NetLinx Device numbers Using the ID Button to Change the Controllers Device Value 1. 2. 3. Resetting the Factory Default System and Device Values Obtaining the Masters IP Address (using DHCP) Page Assigning a Static IP to the NetLinx Master Communicating with the NI Device via an IP Page Page Verifying the current version of NetLinx Master Firmware 1. 2. 3. 4. Upgrading the On-board Master Firmware via an IP 1. 2. 3. 4. 7. 8. 9. 10. 11. 12. 13. Upgrading the NI Controller Firmware via IP Page Page Page NetLinx Security within the Web Server NetLinx Security Terms Accessing an Unsecured Master via an HTTP Address 1. 2. 3. 4. Browser Application Frames Default Security Configuration Page Master Firmware Security Access Parameters Web Control Managing WebControl Connections Security Features Manage WebControl Connection Page Features Security - System Level Security page System Level Security Page System Level Security Page (Cont.) Setting the system security options for a NetLinx Master 1. 2. 3. 4. 5. 6. ICSP Authentication Security - Group Level Security page Configure Group Properties Page Page Page Security - User Level Security page Configure User Properties Page Adding a new User 1. 2. 3. 4. 5. Page System Settings System Settings - Manage System page Manage System Page Components Page Manage System Page Components (Cont.) Manage System - System Menu Buttons Page Page 7. 8. 9. 10. 11. Page Setting up and removing a Diagnostic Filter 1. 2. 3. 4. Diagnostic Configuration Dialog (Cont.) 5. 6. Setting the Masters Port Configurations Manage System - Server 3. 1. frame). SS SS SS SS SS Modifying the Server Port Settings 1. dialog seen above in FIG.47. 2. 3. Enabled checkbox and then entering a value within the Port N umb er field . Server Port Settings 4. button and reconnect to the Master. 5. Server Port Settings (Cont.) SSL Server Certificate Creation Procedures 1. Server Certificate Entries Page Page Page Common Steps for Requesting a Certificate from a CA Page 11. Server - Importing a CA created SSL Certificate 1. 2. 3. 4. Manage System - Device Menu Buttons 4. 5. 6. 7. 8. 9. Page 10. 11. 4. Device Menu - Changing the Device Number 1. 2. Page System Settings - Manage License Adding a new license 1. 3. 2. Page System Settings - Manage NetLinx Devices Manage NetLinx Devices Page (Cont.) Manage NetLinx Devices - Displaying NDP-capable devices 1. 2. Manage NetLinx Devices - Binding/Unbinding - Explained Manage NetLinx Devices - Obtaining NetLinx Device information 1. System Settings - Manage Other Devices - Dynamic Device Discovery Pages Manage Other Devices Page Page Manage Other Devices Page (Cont.) What is Dynamic Device Discovery? What is the difference between Program and Run-time defined binding? Manage Other Devices - Manage Device Bindings Configuring application-defined devices What are Application Devices and their association status? Page Page Manage Other Devices Menu - Viewing Discovered Devices Page Manage Other Devices Menu - Creating a new User-Defined Device 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 3. 4. 5. 6. How do I configure a Run-time installation 1. Accessing an SSL-Enabled Master via an IP Address 3. 1. 2. 4. 5. 6. Page Page 7. 8. 9. 10. 11. What to do when a Certificate Expires NetLinx Security with a Terminal Connection NetLinx Security Features Initial Setup via a Terminal Connection Establishing a Terminal connection via the RS-232/USB Configuration Port 1. 2. 3. 4. 5. 6. 2. 3. 4. Option 1 - Set system security options for NetLinx Master (Security Options Menu) Page The items in the Security Options Menu are described below: Option 2 - Display system security options for NetLinx Master Option 3 - Add user 1. create a new user account. A sample session response is: Security Options Menu 2. 3. 4. 5. 6. Option 4 - Edit User 1. 2. Edit User Menu Access Rights Menu Edit User Menu Option 5 - Delete user 1. user account and returns you to the Security Setup menu. delete an existing user account. A sample session response is: 2. Access Rights Menu Page Edit Group menu: Delete directory association 1. 2. Edit Group menu: List directory associations 1. Edit Group menu: Change Access Rights 1. 2. Edit Group menu: Display Access Rights 1. 2. Option 8 - Edit Group 1. Page Page Main Security Menu The Main Security menu is described below: Main Security Menu Default Security Configuration versions. Main Security Menu (Cont.) disabled. Help menu Type help at the prompt in the Telnet session to display the following help topics: Help Menu Options Help Menu Options (Cont.) Logging Into a Session Logout Help Security Setup Security Page Programming Converting Axcess Code to NetLinx Code Master Send_Commands Master Send_Commands (Cont.) Master IP Local Port Send_Commands Using the ID Button 1. 2. Device:Port:System (D:P:S) Configuration Port Commands Configuration Port Commands Page Page Page Page Page Page Page Page Page Page Page ESC Pass Codes Notes on Specific Telnet/Terminal Clients WindowsTM client programs Linux Telnet client LED Disable/Enable Send_Commands RS232/422/485 ports are Ports 1-6). RS232/422/485 Ports Channels THE FOLLOWING SECTIONS ONLY APPLY TO THE INTEGRATED CONTROLLER COMPONENT OF THE NI-3101-SIG. LED Send_Commands RS-232/422/485 Send_Commands RS-232/422/485 Send_Commands Page Page RS-232/422/485 Send_String Escape Sequences RS-232/422/485 Send_String Escape Sequences IR / Serial Ports Channels IR/Serial Send_Commands IR/Serial Send_Commands PORT 4 IR,CARRIER,IO LINK 0 Page Page Page Page Input/Output Send_Commands I/O ports: Port 17. Channels: 1 - 8 I/O channels. I/O Send_Commands Troubleshooting Troubleshooting Information Troubleshooting Information (Cont.)